The founder of SlowMist, Yu Xuan, disclosed that the Drift Protocol theft incident was caused by its migration to a 2-of-5 multisig scheme without a timelock, which enabled the attacker to quickly seize control of permissions and resulted in losses of over $200 million. He urged DeFi project teams to regularly review risks, and users need to pay attention to the protocol’s risk of capital loss.

The Mist Security Team has issued a warning. axios@1.14.1 and axios@0.30.4 have been identified as malicious versions; they contain malicious payloads that can be delivered via an postinstall script. The impact on OpenClaw needs to be assessed by scenario. It is recommended that affected hosts immediately check and rotate credentials.

Gate News reported that on March 19th, Slow Mist founder Yu Xian posted on the X platform expressing doubt about a page on a certain CEX requesting users to enter plaintext seed phrases for asset recovery. Yu Xian stated that such an unsafe practice is bewildering, and he even briefly suspected the subdomain had been hacked.

According to ChainCatcher, 23pds, the Chief Information Security Officer of Slow Fog Technology, disclosed that a new variant of the information-stealing malware MacSync has emerged, capable of successfully bypassing the macOS Gatekeeper security mechanism, resulting in user assets being stolen. This malware employs various techniques to evade detection, including file expansion, network connection validation, and self-destruct scripts after execution. Attackers can use this software to steal sensitive data from victims, such as iCloud keychains, browser passwords, and Crypto Assets Wallets. Users should remain vigilant, avoid downloading software from unknown sources, promptly update operating system security patches, and take additional measures to protect asset security.

The Chief Information Security Officer of Slow Mist Technology, 23pds, warned on the X platform that a developer of a Polymarket trading bot has hidden malicious code in GitHub, which will steal users' Wallet Private Keys. 23pds reminds everyone to stay vigilant against such risks.

BlockBeats News, December 12 — Slow Mist founder Yu Xian issued a security warning: ZEROBASE frontend was hacked, and some users authorized malicious contracts to USDT, resulting in asset theft. Please users pay attention to asset security.

Odaily News Slow Mist Yu Xian published an article on the X platform stating that the theft of GANA was caused by the leak of the Private Key of the GANA Payment Stake contract Owner. The subsequent attack employed some techniques, such as the use of 7702 deleGate, which also conveniently bypassed the onlyEOA check of unstake. By changing the relevant Rate and Fee, hundreds of stakes were achieved.