Scammers Abuse WhatsApp Screen Sharing to Steal OTPs and Funds

A fast-spreading threat, known as the screen-sharing scam, is using a simple feature on WhatsApp to steal money…...

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2025-24800

The CVE-2025-24800 vulnerability affects the ismp-grandpa crate used by Hyperbridge. A flaw in Grandpa signature verification could cause a malicious prover to convince the verifier of the finality of arbitrary headers, potentially enabling fund theft or compromise of cross-chain applications. Th...

CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

solana/web3.js 信息泄露漏洞

solana/web3.js is a JavaScript library from Solana Labs. An information disclosure vulnerability exists in solana/web3.js versions 1.95.6 and 1.95.7, which stems from a vulnerability that allows an attacker to distribute unauthorized malicious packages that have been modified to steal private key...

CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

CVE-2023-38701

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

CVE-2023-39910

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet...

Libbitcoin Explorer Security Feature Issue Vulnerability

Libbitcoin Explorer is a bitcoin command line tool open-sourced by Libbitcoin. Libbitcoin Explorer versions 3.0.0 through 3.6.0 suffer from a security vulnerability that stems from a security issue with the currency's encryption technology leading to the theft of funds...

CVE-2023-39910

CVE-2023-39910 (Milk Sad) affects Libbitcoin Explorer 3.0.0–3.6.0. The wallet entropy seeding uses an mt19937 PRNG, constraining internal entropy to 32 bits regardless of settings, enabling attackers to recover wallet private keys from residual memory and steal funds. The description notes this w...

Researcher Exposes Cryptocurrency Scam Network of 300 Domains

By Habiba Rashid A new investigation by cybersecurity researcher Jeremiah Fowler from VPNmentor reveals an elaborate cryptocurrency scam that employs over 300 fake websites to steal funds from unsuspecting victims and lure new investors. This is a post from HackRead.com Read the original post:...

funds can be stolen in InterchainGovernance, Multisig and AxelarServiceGovernance contracts

Lines of code Vulnerability details Impact In InterchainGovernance users can execute the proposal by passing required data and the amount of native value they want to send with executeProposal function, this function calls call function in Caller contract, but this function insted of checking...

An attacker can steal funds from an Llama account by re-logging in.

Lines of code Vulnerability details Impact Funds are passed to LlamaAccount.execute and LlamaExecutor.execute using success, result = target.callvalue: msg.valuecallData However, there is no remedy for reentrancy. The target contract can steal funds from LlamaAccount when executed. Proof of Conce...

_execSellNftToMarket() re-enter steal funds

Lines of code Vulnerability details Impact re-enter steal funds Proof of Concept execSellNftToMarket The number of changes in the balance to represent whether the corresponding amount has been received function execSellNftToMarket address collection, uint256 tokenId, uint256 amount, bool pushBase...

VulnCheck KEV: CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

ATTACKER CAN STEAL FUNDS BECAUSE OF REENTRANCY VULNERABILITY IN burn METHOD

Lines of code Vulnerability details Impact In burn method of TimeswapV2Option contract, there is no Reentrancy guard. The method allows a Callback function before updating the State variable, which makes method vulnerable for Reentrancy which can lead to steal of funds. Proof of Concept File:...

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

Fake Windows Crypto Apps Spreading AppleJeus Malware

By Deeba Ahmed The infamous North Korean state-backed Lazarus hacking group is using AppleJeus malware to steal crypto funds from Windows users. This is a post from HackRead.com Read the original post: Fake Windows Crypto Apps Spreading AppleJeus Malware...

Potential reentrancy attack

Lines of code Vulnerability details Impact There is a potential of reentrancy attack in executeCalls in EthereumToArbitrumExecutor.sol since CallLib is making an external call with its executeCalls and we do not know the implementation of the contract that will be called eventually. The same issu...