🚨 A fake Ledger scam is making waves again - but it’s not new 🚨 🧵 This phishing dates back to 2021. Victims receive a fake Ledger device in the mail - complete with real-looking packaging and an “official” letter. You’re told to migrate your 24 words from your “old” (real) Ledger to this new (fake) one. 🪤The scam exploits user data from past breaches - name, email and address. You’re told: “Your old device is compromised. Enter your seed phrase into this new secure one.” Once entered - all assets are gone. The fake Ledger is preloaded with malware. 🎭These scams often include: 🔹 Fake user manuals 🔹 Fake “Ledger” software 🔹 Realistic device designs Some variants even use preset recovery phrases, tricking users into using a wallet the attacker already controls. 📦 Such attacks do work - especially when: 🔹Your order info was leaked 🔹You fall for fake stores or phishing sites selling counterfeit hardware wallets 🔹Your Low awareness around device authenticity checks 🧠These attacks may seem “too physical to scale” - but they don’t need to succeed often. It’s a spray-and-pray model. No confirmed cases of tampering during delivery - but don’t risk it.⚠️ 🎯See recap: 🔍 Ledger’s breach: https://t.co/2XaC94QRV1 🔍 Trezor leak: https://t.co/djm36qxo5u 🔍 Fake imKey cases: https://t.co/Y1MVhWcCoT 🔐 How to protect yourself? ✅ Only enter your 24 words on a device you initialized 🚫 Never trust devices from unknown sources ✅ Always verify authenticity via the official brand website 🚫 Don’t fall for unsolicited packages, emails, or “support” messages 📚 Knowledge = prevention. We maintain a public archive of real-world blockchain hacks, just search by keyword or project name to see if there’s a history of breaches or fraud: 🔎 https://t.co/e90CSvTm6B 🧱 Security starts with verifying the hardware you trust. Stay safe. 🔒 cc @evilcos

🚨SlowMist Scam Alert🚨 We’ve received reports of fake Telegram groups impersonating #SlowMist# and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️ ✅ Please report such groups to Telegram immediately. For your safety, always refer to our official channels: 1⃣Website: https://t.co/IO2VWk2pae 2⃣X: @SlowMist_Team & @MistTrack_io 3⃣Email: team@slowmist.com If in doubt, feel free to DM us directly. ⚠️Stay vigilant and verify before you trust.

🔥Solana Smart Contract Security Best Practices is back with a major update!🚀 Since its release, the Solana Smart Contract Security Best Practices has received positive feedback from the community, with many developers and security researchers endorsing and recommending the guide. Based on the latest SlowMist audit experience, we've extensively enhanced the guide to provide comprehensive security solutions for developers within the Solana ecosystem. This update covers vulnerability descriptions, attack scenarios, and fix recommendations. 👀Read the full update on GitHub: https://t.co/2hVMeo7rHo #Solana# #SmartContractSecurity# #BlockchainSecurity# #audit#

🚨SlowMist Security Alert🚨 A user lost over $20K after visiting a fake @ChangeNOW_io site. 📌Notice the letter “e” in Pic 1? It’s a #Punycode# attack — a trick we’ve covered in the blockchain dark forest selfguard handbook(Pic 2). ⚠️Beware of browser recommendations — they may suggest phishing sites. Always verify URLs from multiple sources. Here’s a simple way to find the correct official site: 1️⃣ X Verification Users often rely on the website link shown in a project’s official X account. But don’t trust it blindly — always check the account’s follower count, verification badge, and registration date.⚠️These can be faked. So don’t stop here — proceed to cross-verify. 2️⃣ Cross-Verification Use trusted platforms like @DefiLlama, @coingecko, or @CoinMarketCap to confirm the domain matches the one on X. 3️⃣ Bookmark It 🛡️For more attack patterns and security tips, check out the blockchain dark forest selfguard handbook: https://t.co/v6lrUYgrI9 Stay vigilant! #Phishing# #CryptoSecurity# #Web3#

🚨 Ethereum's Pectra upgrade (EIP-7702) is live — a major leap forward, but new functionality brings new risks. Here’s what users, wallet providers, developers, and exchanges should watch out for: 🧠 🛡️ For Users: ✅Private key protection should always be a priority. ✅Be aware that the same contract address on different chains may not always have the same contract code. ✅Understand the details of the delegated target before proceeding. 🔍 For Wallet providers: ✅Check if the chain of the delegation matches the current network. ✅Warn users about the risks of delegations signed with a chainID of 0 that could be replayed across different chains. ✅Display the target contract when users sign delegations to reduce the risk of phishing attacks. 🧑‍💻 For Developers: ✅Ensure permission checks are performed during wallet initialization (e.g., via ecrecover to verify the signing address). ✅Follow the Namespace Formula proposed in ERC-7201 to mitigate storage conflicts. ✅Don't assume that tx.origin will always be an EOA, using msg.sender == tx.origin as a defense against reentrancy attacks will no longer be effective. ✅Ensure that the target contract for the user’s delegation implements the necessary callback functions to ensure compatibility with mainstream tokens. 🏦 For CEXs: ✅Run trace checks on deposits to mitigate the risk of fake deposits from smart contracts. 📚 Full best practices & in-depth analysis: https://t.co/IvphpT07rA

🚨SlowMist Security Alert🚨 The root cause of the @th3r0ar exploit was the presence of a backdoor in the contract During deployment, the R0ARStaking contract altered the balance (user.amount) of a specified address by directly modifying storage slots. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function. https://t.co/3G0Z1GTjt6

🚨SlowMist Security Alert🚨 @zksync security team has identified a compromised admin account that took control of ~$5M worth of ZK tokens — the remaining unclaimed tokens from the ZKsync airdrop. 🧾 Related Address: 0xb1027ed67f89c9f588e097f70807163fec1005d3 As always, stay vigilant!

The root cause of the @KiloEx_perp exploit is the lack of access control checks in the top-level contract(MinimalForwarder), which leads to the manipulation of oracle prices. The attack path is as follows: 1. The setPrices function in the KiloPriceFeed contract, which can modify oracle prices, needs to be called by the Keeper contract. 2. The 0x7a498a61 function in the Keeper contract, which executes price modifications and opening positions, needs to be called by the PositionKeeper contract. 3. The 0xac9fd279 function in the PositionKeeper contract, which executes calls to the Keeper contract, needs to be called by the MinimalForwarder contract. 4. The MinimalForwarder requires users to call the execute function to complete the function call to the PositionKeeper contract. However, within the execute function of the MinimalForwarder contract, users can pass any specified from address and a constructed signature to pass the signature check. Furthermore, there is no check on the data of the external call. This ultimately allows for a step-by-step call to the setPrices function in the KiloPriceFeed contract to tamper with the price. 5. Consequently, the attacker first modified the price to a very low value and used this price to open a long position, then immediately closed the position for profit after adjusting the price to a very high value. MinimalForwarder: BASE 0x3274b668aed85479e2a8511e74d7db7240ebe7c8 BSC 0xad37c86c06be706466ee70cbbf58f20655e7efb1 PositionKeeper: BASE 0xfdc7bc3a9fde88e7bcfb69c8b9ca7fda483627ed BSC 0xaf457b72fff6712641c5f1843515a6e114b2ecde Keeper: BASE 0x796f1793599d7b6aca6a87516546ddf8e5f3aa9d BSC 0x298e94d5494e7c461a05903dcf41910e0125d019 KiloPriceFeed: BASE 0x22c40b883b5976f13c78ee45ead6b0cdc192dae5 BSC 0x1b64eb04f9e62e1f3d1599d65fcfa8cc2dc44024 As always, stay vigilant!