plugin

According to official news, the Binance wallet plugin now supports mnemonic-derived accounts. By backing up a set of mnemonics, you can derive up to 99 independent accounts.It can protect the security of mnemonics and efficiently manage accounts; multi-chain support allows a single account to be used across chains. The supported plugin version is 1.12.0 and above.

Thibault Sottiaux, the head of OpenAI Codex, announced that the usage limits for Codex across all plans have been reset to align with the newly launched plugin system and to encourage users to experience it.The first batch of integrated plugins includes commonly used developer tools such as Slack, Figma, Notion, and Gmail, allowing users to utilize Codex capabilities in more application scenarios.

According to Tencent's public account, WeChat has officially launched the WeChat "ClawBot" plugin, supporting the integration of OpenClaw. Users can scan a QR code or copy a command to connect OpenClaw to WeChat. Once connected, users can quickly interact with their "lobster" efficiently through WeChat chat. In addition, Tencent's "Shrimp Workshop" cloud shrimp Lighthouse, self-developed shrimp workbuddy, and local shrimp QClaw are all in place.

OpenClaw founder Peter SteinBerger posted on the X platform, stating that the team is considering how to make the OpenClaw plugin system more powerful while keeping the core system more streamlined, and plans to add support for the Claude Code and OpenAI Codex plugin packages.He revealed that the next OpenClaw version update is expected to be released this Sunday, and the new version will allow users to ask questions at any time while the AI Agent is performing tasks. Meanwhile, Peter SteinBerger disclosed that the automated task filtering system developed for X is performing well, running every five minutes to automatically identify and clean up spam, marketing replies, and other content, thereby enhancing the effective interaction experience.

According to Cointelegraph, hackers are using the "ClickFix" attack method to steal cryptocurrencies, with the latest two attacks involving impersonating venture capital firms and hijacking browser extensions.Cybersecurity company Moonlock Lab reports that scammers impersonate fake VCs such as SolidBit, MegaBit, and Lumax Capital, contacting users via LinkedIn to offer collaboration opportunities, then directing them to click on fake Zoom and Google Meet links. After clicking the link, users are led to a page with a forged Cloudflare "I'm not a robot" verification box; clicking this box copies malicious commands to the clipboard and prompts users to open a terminal to paste the so-called verification code, thus executing the attack.Moonlock Lab points out that this method turns victims into execution mechanisms, bypassing defenses in the security industry. Meanwhile, hackers are also spreading malware by hijacking the Chrome extension QuickLens. This extension allows users to run Google Lens searches directly in the browser, and after ownership was transferred, the new version contains malicious scripts that can initiate ClickFix attacks and steal information.The extension has about 7,000 users, and once hijacked, it searches for cryptocurrency wallet data and recovery phrases to steal funds, as well as scraping Gmail inbox content, YouTube channel data, and login credentials or payment information entered in web forms. The extension has been removed from the Chrome Web Store. The ClickFix technique has been popular among hackers since last year, forcing victims to manually execute malicious payloads, affecting thousands of businesses and multiple industries worldwide.

BitsLab co-founder Luis_0xyi posted on X platform: "A reminder to be cautious when using Chrome extension wallets on Windows computers with large funds. BitsLab recently discovered a vulnerability present in several top extension wallets that can be used to directly steal private keys. This issue affects extension wallets from major exchanges like Coinbase Wallet, Binance Wallet, and others, but the exploitation scenario has certain requirements. We will disclose more after the fix."

ChainCatcher news, the Web3 security organization BitsLab announced that it has completed the acquisition of the security browser plugin KEKKAI Plugin from the Japanese Web3 infrastructure company KEKKAI Labs, and has officially renamed it to BitsLab Safe.KEKKAI Labs is a Japanese tech team focused on Web3 security and infrastructure development, with its core product KEKKAI Plugin having a solid user base and high usage rate in the Asian market.BitsLab stated that this acquisition aims to expand its security capabilities from B-end services to C-end security. BitsLab will retain the original features of KEKKAI Plugin while introducing its own AI-driven security analysis and threat detection technology to expand and upgrade the product's functionality intelligently.It is reported that the renamed BitsLab Safe is a free browser security plugin aimed at ordinary users. Its core features include: automatically simulating the transaction process before executing transactions in the wallet, displaying results in advance, issuing warnings when dangerous contracts or malicious actions are detected, and providing phishing website protection and alerts. BitsLab plans to make this product an important part of its AI security ecosystem.Previously, BitsLab's main business focused on B-end services such as security audits, penetration testing, and vulnerability mining, having provided solutions for over 400 projects covering mainstream ecosystems like Sui, Aptos, TON, and Solana. This acquisition marks a strategic upgrade for BitsLab, aiming to build a complete security protection system "from underlying infrastructure to end users."

ChainCatcher message, the GoPlus browser security plugin now fully supports EIP-7702 detection features, providing stronger security protection for Web3 users.This update includes core features such as real-time risk alerts, advanced threat detection, and protection against malicious contracts, capable of instantly identifying and intercepting various attacks based on the EIP-7702 protocol during transactions. As one of the first platforms to focus on the security threats of this protocol, GoPlus recommends users update their extensions in a timely manner to arm themselves with the latest security tools and ensure asset safety.

ChainCatcher message, the X plugin product FlowX is now live on the Chrome Web Store. This product mainly helps users by providing background information on X accounts, funding amounts and investors, trending activities, and popular project rankings while browsing and analyzing X (formerly Twitter), enhancing their information acquisition efficiency.FlowX not only utilizes RootData's vast and reliable database but also provides links to RootData pages in multiple locations on the X account page, shortening the user action path and striving to become the best navigator for users on their encrypted journey on the X website. As an early user reward, users can earn 30 RootData points simply by logging into the FlowX product and can earn more points through daily check-ins.Download link

ChainCatcher news, according to official information, the Binance wallet has officially launched a wallet plugin (Beta version), allowing users to manage crypto assets, interact with decentralized applications (dApp), and explore Web3 directly through the Google Chrome browser on their computers.

ChainCatcher news, community user @Cryptohaifeng_ posted on the X platform stating that the "web snapshot" feature of the "immersive translation" plugin has a security vulnerability. When generating and sharing translation snapshots, data is stored on publicly accessible cloud sites, and there is no anti-scraping deployed, which may lead to the leakage of sensitive information such as wallet private keys and financing agreements. Some users have discovered that the leaked information involves documents related to Zhong An International's participation in the A2 round financing subscription agreement of Yuan Coin Technology.Previously, the product sparked controversy due to restrictions on users using third-party cheap APIs, forcing subscription memberships, and the founder exposing the addresses of other competing authors in the group.

ChainCatcher news, the on-chain aggregated trading platform Ave.ai announced a deep cooperation with the Web3 one-stop social leader DeBox. The two parties are integrating innovations around the concept of "social as liquidity," focusing on Meme trading and community building.It is reported that Ave.ai's latest official website (pro.ave.ai) has fully integrated the DeBox (debox.pro) holding chat plugin. Each token launched on the platform will automatically generate a dedicated token holding group, allowing users to join the corresponding community and communicate rapidly with other token holders without switching platforms.DeBox has over 11.15 million registered users and 640,000 daily active users, and has formed over 290,000 instant messaging groups based on on-chain asset and behavioral data. DeBox community groups have no upper limit on the number of members and come with powerful group management tools, such as red envelopes, lotteries, token airdrops, and live voice rooms. Ave.ai, as a leading on-chain trading analysis platform, has over 7 million users, aggregating more than 130 chains, as well as features like on-chain real-time trading, historical data, and signal squares.The growth leader of Ave.ai stated that this cooperation aims to break down the barriers between trading and community interaction, gather community liquidity, enhance user experience and efficiency, and promote the investment ecosystem of Web3 assets like Meme towards a more social and community-oriented direction.

ChainCatcher news, the InfoFi platform XHunt has reached a strategic partnership with the crypto data platform RootData. By utilizing the RootData API, XHunt will check information such as project financing amounts and investor lists into the plugin, allowing users to understand the project's overall competitiveness more intuitively and conveniently. In the future, XHunt users will also be able to directly jump to the RootData page to view more information about projects and individuals.It is reported that XHunt is an AI-driven InfoFi platform that provides AI-driven analysis, token screening, and social sentiment tracking for cryptocurrency projects through its cryptocurrency analysis plugin.

ChainCatcher message, Binance responded to "hackers stealing coins through red envelopes" stating: "Based on the current investigation results and the information at hand, we initially suspect that the user's device may have had malicious plugins/software installed, which led to the user's email, Google Authenticator, Binance account, and other account information being sequentially stolen by hackers. The hackers simulated the user's common device and IP environment based on this, successfully passing the verification steps during the red envelope initiation process, ultimately resulting in the theft of funds.It should be noted that when users send red envelopes for payment on the Binance platform, they need to verify their payment PIN/fingerprint or Face ID/authenticator app/email. Therefore, the reason for the theft of the user's account assets through the red envelope function is due to the aforementioned personal information being stolen. It is strongly recommended that the user report this incident to the police. The Binance security risk control team will assist in providing all the information we have and, with the user's cooperation, further investigate their device to jointly identify the final cause. We also remind all users to remain vigilant, enhance their security awareness, and ensure they use secure and clean devices. Be cautious of the security risks to accounts and devices to protect personal asset safety.

ChainCatcher message, ElizaOS (formerly ai16z) founder Shaw posted on x, stating that although the v2 version is still being developed in a private research repository, the team will release some key features to simplify the transition and address the pain points of the v1 version.The new features mainly include: a plugin registration feature that allows plugins to be compatible without waiting for the core team to merge code; moving all model vendor code from the core to plugins, enabling model vendors to integrate immediately; and moving roles to memory, allowing agents to update their personalities through evaluators. These features are expected to be released by next weekend.

ChainCatcher news, Slow Mist founder Yu Xian posted on X platform stating, "AdsPower fingerprint browser transparently disclosed an incident of being hacked. If you are using AdsPower and installed the extension wallet or manually updated the extension wallet between January 21, 18:00 and January 24, 18:00 (UTC+8), then the extension wallet on your AdsPower (such as MetaMask, etc.) may be a backdoored version, which could steal your mnemonic phrase/private key.Currently, based on our intervention investigation, the risk is controllable, and the official emergency response is timely. If users are stolen due to this situation, they can submit relevant information to Slow Mist channels."

ChainCatcher news, ai16z recently announced on its official X that it has successfully integrated the GoPlus professional-grade Web3 security plugin into ElizaOS. ai16z founder Shaw retweeted to confirm this news and stated that a formal partnership will be announced soon. This move means that developers can build AI Agents with professional-grade Web3 security features based on the open-source framework of ElizaOS, marking a significant improvement in the security and reliability of the AI Agent ecosystem, which will be capable of providing users with a safer Web3 experience.It is reported that the GoPlus plugin is the first security module integrated into ElizaOS, empowering all AI Agents from the perspective of professional Web3 security services, and becoming the key middleware for AI Agents to interact with more than 30 public chains; GoPlus has become the preferred security partner in the AI Agent ecosystem.

ChainCatcher news, according to Cointelegraph, OKX has issued a warning to users that a fraudulent OKX browser extension has appeared in the Firefox browser plugin store. The extension integrates third-party features within the web browser interface.According to OKX, the company has not released any Firefox browser plugins and advises users who mistakenly downloaded the plugin to transfer any funds from wallets associated with the fraudulent extension.OKX has contacted Firefox to remove these applications and reminds users to never download OKX-specific software from third parties.

ChainCatcher news, ai16z posted on X that Eliza V2 is currently in the early development stage, aiming to improve architecture, enhance scalability, and optimize plugin management. V1 will remain stable, focusing on pull requests, documentation, and issue fixes. The team recommends continuing development based on V1 and will notify users once the testing schedule for V2 is determined.