SlowMist

Protecting Your X Accounts from Phishing Attacks In recent times, we have observed a surge in incidents where Web3 project owners and celebrities have had their X accounts compromised, leading to phishing tweets being disseminated. These breaches are often orchestrated through sophisticated hacking techniques, such as: 1. Fake Calendly/Kakao Meeting Links: Hackers trick users into clicking on fraudulent links, thereby gaining account authorization or even controlling their devices. 2. Trojan-Infected Programs: Direct messages lure users into downloading malicious software disguised as legitimate applications (e.g., games, meeting apps), which can then steal private keys, mnemonics, and X account permissions. 3. SIM Swap Attacks: Cybercriminals use SIM swapping to hijack X accounts that rely on phone number verification. The SlowMist Security Team has been instrumental in resolving several such incidents. A notable example occurred on July 20, when the X account of the TinTinLand project was hacked. The attacker pinned a phishing tweet, but thanks to the swift intervention of the SlowMist Security Team, TinTinLand successfully regained control, reviewed authorizations, and implemented enhanced security measures for their X account. Read the full article to learn more about these threats and discover effective strategies to safeguard your account. https://lnkd.in/eQavH9ir #Web3 #CyberSecurity #SlowMist #PhishingProtection #BlockchainSecurity #SIMSwap #CyberThreats #StaySafe #CryptoSecurity

Security Alert for the TON Ecosystem 🚨 As the TON ecosystem expands, so do the threats from Web3 phishing groups. Our latest findings reveal that the TonConnect SDK, which facilitates cross-platform wallet interactions, faces challenges in domain verification—a critical step to prevent fraudulent signature requests. This vulnerability could potentially allow attackers to impersonate trusted DApps, posing significant risks to users. In our analysis, we've seen similar issues in other platforms like MetaMask and WalletConnect. Unfortunately, this problem is complex and has not yet been fully resolved across the board. To safeguard your assets, we strongly recommend that users consistently verify the domains when connecting their wallets to DApps. Being vigilant can help prevent fraudulent activities and ensure the security of your digital interactions. Full analysis and recommendations are available below. https://lnkd.in/eE7qyVJR #Web3 #TON #BlockchainSecurity #PhishingAlert #TonConnectSDK #SlowMist

🌟 Slowmist Cybersecurity Award 2023-24 🌟 We are thrilled to announce that Ms. Cheung Yung Yung Mandy, a distinguished student at the MSc in Finance (FinTech and Financial Analytics) program at the Hong Kong Baptist University, has been honored with the prestigious SlowMist Cybersecurity Award for the academic year 2023-24. 🏆 This award is a testament to Mandy’s outstanding performance in FIN7900 Cybersecurity, Privacy, and Regtech for Finance. Her work has not only set a benchmark for academic excellence but also underscores the critical importance of secure financial technologies in today’s digital era. We look forward to her continued success and the innovative strides she will undoubtedly make in the world of finance and technology. #Cybersecurity #FinTech #SlowMistAward https://lnkd.in/eqyzUCSP

Recently, we published a comprehensive checklist and targeted guidelines for auditing Account Abstraction wallets. Today, we are pleased to extend our expertise by providing additional guidelines for auditing public blockchains. https://lnkd.in/egs4DVMP Explore our latest insights on cryptocurrency threat modeling and security enhancement. We leverage established models such as CIA Triad, STRIDE, DREAD, and PASTA to meticulously identify threats and fortify security measures. Our robust testing methodologies—black-box, gray-box, and white-box—ensure thorough analysis and protection from all perspectives.

Just wanted to thank everyone for their support during the hashtag #Web3 Festival in Hong Kong. We couldn't have done it without you! 😊

Best Memories with SlowMist ,GoPlus Security ,Akamai Technologies ,The Linux Foundation and Google Cloud in #Web3Festival Hong Hong In Security We Trust. Thanks for invitation of SlowMist. Very happy to be the invited guest #Web3 #crypto

What a fruitful afternoon I had at the Hacking time : Web3 Security and Compliance, organized by SlowMist , during the Web3 Festival! Gained some insights beyond AML tracking.

I'm grateful for the invitation from SlowMist. After my talk, many attendees, including fintech companies, banks, security researchers, and AML experts, approached me for discussions. I noticed a strong eagerness among many to enter this industry, underscored by their enthusiasm. Additionally, I met with several top security teams and old friends. Let's keep building. My Twitter: https://lnkd.in/gaBfHTm8

New Phishing Tactics Used by the North Korean Lazarus Group's in the Cryptocurrency Sector 🔐 In 2022, the vigilant security team at SlowMist, using the advanced SlowMist BTI intelligence network, exposed a sophisticated phishing operation orchestrated by the North Korean hacker group Lazarus. Operating on Telegram, these cybercriminals have now escalated their strategies, adopting the guise of reputable investment firms to target and deceive various cryptocurrency project teams. 🚨 This in-depth analysis transcends conventional reporting; it's an essential read for comprehending the evolving cyber threats in the cryptocurrency landscape. Our investigation highlights the critical need for strengthened security measures and proactive defenses in this digital era. ✅ Read, share, and stay ahead one step of malicious actors. 🔗 https://lnkd.in/dTg_KRkt

🔒 SlowMist November Security Update: A Month of Alarming Security Breaches in Blockchain November 2023 has proven to be a challenging month in the Blockchain space. Based on the latest from our SlowMist Blockchain Hacked Archive, we faced a significant surge in security incidents. A startling total of 47 distinct security breaches were recorded, leading to a staggering approximate loss of $349 million. This figure is not just a number – it's a stark reminder of the ongoing challenges in safeguarding digital assets. It underscores the urgent need for enhanced security measures and continuous advancements in blockchain technology. 🛡️ Why This Matters: These incidents highlight the vulnerabilities in our current systems and the importance of robust security protocols. As blockchain continues to integrate into various sectors, the imperative to protect digital assets becomes more crucial than ever. 👉 Read the Full Article Here: https://lnkd.in/d-mk7Km2