Infantmen

@Secuaudit Hardly ever gets this easy nowadays lol.😂

One of the easiest reports I’ve ever submitted in my life. After finding an RCE, the triager uploaded a webshell to reproduce my report. Once the initial report was validated and rewarded, I waited about a month and noticed they had forgotten to remove their own webshell. I then submitted a second report just to remind them… which was also validated and rewarded with €300 😅 #BugBounty #AppSec #CyberSecurity #Hacking

💀

This guy from India stole $20 MILLION in crypto just by buying a website Chirag Tomar was a 31 year old in India who registered CoinbasePro Com and built a clone of the real Coinbase Pro login page that matched the original pixel for pixel He pushed the fake site to the top of Google search results through SEO manipulation, so anyone searching "Coinbase Pro" landed on his page first Victims who clicked through typed their email and password, hit the two factor button and watched a fake loading screen While the fake screen was up, his crew logged into the real Coinbase site with the credentials and the live code and emptied the wallet in seconds Sometimes a victim would call "support" through a number on the spoofed page and one of his crew would walk them through entering even more security codes The scheme ran for two and a half years and hit 542 users worldwide Tomar kept a detailed spreadsheet of every victim and exactly how much he stole from each one He spent the money on Audemars Piguet watches, multiple Lamborghinis and Porsches plus trips to Dubai and Thailand The trips ended in December 2023 when he flew into Atlanta on vacation and the Secret Service was waiting at the gate They caught him because he used the same email for his crew and his US tourist visa application His Google search history at the time included "fake coinbase page" and "how to take money from coinbase without OTP" He pleaded guilty and got 60 months in federal prison plus two years of supervised release India's enforcement directorate later seized over $7 million across 27 properties in Delhi held in his name and his family's The same guy smart enough to manipulate Google's algorithm for two and a half years was dumb enough to Google "how to take money from coinbase without OTP" from the same browser he used to apply for his US visa

1/ Meet Dritan Kapllani Jr, a US based threat actor tied to $19M from social engineering thefts targeting crypto holders. Dritan flexes luxury cars, watches, private jets, & clubs all over social media. Recently he was recorded on a call showing off a wallet with stolen funds.

alpha

.@dexscreener is a pretty scammy business. basically when you launch a new coin you have to pay them $300 to get an image, and links on your coin's page. your first response is well -- i just wont pay them. but you have to because anyone can pay the $300 and upload anything and the process of reclaiming the page is tedious and annoying. what often happens is scammers will pay dexscreener for popular coins and point the website to a phising website that drains your wallet. theres a lot of ways to fix this but dexscreener does nothing because they keep getting paid.

It is happening! Week 4 is finally live. Join the Super League of Solana hackers, find vulnerabilities in the FrankSol protocol built with Anchor V2, and earn real money. 1st place: $500 2nd place: $300 3rd place: $200 Like and repost as a sign of participation — let's go!

6 months ago KuCoin admitted fault for my $300K liquidation. Here's what happened since. I took a Google Meet with their Head of Futures. I went to an in person meeting at Tribes in Dubai Mall with their Global Business Director. I sent 10+ proposals. I gave them every possible way to make this right. On the call they took full responsibility. They admitted the liquidation was caused by broken infrastructure. Their platform failed and they said so themselves. But here's the part that's hard to believe. Their Head of Futures couldn't understand basic futures mechanics. I had to explain how margin, liquidation and order book depth works to the person running the futures division at a top 10 exchange. The person responsible for resolving my case didn't understand the product that caused it. Their first offer: bring us $2.5 billion in trading volume and you can "earn it back." I did the math for them live in the chat. $10,000 per 100M volume. That's 0.01% return. To recover $250K I would need to generate the monthly volume of a top 50 institutional desk. For free. I said no. Their second offer was worse. $20K upfront, but only if I hit 1,000 active users and $300M in volume first. Then a $30K "cashback" that requires KuCoin's manual approval. I said no again. Their third offer was even worse than the second. $10K/month. Halved the numbers from the deal they already couldn't close. After an in person meeting. After a Google Meet. After weeks of negotiations. Every single offer came with the same condition: delete the tweets, stop talking, and come work for us as a KOL. Promote the exchange that wrongfully liquidated me. Bring them users. Make them money. Then maybe they'd consider giving back what they took. I told them in the chat: "It's like someone steal from me $250K and then tells me come work for me and you'll make it back (maybe)." Their response? "Let me think about it." Then silence. Weeks of silence. I had to chase them for every single reply. Christmas came and went and I gave them a final deadline January 6th. They came back with yet another lowball. KuCoin had their Head of Futures, their Global Business Director, and multiple senior reps in this group chat. They all saw every message. They all went quiet when it mattered. Today I'm releasing the full 30 minute Google Meet recording and the complete Telegram history. Every message. Every offer. Every time they went silent. You'll hear them admit fault and then watch them do nothing about it. They had 6 months to make this right. They chose silence. Video drops today.

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?

BREAKING: Tether tumbles to $0.9980, its weakest peg in over 5 years. Some analysts warn a full untethering could hit soon, which could cripple the crypto market, as 87%+ of trading volume flows through USDT.

🚨 NEW: A trader gave Clawdbot full control with 25 strategies, 12 algos and 3,000+ reports, and it still wiped the entire portfolio.

🚨 BREAKING TRUMP INSIDER WITH 100% WIN RATE JUST GOT FULLY LIQUIDATED ON HIS LONGS!! AFTER 19 SUCCESSFUL TRADES AND $145 MILLION IN PROFIT, HE WENT ALL-IN AND LOST $190 MILLION IN 3 DAYS. CRYPTO IS A WILD SPACE 🤯

SON OF CEO AT US MARSHALS CRYPTO CUSTODY FIRM ALLEGEDLY STEALS MILLIONS IN BTC FROM US GOVERNMENT A young hacker was baited into showing off his wallets during a “band for band” argument on Telegram that was recorded in full. Those wallets are now linked to over $40M in seized crypto stolen from the US government. According to a detailed investigation by @zachxbt, the individual, known online as “John (Lick),” was caught screen sharing wallets tied to more than $90M in suspected thefts, including funds traced back to US government seizure addresses connected to the Bitfinex hack. On the recordings, John is seen controlling multiple addresses as millions in ETH and TRX are actively moved in real time, leaving little doubt over ownership. Blockchain tracing shows the funds flowing from a US government seizure wallet into intermediary addresses and ultimately into wallets John openly bragged about on Telegram. What's crazy is that John’s father reportedly owns CMDSS, a company with an active US government contract assisting the US Marshals Service in managing and liquidating seized crypto assets. How access was obtained remains unclear. Shortly after the findings were published, CMDSS scrubbed its X account, website, and LinkedIn. John also began rapidly changing usernames and removing NFT handles from Telegram. Despite this, he continued trolling and even sent ZachXBT a small amount of ETH from one of the flagged wallets. Zach says he will return those funds to a US government seizure address. This story is still developing, but the combination of leaked recordings, on-chain evidence, and government contractor ties makes this one of the most explosive crypto investigations in years. And it’s only January.

Massive rug pull in crypto — $TROVE just got exposed hard. Devs ran an ICO on Hyperliquid, smashed past their $2.5M target and raised over $11M. Then, without warning, they launched the token on Solana instead and kept all the funds — no refunds, nothing. Token went live and immediately dumped 95% in minutes. FDV crashed from $20M to under $1M. Classic exit liquidity scam. Worse: a bunch of big KOLs were paid to shill it without disclosure. @waleswoosh alone pocketed $8K for pumping it. ZachXBT dug up receipts showing ICO money funneled straight to casinos and Polymarket bets. This is why presales are dangerous as hell. Always demand transparency on paid promotions. Undisclosed shilling can cost the community millions. Stay safe out there, degens. Do your own research and never trust anonymous influencers blindly.

Silver is manipulated. Crypto is manipulated. The dollar is manipulated. WTF are we supposed to buy???

this math is crazy what a scam

🚨 Security Alert It appears that the @TrustWallet browser extension may have been compromised via a supply-chain attack in the Dec 24 update. Reports indicate that importing a seed phrase into the extension can result in immediate wallet draining. ⚠️ Do NOT use the Trust Wallet extension for now, and never import seed phrase until an official clarification and fix are released. ❗ As of now, there has been no official communication from the Trust Wallet team regarding this incident. Exploiters are using multiple addresses and More than $2,000,000 appears to have been drained

JUST IN: 🇺🇸 S&P 500 closes above 6,909 for the first time in history.

JUST IN: Silver reaches new all-time high of $70

Solana’s chart looks like a rug 😭