The founder of Slow Fog, Yu Xian, released the investigation results regarding the Venus attack incident, indicating that there is no issue with the protocol itself, but it may have been subject to front-end hijacking and phishing attacks. Victims' computers may have been targeted by specific malware attacks, and the source of the hacker's funds is complex, with actual losses possibly being less than $20 million.

Slow Fog disclosed on the X platform that an investor lost WLFI tokens due to a Private Key leak, involving a classic EIP-7702 phishing attack. The phishing gang exploited this mechanism to automatically transfer funds when victims moved their Tokens, achieving front-running by packaging transactions through flashbots.

ChainCatcher news, Slow Mist Technology's Chief Information Security Officer 23 pds posted on the X platform revealing that the FBI and Dutch police have just shut down VerifTools (a dark web hub selling fake passports and driver's licenses for as low as $9), which criminals used to bypass KYC checks and steal millions in Crypto Assets, but just a few hours later, its operators relaunched with a new domain.

BlockBeats reported that on August 13, Yuxian, the founder of Slow Fog, commented on the 51% attack incident of Monero, stating that there are many doubts in the community about whether it is truly a 51% attack in the real sense, but there are no doubts regarding the reorganized blocks (for example, 6 blocks). The Qubic Mining Pool claims to control 51% of the Computing Power, but many community members believe it controls about 33% of the Computing Power. This debate is not easy to verify; to provide solid evidence of a 51% attack, a double spending attack test must be initiated. Previous reports indicated that the IOTA co-founder Sergey Ivancheglo's project Qubic quickly accumulated a large amount of Monero Computing Power through the "useful Proof of Work (uPoW)" mechanism, and on August 12, Qubic briefly controlled 52.72% of the Monero network's hashrate (approximately 3.01 GH/s). Once it exceeds

PANews August 12 news, Slow Fog founder Yu Xian stated that the Qubic Mining Pool has recently gathered a large amount of Computing Power through economic incentives, and is suspected to have successfully achieved a 51% Attack on the Monero network. Qubic founder Sergey Ivancheglo admitted that after controlling most of the Computing Power, they could rewrite the Blockchain, implement Double Spending, and review transactions. Although Qubic claims this move is a technical demonstration, the Monero community has expressed concerns about the network's Decentralization and security, and has called on miners to disperse their Computing Power to drop risks. It was previously reported that Monero is facing a network takeover attempt initiated by the mining pool Qubic, which has sparked strong opposition from the community.

PANews August 4 news, according to a Genians article cited by Slow Fog's Chief Information Security Officer 23pds, the North Korea-linked hacker group APT37 is hiding malware in JPEG image files to launch attacks. This malware uses a two-stage encryption shellcode injection method to hinder analysis, with attackers utilizing shortcut files with the .lnk extension, embedding Cmd or PowerShell commands within to execute the attack. Efficient EDR monitoring optimized for detecting abnormal endpoint behavior is now crucial.

According to BlockBeats news on July 17, monitoring by Slow Mist's Yuxian indicates that the Infini hacker's new address is exchanging some ETH for DAI. As of the time of publication, this address has obtained 5.87 million DAI by selling ETH.

Odaily News Yu Xian, the founder of Slow Fog, posted on the X platform stating that GMX-related fork projects need to pay attention to similar security risks. He mentioned that the fundamental reason for the theft of 42 million dollars from GMX last night was that GMX v1 immediately updates the global short average price (globalShortAveragePrices) when handling short positions, and this global average price will directly affect the calculation of the total asset size (AUM), thus leading to

The CISO of Slow Fog pointed out that the design flaw of GMX v1 allowed attackers to manipulate the global average price using short positions, thereby manipulating the price of GLP Token for profit.

On July 7, 2025, the U.S. Securities and Exchange Commission (SEC) confirmed that Fidelity's application to launch a Solana (SOL) spot exchange-traded fund (ETF) has been delayed again. The document submitted by the Cboe BZX exchange is part of the proposed rule change application regarding the listing of the "Fidelity Solana Fund." Although future approvals may accelerate, Fidelity's Solana ETF is currently still under the uncertainty of cryptocurrency regulation. Dozens of similar applications (from XRP ETF to Meme Coin ETF) have also been stalled. Meanwhile, some companies are seeking alternative Solana investment products. Last week, REX Financial and Osprey Funds launched the REX-Osprey Sol + Staking ETF. While not a direct Solana spot ETF, it provides investors with an indirect way to access the Solana network and its staking rewards.

PANews reported on July 4th that Slow Fog's Yu Xin reminded users that the Private Key corresponding to the Sui Address cannot derive the same address for Aptos, and they cannot be converted to each other. "For example, if you have Aptos and accidentally transfer funds to your Sui address, then this money is lost; we researched and couldn't retrieve it." "In other words, the same mnemonic phrase will generate different addresses under the derivation logic of Aptos and Sui. However, during the transfer, they are all considered valid addresses... starting with 0x, a total of 66 characters..."

PANews, July 3 news, according to the Slow Fog security team, on July 2, a victim reported that they used a project hosted on GitHub - zldp2002/solana-pumpfun-bot the day before, after which their encrypted assets were stolen. After analysis by Slow Fog, it was found that in this attack event, the attacker disguised themselves as a legitimate open source project (solana-pumpfun-bot), luring users to download and run malicious code. Under the guise of boosting the project's popularity, users unknowingly ran a Node.js project with malicious dependencies, leading to the leakage of their Wallet Private Key and asset theft. The entire attack chain involved multiple GitHub accounts working in coordination, expanding the scope of spread and enhancing credibility, making it highly deceptive. Meanwhile, such attacks utilize both social engineering and technical means, making it very difficult to completely defend against them within the organization. Slow

Odaily News Slow Fog Cosine stated in a post on the X platform that after stock tokenization, the stock market has new play styles within Crypto Assets, and there are also new risks in Crypto Assets. If it becomes popular, there will be innovation and conflict between the old and new worlds, with you in me and me in you.

Gate News bot message, Slow Mist CISO @im23pds released a security warning on social media, disclosing a CVE-2025-6554 vulnerability in the Chrome V8 engine. This vulnerability has been confirmed, allowing attackers to execute malicious code by constructing specific web pages. Currently, the proof of concept for the vulnerability ( PoC ) has been made public online. Slow Mist reminds users to update Chrom in a timely manner.

Odaily News Slow Fog Cosine published on the X platform stating that Uniswap Card will collect users' X email addresses, meaning they can obtain the email, and of course, basic information like IP and UA will also be collected. However, this privacy has authentication, and Uniswap does not engage in malicious activities or leak information internally, so it's not a big issue. However, one should be aware of potential targeted phishing methods that may arise in the future.

Yuxian, the founder of Slow Mist, revealed that the decentralized stablecoin protocol Resupply has been attacked. The attacker exploited an interest rate inflation vulnerability to steal assets, borrowing a large amount of reUSD with only 1 wei of collateral. Currently, hacker funds valued at over $9.5 million have been converted to ETH.

HuionePay has processed over $50 billion in USDT deposits and withdrawals in the past 18 months and is under scrutiny by global regulators for suspected Money Laundering. Telegram dark web traders have turned to Tudou Guarantee.

BlockBeats news, on June 21, Slow Fog CISO @im23pds tweeted to warn about the encryption raffle scam disguised as an official Cold Wallet giveaway. Criminals are impersonating official accounts on the X platform, claiming to give away Ledger and other Cold Wallets for free, and actually sending "brand new sealed" real devices, luring users into lowering their guard. The real traps are often hidden in the devices themselves or the accompanying initialization instructions, which may be tampered with devices or through social engineering to induce users to leak their mnemonic phrases.

ChainCatcher message, Slow Mist posted on social media that its MistEye has detected suspicious activities related to Bankroll Network, urging relevant investors to remain vigilant.

Golden Finance reports that Slow Mist's Yu Xian posted on social media, stating that looking at it now, over 80 million dollars worth of Crypto Assets was directly transferred to an Address that is highly likely a black hole, meaning it was directly destroyed.

PANews, June 17th news, Slow Fog has issued a security warning: Potential suspicious activities related to Meta Pool have been detected, with the root cause being that the deposit function has been rewritten, allowing for arbitrary minting through the mint function without the need to transfer tokens. Please remain vigilant.

Golden Finance reported that after Slow Mist founder Yu Xian released the update "Alby hosted wallet balance was transferred away by the platform," he stated, "Alby has too many traps. Although the funds have been refunded, the process of successfully withdrawing is cumbersome (though I completely understand the mechanism behind this). Ultimately, out of the 191 dollars, only 153 dollars were successfully withdrawn, with over 30 dollars lost in the process."

BlockBeats news, on June 11, Slow Fog's Yuxian posted an update on social media stating, "Got it back, didn't follow the official required steps. It seems they just refunded me directly... Happy Ending... Other friends who have experienced this, if you haven't been refunded, you can email the official to inquire (the official email is in the message where your funds were transferred), you can follow the required steps provided by the official reply (for example, you may need to spend money to sign up for their Cloud or set up Alby Hub, etc.), but of course, you may also be able to do nothing like me and just get it back. Although the amount is small, the nature is serious. If the official had left a message informing us of the retrieval method when they transferred our funds, the nature would have been very different."

Golden Finance reported that Slow Mist founder Yu Xian posted on the X platform, stating that after the Cetus theft incident was covered by the Sui Foundation, users can currently retrieve most of their funds. Slow Mist also received a $20,000 tip from Hoi (@JaceHoiX), and the hacker tracking is still ongoing.

Gate News bot message: According to the latest security alert issued by the Slow Mist team, the Android banking Trojan Crocodilus has completed its upgrade and is launching attacks on encryption users and banking app users worldwide. The Trojan spreads through fake browser updates advertised on Facebook. The attackers use overlay attacks to steal user login credentials, while also having the capability to extract encryption wallet seed phrases and private keys. Additionally, the attackers implant fake "bank support" numbers in the user's contact list. It is reported that the Trojan has started to be rented out in the form of Malware-as-a-Service(, charging 100-300 USDT for each attack. The Slow Fog team advises users to be cautious with unknown application updates and advertisement links. Source: Wu said

Slow Fog has issued a security alert that Google Chrome has released an emergency patch to fix the high-risk zero-day vulnerability CVE-2025-5419, which affects the V8 JavaScript engine. Users should update their browsers as soon as possible to ensure safety.

Golden Finance reported that Yu Sine, the founder of Slow Mist, posted on the X platform: "A security suggestion, if your funds are stolen, it is best to publicize the wallet address (if you are worried about privacy, you can appropriately hide some characters in the middle), or you can publicize the hacker address." Why is this suggestion? It is because some hackers nowadays are particularly fond of taking the blame, and when the time comes, they will not only bear the pain of theft of funds, but also the possibility of follow-up law enforcement investigations. ”

Odaily News Slow Mist Yu Xian stated on the X platform that the new mechanism EIP-7702 is being used most highly by coin theft gangs (not phishing gangs), allowing for the automatic transfer of related funds from wallet addresses that have leaked Private Keys/mnemonic phrases... Over 97% of EIP-7702 delegations were authorized to these types of coin theft contracts.

BlockBeats news, on May 31, Slow Mist founder Yu Xian stated that a user's four sets of mnemonic phrases were leaked, corresponding to four wallet addresses where the funds were stolen. From the on-chain operational methods, after receiving the funds, the hacker's address converted everything into ETH, and then laundered it through FixedFloat. The longer mnemonic phrases/private keys are exposed to the internet and the more people they are distributed to for joint use, the more likely they are to be leaked, and the harder it is to investigate the reasons for the leak.

Odaily News Slow Mist stated in a post on the X platform that the Cetus Hacker has not returned the funds, holding more than 60 million USD worth of ETH without further transfers. They have currently received suspicious clues related to the Cetus Hacker submitted by community users, and more details may be disclosed later.

ChainCatcher news, Slow Mist Technology's Chief Information Security Officer 23pds tweeted that the Cork Protocol was attacked resulting in a loss of 12 million dollars. The Slow Mist security team initially analyzed the cause of the attack: it is suspected that the exchange rate can be controlled externally, leading to a price manipulation vulnerability.

ChainCatcher news, SlowMist's Chief Information Security Officer @im23pds posted on the X platform stating that the Ethereum address of the Cork Protocol attacker holds 4,530.59 ETH, currently valued at 12,125,718.18 dollars.

SlowMist officially released an analysis of the Osiris malicious browser extension, pointing out that the extension will replace the user's download link and cause the malicious program to download, and the attacker can steal assets and user data, reminding users to avoid installing unknown programs and not trusting unfamiliar tools.

Gate News bot message, the Slow Fog security team has released the latest security reminder, revealing a scam incident targeting crypto assets users. Scammers send forged exchange text messages containing "withdrawal verification code" and customer service phone numbers. When users call the number, the scammers transfer them to so-called "hardware wallet support personnel" under the pretext of a "security vulnerability." Subsequently, the scammers induce users to visit a phishing website and enter their cold wallet mnemonic phrase, resulting in the theft of user assets. According to statistics, the total asset loss from this incident has exceeded $1 million.

Gate News bot message, the blockchain security platform Scam Sniffer has disclosed that the phishing organization Inferno Drainer has launched a new type of attack targeting the Ethereum EIP-7702 upgrade features, resulting in a loss of approximately $150,000 in a single transaction. According to Beincrypto, EIP-7702, as a core feature of the Pectra upgrade, provides externally owned accounts (EOA) with the capability to temporarily use smart contract functions during transactions. Attackers executed bulk token transfer operations through an authorized MetaMask wallet. The founder of Slow Fog, Yu Xian, pointed out that this incident shows that phishing strategies have changed. Attackers no longer directly hijack wallets but instead induce users to trigger the "execute" command in MetaMask, executing malicious batch authorizations in the background to complete asset transfers.

Slow Mist analyzed the Cetus theft incident, pointing out that the attacker exploited a parameter overflow vulnerability to obtain a large amount of assets. The attacker used the checkedshlw function vulnerability to acquire various assets, with some funds being cross-chain to EVM addresses. Cetus has fixed the vulnerability, and $162 million has been frozen. Developers are advised to verify the boundary conditions of mathematical functions.

The analysis of the $230 million theft incident of Cetus released by Slow Mist shows that the attackers exploited an overflow detection bypass vulnerability, selecting parameters through precise calculations to exchange a minimal amount of tokens for a large amount of Liquidity assets. The attack demonstrated the power of mathematical overflow vulnerabilities, and it is recommended that developers strictly verify the boundary conditions of mathematical functions in smart contract development.

The Federal Reserve (FED) is still observing the impact of fiscal and trade policies on the economy, and the market expects that the policy will remain on hold until the July meeting. Although expectations for a rate cut in June have weakened, the futures market shows that the probability of a rate cut before September is still slightly above 50%. The situation may become clearer in the next four months, with a potential for inflation to slow down or economic deterioration leading the Federal Reserve (FED) to adopt stimulus policies.

Gate News bot reported that according to Wu, the Chief Information Security Officer of Slow Fog, @im23pds, disclosed a "withdrawal verification code" phishing scam case. The scammers disguised themselves as a trading platform and sent text messages to lure users into making phone calls. Subsequently, the scammers impersonated Ledger customer service personnel and guided the victims to visit a phishing website, ultimately resulting in a financial loss of $1.1 million for the victims. In response to such incidents, it is recommended that users remain highly alert to verification code text messages and phone calls from unknown sources.

Odaily Planet Daily News Slow Mist Cosine posted on the X platform that Sui's official intervention froze the $160 million in assets that had not yet escaped across the chain, and the remaining more than $60 million was distributed in two addresses, almost all of which were exchanged for ETH, a total of 23,243.

Odaily Planet Daily News Slow Mist Cosine posted on the X platform that about $200 million was stolen from Cetus on Sui's network, and it is not easy for hackers to convert them into more stable assets and then cross over, and some traces of hackers have been obtained.