Forwarded from infinityhedge
*HACKERS HIJACK NPM PACKAGES IN WHAT IS BEING CALLED THE LARGEST SUPPLY CHAIN ATTACK IN HISTORY
*IF YOU USE A HARDWARE WALLET, PAY ATTENTION TO EVERY TRANSACTION BEFORE SIGNING
*IF YOU DON'T USE A HARDWARE WALLET, REFRAIN FROM MAKING ANY ON-CHAIN TRANSACTIONS FOR NOW: LEDGER CTO
<@INFINITYHEDGE> ⚠️
*The malicious code only impacts individuals accessing the compromised applications over the web, monitoring for cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. This causes the transaction to be hijacked by the attackers rather than being sent to the intended address.
*The malware operates by injecting itself into the web browser, monitoring Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash wallet addresses or transfers. On network responses with crypto transactions, it replaces the destinations with attacker-controlled addresses and hijacks transactions before they're signed.
*What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users' apps believe they are signing: bleepingcomputer ⚠️
*IF YOU USE A HARDWARE WALLET, PAY ATTENTION TO EVERY TRANSACTION BEFORE SIGNING
*IF YOU DON'T USE A HARDWARE WALLET, REFRAIN FROM MAKING ANY ON-CHAIN TRANSACTIONS FOR NOW: LEDGER CTO
<@INFINITYHEDGE> ⚠️
*The malicious code only impacts individuals accessing the compromised applications over the web, monitoring for cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. This causes the transaction to be hijacked by the attackers rather than being sent to the intended address.
*The malware operates by injecting itself into the web browser, monitoring Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash wallet addresses or transfers. On network responses with crypto transactions, it replaces the destinations with attacker-controlled addresses and hijacks transactions before they're signed.
*What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users' apps believe they are signing: bleepingcomputer ⚠️
😁1
Forwarded from Investigations by ZachXBT
SwissBorg experienced an incident a few hours ago and 192.6K SOL ($41.5M) was stolen on Solana
Theft address
Theft address
TYFWG3hvvxWMs2KXEk8cDuJCsXEyKs65eeqpD9P4mK1😁1
myx is a scam crime pump, so that comp is not really valid, but the other points are interesting
personally like lighter so far because i have saved so much on fees (= more profits) and i've just been using it organically as mentioned since q2
real hopium here that i'll be getting a good airdrop for being profitable and early on lighter
https://vxtwitter.com/satoshiheist/status/1965116139698044965?s=46&t=US8hdKu5FCAqApEd0gFyVQ
personally like lighter so far because i have saved so much on fees (= more profits) and i've just been using it organically as mentioned since q2
real hopium here that i'll be getting a good airdrop for being profitable and early on lighter
https://vxtwitter.com/satoshiheist/status/1965116139698044965?s=46&t=US8hdKu5FCAqApEd0gFyVQ
vxTwitter / fixvx • See original tweet for full article
💖 253 🔁 46
💖 253 🔁 46
Professor Satoshi.🕯️ (@satoshiheist)
Yes, Lighter Points Can Be Over $100 Each
This analysis aims to be brief and as accurate as my TVL forecast model:
Crypto markets are highly speculative in nature and this model involves assumptions, estimations, and other variables. This…
This analysis aims to be brief and as accurate as my TVL forecast model:
Crypto markets are highly speculative in nature and this model involves assumptions, estimations, and other variables. This…
Crypto Mumbles
myx is a scam crime pump, so that comp is not really valid, but the other points are interesting personally like lighter so far because i have saved so much on fees (= more profits) and i've just been using it organically as mentioned since q2 real hopium…
mandatory inv link shill: https://app.lighter.xyz/trade/ETH?referral=G6SRWCAHUYA2
(probably much harder to farm points now tho)
(probably much harder to farm points now tho)
😁1
Forwarded from DefiLlama Official Round Up
0xngmi NPM account compromise PSA: https://x.com/0xngmi/status/1965125988016087050
X (formerly Twitter)
0xngmi is hiring (@0xngmi) on X
Explanation of the current npm hack
In any website that uses this hacked dependency, it gives a chance to the hacker to inject malicious code, so for example when you click a "swap" button on a website, the code might replace the tx sent to your wallet with…
In any website that uses this hacked dependency, it gives a chance to the hacker to inject malicious code, so for example when you click a "swap" button on a website, the code might replace the tx sent to your wallet with…
😁1
New Listings Feed
$USDe listed on Binance spot
i think all the conditions for fee switch have been met
iirc
iirc
🔥1
amazing to see everything that is going on w hyperliquid rn
down with cex crimes
the future is hyperliquid
down with cex crimes
the future is hyperliquid
👍2
Forwarded from The Kobeissi Letter
Tomorrow is the big day:
At 10:00 AM ET, the US will be releasing its preliminary revision for jobs data in the 12 months ending March 2025.
Estimates range from -450,000 to -950,000 jobs set to be revised OUT of already reported data.
We will be breaking it down real-time.
(@TheKobeissiLetter)
At 10:00 AM ET, the US will be releasing its preliminary revision for jobs data in the 12 months ending March 2025.
Estimates range from -450,000 to -950,000 jobs set to be revised OUT of already reported data.
We will be breaking it down real-time.
(@TheKobeissiLetter)
🔥1