fog

The Web3 asset data platform RootData has outlined the business partners of Crypto.com. Its strategy goes beyond exchange expansion, advancing through multiple paths such as payments, custody, and brand collaborations, aiming to create a comprehensive digital asset platform covering both institutional and consumer ends.Payment Infrastructure: Crypto.com has integrated with Stripe, Mastercard, Yuno, TripleA, Lynq, etc., covering the complete link from checkout crypto payments to institutional-level real-time clearing.Institutional Trading and Custody: VerifiedX has entrusted Crypto.com with institutional custody for its $1.5 billion digital assets; CoinRoutes provides smart order routing, CryptoStruct connects high-frequency trading, and Doblox offers AI trading terminals.Corporate Crypto Treasury: Crypto.com collaborates with several Nasdaq-listed companies executing treasury strategies, including SOL Strategies, Sharps Technology, and IP Strategy.On the brand side, Crypto.com has formed deep ties with top sports IPs—renewing its partnership with F1 until 2030 and sponsoring the Miami Grand Prix, as well as UEFA Champions League, UFC, NBA Philadelphia 76ers, AFL, and South American CONMEBOL; the long-term partnership with the LeBron James Family Foundation marks an extension of its brand collaboration into the celebrity family philanthropy sector.Additionally, Crypto.com has signed collaborations in the Middle East with Dubai Islamic Bank, DMCC, e& money, Tawasal Al Khaleej super app, and Emarat gas station network, becoming an important participant in the local digital asset compliance ecosystem. Related compilation: 【Crypto.com Web3 Partner Network Compilation (Continuously Updated)】Cryptocurrency projects actively showcasing their partner networks have become a key way to enhance transparency and market trust. It is reported that RootData welcomes Web3 project parties to claim data and continues to track and open more project business relationship disclosure channels. The platform has continuously released multiple issues of the cryptocurrency project ecosystem map, nominating Web3 ecosystem partners for upstream clients such as Visa, Stripe, and Coinbase.If you wish to nominate your project in future ecosystem maps, please fill out the 【RootData 2026 Industry Ecosystem Mapping】 form to supplement your important clients and partners.

According to official news, the blockchain security agency SlowMist recently released a security assessment report, conducting a special audit of OKX Wallet. The results showed that in the audited version, no behavior was found where the application transmitted sensitive information such as private keys or mnemonic phrases to external servers, and no risk of sensitive data leakage was detected overall.It is reported that this assessment focused on whether there were issues with the external transmission of private keys and mnemonic phrases in OKX Wallet, and the results indicated that the relevant core information was processed locally. The current handling of private keys and mnemonic phrases has become the core of wallet security, and such audit results also provide users with a more direct security reference.

The analysis of the Drift theft incident by Slow Fog pointed out that a week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attacker then gained administrator privileges, forged CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the liquidity pool.Currently, the stolen funds have mainly been aggregated to an Ethereum address, totaling approximately 105,969 ETH (about 226 million USD). Slow Fog stated that the flow of related funds is still being tracked.

BitMine Chairman Tom Lee expressed his market views, describing the current market environment's uncertainty as the "Fog of War."Tom Lee pointed out that the word "crisis" is composed of the characters for "danger" and "opportunity," and that most market participants tend to focus only on "danger" and take action based on that when a crisis arises, neglecting the potential "opportunity" within it.

Slow Fog has once again issued a security reminder stating to pay attention to checking for malicious versions of axios and the exposure risk of OpenClaw npm global installation history. [email protected] and [email protected] have been confirmed as malicious versions, both of which have injected the dependency [email protected], delivering cross-platform malicious payloads through the postinstall script.The impact of OpenClaw is assessed based on scenarios: source code builds are not affected, as the locked versions in the lock file are 1.13.5/1.13.6; however, users who installed via npm install -g [email protected] face historical exposure risks due to the presence of optionalDependencies.axios@^1.7.4 in the dependency chain, which may resolve to [email protected] during the time window when the malicious version is still online. Currently, npm has reverted the resolution to [email protected], but environments that were installed during the attack window are still advised to be checked. Slow Fog has provided inspection commands and IoC paths for various platforms; if the plain-crypto-js directory is found, even if the package.json has been cleaned, it should still be regarded as high-risk execution traces. It is recommended that affected hosts immediately rotate credentials and conduct host-side inspections. Previously, Slow Fog founder Yu Xian reminded that OpenClaw version 3.28 may introduce a toxic version of axios, and users need to urgently check.

Yuxian, the founder of Slow Fog, posted on the X platform stating that Coinbase has taken down the page requiring users to enter their plaintext mnemonic phrases. He pointed out that the security model of online web pages for wallets is very low, much lower than that of extensions or apps; the practice of collecting plaintext mnemonic phrases on online web pages can easily be imitated by phishing websites and has long been a common phishing technique.

The Chief Information Security Officer of Slow Fog, 23pds (Shan Ge), posted on the X platform stating that there are reports that the LiteLLM vulnerability attackers have stolen approximately 300GB of data and compromised about 500,000 credentials. He advises all cryptocurrency developers to immediately verify and quickly rotate relevant keys and credentials, check logs, access records, and the exposure of sensitive data to avoid losses similar to the Trust Wallet incident.Previously, it was reported that LiteLLM, which has a monthly download volume of 97 million, suffered a supply chain attack, allowing the simple installation to steal all sensitive credentials, including SSH keys.

After Slow Mist founder Yu Xian disclosed that the Coinbase Commerce asset recovery page directly requires users to enter plaintext mnemonic phrases, Slow Mist's Chief Information Security Officer 23pds added that the sitemap of that page also has flaws, allowing malicious attackers to easily use tools like ResourcesSaver to download the frontend code and deploy similar websites.If combined with similar domain names like Coinbase for phishing attacks, users can easily fall victim.

As the application of AI Agents in cryptocurrency trading rapidly heats up, automated trading is transitioning from "tool-assisted" to "autonomous execution." However, at the same time, a series of security risks are also emerging. Recently, the security agency SlowMist and the exchange Bitget jointly released an AI Agent security report, systematically outlining the potential threats and protective systems for Agent automated trading in the current Web3 scenario.The report combines real cases and security research to analyze the typical security issues faced by AI Agents today, including risks of behavioral manipulation caused by Prompt Injection, supply chain vulnerabilities in plugins and Skill ecosystems, abuse of API Keys and account permissions, as well as potential threats from automated execution leading to operational errors and permission escalation.The report recommends that users effectively control permissions when using AI Agents for trading, by isolating through sub-accounts, setting API IP whitelists, and establishing continuous trading monitoring and anomaly alert mechanisms. Additionally, it suggests introducing manual confirmation or independent signature mechanisms for high-risk operations to prevent model misjudgments from directly affecting asset security. To facilitate users in implementing security measures, the report includes a trading security self-checklist at the end, helping users quickly identify security risks.From an industry development perspective, AI Agents are continuously driving the intelligence of Web3 trading, but the construction of security systems still needs to be upgraded in parallel. Establishing a balance between efficiency and controllability will become an important topic of long-term concern for the industry.

Slow Fog's Yu Xian posted on platform X: "A group hacking incident is occurring, hacker address: 0x913efc2062984288a0a083cd42b3a3422c07fcef, the hacker has currently profited $85,000, and this amount is still increasing. According to community feedback, this group mainly consists of yield farmers, and private keys/mnemonic phrases have been collected in advance by the hacker. The hacker is consolidating related funds. If you are using the MoreLogin fingerprint browser, please be cautious, but there is currently no evidence that MoreLogin or related plugins are the issue."

According to the official announcement, Gate will launch the ninth phase of the Flash Exchange Lucky Draw event from March 16 at 18:00 to March 23 at 00:00 (UTC+8). During the event, after completing registration, users can initiate a flash exchange transaction with a minimum of just $1, enjoy a zero-fee fast experience, and participate in the lottery to unlock FOGO and lucky bag rewards.The prize pool is updated daily at 08:00 (UTC+8), and the number of rewards is limited, available on a first-come, first-served basis. During the event, new users who complete their first flash exchange transaction of no less than $1 will receive 1 lottery chance; users who complete a flash exchange transaction volume of $100 daily will receive 1 lottery chance, and additional lottery chances can be unlocked when transaction volumes reach $100, $500, $1,000, and $5,000; for each new user invited who completes identity verification and their first flash exchange transaction of no less than $1, the inviter will receive 1 lottery chance, with a maximum of 10 chances per individual.In addition, users whose flash exchange transaction volume reaches 80,000 USDT can also participate in the cash reward activity, with a maximum reward of 200 USDT available, and a total prize pool of 20,000 USDT, distributed based on transaction volume ranking, available on a first-come, first-served basis.It is reported that Gate Flash Exchange currently supports over 2,200 types of cryptocurrency assets, providing zero fees, fast transactions, and intelligent exchange rate matching services, helping users easily complete multi-currency one-click exchanges.

The Chief Information Security Officer of Slow Fog Technology, 23pds, issued a reminder stating that ClawHub developers should be aware of phishing and credential leakage risks. Currently, ClawHub relies on developers' GitHub one-click login. Previously, the Sha1-Hulud worm stole a large number of developers' GitHub credentials, and attackers may take the opportunity to attack Skills.The attack path is: credential theft → attacker gains GitHub permissions → logs into ClawHub as a developer → publishes malicious Skills to implant backdoors → users download and install, executing malicious code leading to system intrusion.

According to 23pds, the Chief Information Security Officer of Slow Fog Technology, an intelligence system has discovered a malicious npm package named "@openclaw-ai/openclawai" that is implementing a multi-layer attack.This malicious package disguises itself as a legitimate command-line tool called OpenClaw Installer, aimed at stealing sensitive user information, including system credentials, cryptocurrency wallet private keys, browser data, SSH keys, and Apple Keychain database, among others.

According to the monitoring by Slow Fog Technology's Chief Information Security Officer 23pds (@im23pds), attackers are poisoning Bing AI search results to lure users into downloading and installing a counterfeit OpenClaw program, thereby stealing users' crypto assets and sensitive information.

Slow Fog CISO 23pds (Shan Ge) posted on the X platform, stating that Taobao and Xianyu have U-disk versions of OpenClaw, claiming that users can plug and play after purchasing and configuring the model. However, OpenClaw has excessive permissions, and ordinary users find it difficult to identify malicious Skills, which can easily lead to asset loss.

The Chief Information Security Officer of Slow Fog Technology, 23pds, issued a reminder to be wary of fake imToken Chrome extensions. A fake imToken Chrome extension in the Chrome Web Store is phishing for seed phrases and private keys.

According to official news, Gate will launch the Crazy Wednesday 27th event from March 4th 14:00 to March 8th 16:00 (UTC+8).Users can automatically receive a 50 USDT dual-currency experience bonus by signing up (limited to 10,000 copies). During the event, completing multiple tasks such as flash exchanges, spot trading, contracts, deposits, invitations, residual coin treasure, and on-chain earning will unlock a mysterious blind box, allowing participants to win luxurious gifts such as FOGO, lucky bags, and Cartier watches, with a 100% winning rate.At the same time, this period will offer a USDT 14-day fixed-term financial product with an annualized return of 10%, and new users can enjoy a 3-day 100% annualized return; additionally, users who sign up to participate in on-chain earning BTC, ETH, and SOL mining can enjoy an event interest rate increase, with staking annualized returns of up to 16%.

Slow Mist announces the launch of MistTrack Skills, aimed at providing on-chain address risk analysis and anti-money laundering (AML) detection capabilities for AI Agents. In the context of the rapid development of AI Agents and the Skills ecosystem, this tool helps Agents automatically complete address-level security assessments before executing transfers, swaps, and other on-chain operations.MistTrack Skills is built on MistTrack's OpenAPI. Official data shows that MistTrack has indexed over 400 million on-chain addresses and 500,000 pieces of threat intelligence data, supporting risk analysis for multiple mainstream public chains including Bitcoin, Ethereum, TRON, BNB Smart Chain, Solana, and Sui. The API capabilities cover modules such as address label queries, risk scoring, transaction investigations, fund flow tracking, counterparty analysis, and asynchronous risk tasks.After configuring the MISTTRACK_API_KEY, developers can call related functions in AI Agent tools like OpenClaw and Claude Code. Additionally, this skill supports integration with wallet skills such as Bitget Wallet Skill and Trust Wallet Skills, automatically performing AML checks on recipient addresses before executing transfers or signing. Slow Mist stated that as AI Agents gradually participate in on-chain asset operations, security capabilities need to be upgraded from tool-level to default infrastructure capabilities. The launch of MistTrack Skills aims to provide a more comprehensive on-chain risk control solution for the integration of AI and Web3 scenarios.

The founder of Slow Fog, Yu Xian, reposted a security reminder. Currently, the ClawHub market of OpenClaw has discovered 1,184 malicious skills that can steal SSH keys, encrypted wallets, browser passwords, and open reverse shells. A single attacker has uploaded 677 packages. The top-ranked skill has 9 vulnerabilities and has been downloaded thousands of times.Yu Xian reminds users that text is no longer just text, but instructions. It is recommended to use AI tools in isolated environments, as many OpenClaw skills pose potential risks. Furthermore, Web3 security smart contracts are only part of the issue; the real causes of incidents are far beyond just contracts. A few days ago, Moonwell was hacked for $1.78 million, with the faulty code coming from Co-Authored-By: Claude Opus 4.6.

The Chief Information Security Officer of Slow Fog, 23pds, reminded on the X platform that a fake recruitment campaign named "graphalgo" is exploiting remote access trojans (RAT) to target cryptocurrency developers.