커뮤니티

On July 15, 2025, Arcadia Finance became the latest DeFi project to fall victim to a smart contract exploit, resulting in the loss of $3.5 million in user funds. Here’s what happened, how the attacker executed the hack, and what it means for the DeFi space going forward.🚨 What Happened?In the early hours of July 15, an attacker exploited a critical vulnerability in Arcadia Finance’s Rebalancer contract, a tool that allows users to manage asset allocations across their portfolio.Within minutes, the attacker drained approximately $2.5 million in stablecoins and other assets from Arcadia’s Base protocol vaults. Shortly after, a second attack followed, stealing an additional $1 million, bringing the total losses to over $3.5 million.🧠 How the Exploit WorkedThe exploit originated from a flaw in the swapData parameter of the Rebalancer contract.The attacker passed arbitrary and malicious data into swapData.This allowed the attacker to bypass validation checks and trigger unauthorized fund movements.A custom malicious contract executed the swap, draining user vaults in under one minute.🦹 Attacker Wallets & Fund MovementsThe key wallet involved in the exploit:0x0fa54E967a9CC5DF2af38BAbC376c91a29878615Image 1 Source from EtherscanFunds were bridged from Base Mainnet to ETH MainnetAs of today, ETH remains at this wallet and no further movement initiated. ✅ Final ThoughtsThe Arcadia hack underscores a painful truth: DeFi remains vulnerable without robust testing, on-chain monitoring, and swift incident response. As attackers grow more sophisticated, protocols must prioritize security as a feature, not an afterthought.Stay safe. Revoke unnecessary permissions. And keep your eyes on the chain.

it's been while since i can't login talken app, when i saw there has some lovely chainbounty in my wallet. Pretty cool keep it up!

What is join chainbounty and earn reward

The crypto world just got hit with another stealthy threat—this time targeting unsuspecting Firefox users through malicious wallet extensions.More than 40 fake Firefox extensions mimicking popular crypto wallets have been discovered since April 2025. These fraudulent add-ons, found directly on the Firefox Add-ons store, aren’t just phishing scams, they’re sophisticated clones capable of stealing private keys and draining entire wallets.🔍 The Deception: Looks Real, Acts EvilThe attackers didn’t build these fake extensions from scratch. Instead, they forked open-source code from legitimate wallets, like MetaMask, Phantom, Trust Wallet, OKX, Bitget, and Coinbase Wallet, and injected malicious scripts designed to silently steal user data.To make things worse, the extensions:• Used identical names and logos• Were stuffed with fake 5-star reviews• In some cases, were signed with valid Mozilla developer accountsThese wallet clones were nearly indistinguishable from the real thing. And once installed, they watched for one thing: your seed phrase.🧠 How the Attack WorksOnce a victim pastes a seed phrase or private key into the fake extension interface, it’s game over.These fake extensions:• Monitor inputs over 30 characters (typical of seed phrases)• Immediately exfiltrate them to attacker-controlled servers• Also log the user’s IP address, likely for geographic targeting🇷🇺 Who’s Behind It?Investigators found Russian-language comments in the code and metadata tied to Russian-speaking actors, although attribution is not conclusive.The infrastructure behind the scam was impressively organized:• Hosting on bulletproof VPS providers• Constantly rotating domain names• Multiple versions pushed across dozens of wallets and language localizationsThis wasn’t a quick smash-and-grab. It was an industrial-scale operation.🧯 Mozilla’s ResponseMozilla has begun purging these fake extensions, but new ones keep popping up. As of July 2025, many remain live on the Add-ons store, making this a whack-a-mole nightmare for security teams.Mozilla stated that it is:• Using automated scanning tools• Relying on user reports• Tightening vetting procedures for crypto-related extensionsBut clearly, more must be done.🛡️ What You Can Do NowIf you use Firefox for crypto-related activity, pause and reassess your security posture. Here's what I recommend:🔐 Action Why It MattersAvoid browser wallet extensions Especially on Firefox, until the dust settles. Use mobile apps or official websites.Install only from verified sources Check the publisher name and history. Don't trust reviews alone.Enable 2FA everywhere Adds a critical second layer to access.Use cold storage for large holdings If it’s not online, it can’t be drained.Report suspicious extensions Help Mozilla remove threats faster.🧰 Free Tool to Check for Scam WalletsAt scamhunter.ai, we’re fighting crypto scams head-on. Uppsala Security offers a free tool to:• Scan suspicious wallet addresses• View scam reports• Flag stolen assetsYou can try it free twice a day. Just paste in a wallet address and we’ll show you what we know.🚨 Final ThoughtsThis latest wave of wallet-cloning extensions on Firefox is a wake-up call for the crypto industry. Browser-based wallets are convenient, but they also open up new attack surfaces.As always in crypto, convenience must be balanced with paranoia. Double-check everything. Trust no extension blindly. And if you’ve ever typed a seed phrase into an extension, you should migrate your funds now.The attackers are evolving. So must our defenses.Stay safe, stay skeptical.

Close or ongoing bounty point.

CBP 모은거 전환하지 하루가 다 되어가는데왜 아직도 지갑에 체인바운티 입금 안돼죠?

🕺 [AMA] 10분 뒤 : 한국에 어서오너라 ECLIPSE- 일시: 오늘밤 11시- 장소: 코인같이투자 스페이스- 손님: Nate, CMO of Eclipse이제 체커도 나오고 재단도 설립한 이클립스가 곧 한국을 온다길래 AMA 스케쥴을 잡았습니다. 여러가지 궁금해 할 사안들과 이클립스가 그동안 어떤 것을 해왔는지에 대해 묻는 시간을 가질 예정이니 이클립스 원령들은 많은 참여 부탁드립니다!📂 이벤트: 스페이스 공지 원문 Like RT: 인증샷 방에 스페이스 참여 인증샷 제출: 구글폼 작성상품: 커피 100잔 + 혹시 모를 스페셜 리워드나중에 만나요~

BTC up to $150000 or not

아비트럼 이더리움만 충분히보유하고 있으면 되네요

브릿지 이용해봤는데 됩니다클레임까지 되는지는 봐야겠네요