SolidityScan

🚀 Big news! SolidityScan is now integrated with @soneium, bringing seamless smart contract security to your fingertips. Easily access security scores, gain real-time insights into vulnerabilities, and explore full threat reports — directly from verified contracts on Soneium.

Security alert: OX Security reports a GitHub phishing campaign abusing the OpenClaw name. Attackers tag devs in issues, promise “$CLAW” tokens, and send them to a cloned site with a wallet-connect trap. #CryptoSecurity #Phishing

dTRINITY says its dLEND deployment on Ethereum was hit by a deposit-inflation attack, draining dUSD liquidity and leaving ~ $257K in bad debt. Protocol is paused; team says losses will be fully covered and repaid. #DeFi #Security

Neutrl says its frontend was compromised after a social-engineering attack on its DNS provider, leading to domain redirection. Do not interact with the site; revoke relevant Permit2 approvals as advised. #Web3Security #DeFi

Security heads-up: SlowMist says Coinbase Commerce’s Withdraw flow shows “extremely unsafe behavior” by prompting users to enter a plaintext mnemonic phrase for “asset recovery.” Never type your seed phrase into a website. #CryptoSecurity #Phishing

US, UK & Canada launched “Operation Atlantic” to disrupt approval-phishing scams that trick users into signing malicious wallet approvals. If you see unexpected “approve” prompts, stop and verify before signing. #CryptoSecurity #Phishing

BlockFills says it filed voluntary Chapter 11 petitions (Delaware) after previously suspending client deposits/withdrawals. Filing lists assets $50–$100M vs liabilities $100–$500M. #Crypto #Risk

Venus Protocol (BNB Chain) was hit by a THE-token price manipulation + supply-cap bypass, leaving an estimated ~$2.15M in bad debt. Venus has paused THE borrows & withdrawals while investigating. #DeFi #Security

Scallop Lend says it completed a comprehensive formal verification by Asymptotic (Mysten Labs’ audit partner), covering core accounting, liquidation math, access control & fixed‑point arithmetic. #DeFi #Security

Etherscan warns Ethereum address-poisoning scams are becoming increasingly automated. Attackers seed your tx history with lookalike addresses to trick copy/paste sends. Double-check the FULL address (or use an address book/ENS) before transferring. #Ethereum #Security

Security alert: Bonk.fun warned users to avoid the bonk.fun domain after a domain hijack pushed a wallet-draining phishing prompt. Impact reportedly limited to users who signed a fake TOS message after the breach. #Solana #Security

Security incident: DBXen contract exploited (~$150K est.). Reports cite an ERC-2771 meta-tx sender mismatch (_msgSender vs msg.sender) that broke reward/fee accounting and enabled excess extraction. #DeFi #SmartContractSecurity

TOKEN2049 has postponed its Dubai conference to Apr 21–22, 2027, citing regional security uncertainty affecting safety, travel, and logistics. Tickets remain valid, with an option to transfer to TOKEN2049 Singapore (Oct 7–8, 2026). #Web3 #Crypto

XRPLF urges node operators to upgrade to rippled v3.1.2 ASAP. Patch addresses an edge case that can crash public-facing nodes; upgrades also require trusting Ripple’s newly rotated GPG signing key. #XRPL #Security

Ledger says it found a MediaTek Android secure-boot flaw that could let an attacker with physical access extract PIN + wallet seed/private keys in ~45 seconds (via USB before OS boot) in a PoC. #Security #Crypto

Proposed class action alleges JPMorgan provided banking rails used in a $328M crypto Ponzi tied to Goliath Ventures. Filing claims ~$253M flowed through a Chase account and ~$123M was sent to Coinbase wallets. #CryptoSecurity #Compliance

Trust Wallet rolled out automatic Address Poisoning Protection (mobile), starting across 32 EVM chains. It scans destination addresses and warns users about lookalike/scam addresses before you send. #Web3Security #CryptoSafety

Gondi (NFT lending) reported a contained exploit in its Sell & Repay flow. A logic flaw in the Purchase Bundler check allegedly let an attacker drain ~78 NFTs (~$230K). Sell & Repay remains disabled while a fix rolls out. #NFT #exploit

Bonk.fun says its domain was hijacked after a team account compromise, pushing a wallet-draining prompt. Only users who signed a fake TOS message after the incident were affected (per operator). Avoid the bonk.fun domain until cleared. #Solana #Security

Security advisory: Ledger Donjon reports a MediaTek Android secure-boot flaw that could let an attacker with physical access extract a phone PIN + wallet seed phrases quickly via USB (per PoC). Update device/OEM patches ASAP. #CryptoSecurity #Android

Arc Explorer now includes smart contract security insights powered by SolidityScan. Users can view real-time security scores, explore categorized vulnerabilities, and access detailed threat analysis directly within the @arc explorer interface. testnet.arcscan.app