security

According to official news, Aave Labs has released the complete transparency report of the Aave V4 security program, including methods, processes, and results, endorsed by several security agencies such as Trail of Bits, Blackthorn, and Certora.Through manual audits, formal verification, invariant testing, fuzz testing, and public security competitions, approximately 345 days of security reviews have been conducted. The program is supported by a dedicated security budget of $1.5 million approved by the DAO.Aave Labs announced that it will continue five core commitments from the Aave V4 security program: embedding formal verification in the early development stages to ensure that architectural design is guided by secure methodologies rather than just verification; adopting a layered security approach, including manual reviews, formal verification, invariant testing, AI-assisted checks, fuzz testing, and public security competitions to cover more potential vulnerabilities; maintaining continuous security coverage, with formal verification frameworks and invariant testing suites running continuously alongside protocol iterations; establishing a long-term bug bounty program to leverage a broader security community for ongoing monitoring; and optimizing AI scanning capabilities to continuously enhance the level of intelligent security detection in future versions based on existing testing experiences.

The world's second-largest cryptocurrency exchange by trading volume, Bybit, today officially announced the comprehensive results of its 2025 Security Initiative. Bybit has built an industry-leading multi-layer defense architecture, successfully protecting the safety of tens of thousands of users and setting a new benchmark for proactive risk control in the digital asset space. According to a report by Chainalysis, global cryptocurrency losses due to scams and fraud reached as high as $17 billion in 2025.Redefining Industry Standards: Three-Tier Withdrawal Fraud Defense FrameworkTo break through the limitations of traditional post-event remediation in risk control, Bybit has pioneered a dynamic risk grading protection system that intervenes proactively before financial losses occur. This system categorizes potential fraud scenarios into three risk levels, each matched with differentiated response strategies—ensuring user withdrawal safety while maintaining a smooth trading experience on the platform.Level 1: Early Warning (Low Risk)Leveraging big data heuristic algorithms to identify abnormal behavior patterns (e.g., large withdrawals concentrated to a single new address), Bybit automatically triggers a risk questionnaire survey. Relevant insights assist the risk control operations team in blacklisting high-risk addresses in advance, achieving source interception.Level 2: Real-Time Warning (Medium Risk)When an account is flagged due to database breaches (cross-referencing external network leak data) or associated with suspicious withdrawal addresses, Bybit will trigger a real-time pop-up reminder during the withdrawal process. This mechanism guides users to pause operations and review transaction details, effectively resisting social engineering attacks that rely on urgency or emotional pressure.Level 3: Instant Interception + Cooling-Off Period (High Risk)For wallet addresses confirmed to be involved in fraud (including so-called "pig-butchering" investment scams), Bybit implements real-time withdrawal interception and enforces a 1-hour cooling-off period mechanism. This critical time window provides users with essential assurance to regain rational judgment and verify the authenticity of transactions.Overview of 2025 Achievements and Core DataThe measures implemented in the fourth quarter of 2025 have brought breakthrough results in user safety protection:Q4 Fraudulent Fund Interception and Recovery: Bybit successfully intercepted and recovered $300 million through proactive reminders, safeguarding the life savings of over 4,000 users;Q4 AI-Driven Risk Identification: Bybit's self-developed AI algorithm accurately identified 350 high-risk investment scam addresses through on-chain data analysis, helping 8,000 users avoid potential withdrawal losses;2025 Annual Infrastructure Resilience: The platform successfully withstood over 3 million hacker database breach (account hijacking) attacks;Q4 On-Chain Proactive Monitoring: The system automatically flagged 350 risk addresses, and the ticket operations team manually reviewed and marked 600 addresses, cumulatively avoiding nearly $1 million in immediate fraud losses.Co-Building a Safe Ecosystem: Industry Collaboration and Government-Enterprise LinkageBybit firmly believes that safety should not be a competitive barrier but a shared responsibility across the industry. The strategic focus for 2025 is on deep integration of external intelligence:"In 2025, our mission is to upgrade the risk control system from a 'silent shield' to a proactive, intelligent safety guardian," said David Zong, Head of Risk Control at Bybit Group. "By deeply integrating AI-driven on-chain monitoring with real-time intelligence from industry partners like TRM, Elliptic, and Chainalysis, we not only protect Bybit users but also help map the 'genetic blueprint' of fraud networks. We are opening and sharing these standardized monitoring clues across the entire ecosystem—because the safety of the industry begins with the safety of each participant."

The chairman of Iran's Security Council, Larijani, stated that Iran will not negotiate with the United States.

According to market news, due to the sudden escalation of geopolitical tensions in the Middle East, Binance has issued an internal security announcement requiring all employees in the UAE to immediately avoid outdoor activities and stay in safe indoor areas.Recently, Iran launched ballistic missiles towards Israeli/U.S. military targets, some of which flew over or were aimed at the UAE. Although most were intercepted by air defense systems, the UAE government issued an emergency safety alert to all residents early this morning.

According to CertiK statistics, the total losses due to vulnerabilities in all security incidents in the cryptocurrency sector in February have been confirmed to be approximately $35.7 million, of which about $8.5 million is attributed to phishing attacks. This figure is the lowest monthly loss amount since March 2025.

According to Iranian media reports on February 28, the Supreme National Security Council of Iran issued Announcement No. 1 stating that the Iranian armed forces have firmly responded to the military actions of the United States and Israel.

Ethereum co-founder Vitalik Buterin released the "Quantum Roadmap" this Thursday, proposing several improvement plans to address blockchain quantum security vulnerabilities, including hash signatures, recursive STARKs, native account abstraction, and protocol-level signature aggregation. The core goal is to replace the currently vulnerable ECDSA encryption architecture.Among these, the "frame transactions" proposal has been included in the discussion agenda for the Ethereum upgrade version Hegota, expected to be launched in the second half of 2026, with hopes of implementation within this year. Vitalik warned last November that quantum computers could break Ethereum's existing security model by 2028.The Ethereum Foundation has established a special post-quantum team, set up a $1 million bounty, and initiated bi-weekly technical seminars. Researcher Justin Drake emphasized that in a highly decentralized ecosystem, formulating a binding "official roadmap" is actually not feasible.

Cactus Custody announced that its self-custody MPC (Multi-Party Computation) solution is officially launched. As a custody brand under Matrixport, Cactus holds a Hong Kong Trust TCSP license and has served numerous industry-renowned clients such as RedotPay, Fosun Wealth Holdings, and TDTC.As the Web3 industry matures, institutional clients are increasingly inclined to gain autonomy in custody while demanding the robust security infrastructure provided by third-party custodians. Cactus Custody's MPC solution cleverly bridges this gap by combining cutting-edge Intel SGX TEE (Trusted Execution Environment) with an institution-centric risk management engine.The core security cornerstone of the platform is the advanced MPC-TSS (Threshold Signature Scheme). Through this technology, private key shards are independently generated by multiple parties and jointly managed by devices controlled by Cactus and the clients. This architecture effectively eliminates the risk of "single points of failure," ensuring that no party can unilaterally transfer funds, thereby providing clients with absolute asset sovereignty and peace of mind.Cactus Custody CEO Daniel Lee commented, "Our new MPC solution is designed for institutions that prefer to manage assets directly while requiring secure and compliant infrastructure. By providing a compliant, flexible, and secure platform, we empower clients to flexibly and fully autonomously scale their digital asset businesses."

Account abstraction wallet Holdstation has confirmed that a security incident occurred recently with its product. The extent and impact are still being assessed, and the team is actively investigating.The official team will notify affected users as soon as possible and asks everyone to remain calm and patiently await the latest updates and remedial steps. Meanwhile, Holdstation advises users to transfer their assets to a secure wallet to protect their funds.

Hackers are stealing cryptocurrency users' assets by placing fake Windows 11 update ads on Facebook. These ads use professional Microsoft branding and, when clicked by users, lead to a cloned Microsoft website where malware is subsequently downloaded.The malware installs a framework called "LunarApplication" on the victim's computer, specifically designed to steal cryptocurrency wallet seed phrases, login credentials, and other sensitive information. Hackers use geofencing technology to bypass data center IP addresses, preventing automated scanners from detecting the attack.

The Chair of the UK's National Security Council, Matt Western, has called for an urgent temporary ban on political donations in cryptocurrency to prevent foreign interference in UK elections. Matt Western stated that such donations need to be suspended until the risks associated with cryptocurrency donations (including thorough checks on the sources of funds) are addressed.The committee also called for a review of sentencing for electoral offenses, believing that deterrence needs to be strengthened. Western has written to the Cabinet Minister responsible for election finance, Steve Reed, requesting immediate action—previously, the new election bill did not include provisions to restrict cryptocurrency donations.Earlier this year, the Reform UK party became the first to express acceptance of digital currency donations, reportedly receiving its first registrable cryptocurrency donations and establishing a dedicated crypto portal. In his letter, Western expressed concern that, given the deteriorating global security environment, the intent of foreign interference in UK political finance may intensify before the next election.

According to Cointelegraph, Ethereum co-founder Vitalik Buterin posted on the X platform on Sunday, suggesting improvements to the security and user experience of Ethereum wallets and smart contracts by introducing mechanisms such as "transaction simulation."Vitalik believes that security and user experience are not mutually exclusive areas; both revolve around user intent, with the core focus on ensuring that the operations executed by the protocol align with user expectations. His proposed "intent safety" solution includes: allowing users to view the simulated results of an operation before executing it on-chain, and then choosing to confirm or cancel; additionally, introducing spending limits and multi-signature approval mechanisms, allowing execution only when the user intent, expected results, and risk limits are all aligned, thereby lowering the threshold for low-risk operations while increasing the difficulty of executing risky operations.Vitalik also pointed out that defining user intent is inherently complex, which is the fundamental reason why there is no perfect security solution. It is not due to flaws in machines or designers, but rather that user intent itself is a complex object that users find difficult to grasp clearly. He stated that a common feature of excellent security solutions is that they allow users to express intent in multiple corroborative ways, with the system executing operations only when these expressions are consistent with each other.

According to CNBC, dozens of Democratic members of the U.S. House of Representatives sent a letter to Treasury Secretary Yellen on Thursday, requesting an investigation into potential conflicts of interest and national security issues related to the Trump family's cryptocurrency project, World Liberty Financial. The letter was led by New York Democratic Congressman Gregory Meeks and was co-signed by 40 other lawmakers.Meeks referred to Yellen as Trump's "follower" during a hearing and questioned the $500 million investment by members of the UAE royal family in World Liberty Financial last year. In a statement released with the letter, Meeks said, "The $500 million transaction involving the Trump family and the UAE royal family not only concerns national financial stability but also involves serious national security implications." At the time of the request for an investigation, World Liberty Financial was applying for a national bank charter. This charter is reviewed and issued by the Office of the Comptroller of the Currency, an independent agency under the U.S. Treasury responsible for regulating the banking industry.

Balancer announced on platform X that it has received a security report regarding Balancer's reCLAMM (rebalanced concentrated liquidity AMM) submitted by the bug bounty platform Immunefi.As a precautionary measure, Balancer has suspended the operation of the relevant liquidity pools during the investigation. User funds are currently safe and fully accessible, and further updates will be continuously announced.

According to The Block, OpenAI has announced a partnership with the crypto investment firm Paradigm to launch EVMbench, aimed at assessing the capabilities of AI Agents in the field of smart contract security, including the identification, patching, and exploitation of high-risk vulnerabilities.Both parties stated that as AI improves its capabilities in code writing and execution, it can be exploited by attackers but can also serve as a defensive tool. Therefore, it is necessary to test the security capabilities of AI systems in environments with real economic significance. EVMbench will provide various testing modes, including vulnerability detection, contract modification, elimination of exploitability, and simulating complete attack processes in a sandbox chain environment.At the launch of this tool, the DeFi protocol Moonwell and the cross-chain liquidity protocol CrossCurve have recently encountered smart contract vulnerability attacks, raising concerns about AI-assisted code security. EVMbench is reportedly built on 120 selected vulnerability samples, covering multiple public audits and competition cases.Industry analysts believe that as AI technology advances, the threshold for identifying smart contract vulnerabilities may further decrease, and the game between security defense and attack capabilities is accelerating.

According to FinanceFeeds, two Democratic senators have written to Treasury Secretary Scott Bancenet, requesting an assessment of whether the UAE government's affiliated entity's $500 million investment in the cryptocurrency company World Liberty Financial should undergo a national security review by the Committee on Foreign Investment in the United States (CFIUS).The committee, led by the Treasury Department, is responsible for reviewing foreign investment transactions that may involve sensitive technologies or data. According to a previous report by The Wall Street Journal, G42, supported by Abu Dhabi royal family member Sheikh Tahnoon bin Zayed, acquired a 49% stake in World Liberty Financial through an entity named Aryam Investment 1. The report indicated that some of the funds flowed to the Trump family and its affiliates. The Trump camp denied any knowledge of this. Senators Elizabeth Warren and Angus King questioned in their letter whether the deal could allow a foreign government access to user data and mentioned G42's past collaborations with Chinese companies. They requested the Treasury Department to clarify by March 5 whether a review process has been initiated or if a recommendation has been made to the president.World Liberty Financial is the issuer of the stablecoin USD1, which has circulated over $5 billion since its launch in March 2025. The company lists Trump and his Middle East envoy Steve Witkoff as honorary co-founders. A company spokesperson previously stated that the two were not involved in the UAE-related transactions.

CoinW recently issued an official announcement reminding that a scam activity involving fake websites and mobile applications (Apps) has been detected. The scammers maliciously impersonated CoinW's name, graphics, logo, and brand image.The scammers targeted potential victims through publicly available information on the internet and social media platforms like LinkedIn. They used the victims' social profiles to verify their locations and establish initial contact, subsequently luring users to move the communication to Telegram. Scammers commonly employ manipulative tactics (including fabricating "luxurious lifestyle" stories) to deceive victims into transferring cryptocurrency to wallet addresses under their control. CoinW solemnly reminds: please be sure to access the official website or download the app through official channels. If you have doubts about the source of information, please contact the CoinW legal team for verification immediately. If you discover suspicious websites or counterfeit applications, please stop all operations and report them to the official channels. CoinW stated that it will continue to strengthen the construction of its security and risk control system, maintain a safe, fair, and transparent trading environment, and firmly support global anti-fraud, anti-money laundering, and sanctions compliance efforts.

According to Cointelegraph, Mandiant, a U.S. cybersecurity company affiliated with Google Cloud, has discovered that a North Korea-linked threat organization is intensifying social engineering attacks against cryptocurrency and fintech companies.The threat group, codenamed UNC1069, has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings.Mandiant has been tracking this organization since 2018, but advancements in artificial intelligence have helped the group expand its malicious activities since November 2025. In one intrusion incident, the attackers used a stolen Telegram account of a cryptocurrency founder to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.

According to Cointelegraph, Mandiant, a U.S. cybersecurity company affiliated with Google Cloud, has discovered that a North Korea-linked threat organization is intensifying social engineering attacks against cryptocurrency and fintech companies.The threat group, codenamed UNC1069, has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings.Mandiant has been tracking this organization since 2018, but advancements in artificial intelligence have helped the group scale up its malicious activities since November 2025. In one intrusion incident, the attackers used a stolen Telegram account of a cryptocurrency founder to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.