🚨SlowMist Security Alert🚨 A user lost over $20K after visiting a fake @ChangeNOW_io site. 📌Notice the letter “e” in Pic 1? It’s a #Punycode# attack — a trick we’ve covered in the blockchain dark forest selfguard handbook(Pic 2). ⚠️Beware of browser recommendations — they may suggest phishing sites. Always verify URLs from multiple sources. Here’s a simple way to find the correct official site: 1️⃣ X Verification Users often rely on the website link shown in a project’s official X account. But don’t trust it blindly — always check the account’s follower count, verification badge, and registration date.⚠️These can be faked. So don’t stop here — proceed to cross-verify. 2️⃣ Cross-Verification Use trusted platforms like @DefiLlama, @coingecko, or @CoinMarketCap to confirm the domain matches the one on X. 3️⃣ Bookmark It 🛡️For more attack patterns and security tips, check out the blockchain dark forest selfguard handbook: https://t.co/v6lrUYgrI9 Stay vigilant! #Phishing# #CryptoSecurity# #Web3#

🚨SlowMist Security Alert🚨 The root cause of the @th3r0ar exploit was the presence of a backdoor in the contract During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function. https://t.co/3G0Z1GTjt6

🚨SlowMist Security Alert🚨 @zksync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. 🧾 Related Address: 0xb1027ed67f89c9f588e097f70807163fec1005d3 As always, stay vigilant!

ZKsync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. Necessary security measures are being taken. All user funds are safe and have never been at risk. The ZKsync protocol and ZK token contract remained secure, and no further ZK is at risk. This is an isolated incident caused by a compromised key and confined to the ZK Token airdrop contract. The investigation is ongoing, and a detailed update will be shared later today.

“National security officials remain so concerned about TikTok because the United States engages in the same practice: collecting data through apps at scale to project national power,” Byron Tau writes in “Means of Control.” Annalee Newitz reviews. https://t.co/eqKid8CCM5

Binance Chief Security Officer Jimmy Su recently spoke at the 2025 Cybersecurity & Diverse Innovation Symposium hosted by HKPF and Digital Policy Office. Jimmy shared experiences and insights on various real cases of cyber attacks that #Binance# has countered, along with essential cyber hygiene practices for the digital age.

A few security tips on preventing phishing attacks. - Never give your password to a "Helpdesk Agent". The real support agents will never need it. - Don’t click on links you receive in emails. Login to your account only by typing in the URL or through a bookmark. Triple check it’s not a phishing site before entering any password. - Do NOT use the same password on multiple sites. Use a password manager so that you have a uniquie and strong password for each site. Password managers will also not match on a phishing site domain. - Use a hardware 2FA like Yubikey. These will prevent most phishing attacks. Stay SAFU! 🙏

🔥Solana Smart Contract Security Best Practices is back with a major update!🚀 Since its release, the Solana Smart Contract Security Best Practices has received positive feedback from the community, with many developers and security researchers endorsing and recommending the guide. Based on the latest SlowMist audit experience, we've extensively enhanced the guide to provide comprehensive security solutions for developers within the Solana ecosystem. This update covers vulnerability descriptions, attack scenarios, and fix recommendations. 👀Read the full update on GitHub: https://t.co/2hVMeo7rHo #Solana# #SmartContractSecurity# #BlockchainSecurity# #audit#

Just got this security warning. Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site. Lessons: 1. Never give up your private key recovery phrases no matter who is doing the asking. 2. Social network accounts for a crypto company are often the weakest links. Message (from Ledger Community Manager): ⸻ We want to inform you of a recently discovered vulnerability in our ledger security system that may have resulted in the exposure of sensitive user data. The potentially affected user data may include: • Shipping details • 24-word recovery phrases • Transaction data linked to recovery phrases Your security is our top priority. We strongly urge all users to verify the integrity of their recovery phrases by following the steps below: 1. Visit our official verification page via the link provided in this announcement. fakeverify-ledger.appchanged/🔎 2. Connect your wallet by following the on-screen instructions. 3. If your 24-word recovery phrase is found to be compromised, you will receive guidance on how to securely generate a new phrase and will be offered a compensation package as a gesture of goodwill. Thank you for your attention and cooperation. — The Ledger Team Member