ChainCatcher message, crypto detective ZachXBT commented on the recent user data breach incident at Coinbase, pointing out that the exchange's practice of requiring phone numbers is extremely unsafe. He emphasized that scammers have stolen large amounts of money by spoofing calls and texts that appear to be from "Coinbase."ZachXBT stated that since most people have only one phone number and many websites require it, these numbers eventually get exposed in data breaches, making it nearly impossible for technically inexperienced users to defend against such attacks. Previously, reports indicated that some attackers obtained information by bribing Coinbase employees, specifically targeting high-net-worth account users with 7-8 figure assets.

ChainCatcher news, according to a report by Immunefi, the crypto hacking incidents in April 2025 resulted in losses of up to $92 million for DeFi platforms, a 124% increase from $41 million in March. Among them, the open-source platform UPCX suffered an attack exceeding $70 million, making it the largest incident of the month; KiloEx was hacked with a loss of $7.5 million, but the hacker returned all the funds afterward.The report noted that all attacks in April targeted DeFi platforms, with no security incidents reported by centralized exchanges. By the end of April, the cumulative losses from crypto hacking incidents in 2025 had reached $1.7 billion, surpassing the total of $1.49 billion for the entire year of 2024.Mitchell Amador, founder of Immunefi, stated that state-sponsored hacker groups pose a major threat and recommended that protocols adopt a "zero trust" architecture to enhance security measures.

ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23pds posted on the X platform stating that MCP may have vulnerabilities, and the artificial intelligence system can be manipulated to quietly leak your entire conversation history to malicious servers.

ChainCatcher news, according to Protos, Bitcoin wallets using the ESP32 chip, including Blockstream's Jade wallet, have currently been found to have a serious vulnerability (CVE-2025-27840). Cybersecurity research firm Crypto Deep Tech stated that this vulnerability could lead to the theft of private keys.

ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23pds tweeted that "The root cause of the KiloEx attack lies in the serious vulnerabilities in the price oracle access control. Simply put, the oracle should have its price information updated by trusted entities, but due to the lack of necessary permission restrictions, attackers were able to bypass the verification mechanism and arbitrarily tamper with asset prices, thereby manipulating the contract logic."

ChainCatcher message, Fuzzland co-founder Chaofan Shou posted on the X platform that the front-end component Bundler3 of the lending protocol Morpho has a security vulnerability, advising users to avoid interacting through the front end.Shou emphasized that only the "Multicall" function is affected, and the other functions are safe. If users need to withdraw funds, it is recommended to execute the Withdraw function directly through the contract. Currently, user funds themselves are not affected.

ChainCatcher message, CertiK issued an alert that it detected an exploit incident involving flash loans and the NFT market. The suspicious transaction contains complex logical operations on a certain protocol. CertiK stated that the impact of this incident is the exploitation of NFT market logic, but it will not directly deplete funds. Projects with delegated quoting logic should remain vigilant and check access permissions and validation checks.

ChainCatcher news reports that on-chain detective ZachXBT revealed that during his assistance in freezing Bybit hacker funds, he became acutely aware of the serious issues regarding security vulnerabilities and hacker attacks in the crypto industry. He stated that multiple "decentralized" protocols have recently derived almost 100% of their monthly trading volume and fees from the North Korean hacker group DPRK, yet these projects refuse to take any responsibility.Moreover, centralized exchanges (CEX) are slow to respond, allowing hackers to launder money in just a few minutes, while some CEXs take hours to take action. ZachXBT also criticized the KYT (Know Your Transaction) system for its serious flaws, which are easy to circumvent, and noted that the KYC (Know Your Customer) mechanism poses more of a data leak risk for ordinary users due to account leaks and insider issues, while being nearly ineffective in preventing the flow of illegal funds.He pointed out that North Korean hackers DPRK recently successfully laundered $1.4 billion, fully exposing the compliance and security system vulnerabilities within the industry, and expressed concern that only government-mandated regulations could lead to improvements in the industry.

ChainCatcher message, AdsPower officially stated on social media that its security team transparently disclosed an intrusion incident on January 24. Hackers spread malicious code, tampering with some third-party cryptocurrency wallet plugins in the AdsPower fingerprint browser. AdsPower has fixed the vulnerabilities and strengthened system security, while also reporting to the authorities in Singapore and actively cooperating with the police investigation.Internal investigations show that the attackers exploited vulnerabilities in third-party technology service systems to upload and spread a malicious version of the MetaMask plugin, which may have led to the leakage of cached information from users' wallet plugins. Currently, AdsPower has upgraded the plugin download mode in the application center and will further enhance network security, emergency response, and supply chain security management in the future. Affected users can receive exclusive value-added service plans in the AdsPower client.

ChainCatcher message, Hyperliquid posted on social media, "Regarding the issue of 'Hyperliquid 50x leverage whale' (0xf3f4 user) ETH long position: Firstly, to clarify: there was no protocol vulnerability or hacking incident.The user held unrealized profit and loss (PNL), made a withdrawal, which led to a reduction in margin, and was subsequently liquidated. Ultimately, the user made a profit of approximately $1.8 million, while HLP lost about $4 million in the past 24 hours. Currently, HLP's historical cumulative PNL remains at approximately $60 million. Please note that HLP is not a risk-free strategy.To increase the maintenance margin requirements for large positions, we will adjust the maximum leverage for BTC and ETH, updating them to 40x and 25x respectively. This will provide better cushioning for the fallback liquidation of large positions."

ChainCatcher news, according to the Decurity security team, the 1inch protocol suffered a serious DeFi attack on March 5, 2025, at 5 PM (UTC). The hacker exploited a callback option vulnerability in the old 1inch Settlement contract to obtain funds.The vulnerability stemmed from a data corruption issue in the order suffix processing, allowing the attacker to overwrite the parser address and call any parser, resulting in a loss of funds for the market maker TrustedVolumes. According to the Decurity team's analysis, this vulnerability existed in the code that was rewritten from Solidity to Yul in November 2022. Despite being audited by multiple security teams, the vulnerability remained in the system for over two years.After the incident, the attacker inquired through on-chain messages, "Can I get a bounty?" and subsequently negotiated with the victim, TrustedVolumes. After successful negotiations, the attacker began returning the funds on the evening of March 5 and ultimately returned all funds except for the bounty by 4:12 AM (UTC) on March 6.As one of the auditing teams for Fusion V1, Decurity conducted an internal investigation into this incident and summarized several lessons learned, including clarifying the threat model and audit scope, requiring additional time for code changes during the audit period, and verifying deployed contracts, among others.

ChainCatcher news, according to Jinshi reports, the European Central Bank's payment system experienced a major failure last Thursday, and the chaos that ensued during the 10 hours it took to identify and resolve the issue led to disruptions in welfare payments for over 15,000 Greeks, a large number of wages and pensions in Austria, and several financial transactions. The situation could have potentially worsened.If the situation had occurred or continued into the next day, i.e., at the end of February, it would have been a payday for many public sector employees, pensioners, and welfare recipients, and this chaos could have impacted millions of people and businesses, putting a strain on the banking system. According to officials from the Eurozone central bank, the core of the escalating turmoil was a hardware failure, but technicians took hours to identify the problem after initially misdiagnosing a database issue.Markus Ferber, a member of the European Parliament and a member of the committee overseeing the European Central Bank, stated, "A hardware failure is forgivable, but it is inexcusable if there is no backup that can be immediately activated when problems arise." An official from the European Central Bank indicated that the affected hardware did indeed have multiple backups, and the bank is analyzing why they did not activate.

ChainCatcher message, regarding the community project claiming "to have discovered a security vulnerability in the four.meme platform," the official response from four.meme stated: "The platform has no security vulnerabilities; the related transactions are internal balancing actions of the platform."

ChainCatcher news, Safe responded on platform X to Bybit's hacking forensic report, stating that the forensic review of the targeted attack by the Lazarus Group on Bybit concluded that the attack on Bybit Safe was executed through compromised Safe{Wallet} developer machines, leading to disguised malicious transactions.Lazarus is a government-backed North Korean hacking organization known for its complex social engineering attacks on developer credentials, sometimes combined with zero-day vulnerabilities. The forensic review by external security researchers did not indicate any vulnerabilities in the Safe smart contracts or the source code of the front end and services.Following the recent incident, the Safe{Wallet} team conducted a thorough investigation and has now phased the restoration of Safe{Wallet} on the Ethereum mainnet. The Safe{Wallet} team has completely rebuilt and reconfigured all infrastructure and rotated all credentials to ensure the complete elimination of the attack vector.After the final results of the investigation are released, the Safe{Wallet} team will publish a complete post-mortem analysis. The Safe{Wallet} front end is still operational and has implemented additional security measures. However, users need to be extra cautious and vigilant when signing transactions.

ChainCatcher message, the multi-signature wallet protocol Safe tweeted that, according to ByBit, the transaction information displayed by the Safe{Wallet} UI is correct, but a malicious transaction with all valid signatures was executed on-chain. Safe's investigation so far shows:No vulnerabilities found in the codebase: A thorough check of the Safe codebase found no evidence of vulnerabilities or modifications.No malicious dependencies found: There are no signs of malicious dependencies in the Safe codebase that could affect transaction flow (i.e., supply chain attacks).No unauthorized access to the infrastructure detected in the logs.Other Safe addresses have not been affected.As mentioned earlier, Safe has temporarily suspended the Safe{Wallet} functionality to ensure the absolute security of the platform. Although the investigation found no evidence that the Safe{Wallet} frontend itself was attacked, a thorough review is underway.

ChainCatcher message, StarkWare posted on the X platform stating that the dApp zkLend built on Starknet was attacked by hackers. The StarkWare team immediately initiated a coordinated response and took the following steps:Alerted the zkLend team to suspicious activities.Worked closely with cybersecurity firms to investigate the incident.Confirmed that the vulnerability does not involve a flaw in Starknet's core technology, but rather an irreparable application-specific issue.

ChainCatcher news, according to CertiK Alert statistics, the losses due to vulnerabilities, hacking attacks, and scams reached 98 million dollars in January 2025, with approximately 8 million dollars attributed to phishing losses.However, the total loss amount is less than the funds lost due to hacking activities in January 2024 (approximately 193 million dollars).

ChainCatcher news, according to The Block, the official Go implementation client of the Ethereum protocol, Geth, has released version 1.14.13 codenamed "Schwarzschild."This update fixes a vulnerability affecting the peer-to-peer (p2p) layer (CVE-2025-24883), which could allow nodes to suffer from denial of service attacks and may impact Layer 2 clients. The Geth team recommends that users running versions 1.14.0 and above (below version 1.14.13) update, while nodes running v1.13.x are not affected by this vulnerability.

ChainCatcher news, according to Jinshi reports, the International Monetary Fund (IMF) has raised its forecast for U.S. economic growth in 2025 to 2.7%, up from the October forecast of 2.2%; the expected economic growth rate for 2026 is 2.1%, higher than the previous forecast of 2.0%.Under the new U.S. government, policy changes are likely to drive inflation up in the short term, and excessive relaxation of regulatory measures may weaken financial safety protections and increase financial vulnerabilities.