Cos(余弦)😶‍🌫️

Cos(余弦)😶‍🌫️

Follow

Founder of @SlowMist_Team. Creator of https://t.co/tFCQExsAlL // 分身一号/捉虫大师/救火运动员 🕖灾备 https://t.co/bMGdsBlwmk

Posts

Cos(余弦)😶‍🌫️

This incident again involves the exploitation of the durable nonce offline pre-signature mechanism. This phishing technique has been popular for at least two years. After obtaining this signature, attackers can initiate on-chain operations with "legitimate signatures" when the time is right, such as taking over the on-chain admin privileges of Drift in this scenario. This time, it appears to be the work of a professional hacking group (at least in terms of their actions, they were well-prepared and their methods were sophisticated).

Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved

Cos(余弦)😶‍🌫️

Drift Protocol suffered a massive theft of over $200 million in assets… A week ago, the platform migrated to a 2/5 multisignature pool (1 old + 4 new signers) without timelocks. Hours ago, attackers seized admin privileges, minted counterfeit CVT tokens, manipulated the oracle, disabled related security mechanisms, and absconded with the pool's valuable assets… The situation has deteriorated significantly… Hacker Address List app.cielo.finance/bundles/216/...… @MistTrack_io @SlowMist_Team

** Correction on key compromise ** A week ago, Drift moved to a new multisig, created by a signer from the old multisig. This signer did not add themselves to the new one. The exploiter also initiated the proposal in the old multisig to hand over admin control to this new x.com/omeragoldberg/…

Cos(余弦)😶‍🌫️

This was truly an eye-opening experience. From now on, I'll be more cautious about anything that requires me to enter commands in the terminal. I considered myself to be very vigilant, having never been hacked or scammed in my two years in the crypto. I always verify the security of any suspicious URLs before clicking on them. Today was the first time I was scammed, and they stole all my account passwords. This is a warning to everyone; hackers are incredibly sophisticated. No matter how careful you are, there's always a scam that can fool you. @evilcos @zachxbt @SlowMist_Team twitter.com/young_0521/status/...

Cos(余弦)😶‍🌫️

Combining old and new news: In November 2025, Google Threat Intelligence Group (GTIG) reported that the North Korean hacking group UNC1069 was using AI models (such as Gemini) to develop and deploy malware targeting cryptocurrency wallet and exchange employees. Then, yesterday's Axios malware attack was thankfully detected in time; otherwise, besides a bunch of devices running the new version of OpenClaw being taken down, many other devices directly or indirectly dependent on Axios would have been eliminated… The true impact is hard to say; let's see what other hacking and theft incidents might occur later. twitter.com/evilcos/status/203...

Cos(余弦)😶‍🌫️

Many people are concerned about the threat of quantum attacks to Bitcoin (however, they never really care about the already rampant threats such as backing up seed phrase/private keys haphazardly, misusing wallets, and blindly trusting sugar-coated bullets). I want to tell these people: First, believe in science, believe in evolution. Quantum attacks will definitely come, but Bitcoin, Ethereum, and others are preparing to deal with them and are responding calmly... Even if a quantum attack does come, they will have enough resilience to cope. The only threat to Bitcoin, Ethereum, and others is complacency. twitter.com/evilcos/status/203...

Cos(余弦)😶‍🌫️

OpenClaw 2026.3.31 is here, and I noticed this is what I'm interested in: Skills/install and Plugins/install: Built-in dangerous-code critical findings and install-time scan failures now fail closed by default, so plugin installs and gateway-backed skill dependency installs that previously succeeded may now require an explicit dangerous override such as `--dangerously-force-unsafe-install` to proceed. In other words, during skill and plugin installation, if high-risk code (critical findings) is detected or the scan fails, the installation will be blocked by default, preventing the forced installation of malicious code as before. I haven't had a chance to verify this yet, but those interested in this upgrade can give it a try. OpenClaw is actively improving its security capabilities, and hopefully its stability and resilience will also improve.

OpenClaw 2026.3.31 🦞 🇨🇳 Bundled QQ Bot — private, group, and guild chat + media 📹 LINE now sends images, video, and audio 🧵 Real background task flows: list, show, cancel 🇯🇵 Better CJK: context, memory, and TTS OpenClaw's next release has been leaked🦞https://github.com/openclaw/openclaw/releases/tag/v2026.3.31…

Cos(余弦)😶‍🌫️

What I'm most curious about is why Claude Code, with its many admirable design philosophies, including its security philosophy and specific security strategies, would introduce source maps in its build process, leading to the leakage of related source code? After some investigation, I learned that the leak was caused by human error, which makes sense now… twitter.com/evilcos/status/203...

Cos(余弦)😶‍🌫️

Today's supply chain poisoning incident by Axios has drawn significant attention to the industry, and OpenClaw also forcibly locked the versions of its dependent modules a little over an hour ago. To give everyone a more intuitive understanding of the risk, I compiled a dependency graph for OpenClaw's third-party modules: 1,246 third-party modules and 2,672 dependency paths. That's all… Of course, there might be some statistical bias; modules introduced by third-party Skills weren't included in the statistics. Locking dependency versions is a necessary security practice; otherwise, if any one of the 1,246 third-party modules were compromised, it could potentially destroy OpenClaw… Software engineering is never a simple matter; even the most powerful AI can make mistakes. Stay vigilant. If you're going to take risks, use independent devices to avoid being wiped out by a whole host of problems…

Loading..