HashDit | now with Pro Extension

BREAKING: Introducing our latest "HashDit Pro" Chrome Extension🎉🥳 The latest Extension will offer : 🔹 Powered up Threat Protection (stay SECURED against address poisoning / drainer + any other phishing attacks) 🔹 Smart Contract Simulation (preview balance changes and approval changes) 🔹 Supporting 7 popular wallets + all EVM chains 🔹 Website checker (Clear pop-up warning when visiting malicious websites) 🤔 What you should do if you are using the old Extension? Remove the old Extension and install our latest Extension for continuous improved protection! Download here NOW for FREE: chromewebstore.google.com/detail/hjplojc… Stay safe with HashDit Pro! 🛡️

🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline. We’ll continue updating our coverage as more details are confirmed. socket.dev/blog/bitwarden…

⚠️ Web3 social managers on X: stay alert. Scam phishing emails targeting crypto are circulating again. If you enter your project's credentials into the fake login page, your X account WILL GET HACKED! Stay vigilant!! Refer to this for more information: malwarebytes.com/blog/news/2025…

In collaboration with @github, @Microsoft, @npmjs, and @SocketSecurity, our security team has confirmed that no npm packages published by Vercel have been compromised. There is no evidence of tampering, and we believe the supply chain remains safe. vercel.com/kb/bulletin/ve…

3/ Long term solutions: 1. Pin exact dependency versions (avoid using ^ ranges) 2. Use and review lockfile changes in PRs 3. Use --ignore-scripts in CI when possible 4. Run installs in isolated environments without production secrets Stay safe!!

2/ Root cause: a Vercel employee’s account was reportedly compromised via Context.ai, which gave the attacker access to that employee’s Google Workspace account, then access to some Vercel environments and env vars not marked “sensitive.”

🚨 Vercel and Next.js devs do this now! 🚨 ShinyHunters (the threat actor behind the Rockstar/Ticketmaster breach) hacked @vercel via a compromised third-party AI tool's Google Workspace OAuth app!! ⚠️⚠️⚠️ Do this now before reading further! 1. Rotate all important Vercel env vars immediately - especially npm, GitHub, API, and deployment tokens 2. Review and remove unnecessary connected apps - remove context.ai from Google Workspace accessed apps - revoke Vercel/GitHub integrations Why this matters if you are in #Web3/#Crypto: Vercel hosts hundreds of DeFi frontends, and stolen CI/CD credentials could enable wallet-drainer injection at scale! ⚠️ 1/ Affected Impact 2/ Root Cause 3/ Long term solution

Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA. We will keep you posted as we learn more about this situation. Please follow only the official @KelpDAO handle for the updates.

our domaim appears to have been compromised and the eth.limo domain has been hijacked. We're actively working with all parties involved to assess the situation and remediate the problem.

🖥️ Download here now for FREE: chromewebstore.google.com/detail/hjplojc… 🗒️ Have any feedbacks / ideas? Reach out to us through Email, X or TG!! Stay alert and stay safe with HashDit Pro!

2/ How to Detect on Explorer Sites with HashDit Extension? With update v1.4.5, HashDit’s Address Poisoning API is now integrated into explorer sites. This helps users spot suspicious lookalike addresses before copying them! 🛡️ What you’ll see: 1⃣ Poisoned addresses highlighted in red 2⃣ Suspicious rows shown, dimmed, or hidden 3⃣ View details on what specific addresses were marked as spoofing, malicious, or phishing. Explorer Sites supported currently include @BscScan, @EtherScan, @BaseScanHQ and @PolygonScan!

⚠️ Did you know that Address Poisoning represents ~5% of all transactions on an average day? ⚠️ Many crypto newbies still consistently lost funds to this scam technique unfortunately... HashDit already has Address Poisoning detection feature on our Chrome Extension transaction flow and platforms partnered with us already like @TrustWallet and @Unstoppablebyhs ~ 🚀 To further protect the community, we added this feature for explorer sites as well! Read on to know how it works ⏬⏬ 1/ What is Address Poisoning / Spoofing / Dusting? 2/ How to Detect on Explorer Sites with HashDit Extension?

🚨🚨 We are currently experiencing an issue with the CoW Swap frontend (swap.cow.fi). While we are investigating, please DO NOT use CoW Swap.

Hey Everyone, We're Investigating some abnormal activity on app.zerion.io - It is advised to not use the web app until further notice User Funds are safe on the wallet - please only refer to official communication from the team

@kaylyn_0x 😢 如果有更多被盗的详情，可以联系我们一下

突发被盗 136240U！ 事情是这样的，我朋友今天好不容易追回一笔近 100W 的欠款，没想到对方刚转到他 BSC 链的钱包，前后捂热不到一分钟就被黑客转走了 下午 5 点 24 转进，5 点 25分 就被转走 Hash：0x9b898362c8b44b76313e5b1acc2d19b0dca495ff6b2b6ad1c4cab67a69b93642 目前这笔资金在黑客尾号 CC5E 的钱包地址里暂时未动。请问还有找回的希望吗？🙏 BNB Chain 官方 @BNBCHAINZH @cain_bnb 安全专家 @EmberCN @SlowMist_Team

🚨Discord Alert: If you're using Discord channels as Support Tickets, your community is at risk 🚨 Scammers are violating Discord ToS and using the Discord API to view your channels and roles without any access at all. They use this information to scam your community... Here’s how you can prevent it ⤵️ 1/ How do scammers do this? 2/ What’s the scam? 3/ What’s the solution?

Security update: we identified and unpublished a malicious version of our SDK, @velora-dex/sdk This incident is confirmed to be limited to the SDK package only. We have no indication of any issue elsewhere in our systems or infrastructure. Out of caution, developers should avoid installing or upgrading this package for now while we complete the investigation and publish a confirmed safe update. We’ll share more updates as soon as possible.

🛑 Chrome 0-day Warning! Tracked as CVE-2026-5281, this WebGPU (Dawn) use-after-free bug allows code execution via a crafted page if the renderer is compromised. It’s the 4th exploited Chrome browser zero-day in 2026. 🔗 Read → thehackernews.com/2026/04/new-ch…