According to ChainCatcher, 23pds, the Chief Information Security Officer of Slow Fog Technology, disclosed that a new variant of the information-stealing malware MacSync has emerged, capable of successfully bypassing the macOS Gatekeeper security mechanism, resulting in user assets being stolen. This malware employs various techniques to evade detection, including file expansion, network connection validation, and self-destruct scripts after execution. Attackers can use this software to steal sensitive data from victims, such as iCloud keychains, browser passwords, and Crypto Assets Wallets. Users should remain vigilant, avoid downloading software from unknown sources, promptly update operating system security patches, and take additional measures to protect asset security.

The Chief Information Security Officer of Slow Mist Technology, 23pds, warned on the X platform that a developer of a Polymarket trading bot has hidden malicious code in GitHub, which will steal users' Wallet Private Keys. 23pds reminds everyone to stay vigilant against such risks.

BlockBeats News, December 12 — Slow Mist founder Yu Xian issued a security warning: ZEROBASE frontend was hacked, and some users authorized malicious contracts to USDT, resulting in asset theft. Please users pay attention to asset security.

Odaily News Slow Mist Yu Xian published an article on the X platform stating that the theft of GANA was caused by the leak of the Private Key of the GANA Payment Stake contract Owner. The subsequent attack employed some techniques, such as the use of 7702 deleGate, which also conveniently bypassed the onlyEOA check of unstake. By changing the relevant Rate and Fee, hundreds of stakes were achieved.

Foresight News reports that Slow Mist founder Yu Xian responded to a user whose 112 BNB was stolen today while using the imtoken Wallet to participate in Binance's Per-TGE event. He stated that the hacker address starting with 0x8aeb has already stolen assets from at least 7 users. In most cases, users transferred large amounts of funds, after which the hacker quickly discovered and moved these assets. There are also some special cases where the team speculates that the hacker may have obtained a batch of mnemonic phrases or Private Keys and gradually implemented theft operations.

According to ChainCatcher news and Slow Mist's analysis, the attack on the cross-chain bridges project 402Bridge originated from a Private Key leak, and the possibility of internal personnel involvement cannot be ruled out. The domain 402 bridge.fun was only registered for two days before suspending services, and the stolen funds have not shown any further movement. This is the first publicly disclosed security incident related to the 402 protocol, and Slow Mist states that this incident is not a typical case of collective malicious behavior by the project party.

ChainCatcher news, Slow Mist Yu Xian released a security reminder on social media stating that there is a risk of poisoning AI, and advised users not to blindly trust AI-generated code, especially when dealing with sensitive operations. Yu Xian suggested prioritizing the use of mature and well-known Open Source code, while also being aware of Supply Chain poisoning risks. Another security approach is to compare the open source implementations of well-known wallets (including hardware wallets) to ensure security through extensive observation and comparison.

PANews, October 8th news, DeBot posted on the X platform stating that recently, a user reported their Wallet was stolen, and it has been confirmed that it is not an issue with the Debot platform. After verification by the Slow Mist team and confirmation from the user, it was mentioned that only 2 out of the Wallets imported to DeBot, while the others had never been associated with the platform, thus ruling out any connection between DeBot and this theft.

ChainCatcher message, regarding community users claiming that the FTX fake compensation email mentioned needing to download a tool to generate XPUB, Slow Mist founder Yu Xian responded on the X platform, saying: "This malicious tool appears to be pieced together by AI, with the intent to steal the mnemonic phrase being very, very clear. The malicious Telegram bot is ftxsexxerbot."

ChainCatcher reported that Slow Mist explained the incident of the Pendle Large Investors being stolen, confirming that the protocol was not attacked. The Hacker launched the attack through a contract created by the Large Investors on Morpho Flash Loan, resulting in a loss of over 1.3 million dollars.