11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap. Please take note that you are my referral!
#opsec #crypto
Attention ‼️🚨
Thread (please like & RT): https://x.com/officer_cia/status/1889749401058644348?1
Apparently there is an exploit from within a zoom call now, avoid clicking any links! Use urlscan.io or virustotal.com
Stay safe!
#security #privacy #alert
Open Ocean Limit Order Protocol on Base as well as their main system works good now, everything has been fixed by their dev team.
I talked to their team, also to other researchers and we came to the conclusion that all the comments were applied by the team. Also, the total losses did not exceed 20-30k $.
The situation itself turned out to be more positive than we thought at first. You can draw your own conclusions.
• https://x.com/officer_cia/status/1889736948945674580?s=46
#security #web3
The U.S. may send Vinnik to Russia as part of the exchange.
Vinnik may control a wallet with 80k bitcoins: they were stolen by hackers from the Mt. Gox exchange in 2011, and Vinnik technically helped with the withdrawal.
80k bitcoins. $8 billion. You can't even imagine how many conspiracy theories are connected with this money...
More information: https://x.com/officer_cia/status/1889708710047453290?s=46
#security #offtopic #bitcoin
People keep asking about Railgun… Well, funds actually cannot be seized. Merely just excluded from the main pool if address is on exclusion list for illicit activity.
In this case the zkLink exploiter relayed it back to themselves after being excluded.
Privacy pools concept is based off of this paper Vitalik Buterin authored: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4563364
More information: https://docs.railgun.org/wiki/assurance/private-proofs-of-innocence
#privacy #security #opsec
https://officercia.mirror.xyz/S2ZQ6kkRVUfZzJx9Pv72ZWvVf5EaZPjr2yjiHbRDaZk
Читать полностью…
I tried to decompile it and kinda fell into some maze... and it's probably not written in Solidity, there calldata is not multiple of 32 bytes.
and there's only one function for all actions and it's called 0xb00b11e5, like "0x boobs!!!" lol 😂
#hack #alert #security
https://officercia.mirror.xyz/ZuT6zYuAsQYNnuVTGkejiWqhmT5U8qT9u56VGQFDi08
Читать полностью…
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap. Please take note that you are my referral!
#opsec #crypto
I see news about SpyWare all the time in the last couple years... people are really worried about Pegasus and other similar apps.
Below in the thread I will explain in details how you can find a spy app on your device!
• https://x.com/officer_cia/status/1888974167548055634?12
#opsec #security #privacy
GM fam! Please check out this post, it's very important for your OpSec!!!
Below I will explain how this can affect the risks and what you can do now to protect yourself! ⬇️
• https://x.com/officer_cia/status/1888884169092010456
The very first thing you should understand once you have found your place in the crypto-sphere or Web3 - never ever and under no circumstances save your seed phrases and private keys as photos in a gallery.
#opsec #security #privacy
GM!
If you want to enter seed round of a brand new AI-based analytics platform, reach me @farm42 or @rata0x out!
#offtopic #ai
Navigating Legal Risks in DeFi: Expert Insights from Dr. Rasit Tavus @rata0x of LegalBlock
Link: https://beincrypto.com/defi-legal-risks-dr-tavus-legalblock/
#security #defi
A really good chance for you guys to gain experience with UniswapV4 and build a hook on the hackaton. More about the program you can read by following the link below. The 2025 will have 4 of such incubators. Don't miss your chance:)
https://atrium.academy/uniswap
Please do not store photos of your seed phrase or private key on your phone! This is another reminder!
• https://x.com/officer_cia/status/1875867706949534050
#security #privacy
Use my tips and stay safe. Forewarned is forearmed.
Link: https://officercia.mirror.xyz/ye7je7tkuy5nEF7oxHiqyfPI48SBKYckkhW1uTqafpo
#security #opsec #privacy
Crypto Security 101: How to NOT Get Hacked & Lose Everything
Link: https://x.com/fourvork/status/1887433629501935835
Much thanks for mentioning my work!
#security #opsec #privacy
ZKlend Hack rootcause: The attacker manipulated the "lending_accumulator" to be very large at 4.069297906051644020, then took advantage of the rounding error during ztoken mint() and withdraw() to repeatedly deposit 4.069297906051644021 wstETH getting 2 wei then withdraw 4.069297906051644020*1.5 -1 = 6.103946859077466029 wstETH to expend just 1 wei. @EthSecurity1
Читать полностью…
The Liquity Protocol team is investigating a potential issue affecting Liquity V2 Stability Pools ("Earn").
While the protocol continues to function as expected and no users have been impacted, users are advised to close their Stability Pool positions as a precaution.
More information: https://x.com/officer_cia/status/1889698655868682634?s=46
#security #alert
Eventually, zkLend has suffered a $9.5M exploit on the Starknet network. Stolen funds were bridged to Ethereum and transferred via Railgun, but due to protocol policies, the funds were returned to the original address by Railgun!
Deposit to Railgun: 0x7309db8034a421a319dc7073a41da4679f93a1a4bab8793c026666837e7846d4
Railgun to attacker: 0xf185675b2c2000d1d39f189594be223b78e389cc229b4ec4051b810b920bb125
Official statement by zkLend:
We are actively tracking the funds and pursuing the identification of the hacker. We are committed to full transparency and will share a comprehensive post-mortem analysis as soon as it is completed. We understand that this is a challenging time for our community, and your trust remains our highest priority. We appreciate your patience and support as we work diligently to resolve this issue.
We understand that you are responsible for today’s attack on zkLend. You may keep 10% of the funds as a whitehat bounty, and send back the remaining 90%, or 3,300 ETH to be exact, to this Ethereum address: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.
Upon receiving the transfer, we agree to release from any and all liability regarding the attack.
We are working with security firms and law enforcement at this stage. If we do not hear from you by 00:00 UTC, 14th Feb 2025, we will proceed with the next steps to track and prosecute you.
Another ongoing security incident on zkLend at Starknet…
Take needed precautions. Better stay safe than sorry anyways.
More info: https://x.com/officer_cia/status/1889435724757475555?12
UPD: zkLend officially admitted that it had been hacked, saying that the hacker could keep 10% of the funds as a white hat bounty and send the remaining 90% (3,300 ETH) back. The withdrawal function on the zklend protocol has been suspended.
#security #alert
Urgent! 🚨 🚨
Open Ocean Limit Order Protocol on Base has been exploited, attacker's address:
0x5cc162c556092fe1d993b95d1b9e9ce58a11dbc9
Urgent Apple update! Please update your device immediately!
Update with a fix for an actively exploited vuln(s): iOS 18.3.1 and iPadOS 18.3.1
Post: https://x.com/officer_cia/status/1889060017992572947?s=46
More information: t.me/AppleActivelyExploited/210
#security #ios #macos #opsec
TrailOfBits spun out iVerify, a mobile malware detection company, about a year ago. So far, they've found 20+ installations of Pegasus on people's iOS phones, including some used for corporate espionage.
If you want to try it out, there's a basic version available on the iOS app store you can download today. Make sure you run a "Threat Hunt" after you install it -- this is the feature that is catching Pegasus. That’s important!
• https://apps.apple.com/us/app/iverify-basic/id1466120520
iVerify found those Pegasus installations by inspecting sysdiagnose logs. These are debugging logs produced by iOS itself that provide a window into the lower level operation of the phone. Pegasus is a total operating system compromise.
iVerify has other methods available for security monitoring, including a local VPN that inspects traffic completely inside the mobile app, a custom DNS solution that checks resolutions of domain names, and an "Elite" tier of service.
If you want to try out this feature to inspect your own phone today, the sysdiagnose feature is available for free in the iVerify Basic app on the App Store.
#security #opsec
More information for my telegram users: https://securelist.com/sparkcat-stealer-in-app-store-and-google-play/115385/
#opsec #security
It's about the very project I've been developing for a long time.
We are ready to surpass all available on-chain investigation and analysis platforms in the market. No kidding.
DeepSeek has been hacked: all of their data in the public domain - secret keys, unencrypted chats, logs, and even the backend.
Researchers from wiz.io were performing a normal infrastructure check when they unintentionally uncovered a database that is fully open, allowing anyone to obtain access.
I cannot confirm or deny their conclusions at this time. But I think it's interesting enough news to share: x.com/officer_cia/status/1884740598579540060
#ai #news #security
🤺⚔️⚔️⚔️
• x.com/xyz_remedy/status/1879997126693818852?12
#security #ctf
@xyz_remedy CTF rules 🫡
Register here: https://ctf.r.xyz/?utm_source=Web3secNews&utm_medium=Banner&utm_campaign=CTF2025
#bugbounty #ctf #web3
Please boost my channel fam!
Link: /channel/officer_cia?boost
Thank you ❤️
#offtopic