# Threat Articoli collegati

Il Centro Notizie HTX fornisce gli articoli più recenti e le analisi più approfondite su "Threat", coprendo tendenze di mercato, aggiornamenti sui progetti, sviluppi tecnologici e politiche normative nel settore crypto.

Top Audit Guru Alerts: All DeFi is Unsafe, Withdraw Now!

Leading DeFi security auditor and OpenZeppelin founder Manuel Aráoz has issued a stark warning, declaring all DeFi protocols unsafe and advising the withdrawal of funds, even from established platforms like Aave and MakerDAO. This warning stems from the rapidly growing threat posed by AI-powered hacking tools. Aráoz highlights that AI agents can now identify and exploit smart contract vulnerabilities in minutes, a task that previously took expert teams weeks. This creates a critical asymmetry: defenders must patch every flaw, while attackers need only find one. Recent months have seen a surge in high-profile exploits, with billions lost in April and May alone across protocols like Drift Protocol, Kelp DAO, and THORChain. The acceleration is attributed to AI's ability to perform rapid code scanning, generate automated attack scripts, and even orchestrate social engineering and infrastructure attacks faster than human defenders can respond. The article cites Anthropic's powerful new AI model, Mythos, which demonstrated such proficiency in finding zero-day vulnerabilities that its public release was delayed over security concerns. This evolution fundamentally disrupts DeFi's risk-reward calculus. With yields on reliable protocols falling to single digits, users now face the potential of 100% capital loss for minimal returns. Aráoz's conclusion is that for most users, withdrawing funds to secure wallets is the most rational risk-management choice in the current landscape.

Odaily星球日报05/28 03:57

Top Audit Guru Alerts: All DeFi is Unsafe, Withdraw Now!

Odaily星球日报05/28 03:57

From Theory to Countdown: Google Sounds the Blockchain Quantum Resistance Alarm with Zero-Knowledge Proofs

An article discusses the significant threat quantum computing poses to blockchain and classical encryption systems, triggered by Google's recent research. By optimizing Shor's algorithm, Google reduced the logical qubits required to break 256-bit elliptic curve encryption from around 6,000 to just 1,200—slashing computational costs by 20 times. This advancement sets a potential countdown, with Google estimating 2029 as the deadline for upgrading to quantum-resistant cryptography. Both Bitcoin and Ethereum face severe risks. About 25-35% of Bitcoin addresses have exposed public keys, making them vulnerable to attacks, especially during transaction processing. Ethereum’s design exposes public keys upon first use, jeopardizing its entire network if signatures aren’t updated. Historical blockchain data remains permanently available for future quantum attacks. The solution lies in adopting post-quantum cryptography (PQC). Ethereum is already implementing account abstraction and PQC-based signatures, leveraging its upgradeable architecture. Bitcoin is considering BIP-360 to introduce quantum-resistant algorithms like FALCON or CRYSTALS-Dilithium, though consensus may delay action. Notably, Google used zero-knowledge proofs to disclose this threat responsibly, aiming to prevent panic. Collaboration with Ethereum Foundation researchers suggests抗量子 (quantum resistance) could become a major narrative, aligning with crypto’s cryptographic roots.

marsbit04/16 06:38

From Theory to Countdown: Google Sounds the Blockchain Quantum Resistance Alarm with Zero-Knowledge Proofs

marsbit04/16 06:38

Alert Across the Internet! Claude Code Source Code Leak Triggers "Secondary Disaster": Hackers Set GitHub Phishing Traps

A major security alert is circulating online following the accidental leak of Claude Code's source code by Anthropic. Hackers are exploiting the incident by creating fake GitHub repositories that distribute the information-stealing malware known as **Vidar**. Posing as a user named `idbzoomh`, the threat actor set up multiple repositories claiming to offer "unlocked enterprise features" from the leaked source code. These repositories are optimized for search engines to appear at the top of results for queries like “Claude Code leak,” increasing their reach. If a user downloads and executes the provided files, the Vidar malware is deployed. It is a sophisticated stealer designed to harvest sensitive data such as browser credentials, cryptocurrency wallets, and personal information. The attack also installs **GhostSocks**, a proxy tool that establishes hidden communication channels for remote control and data exfiltration. Security firm Zscaler notes that these malicious repositories update frequently, making it easier to bypass basic security scans. At least two similar repositories have been identified, suggesting the same attacker is testing different distribution methods. This incident highlights the compound risks in the AI era, where initial human error leads to secondary threats like social engineering. Developers are urged to obtain software only through official channels and avoid executing untrusted binaries.

marsbit04/03 01:06

Alert Across the Internet! Claude Code Source Code Leak Triggers "Secondary Disaster": Hackers Set GitHub Phishing Traps

marsbit04/03 01:06

活动图片