leak

According to Marketscreener, Swedish Economic Crime Authority prosecutor Jonas Myrdal stated that the early leak of news on social platform X regarding Sivers Semiconductors (SIVE) considering a dual listing in the U.S., which was officially confirmed by the company about 48 hours later, is not a coincidence and is highly likely to involve information leakage.Jonas Myrdal pointed out that the relevant information was published and continuously promoted on the X platform by an anonymous account with about 200,000 followers before the official disclosure, which subsequently led to a significant increase in the company's stock price within a short period. This pattern of behavior is similar to a previous case involving "pump-and-dump" manipulation, in which three individuals were convicted of serious market manipulation. He further suggested that the Nasdaq exchange should investigate this incident and assess whether there are violations of the EU Market Abuse Regulation (MAR). Currently, the source of the information leak is still under investigation.Previously, the "new stock god" Serenity posted on the X platform, seemingly "calling" Sivers, and expressed an optimistic outlook after further reviewing the latest earnings call content of Sivers Semiconductors. The company's management stated that "viewing ecological partners as competitors is not the correct mindset in a super cycle where demand far exceeds supply," reflecting the current strong demand in the photonics industry. Additionally, the photonics business pipeline has rapidly grown over the past five months, driving an overall revenue pipeline increase of 77%.

Superfortune, incubated by Manta, recently released an update on the X platform regarding a security incident, stating that the attack was not carried out by internal personnel and that no team members were involved. The claim about the team secretly selling tokens is incorrect. The team has also not had any contact with Web3Port.The investigation confirmed that the attack was not due to address poisoning, but rather a leak of the signer's private key. The attacker independently held the private key and submitted a transaction with a forged address 43 minutes after the correct transaction. The forged address shares the first and last four characters with the correct address (starting with 0x70AE and ending with 5C15) to disguise itself in the Safe interface preview. The stolen funds are fully traceable and are currently stored in three cold wallets on Ethereum, containing approximately 2784 ETH, along with about 170,000 USDT that were cross-chain transferred out.The attacker also created a large number of counterfeit addresses and sent false transfer events to these addresses using Unicode-forged token symbols in an attempt to confuse tracking. This counterfeit address construction technique is the same as the method used when attacking this project. The attacker had pre-built a large-scale infrastructure, indicating that this was an industrialized operation rather than an opportunistic attack.

According to on-chain data, the private key of the StakeDAO deployer was leaked on Arbitrum, and the attacker minted approximately 54.5 trillion vsdCRV, partially exchanging it for 43.7 ETH.

According to Polymarket's Vice President of Engineering Josh Stevens, with the assistance of ZachXBT, BitcoinVN, and ChangeNOW, $164,000 in funds have been frozen in the Polymarket private key leak incident, accounting for approximately 28.6% of the total amount transferred, which is $573,200. Josh stated that this incident did not affect Polymarket or the UMA smart contract, user funds are safe, and the platform is operating normally. Investigations show that the incident originated from a private key that had existed for about 6 years, which was used for internal recharge configuration, leading to funds being continuously sent to the affected address. The relevant team is continuing to track the flow of the remaining stolen funds.

Polymarket staff Shantikiran Chanal posted on platform X that they have noted a security report related to reward distribution, and user funds and market settlements are in a secure state. The investigation points to a wallet used for internal operations experiencing a private key leak, rather than an issue with the contract or core infrastructure. More updates will be released later.Previously, ZachXBT stated that the Polymarket UMA CTF Adapter contract was suspected to have been attacked on Polygon, with over $520,000 currently leaked.

According to TechCrunch, Trump Mobile has been reported to have a user data breach involving personal information such as customer email addresses and mailing addresses, which is still accessible online.YouTube creators Coffeezilla and penguinz0 stated that after ordering the Trump Gold T1 phone, they received alerts from security researchers indicating that their personal information had appeared in the leaked data set. Coffeezilla mentioned that the leaked content almost covered all basic identity information, with the exception of credit card numbers, and warned users not to place orders on the platform. The two indicated that the leaked data likely originated from publicly accessible systems, and they have not yet received an official response or fix from Trump Mobile, leaving the issues unresolved.Based on the order numbers in the leaked data, the actual number of reservations is estimated to be around 30,000 units, far below the previously expected pre-sale scale of about 590,000. Analysts believe that this incident further raises doubts about Trump Mobile's product delivery and basic security capabilities.

Galxe released a security update stating that a leaked internal key affected the retired Galxe SpaceStation V2 contract. Galxe emphasized that this incident did not affect the security of any user wallets or funds, and even if users had previously interacted with the relevant contract, their wallet assets are "completely safe."The platform stated that the issue is limited to the relevant contract level, and the root cause has been confirmed. They are currently updating security controls and will publish a complete report after the investigation is completed.

The slow fog余弦 social media stated that the high-risk iOS attack framework DarkSword has been publicly leaked on channels such as GitHub and is being used for large-scale espionage attacks targeting cryptocurrency wallet holders.This attack program targets devices running iOS versions 18.4 to 18.7, utilizing vulnerabilities in the Safari browser through malicious web pages to achieve remote code execution, thereby stealing users' sensitive data. Attackers launch attacks using bait web pages that impersonate pornographic live streams, Tron energy stations, refund processes, and more.iPhone users running older versions of iOS, once they access such web pages using the Safari browser (even if they do not close the page), may have sensitive information such as plaintext private keys and mnemonic phrases stolen by malicious JavaScript code when unlocking the wallet app, which is then transmitted in real-time through channels like Telegram bots.

According to GoPlus, there have been two new public key leakage incidents in the past 36 hours, with a total loss of $238,000. Among them, 0xUnihax0r lost $200,000, and he had previously uploaded a trading bot and Telegram; the stolen address of @Eli5defi is linked to a previous large-scale private key leakage incident involving 574 addresses. GoPlus suggests that, in light of such centralized large-scale private key leaks, it is advisable to immediately check for risks according to the private key leakage self-inspection checklist.

Syndicate has released an update regarding the recent security incident, stating that the leakage of private keys led to the malicious upgrade of bridging contracts on two chains, resulting in the theft of approximately 18.5 million SYND (about $330,000) and around $50,000 in customer tokens. Affected users will receive full compensation, and SYND holders will receive additional compensation.The attack involved multi-stage reconnaissance, infrastructure mapping, vulnerability exploitation development, and precise timing, ruling out the possibility of insider involvement. The root cause of the vulnerability was the storage of private keys in a password manager, and the upgrade process did not utilize multi-signature or hardware signing. Syndicate is strengthening security measures, including adding an encryption layer outside the password manager and implementing multi-signature or hardware signing for the upgrade path.

According to official news, Syndicate Labs disclosed that its cross-chain bridge contract was maliciously upgraded on two chains due to a private key leak. The attacker transferred and sold approximately 18.5 million SYND (about $330,000) and around $50,000 worth of user tokens. The incident only affected specific chains, while others were not impacted.Syndicate Labs stated that this attack involved multi-stage reconnaissance, infrastructure mapping, and careful execution, demonstrating a high level of technical complexity, and ruled out the involvement of internal personnel. The root cause was that the private key was stored in a password management tool without an additional layer of encryption, and the upgrade process did not utilize multi-signature or hardware signature mechanisms, nor did it have early warning and circuit breaker measures for contract upgrades.Syndicate Labs announced that it will fully compensate all affected users, including returning 18.5 million SYND and providing additional compensation, while also fully compensating affected application chain clients. The company has initiated security upgrade measures, including strengthening private key encryption, tightening access permissions, and plans to introduce hardware or multi-signature mechanisms and upgrade path monitoring to prevent similar incidents from occurring again.

The Berachain Foundation issued a warning on platform X that the Wasabi Protocol has triggered a cross-chain security incident due to the leakage of the deployer's private key, affecting multiple blockchains including Berachain.To prevent the spread of risk, Berachain has suspended and blacklisted all affected Wasabi Reward Vaults within the network, immediately stopping the distribution of BGT staking rewards to compromised contracts and blocking the flow of new BGT into the damaged contracts. The official request for all users who have interacted with Berachain and Wasabi is to immediately revoke token authorization for the specified contracts to avoid the risk of asset theft. Berachain also emphasized that the BGT reward funds within the native RewardVaults are safe and users can claim them normally; this incident does not affect core ecological rights.

The decentralized prediction market platform Polymarket is suspected to have been hacked, with the threat actor xorcat posting over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum.It is reported that the attacker extracted data through undisclosed API endpoints, pagination bypass, and CORS misconfigurations in Polymarket Gamma and CLOB API. The leaked content includes: 10,000 users' complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 reports (including 58 ETH addresses and administrator verification address identifiers), 48,536 Gamma market metadata, over 250,000 active CLOB market fixed product market maker addresses, and 9,000 social graph data of followers.The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous pull scripts and a complete red team report.

Orca posted on the X platform that its frontend is hosted on the cloud hosting platform Vercel. In response to the Vercel security incident, all potentially leaked keys and deployment credentials have been rotated out of caution. Orca's on-chain protocol and user funds were not affected. The official team will continue to monitor the situation and will provide updates as more information becomes available.

The Chief Information Security Officer of Slow Fog Technology, 23pds, retweeted that the internal system of the cloud hosting platform Vercel was accessed without authorization, which is suspected to be related to an internal data breach.The related tweet indicated that someone on BreachForums claimed to be ShinyHunters and is selling the so-called Vercel internal database, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens for $2 million. The related data is suspected to involve Vercel's internal Linear system and internal user management system.Previously, the cloud hosting platform Vercel disclosed that its internal system was accessed without authorization, affecting a small number of customers.

CZ responded on social media regarding the "phone number leak" in the new book, stating that the phone number has not been used for many years. The new owner should be a hacker or the police, and there were previous attempts to apply for an assistant position. Please pay attention to your own safety. It is advised not to add (related social media accounts) anymore.

According to official news, the blockchain security agency SlowMist recently released a security assessment report, conducting a special audit of OKX Wallet. The results showed that in the audited version, no behavior was found where the application transmitted sensitive information such as private keys or mnemonic phrases to external servers, and no risk of sensitive data leakage was detected overall.It is reported that this assessment focused on whether there were issues with the external transmission of private keys and mnemonic phrases in OKX Wallet, and the results indicated that the relevant core information was processed locally. The current handling of private keys and mnemonic phrases has become the core of wallet security, and such audit results also provide users with a more direct security reference.

The analysis of the Drift theft incident by Slow Fog pointed out that a week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attacker then gained administrator privileges, forged CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the liquidity pool.Currently, the stolen funds have mainly been aggregated to an Ethereum address, totaling approximately 105,969 ETH (about 226 million USD). Slow Fog stated that the flow of related funds is still being tracked.

On March 28, the cybersecurity platform VECERT disclosed that hackers, under the name PexRat, are selling a database containing personal information of 1.5 million Binance users on the dark web. The content includes sensitive information such as names, emails, phone numbers, KYC verification status, login IP addresses, and two-factor authentication methods.Analysis indicates that this incident was not a direct intrusion into Binance's internal servers, but rather that the attackers bypassed the CAPTCHA mechanism and obtained data through credential stuffing and automated scraping methods. Affected users face a high risk of SIM card hijacking and phishing attacks. At the time of this incident, Binance's institutional OTC trading business is experiencing rapid growth, with trading volume reaching 25% of the total for the entire year of 2025 in just January and February of this year. This is another data security crisis for Binance following the leak of 420,000 sets of account credentials in January.

According to a report by Fortune magazine, documents leaked from Anthropic show that its next-generation super robot "Claude Mythos" is currently being tested, and the company believes that this robot "poses an unprecedented cybersecurity risk." Musk stated, "This is deeply concerning."