Zcash developers have patched a critical flaw in the Orchard shielded pool that a security researcher showed could forge an unlimited supply of counterfeit ZEC. The token fell more than 40% as the disclosure came to light. A Forgery Flaw Hidden Since 2022 Zcash founder Zooko Wilcox confirmed that security researcher Taylor Hornby had uncovered […]
]]>
A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK. Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads The Mini Shai-Hulud campaign, attributed to the threat group Team PCP, does not work the way most supply chain attacks do […]
]]>
Volo Protocol, a liquid staking and BTCFi platform on the Sui blockchain, confirmed a $3.5 million security exploit this week, tied to a compromised vault admin private key. Key Takeaways: Volo Protocol lost $3.5 million from three Sui-based vaults on April 21, 2026, following a compromised admin private key. GoPlus Security and ExVul confirmed a […]
]]>
A malicious npm package impersonating an installer for the Openclaw artificial intelligence (AI) agent framework is spreading credential-stealing malware designed to quietly take control of developer machines. Security Researchers Expose Malicious Openclaw npm Package Security researchers say the package is part of a supply-chain attack aimed at developers working with Openclaw and similar AI-agent tooling. […]
]]>
Kaspersky discovers Stealka, a sophisticated infostealer disguised as game mods and pirated software, capable of stealing cryptocurrency wallets, account credentials, and system data across multiple platforms. Kaspersky researchers have uncovered a new infostealer named Stealka, which primarily spreads through popular platforms like Github and Sourceforge. The malware masquerades as game cheats, mods, and software cracks, […]
]]>
According to a myriad of reports, Aerodrome Finance and Velodrome Finance spent Saturday putting out fires after a DNS hijack quietly rerouted users to phishing sites. Aerodrome–Velodrome Front Ends Compromised The Base and Optimism platforms woke up on Nov. 22 to find their front ends hijacked, sending unsuspecting users straight into malicious look-alikes designed to […]
]]>
Digital asset wealth platform Nexo has launched a risk-based Anti-Scam Engine that flags suspicious transfers in real time and, in high-risk cases, can briefly pause transactions to protect clients. Nexo Upgrades Fraud Defense With Intelligence-Backed Screening In a release shared with Bitcoin.com News, Nexo disclosed that its system is default-on and uses contextual analysis tied […]
]]>
Ledger CTO Charles Guillemet warned Monday that a large-scale software supply chain attack is underway targeting NPM packages used across the JavaScript ecosystem globally. ‘Potentially All Chains’: Ledger CTO Cautions After NPM Developer Account Hacked Ledger‘s Guillemet said on X that a reputable developer’s NPM account was compromised and that affected packages have been downloaded […]
]]>
On Dec. 27 at the 35th Annual Chaos Communication Congress (35C3) event, three individuals from a startup called Wallet Fail allegedly hacked the most popular hardware wallets and revealed their secrets on stage. According to Trezor, however, the hackers at 35C3 did not follow the standard responsible disclosure protocol and Ledger Wallet developers claim the […]
The post These Developers Claim They Can Crack Any Hardware Wallet appeared first on Bitcoin News.
Powered by WPeMatico
]]>