Community
Contribute by sharing insights and tips to strengthen the community.
Category
What is join chainbounty and earn reward
The crypto world just got hit with another stealthy threat—this time targeting unsuspecting Firefox users through malicious wallet extensions.More than 40 fake Firefox extensions mimicking popular crypto wallets have been discovered since April 2025. These fraudulent add-ons, found directly on the Firefox Add-ons store, aren’t just phishing scams, they’re sophisticated clones capable of stealing private keys and draining entire wallets.🔍 The Deception: Looks Real, Acts EvilThe attackers didn’t build these fake extensions from scratch. Instead, they forked open-source code from legitimate wallets, like MetaMask, Phantom, Trust Wallet, OKX, Bitget, and Coinbase Wallet, and injected malicious scripts designed to silently steal user data.To make things worse, the extensions:• Used identical names and logos• Were stuffed with fake 5-star reviews• In some cases, were signed with valid Mozilla developer accountsThese wallet clones were nearly indistinguishable from the real thing. And once installed, they watched for one thing: your seed phrase.🧠 How the Attack WorksOnce a victim pastes a seed phrase or private key into the fake extension interface, it’s game over.These fake extensions:• Monitor inputs over 30 characters (typical of seed phrases)• Immediately exfiltrate them to attacker-controlled servers• Also log the user’s IP address, likely for geographic targeting🇷🇺 Who’s Behind It?Investigators found Russian-language comments in the code and metadata tied to Russian-speaking actors, although attribution is not conclusive.The infrastructure behind the scam was impressively organized:• Hosting on bulletproof VPS providers• Constantly rotating domain names• Multiple versions pushed across dozens of wallets and language localizationsThis wasn’t a quick smash-and-grab. It was an industrial-scale operation.🧯 Mozilla’s ResponseMozilla has begun purging these fake extensions, but new ones keep popping up. As of July 2025, many remain live on the Add-ons store, making this a whack-a-mole nightmare for security teams.Mozilla stated that it is:• Using automated scanning tools• Relying on user reports• Tightening vetting procedures for crypto-related extensionsBut clearly, more must be done.🛡️ What You Can Do NowIf you use Firefox for crypto-related activity, pause and reassess your security posture. Here's what I recommend:🔐 Action Why It MattersAvoid browser wallet extensions Especially on Firefox, until the dust settles. Use mobile apps or official websites.Install only from verified sources Check the publisher name and history. Don't trust reviews alone.Enable 2FA everywhere Adds a critical second layer to access.Use cold storage for large holdings If it’s not online, it can’t be drained.Report suspicious extensions Help Mozilla remove threats faster.🧰 Free Tool to Check for Scam WalletsAt scamhunter.ai, we’re fighting crypto scams head-on. Uppsala Security offers a free tool to:• Scan suspicious wallet addresses• View scam reports• Flag stolen assetsYou can try it free twice a day. Just paste in a wallet address and we’ll show you what we know.🚨 Final ThoughtsThis latest wave of wallet-cloning extensions on Firefox is a wake-up call for the crypto industry. Browser-based wallets are convenient, but they also open up new attack surfaces.As always in crypto, convenience must be balanced with paranoia. Double-check everything. Trust no extension blindly. And if you’ve ever typed a seed phrase into an extension, you should migrate your funds now.The attackers are evolving. So must our defenses.Stay safe, stay skeptical.
CBP 모은거 전환하지 하루가 다 되어가는데왜 아직도 지갑에 체인바운티 입금 안돼죠?
🕺 [AMA] 10분 뒤 : 한국에 어서오너라 ECLIPSE- 일시: 오늘밤 11시- 장소: 코인같이투자 스페이스- 손님: Nate, CMO of Eclipse이제 체커도 나오고 재단도 설립한 이클립스가 곧 한국을 온다길래 AMA 스케쥴을 잡았습니다. 여러가지 궁금해 할 사안들과 이클립스가 그동안 어떤 것을 해왔는지에 대해 묻는 시간을 가질 예정이니 이클립스 원령들은 많은 참여 부탁드립니다!📂 이벤트: 스페이스 공지 원문 Like RT: 인증샷 방에 스페이스 참여 인증샷 제출: 구글폼 작성상품: 커피 100잔 + 혹시 모를 스페셜 리워드나중에 만나요~
브릿지 이용해봤는데 됩니다클레임까지 되는지는 봐야겠네요
On June 26, 2025, ResupplyFi—a decentralized stablecoin and lending protocol—became the latest victim in a string of DeFi price manipulation attacks, losing an estimated $9.6 million from its wstUSR lending market.But this wasn’t a typical exploit. This was a surgical, precision-driven manipulation that started with just 1 wei and ended in millions.Here’s how it happened, why it worked, and what this means for the future of DeFi.🧨 The Attack at a Glance• Target: ResupplyFi’s wstUSR market• Method: Oracle manipulation via ERC-4626 vault logic bug• Funds lost: ~$9.6 million in reUSD• Exploited function: _updateExchangeRate() in ResupplyPair contract• Timeline: Single transaction drain within minutes🛠️ How the Exploit WorkedAt the heart of the attack was a poorly designed exchange rate oracle within ResupplyFi’s vault contract. Specifically, the exchangeRate was derived using a value called pricePerShare, common in ERC 4626 vaults.But here’s the catch:➤ The attacker deposited 1 wei into an almost empty vault.This gave them control over how the vault's pricePerShare would respond to subsequent “donations.”➤ Then, they made a large “donation” to the vault.This artificially inflated the share price, skewing the oracle rate. Because of a logic flaw, the protocol calculated the exchangeRate as 0, tricking the system into thinking the collateral was worthless.➤ Result:The attacker borrowed $10 million worth of reUSD against 0 value collateral.⚠️ What Went Wrong?• Broken Oracle Assumptions: The system trusted pricePerShare as a real-world oracle without validation.• No Lower Bound Check: Allowing exchangeRate to drop to zero effectively bypassed the collateralization check.• Missing Guardrails: There were no sanity limits on extreme values coming from vault math.💸 The Drain & LaunderingThe attacker didn’t stick around.They quickly converted stolen reUSD into ETH Funds are now sitting at 0x886f786618623fffb2be59830a47661ae6492e160x31129a5c13306a48e827e851d44e19ca07d4928a🧠 Lessons for the DeFi WorldThis hack joins a growing list of oracle manipulation exploits where DeFi protocols underestimate how easily “trusted” math can be gamed in low-liquidity or edge-case scenarios.✅ Key takeaways for builders:• Never trust raw vault math without bounds.• Validate pricePerShare with a circuit breaker or floor value.• Use multiple oracles for redundancy.• Simulate edge cases with small deposits in testing environments.🗣️ Final ThoughtsThe ResupplyFi exploit is another reminder that a single wei, when paired with flawed logic, can dismantle an entire system.As DeFi continues to innovate, we must slow down and ensure that core primitives like oracles, vaults, and pricing logic are built with security-first principles.If not, there will always be someone waiting to turn one wei into one more heist.
On an ordinary Thursday evening, thousands of crypto users did what they always do, visit CoinMarketCap to check token prices, track trends, and explore new projects. Everything seemed fine. The homepage loaded normally, complete with its signature doodle graphic at the top.But hidden behind that seemingly harmless doodle… was a trap.A highly targeted, well-executed supply-chain attack was underway, and most visitors had no idea.🎭 A Familiar Prompt, A Dangerous IllusionAs users scrolled the CoinMarketCap homepage, something popped up:“Connect your Wallet to Continue.”It looked legitimate. A clean interface mimicking WalletConnect.Many users, conditioned by countless previous wallet interactions, didn’t think twice.They clicked.Within seconds, wallets were drained.SOL, XRP, obscure meme tokens, and more, gone.🔍 Unmasking the AttackThis wasn’t a server breach. There were no leaks, no brute-force logins, and no malware downloads.Instead, the attackers found a smarter way in, through the frontend.They exploited a third-party image API used by CoinMarketCap to load its doodle. That API was silently compromised. When CoinMarketCap called it, it returned not just the image… but also malicious JavaScript code.That code injected the fake wallet prompt right into the homepage, all within the browser.Users never left the site. But their crypto left their wallets.💸 The AftermathWithin 24 hours:• 110+ wallets were compromised• At least $43,000 in funds were stolen• Tokens included $SOL, $XRP, $EVT, $PENGU, $SHDW, and others• The attacker used a tool known as Inferno Drainer, a wallet-draining-as-a-service platform growing in popularityThis wasn’t the first time Inferno Drainer was seen in action. But using CoinMarketCap’s trusted brand and homepage as the delivery vector? That was bold.And most importantly:The funds were traced to the drainer wallet:• 0x8a2983f358a03c6DB9c47a70e944368D4De77820• 0x030703e1EB18355a794F3f034Fe63959F8640D33This address received tokens from victims across multiple chains. You can see the wallet’s on-chain activity, including token swaps and consolidation behavior — classic drainer operation.Other IOCs involved• 0x000037bB05B2CeF17c6469f4BcDb198826Ce0000• 0x0000553F880fFA3728b290e04E819053A3590000• www.cdnkit[.]io• https://static.cdnkit[.]io• blockassets[.]app🛡️ CoinMarketCap’s ResponseTo their credit, CoinMarketCap reacted quickly:• ✅ The fake pop-up was immediately removed• 🔧 The third-party API was patched• 🛑 No backend servers or databases were breached• 🤝 Most importantly, CoinMarketCap committed to reimbursing affected usersThey also stated they are reinforcing internal controls and reviewing all external integrations.🧠 Lessons LearnedThis wasn’t a smart contract exploit.It was an exploit of trust, using a familiar interface, a trusted website, and user habits as the entry point.The most dangerous scams aren’t always flashy. This one worked because it looked normal.Even trusted platforms like CoinMarketCap can be used as vectors in supply-chain attacks.✅ How to Protect Yourself Going ForwardHere’s what you can do right now to reduce your risk:1. Don’t approve wallet prompts you didn’t expect.2. Review token approvals regularly with tools like Revoke.cash.3. Use browser extensions that detect wallet drainers (e.g., Wallet Guard, Scam Sniffer).4. Bookmark official dApps and avoid interacting with wallet pop-ups on informational sites.5. Always double-check transactions before signing.🧵 Final ThoughtsThe CoinMarketCap incident wasn’t the biggest crypto exploit by dollar amount—but it was one of the most deceptive.It showed us how fragile the frontend trust layer can be in Web3.As users and builders, we must recognize that security isn’t just about smart contracts. It’s about interfaces. Dependencies. And habits.The drainer wallet may be just one address.But the lesson it leaves behind affects millions.Stay sharp.Stay sovereign.And never blindly click "Connect Wallet."If this helped you or your community, consider sharing it to raise awareness. Security is a shared responsibility in Web3.#CoinMarketCap #Web3Security #WalletDrainer #CryptoScams #InfernoDrainer #Phishing #CryptoNews
Become an Investigator
