11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
You've undoubtedly heard that it's feasible to locate someone in nearby rooms due to Wi-Fi signal interference. This idea hasn't really advanced past theoretical debates, though.
In addition to making this tracking simple, a team has now developed a fantastic open-source tool that enables real-time posture and little movement monitoring (assuming that arm and leg positions are considered minor).
It appears to be quite impressive!
• https://x.com/officer_cia/status/1967661835164729431?98
#opsec
ShibaSwap hacked for $1.7 million!
• https://x.com/officer_cia/status/1966578944376721511
#security #alert
Evoq Finance was drained for $390k on BSC (recently)
Another DeFi protocol falls victim to a critical vulnerability. Let's break down what went wrong and how attackers pulled off this massive exploit.
• https://x.com/guardrailai/status/1966186162600685974?89277
#security #investigation
Top 5 Secure Phones to Consider in 2025: A Comprehensive Guide to Privacy & Safety
• https://x.com/officer_cia/status/1965937223255097543?90
#security #privacy #opsec
In 2021, I discovered & re-created a mind-blowing project on physical privacy! 🤯 Imagine a custom cap with infrared diodes to hide from surveillance cameras!
It was an incredible experience, but sadly, not enough buyers. Just stumbled upon an old video from that time...
Do you think there's a demand for devices like this? 🤔
• https://x.com/officer_cia/status/1965541333952856088?s=46
#security #opsec #privacy
SwissBorg experienced an incident a few hours ago and 192.6K SOL ($41.5M) was stolen on Solana - @zachxbt
Theft address:
TYFWG3hvvxWMs2KXEk8cDuJCsXEyKs65eeqpD9P4mK1
• https://x.com/officer_cia/status/1965134779977761082
#security
More details: https://x.com/officer_cia/status/1965115210852602349?1237
#security #alert
It's Sunday, but there's no better time to practice OpSec. Always remember to:
• Revoke permissions on all your wallets weekly.
• Avoid downloading software based on someone else's instructions.
• Use a separate device or burner PC that doesn't contain your primary wallet.
• Opt for message/ e-mail instead of calls or meetings whenever possible.
• https://x.com/eli5_defi/status/1964570292858372267?s=46
#security #opsec
Telegram Security Best Practices
• https://x.com/officer_cia/status/1964011360888541637?708u
#security #opsec
In the latest newsletter, we break down real DNS attacks, compare registrars, and give a step-by-step to keep your domains from being hijacked.
https://web3secnews.substack.com/p/the-hidden-dns-threats-that-could
A VenusProtocol user got vicitm of a phishing attack, losing nearly $27M. The incident happened when the vicitm signed a malicious tx, updateDelegate function approving the attacker.
Tx hash: 0x75eee705a234bf047050140197aeb9616418435688cfed4d072be75fcb9be0e2
Awesome On-Chain Investigations HandBook
Link: https://officercia.mirror.xyz/chH2VANFwz62vCWBLr7vGnXnCH5jLG9ji0g_8mcHQ9M
3 days ago, BetterBank was exploited, resulting in the free minting of favor tokens…
Anyone could set up a liquidity pool on PulseXcom or deploy their own contract using BetterBank’s Favor token.
Using swapExactTokensForFavorAndTrackBonus, attackers were able to perform bulk swaps and farm large bonuses…💰
• https://x.com/officer_cia/status/1961516876162650416?12
#security #privacy
Telegram & Discord Security Best Practices
• https://x.com/officer_cia/status/1961146730503966772?12
#security
What to Do When Your Web3 Project Discord Server Is Hacked
• https://x.com/officer_cia/status/1960806517193761034?2
#security #opsec
The kame_agg advised all users to revoke token approvals for the following contracts immediately:
0x14bb98581Ac1F1a43fD148db7d7D793308Dc4d80
0x1415E8eeC45DAE07E7bBdf57A88ea0a309233617
How to revoke:
1. Go to RevokeCash
2. Connect your wallet
3. Search for each of the contract addresses listed above
4. Revoke any token approvals associated with them
5. Confirm the transactions in your wallet
• https://x.com/officer_cia/status/1966696831837966347?1
#security
Blockchain in Space & Interplanetary Payments
• https://x.com/officer_cia/status/1966572200313713090?87
#security
Yesterday an unknown victim was exploited for ~3.047M USDC on Ethereum.
The attacker swapped USDC for ETH and immediately deposited the funds to Tornado - @zachxbt
Theft address
0xf0a6c5b65a81f0e8ddb2d14e2edcf7d10c928020
• x.com/officer_cia/status/1966156618808307740
#security
Top 5 Secure Phones to Consider in 2025: A Comprehensive Guide to Privacy & Safety
Link: https://officercia.mirror.xyz/geVonXlnHv4dC3px2X6D1GrKsbkC8k-peEJKa-stNQQ
Enhanced this old video 👀
• https://x.com/officer_cia/status/1965504454939041837?s=46
Share your thoughts below the post!
#opsec #security
This is the same hack that happened before with the ledger packages. It means that recently updated websites could have malicious code.
So if you simply just dont use your wallet on any website, you're safe, no need to do anything to protect. If you send a transaction within the wallet that's safe.
Once again, the issue is that you could go to some website and prepare a tx like "swap A for B" but actually the tx that shows up for approval in metamask is "send A to hacker".
Also. If you're a developer check your projects for this package: "error-ex", which is a dependency for a lot of other popular packages. That is where the attacker hid his malicious code which swaps his address for yours when you go to transfer funds.
• https://x.com/officer_cia/status/1965119097861025843?12
#security
That’s important!
Source: @infinityhedge
Link: https://x.com/officer_cia/status/1965110813347180660?123
#security #alert
Taming a Wildhorse: CEX App
• https://x.com/officer_cia/status/1964361806253629639?s=46
#security #opsec
Violent Attack Vectors in Web3: A Detailed Review
Link: https://officercia.mirror.xyz/4erDRXgdwK6hxfC5OeNUVeJf20Qxrk5DRdRDL5pcc7w
Violent Attack Vectors in Web3: A Detailed Review
• https://x.com/officer_cia/status/1963610191254999509?5676
#security #opsec
The Only Safe Way to Store Crypto
• https://x.com/officer_cia/status/1962186371143213237
#security #opsec
Awesome On-Chain Investigations HandBook
• https://x.com/officer_cia/status/1961833244837458063?s=46
#investigation
🚨 Urgent: New zero-click exploit used to hack WhatsApp users.
WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an advanced spyware campaign in past 90 days!
CVE-2025-55177, an authorization bypass in WhatsApp on iOS and Mac, allowed attackers to force "content from arbitrary URL" to be rendered on a target’s device..
A zero-click vulnerability recently patched by Apple (CVE-2025-43300) was also used in the WhatsApp attack 👀
• https://x.com/officer_cia/status/1961470772842541236?1234
#security #alert
The stk-ePendle contract which belongs to the Equilibria Finance protocol was hacked, resulting in 62k USD loss 💥
Vulnerability type: Multi-contract “transfer farming” due to missing reward-debt updates on share transfers.
Root cause: Vault shares(ePendle) are freely transferable, but transfers do not update userRewardPerTokenPaid for sender/recipient. The recipient’s first getReward snapshots all historical accrual as if they had held the shares the whole time.
More information: @evmhacks
Share: https://x.com/guardrailai/status/1961045369065775374?s=46
#security
An investor lost $1.23M in Uniswap V3 Position NFTs after unknowingly signing a phishing transaction.
Victim:
0x40055A8B7aC86ad8d56A5e7bab79984DB581dA4b
Scammer:
0x3dc4b980fef45ab22f8a55b025ae9d19001d97b3