jack

Twitter co-founder Jack Dorsey's Bitcoin at Block will launch a free Bitcoin faucet, marking the return of Bitcoin faucets after 16 years. Jack Dorsey has disclosed the faucet site "btc.day" on the X platform.It is reported that the total distribution pool is approximately 1 million USD equivalent in BTC (about 15 BTC), funded by the Bitcoin treasury of Jack Dorsey's Block company.

DeFi lending protocol HypurrFi has issued a security warning, stating that its website domain has been compromised and is investigating a potential domain hijacking incident. The project team clearly stated: "Do not use the hypurr.fi domain," and reminded users to avoid interacting with the platform until further notice.The team also emphasized that currently, user funds are not at risk, and the official social media is still under control. HypurrFi operates on HyperEVM, with a total locked value of approximately $30 million. Analysis indicates that domain hijacking is one of the common attack methods in the cryptocurrency industry, where attackers typically implant malicious code or wallet theft programs by controlling the front-end page. Even if the underlying smart contracts themselves are secure, users may still face asset risks.

According to a warning from on-chain detective ZachXBT, the Discord link for Trust Wallet (discord[.]gg/trustwallet) has been hijacked by hackers and currently points to a phishing server.ZachXBT reminds users not to join through the Discord link in official channels such as the official website, Telegram, or blog to avoid asset loss.

DeFi project Steakhouse Financial disclosed yesterday that it encountered a phone social engineering attack targeting OVH Cloud, where the attacker changed the DNS A records of the main site and app subdomains to point to a malicious IP, and attempted to initiate a 5-day domain transfer. The related changes have been revoked, the DNS records have been cleared, and they are working with OVH to resolve the issue. All vaults and contracts were unaffected, depositor funds are safe, and no other service accounts were compromised. Please do not interact with the official website and emails until the issue is resolved; a detailed post-incident report will be released as soon as possible.Early this morning, Steakhouse Financial stated that during the period when the official website domain DNS records were cleared, the vault could still be accessed directly through Morpho, and all functions such as deposits and withdrawals were operating normally. Confirmation will be provided once the front end is restored.

According to CoinDesk, Square, led by Jack Dorsey, has begun automatically enabling Bitcoin payment features for millions of U.S. merchants, with transactions instantly converted to dollars at checkout. Merchants can receive Bitcoin without additional setup and do not bear the risks of price volatility and custody.This feature includes near-instant settlement and waives processing fees until 2026. Square stated that this is an important step in integrating Bitcoin into everyday business, with merchants defaulting to receive dollars without needing to change their accounting practices or hold crypto assets. It is reported that 78% of Square's users are from the U.S., while 22% are from international markets. Previously, PayPal launched the dollar-pegged stablecoin PYUSD to tens of thousands of users across its 70 global markets, promoting digital payment applications.

Hackers have launched Android malware attacks in Brazil by spoofing a phishing page that mimics the Google Play Store. Currently, all known victims are located in Brazil.The attackers set up a phishing website that closely resembles Google Play, enticing users to download a fake application called "INSS Reembolso." Once installed, the application releases hidden malicious code in stages and loads it directly into memory, leaving no visible files on the device, which makes it highly stealthy. One of the core functions of the malware is cryptocurrency mining, with an embedded XMRig mining program compiled for ARM devices that silently connects to the attacker's controlled mining server in the background. The program monitors battery level, temperature, and device usage status, dynamically adjusting mining behavior to evade detection, and bypasses Android's background process management mechanism by looping silent audio files.Some variants also include banking trojans that can overlay fake pages on the USDT transfer interface of Binance and Trust Wallet, silently replacing the recipient address. Additionally, the malware supports various remote control commands such as recording, screenshotting, keylogging, and remote locking of the device.

According to DL News, police in the Île-de-France region of France arrested two teenagers (aged 15 and 17) and a 35-year-old man, all suspected of carrying out two armed kidnappings targeting cryptocurrency holders on March 10 in the Île-de-France region.Reports indicate that the first incident occurred in the Essonne department in the southern suburbs of Paris, where the suspects, wearing masks and carrying small explosive devices, attempted to break into the home of a cryptocurrency holder but failed. About 30 minutes later, another incident took place in the Seine-et-Marne department, where the suspects successfully broke into the home of a female cryptocurrency holder, kidnapped her family, and stole jewelry; it has not been disclosed whether cryptocurrency assets were also stolen.The police subsequently tracked the suspects' vehicle, deploying about 100 armed special police officers and two police helicopters to pursue them, intercepting the vehicle after approximately 6 hours and discovering the stolen jewelry inside. Prosecutors have charged the three individuals with extortion, organized crime, armed robbery, property damage, and kidnapping. Currently, the 17-year-old suspect and the 35-year-old man are in custody awaiting trial, while the 15-year-old suspect is under judicial supervision, and prosecutors have appealed this decision.

Letsbonk.Fun founder Tom issued an urgent warning that the project's domain name has currently been hijacked by hackers. The hackers implanted an asset theft program (Drainer) at the domain level by controlling a team member's account. Tom advises all users not to visit or use any bonkfun-related domains until further notice to prevent asset loss.

The cybersecurity agency Moonlock Lab reports that crypto hackers have recently upgraded their "ClickFix" attack method, beginning to impersonate venture capital firms to contact target users through social platforms and lure them into executing malicious code to steal crypto assets.Attackers disguise themselves as fake venture capital firms such as SolidBit, MegaBit, and Lumax Capital, sending collaboration invitations via LinkedIn and guiding victims to fake Zoom or Google Meet meeting links. The pages embed a fake Cloudflare "I am not a robot" verification button, which, when clicked, copies malicious commands to the clipboard and tricks users into pasting and executing them in the terminal, thus completing the attack. Researchers point out that this method circumvents traditional security mechanisms by "making victims execute commands themselves."Meanwhile, hackers are also hijacking browser extensions to carry out attacks. John Tuckner, founder of cybersecurity company Annex Security, revealed that the Chrome extension QuickLens, after changing ownership on February 1, released a new version containing malicious scripts two weeks later, triggering ClickFix attacks and stealing user data. The extension had about 7,000 users and has since been removed from the store. Reports indicate that the hijacked extension scans crypto wallet data and mnemonic phrases, and scrapes Gmail content, YouTube channel data, and web login or payment information.

According to Cointelegraph, hackers are using the "ClickFix" attack method to steal cryptocurrencies, with the latest two attacks involving impersonating venture capital firms and hijacking browser extensions.Cybersecurity company Moonlock Lab reports that scammers impersonate fake VCs such as SolidBit, MegaBit, and Lumax Capital, contacting users via LinkedIn to offer collaboration opportunities, then directing them to click on fake Zoom and Google Meet links. After clicking the link, users are led to a page with a forged Cloudflare "I'm not a robot" verification box; clicking this box copies malicious commands to the clipboard and prompts users to open a terminal to paste the so-called verification code, thus executing the attack.Moonlock Lab points out that this method turns victims into execution mechanisms, bypassing defenses in the security industry. Meanwhile, hackers are also spreading malware by hijacking the Chrome extension QuickLens. This extension allows users to run Google Lens searches directly in the browser, and after ownership was transferred, the new version contains malicious scripts that can initiate ClickFix attacks and steal information.The extension has about 7,000 users, and once hijacked, it searches for cryptocurrency wallet data and recovery phrases to steal funds, as well as scraping Gmail inbox content, YouTube channel data, and login credentials or payment information entered in web forms. The extension has been removed from the Chrome Web Store. The ClickFix technique has been popular among hackers since last year, forcing victims to manually execute malicious payloads, affecting thousands of businesses and multiple industries worldwide.

In response to the community's statement that "the main reason for Block's layoffs is the over-hiring and mismanagement during the COVID-19 pandemic," former Twitter founder Jack Dorsey posted on the X platform, stating, "Yes, we over-hired due to mistakenly establishing two separate company structures (Square and Cash App) during the pandemic, but this issue has been corrected by mid-2024.However, this does not cover all the complexities we face in lending, banking, and BNPL. Our current goal is to achieve a gross profit of over $2 million per person, reaching four times the efficiency of pre-pandemic levels, which has remained at about $500,000 from 2019 to 2024. In fact, we operate a more efficient company than most."

The RWA tokenization platform OpenEden announced on X platform that it has fully restored DNS control over its official domain and its subdomains, and platform operations have returned to normal.OpenEden stated that its official website experienced unauthorized record modifications at the DNS level, leading to domain hijacking. After a joint investigation with security partners and infrastructure service providers, it was confirmed that this incident did not affect any smart contracts, internal systems were not compromised, core applications remain intact, and reserve assets were also unaffected. All reserve assets can be independently verified through Chainlink's Proof of Reserve, and measures to enhance domain and infrastructure security will be strengthened.

According to Cointelegraph, Jack Dorsey's Bitcoin payment company Block is undergoing a broader restructuring, and the company has begun notifying hundreds of employees that their positions may be cut during the annual performance review, with the layoff rate potentially reaching 10%.Block has launched a restructuring plan in 2024 aimed at improving efficiency and adjusting its product line, as the company is working to more closely integrate its peer-to-peer payment platform Cash App with its merchant services division Square.It is reported that Block plans to release its quarterly financial report on February 26. Analysts predict that Block's fourth-quarter profit will reach $403 million, with revenue expected to hit $6.25 billion.

ClawdBot (now renamed Moltbot) founder Peter Steinberger posted on social media that the issue of his GitHub account being hijacked has been resolved, and this issue only affected personal accounts, not organizational accounts. He specifically reminded users to be wary of about 20 impersonating X scam accounts.

According to 23pds, the Chief Information Security Officer of Slow Fog Technology, a new type of security vulnerability has emerged in the Snap Store application store on the Linux platform. Hackers are taking over application publisher accounts by hijacking expired domain names and embedding malicious code into cryptocurrency wallet applications.Attackers monitor and register developer accounts in the Snap Store associated with expired domain names, using these domain emails to trigger password resets, thereby taking over the established publisher identity with long-term credibility. The tampered applications disguise themselves as well-known cryptocurrency wallets such as Exodus, Ledger Live, or Trust Wallet, with interfaces nearly indistinguishable from the originals.Currently, it has been confirmed that the publisher domains storewise[.]tech and vagueentertainment[.]com have been hijacked. These malicious applications lure users into entering their "wallet recovery mnemonic." Once users submit this information, sensitive data will be sent to the attackers' servers, resulting in the theft of digital assets.

According to BitcoinMagazine, renowned singer Teyana Taylor wore a jacket featuring the name of Bitcoin's anonymous founder Satoshi Nakamoto after winning the Best Supporting Actress at the 2026 Golden Globe Awards.

He Yi posted on the X platform stating that his WeChat account has been hijacked, as the old phone number linked to it has been reactivated by someone else, and the account cannot be recovered at the moment.

According to Slow Mist's Yu Sin, some users may not have received the Monad airdrop and are advised to check whether the wallet address bound on the airdrop claim page claim.monad.xyz is the expected address.Yu Sin stated that if the bound address is not what the user expected, they may have encountered a similar issue as user Onefly (@Onefly) — the wallet address was bound to a hacker's address, causing the official airdrop to be sent to the hacker. Yu Sin revealed that a white hat hacker had previously synced a related vulnerability with him, which has a prerequisite: if someone hijacks the user's session on the Monad airdrop claim page, they can change the claim wallet address without further confirmation.

Regarding the rumor that "Jackie Chan will play Zhao Changpeng in the upcoming Netflix biographical documentary 'King of Cryptocurrency'," Zhao Changpeng denied it, stating: "This is false. I like Jackie Chan, but he is already 71 years old. Let him be! I am still working hard to finish this book. The last 5% of the editing always takes 95% of the time."