Discussions about information security, applied cryptography, and privacy-preserving technology

Main

infosec

https://github.com/Elyx0/pectra-whitehat-rescue-7702

first 7702 whitehat?

ETHSecurity Community

Reminder guys: now with PECTRA ethereum upgrade, you only need to sign a message to get completely drained! Before, you actually had to sign the TX.

Be very careful of what you sign now - even an offchain message!

https://x.com/blockaid_/status/1920141140465967595?t=xeD5WXDccX4Gpbf8M7Gn-Q&s=09

be wary of TOCTOU attacks and strictly limit the scope of session keys. 

modularity and predictability are virtues.

Great overview of how illicit web hosting is used for crime these days. Still funny to me that Robux, of all currencies, seems be a preferred medium of extraction 😄

Great overview of how illicit web hosting is used for crime these days. Still funny to me that Robux, of all currencies, seems be a preferred medium of extraction 😄 
https://vin01.github.io/piptagole/cybcecrime/security/cybersecurity/2025/05/05/state-cyber-security.html

https://x.com/newmichwill/status/1919404472054300763

the ecosystem needs TEE or better or brand accounts

Twitter of @CurveFinance seens to be hacked - be careful!

sovereignty

telemessage, a compliance‑friendly fork of signal used by government and financial outfits, has been breached. an attacker exploited its backend to pull archived chats, contact lists, and login credentials.

telemessage modified signal to store “for‑the‑record” copies, making that data a new attack surface. the official signal client is not affected.

https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/

here's a question for @quilibrium fans

would you be okay with oblivious "for-the-record" zkproof from quorummessenger.com?

what happens when governments issue LLMs from this sort of compliance?

hard to see leaks as escapable.

Quilibrium, the decentralized MPC platform as a service

/quilibrium

👀
https://solana.com/news/post-mortem-may-2-2025

https://krebsonsecurity.com/2025/05/xai-dev-leaks-api-key-for-private-spacex-tesla-llms/

Save this post if you've been scammed or hacked!!!

First things first, you should contact: t.me/seal_911_bot, or t.me/rata0x

• Next, for recovering the rest (untouched assets) please use: hackedwalletrecovery.com made by @buidlguidl @austingriffith  ;
• Or this tool: https://app.buidlguidl.com/build/yIj6q9TZnzAUMR6B4eFX
• For recovering unclaimed tokens from airdrops: https://serveth.notion.site/How-to-securely-transfer-unclaimed-tokens-from-a-compromised-wallet-7c5f5e3762474851b92c159f797e406e ;
• Order an investigation (optionally): t.me/rata0x
• You should also report your case to chainabuse.com !

Please RT! Stay safe!

The root cause of the @ImpermaxFinance  attack is the mispricing of Uniswap V3 NFTs.

The way it's pricing its NFT is using fair-pricing (which is robust against flashloan attacks!), but the fees' value are directly calculated:

price = (amount0_after_fair_pricing + fee0) * https://t.co/LeMFUVmaCT

looks like it wasn't priced in.
https://x.com/hklst4r/status/1916164701597089826

The attacker invoked the execute function, that eventually calls basicSellToPool with attacker-controlled parameters.

This allowed the attacker to craft a transaction that calls the claim function on behalf of 0x Settler with the _claimTo being the attacker https://t.co/l3KbYoQ4HF

zora claim getting exploited: https://x.com/blockaid_/status/1915410675083444252
https://basescan.org/tx/0xf71a96fe83f4c182da0c3011a0541713e966a186a5157fd37ec825a9a99deda6

https://x.com/nicksdjohnson/status/1912439023982834120?t=ozQ-FQFM17KJuhRF5Qjjbw&s=19

another sites.google & DKIM campaign

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: https://t.co/tScmxj3um6

downstream effects: untracked vulnerabilities in widely used systems, increased exploitation risk, inconsistent IDs and general chaos

BREAKING.

From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members. https://t.co/CHi74EIRt7

downstream effects: untracked vulnerabilities in widely used systems, increased exploitation risk, inconsistent IDs and general chaos
https://x.com/0xtib3rius/status/1912195160416338031?s=46&t=dO0uo_CgV6MrB7N3NkVjDA

Leveraging data flow analysis to tackle prompt injection:

Leveraging data flow analysis to tackle prompt injection: https://simonwillison.net/2025/Apr/11/camel/

https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/

phil

TIL: "Tool Poisoning Attack"

A delightful new problem to look forward to as an attack vector on MCPs. Provocative name.

ref: https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks