🚨 Cyvers Alerts 🚨

🚨ALERT🚨Hey @WazirXIndia, Our system has detected multiple suspicious transactions involving your Safe Multisig wallet on the #ETH network. A total of $234.9M of your funds have been moved to a new address. Each transaction's caller is funded by @TornadoCash. The suspicious address has already swapped $PEPE, $GALA, and $USDT to $ETH and continues to swap other digital assets. We attempted to contact you 30 minutes ago, but received no response. It appears that your Safe wallet has been compromised by a malicious actor! Want to keep your company off our alerts radar? Learn how to secure your assets: Book a Demo 🚀 calendly.com/d/cpx9-yvd-vpp… #CyversAlert

$280𝑀 @DriftProtocol 𝐸𝑥𝑝𝑙𝑜𝑖𝑡, 𝑎𝑛𝑑 𝑤ℎ𝑎𝑡 𝑖𝑡 𝑟𝑒𝑎𝑙𝑙𝑦 𝑡𝑒𝑙𝑙𝑠 𝑢𝑠 𝑎𝑏𝑜𝑢𝑡 𝑊𝑒𝑏3 𝑠𝑒𝑐𝑢𝑟𝑖𝑡𝑦 This wasn’t a smart contract failure. It was a failure of trust, processes, and visibility. 𝐓𝐡𝐞 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 ~48 hours later, no funds recovered. Drift has initiated on-chain communication with attacker wallets, signaling the first attempt at negotiation. Attribution is increasingly pointing to DPRK-linked actors, with patterns similar to previous large-scale operations. But zoom out, and the real story is this: This was a weeks-long, coordinated operation targeting the human layer. Now we understand how methodical it really was: • March 23 — attackers began setting up durable nonce accounts and compromised signers • March 27 — adapted during multisig migration • March 30 — additional signer compromise • April 1 — execution triggered within minutes The blast radius continues to grow: • 20+ Solana protocols impacted • Millions in secondary losses • Ongoing cross-chain laundering This aligns with a broader trend: Access control attacks are now the dominant driver of losses in Web3 𝐖𝐡𝐚𝐭 𝐡𝐚𝐩𝐩𝐞𝐧𝐞𝐝: No code exploit. • Durable nonces enabled pre-signed transactions to execute later • Multisig signers were socially engineered • Admin control was taken, withdrawal limits removed • ~$280M drained in minutes Funds weren’t hacked, control was taken. 𝗧𝗵𝗶𝘀 𝗰𝗹𝗼𝘀𝗲𝗹𝘆 𝗺𝗶𝗿𝗿𝗼𝗿𝘀 𝘁𝗵𝗲 𝗕𝘆𝗯𝗶𝘁 𝗵𝗮𝗰𝗸. 🚨 In both cases: Signers unknowingly approved malicious transactions. Funds weren’t hacked, control was taken. 𝐖𝐡𝐲 𝐭𝐡𝐢𝐬 𝐦𝐚𝐭𝐭𝐞𝐫𝐬: This wasn’t just a security issue. It was a governance failure. A critical detail: 2/5 multisig, no timelock That’s not decentralization, that’s a single point of failure. We are seeing a clear pattern: • Multisig approval flows are being exploited • Human-layer compromise is the primary attack vector • Operational security is now the weakest link Multisigs don’t fail gradually, they fail all at once. 𝐇𝐨𝐰 𝐭𝐡𝐢𝐬 𝐜𝐨𝐮𝐥𝐝 𝐡𝐚𝐯𝐞 𝐛𝐞𝐞𝐧 𝐩𝐫𝐞𝐯𝐞𝐧𝐭𝐞𝐝: This is exactly where Cyvers comes in: • Pre-chain Wallet Firewall- Simulates transactions before signing, detects hidden risk • Secure Co-Signer- AI-powered validation of intent, context, and anomalies. Even if signers are compromised, malicious transactions are blocked. Audits and traditional Web2 security tools won’t stop this class of attacks. If your security depends on humans always signing correctly, you are exposed. The future of Web3 security is real-time, pre-transaction prevention. 𝗟𝗲𝘁’𝘀 𝘁𝗮𝗹𝗸 𝗮𝗯𝗼𝘂𝘁 𝗵𝗼𝘄 𝘁𝗼 𝗽𝗿𝗼𝘁𝗲𝗰𝘁 𝘆𝗼𝘂𝗿 𝗽𝗿𝗼𝘁𝗼𝗰𝗼𝗹 𝗯𝗲𝗳𝗼𝗿𝗲 𝘁𝗵𝗲 𝗻𝗲𝘅𝘁 𝗮𝘁𝘁𝗮𝗰𝗸 𝗵𝗮𝗽𝗽𝗲𝗻𝘀. #Web3Security #DeFi #Solana #Crypto #Cyvers

"According to Blockchain Security analysts at Cyvers, this exploit happened due to a flaw in the minting logic. The contracts were audited, but the issue still allowed unauthorized minting without proper validation." beincrypto.com/resolv-usr-sta…

🚨 $80M Stablecoin Exploit, and a reminder of how fragile this model really is Stablecoins don’t fail gradually, they fail all at once. Today, Cyvers detected a major incident at @ResolvLabs, where an attacker minted ~80M unbacked $USR. No collateral was drained, this was pure supply inflation, and it immediately broke the peg. What actually happened: A flaw in the completeSwap() function allowed minting without proper validation. The attacker deposited roughly ~$100K–$200K and minted tens of millions in return. That’s a ~500:1 mismatch between supply and backing. What followed: • $USR depegged sharply to ~$0.257, a ~74% drop • Liquidity drained quickly across pools • Protocols with exposure to USR or wstUSR started seeing impact On-chain activity: • Attacker: 0x04A288a7789DD6Ade935361a4fB1Ec5db513caEd • ~$23.8M has already been swapped into ETH, currently sitting at: 0x8ED8cF0C1c531C1b20848E78f1CB32fa5B99b81C • Funds are still being moved and split across wallets Team response: Resolv has paused all protocol functions and is working on recovery. Why this matters: This wasn’t a typical exploit. This was a minting failure, and for stablecoins, that’s the worst-case scenario. Once supply is no longer backed, the peg becomes unsustainable, and confidence disappears almost instantly. We’re already seeing second-order effects across integrated protocols. Cyvers is continuing to monitor the attacker flows in real time. If you want to safeguard your platform against incidents like this: calendly.com/d/cqjd-77h-r6x… #CyversAlert #Web3Security #Stablecoins #DeFi #CryptoHack

Our CEO and Co-Founder @Deddy_Lavid was recently featured on @moodysratings where he shared his perspective on how the industry can better manage cyber risk in the digital assets ecosystem - alongside Yevheniia Broshevan (@hackenclub CEO) and Gabi Urrutia (@HalbornSecurity CISO). Three key takeaways from the discussion: • Compliance is not security. Regulation sets a baseline, but real resilience requires continuous monitoring, independent assessments, and preventative controls. • AI improves detection - but it doesn’t replace human judgment. Security teams must combine automated monitoring with expert oversight. • Post-quantum risk is already relevant. Organizations should begin preparing for cryptographic agility now. As tokenized finance continues to scale, proactive security and real-time prevention will become critical pillars of trust in the digital asset ecosystem. #CyberSecurity #DigitalAssets #FinTech #web3

🚨ALERT🚨Our system has detected a suspicious transaction involving @foomclub (account suspended on X) on the #Base network. An address funded by #Binance on Base deployed a malicious contract and extracted 4,588,196,709,531 $FOOM from “Foom Club: FOOM.Cash Lottery.” The stolen $FOOM was then bridged to the #Ethereum network via the #LayerZero bridge and swapped for ETH. Currently, 161 ETH (~$332K) remains in an address controlled by the exploiter. If you wish to safeguard yourself against such scams, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

🚨ALERT🚨Our systems detected a $600K $USDT address poisoning attack approximately more than 10 min ago. The victim was initially poisoned 32 min earlier. Today, when attempting to send funds to 0x77f6ca8E...2E087a346, the victim instead sent the transaction to the malicious look alike address 0x77f6A6F6...DFdA8A346. If you wish to safeguard yourself against such scams, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

🚨ALERT🚨Our systems detected a $12.3M ETH address poisoning attack approximately more than one hour ago. The victim was initially poisoned 37 hours earlier. Today, when attempting to send funds to 0x6D90CC8C…7eDdD2E48, the victim instead sent the transaction to the malicious look alike address 0x6d9052b2…34e592e48. If you wish to safeguard yourself against such scams, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

🚨 Cyvers publishes the 2025 Web3 Security & Fraud Report, uncovering alarming trends: ➡️ 18,815 active scam groups globally. ➡️ Authorization fraud causes $16B losses, surpassing traditional exploits. ➡️ 88% of losses by 2025 may stem from access control failures. ➡️ Supply chain vulnerabilities & legitimate signature risks are rising. ➡️ Over 140 crypto exchanges have experienced fraud at least once. How can the industry safeguard against these threats? #Web3 #CyberSecurity

🚨ALERT🚨Our system has identified multiple suspicious transactions involving @SynapLogic on the #Base network. The attacker’s address was initially funded via @TornadoCash on the #Ethereum network and subsequently bridged funds to #Base using #GasZip. The attacker executed a series of suspicious transactions, acquiring approximately 144K $SYP. The funds remain in the attacker’s contract and have not yet been swapped. The SynapLogic team has since stated: “The issue has been fully resolved. SynapLogic systems are now operating normally, and all user funds remain completely safe.” x.com/SynapLogic/sta… If you wish to safeguard yourself against such scams, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

🚨ALERT🚨Our systems detected a $509K $USDT address poisoning attack around 24 min ago. The victim initially sent 5K $USDT, unaware that the receiver address belonged to a scammer. The victim intended to send the funds to 0xe842....D3E6F, but mistakenly sent to 0xe842....f3e6F. Approximately two minutes later, the victim sent an additional 509K $USDT to the same incorrect address. If you wish to safeguard yourself against such scams, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

Unpopular fact: Annual reports are a boring.😴 At @CyversAlerts , we’re tearing up the rulebook. 📄🔥 Meet our 2025 Interactive Threat Report: ✅ Every 2025 fraud & security threat analyzed. ✅ Slick, data-packed UI. ✅ AI-powered (chat with the data). annualreport.cyvers.ai Want the Full PDF version sent to your inbox? 1️⃣ Follow @Cyvers_ 2️⃣ Like & Repost this 3️⃣ Comment "REPORT" And we’ll DM the full version your way! 👇 #Web3 #Security #AI #FraudPrevention

🚨ALERT🚨Hey @Truebitprotocol Our system has detected suspicious transaction with estimated loss of 26M! An address got around 8,535 $ETH from "Truebit Protocol: Purchase" More information will follow! If you wish to safeguard yourself against such incident, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

🚨ALERT🚨Our system has detected multiple suspicious transactions on the #ARB network involving a proxy contract, resulting in an estimated loss of ~$1.5M. Preliminary analysis suggests that the single deployer of the #USDGambit and #TLP projects may have lost access to their account. The attacker then deployed a new contract and updated the ProxyAdmin privileges to gain control. The stolen funds were later bridged to the #ETH network and deposited into @TornadoCash. If you wish to safeguard yourself against such incident, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert

🚨ALERT🚨Earlier today, @UnleashProtocol reported unauthorized activity involving Unleash Protocol smart contracts. An externally owned address gained admin control via the multisig governance and executed an unauthorized contract upgrade, enabling unapproved asset withdrawals. Affected assets include #WIP, #USDC, #WETH, #stIP, and #vIP. The incident resulted in an estimated ~$3.9M loss. The attacker later bridged the assets to Ethereum and deposited 1,337.1 ETH into @TornadoCash. If you wish to safeguard yourself against such incident, please contact us to arrange a demo of our solution at calendly.com/d/cqjd-77h-r6x… #CyversAlert