ChainBounty

697 posts

ChainBounty banner
ChainBounty

ChainBounty

@ChainBountyX

ChainBounty is a decentralized platform that helps solve security challenges in the crypto space.

Katılım Kasım 2024
188 Takip Edilen620 Takipçiler
ChainBounty
ChainBounty@ChainBountyX·
Fake “federal” tokens are draining wallets at scale. This is not a new exploit. It’s impersonation, executed with precision. Attackers don’t need complex code. They need believable narratives. Hundreds of wallets affected. Same pattern. Repeated execution. This is not randomness. It’s a system. In Web3, trust is the primary attack surface.
English
0
0
2
30
ChainBounty
ChainBounty@ChainBountyX·
Fraud Prevention Month highlights a simple reality: Crypto scams are not slowing down. Public warnings increase. Attack sophistication increases faster. This is not just about awareness. It’s about attacker adaptation. Scams are not isolated incidents. They operate as repeatable systems. In Web3, pattern recognition defines prevention.
English
0
0
2
45
ChainBounty
ChainBounty@ChainBountyX·
Most crypto hacks don’t start with a cracked wallet. They start with trust — in a UI that looks exactly right, but isn’t. Bybit lost $1.5B this way. Signers approved what they saw on screen. What they saw had been replaced. The signing interface displayed safe transactions while the actual payload drained the multisig. The fix? Moving signing offline. When your screen can lie, you need hardware that can’t. Hardware wallets show transaction details on a separate, isolated screen that malware can’t touch. What you see on the device IS what you sign — no substitution possible. Bybit’s $1.5B lesson: Trust your hardware, not your monitor. Source: D’CENT Wallet 👉 community.chainbounty.io #ChainBounty #Bybit #HardwareWallet
D'CENT Wallet@DCENTWALLETS

Most crypto hacks don't start with a cracked wallet.🤔 They start with trust — in a UI that looks exactly right, but isn't. Bybit lost $1.5B this way. Signers approved what they saw. What they saw had been replaced. The fix isn't more complicated software. It's moving verification off the screen that can be tampered with.

English
0
0
3
126
ChainBounty
ChainBounty@ChainBountyX·
80 million unbacked tokens minted. USR crashed to $0.14. But Resolv says "no assets lost"? Here's the paradox: Attacker exploited a minting vulnerability to create 80M unbacked USR tokens on Sunday, driving the stablecoin from $1.00 to $0.14. Yet Resolv Labs claims its collateral pool remains intact. Translation: The exploit didn't drain the backing — it inflated the supply. It's like printing counterfeit bills without robbing the vault. USR holders got diluted into worthlessness, but technically the vault still has the same amount. So who lost? Anyone holding USR when it crashed. Anyone who sold at $0.14. Anyone with USR collateral on lending platforms that got liquidated during the depeg. Resolv's statement is technically correct and completely misleading. "No assets lost" means nothing when your stablecoin lost 86% of its value. If you hold stablecoins: → Check if your stablecoin has minting access controls (who can mint new tokens?) → Monitor circulating supply vs collateral ratio in real-time → Exit immediately if supply spikes without corresponding collateral increase → Diversify across multiple stablecoins — never go all-in on one USR is now a case study in why "algorithmic" or "yield-bearing" stablecoins need bulletproof minting controls. One exploit = total loss of peg trust. Source: cointelegraph.com/news/resolv-sa… 👉 community.chainbounty.io #ChainBounty #USR #StablecoinDepeg
English
0
0
2
62
ChainBounty
ChainBounty@ChainBountyX·
Hong Kong retiree lost ₹7 crore ($840K) to fake crypto “experts” in a multi-layer fraud scheme. Scammers posed as investment advisors, built trust over weeks, then guided the victim through multiple platforms before draining funds. Classic pig butchering: relationship first, investment later, exit with everything. The layers matter. Victim didn’t send money to one address and lose it. They were moved through multiple “verification steps,” fake trading platforms, and withdrawal delays. By the time red flags appeared, the money was already gone and mixed. This wasn’t crypto’s fault. This was social engineering with crypto rails. The same scam works with wire transfers, gold, real estate — crypto just makes the exit faster and harder to trace. If someone promises guaranteed returns: → It’s a scam. No exceptions. → Real advisors never ask you to send crypto directly → Legitimate platforms don’t require “verification deposits” → Pressure to act fast = exit signal Retirees are prime targets — high savings, low tech literacy, trust-based decision making. If you have family members exploring crypto, warn them: no one legitimate will rush you or promise guaranteed profits. Source: news.google.com/rss/articles/C… 👉 community.chainbounty.io #ChainBounty #PigButchering #CryptoScam
English
0
0
2
59
ChainBounty
ChainBounty@ChainBountyX·
Google finds it. Attackers already deployed it. Google Threat Intel flagged "Ghostblade" — one of six tools in the "DarkSword" malware suite targeting crypto private keys and user data. By the time Google published the report, Ghostblade was already in the wild. DarkSword isn't amateur hour. It's a toolkit: six specialized modules designed to extract seeds, session tokens, and wallet credentials across multiple platforms. Ghostblade handles the crypto layer. Detection isn't prevention. If Google just discovered this, how many wallets got drained before the warning? Protect yourself: → Run full system scans with updated antivirus (Malwarebytes, Bitdefender) → Check for suspicious processes targeting crypto wallet directories → Move funds from hot wallets to hardware wallets immediately if you suspect infection → Never download "trading bots" or "wallet managers" from unverified sources Source: cointelegraph.com/news/google-gh… 👉 community.chainbounty.io #ChainBounty #Ghostblade #Malware
English
0
0
2
58
ChainBounty
ChainBounty@ChainBountyX·
“Sign message” — the most dangerous approval that doesn’t look like one. That’s permit signing. Off-chain signature granting unlimited token spending rights. Projects love it: fewer steps, lower gas, better UX. Faster swaps, one-click deposits. Perfect for scammers too. They disguise permits as “wallet verification” or “login confirmation.” You sign it, forget about it, then weeks later your wallet’s empty. Most wallet apps show the signature with zero context or warning. Here’s the problem: permit signatures live forever until revoked. Unlike normal approvals you can track on-chain, these are invisible time bombs. You signed it in February, it drains you in April. Hardware wallets with permit review features let you see exactly what you’re approving — or block permit signing entirely. Software wallets? Most just show you a signature field and hope you know what you’re doing. Before signing anything: → Does it say “permit” or “sign message”? Read every word → Check what contract you’re giving permissions to → Never sign “verification” requests from unexpected sources → Use wallets that explain what each signature actually does Convenience has a price. In crypto, it’s usually your funds. 👉 community.chainbounty.io #ChainBounty #PermitSigning #WalletSecurity
English
0
0
1
34
ChainBounty
ChainBounty@ChainBountyX·
Venus Protocol exploited for ~$3.7M through supply cap bypass — a known Compound V2 flaw previously flagged in their own Code4rena audit but left unpatched.
Hacken🇺🇦@hackenclub

🚨 @VenusProtocol on BSC was exploited for ~$3.7M on March 15. Root cause: supply cap bypass via direct ERC-20 transfers to a vToken contract, a known Compound V2 design flaw previously flagged in Venus’s own Code4rena audit. Example tx: bscscan.com/tx/0x5aede60c7… ~50 exploit transactions in total. 🧵

English
0
0
1
71
ChainBounty
ChainBounty@ChainBountyX·
Attacker manipulated $THE price and exploited Venus Protocol, leaving $2.18M in bad debt after cascading liquidations. What happened: Attacker received 7,400 ETH from Tornado Cash, deposited into Aave as collateral, and borrowed ~$9.92M in stablecoins. Then bought $THE and pumped the price on CEXs while opening large long positions. Deposited 36.1M $THE into Venus as collateral at inflated price, borrowed $5.07M in assets (BNB, CAKE, BTC). Finally dumped $THE on CEX, likely opening short positions beforehand. When $THE crashed, shorts profited while cascading liquidations hit Venus, leaving $2.18M bad debt (1.18M CAKE + 1.84M THE). ChainBounty analysis: Classic oracle manipulation attack exploiting the time lag between CEX price movements and Venus oracle updates. The real profit came from CEX long/short positions opened before pump/dump — the $2.18M on-chain bad debt is just collateral damage. Venus earned liquidation fees that offset losses, but this reveals systemic DeFi risk: oracle and liquidity assumptions break under manipulation. Real-time risk limits that throttle borrowing during sharp price movements could prevent such exploits. DeFi protocols using CEX-based oracles: ✅ Implement circuit breakers for volatile price spikes (>20%/hour) ✅ Apply borrow caps on low-liquidity assets ✅ Use TWAP instead of spot prices ✅ Monitor for pump-and-dump patterns across DEX/CEX Source: x.com/lookonchain 👉 community.chainbounty.io #ChainBounty #VenusProtocol
English
0
0
2
51
ChainBounty
ChainBounty@ChainBountyX·
🚨 Crypto can fight money laundering without stifling financial freedom Blockchain's transparency traces illicit flows better than fiat systems. Industry-wide information sharing and unified AML rules close gaps, without curbing liberty. What happened: • Blockchain's transparency traces illicit flows better than fiat systems. Industry-wide... • From a ChainBounty view, this matters because it can reveal attacker methods, weak cont... ChainBounty view: This case is worth tracking for attacker behavior, wallet movement, and repeat victim patterns. Protection measures: ✅ Verify the source before signing or sending funds ✅ Check wallet approvals and destination addresses ✅ Bring suspicious patterns to the ChainBounty community Source: cointelegraph.com/news/crypto-ca… Join the discussion on ChainBounty Community: community.chainbounty.io ChainBounty #ChainBounty #CryptoSecurity #Web3Security
English
0
0
1
21
ChainBounty
ChainBounty@ChainBountyX·
⚠️ Judge Rejects RICO Claims in Lawsuit Over Pastor-Led Crypto Ponzi Scheme Eddy Alexandre, who pleaded guilty to commodities fraud in 2023, is currently serving out a nine-year prison sentence What happened: • Eddy Alexandre, who pleaded guilty to commodities fraud in 2023, is currently serving o... • From a ChainBounty view, pyramid and investment scam cases show how social engineering,... ChainBounty view: This scam pattern is worth tracking for false return narratives, recruiter funnels, and the offchain social layer that drives victims onchain. Protection measures: ✅ Treat guaranteed returns and referral pressure as red flags ✅ Verify treasury, product, and revenue claims before funding ✅ Bring wallet clusters and recruiter trails to the ChainBounty community Source: decrypt.co/361084/judge-r… Join the discussion on ChainBounty Community: community.chainbounty.io ChainBounty #ChainBounty #CryptoSecurity #Web3Security
English
0
0
1
32
ChainBounty
ChainBounty@ChainBountyX·
🔍 DOJ Seeks Forfeiture of $3.4M in USDT Tied to Ethereum Investment Scam Federal prosecutors in Massachusetts have moved to forfeit 3.44 million USDT linked to an alleged text-based crypto investment fraud. What happened: • Federal prosecutors in Massachusetts have moved to forfeit 3.44 million USDT linked to... • From a ChainBounty view, seizure and sanction stories reveal where laundering routes, e... ChainBounty view: This case is worth tracking for laundering pressure points, exchange compliance gaps, and where legal intervention is now reaching onchain crime. Protection measures: ✅ Monitor sanctioned wallets and suspicious routing paths ✅ Review exchange controls around freeze and reporting flows ✅ Discuss laundering patterns with the ChainBounty community Source: decrypt.co/360650/doj-see… Join the discussion on ChainBounty Community: community.chainbounty.io ChainBounty #ChainBounty #CryptoSecurity #Web3Security
English
0
0
1
31
ChainBounty
ChainBounty@ChainBountyX·
Address poisoning is getting way out of hand 😵 One user got 89 spam alerts after just 2 transfers… all because fees dropped post-Fusaka and scammers went industrial. Always triple-check addresses before sending. No undo in crypto. Etherscan thread worth reading 👇
etherscan.eth@etherscan

x.com/i/article/2031…

English
0
0
1
58
ChainBounty
ChainBounty@ChainBountyX·
This is a supply chain attack — hackers weaponized the auto-update system of a trusted extension. No phishing needed when malware delivers itself directly to victims’ browsers. The extension was sold to attackers who then pushed malicious updates automatically.
Keystone Hardware Wallet@KeystoneWallet

🚨 URGENT: 7,000+ users just got hacked through a once "harmless" browser extension The QuickLens Chrome extension (formerly Google Lens) was SOLD to hackers who injected malware in v5.8 and auto-pushed it to victims. What they stole: - Login credentials - Session tokens - Crypto wallet seed phrases - Deployed fake Google updates to install backdoors This is a supply chain attack. Hackers bought a legitimate extension and weaponized the auto-update system. No phishing needed when malware delivers itself. 🛡️ PROTECT YOURSELF NOW: ✅ Audit your extensions TODAY (Chrome → More Tools → Extensions) ✅ Remove anything you installed >6 months ago and don't actively use ✅ NEVER paste commands into the terminal without understanding them ✅ Move serious funds to hardware wallets, like Keystone. ✅ Use separate browsers for crypto vs. casual browsing The extension marketplace is the new attack vector. Your browser is a weapon pointed at your wallet. RT to save someone's crypto 🔁

English
0
0
2
53
ChainBounty retweetledi
TenArmorAlert
TenArmorAlert@TenArmorAlert·
🚨TenArmor Security Alert🚨 Another two hacks! Our system has detected a suspicious attack involving #WUKONG Staking on #BSC, resulting in an approximately loss of $37.7K. The staking contract has a classical reentrancy vulnerability. Attack transaction: bscscan.com/tx/0x79467533d… The attacker's another hack tx, 18k loss: bscscan.com/tx/0x97e2b8755… With TenArmor’s TenMonitor, you get early detection and automated response to on-chain attacks. Need protection? Reach out anytime! #TenArmorAlert #TenArmor
TenArmorAlert tweet mediaTenArmorAlert tweet media
English
2
6
16
3.1K
ChainBounty
ChainBounty@ChainBountyX·
🔍 DOJ Seeks Forfeiture of $3.4M in USDT Tied to Ethereum Investment Scam Federal prosecutors in Massachusetts have moved to forfeit 3.44 million USDT linked to an alleged text-based crypto investment fraud. What happened: • Federal prosecutors in Massachusetts have moved to forfeit 3.44 million USDT linked to... • From a ChainBounty view, seizure and sanction stories reveal where laundering routes, e... ChainBounty view: This case is worth tracking for laundering pressure points, exchange compliance gaps, and where legal intervention is now reaching onchain crime. Protection measures: ✅ Monitor sanctioned wallets and suspicious routing paths ✅ Review exchange controls around freeze and reporting flows ✅ Discuss laundering patterns with the ChainBounty community Source: decrypt.co/360650/doj-see… Join the discussion on ChainBounty Community: community.chainbounty.io ChainBounty #ChainBounty #CryptoSecurity #Web3Security
English
0
0
2
39

Keşfet

@elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA @nikifrancismediavine @katyperry