11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
Root cause: https://x.com/xyz_remedy/status/1903172169531543827?s=46
#security #investigation
Interesting read 👀
Link: https://www.dlnews.com/research/internal/defi-platforms-return-lazarus-swap-fees/
#security #investigation
GM! With all the recent talk around Safe and delegatecall risks, I was looking into ways to prevent or better control delegatecalls to untrusted contracts.
What do you think?
• https://x.com/officer_cia/status/1902263385229570113?s=46
#security #web3
Deep hardware wallet testing for security-conscious developers and protocols ⬇️
• https://x.com/patrickalphac/status/1902225293336576314?s=46
#security #opsec
You asked, I delivered– the legendary chat room is back! 🚀 The last one may be history, but this time, let’s make it last. Join the fun! 🎉
Link: t.me/+C6RfnbB33AYzNGIy
#opsec #ai #web3 #crypto #offtopic
Last week, multiple suspicious sandwich trades were executed in Uni V3 (6 sandwiches for $750k in 5 minutes)
Short thread about the research
https://x.com/muststopye/status/1901908053911322716
tool from last post in thread: https://payload.de/
Tokenomics simulators, transaction simulators ⬇️
• https://x.com/officer_cia/status/1901338291888095676?s=46
#offtopic #web3
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
Link: t.me/addlist/uesom31GM1I4Yjgy
#telegram #offtopic
A high confidence Tornado Cash demix for the theft reveals DPRK purchased 437.6B PEPE ($3.1M) on March 11, 2025 after withdrawing ETH from Tornado Cash
0x7A7DDa0eBFF13eB014F763D05e7784B36418022F
Trezor Reveals Potential Vulnerability in Older Safe 3 Crypto Wallets !
Trezor disclosed a potential vulnerability in its Safe 3 wallet after Ledger identified a supply chain attack using voltage glitching.
The attack requires physical access and advanced skills, making it unlikely for widespread exploitation. Newer Trezor models, including Safe 5, are unaffected. Users are advised to buy from official sources, use strong PINs, enable passphrases, and keep firmware updated.
• https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger
#opsec #security
Use glide.r.xyz 👀
• https://x.com/xyz_remedy/status/1897517866137665680?s=46
#security #audit
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap.
#opsec #crypto
This was a 0day 😳
• https://cyberinsider.com/apple-patches-zero-day-flaw-used-in-targeted-iphone-attacks/
#security #apple
Please immediately update your Apple devices!
Information: https://x.com/officer_cia/status/1899530366458737047
And here: @AppleActivelyExploited
#security #macos #ios
Another telegram scam ongoing!
Bots request to connect presumably every Telegram account with an anonymous number to some website that redirects to a "hacking"-themed Telegram channel
If you didn't request this, use the 'Decline' button or ignore this message.
My suggestion: simply ignore it. That’s a scam, but some people might get scared that they are hacked or something…
Link: https://x.com/officer_cia/status/1899363823036813541?s=46
#opsec #telegram
It looks like zoth has been hacked… 8,3 M$ gone.
Hacker’s address & more information ⬇️
• https://x.com/officer_cia/status/1903035914932179228?12
#security #alert
Announcing the debut of a new service!
Now you can contact me and my friend @rata0x for legal services and advice. We've known my dear friend @rata0x for 5 years, and we've helped a lot of individuals in the most desperate situations!
So, if you need to:
1. Resolve the issue of unauthorized blocking of funds on the exchange.
2. You have had a huge sum of money stolen from you and must immediately block it on exchanges and return it as soon as possible.
3. You or your project require legal assistance and advice.
Contact @rata0x ! When I refer him, I use my name because I've worked with him for a long time and know him well.
The last year two different people were strugling to find a lawyer who can really unblock their frozen funds at some big tier1 exhanges, after trying numerous lawyers they finally reached me out, l recommended @rata0x and he was succesfully was able to solve their legal problem and save their funds!
#legal #aml #investigation
Pectra Upgrade Community Hangout!
Join us today to discuss the Ethereum Pectra Upgrade from a security perspective:
📅 March 19, 2025 | Today
⏰ 15:00 GMT | in 3 hours
📍 Discord: Remedy Community Events channel
Bring a drink, get comfy, and let’s chat! ☕
Go to Discord to join.
New Malware Alert — Microsoft warns of StilachiRAT, a stealthy remote access trojan that:
• Steals browser passwords & clipboard data;
• Targets crypto wallets;
• Executes remote commands & monitors RDP sessions;
• Evades detection by clearing event logs.
• https://x.com/officer_cia/status/1902036244479230132?s=46
#security #opsec
Current state of on-chain privacy solutions ⬇️
• https://x.com/officer_cia/status/1901947962973946023?s=46
#security #privacy #web3
Yet another awesome OpSec rule:
Don't let perfect be the enemy of good.
100% solutions are rare in cybersecurity. Security solutions, each with their own shortcomings, are OK when layered together to supplement coverage.
Quoting Kerckhoff's principle, "A cryptosystem should remain secure even if everything about the system, except the key, is public."
If revealing a system substantially increases its risk of being broken, then perhaps it needs to be rethought.
• https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
#opsec #privacy #security
Edit by @zachxbt: A closer analysis reveals DPRK got rugged by using a compromised Tornado Cash UI.
Three other instances of TC withdrawals that purchased PEPE which.
0x5d3a17a828aeb89729299ba5dd72200295b00df0
0x921213AB8cB18E0487B41DfFf18E39836FD19f04
0x77793F723A5538972A566D701cc7FBd32770CC96
Security researcher discovered a Prompt Injection on VirusTotal.
Could this be used as a form of social engineering to trick users into thinking a file is safe when it's not?
File hash: 1d30bfee48043a643a5694f8d5f3d8f813f1058424df03e55aed29bf4b4c71ce
Lazarus Group deposits 400 ETH (~$750K) into Tornado Cash, linked to February’s $1.4B Bybit hack, while deploying new “BeaverTail” malware targeting browsers and crypto wallets: https://x.com/officer_cia/status/1900126714086183378?1
#security #investigation
30 minutes ago, a victim lost $1.82M worth of cUSDCv3 due to phishing transaction signatures…
• https://x.com/officer_cia/status/1899730170338009127?12
#security #opsec
You asked, I answered – the legendary chat room is back! 🚀 The last one may be history, but this time, let’s make it last. Join the fun! 🎉
Link: t.me/+C6RfnbB33AYzNGIy
#opsec #ai #web3 #crypto #offtopic
This is an excellent in-depth technical report on the Bybit hack ⬇️
• https://x.com/officer_cia/status/1899539212627570689?s=46
#security #investigation
Attack on DFC Token and BUSD-DFC PancakePair
The custom implementation of DFC.transfer() allows tokens to be burned directly from the BUSD-DFC liquidity pool. This violates the contract’s assumption that the pair’s balance cannot decrease between function calls, ultimately enabling the withdrawal of the entire liquidity pool.
The attacker initiated a large BUSD flash loan, swapping most of the DFC tokens out of the liquidity pool while burning the remaining tokens. This caused the BUSD price to collapse to nearly zero. Finally, the attacker was able to swap the entire BUSD balance essentially for free.
Warning: Ongoing scam in telegram!
1. Scammers message you, offering to buy your username via Fragment.
2. A deep link through a bot opens a phishing site that looks like Fragment. Since Telegram opens it within the bot's frame, it appears native, making users think it's an official Telegram feature.
3. Then, a payment button for the transaction fee drains your balance.
Link: https://x.com/officer_cia/status/1899358689867288847?s=46
#security #telegram