11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
Augmented Reality Glasses Integrated for On-Chain Sleuths
• https://x.com/officer_cia/status/1971836906372473191?s=46
#security #investigation
Optimizing the Auditing Process in Your Auditing Company
Link: https://officercia.mirror.xyz/juo1TVbBJ17zI5nPUAsUWA3J74K610kjqWd1YdSHGlo
Please vote for me in Nominee Selection of the arbitrum Security Council!
• https://x.com/officer_cia/status/1971257063755178355?s=46
#security
Dear subscribers: I have a few spots available for OpSec audits and training!
Every day, numerous individuals become targets of scammers, criminals, malware, and phishing schemes within the Web3 space. If you hold or manage significant amounts of cryptocurrency, an OpSec audit can be beneficial for you!
I offer services to both projects and individual clients, so please DMe me whether you are representing a project or an individual! I'd be happy to teach you everything I know.
In this audit, we will explore secure methods for managing crypto, identify the right tools to use, and understand how to work with delegation software and multisig setups. We will specifically focus on how to mitigate emerging threats and recognize the most common attack vectors.
My customers include ResolvLabs , Pear Protocol, and several significant traders that prefer to stay secret.
Important: I do not simply read out boring facts and information; I ensure that you completely understand the content and will utilize my OpSec recommendations in your work. The course schedule is also flexible, so it will be convenient for you. Furthermore, after completing the course, you may contact me at any time for guidance on any security issues.
• https://x.com/officer_cia/status/1968136203682615529?123
#opsec
Compound v2 DeFi Integration: Specifications
• https://x.com/officer_cia/status/1970540452668449028?s=46
#security #audit
How Cross-Chain Bridges are Hacked?
Link: https://officercia.mirror.xyz/IvG5yxJrLviq0bT9CXMx8lQ-ZGOBomYbeizMEzp6n40
How Cross-Chain Bridges are Hacked?
• https://x.com/officer_cia/status/1970223065045803450?s=46
#security
Suspicious activity totaling $15 million linked to UXLINKofficial has been detected!
One Ethereum address performed a delegateCall, revoked the admin privileges, and invoked the "addOwnerWithThreshold" function prior to moving out $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH.
The USDC and USDT were all converted to DAI on the Ethereum blockchain, whereas USDT on Arbitrum was exchanged for ETH and then transferred across to the Ethereum network.
Shortly afterward, a different address acquired 10 million UXLINK tokens (valued at around $3 million), started exchanging them, but continues to retain approximately $2.2 million worth that hasn't been swapped yet (process is still in progress).
• https://x.com/officer_cia/status/1970170817721102687?s=46
#security #alert
Phishing Scheme Involving Fake GitHub Grants!
A new phishing attack is on the rise, utilizing fake GitHub accounts to create bogus projects and generate up to 500 fraudulent issues.
The emails appear to originate from a legitimate GitHub address, but the link directs users to a deceptive site, github-fundation[.]com, where they attempt to link your wallet.
Open source projects, such as Soldeer, are being specifically targeted, putting numerous accounts at risk.
• https://x.com/officer_cia/status/1969847766550769809?s=46
#security #alert
AAVE V3 DeFi Integration: Specifications
• https://x.com/officer_cia/status/1969654966420742300?s=46
#security #audit
How to Build a Bulletproof Smart Contract Security Pipeline
Link: https://officercia.mirror.xyz/5cFKdLDatCdIDGljd7GOV-DDgDuc_emQHwgDaW6bF9g
Join my own telegram chat!
• t.me/+C6RfnbB33AYzNGIy
#security
Modern Defense Tactics in the Cryptocurrency Sector: 5 Simple Suggestions
• https://x.com/officer_cia/status/1968730597284602017?s=46
#opsec
Samsung device users urged to update software due to critical security flaw!
Vulnerability – CVE-2025-21043 – could be exploited by an attacker to remotely gain access to devices and install malicious code without the users knowing it. If left unfixed, cyber criminals could steal confidential data and drain bank accounts.
Devices that need to be updated include Samsung’s flagship devices such as the Galaxy S25 and the Galaxy Z Fold7, as well as the Galaxy A56 5G.
More here: https://x.com/officer_cia/status/1968137917462659264?67
#security
Check out this curated list of amazing TG channels I've compiled to help you explore them like your own personal Web3-Google!
You can also use this folder to introduce your non-Web3 friends to the world of Web3, as most of the channels are run by independent researchers. Plus, you'll find extra channels for news, crypto X reviews, and much more!
Link: t.me/addlist/uesom31GM1I4Yjgy
Griffin AI exploited for ~$3M through LayerZero vulnerability: https://x.com/guardrailai/status/1971612441370148923?s=46
#security
Optimizing the Auditing Process in Your Auditing Company
• https://x.com/officer_cia/status/1971538884556194065?s=46
#audit #security
More details regarding UXLINK hack: https://x.com/guardrailai/status/1970844469013692604
#security #investigation
Top 5 Underrated OpSec Tools for Blockchain Pros in 2025 🛡️
As a threat researcher, these saved me time & assets: https://x.com/officer_cia/status/1970822002488262883?s=46
#security
Vote for me in Nominee Selection of the Security Council!
• https://www.tally.xyz/gov/arbitrum/council/security-council/election/4/round-1/candidate/0x391cF05fb66DF7dD46E34da0Ebf9c74e3b663c45
#offtopic
A $2M exploit hit $NGP
Here's how it went down...
• https://x.com/guardrailai/status/1970202278536638807?s=46
#security
in this tx , the hacker changed the owner to: 0x2EF43c1D0c88C071d242B6c2D0430e1751607B87
#security
Unveiling Messenger Weaknesses: Understanding How Hackers Can Infiltrate and Compromise Your Device
• https://x.com/officer_cia/status/1970017777944502460
#security #opsec
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap. Please take note that you are my referral!
#opsec #crypto
Chainlink VRF Secure Integration Tips: Specifications
• https://x.com/officer_cia/status/1969316151462105515?s=46
#security #audit
How to Build a Bulletproof Smart Contract Security Pipeline
• https://x.com/officer_cia/status/1968948816347869324?s=46
#security #audit
Someone lost $6.28M in stETH and aEthWBTC after signing multiple phishing “permit” signatures!
Victim:
0x0d18D7C855668EB1Ba06005b199838F38E00D7e3
Scammers:
0xa2e8Dfc32767f43611ABb43F66308E7Eb9C224F8
0x1623915E35Ed39Bfa381010Ce224f89734889aC9
The victim wallet had been active for 4.5 years, trading and investing across DeFi, with significant activity on protocols like Lido and Aave. Despite this long history, malicious approvals led to multiple draining transactions that wiped out the wallet.
The victim was definitely using one of the wallets, which shows that 'built-in' wallet protection wasn't efficient.
• https://x.com/officer_cia/status/1968780421132374184?s=46
#security
Vote for me in Nominee Selection of the Arbitrum Security Council.
Voting is open from September 22nd, 2025 - 12:21 pm UTC until September 29th, 2025 - 12:21 pm UTC.
Member Election starts Oct 13, 2025.
• https://x.com/officer_cia/status/1968544721904497104?s=46
#defi
Dear subscribers: I have a few spots available for OpSec audits and training!
Every day, numerous individuals become targets of scammers, criminals, malware, and phishing schemes within the Web3 space. If you hold or manage significant amounts of cryptocurrency, an OpSec audit can be beneficial for you!
I offer services to both projects and individual clients, so please DMe me whether you are representing a project or an individual! I'd be happy to teach you everything I know.
In this audit, we will explore secure methods for managing crypto, identify the right tools to use, and understand how to work with delegation software and multisig setups. We will specifically focus on how to mitigate emerging threats and recognize the most common attack vectors.
My customers include ResolvLabs , Pear Protocol, and several significant traders that prefer to stay secret.
Important: I do not simply read out boring facts and information; I ensure that you completely understand the content and will utilize my OpSec recommendations in your work. The course schedule is also flexible, so it will be convenient for you. Furthermore, after completing the course, you may contact me at any time for guidance on any security issues.
• https://x.com/officer_cia/status/1968136203682615529?123
#security #opsec
Another NPM supply chain attack has occurred!
The package @ ctrl/tinycolor, which has 2.2 million weekly downloads, released malicious versions that execute an infostealer during the npm postinstall process to search for and exfiltrate sensitive information. The malicious payload exploits TruffleHog, a legitimate secret scanning tool.
Make sure to verify if you've installed the affected versions, halt any ongoing installations or updates, and revert to known safe releases.
A thread ⬇️
• https://x.com/officer_cia/status/1967774636709433806?s12
#security