SlowMist

4.1K posts

SlowMist banner
SlowMist

SlowMist

@SlowMist_Team

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

Katılım Nisan 2018
407 Takip Edilen88.8K Takipçiler
Sabitlenmiş Tweet
SlowMist
SlowMist@SlowMist_Team·
Recently, we’ve shipped a small but solid update to the Crypto Asset Tracing Handbook! 📘✨ 📖Updated version on GitHub: github.com/slowmist/Crypt… 🚀These additions expand the handbook’s coverage of cross-chain and laundering patterns — topics that many readers have been asking for: 1️⃣More bridge explorer links🔗: • Squid • Orbiter • TeleSwap 2️⃣Two new case studies🔍: • BTC Laundering Loops via Hyperunit • Cross-Chain Source Analysis via Stargate Finance If you’ve already read the handbook, this update makes it even more actionable. If you haven’t yet — now’s a great time to dive in. 🛡️We’ll keep refining the handbook over time to make on-chain tracing knowledge accessible to everyone in the crypto ecosystem.
English
31
31
148
111.4K
SlowMist
SlowMist@SlowMist_Team·
🚨SlowMist TI Alert🚨 💸 @dripsnetwork Loss: 24,882.99 DAI 🔍 Root Cause: Integer type conversion flaw in `DaiDripsHub`'s `give(address,uint128)` function. The function converts `uint128 amt` to `int128` without validating `amt <= type(int128).max`. Attackers pass `2^128 - reserveBalance` (exceeding int128 max), causing `int128(amt)` to become a negative value. `-int128(amt)` then becomes positive, flipping the transfer direction from "user pays" to "reserve withdraws to user," draining DAI. 📌 Attacker: 0x84da7a5e2315eb798f04b75554aeb15047269cce 📌 Victim Contract (DaiReserve): 0xf9bbb2df44cfe46e501cf91c99b2f8fef9d9d44a 📌 Vulnerable Contract (Hub Proxy): 0x73043143e0a6418cc45d82d4505b096b802fd365 📌 Attack Contract: 0x00c64b5a926ba1fcec30efad88c344c619f54f12 Summary: Missing input validation allows a crafted `give()` call to reverse fund flow, draining the reserve. Powered by SlowMist.AI Tx: etherscan.io/tx/0xc38a6e225… polygonscan.com/tx/0x0a8299469…
English
1
2
7
2K
SlowMist
SlowMist@SlowMist_Team·
🚨SlowMist TI Alert🚨 💸 @Lumi_Finance Loss: ~ $264k 🔍 Root Cause: A vulnerability in Lumi smart accounts allowed token approvals to be performed as a side effect during UserOperation validation. Due to improper validation logic, an attacker-controlled paymaster could trigger approval operations during the validation phase and obtain ERC20 allowances from multiple smart accounts without explicit user intent. 📌 Attacker: 0xce1a3bb0b98d0d90c7dd0620ab86c9a771888d88 📌 Victim: Multiple Lumi smart accounts affected by unintended token approvals during UserOp validation 📌 Malicious contract: 0x56362412ae17cac443aafbab4289946ad958e8a1 The attacker abused a flaw in Lumi smart account UserOperation validation logic to obtain token allowances from multiple wallets through validation-time side effects. The attacker then used the malicious sweeping contract to batch drain approved ERC20 tokens, swapped the stolen assets into ETH, and transferred the proceeds to the attacker-controlled address. Powered by #SlowMist.AI Tx: arbiscan.io/tx/0x630654fb1… arbiscan.io/tx/0x020995ec0…
SlowMist tweet media
English
5
12
50
9.7K
SlowMist
SlowMist@SlowMist_Team·
Every stolen asset leaves an on-chain trail—but reconstructing that trail across multiple wallets, blockchains, bridges, and mixers isn't easy. That's why we built TrackAgent — an AI-powered On-Chain Intelligence Agent purpose-built to trace stolen crypto assets. It is now integrated into our Free Stolen Asset Assessment Service.🚀 Instead of simply retrieving blockchain data, TrackAgent continuously traces stolen funds, reconstructs complex fund flows, correlates attacker addresses, and combines on-chain intelligence with security threat intelligence to support real-world investigations. 🔍 Key capabilities: 🌐 Supports 31 blockchains 🌉 Cross-chain & laundering path analysis 🔗 Multi-address correlation 🛡️ Threat intelligence-powered investigation 📊 Over 12,000+ stolen asset cases have been submitted to SlowMist over the past four years. By bringing AI into our investigation workflow, we're making preliminary analysis faster while enabling our analysts to focus on the cases that need deeper investigation. 🤝 We're excited to bring AI-powered on-chain investigation to more victims and the broader Web3 community. ❓Need help after a crypto theft? Submit your case through our Free Stolen Asset Assessment Service to receive a TrackAgent-powered on-chain assessment and support from the SlowMist security team. 👉 aml.slowmist.com/recovery-funds… 📖 Read more:medium.com/p/0d41fc67c390…
SlowMist tweet mediaSlowMist tweet mediaSlowMist tweet media
English
6
9
44
9.5K
SlowMist
SlowMist@SlowMist_Team·
5/ 🔐 2026 Mid-year Blockchain Security & AML – Key Takeaways In H1 2026, blockchain security & AML saw three major trends: 1️⃣ Attacks shifted from code vulnerabilities to trust exploitation 2️⃣ Threats became more intelligent and persistent 3️⃣ Security evolved from incident response toward proactive risk governance The ecosystem faced growing risks across developer supply chains, endpoint devices, browser extensions, and AI Agents. Attackers increasingly leveraged social engineering, supply chain poisoning, AI-driven techniques, and sophisticated laundering strategies, while regulators continued strengthening AML, stablecoin, and VASP frameworks. The future of Web3 security depends not only on innovation, but also on stronger threat intelligence, risk identification, compliance frameworks, and proactive defense capabilities. SlowMist continues to advance AI-driven security and compliance solutions: ✅ Pre-incident: Security audits, training, and risk prevention ✅ During incidents: Threat intelligence, monitoring, and real-time detection ✅ Post-incident: On-chain tracing, forensics, and emergency response Through AI-powered capabilities including SlowMist Agent Security Skill, @MistTrack_io Skills, and MistEye Security Gate, SlowMist helps developers and enterprises strengthen AI Agent security, detect emerging risks such as prompt injection and supply chain poisoning, and build more resilient blockchain ecosystems. 📄 Full report: drive.google.com/file/d/15qFJu9…
SlowMist tweet media
English
1
0
1
2.9K
SlowMist
SlowMist@SlowMist_Team·
4/ 🕵️‍♂️ Cybercrime Organizations & Privacy Trends in H1 2026 🔺 Lazarus Group: Continued to dominate crypto-related cybercrime activities, adopting increasingly sophisticated laundering strategies combining privacy protocols, cross-chain bridges, DeFi, BTC UTXO fragmentation, mixers, and OTC networks. Supply chain attacks and social engineering remained key attack methods. 🔺 Drainer-as-a-Service (DaaS): Wallet theft operations became more industrialized. Emerging services such as Lucifer Drainer, Rublevka Team, and StepDrainer provided automated phishing infrastructure, affiliate models, multi-chain support, and AI-themed lures, lowering barriers for attackers. 🔺 Privacy Protocols: Major privacy protocols recorded nearly $974M in cumulative inflows in H1 2026. Tornado Cash remained dominant (~$691M), while Railgun, Hinkal, and Privacy Pools explored broader privacy use cases, including DeFi interactions, asset management, and compliance-oriented privacy. 📊 Cybercrime operations are becoming more specialized, while privacy technologies continue to evolve. The future of blockchain security will require stronger tracing capabilities, behavioral analysis, and a balanced approach between privacy protection and regulatory compliance.
SlowMist tweet mediaSlowMist tweet mediaSlowMist tweet mediaSlowMist tweet media
English
1
0
4
3.8K
SlowMist
SlowMist@SlowMist_Team·
🚨 SlowMist presents the 2026 Mid-year Blockchain Security & AML Report! 1/ In H1 2026, blockchain security entered a new phase. AI-driven scams, supply chain attacks, and cross-chain infrastructure exploits expanded the attack surface beyond smart contracts, while global regulation around stablecoins, #AML, and VASPs continued to mature. 📊 Stats: 🔺 182 security incidents, ~$956M in losses (vs. 121 incidents / ~$2.373B in H1 2025) 🔹 By ecosystem: #Ethereum $134M > #BSC $36.35M > #Arbitrum $4.93M 🔹 By project type: #DeFi 116 incidents / ~$490M > Cross-chain bridges 20 incidents / ~$346M (Kelp DAO: ~$292M single loss) 🔹 By attack vector: 85 contract & logic vulnerabilities > 17 private key/credential compromises > 12 supply chain attacks ⚠️Note: Data is calculated using token prices at the time of each incident. Due to price fluctuations, undisclosed incidents, and the exclusion of individual user losses, actual losses are likely higher. Full report 👇 drive.google.com/file/d/15qFJu9…
SlowMist tweet mediaSlowMist tweet mediaSlowMist tweet mediaSlowMist tweet media
English
6
10
34
12.1K
SlowMist
SlowMist@SlowMist_Team·
4/ These three Security Skills mark an important milestone in SlowMist’s AI Agent security suite. Deeply integrated with OKX Onchain OS, they make it easy for developers to embed security into AI Agent workflows. Huge thanks to @OKX for the support 🙌 Try all three Skills now on OKX.AI , and join us in building a safer, more trustworthy on-chain AI ecosystem.
English
0
0
1
1.5K
SlowMist
SlowMist@SlowMist_Team·
3/ MistEye Skill focuses on proactive AI Agent security detection and dependency risk identification — “detect first, execute second.” Key features: 🔸Agent logic & smart contract interaction security checks 🔸High-risk dependency detection (package.json, requirements.txt, etc.) 🔸URL / domain / IP pre-checks to block malicious links 🔸Daily automated dependency security scans Moves security earlier in the lifecycle by identifying risks before execution. 👇okx.ai/agents/2180?so…
English
1
0
1
2K
SlowMist
SlowMist@SlowMist_Team·
🚀 SlowMist has officially launched three security Agent Skills on @OKX AI ! 🔹 SlowMist Agent Security Skill — Comprehensive protection for Agent interactions and execution 🔹 MistTrack Skill — On-chain address risk analysis and AML tracing 🔹 MistEye Skill — AI Agent security detection and dependency risk identification All Skills can be accessed through the OKX Onchain OS standardized interface, enabling on-chain automated settlement with near-instant execution. Ready to try them? 🧵👇
English
5
2
20
11.3K
SlowMist
SlowMist@SlowMist_Team·
We're closely monitoring the Ill Bloom wallet weak randomness risk alert from @coinspect . Please check whether any of your historical wallet addresses are affected👉 illbloom.org Thanks to @coinspect for the responsible disclosure. Stay safe!
Coinspect Security@coinspect

Today we are publishing the first Ill Bloom findings: affected-address checker + on-chain analysis to help users identify exposed addresses and protect their assets. 🔗 illbloom.org ⚠️ We will never ask for seed phrases, private keys, signatures, or approvals, or ask users to send funds to "recover" or protect a wallet.

English
1
7
21
9.6K
SlowMist
SlowMist@SlowMist_Team·
Our founder @evilcos will share practical insights on AI and Web3 security during Keynote 2. We look forward to seeing everyone interested in AI + Web3 at the forum! 👋
ME Event@MEeventHK

⚡️聚焦AI与Web3融合新前沿:7月15日“边界之外”论坛重磅议程发布💛 🤖 当 AI Agent 逐渐具备自主决策与任务执行能力,未来的商业交互将彻底打破“人与平台”的传统模式,加速驶向 Agent-to-Agent(A2A)的智能体协作网络。 👥【重磅登场嘉宾阵容】 📢 Keynote 主题演讲: 港大经管学院金融学副教授 刘洋| @SlowMist_Team 创始人余弦 @evilcos 世龙实业创始人、副董事长 刘宜云| @ambergroup_io International 董事长兼 CEO @MichaelWuAmber 💬 Panel 圆桌讨论: @MetaEraCN 首席执行官 @JessicaMetaEra 主持🎙️ 弘毅投资董事总经理 Sherry Hu| @CicadaFinance & @finchip_ai 孵化投资人 @gary_yangge 觉恒智能 CEO 郝亚伟| 香港理工大学助理教授 丁文治|上海申浩律师事务所合伙人 孙瑜 📌 主办方:港大经管学院高层管理教育、香港大学渣打慈善基金金融科技学院、ME Group 🗓️ 时间:2026 年 7 月 15 日 14:00–17:30 📍 地点:香港中环交易广场第二座 40 楼 4005–07 室 本次“边界之外”高峰论坛作为思想激荡的舞台,正成为连接 AI、数字资产与未来金融基础设施的创新始发站。直击议程亮点👇 #AIAgent #Agentic #Web3 #SlowMist #AmberGroup #HKUBusinessSchool #HongKong #MEGroup

English
0
1
7
4.5K
SlowMist
SlowMist@SlowMist_Team·
🥳 We’re excited to announce that our Founder at SlowMist, @evilcos (Yu Xian / Cos), will be speaking at Money Frontier 2026, sharing insights on blockchain industry security. 📅 July 27–28, 2026 📍 Hopewell Hotel, Hong Kong Money Frontier is a premier summit at the intersection of market reality and innovation, where global leaders gather to discuss real opportunities, challenges, and risks beyond the noise. We look forward to engaging with industry peers in Hong Kong and contributing to a safer blockchain ecosystem 🌐
Money Frontier@MoneyFrontierhk

Cos (Yu Xian)@evilcos , is speaking at Money Frontier 2026. Cos (Yu Xian) is the founder of SlowMist @SlowMist_Team and a white-hat security researcher.SlowMist is a threat intelligence firm specializing in blockchain ecosystem security, established in January 2018. The firm was founded by a team with over ten years of network security experience. Our goal is to make the blockchain ecosystem as secure as possible for everyone. Join him at Money Frontier 2026. Get your tickets and learn more: moneyfrontier.info/en/

English
0
0
8
5.2K
SlowMist
SlowMist@SlowMist_Team·
🚨 SlowMist TI Alert 🚨 MistEye has detected a coordinated malicious npm supply-chain campaign using fake trading-bot repositories and DeFi-themed npm packages to deliver JavaScript infostealers targeting npm users, DeFi developers, and trading-bot users. The campaign involves 30 malicious npm packages, including stake-math@3.5.4, which appears as a locked dependency in donoaccestag/forex-mt5-trading-bot. The repository shows clear abnormal signals: it depends on a security-reported malicious npm package and has around 2.3k highly homogeneous, likely batch-generated forks, with most concentrated under the poly-stocks account. Potential attacker actions include exfiltrating local sensitive data, such as crypto wallet vaults, browser cookies, saved passwords, browsing history, developer credentials, shell history, password manager vaults, private keys, mnemonic phrases, and API tokens discovered in source code. Developers should immediately remove affected npm packages, audit package.json / package-lock.json and CI logs for any of the 30 malicious packages, treat systems that ran npm install as potentially compromised, rotate exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens, and rebuild impacted environments from clean images. Special thanks to @safedepio for the excellent discovery. As always, stay vigilant! enterprise.misteye.io/threat-intelli…
SlowMist tweet mediaSlowMist tweet mediaSlowMist tweet media
English
3
6
25
4.6K