Golden Finance reports that the GitHub project polymarket-copy-trading-bot has been implanted with malicious code. This program automatically reads the user's wallet Private Key from the .env file upon startup and transmits it to the hacker's server through a hidden malicious dependency package excluder-mcp-package@1.0.4, resulting in asset theft.

ChainCatcher reports that SlowMist’s Yu Xian (@evilcos) has issued a warning about Web3 job seekers encountering malicious code traps during interviews. In this incident, an attacker impersonated @seracleofficial and asked the candidate to review and run code from Bitbucket. After the victim cloned the code, the program immediately scanned all local .env files and stole sensitive information such as private keys. SlowMist pointed out that this type of backdoor is a typical stealer, capable of collecting browser-saved passwords, crypto wallet mnemonics, private keys, and other private data. Experts emphasize that any review of suspicious code must be conducted in an isolated environment and not run directly on a real device to avoid attacks.

Golden Finance reports that Ethereum core developer Zak Cole stated in a post on the X platform on Tuesday that he became a victim of a malicious AI extension from Cursor AI, which allowed attackers to gain access to his Hot Wallet in three days and ultimately transfer funds. The developer installed a plugin called "contractshark.solidity-lang", which appeared to be legitimate - complete with a professional icon and descriptive text, and over 54,000 downloads - but secretly stole his private key. Cole stated that this plugin "read my .env file" and sent the private key to the attacker's server, allowing the attacker to access his Hot Wallet for three days before transferring funds on August 10.

Odaily Planet Daily News According to official news, Hedera announced the deprecation of the insecure Hedera Consensus Service (HCS) mirror node endpoint, aiming to continue to enhance security and ensure service reliability. It is reported that the API has been transitioned from the old hcs.＜env＞.mirrornode.hedera.com:5600 endpoint to the new ＜env＞.mirrornode.hedera.com:443 endpoint. Old SDK versions are also affected by this change because they use the old HCS mirror node endpoint. The deprecation schedule is: 1. Preliminary notice: Week of June 10 2. Mid-term reminder: Week of September 9 3. Actual deprecation time: Week of November 11 (6 months from the first notification)

PANews News on January 10, according to CoinDesk, NoahArk Tech Group announced that it has received a $2.4 million strategic investment from EOS Network Ventures (ENV). NoahArk Tech Group is the result of a collaboration between EOS Eco-Decentralized Finance Project Defibox.io and Noahark.io, and the group's strategy includes leveraging the strengths of Defibox.io and Noahark.io to drive a wide range of innovation efforts in the Decentralized Finance sector. After the restructuring of Defibox.io and Noahark.io, Defibox.io and Noahark.io will continue to operate independently in terms of product brands under the leadership of NoahArk Tech Group, but will fully share resources in terms of capital, personnel, technology, etc.

EOS Network Ventures (ENV) has invested $2.4 million in NoahArk Tech Group for the Decentralized Finance of secure Decentralization trading, which the team said aims to drive innovation in the EOS Decentralized Finance ecosystem, particularly in Decentralization trading activity, Golden Finance reported. The company plans to work with leading Decentralized Finance teams to develop interoperable liquidity aggregation protocols.

EZ Swap announced that it has successfully completed a second round of $1 million, led by EOS Network Ventures (ENV) with a $500,000 round led by Golden Finance.