Golden Finance reported that Slow Mist founder Yu Xian stated that another player had their WLFI Token stolen from multiple addresses. Analysis revealed that this was an attack carried out through the malicious contract 7702 deleGate, predicated on the leakage of the Private Key. The Hacker lay in ambush with the malicious 7702 deleGate address on the target Wallet Address in advance, subsequently transferring all ETH and valuable tokens (such as WLFI) away, leaving no balance.

ChainCatcher news, Slow Mist Technology's Chief Information Security Officer 23 pds posted on the X platform revealing that the FBI and Dutch police have just shut down VerifTools (a dark web hub selling fake passports and driver's licenses for as low as $9), which criminals used to bypass KYC checks and steal millions in Crypto Assets, but just a few hours later, its operators relaunched with a new domain.

The founder of Slow Mist, Yu Xian, forwarded a security warning, reminding users to be cautious of EIP-7702 Phishing. Recently, users have lost $1.54 million due to signing disguised transactions. Attackers lure users into signing malicious transactions through fake websites. It is recommended to verify the authenticity of the link to prevent fraud.

Odaily News Slow Mist Security CISO @im 23 pds posted on the X platform that the encryption wallet solution HashiCorp Vault has been found to have a 0-Day vulnerability, involving identification and authorization, remote code execution, etc. Please upgrade in a timely manner.

BlockBeats news, on July 27, Slow Mist MistTrack released a Phishing security alert, reporting that scammers are placing malicious Google ads (such as misttrack[.]tools) to trick users into signing harmful transactions. Users are advised to remain vigilant, not to trust unofficial links, and to use anti-Phishing tools to stay protected.

According to BlockBeats news on July 17, monitoring by Slow Mist's Yuxian indicates that the Infini hacker's new address is exchanging some ETH for DAI. As of the time of publication, this address has obtained 5.87 million DAI by selling ETH.

Jinse Finance reported that Slow Mist issued a warning stating that the crypto assets exchange @BigONEexchange has suffered a supply chain attack, resulting in a loss of over $27 million. Its production network was breached, and attackers modified the operational logic related to accounts and risk control servers, allowing them to extract funds. It is worth noting that the private key was not leaked.

Odaily News Yu Xian, the founder of Slow Fog, posted on the X platform stating that GMX-related fork projects need to pay attention to similar security risks. He mentioned that the fundamental reason for the theft of 42 million dollars from GMX last night was that GMX v1 immediately updates the global short average price (globalShortAveragePrices) when handling short positions, and this global average price will directly affect the calculation of the total asset size (AUM), thus leading to

Gate News bot reported that according to Wu, Slow Mist's Chief Information Security Officer 23pds tweeted that the security company Koi revealed the existence of over 40 counterfeit encryption wallet extensions in the official Firefox browser add-on store. These fraudulent extensions impersonate mainstream wallets such as MetaMask and Coinbase Wallet. According to reports, these malicious...

Gate News bot message, According to 23pds, the Chief Information Security Officer of Slow Mist Technology, the security company Koi recently discovered over 40 counterfeit cryptocurrency wallet extensions in the official Firefox browser plugin store. These malicious programs mainly imitate mainstream wallets such as MetaMask and Coinbase Wallet. Security experts point out that these

Gate News bot message, PANews July 2nd report, according to information released by Slow Mist's social media, the MistTrack team received 429 reports of Crypto Assets theft in the second quarter of 2023. Among these reports, 278 were from domestic sources and 151 were from overseas. The team successfully froze or recovered the assets of 11 victims through tracking and investigation work.

Gate News bot message, Slow Mist CISO @im23pds released a security warning on social media, disclosing a CVE-2025-6554 vulnerability in the Chrome V8 engine. This vulnerability has been confirmed, allowing attackers to execute malicious code by constructing specific web pages. Currently, the proof of concept for the vulnerability ( PoC ) has been made public online. Slow Mist reminds users to update Chrom in a timely manner.

Gate News bot message, Slow Mist founder Yu Xian revealed on Twitter that the stablecoin protocol Resupply has sent a message to the hacker address on-chain, hoping to establish contact with the other party. It is reported that Resupply wrote in the message: "Let's communicate through Blockscan."

Yuxian, the founder of Slow Mist, revealed that the decentralized stablecoin protocol Resupply has been attacked. The attacker exploited an interest rate inflation vulnerability to steal assets, borrowing a large amount of reUSD with only 1 wei of collateral. Currently, hacker funds valued at over $9.5 million have been converted to ETH.

According to Gate News bot, a report from Slow Mist monitoring indicates that over $50 billion in USDT deposits and withdrawals have been processed through the Telegram-based illegal online market HuionePay in the past 18 months.

ChainCatcher message, Slow Mist posted on social media that its MistEye has detected suspicious activities related to Bankroll Network, urging relevant investors to remain vigilant.

Golden Finance reports that Slow Mist's Yu Xian posted on social media, stating that looking at it now, over 80 million dollars worth of Crypto Assets was directly transferred to an Address that is highly likely a black hole, meaning it was directly destroyed.

Gate News bot message, according to the tweet from Slow Mist's Chief Information Security Officer @im23pds, the recent rumor circulating on social media that "the Bitcoin liquidity protocol Echo Protocol suffered a $267 million fund theft" is false. Upon verification, the official Twitter account of Echo Protocol was hacked, and the related tweets have been set to prohibit comments. Source: Wu Says.

According to Gate News bot, as reported by Wu Shuo, Slow Mist CISO @im23pds released a security reminder on social media. A user purchased a tampered "Cold Wallet" through Tiktok, resulting in approximately 50 million RMB worth of crypto assets being stolen. Investigations revealed that the private key of the wallet was stolen during the initialization process, and the funds were quickly transferred to the overseas money laundering platform "Huiwang." In response to this incident, @im23pds pointed out in a tweet: "When purchasing a cold wallet, be sure to go through official channels and do not seek cheaper options to avoid serious asset losses."

Golden Finance reported that after Slow Mist founder Yu Xian released the update "Alby hosted wallet balance was transferred away by the platform," he stated, "Alby has too many traps. Although the funds have been refunded, the process of successfully withdrawing is cumbersome (though I completely understand the mechanism behind this). Ultimately, out of the 191 dollars, only 153 dollars were successfully withdrawn, with over 30 dollars lost in the process."

Golden Finance reported that Slow Mist founder Yu Xian posted on the X platform, stating that after the Cetus theft incident was covered by the Sui Foundation, users can currently retrieve most of their funds. Slow Mist also received a $20,000 tip from Hoi (@JaceHoiX), and the hacker tracking is still ongoing.

Gate News bot news, Slow Mist's Chief Information Security Officer (CISO) 23pds posted on social media, warning about the new attack tool from the Lazarus APT organization — OtterCookie. Recently, Slow Mist received intelligence that the Lazarus APT (Advanced Persistent Threat) organization is using a new type of information-stealing malware named OtterCookie, conducting targeted custom attacks against professionals in the financial and crypto assets industry.

Golden Ten Data reported on June 6 that on June 6, local time, the "Water Plaza" of the Osaka-Kansai World Expo detected Legionella bacteria about 20 times the benchmark value. Due to the risk of collective infection posed by spray or water splashes, the Expo has decided to suspend the water show on the 6th. The restart date has not yet been determined, and the cancellation of the performance on the 5th is also based on this reason. Experts say that if you inhale a mist containing Legionella, you may experience symptoms such as fever, joint pain or headache within a few days.

Gate News bot message: According to the latest security alert issued by the Slow Mist team, the Android banking Trojan Crocodilus has completed its upgrade and is launching attacks on encryption users and banking app users worldwide. The Trojan spreads through fake browser updates advertised on Facebook. The attackers use overlay attacks to steal user login credentials, while also having the capability to extract encryption wallet seed phrases and private keys. Additionally, the attackers implant fake "bank support" numbers in the user's contact list. It is reported that the Trojan has started to be rented out in the form of Malware-as-a-Service(, charging 100-300 USDT for each attack. The Slow Fog team advises users to be cautious with unknown application updates and advertisement links. Source: Wu said

Golden Finance reported that Yu Sine, the founder of Slow Mist, posted on the X platform: "A security suggestion, if your funds are stolen, it is best to publicize the wallet address (if you are worried about privacy, you can appropriately hide some characters in the middle), or you can publicize the hacker address." Why is this suggestion? It is because some hackers nowadays are particularly fond of taking the blame, and when the time comes, they will not only bear the pain of theft of funds, but also the possibility of follow-up law enforcement investigations. ”

PANews reported on May 31 that Slow Mist's Yu Xin stated on the X platform that the "most High" users of the new mechanism EIP-7702 are actually coin theft gangs (not phishing gangs), which facilitate the automatic transfer of related funds from wallet addresses that have leaked Private Keys/mnemonic phrases, with over 97% of EIP-7702 delegations authorized to such coin theft contracts.

Odaily News Slow Mist Yu Xian stated on the X platform that the new mechanism EIP-7702 is being used most highly by coin theft gangs (not phishing gangs), allowing for the automatic transfer of related funds from wallet addresses that have leaked Private Keys/mnemonic phrases... Over 97% of EIP-7702 delegations were authorized to these types of coin theft contracts.

BlockBeats news, on May 31, Slow Mist founder Yu Xian stated that a user's four sets of mnemonic phrases were leaked, corresponding to four wallet addresses where the funds were stolen. From the on-chain operational methods, after receiving the funds, the hacker's address converted everything into ETH, and then laundered it through FixedFloat. The longer mnemonic phrases/private keys are exposed to the internet and the more people they are distributed to for joint use, the more likely they are to be leaked, and the harder it is to investigate the reasons for the leak.

Odaily News Slow Mist stated in a post on the X platform that the Cetus Hacker has not returned the funds, holding more than 60 million USD worth of ETH without further transfers. They have currently received suspicious clues related to the Cetus Hacker submitted by community users, and more details may be disclosed later.

ChainCatcher news, Slow Mist Technology's Chief Information Security Officer 23pds tweeted that the Cork Protocol was attacked resulting in a loss of 12 million dollars. The Slow Mist security team initially analyzed the cause of the attack: it is suspected that the exchange rate can be controlled externally, leading to a price manipulation vulnerability.

Gate News bot news, according to the report from the Slow Mist security team, the Cork Protocol project has shown suspicious on-chain activities, with a financial loss exceeding 10 million dollars. Cork Protocol is a project that once received investment from a16z CSX. The project's co-founder, Phil Fogel, has confirmed that an investigation into the incident is underway and all contract operations have been suspended. Source: Wu Says

Gate News bot message, Slow Mist founder Yu Xian issued a security warning based on intelligence feedback from X platform users. It has been confirmed that the Chrome extension OSIRIS is a malicious plugin that disguises itself as a Web3 security tool. It implants a Trojan horse by replacing the download link, leading to the control of users' computers and resulting in wallet asset losses.

Slow Mist analyzed the Cetus theft incident, pointing out that the attacker exploited a parameter overflow vulnerability to obtain a large amount of assets. The attacker used the checkedshlw function vulnerability to acquire various assets, with some funds being cross-chain to EVM addresses. Cetus has fixed the vulnerability, and $162 million has been frozen. Developers are advised to verify the boundary conditions of mathematical functions.

Gate News bot message, based on the analysis report released by the Slow Mist team, the Cetus protocol has been attacked, and the attacker exploited a vulnerability in the overflow detection of the checked_shlw function to carry out the attack. The attacker first borrowed haSUI through a flash loan, and then exploited a system vulnerability to exchange a large amount of liquidity with only 1 token. This attack resulted in an estimated loss of about $230 million, involving various digital assets such as SUI, vSUI, and USDC. The attacker transferred part of the funds to the EVM address through the Sui Bridge cross-chain and deposited $10 million in assets to Suilend. Currently, the SUI Foundation has frozen $162 million in stolen funds. Cetus has completed a bug fix, and the SlowMist team recommends that developers rigorously verify math function boundary conditions. Source: Wu Says

The analysis of the $230 million theft incident of Cetus released by Slow Mist shows that the attackers exploited an overflow detection bypass vulnerability, selecting parameters through precise calculations to exchange a minimal amount of tokens for a large amount of Liquidity assets. The attack demonstrated the power of mathematical overflow vulnerabilities, and it is recommended that developers strictly verify the boundary conditions of mathematical functions in smart contract development.

Odaily Planet Daily News Slow Mist Cosine posted on the X platform that Sui's official intervention froze the $160 million in assets that had not yet escaped across the chain, and the remaining more than $60 million was distributed in two addresses, almost all of which were exchanged for ETH, a total of 23,243.

Odaily Planet Daily News Slow Mist Cosine posted on the X platform that about $200 million was stolen from Cetus on Sui's network, and it is not easy for hackers to convert them into more stable assets and then cross over, and some traces of hackers have been obtained.