11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
Hackers can steal 2FA codes and private messages from Android phones!
A thread: https://x.com/officer_cia/status/1978061395200483829?s=46
#security #opsec
The ultimate spot for killer discussions on today's market chaos? Right here in @lobsters_chat chat – nowhere else! 📈🔥
• https://x.com/officer_cia/status/1976854712474570825?s=46
Not an ad*
#offtopic
🌉 How Are Cross-Chain Bridges Hacked?
Cross-chain bridges are the link between blockchains, transferring assets and data. However, over the past few years, hackers have stolen more than $2.8 billion through them.
The main vulnerabilities are fake deposit events, errors in message verification, and the theft of private keys from admins or validators.
🔗 Details
Steam and Microsoft are urgently reacting to a Unity vulnerability - Valve is blocking launch parameters, Microsoft recommends deleting games!
A thread: https://x.com/officer_cia/status/1975158441669988858?123
#security #web2
Abracadabra money has been hacked for $1.7 million!
Attacker deposited all the stolen funds in Tornado cash.
Attacker: 0x1aaade3e9062d124b7deb0ed6ddc7055efa7354d
Exploit: 0xb8e0a4758df2954063ca4ba3d094f2d6eda9b993
• https://x.com/officer_cia/status/1974469956189512171?12
#security #alert
Why Startups Should Embrace Modern Apps: Ditch the Defaults for Better Alternatives!
In the fast-paced world of startups, efficiency, innovation, and cost-effectiveness are everything. Sticking to outdated or mainstream tools can hold you back - think clunky interfaces, limited features, and high costs.
Modern applications not only streamline workflows but also give you a competitive edge by being more intuitive, scalable, and often free or cheaper. Plus, exploring alternatives to the "big names" can uncover gems that are leagues ahead in functionality and user experience. Here's why it's crucial for startups to level up, with some killer swaps:
Startup Essentials:
➡️ Keynote → Prezi.com: Ditch static slides for dynamic, interactive presentations that wow investors and teams.
➡️ G-docs → Ddocs.new: Say goodbye to basic docs - get advanced collaboration with AI-powered features for faster drafting.
➡️ Slack → Telegram: Move beyond chat overload to a secure, bot-friendly platform with unlimited channels and seamless integrations.
Crypto Tools (for those in the blockchain game):
➡️ MetaMask → Rabby: Upgrade your wallet security and usability with multi-chain support and anti-phishing smarts.
➡️ Ledger → Gridplus: Hardware wallets evolved - better UX, more features, and enhanced protection for your assets.
➡️ Etherscan → Blockchair: Explore blockchains deeper with multi-network scanning and superior analytics.
Startups thrive on agility - don't settle for the status quo. Try these alternatives and watch your productivity soar! What's your favorite underrated app?
• https://x.com/officer_cia/status/1973702925982527711
#tool
Dear subscribers,
If you enjoy my content and want to help keep it ad-free, please consider supporting my work through donations. Your contributions will allow me to dedicate more time to crafting in-depth articles and sharing even more valuable insights.0x1191b7d163bde5f51d4d2c1ac969d514fb4f4c62 or officercia.eth - all supported EVM chains;17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU or bc1q75zgp5jurtm96nltt9c9kzjnrt33uylr8uvdds - Bitcoin;BLyXANAw7ciS2Abd8SsN1Rc8J4QZZiJdBzkoyqEuvPAB - Solana;0zk1qydq9pg9m5x9qpa7ecp3gjauczjcg52t9z0zk7hsegq8yzq5f35q3rv7j6fe3z53l7za0lc7yx9nr08pj83q0gjv4kkpkfzsdwx4gunl0pmr3q8dj82eudk5d5v - Railgun;TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN - TRX;4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - XMR;DQhux6WzyWb9MWWNTXKbHKAxBnAwDWa3iD - Doge;UQBIqIVSYt8jBS86ONHwTfXCLpeaAjgseT8t_hgOFg7u4umx - TON.
As a reminder, I'm also available for personalized OpSec audits and training sessions - tailored for individuals, projects, or entire teams. Thank you so much for your generosity and ongoing support!
• https://x.com/officer_cia/status/1973358613629485311?s=46
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File!
The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is initiated by sending a specially crafted malicious (DNG) image file to a victim’s WhatsApp account.
As a “zero-click” attack, the vulnerability is triggered automatically upon receipt of the malicious message, making it particularly dangerous as victims have no opportunity to prevent the compromise.
This zero-click RCE vulnerability poses a severe threat to users of WhatsApp on multiple Apple devices, including iPhones, Mac computers, and iPads.
A successful exploit could grant an attacker complete control over a device, enabling them to access sensitive data, monitor communications, and deploy further malware. The stealthy nature of the attack means a device could be compromised without any visible indicators!
• https://x.com/officer_cia/status/1972673288712093948?s=46
#security #alert
A threat actor stole 8 X Hypurr NFTs airdropped to compromised wallets on HyperEVM in the past hour profiting ~$400K
0x72785D42874E965086829eA789a703fe1a5238df
Today, hyperdrivedefi became a victim of an exploit. The attacker repeatedly exploited an arbitrary call in the router to take users' funds of 672,934 USDT0 and 110,244 thBILL, ~$782K in total.
Source: @EthSecurity1
Rt: https://x.com/officer_cia/status/1972322912784011425?s=46
#security
Augmented Reality Glasses Integrated for On-Chain Sleuths
• https://x.com/officer_cia/status/1971836906372473191?s=46
#security #investigation
Optimizing the Auditing Process in Your Auditing Company
Link: https://officercia.mirror.xyz/juo1TVbBJ17zI5nPUAsUWA3J74K610kjqWd1YdSHGlo
Please vote for me in Nominee Selection of the arbitrum Security Council!
• https://x.com/officer_cia/status/1971257063755178355?s=46
#security
Dear subscribers: I have a few spots available for OpSec audits and training!
Every day, numerous individuals become targets of scammers, criminals, malware, and phishing schemes within the Web3 space. If you hold or manage significant amounts of cryptocurrency, an OpSec audit can be beneficial for you!
I offer services to both projects and individual clients, so please DMe me whether you are representing a project or an individual! I'd be happy to teach you everything I know.
In this audit, we will explore secure methods for managing crypto, identify the right tools to use, and understand how to work with delegation software and multisig setups. We will specifically focus on how to mitigate emerging threats and recognize the most common attack vectors.
My customers include ResolvLabs , Pear Protocol, and several significant traders that prefer to stay secret.
Important: I do not simply read out boring facts and information; I ensure that you completely understand the content and will utilize my OpSec recommendations in your work. The course schedule is also flexible, so it will be convenient for you. Furthermore, after completing the course, you may contact me at any time for guidance on any security issues.
• https://x.com/officer_cia/status/1968136203682615529?123
#opsec
Compound v2 DeFi Integration: Specifications
• https://x.com/officer_cia/status/1970540452668449028?s=46
#security #audit
⚡️ Samsung smartphones are turning into "bricks" en masse after the One UI 8 update.
Here are some methods to revive your Samsung after the One UI 8 brick update: https://x.com/officer_cia/status/1977010301015871732?s=46
#offtopic
Astera has experienced an exploit.
Users are advised not to trade asUSD at this time as liquidity pool fees have been increased as part of the response.
More information soon: https://x.com/officer_cia/status/1976273481391362251?s=46
#security #alert
Glider is now available for all whitehats.
https://x.com/xyz_remedy/status/1975555214351737093
Please boost my channel fam!
Link: /channel/officer_cia?boost
Thank you ❤️
#offtopic
Dear followers, I have a few spots available for OpSec audits and training!
I offer services to both projects and individual clients, so please DMe me whether you are representing a project or an individual!
In this audit, we will explore secure methods for managing crypto, identify the right tools to use, and understand how to work with delegation software and multisig setups. We will specifically focus on how to mitigate emerging threats and recognize the most common attack vectors.
• https://x.com/officer_cia/status/1974445857496846465?s=46
#security #opsec
According to @zachxbt, on September 24, 2025 addresses linked to SBI Crypto saw ~$21M in suspicious outflows on Bitcoin, Ethereum, Litecoin, Doge, & Bitcoin Cash.
The stolen funds were transferred to five instant exchanges and deposited to Tornado Cash. Interestingly several indicators share similiarities to other known DPRK attacks.
SBI Crypto is a mining pool that's a subsidiary of SBI Group, a publicly traded company in Japan.
As of now it does not appear they have publicly disclosed the incident.
Theft addresses:
0x40d76a78ddba2ea81fb0f9fba147a08bcfc2b866
bc1qx0a2kfjd7eweczv8xqjm6rggm40v0nkhfss78l
qpv9nh5ktagsmtkqle8z2w4dd3mksskpmy499z7c9k
ltc1qjyrn9p803efj3p8a0g3fmlevs45kq704ns363t
DRiEQuJ9pt3GgNraQmHVTjNg4B7uv1XuGb
• https://x.com/officer_cia/status/1973393644456395054?s=46
#security
📱 Dangerous WhatsApp 0-Click Vulnerability
Researchers have identified a vulnerability in WhatsApp that allows an attacker to hack a device through a specially crafted malicious DNG file.
The attack occurs without any user interaction — the malicious message triggers automatically upon receipt.
This makes the vulnerability especially dangerous for data security and privacy in Web3.
🔗 Details
Exploring the Potential for Life in the Internet and Blockchain
• https://x.com/officer_cia/status/1972664625641496699?s=46
#ai
Victim: 0xa522572cf63e6ceed49db6c77cd9ec76c1d47d09
Network: hyperliquid
Attacker: 0x9bb54e918cca826f5ead55bf4641c693ce3ce316
Exploit: 0x19644bd811542069e36d70101d113f7ea1d9393d
Attack flow:
• The call trace shows a complex chain of delegatecalls through upgradeable proxies and price‐feed adapters culminating in a borrowing operation.
• The attacker appears to manipulate the collateral valuation (via multiple manipulated latestRoundData and getLastUpdateDetails calls) to trigger an undercollateralized borrow.
• The core exploit is executed in the vulnerable borrow() function (in the contract at 0xc627...13d6) where funds are transferred out via HyperliquidExtension::transfer to the attacker’s controlled Receiver.
• The final transfer of all funds to the Receiver indicates that the attacker drains the protocol using the borrow flow.
Source: @defimon_alerts
Rt: https://x.com/officer_cia/status/1972324317619691964
An Ultimate Guide on Wikipedia Marketing & Reputation Management
• https://x.com/officer_cia/status/1972318461557649544?s=46
#offtopic
Griffin AI exploited for ~$3M through LayerZero vulnerability: https://x.com/guardrailai/status/1971612441370148923?s=46
#security
Optimizing the Auditing Process in Your Auditing Company
• https://x.com/officer_cia/status/1971538884556194065?s=46
#audit #security
More details regarding UXLINK hack: https://x.com/guardrailai/status/1970844469013692604
#security #investigation
Top 5 Underrated OpSec Tools for Blockchain Pros in 2025 🛡️
As a threat researcher, these saved me time & assets: https://x.com/officer_cia/status/1970822002488262883?s=46
#security
Vote for me in Nominee Selection of the Security Council!
• https://www.tally.xyz/gov/arbitrum/council/security-council/election/4/round-1/candidate/0x391cF05fb66DF7dD46E34da0Ebf9c74e3b663c45
#offtopic