Security Incidents

The Sillytuna hackers have laundered over $10M in stolen funds, primarily using Bitcoin and DAI, through exchanges and mixers to obscure the origins. Despite these movements, they still hold $19M in stolen assets.

Ragnarshib warns the Shiba Inu community about a hacked account belonging to Vet Kusama, currently used by scammers to send fraudulent messages. Users are advised not to interact with the account or its links until it is recovered.

IoTeX reports that the ioTube cross-chain bridge incident on March 6 resulted in approximately $4.4 million in losses. 99.5% of the stolen assets have been frozen, and the team has committed to fully compensate affected users. The mainnet has resumed operation, and the attacker’s address has been blacklisted. Meanwhile, efforts are underway to promote decentralized governance and security audits.

Taipei District Prosecutors Office is investigating the Cambodia "Prince Group" money laundering case, indicting 62 individuals and 13 companies. The involved amount of money laundering is 10.7 billion, and assets worth 5.5 billion have been seized. The group used USDT and their self-developed "OJBK Wallet" to conduct cross-border money laundering, conceal criminal proceeds, and withdraw cash in multiple countries.

HyperEVM's custodial lending protocol HypurrFi disclosed that previous versions of Aave V3 had a "rounding error" vulnerability, allowing attackers to extract underlying tokens. HypurrFi guarantees the safety of user funds, has paused supply and borrowing operations in affected markets, and is working with relevant parties to address security issues.

Recently, the autonomous AI agent OpenClaw successfully bypassed Cloudflare defenses using the Scrapling library, raising concerns about DeFi security. Although the tool can legally scrape content, the potential risks remind developers to establish multiple layers of defense and avoid over-reliance on traditional protection measures.

Cryptocurrency project Montra Finance has suspended its project after the development team was conscripted by Iran, leading to an 80% plunge in the token's market value. The lack of official information has raised investor doubts, with some believing this is a "exit scam." The incident highlights the impact of geopolitics on the crypto market, and investors should remain cautious of opaque projects.

The Iranian rial has plummeted over 96% in two months, hitting a record low. If a nuclear agreement is reached with the United States, the rial may have room for a rebound, but purchasing options are difficult and risky. Investors should be aware of U.S. sanctions risks and potential impacts of Iran's currency reforms on exchange rates. Many people are exchanging rial through cryptocurrencies, but caution is advised.

A cryptocurrency scam suspect declared dead has regained legal status after being deported back to South Korea, and is compensating victims by selling frozen assets. The incident has sparked discussions on cross-border law enforcement and crypto scam recovery mechanisms. It also highlights the legal complexities and regulatory challenges South Korea faces in digital asset cases.

Solv Protocol's BRO vault was attacked, resulting in the theft of approximately 38 SolvBTC, with a loss of about $2.7 million. Fewer than 10 users were affected, and the platform has promised full compensation and taken technical measures to patch the vulnerability. The incident did not impact the SOLV token price, indicating investor confidence. DeFi protocol security issues still require attention, emphasizing the importance of audits and real-time monitoring.

Google releases a report revealing that the iOS package named Coruna contains 23 vulnerabilities. This tool has evolved from a national surveillance tool into an asset hijacking mechanism targeting iPhone users. Attackers use "watering hole attacks" to lure victims, exploiting zero-click vulnerabilities to infiltrate devices without interaction, extracting digital assets and sensitive information. Experts recommend users update their systems promptly and use hardware wallets to defend against this threat.

PANews March 6 News, SlowMist Technology Chief Information Security Officer 23pds issued a warning to beware of fake imToken Chrome extensions. A fake imToken Chrome extension in the Chrome Web Store can phishing for seed phrases and private keys.

A South Korean fraudster was finally deported after being declared dead seven years ago. The court revoked his missing person declaration, and his frozen assets of approximately $60,000 were used to compensate the victims. This incident exposed numerous flaws in the South Korean judicial system and sparked widespread criticism of digital asset management, prompting the government to undertake comprehensive reforms.

The FBI in the United States arrested John Daghita on Saint Martin Island for allegedly illegally accessing $46 million in cryptocurrency managed by a sheriff's office. The case originated from on-chain detective ZachXBT's tracking, revealing vulnerabilities in government digital asset custody and raising questions about third-party custody security. It has not yet been confirmed whether the stolen assets have been recovered.

PsiQuantum's million-qubit facility in Chicago has officially broken ground. In collaboration with NVIDIA, they plan to build powerful quantum computers. The facility could challenge Bitcoin's encryption technology, sparking discussions on cybersecurity. Threat assessments of quantum computers show that early UTXO wallets are the most vulnerable, and some experts believe that quantum computers will not have a significant impact on Bitcoin within the next ten years. PsiQuantum emphasizes that they have no intention of attacking Bitcoin, but the risks of technological diffusion still need to be monitored.

HyperEVM's HypurrFi posted a message on the X platform that the previous version of Aave V3 3.5 has a "rounding error" vulnerability, which attackers can exploit to extract underlying tokens. Affected markets have suspended related operations, user funds are safe, and the team is working together to resolve the issue.

Solv Protocol announces that its Bitcoin reserve fund has been targeted in a malicious attack, resulting in a loss of approximately $2.7 million. The attacker exploited a double-minting vulnerability in the smart contract to inflate the token supply to 567,000,000 and cash out 38 SolvBTC tokens. Solv commits to fully compensate affected users and has partnered with multiple security firms to investigate and prevent similar incidents from happening again.

Quantum computing company PsiQuantum has launched the construction of a million-qubit quantum computing facility in Chicago, with 500 tons of steel already assembled. The goal is to commercialize quantum computing and support next-generation AI supercomputers. Scientists warn that quantum computing could threaten Bitcoin's cryptographic security.

Solv Protocol announced a vulnerability in its single BRO Vault, affecting fewer than 10 users with a loss of approximately $2.7 million in SolvBTC. Other funds are secure, and preventive measures have been taken. The official team has contacted the hacker and will offer a 10% white-hat bounty in exchange for the return of the funds.