#phishing
phishing
216,118 views
220 Discussing
Hot
Latest
Twenty malicious #npm packages impersonating the #Hardhat #Ethereum✅ development environment have targeted private keys and sensitive data. These packages, downloaded over 1,000 times, were uploaded by three accounts using #typosquatting techniques to trick developers. Once installed, the packages steal private keys, mnemonics, and configuration files, encrypt them with a hardcoded AES key, and send them to attackers. This exposes developers to risks like unauthorized transactions, compromised production systems, #phishing , and malicious dApps.
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
🚨 ALERT: ENS founder Nick Johnson warns of an "extremely sophisticated" Google phishing scam targeting users with fake subpoena notices. 🛑
⚠️ The emails pass DKIM checks and appear as legit Gmail security alerts.
📩 Stay sharp — even your inbox isn’t safe.
#Phishing #Crypto #CyberSecurity #ENS #Web3
⚠️ The emails pass DKIM checks and appear as legit Gmail security alerts.
📩 Stay sharp — even your inbox isn’t safe.
#Phishing #Crypto #CyberSecurity #ENS #Web3
Stay #SAFU on X and other socials.
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
🚨 SCAM ALERT: New Fake Customer Support Scams Target Binance Users 🚨
⚠️ Scammers are leveraging face-videos and QR codes to
impersonate official support.
🚫 Stay vigilant and never scan suspicious codes or share personal data with unverified accounts.
#CryptoScam #Phishing #BinanceSecurity #Write2Earn #BinanceSquare
⚠️ Scammers are leveraging face-videos and QR codes to
impersonate official support.
🚫 Stay vigilant and never scan suspicious codes or share personal data with unverified accounts.
#CryptoScam #Phishing #BinanceSecurity #Write2Earn #BinanceSquare
🔐 Do you have crypto? Then you need to protect it.
The market does not forgive those who are distracted. Here are the 3 basics to know:
1️⃣ Use a secure wallet
Start with a non-custodial (e.g., Metamask, Trust Wallet)
If you invest significant amounts, consider a hardware wallet
2️⃣ Never share the seed phrase
Not even with friends, not even as a joke
Write it down offline. Better on paper, in multiple copies
3️⃣ Watch out for phishing
Don't click on strange links
Always check that the site is the real one
🧠 Crypto is freedom, but it requires responsibility.
🔁 Follow me to learn how to manage it without getting scammed.
$BTC
#CryptoSicurezza #SeedPhras #Phishing #CryptoMindset
The market does not forgive those who are distracted. Here are the 3 basics to know:
1️⃣ Use a secure wallet
Start with a non-custodial (e.g., Metamask, Trust Wallet)
If you invest significant amounts, consider a hardware wallet
2️⃣ Never share the seed phrase
Not even with friends, not even as a joke
Write it down offline. Better on paper, in multiple copies
3️⃣ Watch out for phishing
Don't click on strange links
Always check that the site is the real one
🧠 Crypto is freedom, but it requires responsibility.
🔁 Follow me to learn how to manage it without getting scammed.
$BTC
#CryptoSicurezza #SeedPhras #Phishing #CryptoMindset
🚨 WLFI Blacklists 272 Wallets Amid Rising Phishing Threats
World Liberty Financial Inc. (WLFI) has announced the blacklisting of 272 crypto wallets in response to a surge of phishing attacks and wallet compromises.
🔐 WLFI emphasized this move is protective, not punitive—aimed at shielding users from malicious activity, not restricting legitimate trading.
📊 Breakdown of actions:
215 wallets linked to phishing attacks
50 wallets blacklisted at user requests after compromise
5 wallets flagged for high-risk exposure
1 wallet under investigation for misappropriating funds
✅ WLFI assured affected users it is working directly with rightful owners to secure and relocate assets, while maintaining transparency by sharing investigation outcomes publicly.
⚡ Key takeaway: User safety remains the top priority as WLFI strengthens protections against evolving threats in the crypto space.
---
#CryptoSecurity #Phishing #BlockchainSafety #WLF I #CryptoNews
World Liberty Financial Inc. (WLFI) has announced the blacklisting of 272 crypto wallets in response to a surge of phishing attacks and wallet compromises.
🔐 WLFI emphasized this move is protective, not punitive—aimed at shielding users from malicious activity, not restricting legitimate trading.
📊 Breakdown of actions:
215 wallets linked to phishing attacks
50 wallets blacklisted at user requests after compromise
5 wallets flagged for high-risk exposure
1 wallet under investigation for misappropriating funds
✅ WLFI assured affected users it is working directly with rightful owners to secure and relocate assets, while maintaining transparency by sharing investigation outcomes publicly.
⚡ Key takeaway: User safety remains the top priority as WLFI strengthens protections against evolving threats in the crypto space.
---
#CryptoSecurity #Phishing #BlockchainSafety #WLF I #CryptoNews
🚨 Beware of Phishing!
🎣 Criminals try to imitate official websites and apps to steal your data.
✅ Always check the website address.
✅ Enable two-factor authentication (2FA).
❌ Never click on suspicious links received via email, SMS, or social media.
🔒 Security is a priority: protect your access and your cryptocurrencies.
📌 Golden rule: if it seems strange, it's a scam.
#CriptoSeguro #Phishing #SegurançaDigital #ProtejaSeusAtivos #BitcoinBrasil
🎣 Criminals try to imitate official websites and apps to steal your data.
✅ Always check the website address.
✅ Enable two-factor authentication (2FA).
❌ Never click on suspicious links received via email, SMS, or social media.
🔒 Security is a priority: protect your access and your cryptocurrencies.
📌 Golden rule: if it seems strange, it's a scam.
#CriptoSeguro #Phishing #SegurançaDigital #ProtejaSeusAtivos #BitcoinBrasil
Serenity : 🧠 You Are the Final Firewall
A major cyberattack has just compromised over 184 million user credentials, affecting global tech giants including Google, Apple, and Microsoft. The hackers exploited multiple systems and leaked login #data across the dark web — exposing the alarming fragility of password based #security models.
🔐 The attackers broke through every wall – but sAxess ensures there’s one they can’t cross:
Your fingerprint.
✅ No more passwords to steal
✅ No #phishing traps to fall into
✅ No central databases to breach
✅ Your identity, secured by biometrics + blockchain
#Serenity #sAxess isn’t just a wallet. It’s a personal firewall. A biometric, self-custodial solution that removes traditional vulnerabilities and gives you total control over your digital access.
With sAxess, you become the key.
And hackers can’t steal what they can’t replicate.
A major cyberattack has just compromised over 184 million user credentials, affecting global tech giants including Google, Apple, and Microsoft. The hackers exploited multiple systems and leaked login #data across the dark web — exposing the alarming fragility of password based #security models.
🔐 The attackers broke through every wall – but sAxess ensures there’s one they can’t cross:
Your fingerprint.
✅ No more passwords to steal
✅ No #phishing traps to fall into
✅ No central databases to breach
✅ Your identity, secured by biometrics + blockchain
#Serenity #sAxess isn’t just a wallet. It’s a personal firewall. A biometric, self-custodial solution that removes traditional vulnerabilities and gives you total control over your digital access.
With sAxess, you become the key.
And hackers can’t steal what they can’t replicate.
According to security firm Web3 Scam Sniffer, over $127 million in #Criptomonedas was stolen from investors in Q3 2024, with approximately $46 million lost in September to phishing attacks.
In phishing attacks, scammers trick investors into linking their crypto wallets, such as #MetaMask , to fraudulent services. Linking crypto wallets to #phishing websites allows scammers to withdraw#cryptocurrenciesfrom users without further authentication.
In phishing attacks, scammers trick investors into linking their crypto wallets, such as #MetaMask , to fraudulent services. Linking crypto wallets to #phishing websites allows scammers to withdraw#cryptocurrenciesfrom users without further authentication.
#ScrollCoFounderXAccountHacked 🚨 SECURITY ALERT: Scroll co-founder has had their account hacked!
.
The hashtag #ScrollCoFounderXAccountHacked is dominating the trends and serves as a brutal reminder: in the crypto world, no one is 100% immune. On January 25, 2026, Kenneth Shen's official account was targeted in a sophisticated phishing attack.
.
🛡️ What happened?
.
Hackers took control of the profile to spread malicious links, attempting to drain unsuspecting users' wallets through false promises of airdrops or urgent support alerts.
.
💡 How to protect yourself now:
.
Beware of Urgency: If a founder posts a link "click now or lose your account", stop and breathe. It’s the favorite trigger of scammers.
.
Verify Sources: Before interacting, check the project's official channels (Discord, Telegram, Official Site).
.
Review Permissions: Never connect your main wallet to unknown sites. Use a "burner wallet" for suspicious interactions.
.
Hardware 2FA: Use physical keys (like Yubikey) whenever possible, they are much more secure than SMS or authentication apps.
.
✅ The Scroll ecosystem remains strong, but individual security depends on our constant attention. Stay alert!
.
🤔 What do you think of this breach? Do you think social networks need extra layers of security for public crypto figures? 👇
.
#Scroll #SecurityAlert #Phishing
.
The hashtag #ScrollCoFounderXAccountHacked is dominating the trends and serves as a brutal reminder: in the crypto world, no one is 100% immune. On January 25, 2026, Kenneth Shen's official account was targeted in a sophisticated phishing attack.
.
🛡️ What happened?
.
Hackers took control of the profile to spread malicious links, attempting to drain unsuspecting users' wallets through false promises of airdrops or urgent support alerts.
.
💡 How to protect yourself now:
.
Beware of Urgency: If a founder posts a link "click now or lose your account", stop and breathe. It’s the favorite trigger of scammers.
.
Verify Sources: Before interacting, check the project's official channels (Discord, Telegram, Official Site).
.
Review Permissions: Never connect your main wallet to unknown sites. Use a "burner wallet" for suspicious interactions.
.
Hardware 2FA: Use physical keys (like Yubikey) whenever possible, they are much more secure than SMS or authentication apps.
.
✅ The Scroll ecosystem remains strong, but individual security depends on our constant attention. Stay alert!
.
🤔 What do you think of this breach? Do you think social networks need extra layers of security for public crypto figures? 👇
.
#Scroll #SecurityAlert #Phishing
A whale (or possible institution) that suffered a phishing attack involving US$ 50 million in USDT attempted direct contact with the responsible party through an on-chain message.
According to ChainCatcher, the victim even offered US$ 1 million as a reward for the return of the funds. So far, there has been no response from the scammer.
The chance of recovery is considered low, as the amounts were converted to ETH and passed through Tornado Cash, making tracking and reversing the transaction difficult.
#USDT #defi #phishing #whalealerts #blockchain $ETH $USDT
According to ChainCatcher, the victim even offered US$ 1 million as a reward for the return of the funds. So far, there has been no response from the scammer.
The chance of recovery is considered low, as the amounts were converted to ETH and passed through Tornado Cash, making tracking and reversing the transaction difficult.
#USDT #defi #phishing #whalealerts #blockchain $ETH $USDT
🚨#CyberSecurityAlert: There are now over 2,650 fake DeepSeek phishing sites, with a significant spike since Jan 26.
These sites trick users into revealing login credentials or buying virtual assets through misleading domains and interfaces.
Stay vigilant and double-check URLs! 🛑 #phishing #DeepSeek #CryptoScams
These sites trick users into revealing login credentials or buying virtual assets through misleading domains and interfaces.
Stay vigilant and double-check URLs! 🛑 #phishing #DeepSeek #CryptoScams
#ScrollCoFounderXAccountHacked
🚨 Alert! The X account of Scroll's co-founder (@shenhaichen) got hacked today.
Bad guys are using it to send private messages (DMs) pretending to be from X staff. They trick people into clicking bad links to steal crypto money or keys.
Important:
Don't click ANY links from this account.
Don't share your info or wallet stuff.
Stay safe!
Crypto friends, be careful.
#ScrollCoFounderXAccountHacked #CryptoScam #Phishing
🚨 Alert! The X account of Scroll's co-founder (@shenhaichen) got hacked today.
Bad guys are using it to send private messages (DMs) pretending to be from X staff. They trick people into clicking bad links to steal crypto money or keys.
Important:
Don't click ANY links from this account.
Don't share your info or wallet stuff.
Stay safe!
Crypto friends, be careful.
#ScrollCoFounderXAccountHacked #CryptoScam #Phishing
PHISHING ATTACKER SWALLOWS $53K IN PAXG! 🚨
MARKET SHOCKWAVE: A major phishing attack has drained $53,000 from unsuspecting users holding PAXG. This exploit highlights critical vulnerabilities in smart contract approvals. Be hyper-vigilant with your transactions and scrutinize every approval before signing. Whale wallets are vulnerable; protect your assets.
SECURE YOUR BAGS.
VERIFY ALL TRANSACTIONS.
DODGE THE SCAMMERS.
#PAXG #CryptoNews #Phishing #Security #DeFi
💥
Not financial advice. Manage your risk.
MARKET SHOCKWAVE: A major phishing attack has drained $53,000 from unsuspecting users holding PAXG. This exploit highlights critical vulnerabilities in smart contract approvals. Be hyper-vigilant with your transactions and scrutinize every approval before signing. Whale wallets are vulnerable; protect your assets.
SECURE YOUR BAGS.
VERIFY ALL TRANSACTIONS.
DODGE THE SCAMMERS.
#PAXG #CryptoNews #Phishing #Security #DeFi
💥
Not financial advice. Manage your risk.
BONK .FUN DOMAIN DRAINED: ARE WHALES DUMPING $BTC AND $ETH? 🚨
The Bonk .fun domain has been compromised, actively phishing users with wallet-draining prompts. The Bonk team has issued a stern warning to avoid the site. This exploit raises immediate concerns about broader market stability and potential coordinated attacks on major assets.
Liquidity is shifting. Observe the immediate fallout. Capital is flowing out of vulnerable sectors. Position for the inevitable re-distribution. Act decisively.
Not financial advice. Manage your risk.
#CryptoNews #Phishing #CyberSecurity #Blockchain #DeFi
💥
The Bonk .fun domain has been compromised, actively phishing users with wallet-draining prompts. The Bonk team has issued a stern warning to avoid the site. This exploit raises immediate concerns about broader market stability and potential coordinated attacks on major assets.
Liquidity is shifting. Observe the immediate fallout. Capital is flowing out of vulnerable sectors. Position for the inevitable re-distribution. Act decisively.
Not financial advice. Manage your risk.
#CryptoNews #Phishing #CyberSecurity #Blockchain #DeFi
💥
🔴 URGENT ALERT: Phishing by "Tax Authority" is back!
Here’s how to protect your Crypto.
The scam is back: Crooks are targeting crypto holders by posing as official organizations (taxes, central banks) or even agents from the Bank of France/ACPR (source: news from 28/11/2025).
Their goal? To make you panic and click on a fraudulent link to "declare" or "regularize" crypto transactions. It’s pure Phishing, aimed at stealing your credentials or your funds.
🛡️ Your IMMEDIATE Line of Defense:
1. Check the Domain: Official organizations NEVER send SMS or emails for urgent actions with short links. Legitimate addresses always end with an official domain (e.g., gouv.fr or banque-france.fr).
2. Never Urgent: Any communication demanding "immediate" action to avoid a "penalty" is a giant red flag. Always take the time to verify.
3. Direct Access: If you receive an alert, do not use the provided link. Go directly to the official site (e.g., Binance.com or the tax portal) by typing it yourself in your browser.
Protect yourself: the cost of a click is often the price of your entire wallet.
#CryptoSecurite #AlerteScam #Phishing
Here’s how to protect your Crypto.
The scam is back: Crooks are targeting crypto holders by posing as official organizations (taxes, central banks) or even agents from the Bank of France/ACPR (source: news from 28/11/2025).
Their goal? To make you panic and click on a fraudulent link to "declare" or "regularize" crypto transactions. It’s pure Phishing, aimed at stealing your credentials or your funds.
🛡️ Your IMMEDIATE Line of Defense:
1. Check the Domain: Official organizations NEVER send SMS or emails for urgent actions with short links. Legitimate addresses always end with an official domain (e.g., gouv.fr or banque-france.fr).
2. Never Urgent: Any communication demanding "immediate" action to avoid a "penalty" is a giant red flag. Always take the time to verify.
3. Direct Access: If you receive an alert, do not use the provided link. Go directly to the official site (e.g., Binance.com or the tax portal) by typing it yourself in your browser.
Protect yourself: the cost of a click is often the price of your entire wallet.
#CryptoSecurite #AlerteScam #Phishing
Login to explore more contents