attack

According to Cyvers Alerts monitoring, a trader suffered a poisoning attack about an hour ago, resulting in a loss of approximately $600,000 worth of USDT.While attempting to send funds to 0x77f6ca8E...2E087a346, he mistakenly sent the transaction to the malicious spoofed address 0x77f6A6F6...DFdA8A346, warning users to be cautious of the associated risks.

RWA tokenization platform OpenEden posted on X platform that the DNS of its official website and portal seems to have been tampered with, reminding users not to interact with the aforementioned domains to prevent damage to wallet assets.OpenEden stated that all reserve assets are still safe (SAFU) and relevant data can be verified through Chainlink's reserve proof page. However, the team reiterated that users should not access or operate the aforementioned domains. The OpenEden team is investigating the matter and will release further updates as soon as possible.

According to Bitcoin News, attacks against Bitcoin holders in France are accelerating.Since 2017, there have been 47 recorded attacks against Bitcoin holders in France, with 38 occurring in the past 13 months. The vast majority of these incidents have happened recently, indicating a sharp increase in criminal activities targeting cryptocurrencies.

According to BlockSec Phalcon monitoring, an unknown USDC-OCA liquidity pool on the BSC chain was attacked, resulting in approximately 422,000 USDC being withdrawn.The attacker exploited a deflationary sellOCA() logic vulnerability of the OCA token, which allowed them to remove an equivalent amount of OCA from the liquidity pool each time they called the swap OCA token, artificially raising the token price within the pool.The attack was completed through three transactions: the first executed the attack operation, while the latter two were mainly used to pay additional block builder bribes. The attacker paid a total of approximately 43 BNB plus 69 BNB to 48club-puissant-builder, with an estimated profit of around $340,000. Another transaction in the same block failed at position 52, suspected to have been front-run by the attacker.

The Chief Information Security Officer of Slow Fog, 23pds, reminded on the X platform that a fake recruitment campaign named "graphalgo" is exploiting remote access trojans (RAT) to target cryptocurrency developers.

According to Bitcoin Magazine, Bitcoin Improvement Proposal BIP-360 has been merged into the official codebase to enhance resistance against quantum attacks.

According to Web3 Antivirus monitoring, a poisoning incident involving a new address resulted in a loss of $354,000 USDT.The victim (0xa0c7...0e73) copied a similar address from the transaction records and sent funds to the scam copy.

According to Cointelegraph, Mandiant, a U.S. cybersecurity company affiliated with Google Cloud, has discovered that a North Korea-linked threat organization is intensifying social engineering attacks against cryptocurrency and fintech companies.The threat group, codenamed UNC1069, has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings.Mandiant has been tracking this organization since 2018, but advancements in artificial intelligence have helped the group expand its malicious activities since November 2025. In one intrusion incident, the attackers used a stolen Telegram account of a cryptocurrency founder to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.

According to Cointelegraph, Mandiant, a U.S. cybersecurity company affiliated with Google Cloud, has discovered that a North Korea-linked threat organization is intensifying social engineering attacks against cryptocurrency and fintech companies.The threat group, codenamed UNC1069, has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings.Mandiant has been tracking this organization since 2018, but advancements in artificial intelligence have helped the group scale up its malicious activities since November 2025. In one intrusion incident, the attackers used a stolen Telegram account of a cryptocurrency founder to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.

According to Decrypt, Google's security team Mandiant recently released a report warning that a North Korea-related hacker group is using AI-generated deepfake videos and fake Zoom meetings to launch more targeted cyberattacks against cryptocurrency and fintech companies.The report noted that a hacker group known as UNC1069 (or CryptoCore) recently infiltrated a fintech company by initiating a fake Zoom meeting through a hijacked Telegram account, using a deepfake video of a well-known cryptocurrency executive to gain trust during the meeting.The attackers used "audio issues" as an excuse to lure the victims into running malicious commands, ultimately deploying seven different families of malware in their systems, aimed at stealing credentials, browser data, and session tokens. The organization primarily targets businesses and individuals in the cryptocurrency industry, including software companies, venture capital firms, and their employees.

According to Scam Sniffer monitoring, in January, a single victim lost $12.2 million due to copying an incorrect address in their transaction history. Combined with a similar attack in December that resulted in a loss of 500,000 dollars, the two victims have accumulated losses exceeding $62 million.Address poisoning attacks refer to attackers sending small amounts of tokens from visually similar addresses to lure users into copying the incorrect address. Additionally, in January, signature phishing scams stole $6.27 million, representing a 207% increase month-over-month. Analysts believe that the Ethereum Fusaka upgrade has reduced transaction costs, leading to an increase in the frequency of such attacks.Coin Metrics data shows that dust transactions related to stablecoins currently account for about 11% of the total daily transactions on Ethereum. Whitestream indicates that DAI has become the preferred choice for illegal operators to store funds due to the protocol's governance not cooperating with authorities to freeze addresses.

According to SlowMist's monitoring, the official plugin center ClawHub of the open-source AI Agent project OpenClaw is gradually becoming a new target for attackers to implement supply chain poisoning.Due to the platform's lack of a comprehensive and strict review mechanism, a large number of malicious skills have already infiltrated, being used to spread malicious code or deliver harmful content, posing potential security risks to developers and users. According to a report by Koi Security, 341 malicious skills were identified in a scan of 2,857 skills, reflecting a typical "plugin/extension market supply chain poisoning" pattern.SlowMist advises not to treat the "installation steps" in SKILL.md as a trusted source; any command that requires copying and pasting should be audited first; be wary of prompts that "require entering the system password/granting accessibility/system settings," as these are often points of risk escalation; prioritize obtaining dependencies and tools from official channels to avoid executing installation scripts from unknown sources.

According to official news, Strike reported experiencing an unusually high volume of traffic, causing the Bitcoin payment network to temporarily collapse. The service has now fully resumed.

According to GoPlus monitoring, a wallet that had been inactive for nearly five years was compromised after signing a malicious increaseApproval transaction, with the attacker stealing approximately $66,000 worth of QNT.

According to Decrypt, the latest report from blockchain security company CertiK shows a surge in physical attacks (i.e., "violent attacks") targeting cryptocurrency holders in 2025, with a total of 72 recorded incidents throughout the year, a 75% increase year-on-year, resulting in losses exceeding $40.9 million.The report states that such attacks have evolved from fringe risks to structural threats, with kidnapping becoming the most common method, and personal assault incidents increasing by 250% year-on-year. There has been a significant change in the geographic distribution of attacks: Europe has become the hardest-hit region, accounting for over 40% of global incidents, with France leading the world with 19 incidents; the U.S. share has drastically dropped from 36.6% in 2024 to 12.5%; Asia still accounts for about 33.3% of high-risk areas.CertiK recommends that individual users adopt defensive strategies such as setting up decoy wallets, geographically isolating recovery phrases from hardware wallets, and reducing their public cryptocurrency footprint; institutions and high-net-worth individuals should consider implementing multi-signature wallet structures, setting up time-lock smart contracts, and developing executive protection protocols.

Blockchain security company CertiK data shows that in January 2026, the crypto industry suffered about 40 security incidents, resulting in losses exceeding $400 million. The largest single loss came from a phishing attack on January 16: an investor fell victim to a scammer posing as official Trezor customer support, leaking the hardware wallet's recovery seed phrase under the scammer's inducement, leading to the theft of 1,459 bitcoins and 2.05 million litecoins, totaling $284 million, accounting for 71% of the month's total losses.The stolen assets were quickly converted into the privacy coin Monero (XMR) to obscure transaction trails, causing XMR prices to soar and highlighting the challenges regulators face in combating money laundering involving privacy coins. Other significant vulnerabilities include: $30 million stolen from the Solana platform Step Finance (January 31), Truebit losing $26.6 million due to an overflow vulnerability, Swapnet losing $13 million, and Saga and Makina Finance losing $6.2 million and $4.2 million, respectively.

According to The Block, the cross-chain liquidity protocol CrossCurve (formerly known as EYWA) has confirmed that its cross-chain bridge protocol "is under attack" due to a vulnerability in its smart contract being exploited, resulting in approximately $3 million in funds being stolen across multiple networks. Blockchain security firm Defimon Alerts discovered that the attack vector was a gateway validation bypass vulnerability in CrossCurve's ReceiverAxelar contract.Analysis shows that anyone can use a forged cross-chain message to call the contract's expressExecute function, thereby bypassing the expected gateway validation and triggering unauthorized token unlocks on the protocol's PortalV2 contract. The protocol is supported by Curve Finance founder Michael Egorov, who previously raised $7 million.

Step Finance released an update on the hacking incident on platform X, disclosing that several of its funding wallets were breached by an attacker last night. The initial assessment indicates that the attack was carried out through a certain attack vector. Remedial measures have been taken, and the company is closely collaborating with security experts. Relevant authorities have also been notified, and further updates on the incident will be provided.According to previous reports, the treasury and fee wallets of Step Finance were compromised. On-chain data shows that approximately 261,854 SOL tokens were unstaked and transferred during the attack, amounting to about 30 million dollars.

According to Scam Sniffer (@realScamSniffer), 10 hours ago, a user fell victim to a "transfer record poisoning attack," copying an incorrect address from the contaminated transfer history, resulting in a loss of 4,556 ETH (approximately $12.25 million).

Binance founder Changpeng Zhao (CZ) responded to recent FUD attacks against Binance in a post on January 30, stating, "This is not the first time, and it won't be the last." CZ emphasized that Binance has faced FUD attacks since the very first day of its establishment and will explain the reasons and methods behind it in detail during tonight's AMA (Ask Me Anything) session.In his tweet, he stated, "While our (self-proclaimed) 'competitors' focus on us, we continue to build and grow."