Slow Mist: Large-scale coin theft occurred on the Solana public chain.Users are advised to transfer the hot wallet tokens to hardware wallets or well-known exchanges first

[Slow Mist: Large-scale coin theft occurred on the Solana public chain, users are advised to transfer the hot wallet tokens to a hardware wallet or a well-known exchange first] August 3 news, according to information from the Slow Mist District, a large-scale piracy occurred on the Solana public chain In the coin theft incident, a large number of users were transferred SOL and SPL tokens without their knowledge. The SlowMist security team tracked and analyzed this incident:

Known attacker addresses:

The attack is still ongoing. Judging from the characteristics of the transaction, the attacker signed and transferred the account without using the attack contract. The preliminary judgment is that the private key was leaked. Many victims reported that they have used a variety of different wallets, mainly mobile wallets. We speculate that the problem may be in the software supply chain. Before new evidence is discovered, we recommend that users transfer the hot wallet tokens to a relatively safe location such as a hardware wallet or a well-known exchange, and wait for the event analysis results.

Other news:

SlowMist: Be alert to the risk of phishing projects on the Terra chain being maliciously advertised: According to information from the SlowMist District, recently the assets of some users on the Terra chain have been maliciously transferred out. The SlowMist security team found that from April 12th to April 21st, the funds in about 52 addresses were maliciously transferred to terra1fz57nt6t3nnxel6q77wsmxxdesn7rgy0h27x30, and the current total loss is about 4.31 million US dollars.

After slow fog security tracking and analysis, it was confirmed that this attack was a batch of Google keyword advertisements for phishing. When users searched for well-known Terra projects such as astroport, nexus protocol, anchor protocol, etc. on Google, the first item on the Google results page seemed normal. The advertised link (which even shows the same domain name) is actually a phishing site. Once the user accidentally visits this phishing website and clicks to connect to the wallet, the phishing website will remind you to directly enter the mnemonic phrase. Once the user enters and clicks submit, the assets will be stolen by the attacker.

The SlowMist security team recommends that users on the Terra chain remain vigilant and do not click on links from Google searches or click on links from unknown sources, and reduce unnecessary operations using commonly used wallets to avoid unnecessary capital losses. [2022/4/21 14:37:55]

Slow Mist: Be wary of Bitcoin RBF risk: According to BitMEX, an obsolete block appeared in Bitcoin at block height 666833, and a double-spend transaction of 0.00062063 BTC was generated. According to the transaction content-ethexc provided by BitMEX, the values of the nSequence field of the two double-spend transactions are both less than 0xffffffff -1. The SlowMist security team preliminarily believes that this double-spending transaction may be an RBF transaction in Bitcoin. [2021/1/20 16:38:01]

Voice | SlowMist: Beware of "fake recharge" attacks: SlowMist analyzes and warns that if digital currency exchanges, wallets and other platforms are flawed in their judgment of "whether the confirmation of EOS recharge transaction is successful", it may lead to serious "false recharge". Attackers can successfully recharge EOS to these platforms without losing any EOS, and these EOS can be traded normally.

The SlowMist security team has confirmed that the real attack occurred, but it should be noted that this fake recharge attack on EOS is similar to the USDT fake recharge and Ethereum token fake recharge disclosed by the SlowMist security team before, and more responsibilities should belong to the platform . Since this is a new type of attack method and the attack is already taking place, if the relevant platform parties are not fully sure about their recharge verification, they should suspend the EOS deposit and withdrawal as soon as possible, and conduct a self-examination of the account. [2019/3/12]