11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
Another ongoing security incident on zkLend at Starknet…
Take needed precautions. Better stay safe than sorry anyways.
More info: https://x.com/officer_cia/status/1889435724757475555?12
UPD: zkLend officially admitted that it had been hacked, saying that the hacker could keep 10% of the funds as a white hat bounty and send the remaining 90% (3,300 ETH) back. The withdrawal function on the zklend protocol has been suspended.
#security #alert
Urgent! 🚨 🚨
Open Ocean Limit Order Protocol on Base has been exploited, attacker's address:
0x5cc162c556092fe1d993b95d1b9e9ce58a11dbc9
Urgent Apple update! Please update your device immediately!
Update with a fix for an actively exploited vuln(s): iOS 18.3.1 and iPadOS 18.3.1
Post: https://x.com/officer_cia/status/1889060017992572947?s=46
More information: t.me/AppleActivelyExploited/210
#security #ios #macos #opsec
TrailOfBits spun out iVerify, a mobile malware detection company, about a year ago. So far, they've found 20+ installations of Pegasus on people's iOS phones, including some used for corporate espionage.
If you want to try it out, there's a basic version available on the iOS app store you can download today. Make sure you run a "Threat Hunt" after you install it -- this is the feature that is catching Pegasus. That’s important!
• https://apps.apple.com/us/app/iverify-basic/id1466120520
iVerify found those Pegasus installations by inspecting sysdiagnose logs. These are debugging logs produced by iOS itself that provide a window into the lower level operation of the phone. Pegasus is a total operating system compromise.
iVerify has other methods available for security monitoring, including a local VPN that inspects traffic completely inside the mobile app, a custom DNS solution that checks resolutions of domain names, and an "Elite" tier of service.
If you want to try out this feature to inspect your own phone today, the sysdiagnose feature is available for free in the iVerify Basic app on the App Store.
#security #opsec
More information for my telegram users: https://securelist.com/sparkcat-stealer-in-app-store-and-google-play/115385/
#opsec #security
It's about the very project I've been developing for a long time.
We are ready to surpass all available on-chain investigation and analysis platforms in the market. No kidding.
DeepSeek has been hacked: all of their data in the public domain - secret keys, unencrypted chats, logs, and even the backend.
Researchers from wiz.io were performing a normal infrastructure check when they unintentionally uncovered a database that is fully open, allowing anyone to obtain access.
I cannot confirm or deny their conclusions at this time. But I think it's interesting enough news to share: x.com/officer_cia/status/1884740598579540060
#ai #news #security
🤺⚔️⚔️⚔️
• x.com/xyz_remedy/status/1879997126693818852?12
#security #ctf
@xyz_remedy CTF rules 🫡
Register here: https://ctf.r.xyz/?utm_source=Web3secNews&utm_medium=Banner&utm_campaign=CTF2025
#bugbounty #ctf #web3
Please boost my channel fam!
Link: /channel/officer_cia?boost
Thank you ❤️
#offtopic
Think you’ve got what it takes to dominate Web3 security?
The Remedy CTF 2025 by Hexens is here !!!
💰 $50K+ in prizes
🧠 Solve cutting-edge challenges
🌍 Gain global recognition
🚀 Unlock career opportunities
Registration: https://x.com/web3sec_news/status/1874743124054229155?s=46
#security #CTF #web3
Open-source tools, $200M+ secured, and $5.5M+ in bounties:
Read to the end for a hint—a special gift for security researchers is coming in 2025!
Here’s a short overview of 2024—and what’s next:
Glider is live and 100% free. We launched Glider with Ethereum Mainnet access for a limited group of researchers.
The result? Glider helped secure $200M+ in assets with just a small team of experts. In 2024, we’ll expand access and push Glider even further.
• Try here: buff.ly/3ZL7gDQ
• A case where Glider enabled a security researcher to elevate an issue to critical, unlocking a $1 million prize pool: buff.ly/4fzHI2g
• Another case for Glider: buff.ly/4iP5E4I
Engram: Privacy and Trust for All
Engram is an open-source tool enabling users to prove data validity and ownership—without exposing sensitive information.
Free, powerful, and built for everyone: https://r.xyz/engram
Bug Bounties: $5,514,520 in Rewards
We expanded our bug bounty programs to 17, offering a total of $5,514,520 in rewards.
Check bug bounties: https://r.xyz/bug-bounty/programs
Community Growth
Our community grew faster than ever in 2024. And for 2025 we’re starting strong:
From Jan 24–26, Remedy is giving researchers a chance to earn big by competing with other top minds (jeopardy style).
r.xyz: A home for elite hackers
At Remedy, we empower researchers with cutting-edge tools, knowledge, and resources to make real impact.
This is just the beginning.
2024 was incredible, but we’re scaling even bigger in 2025.
Stay tuned—this is only the start of what’s possible!
Adding one more dataset to the previous thread
36k smart contract vulnerabilities
https://github.com/tintinweb/smart-contract-vulndb
UPD: 39k https://github.com/tintinweb/smart-contract-vulndb/pull/2
Follow for more @ethers_officer
Dear friends, in case you didn't know, I'm now offering two new services!
1. If your money has been frozen on CEX and you're tired of seeking for a good lawyer, I recommend my good friend - I’ll leave contacts below this post. DM him @rata0x, get an awesome certified blockchain lawyer & on-chain sleuth!
2. You can order OpSec audits and trainings for yourself, your project, and your team directly from me. DM me @farm42 for inquiries!
• x.com/officer_cia/status/1864498090365079996?12
Please RT for visibility! Thank you 🙏
Ever wondered what the on-chain world looks like through Vitalik Buterin’s eyes? 👀
- View DeFi positions of your favorite whales
- Perform simulations as any address
- Explore Ethereum like never before
Check out this amazing tool: https://x.com/xyz_remedy/status/1869809053846704388?s=46
#crypto #web3
I tried to decompile it and kinda fell into some maze... and it's probably not written in Solidity, there calldata is not multiple of 32 bytes.
and there's only one function for all actions and it's called 0xb00b11e5, like "0x boobs!!!" lol 😂
#hack #alert #security
https://officercia.mirror.xyz/ZuT6zYuAsQYNnuVTGkejiWqhmT5U8qT9u56VGQFDi08
Читать полностью…
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap. Please take note that you are my referral!
#opsec #crypto
I see news about SpyWare all the time in the last couple years... people are really worried about Pegasus and other similar apps.
Below in the thread I will explain in details how you can find a spy app on your device!
• https://x.com/officer_cia/status/1888974167548055634?12
#opsec #security #privacy
GM fam! Please check out this post, it's very important for your OpSec!!!
Below I will explain how this can affect the risks and what you can do now to protect yourself! ⬇️
• https://x.com/officer_cia/status/1888884169092010456
The very first thing you should understand once you have found your place in the crypto-sphere or Web3 - never ever and under no circumstances save your seed phrases and private keys as photos in a gallery.
#opsec #security #privacy
GM!
If you want to enter seed round of a brand new AI-based analytics platform, reach me @farm42 or @rata0x out!
#offtopic #ai
Navigating Legal Risks in DeFi: Expert Insights from Dr. Rasit Tavus @rata0x of LegalBlock
Link: https://beincrypto.com/defi-legal-risks-dr-tavus-legalblock/
#security #defi
A really good chance for you guys to gain experience with UniswapV4 and build a hook on the hackaton. More about the program you can read by following the link below. The 2025 will have 4 of such incubators. Don't miss your chance:)
https://atrium.academy/uniswap
Please do not store photos of your seed phrase or private key on your phone! This is another reminder!
• https://x.com/officer_cia/status/1875867706949534050
#security #privacy
Think you’ve got what it takes to dominate Web3 security?
The Remedy CTF 2025 by Hexens is here!
💰 $50K+ in prizes
🧠 Solve cutting-edge challenges
🌍 Gain global recognition
🚀 Unlock career opportunities
Registration: https://ctf.r.xyz/?utm_source=Web3secNews&utm_medium=Banner&utm_campaign=CTF2025
Happy New Year! 🥳
This was a crazy year… I hope 2025 will be better!
The infamous DAO hack: $60M was lost in 2016...
Researchers have proposed Metamorphic Testing as a method to detect smart contract vulnerabilities with higher accuracy.
Here’s how it works, a thread:
• https://x.com/xyz_remedy/status/1871241639324172783
#security #audit
Check this out: https://officercia.mirror.xyz/dgKaZvBsP90fNc7YLtL-ibRIZYcbvTdtVPdmNoB6s_M
Lots of good infographics out there!
#web3 #security #audit
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
Link: t.me/addlist/uesom31GM1I4Yjgy
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
#crypto #web3
Btw thank you for a mention!
🫡🫡🫡
Link: www.osintteam.com/easily-find-osint-tools
#osint #opsec