fix

LayerZero posted on platform X that it is aware of the rsETH vulnerability incident and has been actively working with the KelpDAO team on handling and remediation since the incident occurred, while continuing to monitor the situation.LayerZero stated that, aside from the rsETH-related incident, other applications remain secure. Regarding the root cause of the incident, LayerZero is collaborating with SEAL_Org and others to investigate and has indicated that it will release a complete post-incident analysis report in conjunction with KelpDAO once all information is gathered.

The Zcash Foundation tweeted that it has released version 4.3.1 of Zebra. This version includes several critical security fixes, and all node operators are advised to upgrade immediately. Additionally, this version introduces a Dockerized mining environment, automated checkpoint management, and several CI enhancement improvements.

According to official news, the Rayls public chain mainnet will go live on April 30, along with the launch of the staking program and the Rayls native USD stablecoin USDr, marking the official implementation of the $RLS token economics.After the mainnet activation, transaction fees (paid in USDr on the public chain, RLS can be used on the private chain) will be converted, accumulated, burned, and redistributed through an automated mechanism: 50% of the transaction fees will be permanently burned, creating deflationary pressure; 50% will be injected into the network security pool to reward validators. The total supply of Rayls token RLS is fixed at 10 billion, with most tokens locked until 2028 to ensure long-term incentives and stable development, with a TGE circulation ratio of less than 15%; the majority of shares held by investors and the team will have a 12-month cliff period followed by a 36-month unlocking period, and additionally, 10% of the tokens unlocked by the foundation each month will be burned, further accelerating deflation.

The privacy coin Zcash recently disclosed and fixed a critical security vulnerability that could have been exploited by malicious miners to transfer over 25,000 ZEC (approximately 6.5 million USD) from the deprecated Sprout privacy pool. Security researcher Alex "Scalar" Sol disclosed on March 23 that the vulnerability stemmed from the zcashd node skipping proof verification when processing transactions involving the Sprout pool.The official statement indicated that the vulnerability had existed since July 2020 but had not been actively exploited, and user funds remained safe at all times. The development team has released version 6.12.0 to complete the fix, and mainstream mining pools have completed the upgrade deployment within a few days. Additionally, the unaffected Zebra full node implementation has the capability to trigger a chain fork, providing extra protection in the event of exploitation.It was disclosed that although the Sprout pool closed to new deposits in November 2020, approximately 25,424 ZEC remained untransferred. Even if the vulnerability were exploited, Zcash's "turnstile" mechanism would prevent inflationary issuance, ensuring that the total supply would not be breached. This vulnerability was discovered with the assistance of AI, and the researcher will receive a total bounty of 200 ZEC (approximately 51,000 USD). It is worth noting that this is not the first time Zcash has encountered a significant vulnerability; as early as 2019, it had fixed a serious flaw that could lead to unlimited issuance.

Coinbase CEO Brian Armstrong responded on the X platform to the frequent notifications about prediction markets, stating that the issue with the notifications stemmed from a system bug and apologized to users, indicating that a fix is underway. He also promised to strike a balance between content notifications and user experience.Coinbase users expressed dissatisfaction with the platform's frequent notifications about prediction markets, with feedback focusing on descriptions such as "annoying" and "unreasonable." Several users reported receiving a large number of notifications related to prediction markets during the NCAA "March Madness" basketball tournament, with some users questioning whether this behavior is turning the cryptocurrency trading platform into a sports betting service and raising concerns about the platform's fund management and risk control. Currently, the prediction market business still faces regulatory pressure in the U.S., with regulatory agencies in multiple states having filed lawsuits against related platforms, while the Commodity Futures Trading Commission is pushing for regulatory oversight in this area.

According to the official announcement, Gate Yu Bi Bao has launched USAT fixed-term financial products, and from March 27 at 16:00 to April 27 at 16:00 (UTC+8), it will offer three locking periods of 7 days, 14 days, and 30 days, with a maximum annualized return rate of 15%. Users can participate in the subscription with a minimum of only 1.5 USAT, and the quota is limited, first come first served.

The China Academy of Information and Communications Technology, in collaboration with Shanghai Jiao Tong University and Nanjing University, discovered a high-risk vulnerability driven by LLM command injection in the bash-tools module of the open-source autonomous intelligent agent framework OpenClaw during a security audit.This vulnerability arises from the system's failure to strictly escape command line parameters generated by LLM, allowing attackers to bypass regex defenses through inducive prompts, achieving remote code execution on the host machine and stealing sensitive data.The research team has completed attack verification in various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted repair suggestions to the NVDB Artificial Intelligence Product Security Vulnerability Professional Database (CAIVD) and the GitHub community.

Binance announced that it will update the FIX TLS connection for the Spot API on June 8, 2026, at 03:00 (UTC), expected to last about one hour. During the update, existing FIX connections may experience intermittent interruptions.Binance requests users to confirm that their clients send SNI (Server Name Indication) during the TLS handshake and validate the certificate against the requested hostname before the update. Clients that do not have SNI configured may receive certificate-related error messages during or after the update, leading to TLS handshake or hostname validation failures. Some Node.js clients that do not explicitly configure SNI may be affected.

The cybersecurity agency Moonlock Lab reports that crypto hackers have recently upgraded their "ClickFix" attack method, beginning to impersonate venture capital firms to contact target users through social platforms and lure them into executing malicious code to steal crypto assets.Attackers disguise themselves as fake venture capital firms such as SolidBit, MegaBit, and Lumax Capital, sending collaboration invitations via LinkedIn and guiding victims to fake Zoom or Google Meet meeting links. The pages embed a fake Cloudflare "I am not a robot" verification button, which, when clicked, copies malicious commands to the clipboard and tricks users into pasting and executing them in the terminal, thus completing the attack. Researchers point out that this method circumvents traditional security mechanisms by "making victims execute commands themselves."Meanwhile, hackers are also hijacking browser extensions to carry out attacks. John Tuckner, founder of cybersecurity company Annex Security, revealed that the Chrome extension QuickLens, after changing ownership on February 1, released a new version containing malicious scripts two weeks later, triggering ClickFix attacks and stealing user data. The extension had about 7,000 users and has since been removed from the store. Reports indicate that the hijacked extension scans crypto wallet data and mnemonic phrases, and scrapes Gmail content, YouTube channel data, and web login or payment information.

According to Cointelegraph, hackers are using the "ClickFix" attack method to steal cryptocurrencies, with the latest two attacks involving impersonating venture capital firms and hijacking browser extensions.Cybersecurity company Moonlock Lab reports that scammers impersonate fake VCs such as SolidBit, MegaBit, and Lumax Capital, contacting users via LinkedIn to offer collaboration opportunities, then directing them to click on fake Zoom and Google Meet links. After clicking the link, users are led to a page with a forged Cloudflare "I'm not a robot" verification box; clicking this box copies malicious commands to the clipboard and prompts users to open a terminal to paste the so-called verification code, thus executing the attack.Moonlock Lab points out that this method turns victims into execution mechanisms, bypassing defenses in the security industry. Meanwhile, hackers are also spreading malware by hijacking the Chrome extension QuickLens. This extension allows users to run Google Lens searches directly in the browser, and after ownership was transferred, the new version contains malicious scripts that can initiate ClickFix attacks and steal information.The extension has about 7,000 users, and once hijacked, it searches for cryptocurrency wallet data and recovery phrases to steal funds, as well as scraping Gmail inbox content, YouTube channel data, and login credentials or payment information entered in web forms. The extension has been removed from the Chrome Web Store. The ClickFix technique has been popular among hackers since last year, forcing victims to manually execute malicious payloads, affecting thousands of businesses and multiple industries worldwide.

GoPlus has released a security alert that a vulnerability in the Chrome browser allows malicious extensions to escalate privileges through the Gemini panel. Please upgrade your Chrome browser to version 143.7499.192 or above immediately.This vulnerability allows malicious extensions to control the Gemini Live panel in the Chrome browser, thereby escalating privileges to access the camera and microphone, take screenshots, access local files, and more without user consent. The vulnerability is identified as CVE-2026-0628, and Google has fixed it in the Windows/Mac versions 143.7499.192/.193 and the Linux version 143.7499.192 at the beginning of January 2026. Please check and upgrade your Chrome version immediately.

The DeFi lending protocol Moonwell released an official statement following approximately $1.78 million in bad debt caused by an oracle configuration error. The statement confirmed that a serious error in one oracle configuration led to the system not calculating the cbETH price as expected through cbETH/ETH × ETH/USD, but instead only using the cbETH/ETH exchange rate. This resulted in the cbETH price being approximately $1.12 instead of the actual market price of about $2200. The attacker only needed to repay about $1 in debt to liquidate 1 cbETH, causing a large number of borrowers' collateral assets to be liquidated and resulting in significant bad debt. In total, 1096.317 cbETH was liquidated, most of which was bad debt valued in cbETH.As the oracle fix requires a five-day governance voting and time-lock process, liquidations are still ongoing during this period. A related governance proposal for the fix is planned to be launched.

The Flow Foundation officially announced the progress of the security incident resolution, confirming the permanent destruction of 87.4 billion counterfeit FLOW tokens, marking the complete technical resolution of the security incident.The related destruction operations were executed on-chain by the community governance committee, and all seized counterfeit assets have been completely withdrawn from circulation, in accordance with the independent recovery plan disclosed in the previous technical review. Currently, the validation nodes completed the deployment of security patches within 24 hours after the incident, and the network has continued to operate normally since then, with additional security measures introduced at the protocol level. Furthermore, network operation data shows that Flow has returned to a fully healthy state, processing over 3 million transactions in the past week, with all core DeFi protocols operating normally. With the completion of all security repairs, future efforts will focus on ecosystem expansion and product development. Previously, it was reported that Flow suffered a loss of $3.9 million due to a hacker attack, but user deposits were unaffected. In mid-January, its community governance committee completed the final recovery of unliquidated counterfeit FLOW tokens from centralized exchanges, including Binance and HTX.

According to Arkham data, at 22:50, 15,999.992035 SOL (worth approximately $2,027,518.99) was transferred from an anonymous address (starting with EePcvVQ...) to FixedFloat.

On January 21, Saga discovered and responded to a security incident affecting the SagaEVM chain. The incident involved a coordinated deployment of contract sequences, cross-chain operations, and subsequent liquidity extraction. Based on the principle of prudence, the SagaEVM chain has been paused at block height 6593800, and an active investigation and mitigation work is underway. Approximately $7 million worth of USDC, yUSD, ETH, and tBTC has been transferred to the Ethereum mainnet.The team is collaborating with exchanges and cross-chain bridge platforms to blacklist the attack wallet and recover the stolen tokens, and will repair and strengthen the affected cross-chain and deployment components. This incident did not involve a consensus mechanism failure, validator compromise, or private key leakage.According to previous news from ChainCatcher, the Saga chain was allegedly attacked by hackers, resulting in approximately $7 million in assets being stolen.

According to The Hacker News, Cyata researchers have disclosed three critical security vulnerabilities (CVE-2025-68143/44/45) in the mcp-server-git maintained by Anthropic, which can be exploited for path traversal and parameter injection, potentially leading to remote code execution.These vulnerabilities can be weaponized through prompt injection, allowing attackers to trigger the attack simply by controlling the AI assistant to read malicious content. The vulnerabilities have been patched in the versions released in September and December 2025, and the official has removed the git_init tool and enhanced path validation, recommending users to update to the latest version as soon as possible.

According to the official page, Binance Alpha has launched Ucan fix life in 1 day (1) and Misprinted Horse (Crying Horse).

According to Arkham data, at 19:50, 14,999.99 SOL (worth approximately $202.98 million) was transferred from an anonymous address (starting with A6ajv...) to FixedFloat.