Cointime

Download App
iOS & Android

SlowMist Yuxian: CEX users’ assets worth millions of dollars were stolen by malicious counter-trading again

SlowMist founder Yu Xian posted on X platform that another user's CEX account was maliciously hacked, resulting in the theft of millions of dollars in assets. The team is currently analyzing and following up on the incident.

According to Yu Xian, there are many attack methods targeting the CEX web platform, such as the previous malicious extension that took away cookies, as well as clipboard attacks, form tampering, and request tampering. In addition to malicious extensions, reverse proxy phishing, Trojan viruses, and other methods are also feasible. The web platform has many vulnerabilities, so risk control strategies must be higher than those of the app platform.

CEX
Comments

All Comments

Recommended for you

  • Jupiter to Issue $612M JUP Tokens in Wednesday Airdrop

    Jupiter, a Solana-based decentralized exchange, will airdrop 700 million JUP tokens to its community on Wednesday in what it is calling the "largest airdrop in history."
  • 22 Japanese enterprises launch joint NFTs with Hello Kitty creator

    If non-fungible tokens (NFTs) are meant to be dead, the Japanese haven’t got the memo! NTT Digital has collaborated with Hello Kitty creator Sanrio and its “HAPIDANBUI” unit to launch a joint NFT collection and wellness campaign with 22 enterprises.
  • Seeking Liquidity

    Following two months of consolidation, Bitcoin has broken upwards from its rangebound conditions and surged to a new ATH of $109k. In this article, we evaluate the conditions leading into this move to demonstrate signals of impending volatility.
  • Ethereum's Vitalik Buterin Goes On Offense Amid Major Leadership Shake-up

    Buterin labeled inflammatory X posts about the head of the Ethereum Foundation as "pure evil."
  • Musk’s DOGE agency launches official website with Dogecoin logo

    Dogecoin rallied after Elon Musk’s Department of Government Efficiency launched its official US government website displaying the dog-themed cryptocurrency’s logo.
  • ZachXBT Helps US Government Recover $20 Million, Raises Pay Concerns

    ZachXBT, a well-known blockchain investigator, has revealed that he helped the US government recover a substantial portion of $20 million stolen in a hack.
  • Biden: We will gather tomorrow to certify the results of a free and fair presidential election to ensure a peaceful transfer of power

     US President Biden said, "Tomorrow is January 6th. We are gathered here to certify a free and fair presidential election result to ensure a peaceful transfer of power." 
  • South Korea's Public Prosecutor's Office suspends execution of Yoon Seok-yeol arrest warrant

    According to a report from Korean News Agency, due to the ongoing standoff, the Korean Public Officials Crime Investigation Department stated that the execution of the arrest warrant was stopped at 1:30 p.m. local time today (January 3), which is 12:30 p.m. Beijing time. Currently, the personnel from the Public Officials Crime Investigation Department and the police who were executing the arrest warrant have left the presidential palace. 
  • South Korean court approves arrest warrant for current President Yoon Seok-yeol

    on that day, the South Korean court approved an arrest warrant against Yoon Seok-yeol on charges of insurrection. It is reported that this is the first arrest warrant issued against a sitting president in the history of South Korean constitutional politics. On the 30th, the "Joint Investigation Headquarters" composed of the Korean Senior Public Officials Crime Investigation Department, the police, and the Ministry of National Defense Investigation Department submitted a request to detain President Yoon Seok-yeol to the Seoul Western District Court. The Korean Senior Public Officials Crime Investigation Department has issued three summonses to Yoon Seok-yeol on suspicion of "insurrection leader" and "abuse of power to obstruct the exercise of rights", but Yoon Seok-yeol has not responded. According to the South Korean "Criminal Procedure Law", if the suspect has no justifiable reason to refuse to accept the investigation request, or may not accept the investigation request, the investigation agency can apply to the court for an arrest warrant and conduct a forced investigation on the relevant personnel.
  • Brazilian Congressman Warns of Drex CBDC Risks, Rejects Cash Abolition Bill

    Brazilian congresswoman Julia Zanatta is concerned about the impact of the implemented digital currency (drex) on citizens' lives. Julia Zanatta emphasized that the use of drex (the national central bank digital currency) could lead to the end of physical currency as the country progresses towards implementing it. In a recent interview, Julia Zanatta explained that the use of drex should be voluntary rather than mandatory, as it could become a tool for controlling Brazilians. She has planned multiple backup measures to prevent this from happening and to help Brazilians maintain their current economic freedom.