🔥New challenge live on #Unphishable! Fake job interviews remain one of the most effective lures in phishing campaigns — especially against devs and researchers.📁 Stay sharp, question every unsolicited “opportunity,” and remember: legit recruiters won’t send you .exe files. Try the challenge👇 🔗

🔥New Unphishable challenge just dropped: Fake Zoom Meeting Phishing. Job offers turned into attack vectors — a common tactic targeting developers. Challenge contributor: @SlowMist_Team If you've been through a similar “recruitment” flow, check your laptop now. #Unphishable

In early July, SlowMist investigated a crypto theft caused by a malicious GitHub project: zldp2002/solana-pumpfun-bot. More recently, a similar repo — audiofilter/pumpfun-pumpswap-sniper-copy-trading-bot — was found stealing private keys from .env files and sending them to an attacker-controlled server. 🎭These attacks often rely on social engineering. Developers and users: stay alert when using unknown GitHub tools, especially those involving wallets or keys. ⚠️Run only in isolated environments without sensitive data. ✍️Full analysis:

🚨 SlowMist TI Alert 🚨 We're seeing a rise in scam emails titled "New login to X from XXX" — many are bypassing Gmail spam filters and appearing in your inbox. 📩 These emails falsely claim suspicious logins to your X account, tricking you into clicking "Change your password" or "Review the apps". 🔑 You're then redirected to Twitter's legit third-party app authorization page — but once authorized, attackers gain permissions like "post and repost for you." ⚠️ Result? Tweets you didn’t write could start appearing on your profile. 🔒 Always double-check sender addresses, and never authorize unknown apps.

BUIDL_QUESTS 2025 Begins: Why We’re Doubling Down on AgentFi 1/ BUIDL_QUESTS 2025 officially kicks off today. Our global builder initiative focused on the next frontier of crypto: AgentFi. This year, we’re going bigger—not just in scale, but in conviction. Backed by over US$10 million in incentives, we’re creating space for developers, researchers, and entrepreneurs to explore what happens when onchain systems meet intelligent agents. Check out this thread to learn more! 🧵

🛡️SlowMist has officially launched the Stablecoin Risk Management & AML/CFT Compliance Security Solution, in response to the latest regulatory developments in Hong Kong.🇭🇰 On May 26, following the passage of the Stablecoins Bill, the HKMA released its Draft Guideline on Supervision of Licensed Stablecoin Issuers, outlining stringent and ongoing requirements across governance, operations, and especially risk management, which alone makes up over half the document. Leveraging blockchain security expertise since 2018, SlowMist has become a trusted partner in Hong Kong’s stablecoin compliance ecosystem. We sincerely thank @InvestHK, @HashKeyGroup, @RD_Technologies , @ambergroup_io, @RigSecOfficial, and @Akamai for their long-standing trust and support. 🤝 With ongoing contributions from all parties, the Stablecoin Risk Management & AML/CFT Compliance Security Solution has matured into a robust framework — providing a clear path to compliance and solid technical safeguards for the industry. Learn more about the solution⬇️

Today, SlowMist was honored to exhibit at FiNETech6, co-hosted by the @hkmagovhk and @cyberport_hk. As a global leader in blockchain threat intelligence, we showcased our key solutions — including SlowMist AML, @MistTrack_io, MistEye, and our security audit & attack-defense expertise. This marks another step in our mission to bring security awareness to the blockchain ecosystem. We're excited to continue bridging Web3 and traditional finance — securely, compliantly, and together. 🛡️🌐 Learn more:

🚨SlowMist TI Alert🚨 The exchange @BigONEexchange was exploited due to a supply chain attack and loss exceeds $27 million. The production network was compromised, and the operating logic of account and risk control related servers was modified, enabling the attacker to withdraw funds. Notably, the private keys were not leaked.​ Hacker addresses: 🔹 Ethereum & BSC：0x9Bf7a4dDcA405929dba1FBB136F764F5892A8a7a 🔹 Solana: HSr1FNv266zCnVtUdZhfYrhgWx1a4LNEpMPDymQzPg4R 🔹 Bitcoin: bc1qwxm53zya6cuflxhcxy84t4c4wrmgrwqzd07jxm 🔹 Tron: TKKGH8bwmEEvyp3QkzDCbK61EwCHXdo17c We are closely following up on this case. Stay tuned for more updates. 🔗

Thank you @MYX_Finance for your trust and recognition! ❤️ On July 9th, the SlowMist team received an urgent request for assistance from MYX. We immediately launched an emergency response🚨, swiftly analyzed the affected protocol, devised a rescue plan🛡️, and successfully assisted MYX in securing the at-risk funds and mitigating the vulnerability. As of now, all protocol funds are safe.🔒 This incident fully demonstrated the professionalism and efficient collaboration between the white-hat community and security teams. We also want to express our gratitude to all the white-hat partners and security teams who participated in this rescue operation—together, we protected users’ assets and the broader ecosystem.💪 SlowMist remains committed to providing professional security services to the Web3 industry. Please feel free to reach out to us at any time—we look forward to building a safer and more trustworthy crypto ecosystem together.🚀

🚨On June 26, the online investment platform "#鑫慷嘉 DGCX (XinKangJia DGCX)" abruptly shut down all withdrawal channels. Users soon found their accounts frozen or wiped, sparking widespread alarm. While no official data has been released, investors claim the scam may involve ¥13B (~$1.8B) and over 2 million victims. In our latest article, we dive into DGCX's fake credentials, fund flows, and classic Ponzi-style tactics. 💡Remember: If it promises high returns and needs referrals to earn, it’s a red flag. 📎Read more: