11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
Vote for me in Nominee Selection of the Security Council!
• https://www.tally.xyz/gov/arbitrum/council/security-council/election/4/round-1/candidate/0x391cF05fb66DF7dD46E34da0Ebf9c74e3b663c45
#offtopic
A $2M exploit hit $NGP
Here's how it went down...
• https://x.com/guardrailai/status/1970202278536638807?s=46
#security
in this tx , the hacker changed the owner to: 0x2EF43c1D0c88C071d242B6c2D0430e1751607B87
#security
Unveiling Messenger Weaknesses: Understanding How Hackers Can Infiltrate and Compromise Your Device
• https://x.com/officer_cia/status/1970017777944502460
#security #opsec
Security challenges have recently become extremely acute. But what if you're abroad, have run out of cash, and need to cash out your cryptocurrencies immediately? Or simply need to purchase or sell bitcoin or USDT?
I'd like to remind you about my friendly exchanger, which likewise thoroughly examines cryptocurrency for purity.
Works in practically all countries in the world 🌍Personally, I have used their services several times and never had any issues. Everything is as trustworthy and secure as possible.
Withdrawal and input methods include cash, bank cards, and other bank transfers. Different currencies. 💵
Contact: t.me/Mr_Hermes1
I've known these guys for years and have never heard of any problems related to the swap. Please take note that you are my referral!
#opsec #crypto
Chainlink VRF Secure Integration Tips: Specifications
• https://x.com/officer_cia/status/1969316151462105515?s=46
#security #audit
How to Build a Bulletproof Smart Contract Security Pipeline
• https://x.com/officer_cia/status/1968948816347869324?s=46
#security #audit
Someone lost $6.28M in stETH and aEthWBTC after signing multiple phishing “permit” signatures!
Victim:
0x0d18D7C855668EB1Ba06005b199838F38E00D7e3
Scammers:
0xa2e8Dfc32767f43611ABb43F66308E7Eb9C224F8
0x1623915E35Ed39Bfa381010Ce224f89734889aC9
The victim wallet had been active for 4.5 years, trading and investing across DeFi, with significant activity on protocols like Lido and Aave. Despite this long history, malicious approvals led to multiple draining transactions that wiped out the wallet.
The victim was definitely using one of the wallets, which shows that 'built-in' wallet protection wasn't efficient.
• https://x.com/officer_cia/status/1968780421132374184?s=46
#security
Vote for me in Nominee Selection of the Arbitrum Security Council.
Voting is open from September 22nd, 2025 - 12:21 pm UTC until September 29th, 2025 - 12:21 pm UTC.
Member Election starts Oct 13, 2025.
• https://x.com/officer_cia/status/1968544721904497104?s=46
#defi
Dear subscribers: I have a few spots available for OpSec audits and training!
Every day, numerous individuals become targets of scammers, criminals, malware, and phishing schemes within the Web3 space. If you hold or manage significant amounts of cryptocurrency, an OpSec audit can be beneficial for you!
I offer services to both projects and individual clients, so please DMe me whether you are representing a project or an individual! I'd be happy to teach you everything I know.
In this audit, we will explore secure methods for managing crypto, identify the right tools to use, and understand how to work with delegation software and multisig setups. We will specifically focus on how to mitigate emerging threats and recognize the most common attack vectors.
My customers include ResolvLabs , Pear Protocol, and several significant traders that prefer to stay secret.
Important: I do not simply read out boring facts and information; I ensure that you completely understand the content and will utilize my OpSec recommendations in your work. The course schedule is also flexible, so it will be convenient for you. Furthermore, after completing the course, you may contact me at any time for guidance on any security issues.
• https://x.com/officer_cia/status/1968136203682615529?123
#security #opsec
Another NPM supply chain attack has occurred!
The package @ ctrl/tinycolor, which has 2.2 million weekly downloads, released malicious versions that execute an infostealer during the npm postinstall process to search for and exfiltrate sensitive information. The malicious payload exploits TruffleHog, a legitimate secret scanning tool.
Make sure to verify if you've installed the affected versions, halt any ongoing installations or updates, and revert to known safe releases.
A thread ⬇️
• https://x.com/officer_cia/status/1967774636709433806?s12
#security
The kame_agg advised all users to revoke token approvals for the following contracts immediately:
0x14bb98581Ac1F1a43fD148db7d7D793308Dc4d80
0x1415E8eeC45DAE07E7bBdf57A88ea0a309233617
How to revoke:
1. Go to RevokeCash
2. Connect your wallet
3. Search for each of the contract addresses listed above
4. Revoke any token approvals associated with them
5. Confirm the transactions in your wallet
• https://x.com/officer_cia/status/1966696831837966347?1
#security
Blockchain in Space & Interplanetary Payments
• https://x.com/officer_cia/status/1966572200313713090?87
#security
Yesterday an unknown victim was exploited for ~3.047M USDC on Ethereum.
The attacker swapped USDC for ETH and immediately deposited the funds to Tornado - @zachxbt
Theft address
0xf0a6c5b65a81f0e8ddb2d14e2edcf7d10c928020
• x.com/officer_cia/status/1966156618808307740
#security
Top 5 Secure Phones to Consider in 2025: A Comprehensive Guide to Privacy & Safety
Link: https://officercia.mirror.xyz/geVonXlnHv4dC3px2X6D1GrKsbkC8k-peEJKa-stNQQ
How Cross-Chain Bridges are Hacked?
Link: https://officercia.mirror.xyz/IvG5yxJrLviq0bT9CXMx8lQ-ZGOBomYbeizMEzp6n40
How Cross-Chain Bridges are Hacked?
• https://x.com/officer_cia/status/1970223065045803450?s=46
#security
Suspicious activity totaling $15 million linked to UXLINKofficial has been detected!
One Ethereum address performed a delegateCall, revoked the admin privileges, and invoked the "addOwnerWithThreshold" function prior to moving out $4 million in USDT, $500,000 in USDC, 3.7 WBTC, and 25 ETH.
The USDC and USDT were all converted to DAI on the Ethereum blockchain, whereas USDT on Arbitrum was exchanged for ETH and then transferred across to the Ethereum network.
Shortly afterward, a different address acquired 10 million UXLINK tokens (valued at around $3 million), started exchanging them, but continues to retain approximately $2.2 million worth that hasn't been swapped yet (process is still in progress).
• https://x.com/officer_cia/status/1970170817721102687?s=46
#security #alert
Phishing Scheme Involving Fake GitHub Grants!
A new phishing attack is on the rise, utilizing fake GitHub accounts to create bogus projects and generate up to 500 fraudulent issues.
The emails appear to originate from a legitimate GitHub address, but the link directs users to a deceptive site, github-fundation[.]com, where they attempt to link your wallet.
Open source projects, such as Soldeer, are being specifically targeted, putting numerous accounts at risk.
• https://x.com/officer_cia/status/1969847766550769809?s=46
#security #alert
AAVE V3 DeFi Integration: Specifications
• https://x.com/officer_cia/status/1969654966420742300?s=46
#security #audit
How to Build a Bulletproof Smart Contract Security Pipeline
Link: https://officercia.mirror.xyz/5cFKdLDatCdIDGljd7GOV-DDgDuc_emQHwgDaW6bF9g
Join my own telegram chat!
• t.me/+C6RfnbB33AYzNGIy
#security
Modern Defense Tactics in the Cryptocurrency Sector: 5 Simple Suggestions
• https://x.com/officer_cia/status/1968730597284602017?s=46
#opsec
Samsung device users urged to update software due to critical security flaw!
Vulnerability – CVE-2025-21043 – could be exploited by an attacker to remotely gain access to devices and install malicious code without the users knowing it. If left unfixed, cyber criminals could steal confidential data and drain bank accounts.
Devices that need to be updated include Samsung’s flagship devices such as the Galaxy S25 and the Galaxy Z Fold7, as well as the Galaxy A56 5G.
More here: https://x.com/officer_cia/status/1968137917462659264?67
#security
Check out this curated list of amazing TG channels I've compiled to help you explore them like your own personal Web3-Google!
You can also use this folder to introduce your non-Web3 friends to the world of Web3, as most of the channels are run by independent researchers. Plus, you'll find extra channels for news, crypto X reviews, and much more!
Link: t.me/addlist/uesom31GM1I4Yjgy
You've undoubtedly heard that it's feasible to locate someone in nearby rooms due to Wi-Fi signal interference. This idea hasn't really advanced past theoretical debates, though.
In addition to making this tracking simple, a team has now developed a fantastic open-source tool that enables real-time posture and little movement monitoring (assuming that arm and leg positions are considered minor).
It appears to be quite impressive!
• https://x.com/officer_cia/status/1967661835164729431?98
#opsec
ShibaSwap hacked for $1.7 million!
• https://x.com/officer_cia/status/1966578944376721511
#security #alert
Evoq Finance was drained for $390k on BSC (recently)
Another DeFi protocol falls victim to a critical vulnerability. Let's break down what went wrong and how attackers pulled off this massive exploit.
• https://x.com/guardrailai/status/1966186162600685974?89277
#security #investigation
Top 5 Secure Phones to Consider in 2025: A Comprehensive Guide to Privacy & Safety
• https://x.com/officer_cia/status/1965937223255097543?90
#security #privacy #opsec
In 2021, I discovered & re-created a mind-blowing project on physical privacy! 🤯 Imagine a custom cap with infrared diodes to hide from surveillance cameras!
It was an incredible experience, but sadly, not enough buyers. Just stumbled upon an old video from that time...
Do you think there's a demand for devices like this? 🤔
• https://x.com/officer_cia/status/1965541333952856088?s=46
#security #opsec #privacy