🚨 Kaspersky alerts of a new SparkKitty stealer spreading through App Store and Google Play.

Trojan steals sensitive data such as seed phrases from user screenshots.

▶️ Read an article: Your cat pics are at risk: the threat posed by the new SparkKitty Trojan

🛡 Stay cautious, avoid screenshotting your private data

🔒 Crypto security news: Akamai released two new techniques to identify and shut down cryptominer botnets:

▶️ Read the article: Cryptominers’ Anatomy: Shutting Down Mining Botnets

⚙️These techniques aim to effectively halt malicious cryptominer campaigns without disrupting the legitimate pool operation

💻 Have you ever wondered how machines store multi-byte data? This mini article is about Little-endian and Big-endian, two ways to organize bytes. Endianness is a crucial topic in blockchain, crypto, and Web3 security & development. Let's break it down.

➡️ In the big-endian the ‘big’ end (most significant byte or MSB) comes first. For example, the number 0x1234 will be stored 'as is', 12 34. Big-endian is commonly used in network protocols, for example in TCP/IP.

⬅️ In the little endian the ‘little’ end (least significant byte or LSB) comes first. So, 0x1234 will be stored in memory as 34 12. Little-endian is used in modern processor architectures.

So, big-endian vs. little-endian example:
Take the number 0xDEADBEEF:

- Big-endian: DE AD BE EF
- Little-endian: EF BE AD DE

Why care in blockchain & crypto? We use different machines and protocols to store and transfer the data. The order of bytes affects how data is hashed, signed or transmitted. To create a solid and secure blockchain ecosystem, it is important to take care of endianness.

💡 Fun fact: endianness comes from Gulliver's Travels, where factions fought over which end to break the egg from. In 2025, this is still a hot topic for developers building secure Web3 applications.

Be mindful of the endianness and double-check protocol specifications to ensure a consistent data flow across your Web3 system 🚀

⚠️ Phishing in crypto seems to be on the rise. Trezor has recently warned about the exploitation of their support form.

Read the article about the incident: Trezor Issues ‘Urgent Alert’ After Support-Form Exploit Sends Phishing Emails – What Users Must Know

🟢 Do not share your private data with anyone, not even 'legitimate support'

💻❔ What do CoinMarketCap, Cointelegraph, Trezor, Bybit and many other crypto projects have in common?

Supply chain attacks due to lack of frontend security.

It is time to speak up and take frontend security seriously in the blockchain / Web3 industry👇

▶️ Read the article on Medium: Frontend / supply chain attacks in crypto and what to do about it

Stay tuned for more updates from SmartState ☺️, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

🛡️ Google has released security updates to address the CVE-2025-6554 Type Confusion high severity vulnerability in the Chrome browser 👇

Read an article: Google fixes fourth actively exploited Chrome zero-day of 2025

Time to update your Chrome 🌐

👾 Crypto Security Bingo is here!

Avoid these popular traps like lack of proper checks, clicking phishing links, saving seeds in screenshots.

Play, learn, & stay safe 🛡

📡 Ever wondered how validators can manipulate blockchain transactions for additional profit?

Our latest article dives into MEV attacks, their impact on DeFi, and solutions to ensure integrity in Web3 👇

▶️ Read the article on Medium: Understanding MEV attacks

Stay tuned for more updates from SmartState 💚, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

🪙💻 Building on Solana? Deciding between Anchor and native Rust for your programs? Let’s break it down! Anchor simplifies dev with macros & tools, while native Rust offers max control. Here’s a quick guide to help you choose:

What’s Anchor? It’s a Rust framework for Solana that cuts boilerplate & boosts productivity. Offers declarative syntax, auto account validation, TypeScript bindings, and more. Perfect for DeFi, NFT, or quick prototyping.

Native Rust gives you full control over Solana programs. You handle accounts, serialization & CPI manually. Ideal for custom logic or performance-critical apps, but needs deep Solana knowledge.

Anchor’s edge:

🔸 Less code with macros
🔸 Built-in basic security checks
🔸 Testing framework & TS support

Downside? Less flexibility for niche use cases.

Native Rust’s strengths:

🔸 Ultimate flexibility
🔸 Fine-tuned performance

But, you’ll write more code & handle security yourself. Risky if you miss a check. Best for low-level protocols.

When to use Anchor?

- New to Solana
- Building DeFi / NFT
- Want fast dev & safety

When to use native Rust?

- Need custom logic
- Performance is critical
- You’re a Solana pro or interested in becoming one 😎

In sum:

✅Anchor’s ecosystem, tools & simplicity make it the go-to for most Solana devs

✅Native Rust is for those who need total control (and can handle it).

Want to dive deeper?

▶️ Check Anchor docs: https://anchor-lang.com

▶️ or Solana docs: https://docs.solana.com

❗️ Bitcoin Depot reports data breach exposing personal data of nearly 27,000 crypto users

▶️ Read an article: Bitcoin Depot discloses data breach that doxed 27K customers

The breach compromised names, phone numbers, and driver’s license numbers, and may have also exposed addresses, birth dates, and emails

⚠️ Supply chain attack flagged in ETHcode, an Ethereum IDE VS Code extension.

▶️ Read an article: Malicious pull request infects VS Code extension

Stay vigilant & update extensions manually 🛡

🔐 Random smart contract security fact: pseudo-randomness is a quite common security issue in blockchain development.

Know more about pseudo-randomness and entropy illusion vulnerability in our recent article 👇

▶️ Read on Medium: What is entropy illusion vulnerability?

Stay tuned for more updates from SmartState ☺️ , follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

❗️ Wiz Research has detected an active malicious cryptomining campaign targeting both Linux and Windows systems:

▶️ Read the article - Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload

Wiz links their recent findings to a broader crypto-scam infrastructure.
Stay cautious, stay safu 🛡

🔐 Access control vulnerabilities are among the top causes of smart contract hacks in DeFi. Let’s take a quick look at what improper access control attacks are & how to mitigate them 👇

Access control is how a smart contract defines and restricts who can call critical functions (e.g. withdrawing funds or updating settings).

Hackers seek and exploit access control vulnerabilities to gain unauthorized access to critical functions and data within the contract and abuse the contract processes.

🔽 Common improper access control cases:

- No access modifiers: functions left public when they should be private / restricted
- Weak role management: admins / minters are not properly verified
- Initializer exploits: unprotected initialization functions that anyone can call post-deployment

✅ Prevention:

- Ensure initialization functions can only be called once and only by authorized entities
- Use access control patterns like Ownable or RBAC to manage permissions
- Use modifiers like onlyOwner or custom roles to sensitive functions
- Test and audit your code 🔍

❗️ Important: If you vibe code smart contracts for your crypto project using AI, keep in mind that LLMs cannot handle this part for you as there is no one-size-fits-all approach to implementing access control, and there are too many varied examples over the net.

👍 And several useful pro tips for access control design:

- Proper design = fewer sleepless nights for devs & users
- Consider every function as a potential entry point
- Explicitly define access rules for all sensitive operations
- And never trust user input without validation 🛡

❗️ Efimer Trojan targets cryptocurrency users: Kaspersky has recently detected a new crypto stealer malware

▶️ Read the article: Efimer Trojan using hacked websites to steal cryptocurrency

Stay sharp, stay safu 🔓

💻 Do you know how price oracle manipulation vulnerability can compromise the integrity of your entire DeFi project?

Our latest security article breaks down this critical issue and provides actionable tips for prevention 👇

▶️ Read on Medium: Price oracle manipulation vulnerability in smart contracts

Stay tuned for more updates from SmartState ☺️ , follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

⚠️ Massive supply chain attack reported. Hackers hijacked npm packages with ~2.6B weekly downloads. Injected malware intercepts crypto / Web3 browser activity, manipulates wallets & rewrites payment destinations.

▶️ Read an article: Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

Stay vigilant, stay SAFU 🔓

💳 In a few days, SWIFT has planned a global shift to the ISO 20022, which aims to change the TradFi. What is this standard, how does it relate to the blockchain industry, and what twists might it bring? Learn more in our recent article:

▶️ Read on Medium: A SWIFT shift: what is ISO 20022 and how is it related to the blockchain industry?

Stay tuned for more updates from SmartState ☺️, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium