11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
Current state of on-chain privacy solutions ⬇️
• https://x.com/officer_cia/status/1901947962973946023?s=46
#security #privacy #web3
Yet another awesome OpSec rule:
Don't let perfect be the enemy of good.
100% solutions are rare in cybersecurity. Security solutions, each with their own shortcomings, are OK when layered together to supplement coverage.
Quoting Kerckhoff's principle, "A cryptosystem should remain secure even if everything about the system, except the key, is public."
If revealing a system substantially increases its risk of being broken, then perhaps it needs to be rethought.
• https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
#opsec #privacy #security
Edit by @zachxbt: A closer analysis reveals DPRK got rugged by using a compromised Tornado Cash UI.
Three other instances of TC withdrawals that purchased PEPE which.
0x5d3a17a828aeb89729299ba5dd72200295b00df0
0x921213AB8cB18E0487B41DfFf18E39836FD19f04
0x77793F723A5538972A566D701cc7FBd32770CC96
Security researcher discovered a Prompt Injection on VirusTotal.
Could this be used as a form of social engineering to trick users into thinking a file is safe when it's not?
File hash: 1d30bfee48043a643a5694f8d5f3d8f813f1058424df03e55aed29bf4b4c71ce
Lazarus Group deposits 400 ETH (~$750K) into Tornado Cash, linked to February’s $1.4B Bybit hack, while deploying new “BeaverTail” malware targeting browsers and crypto wallets: https://x.com/officer_cia/status/1900126714086183378?1
#security #investigation
30 minutes ago, a victim lost $1.82M worth of cUSDCv3 due to phishing transaction signatures…
• https://x.com/officer_cia/status/1899730170338009127?12
#security #opsec
You asked, I answered – the legendary chat room is back! 🚀 The last one may be history, but this time, let’s make it last. Join the fun! 🎉
Link: t.me/+C6RfnbB33AYzNGIy
#opsec #ai #web3 #crypto #offtopic
This is an excellent in-depth technical report on the Bybit hack ⬇️
• https://x.com/officer_cia/status/1899539212627570689?s=46
#security #investigation
Attack on DFC Token and BUSD-DFC PancakePair
The custom implementation of DFC.transfer() allows tokens to be burned directly from the BUSD-DFC liquidity pool. This violates the contract’s assumption that the pair’s balance cannot decrease between function calls, ultimately enabling the withdrawal of the entire liquidity pool.
The attacker initiated a large BUSD flash loan, swapping most of the DFC tokens out of the liquidity pool while burning the remaining tokens. This caused the BUSD price to collapse to nearly zero. Finally, the attacker was able to swap the entire BUSD balance essentially for free.
Warning: Ongoing scam in telegram!
1. Scammers message you, offering to buy your username via Fragment.
2. A deep link through a bot opens a phishing site that looks like Fragment. Since Telegram opens it within the bot's frame, it appears native, making users think it's an official Telegram feature.
3. Then, a payment button for the transaction fee drains your balance.
Link: https://x.com/officer_cia/status/1899358689867288847?s=46
#security #telegram
BugBounty platform HackerOne has allegedly leaked all its users, including platform access passwords. So, if you're a user of this platform, it's time to change your login credentials!
• https://x.com/officer_cia/status/1899150819116646705?s=46
#alert #offtopic
🌐 Attention projects on Solana, NEAR, Aptos, SUI, and Polkadot!
I’ve got an excellent audit proposal for you—don’t miss out. Slide into my DMs, let’s chat! 🚀✨
Details: https://x.com/officer_cia/status/1898940886324535610
#security #audit
Official statement: https://x.com/entanglefi/status/1898527338276823225?12
#security
GM folks, please please please never ever download any PDF or install any software during a call with VC. Two CEO’s of a Defi Protocols got hacked in this way, lucky they engaged with me and @rata0x and we managed to recover nearly 1m$ stolen assets. However, if they wouldn’t install the app during the meeting, they wouldn’t lose over 5m$…
Since I stated to assist and engage with more hacking and stolen assets, I will share my first hand experience for better on-chain security of you. Rata0x and I are here to help.. Our mission has recovered over $100M so far.
Very important message for my fam: x.com/officer_cia/status/1898094988753326534
#security #investigation
1inch security incident flow: https://x.com/officer_cia/status/1898075785962897465?12
#security #investigation
Tokenomics simulators, transaction simulators ⬇️
• https://x.com/officer_cia/status/1901338291888095676?s=46
#offtopic #web3
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
Link: t.me/addlist/uesom31GM1I4Yjgy
#telegram #offtopic
A high confidence Tornado Cash demix for the theft reveals DPRK purchased 437.6B PEPE ($3.1M) on March 11, 2025 after withdrawing ETH from Tornado Cash
0x7A7DDa0eBFF13eB014F763D05e7784B36418022F
Trezor Reveals Potential Vulnerability in Older Safe 3 Crypto Wallets !
Trezor disclosed a potential vulnerability in its Safe 3 wallet after Ledger identified a supply chain attack using voltage glitching.
The attack requires physical access and advanced skills, making it unlikely for widespread exploitation. Newer Trezor models, including Safe 5, are unaffected. Users are advised to buy from official sources, use strong PINs, enable passphrases, and keep firmware updated.
• https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger
#opsec #security
Use glide.r.xyz 👀
• https://x.com/xyz_remedy/status/1897517866137665680?s=46
#security #audit
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap.
#opsec #crypto
This was a 0day 😳
• https://cyberinsider.com/apple-patches-zero-day-flaw-used-in-targeted-iphone-attacks/
#security #apple
Please immediately update your Apple devices!
Information: https://x.com/officer_cia/status/1899530366458737047
And here: @AppleActivelyExploited
#security #macos #ios
Another telegram scam ongoing!
Bots request to connect presumably every Telegram account with an anonymous number to some website that redirects to a "hacking"-themed Telegram channel
If you didn't request this, use the 'Decline' button or ignore this message.
My suggestion: simply ignore it. That’s a scam, but some people might get scared that they are hacked or something…
Link: https://x.com/officer_cia/status/1899363823036813541?s=46
#opsec #telegram
Lately, I've been asked if I buy into conspiracy theories or hang out on 4chan. Here's my take: In a chaotic world, some find comfort in these ideas. No judgment here, but I choose not to dwell on them. I've got plenty on my plate, and it doesn't include politics or conspiracies. Coincidences? They're just that.
I don't have any insider information or anything like that. And I'm not going to judge anyone either.
I had never publicly written anything anywhere before creating this account, I don't have any imageboard accounts, I don't have a second anonymous account.
Once again. My take: people seek stability in theories in an unstable world. I don’t judge, but I’d rather focus elsewhere. No politics or conspiracies for me. All coincidences? Yup. Non-coincidences too.
Follow my blog: https://officercia.mirror.xyz
#offtopic
officercia.mirror.xyz/pJSR4RwyOV_elzP8ymn3Ckn-Mat9s5sKE5Mqdmol06Y
Читать полностью…
According to Decurity’s postmortem report, after negotiations with the hacker, most of the $5 million stolen from 1inch has been returned, with the hacker keeping a portion as a bug bounty.
The attack was caused by a vulnerability in the Fusion v1 smart contract, primarily affecting those using outdated versions of the resolver. Regular users’ funds were not impacted: https://x.com/officer_cia/status/1898544905254777025
#investigation #security
Rumours: Entangle hacked, hacker minted 13b tokens. Some bridge issue potentially.
Can anyone confirm?
• https://x.com/officer_cia/status/1898531364711915747
#security #alert
Seraph Staking by BitMind was added on Remedy
- Max Bounty: $5,000
- Languages:
- Tags: #bugbounty
Start Date: 04-03-2025
X | Aggregation Platform | Telegram
Bybit attack flowchart: https://x.com/officer_cia/status/1898048649223192727?s=46
#security #investigation