关于「 man cosine」的内容列表
SlowMist founder Cosine tweeted, "BitmapPunks, which is driving up Ethereum Gas fees, is indeed a fully-onchain, ultra-large, hybrid collection. However, the contract is not open-source verified, and it is not carefully checked whether there is any risk."
According to the founder of Slow Mist Cosine Disclosure, the Humanity Protocol project directly stores the plaintext private key in the browser sessionStorage, provided that it is logged in by Web2, such as email, and the platform will automatically assign wallets to users. Fortunately, this is just a test network, and there is no actual harm.
SlowMist founder Cosine tweeted that the EVM (ETH/BSC/BASE) address of DEXX hackers continued to change, and many funds (including some Meme) continued to collect to the address starting with 0xffb9 from around 7:00 in the morning. On-chain data shows that the address currently holds about 440,000 US dollars in assets.
Slow Mist founder Cosine Yu X confirmed in a post that DEXX attackers are collecting scattered stolen funds on Solana and splitting them from the collection address. Some of them are starting to use Wormhole cross-chain services to cross assets to addresses starting with Ethereum 0xffe224e.
The founder of Slow Mist, Cosine Yu X, said in a post that since 2:48 am, the DEXX attackers have one after another exchanged the tokens on a batch of EVM (ETH/BASE/BSC) addresses related to the attackers for the corresponding ETH/BNB. The exchange is still going on. It should be that another script has been written to automatically do these exchange operations, and these ETH/BNB have not been transferred out yet (but relevant tests have been found).
The founder of Slow Mist, Cosine Yu X, wrote that in the early morning of this morning, various value tokens on the Solana address related to the DEXX attacker were exchanged for SOL. At present, these SOL have not been transferred out. In addition, the attacker's EVM (ETH/BSC/BASE) addresses have begun to experience abnormal tests, and there has been no large-scale abnormal.
Slow Mist founder Cosine X issued a statement saying that the attacker used the XSS vulnerability of the Cointelegraph website to trick the target user to open the Cointelegraph official website (with XSS malicious script), so: - malicious script loading execution; - The address bar is set to https://cointelegraph [.] com/not-public/drafts/article-1033 at first glance, I thought it was an official unpublished draft; - Sign in with X box; - After clicking Sign in with X, open X's third-party app ...
The founder of Slow Mist, Cosine Yu X, wrote that at around 4 a.m. this morning, various value tokens on the Solana address related to the DEXX attacker were exchanged for SOL. At present, these SOL have not been transferred out. In addition, the attacker's EVM address has not been changed for the time being.
The founder of Slow Mist, Cosine, wrote that the Sui ecological project OceansGallerie (@OceansGallerie) is indeed quite strange. The token pool is too controlled, the total amount of tokens 10 billion OCEANS, Holders is too concentrated, and the tokens have fallen dozens of times in less than a week of issuance. Now the pool is less than 20,000 dollars. The address of abnormal operations is strongly related to the address of OCEANS token issuance. According to X user @tongyiju, Cetus Protocol t...
"Pay attention to the DEXX trading tool, many users have been stolen, and there are only a few stolen users who have requested us from various channels in the morning, and the losses are large or small. The theft time is concentrated, and the loss is estimated to be not small. Some users found out in time that they had withdrawn part of their funds. The stolen crowd is related to using DEXX as a washing dog/speculation MEME. The private key belongs to DEXX centralized hosting, which must have be...
SlowMist founder Cosine said that Lottie Player was attacked by supply chain poisoning, and Ace Drainer's phishing gang poisoned Lottie Player, a front-end scripting module relied on by well-known Web3 projects. Fortunately, it was discovered in time, and the impact should not be large. If your project uses the Lottie Player module, check to see if malicious code has been introduced (the current known version 2.0.4 and the latest 2.0.8 version do not have malicious code).
SlowMist founder Cosine said, "GoPlus responds very quickly, and has supported the detection of relevant'Pixiu 'risks for the first time." At the same time, GoPlus has pushed the update to all cooperative platforms that integrate GoPlus security APIs, such as GMGN, DEXScreener, and DEXTools, to help users on the chain identify and avoid potential'Pixiu' attack risks. Previously, it was reported that Cosine said that there are a certain number of "Pixiu" projects in some of GMGN's popular token p...
On September 10th, the founder of Slow Mist, Cosine, said that in the recent Trojan attack software released by Eastern European hackers for macOS, once the Trojan runs (you see that the running error is fake...), it automatically steals the cookies saved by your browser, auto-fill information, password information, and the mnemonic/private key file encrypted locally by the extended wallet. And the information in the macOS Keychain...
SlowMist founder Cosine said that the private key of DAI L2 Deployer was leaked, resulting in some recently deployed L2 DAI contract addresses being "honeypot" addresses controlled by attackers. The address has no associated risk on Optimism and Arbitrum, but the Base and Polygon network contracts are not secure. The mainnet DAI contract is secure.
Cosine Yu X, founder of SlowMist, wrote on the CoinStats attack: "This app has been used a long time ago, so it is convenient to see the assets of the target wallet. There are many such applications, so I will not name them. Some have their own wallet function (you have to touch this minefield), allowing users to create wallets and use them later. I am curious about how CoinStats Wallet is in principle self-hosted by users, and how private keys are leaked on a large scale. The official statement...
