third-party

According to Valor, the Central Bank of Brazil (BC) has issued rules for banks and brokerage firms wishing to engage in cryptocurrency activities. The directive requires such institutions to hire a qualified independent company to demonstrate their compliance with the regulatory requirements for virtual asset service providers (PSAV) set by the monetary authority. The certifying entity must clearly indicate that there is no conflict of interest with the audited party.

According to The Block, the crypto prediction market platform Polymarket confirmed on December 24 that multiple user accounts were hacked due to a security vulnerability in a third-party authentication provider. Affected users reported on social media that their funds were drained even with two-factor authentication enabled. The issue appears to be related to the email login service provided by Magic Labs, which is a common registration method for many first-time cryptocurrency users.Polymarket stated that it has resolved this security issue and there is currently no ongoing risk, but it did not disclose the number of affected users or the amount of losses.

According to The Block, the crypto prediction market platform Polymarket has confirmed that multiple user accounts were hacked due to a security vulnerability in a third-party authentication provider. Affected users reported on social media that their funds were drained even with two-factor authentication enabled.The issue appears to be related to the email login service provided by Magic Labs, which is a common registration method for many first-time cryptocurrency users. Polymarket stated that it has resolved this security issue and that there is currently no ongoing risk, but it did not disclose the number of affected users or the amount of losses.

The Argentine cryptocurrency platform Lemon Cash confirmed on December 4 that some users' names and email addresses were leaked due to a hacking incident at its external analytics service provider Mixpanel on November 9. Lemon Cash emphasized that its own platform was not attacked, and sensitive information such as users' private keys, recovery phrases, funds, and account balances were not affected.The company has sent emails to affected users, warning them to be vigilant against potential phishing attacks. Notably, OpenAI is also a client of Mixpanel and has terminated its partnership with the service provider following this incident.

According to the latest research released by the Federal Reserve, there is a high concentration risk at the "third-party service provider" level between the top 100 banks in the United States and 100 non-bank financial institutions (NBFIs). If key cloud, payment, or core IT service providers experience a failure, it will quickly evolve into a systemic event across markets. The model shows that in extreme scenarios, the tail losses caused by systemic incidents can far exceed normal operational risks, with operational disruptions becoming a major source of losses rather than traditional credit events.From a macro-financial perspective, this study quantitatively confirms for the first time that "digital infrastructure failure" itself can serve as a trigger for financial crises, rather than merely being an ancillary risk. When key third-party nodes fail, it will simultaneously impact payment clearing, liquidity allocation, credit transmission, and risk hedging mechanisms, temporarily increasing demand for dollars, compressing global dollar liquidity, and causing credit spreads and volatility to spike. Although banks have lower nominal exposures than non-bank institutions, their extreme losses relative to revenue are even greater, indicating that the vulnerability of the large traditional financial system to tail risks has been long underestimated by the market.The cryptocurrency market is more sensitive to such "functional risks." Exchanges, wallets, custody, oracle services, and settlement layers are highly dependent on cloud and third-party authorized services. Once there is a regional or vendor-level disruption, it can easily lead to a chain reaction of clearing and liquidity vacuum. Historical experience shows that such non-price shocks often lead to passive deleveraging of short-term leveraged funds, with volatility sharply amplified. The short-term Bitcoin structure support will test high-leverage dense areas, and if the liquidity below is penetrated, one must be wary of the risk of a "liquidity spiral decline."Bitunix analysts: The core significance of this report is that the market is transitioning from "financial risk pricing" to a new stage of "infrastructure risk pricing." Future capital allocation will not only consider interest rates and growth but will also simultaneously assess the stability of system operations and the concentration of supply chains. Risk appetite will become more event-driven, and true structural opportunities will arise when resilient assets and decentralized infrastructure values are repriced.

According to Cointelegraph, Bitcoin Core has passed its first third-party security audit, confirming that the software securing the Bitcoin network is highly mature, with no serious vulnerabilities found.The audit was conducted by the French security company Quarkslab, commissioned by the Open Source Technology Improvement Fund (OSTIF) and implemented on behalf of the Bitcoin Core development funding organization Brink. During the 104-day audit period from May to September, the reviewers assessed the most sensitive components of the project, with particular attention to the P2P layer and block validation logic. The report noted that despite the large size of the Bitcoin Core codebase, which contains over 200,000 lines of C++ code and more than 1,200 deployed test cases, the auditors assessed it as "the most mature and well-tested." The team found no high or medium severity vulnerabilities, only two low severity issues, along with a series of recommendations for improvements mainly related to fuzz testing tools and test coverage. These findings did not impact the consensus mechanism, denial-of-service resistance, or transaction validation.

ChainCatcher message, Binance founder CZ posted on the X platform stating that all DAT companies should use third-party crypto asset custody services and have their account setups audited by investors. He emphasized that this is a prerequisite for any investment by Yzi Labs in BNB DAT projects, aimed at ensuring asset security and investment transparency.

ChainCatcher message, Ethena Labs posted on social media, "USDe reserve proofs are typically provided weekly by independent third-party verification agencies, including companies such as Chaos Labs, Chainlink, Llama Risk, and Harris & Trotter.In response to community requests, we have provided an unconventional pace reserve proof based on market events from the past 24 hours, which is linked below this message.These independent third parties have confirmed that USDe still has approximately $66 million in over-collateralization."

ChainCatcher news, according to IT Home, the social media platform Discord announced that its third-party customer service provider was hacked, and some customer information was stolen and used to extort Discord.This cybersecurity incident affected some Discord users who had contacted the customer support team or the trust and safety team, involving chat logs, real names, usernames, email addresses, IP addresses, transaction history, payment information, and the last four digits of credit cards, as well as a small number of ID photos used to verify age. After discovering this issue, Discord immediately revoked the third party's access to Discord's ticketing system. According to preliminary analysis, the unauthorized third party that launched the attack did not have the capability to directly access Discord.

According to ChainCatcher, as reported by Crypto In America, Vanguard, the world's second-largest asset management company, is preparing to allow clients to invest in cryptocurrency ETFs on its brokerage platform. Anonymous sources revealed that due to strong client demand for digital assets and the changing regulatory environment, Vanguard has begun preparations for this and has engaged in external discussions; currently, Vanguard does not have plans to launch its own products like BlackRock, but is considering allowing brokerage clients to invest in certain third-party cryptocurrency ETFs. However, it is still unclear when a decision will be made and what products will be offered.

ChainCatcher news, State Street, the world's largest ETF service provider, announced that it has become the first third-party custodian to access JPMorgan's digital debt services, providing institutional clients with blockchain-based debt securities custody services.JPMorgan's digital debt services support the issuance, settlement, and lifecycle management of bonds through the Kinexys digital asset platform, utilizing blockchain technology to achieve precise T+0 settlement and automated operations. The first transaction was completed by State Street's investment management division, purchasing $100 million in commercial paper, marking the modernization of the short-term debt market.

ChainCatcher news, according to Zhito Finance, Hong Kong listed company Ruihe Digital Intelligence (03680.HK) announced that the group has reached a cooperation framework agreement with an independent third-party institution on the joint development of a virtual cryptocurrency trading platform on July 29, 2025.

ChainCatcher news, according to official sources, Bitwise has announced the launch of a third-party asset reserve proof transparency service for the Bitcoin spot ETF (BITB) and the Ethereum spot ETF (ETHW), provided by the U.S. registered accounting firm The Network Firm.

ChainCatcher news, the Movement Network Foundation announced a third-party review of the abnormal situation regarding external market makers, and has commissioned the professional intelligence agency Groom Lake in the digital asset field to carry out this review. After the review is completed, the foundation will release the results of the review and the measures taken.

ChainCatcher news, Sun Yuchen stated in his live broadcast that he has called for FDT to hire a third-party auditing firm for an audit, "I believe the audit results will show that FDT is in a state of insolvency."

ChainCatcher message, OKX officially stated on social media that during a recent routine maintenance of the wallet system, some wallet addresses were changed, resulting in discrepancies in the statistics of third-party data platforms, which showed abnormal total asset amounts on the platform. This situation is solely due to the lag in third-party data, and the assets of platform users remain safe and can be deposited and withdrawn normally.Currently, OKX is communicating with third-party data platforms to ensure that their data fetching functions are restored to normal as soon as possible. In addition, the platform will release the latest proof of reserves (POR) within this week for users to verify.

ChainCatcher message, the Sui ecosystem lending protocol Suilend posted on platform X 1 hour ago stating: "Due to issues with a third-party custody service provider, we are currently experiencing an interruption. Our team is actively investigating this issue and working to resolve it as soon as possible. Funds are safe as this is just a front-end issue."Regarding this issue, Suilend has just released an update stating: "We have identified the problem and are actively seeking a solution." Upon checking, the Suilend front-end has not yet been restored.

ChainCatcher news, according to Cointelegraph, cybersecurity company Kaspersky recently released research showing that hackers are creating hundreds of fake projects on the GitHub platform to lure users into downloading malware that steals cryptocurrency and credentials. Kaspersky has named this malware activity "GitVenom."Kaspersky analyst Georgy Kucherin pointed out in a report on February 24 that these fake projects include Telegram bots for managing Bitcoin wallets and tools for automating Instagram account interactions. Hackers carefully design project documentation, possibly using AI tools to generate content, and artificially increase the number of project "commits" to make the projects appear to be actively developed.According to Kaspersky's investigation, these malicious projects can be traced back at least two years. Regardless of how the projects are presented, they contain malicious components, such as information-stealing tools that upload saved credentials, cryptocurrency wallet data, and browsing history through Telegram, as well as clipboard hijackers that replace cryptocurrency wallet addresses. In November 2023, a user lost 5 Bitcoins (approximately $442,000) as a result. Kaspersky advises users to carefully check the behavior of third-party code before downloading.

ChainCatcher news, digital asset wallet TokenPocket issued a statement in response to the incident on February 14, where user assets were aggregated and stolen by hackers. Technical analysis revealed that affected users had downloaded a third-party mining software called "Bom," which exhibited malicious behavior by unauthorized access to users' photo albums and uploading data, leading to the leakage of users' mnemonic phrases or private keys.TokenPocket has collaborated with security teams such as SlowMist Technology and GoPlusSecurity, and reminds users to immediately stop using unverified third-party tools, and to avoid saving mnemonic phrases and private keys through screenshots, social platforms, cloud storage, and other methods.