slow

According to the threat intelligence released by the SlowMist security team, its threat intelligence system MistEye has received community feedback regarding an active social engineering attack targeting cryptocurrency users.The attackers contact target users under the pretext of project collaboration, luring them to use a counterfeit "Harmony Voice" software (domain: harmony-voice[.]app) for so-called real-time translation, which is actually malware. SlowMist has synchronized the relevant threat intelligence (IOC) to its corporate clients.

According to Jinshi News, Joe Capros, head of the International Economics Department at the Commonwealth Bank of Australia (CBA), stated that the dollar index remains stable above 98, and the dollar is expected to continue benefiting from the slowdown in global economic growth.He pointed out that the global economy needs to adapt to the reduction in energy supply, and interest rate hikes will help align demand with supply.

According to CCTV News, to prevent Israel's military actions in Lebanon from interfering with the upcoming US-Iran negotiations, President Trump has asked Israeli Prime Minister Netanyahu to reduce the intensity of strikes against Lebanon.Reports indicate that Trump spoke with Netanyahu and "sternly" stated that while the US understands Israel's security concerns, Israel should slow down its military strikes against Lebanon to maintain the upcoming negotiations.A US official revealed that the duration of this call was "shorter than usual." The official stated that the Trump administration had never before requested Israel to slow down its military actions against Hezbollah in Lebanon. This pressure comes after Iran and mediator Pakistan accused Israel of violating the ceasefire agreement, and Trump is concerned that continued strikes could affect the US-Iran ceasefire and disrupt the openness of the Strait of Hormuz.

According to Jin Shi reports, "Fed mouthpiece" Nick Timiraos stated that the Federal Reserve's meeting minutes show that "the vast majority" of officials believe that the pace of inflation relief may be slower than expected, mainly due to three intertwined concerns: the impact of tariffs on commodity prices may take longer to dissipate; the transmission effect of oil prices on core inflation; and the years of inflation rates being above the target level, which makes inflation expectations more susceptible to new shocks.

According to Jinshi reports, Federal Reserve Vice Chairman Jefferson stated that current employment growth has slowed but may be stabilizing.

According to Jinshi reports, International Monetary Fund (IMF) President Kristalina Georgieva stated that the Middle East war will lead to increased inflation and may slow down global economic growth.

According to official news, the blockchain security agency SlowMist recently released a security assessment report, conducting a special audit of OKX Wallet. The results showed that in the audited version, no behavior was found where the application transmitted sensitive information such as private keys or mnemonic phrases to external servers, and no risk of sensitive data leakage was detected overall.It is reported that this assessment focused on whether there were issues with the external transmission of private keys and mnemonic phrases in OKX Wallet, and the results indicated that the relevant core information was processed locally. The current handling of private keys and mnemonic phrases has become the core of wallet security, and such audit results also provide users with a more direct security reference.

The analysis of the Drift theft incident by Slow Fog pointed out that a week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attacker then gained administrator privileges, forged CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the liquidity pool.Currently, the stolen funds have mainly been aggregated to an Ethereum address, totaling approximately 105,969 ETH (about 226 million USD). Slow Fog stated that the flow of related funds is still being tracked.

According to Jinshi reports, Federal Reserve official Barkin stated that inflation progress is expected to be slow and will not quickly return to target levels.

According to Jinshi Data, job vacancies in the U.S. decreased in February, and hiring has significantly slowed, indicating that labor demand has cooled ahead of the additional uncertainties brought about by the war in Iran.Data released by the U.S. Bureau of Labor Statistics on Tuesday showed that job vacancies fell from a revised 7.24 million in January to 6.88 million. After a brief rebound in job vacancies at the beginning of the year, the simultaneous slowdown in hiring and vacancies suggests that companies are becoming cautious in hiring after experiencing nearly zero growth for a year.Looking ahead, the surge in oil prices triggered by the war may increase operational costs for businesses and pose a barrier to further hiring. The decline in job vacancies is primarily driven by a retreat in accommodation and food services, healthcare and social assistance, and manufacturing. The hiring rate has dropped to its lowest level since April 2020, while the layoff rate has slightly increased.Despite large companies, including Meta and Oracle, pushing for large-scale layoffs to reallocate resources to AI investments, the overall level of layoffs in the economy remains relatively mild.

Slow Fog has once again issued a security reminder stating to pay attention to checking for malicious versions of axios and the exposure risk of OpenClaw npm global installation history. [email protected] and [email protected] have been confirmed as malicious versions, both of which have injected the dependency [email protected], delivering cross-platform malicious payloads through the postinstall script.The impact of OpenClaw is assessed based on scenarios: source code builds are not affected, as the locked versions in the lock file are 1.13.5/1.13.6; however, users who installed via npm install -g [email protected] face historical exposure risks due to the presence of optionalDependencies.axios@^1.7.4 in the dependency chain, which may resolve to [email protected] during the time window when the malicious version is still online. Currently, npm has reverted the resolution to [email protected], but environments that were installed during the attack window are still advised to be checked. Slow Fog has provided inspection commands and IoC paths for various platforms; if the plain-crypto-js directory is found, even if the package.json has been cleaned, it should still be regarded as high-risk execution traces. It is recommended that affected hosts immediately rotate credentials and conduct host-side inspections. Previously, Slow Fog founder Yu Xian reminded that OpenClaw version 3.28 may introduce a toxic version of axios, and users need to urgently check.

Yuxian, the founder of Slow Fog, posted on the X platform stating that Coinbase has taken down the page requiring users to enter their plaintext mnemonic phrases. He pointed out that the security model of online web pages for wallets is very low, much lower than that of extensions or apps; the practice of collecting plaintext mnemonic phrases on online web pages can easily be imitated by phishing websites and has long been a common phishing technique.

The Chief Information Security Officer of Slow Fog, 23pds (Shan Ge), posted on the X platform stating that there are reports that the LiteLLM vulnerability attackers have stolen approximately 300GB of data and compromised about 500,000 credentials. He advises all cryptocurrency developers to immediately verify and quickly rotate relevant keys and credentials, check logs, access records, and the exposure of sensitive data to avoid losses similar to the Trust Wallet incident.Previously, it was reported that LiteLLM, which has a monthly download volume of 97 million, suffered a supply chain attack, allowing the simple installation to steal all sensitive credentials, including SSH keys.

According to Jinshi News, Chris Williamson, Chief Business Economist at S&P Global Market Intelligence, stated that the preliminary PMI index survey data for March indicates concerns over the slowdown in U.S. economic growth and rising inflation. Businesses report that uncertainty from conflicts and the cost of living have affected demand, while instability in financial markets and limitations on purchasing power have exacerbated the situation. The survey shows that consumer price inflation has risen to around 4%, suggesting that the U.S. may face the risk of stagflation, and the Federal Reserve needs to weigh the risks of rising inflation against weakening economic growth momentum.

According to CoinShares' latest weekly report, influenced by the Federal Reserve meeting being interpreted as "hawkish hold," net inflows into digital asset investment products slowed to $230 million last week. In the two days prior to the FOMC meeting, there was a total inflow of $635 million, followed by an outflow of $405 million after the meeting. Overall, all regions still recorded net inflows, with the United States seeing an inflow of $153 million, and Germany and Switzerland recording inflows of $30.2 million and $27.5 million, respectively.Bitcoin products saw inflows of $219 million, but short Bitcoin products still had inflows of $6 million, indicating a growing divergence between bulls and bears. Solana recorded net inflows for the seventh consecutive week, amounting to $17 million this week, bringing the total to $136 million; Ethereum, after three weeks of inflows, experienced a net outflow of $27.5 million this week, while Chainlink and Hyperliquid recorded inflows of $4.6 million and $4.5 million, respectively.

After Slow Mist founder Yu Xian disclosed that the Coinbase Commerce asset recovery page directly requires users to enter plaintext mnemonic phrases, Slow Mist's Chief Information Security Officer 23pds added that the sitemap of that page also has flaws, allowing malicious attackers to easily use tools like ResourcesSaver to download the frontend code and deploy similar websites.If combined with similar domain names like Coinbase for phishing attacks, users can easily fall victim.

As the application of AI Agents in cryptocurrency trading rapidly heats up, automated trading is transitioning from "tool-assisted" to "autonomous execution." However, at the same time, a series of security risks are also emerging. Recently, the security agency SlowMist and the exchange Bitget jointly released an AI Agent security report, systematically outlining the potential threats and protective systems for Agent automated trading in the current Web3 scenario.The report combines real cases and security research to analyze the typical security issues faced by AI Agents today, including risks of behavioral manipulation caused by Prompt Injection, supply chain vulnerabilities in plugins and Skill ecosystems, abuse of API Keys and account permissions, as well as potential threats from automated execution leading to operational errors and permission escalation.The report recommends that users effectively control permissions when using AI Agents for trading, by isolating through sub-accounts, setting API IP whitelists, and establishing continuous trading monitoring and anomaly alert mechanisms. Additionally, it suggests introducing manual confirmation or independent signature mechanisms for high-risk operations to prevent model misjudgments from directly affecting asset security. To facilitate users in implementing security measures, the report includes a trading security self-checklist at the end, helping users quickly identify security risks.From an industry development perspective, AI Agents are continuously driving the intelligence of Web3 trading, but the construction of security systems still needs to be upgraded in parallel. Establishing a balance between efficiency and controllability will become an important topic of long-term concern for the industry.

Slow Fog's Yu Xian posted on platform X: "A group hacking incident is occurring, hacker address: 0x913efc2062984288a0a083cd42b3a3422c07fcef, the hacker has currently profited $85,000, and this amount is still increasing. According to community feedback, this group mainly consists of yield farmers, and private keys/mnemonic phrases have been collected in advance by the hacker. The hacker is consolidating related funds. If you are using the MoreLogin fingerprint browser, please be cautious, but there is currently no evidence that MoreLogin or related plugins are the issue."

The Chief Information Security Officer of Slow Fog Technology, 23pds, issued a reminder stating that ClawHub developers should be aware of phishing and credential leakage risks. Currently, ClawHub relies on developers' GitHub one-click login. Previously, the Sha1-Hulud worm stole a large number of developers' GitHub credentials, and attackers may take the opportunity to attack Skills.The attack path is: credential theft → attacker gains GitHub permissions → logs into ClawHub as a developer → publishes malicious Skills to implant backdoors → users download and install, executing malicious code leading to system intrusion.