Liftan kanni🟣

OG Holder Treasury – $400 Rewards To celebrate the CVMech ecosystem and reward our most dedicated supporters, we are launching the OG Holder Treasury. This campaign is designed to recognize real supporters who hold, stake, and actively create content around CVPad and CVMech. Reward Pool: $400 ⏳ Event Duration: 4 March – 20 March 🎯 How to Earn Points ✅ Hold 20,000 CVAI = 5 Points ✅ Hold 1 CVMech NFT = 1 Point ✅ Create CVPad Content (Yapping) with #OGCVPAD Quality content about CVPad or CVMech = 1 Point (Max 5 Points) 🏆 Prize Breakdown 1st Place: $100 2nd Place: $50 3rd Place: $25 Top 15: $15 each 📸 Snapshot: 20 March, 1 PM UTC Start accumulating points and climb the OG Leaderboard. The real supporters always show up early. ➡️Like + Rt + Show your txn/wallet of holding CVAI in the comment for the eligible!

🚀 AlphaMind Exclusive: @Phron_ai IDO Campaign 🚀 💰 $3,500 reward pool in $ZPHR tokens 🎁 🔗 Token Sale: app.alphamind.co/ido/68b5aeb8c7… 📝 Quest: app.alphamind.co/build_karma 🔥 What is Phron.AI? 👉 No-code AI platform for Web3 apps 👉 Live product deployed on 39+ EVM chains 👉 Build smart contracts, dApps & even AI-native blockchains without coding 🟣 Why join this round? ⚡️ Early access at just $2M FDV ⚡️ No VC allocations → community-first ⚡️ Only 5% initial float ⚡️ Team from Binance, Hacken & Dubai Blockchain Center ⚠️ To be eligible for rewards, you must complete all campaign quests ✅

This time, several old system JS packages were attacked – debug (357M installations per week) and chalk (299M installations per week), along with a bunch of others, through a Git hack of one of the previous maintainers. You can read the full report here (#issuecomment-3266868187" target="_blank" rel="nofollow noopener">github.com/debug-js/debug… ) from the owner of the hacked account. In short, the hack involved 2FA access to NPM through email. How could this affect you? With a regular wallet connection, nothing will happen without your knowledge. The script is injected into any page containing JS code and checks for the presence of Ethereum wallets (using the window.ethereum check). Then, when attempting to send any transaction through the wallet, it simply replaces the recipient's address. Literally any website that updated its dependencies and installed the hacked version in the last couple of hours could be vulnerable. As of now, the version with the bug has already been removed from NPM. It seems that for the next couple of days, it's better to avoid signing transactions or to be extremely cautious about the recipient's address. The hacker's address is 0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976. What should developers do? Check your lock files, as the hacked packages are mostly utility packages and may not be used directly in the project. The obfuscated script is left here ( #file-npm-vulnerability-deobfusicated-js-L626" target="_blank" rel="nofollow noopener">gist.github.com/sindresorhus/2…), and here ( jdstaerk.substack.com/p/we-just-foun… ) are a few more details on how it works under the hood. Issues with warnings and more technical details: github.com/chalk/chalk/is… github.com/debug-js/debug… The hacker's wallet is currently completely empty.

HACKERS HIJACK NPM PACKAGES IN WHAT IS BEING CALLED THE LARGEST SUPPLY CHAIN ATTACK IN HISTORY IF YOU USE A HARDWARE WALLET, PAY ATTENTION TO EVERY TRANSACTION BEFORE SIGNING IF YOU DON'T USE A HARDWARE WALLET, REFRAIN FROM MAKING ANY ON-CHAIN TRANSACTIONS FOR NOW: @Ledger CTO The malicious code only impacts individuals accessing the compromised applications over the web, monitoring for cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. This causes the transaction to be hijacked by the attackers rather than being sent to the intended address. The malware operates by injecting itself into the web browser, monitoring Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash wallet addresses or transfers. On network responses with crypto transactions, it replaces the destinations with attacker-controlled addresses and hijacks transactions before they're signed. What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users' apps believe they are signing: bleepingcomputer

🔥 @BSCS_Global Climbs to #7 in Top Launchpads by ATH ROI #BSCS has secured the #7 spot among Top Launchpads with an ATH ROI of 565% in the past 1 year! This milestone highlights the strong performance of BSCS-launched projects, which consistently provide value to investors and partners. Why Choose BSCS for Your Projects and Investments? ✔️ Proven Performance 🌎 Global Reach & Exposure 💻 Trusted by Investors 📇 Community-Powered Growth Join our ecosystem to scale your project with support & community 👉 Apply to Launch on BSCS bscs.finance/apply-launch 🚀 Together, we continue building success!