security

Web3 wallet infrastructure Claw Wallet announced a strategic partnership with GoPlus. Claw Wallet has integrated GoPlus's SafuSkill Launchpad, supporting the assetization and tokenization of AI skills, empowering developers to obtain continuous on-chain revenue through GitHub verification.At the same time, Claw Wallet introduces GoPlus AgentGuard security scanning technology, which conducts real-time monitoring and risk visualization of AI Agent's code, sensitive data, and operating environment through a multi-dimensional scoring system. This collaboration aims to enhance the security of AI Agent wallets and improve their ecological incentive mechanisms.

Aave Labs announced the launch of the AI-driven governance security system Aave Checkpoint, which adds a structured multi-layer review process for each proposal and load before execution.It is reported that the workflow of Checkpoint is divided into two phases: the automatic AI analysis phase, where the system automatically retrieves on-chain data, proposal source code, and IPFS text when a new proposal is submitted, cross-references the parameters with governance specifications, uses Seatbelt to simulate output and check the proposal execution path, runs over 60 specialized security analysis agents for vulnerability detection, DeFi-specific risk analysis, agent upgrade security checks, etc., and generates a structured audit report with pass/fail conclusions; and the mandatory manual review phase, where each AI-generated report must be independently signed off by at least two people before it can be considered reviewed. Checkpoint covers Aave V3, V4, GHO, and Aptos-v3 protocols, including 5 custom Aave governance skills and 52 external security skills.

According to Decrypt, U.S. Senator Warren recently expressed concerns about Musk's planned payment platform X Money, stating that it could pose risks to consumer protection, national security, and the stability of the financial system.Warren pointed out that after acquiring and reshaping X, Musk is pushing it to become a "super app" that covers "all aspects of users' financial lives," potentially even replacing the traditional banking system. She questioned the performance of the X platform in terms of security and content governance, believing that this undermines its credibility in entering the consumer finance sector.Additionally, Warren criticized the current regulatory environment for becoming more lenient, including the "GENIUS Act" promoted by the Trump administration, which provides a "special pathway" for private companies to issue stablecoins, potentially weakening necessary regulatory constraints.

Gate released its latest transparency report, with a simultaneous strengthening of its financial management and security systems. Against the backdrop of market fluctuations, Yu Bi Bao and on-chain earnings have achieved dual growth in user and fund scale, with on-chain earnings holding 3,084 BTC and 175,700 ETH, both reaching historical highs; the ETF business's trading volume in March exceeded 18 billion USDT, with continuous improvement in ecological participation.In terms of security and transparency, the platform's latest overall reserve coverage rate reached 122%, with a BTC reserve rate as high as 147%, and various assets maintaining excess reserves, further enhancing risk resistance capabilities. Additionally, in the RootData exchange transparency ranking, Gate ranked second globally, with its comprehensive strength continuously validated by the market. Furthermore, Gate continues to expand its global influence, partnering with the F1 Red Bull Racing team to host an F1 Japan Grand Prix viewing event in March, deepening brand connections and user engagement through high-profile collaborations. Gate has formed a synergistic effect in the growth of financial management scale, continuous improvement in transparency, and global brand expansion, further consolidating its leading position in the industry.

The security research organization Elastic Security Labs has disclosed a new social engineering attack targeting personnel in the finance and cryptocurrency industries. The attackers impersonate venture capital firms on LinkedIn and Telegram, tricking targets into opening an Obsidian note repository that contains a built-in malicious payload, thereby deploying a previously unrecorded Windows remote access Trojan called PHANTOMPULSE.This attack does not exploit any software vulnerabilities but instead abuses the Shell Commands plugin of Obsidian to automatically execute malicious code when the note repository is opened. On the macOS side, it uses an obfuscated AppleScript launcher in conjunction with a Telegram channel as a backup command and control server, while on the Windows side, it leverages Ethereum transaction data to achieve blockchain-based C2 address resolution.

According to disclosures from the GoPlus Chinese community, a user lost approximately $316,000 in USDC from their wallet due to signing a malicious Permit2 transaction, which was exploited by a phishing attacker.GoPlus advises users to adhere to the "four no" principles for phishing prevention: do not click on unfamiliar links, do not install unknown software, do not sign transactions with unclear content, and do not transfer funds to unverified addresses. They also recommend installing the GoPlus security plugin to intercept phishing risks in real-time.

OpenAI announced the launch of the GPT-5.4-Cyber model, which is fine-tuned from GPT-5.4 for cybersecurity scenarios, reducing the refusal limits on security-related requests under specific conditions to support specialized operations such as binary reverse engineering.According to the introduction, the model is only available to vetted security vendors, corporate security teams, and researchers through the "Trusted Access for Cybersecurity" (TAC) program. OpenAI stated that the relevant layered mechanism will limit the scope of model usage and impose additional constraints on access in low visibility scenarios.

According to official news, the Blockaid system has detected a front-end attack targeting Cowswap, and the website COW[.]FI has been marked as a malicious site. If the user's wallet is connected, please revoke authorization immediately and avoid any interaction with this DApp.

Due to the migration of the top decentralized application Ether.fi to Optimism, the Ethereum Layer-2 network Scroll has experienced a significant loss of funds, resulting in a total value locked (TVL) decrease of approximately $160 million and an annual fee loss of about $13 million.Scroll stated that it will propose a plan to dissolve the decentralized security committee and reduce DAO members to lower operational costs, with network control being handed over to the internal team. Additionally, Scroll briefly raised network gas fees by 1,280 times after the protocol migration, causing users to pay over $50,000 in extra fees, but it has since returned to normal. After this adjustment, Scroll's TVL has dropped to approximately $23 million. The official statement claims that all contract changes will remain transparent and verifiable on-chain.

According to official news, Scroll announced an important proposal regarding protocol and governance operations. The team proposed to dissolve the Security Council and transfer protocol management authority to the Scroll Admin multi-signature address, with the transition expected to be completed within the next ten days.Scroll stated that the costs of the Security Council are no longer reasonable compared to actual usage over the past few quarters, and resources should be better allocated to product development and growth. Scroll will work with key stakeholders to find a new Security Council structure that is more suited to current market conditions.

According to the "News" report, the Federal Security Service of the Russian Federation (FSB) recently arrested three Telegram investment channel owners, accusing them of manipulating stock prices through a "Pump&Dump" strategy, involving over 55,000 illegal transactions related to 19 large companies on the Moscow Exchange.Research from Moscow State University shows that 11% of Telegram investment signals can have a substantial impact on stock returns, with over 60% of private investors relying on such signals to make decisions. The Central Bank of Russia stated that it will continue to monitor abnormal trading and warned that "punishment is inevitable" for illegal bloggers. Experts remind that manipulative signals are often presented in emotional language, promise quick profits, and do not disclose risks; investors should prioritize consulting licensed advisors.

Cryptocurrency exchange Kraken has stated that it is being extorted by a criminal organization, which threatens to release videos of its internal system access. The company emphasizes that there has been no systemic breach, customer funds remain secure, and it will not pay a ransom to the attackers.Kraken disclosed that the incident stemmed from improper access by personnel related to the customer service team, occurring in two separate incidents, involving limited data access for approximately 2,000 accounts (about 0.02% of total users). The company has identified the individuals involved and terminated their access, while also notifying affected users and strengthening security controls.Kraken's Chief Security Officer Nick Percoco stated that the company is cooperating with law enforcement to investigate and believes it has evidence to track and arrest the individuals involved. The current attack shows a trend of "internal infiltration + social engineering," reflecting the ongoing security challenges faced by the cryptocurrency industry in a high-value asset and complex technological environment.

According to CoinDesk, researchers from the University of California, Santa Barbara, the University of California, San Diego, blockchain security company Fuzzland, and World Liberty Financial have jointly published a paper warning that "LLM routers"—intermediary services located between users and AI models—have become a significant security risk for crypto assets.The researchers found that 26 LLM routers are secretly injecting malicious tool calls and stealing user credentials, with one incident leading to the emptying of a customer's crypto wallet worth $500,000.Additionally, the researchers were able to control about 400 downstream hosts within hours by "polluting" the router ecosystem. Since sensitive data such as private keys and API credentials are often transmitted in plaintext through these routers, users are effectively exposing their assets to risk without their knowledge.The researchers pointed out that as McKinsey predicts AI agents will mediate $30 trillion to $50 trillion in global consumer spending by 2030, Binance founder Changpeng Zhao also predicts that the payment volume of AI agents will be a million times that of humans. The current infrastructure security is severely lagging behind the pace of industry development, and the risk of the "weakest link" could trigger a systemic chain crisis.

The Zcash core development team Zcash Open Development Lab (ZODL) founder Josh Swihart released the latest progress on Zcash, proposing a strategic direction centered on "post-quantum security, scalability, and user experience," and using the Artemis II lunar mission as a metaphor to emphasize achieving seemingly impossible goals through technological breakthroughs. The ZODL team stated that Zcash is entering the "Zcash IV" phase, which will build infrastructure similar to a "lunar base" to support the protocol and application security scaling to billions of users, while promoting the vision of privacy transactions without large-scale financial surveillance.On the product and technology front, ZODL continues to iterate, with its 3.3.x version now launched on iOS and Android, adding hardware wallet connection management, SDK upgrades, and multiple experience optimizations, while advancing key developments such as Keystone wallet functionality and address system upgrades (ZIP 316, UIVK/UFVK). Meanwhile, the Zcash core team has fixed multiple system issues and is advancing the development of the Zallet alpha version, while strengthening unified address standards and wallet interaction experiences, laying the groundwork for future scalability and performance improvements.In addition, ZODL disclosed that its application data continues to grow and participated in a stablecoin privacy summit to strengthen industry collaboration. However, due to upgrades in regulation and network restrictions, ZODL has temporarily removed its app from the Russian app store. The team emphasized that privacy is not an option but a fundamental need in the digital age, and will continue to accelerate delivery pace to promote the popularization of ZEC and ecological development in the future.

Polkadot stated on the X platform that the team has noticed security issues with the Ethereum gateway contract of Hyperbridge. This vulnerability only affects DOT tokens bridged to Ethereum via Hyperbridge, while DOT within the Polkadot ecosystem and other bridging solutions are not affected. Polkadot and its parachains and native DOT remain secure. Hyperbridge has suspended operations during the investigation.According to previous news from ChainCatcher, the Hyperbridge contract encountered an MMR proof replay vulnerability, resulting in a loss of approximately $242,000.

Due to the detection of a security incident involving Polkadot, Upbit has immediately suspended the deposit and withdrawal services for Polkadot (DOT) and its AssetHub Polkadot network.Upbit will collaborate with the project team to ensure asset security and will notify users of the resumption time once the stability of deposits and withdrawals is confirmed. During the service suspension, the deposit refund and withdrawal address registration processes will also be paused.

According to market news, researchers from the University of California recently disclosed that some third-party AI large language model (LLM) routers have security risks that could lead to the theft of cryptocurrency assets. The research shows that LLM routers, acting as API intermediaries, can read plaintext information, and some routers have been found to inject malicious code and steal credentials.The team tested 28 paid and 400 free routers, finding that 9 routers actively injected malicious code, 2 deployed evasion triggers, and 17 accessed Amazon Web Services credentials. Some routers even transferred ETH using the researchers' Ethereum private keys.The study pointed out that the malicious behavior of the routers is difficult to detect, and some AI agent frameworks' "YOLO mode" can automatically execute commands, increasing security risks. The research recommends that developers should not allow private keys or mnemonic phrases to be transmitted through AI agents and calls on AI companies to encrypt signatures in responses to enhance security.

As the infiltration and attacks targeting the cryptocurrency industry continue to escalate, security experts point out that the core difference from hackers with backgrounds in other countries is that cryptocurrency assets have become an important direct source of financing for military expenses in that country. Reports indicate that during a recent months-long infiltration operation against Drift Protocol, North Korean hackers once again caused a stir in the industry.Experts state that this model is not merely a "fund transfer tool," but rather a direct "predatory profit" mechanism used to bypass international sanctions and obtain immediately usable hard currency. Security researchers note that, unlike countries such as Russia and Iran, North Korea almost entirely lacks sustainable foreign economic and commodity export capabilities, making it more reliant on cryptocurrency theft as a core source of income to support its nuclear weapons and ballistic missile programs.Experts also emphasize that North Korean hacker attack targets have expanded from simple phishing to exchanges, wallet services, and key holders of DeFi protocols, commonly employing long-term social engineering and identity disguise infiltration methods. Due to the characteristic of blockchain transactions being "irreversible once confirmed," the cryptocurrency industry is far weaker than the traditional financial system in terms of freezing and recovering funds, making such attacks more destructive in speed and scale. Security personnel warn that this type of "long-term infiltration + precise power seizure" attack model has yet to be effectively addressed by the industry.