authorization

Solana co-founder toly commented on the controversy surrounding Circle's USDC freezing mechanism, stating that we need a base layer stablecoin that can only be frozen under a court order. If there are other factors that can freeze it besides authorization from a judge approved by the U.S. Senate, then it is not a true dollar stablecoin.toly suggested that various protocols (such as Drift and Kamino) should issue wrapped stablecoins with their own freezing and unfreezing strategies on top of the base layer stablecoin, equipped with a security team truly responsible for handling hacking incidents, while having independent freezing and unfreezing strategies.It is reported that after the recent hacking of the Drift protocol, Circle did not promptly freeze the stolen USDC. Circle CEO Jeremy Allaire's remarks about the "moral dilemma" and freezing policy have sparked widespread discussion in the community regarding the freezing mechanisms of centralized stablecoins.

Binance announced its participation in the international law enforcement operation "Operation Atlantic," led by the UK's National Crime Agency (NCA), in collaboration with multiple countries' law enforcement agencies to combat cryptocurrency and investment fraud, focusing on "approval phishing" scams.The operation was jointly initiated by the NCA, the U.S. Secret Service, and relevant law enforcement and regulatory agencies in Ontario, Canada, aiming to identify victims who have been compromised or are at risk. Approval phishing typically disguises itself as an investment opportunity, luring users into granting wallet access permissions, thereby transferring assets. During the operation, Binance's special investigation team provided on-site support in London, including fraud identification processes, risk screening, and intelligence analysis, and assisted in identifying potential victims and related malicious websites.At the same time, Binance also provided law enforcement agencies with addresses and suspect intelligence related to the case, supporting asset tracking and enforcement actions. The NCA stated that this operation has successfully protected thousands of potential victims in the UK and overseas. Binance emphasized that it will continue to cooperate with global law enforcement agencies to strengthen the fight against cryptocurrency fraud.

The DeFi protocol Neutrl announced on platform X that its frontend is suspected to have been attacked, and the team is conducting an urgent investigation. For security reasons, the official advises users not to interact with the website until further updates are released.At the same time, Neutrl reminds users to promptly go to Revoke.cash to revoke Permit2 authorizations for the relevant addresses, and also reminds users to check and revoke authorizations for other suspicious addresses to reduce potential asset risks.

According to GoPlus monitoring, a user lost approximately $53,000 worth of PAXG due to signing a malicious authorization (Approve) transaction, which was exploited by phishing attackers.

The globally leading cryptocurrency trading platform Gate has announced that the CEX MCP within the Gate for AI system has completed an important upgrade.This upgrade focuses on optimizing the AI Agent access and authorization process. After the upgrade, users can complete authorization directly within the conversation when using Gate MCP in AI tools, without the need to manually open a browser or switch pages; the authentication process can be completed in the same chat window. Whether using tools like Cursor, Claude Code, or OpenClaw, the overall experience is much smoother. Additionally, the platform provides a one-click installation tool and supports both API Key and OAuth authorization methods, making it simpler and more flexible for AI models to access trading capabilities.In terms of capabilities, the tool system of Gate MCP has further expanded, with the total number of tools now increased to 161. The callable capabilities of the AI Agent now cover market data, spot trading, contracts, and have expanded to include options, delivery contracts, wealth management, and more product scenarios, enabling AI not only to execute trades but also to participate in a more complete asset management and strategy execution process.

Mastercard and Google jointly released the open standard framework Verifiable Intent, designed specifically for the "agent commerce" scenario where AI agents autonomously complete shopping transactions. This framework utilizes cryptographic technology to create tamper-proof authorization records when AI agents execute transactions on behalf of users, integrating identity, intent, and actions into a single privacy-protecting audit trail, addressing the issue where merchants and issuing institutions cannot confirm whether consumers truly authorized a transaction when AI agents place orders autonomously.The framework employs selective disclosure technology to ensure that parties only receive necessary information and integrates widely adopted industry standards such as those from the FIDO Alliance and EMVCo. Mastercard stated that Verifiable Intent will be integrated into its Agent Pay API in the coming months.Meanwhile, the cryptocurrency camp is also actively positioning itself. Coinbase CEO Brian Armstrong pointed out that while AI agents cannot open bank accounts, they can hold cryptocurrency wallets, indicating that blockchain infrastructure may be more suited to the future of the AI agent economy.

According to GoPlus monitoring, a user lost approximately $127,000 worth of USDC, TIBBIR, and PAXG assets to a phishing attack after signing multiple malicious Approve transactions.

According to Scam Sniffer monitoring, an Ethereum user lost $388,051 after signing a phishing token authorization transaction.

According to market news, the AI intelligence forum Moltbook experienced a database leak due to configuration issues, exposing 4.75 million records, including 1.5 million API authorization tokens, 35,000 user email addresses, 20,000 email records, and some OpenAI API keys. Users should promptly check the security of their accounts and timely change relevant keys and passwords.

On-chain information shows that the Binance SAFU fund address initiated authorization 10 minutes ago, suspected to be adding two new addresses to the "allowed recipient whitelist," or preparing to increase Bitcoin holdings.Previously, it was reported that three days have passed since the announcement of Binance's "1 billion dollar purchase of Bitcoin," and the SAFU fund address has not made any buying actions yet. This situation may be related to the weekend timing.

WORLD3 has officially submitted the ERC-8118 (Agent Authorization) proposal to the Ethereum Foundation. This standard aims to provide a secure and controllable authorization mechanism for autonomous AI Agents to perform on-chain operations. ERC-8118 introduces time-limited authorizations with automatic expiration mechanisms, usage and transaction limits, as well as fine-grained permission control at the function level, allowing users to revoke authorizations at any time, thus bridging the gap between the high risks of unlimited authorizations and the cumbersome nature of one-time signature operations.Currently, ERC-8118 has undergone production-level validation on the WORLD3 platform, covering over 1 million wallets and 5.7 million transactions, and has completed peer review at the IEEE International Blockchain Conference (BRAINS 2025). This standard is compatible with all EVM-based blockchains and has entered the community public discussion phase on the Ethereum Magicians forum.

According to CoinDesk, Bitmine Chairman Thomas "Tom" Lee stated in a statement released on Monday that whether BitMine can continue to increase its holdings of Ethereum (ETH) depends on whether shareholders approve the company's authorization to issue new shares. If not approved, the company may be forced to slow down its purchasing pace in the coming weeks.Lee stated, "We must move forward with the issuance immediately, as BitMine's current authorization of 500 million shares is about to be exhausted. Once the limit is reached, our pace of ETH accumulation will slow down." The shareholder vote will be held on Thursday. According to regulations, the issuance proposal needs to receive support from 50.1% of all outstanding shares to pass. "This is a very high threshold, making it extremely difficult to obtain authorization for the issuance," Lee emphasized in the statement.

Slow Mist posted on platform X that MistEye detected potential suspicious activities related to Fusion. The root cause is a vulnerability in the underlying contract commissioned by an EOA account controlled by the project team through EIP-7702, which allows arbitrary external calls, enabling attackers to create and configure malicious circuit breaker contracts for PlasmaVault, thereby extracting funds from the contract.

According to Scam Sniffer monitoring, someone lost aEthUSDT tokens worth $563,590 after signing a malicious "authorization" signature.

According to Cointelegraph, the U.S. House of Representatives passed the National Defense Authorization Act (NDAA) on Wednesday with a vote of 312-112, but the bill did not include the previously promised ban on central bank digital currencies (CBDCs), leading to dissatisfaction among hardline Republicans.Republican Congressman Keith Self posted on the X platform, "Conservatives were explicitly promised that strong anti-CBDC language would be included in the NDAA, but that promise was broken." Self had submitted an amendment on Tuesday to include a CBDC ban, but the amendment did not advance and was not voted on in the House. In July, House Republican leadership had reached an agreement with hardliners in the party to include a CBDC ban in the defense spending bill in exchange for their support on three cryptocurrency bills. Congresswoman Marjorie Taylor Greene also criticized House Speaker Mike Johnson for not fulfilling the promise. The bill has now been sent to the Senate, aiming for passage by the end of the year. Self stated that he would continue to push for a CBDC ban in the next must-pass legislation.

Binance has announced that it has obtained a full regulatory license from the Financial Services Regulatory Authority (FSRA) of the Abu Dhabi Global Market (ADGM), and its global platform will officially operate under the international regulatory framework of ADGM.In accordance with regulatory requirements, the platform's operations will migrate to a new three-entity structure to enhance transparency, oversight mechanisms, and risk management. Starting from January 6, 2026, Binance services will be provided by three ADGM-licensed entities: Nest Exchange Services Limited: responsible for platform operations such as spot and derivatives trading; Nest Clearing and Custody Limited: responsible for clearing and custody, acting as the central counterparty for derivatives trading; Nest Trading Limited: providing over-the-counter trading, instant exchange, and some wealth management services.This structure aligns with traditional financial regulatory models, reinforcing platform risk isolation and user asset protection through layered functions of matching, clearing, and custody. Along with the structural adjustment, Binance will update its user agreement. Starting from January 5, 2026, the rights and obligations of users under the original "Terms of Use" will automatically be assumed by the corresponding ADGM entities, and the relevant product terms will also be adjusted accordingly.The official statement indicates that the migration will not affect users' daily usage: UID, balances, order records, and available products will remain unchanged, and any open derivative positions will be transferred to Nest Clearing and Custody Limited for clearing and custody.

According to GoPlus monitoring, the DMT (@dexmaxai) airdrop poses security risks. Users may be tricked into authorizing other tokens during the airdrop process, resulting in the theft of assets from thousands of users, with cross-chain asset transfers exceeding $130,000. It is recommended that users who have received the $DMT airdrop revoke related authorizations or transfer their assets to a secure wallet. Currently, both the official DexMax AI Twitter and website have been taken offline.

The well-known NFT project Moonbirds has announced its entry into Camp Network, officially launching its official IP commercialization authorization through collaboration with Camp Network and Remaster.According to the cooperation plan, Moonbirds holders can participate in brand collaborations and commercial applications through Camp Network's source tracing protocol, covering cross-channel development of physical goods, digital derivatives, and more. This protocol will provide a verifiable authorization path and an automated royalty distribution mechanism.Camp Network stated that this move marks a key step in the NFT field's transformation towards real-world asset IP, showcasing a new model for on-chain IP expansion into physical retail and gaming entertainment sectors.

According to official news, GoPlus Security Research Institute conducted a detailed security risk scan on more than 30 x402 projects and community-reported risk projects in Binance Wallet and OKX Wallet, discovering that the following projects have issues such as excessive authorization, signature replay, HonyPot (PiXiu token), and unlimited issuance risks.FLOCK (0x5ab3): The transfer ERC20 function allows the owner to withdraw any amount of any token from the contract. x420 (0x68e2): The cross chain Mint function can mint tokens without restriction. U402 (0xd2b3): The mint By Bond function allows unlimited minting of coins. MRDN (0xe57e): The withdraw Token function allows the owner to withdraw any amount of any token from the contract. PENG (0x4444ee, 0x444450, 0x444428): The manual Swap function allows the owner to withdraw ETH from the contract, and the transfer From function bypasses the allowance check for special accounts. x402 Token (0x40ff): The transfer From function bypasses the allowance check for special accounts. x402b (0xd8af5f): The manual Swap function allows the owner to withdraw ETH from the contract, and the transfer From function bypasses the allowance check for special accounts. x402MO (0x3c47df): The manual Swap function allows the owner to withdraw ETH from the contract, and the transfer From function bypasses the allowance check for special accounts.

ChainCatcher message, GoPlus Chinese community issued a security alert, the x402 cross-chain protocol @402bridge is suspected to be stolen. The Creator of the contract starting with 0xed1A transferred the Owner to the address 0x2b8F, and then the new Owner called the transferUserToken method in the contract to transfer all remaining USDC from authorized user wallets.Before minting, USDC must be authorized to the @402bridge contract, which caused more than two hundred users to have their remaining USDC transferred away due to excessive authorization. The address 0x2b8F transferred a total of 17,693 USDC from users, and then exchanged the USDC for ETH, which was subsequently transferred to Arbitrum through multiple cross-chain transactions. It is recommended that users who have participated in this project cancel the relevant authorizations as soon as possible; remind users to check whether the authorized address is the official address of the interactive project before authorizing, only authorize the necessary amount, and avoid unlimited authorization; and regularly check authorizations to cancel unnecessary ones.