By the way. I have launched a partnership with a service of crypto exchange to cash (and vice versa) - we work all over the world.

So if you need such services - I will be very glad! Proof: t.me/officer_cia/2873 just contact @Mr_Hermes1 and let me know if any issues. Been working with them for years.

#offtopic

Читать полностью…

Update your Apple devices!

Information by @AppleActivelyExploited : https://x.com/officer_cia/status/1912572867797246188?1

#security #opsec

Читать полностью…

Attention affected by pig butchering or romance scams!

@rata0x and I can help you. In most cases, the money is still on-chain and can be seized at exchanges.

If you or someone you know has been impacted, please reach out to us. We're here to help! 💪

P.S. If you have been a victim of drainer or phishing - write to us too. We'll do our best to help

• https://x.com/officer_cia/status/1912519176888992236

#security #investigation

Читать полностью…

General Security PSA: https://x.com/etn0m1/status/1911823583950622834?s=46

#security #opsec

Читать полностью…

If you are interested in getting Glider API for your project - shoot me a DM: @farm42

The only one working blockchain-scale automated smart contract analysis tool 👀

#offtopic

Читать полностью…

Someone built an MEV bot to frontrun the Wayfinder PROMPT airdrop claims on Kaito, stealing $200,000 in ETH from 'yappers'.

According to @Lgr20 (ETHSecurity chat), the PROMPT airdrop bug is due to the TokenTable contract having no input validation.

Anyone can snipe the Merkle proofs from the mempool and resubmit them with their own address.

Looks like the contract was never audited, was coded with ChatGPT.

• https://x.com/officer_cia/status/1910456123628413039?12

#security #alert #mev

Читать полностью…

Check out this extremely detailed graphical breakdown of “the journey of a smart contract” - 𝕏/@officer_cia

Читать полностью…

A MEV bot 0x49e27d11379f5208cbb2a4963b903fd65c95de09 has lost 116.7 ETH due to the lack of access control - https://x.com/officer_cia/status/1909496459088830740?s=46

#security #alert

Читать полностью…

Here are a few somewhat vetted CSO alerts TG chats & channel if someone’s interested: /channel/addlist/AwdPTTgW_6UxY2Vi

#security #privacy

Читать полностью…

Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!

Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!

Link: t.me/addlist/uesom31GM1I4Yjgy

#telegram #offtopic

Читать полностью…

Date: 2025-04-02
Bug bounty program was added to Remedy:
USDFC Bug Bounty by Secured Finance

Читать полностью…

The very first search result of Rabby wallet in Microsoft Bing is a phishing site!

It's time to set up an ad-blocker and jot down your must-visit websites in your notes app: https://x.com/officer_cia/status/1907189919639843227?s=46

#security #privacy

Читать полностью…

An investigation on topic: https://x.com/officer_cia/status/1906866848962077062?s=46

#security #investigation

Читать полностью…

Lmaoo 😅

• https://x.com/officer_cia/status/1906759967543382517?12

Читать полностью…

Literally 😅

Читать полностью…

https://officercia.mirror.xyz/Q00JH0s86d4KMS43cyqNxbl3VIM2s30qtwYfdSTXywE

Читать полностью…

Someone mined a 16 characters vanity address…

(Etherscan currently shows 17 characters as address preview)…

Such addresses are often used in two types of attacks. The first is address poisoning. The second is a clipper.

My thread: https://x.com/officer_cia/status/1912531979368640673?s=46

#security

Читать полностью…

Three Good Multisig Operations Tips: https://x.com/officer_cia/status/1912445368236654996?s=46

#security #privacy #opsec

Читать полностью…

The KiloEx Vault has been exploited. 7 million $ + loss…

The attacker’s main wallet address is:

0x00fac92881556a90fdb19eae9f23640b95b4bcbd

Attacker’s wallet addreses:
bnb/opbnb/base/Taiko/Bsquared & Manta

0x00faC92881556A90FdB19eAe9F23640B95B4bcBd
0x551f3110f12c763D1611d5A63B5F015d1c1a954C

• https://x.com/officer_cia/status/1912063743493615683?s=46

#alert #security

Читать полностью…

Between October'24 and March'25, the number of unique verified smart contracts deployed on Ethereum increased from 700k to 830k, an 18% growth in 5 months.

Empowered by Glider, Hexens team did something that wasn't possible before - analyzed the industry's development focus: https://x.com/hexensio/status/1910643443090457003

#web3 #defi

Читать полностью…

Yet another awesome tip for Bitcoiners: https://x.com/officer_cia/status/1910454162703409522?s=46

#security #opsec

Читать полностью…

Via CT: https://cointelegraph.com/news/mev-bot-180k-loss-access-control-exploit

#security #opsec #mev

Читать полностью…

Sammy shares his tips on how to use LLMs to boost audit speed & efficiency!

📅 April 9, 2025 | Wed
⏰ 14:00 GMT
📍 Discord: Remedy Community Events channel
🎙️With: Sammy

See you <3

Go to Discord to join

Читать полностью…

This device looks cool 👀 WDYT?

• https://x.com/officer_cia/status/1908599251145220543?s=46

#security #privacy

Читать полностью…

Exposing bombardiro crocodilo Crocodilus: New Device Takeover Malware Targeting Android Devices

Initial campaigns observed by our Mobile Threat Intelligence team show targets primarily in Spain and Turkey, along with several cryptocurrency wallets!

• https://x.com/officer_cia/status/1907481205043507452?s=46

#security #privacy

Читать полностью…

Deq was added on Remedy

- Max Bounty: $50,000
- Languages:
- Tags: #bugbounty

Start Date: 31-03-2025

X | Aggregation Platform | Telegram

Читать полностью…

A victim lost $510,294 due to copying the wrong address from transaction history!

Victim:
0x0d534863a71d5e68d5c919a4c2ef47c3a7a792c0

Fake address:
0x4049Ebf479Fa49924e120490d119f0827cAa9aeC

Legitimate address:
0x40491fe2bA81621475c894Ebe8bcad56C7da9aec

How transaction history poisoning works:

1. Scammer sends fake/dust transfer with similar address;
2. Their fake address appears in your history;
3. You copy address from history thinking it's legitimate;
4. Funds get sent to scammer instead.

How to stay protected:

1. Always double-check the addresses you're sending funds to;
2. Never copy addresses from transaction histories;
3. Use a wallet that supports whitelisting or bookmarks.

My article on topic: https://officercia.mirror.xyz/n-sXszeDoNU3wtUUxRQEYvxQlZ6loaFElILzm2gnMzw

#security #privacy

Читать полностью…

ZKLend hacker gets phished for 2,930 ETH after trying to use a fake version of Tornado Cash - 𝕏/@officer_cia

Читать полностью…

Immediately update your Apple devices!

Update with a fix for an actively exploited vuln(s):
iPadOS 17.7.6, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, IOS 15.8.4, IPadOS 15.8.4, IOS 16.7.11, IPadOS 16.7.11, IPadOS 17.7.6

H/T @AppleActivelyExploited

• https://x.com/officer_cia/status/1906768145622135138?s=46

Читать полностью…

Solution and Precautions to prevent from this scam :

1. Stop Automatic Downloads from Chrome Settings:
•Open Chrome.
•Click the three dots in the top right → Settings → Privacy and Security → Site Settings.
•Scroll down and click Automatic Downloads under “Additional content settings.”
•Set “Do not allow sites to download multiple files automatically” to Block.
This prevents sites from downloading multiple files without your permission.

Clarification:

You will NOT get drained upon completing the "tick box" CAPTCHA.

After downloading, you woukd have to install the file as a 2nd step and thats when you get drained.

You can mitigate this issue by disabling auto-downloads on google chrome.

Link: https://x.com/officer_cia/status/1906756451563126921?s=46

#security #alert

Читать полностью…