# Vulnerability İlgili Makaleler

HTX Haber Merkezi, kripto endüstrisindeki piyasa trendleri, proje güncellemeleri, teknoloji gelişmeleri ve düzenleyici politikaları kapsayan "Vulnerability" hakkında en son makaleleri ve derinlemesine analizleri sunmaktadır.

The Traffic Secret Overlooked by 99% of Web3 Creators

Summary: Most Web3 content creators struggle with storytelling not due to a lack of creativity, but because their content lacks contrast—the element of change or transformation that makes narratives compelling. Contrast can be as simple as shifting from "before" to "after," "expectation" to "reality," or "belief" to "realization." Without it, content remains flat and forgettable, even if informative. Web3 is filled with straightforward explanations of features, data, and benefits, but the human brain engages more deeply with unexpected or relatable shifts. For instance, instead of stating "Solana is fast and cheap," a personal moment like "I clicked send, switched tabs, and realized the transaction was already complete" creates impact through contrast. Embracing contrast often requires vulnerability—admitting mistakes, doubts, or surprises—which fosters authenticity and connection. To incorporate contrast, ask: "What changed here?" and include elements like past assumptions, moments of hesitation, or unexpected outcomes. In Web3’s noisy landscape, contrast helps content stand out by being genuinely relatable, not needing exaggeration.

marsbit12/29 16:27

The Traffic Secret Overlooked by 99% of Web3 Creators

marsbit12/29 16:27

Trust Wallet Reveals Number of Victims from the Hack and the Compensation Problem

Trust Wallet CEO Eowyn Chen revealed that last week's hack affected over 2,500 user accounts. However, the service has received approximately 5,000 compensation claims, indicating a significant number of fraudulent or duplicate requests, which is slowing down the payout process. The hack occurred on the night of December 26 due to a vulnerability in the browser extension version 2.68. An update (v2.69) was released, and the company promised to cover the estimated $7 million in losses. The verification of claims is being conducted alongside the technical investigation, prioritizing accuracy over speed. Trust Wallet is working with Google to obtain Chrome audit logs and is conducting a detailed security check on remote devices. In a related context, a recent Chainalysis report noted that 2025 has seen over 158,000 personal wallet compromises, resulting in $713 million in losses.

RBK-crypto12/29 10:49

Trust Wallet Reveals Number of Victims from the Hack and the Compensation Problem

RBK-crypto12/29 10:49

In Web3 Storytelling, You Don't Need Creativity

In the Web3 content space, many creators mistakenly believe they lack creativity, but the real issue is the absence of contrast in their narratives. Contrast refers to a shift or change—such as moving from "before" to "after," "expectation" to "reality," or "belief" to "realization"—that makes content engaging and memorable. Without this transformation, content remains flat and forgettable, merely presenting information like features, data, or promises straightforwardly. The human mind is activated by unexpected changes, not linear facts. For example, instead of stating "Solana is fast and cheap," a contrast-driven approach would describe the surprise of a transaction completing instantly. This creates a relatable moment. Embracing contrast often involves acknowledging past mistakes, doubts, or uncertainties, which fosters authenticity and connection with audiences. To incorporate contrast, ask: "What changed here?" Include elements like a mistaken assumption, a moment of hesitation, or an unexpected outcome. In Web3’s noisy environment, contrast helps content stand out without needing exaggerated creativity—just genuine, relatable shifts.

marsbit12/29 09:54

In Web3 Storytelling, You Don't Need Creativity

marsbit12/29 09:54

Hacker Attack Halves Flow, Rollback Plan Sparks Civil War in Ecosystem

Flow, a Layer 1 blockchain built by Dapper Labs, suffered a major security breach last Saturday when a hacker exploited an execution layer vulnerability, transferring approximately $3.9 million in assets off-chain. The attack caused the price of FLOW to plummet by over 50%, dropping from $0.173 to $0.079, though it later partially recovered to around $0.107. Initially, the Flow Foundation proposed rolling back the network to a checkpoint before the attack occurred, which would have erased all transactions within a six-hour window. This decision was met with strong opposition from ecosystem partners, especially cross-chain bridges like deBridge and LayerZero, who warned that a rollback could cause asset duplication, inconsistencies, and significant losses for legitimate users. Facing community backlash and partner concerns, the foundation abandoned the rollback plan. Instead, it adopted an "Isolation Recovery Plan" developed in coordination with key partners. The new strategy involves no chain reorganization, preserves all legitimate user transactions, and temporarily restricts accounts that received illicitly minted tokens. The network will be restored in multiple stages, with full functionality expected within 24 to 48 hours. The incident has raised questions about network reliability and governance, shifting the crisis from a technical issue to a broader challenge of trust in Flow's decentralized integrity.

marsbit12/29 05:18

Hacker Attack Halves Flow, Rollback Plan Sparks Civil War in Ecosystem

marsbit12/29 05:18

Hacker Attack Cuts Flow in Half, Rollback Plan Sparks Civil War Within Ecosystem

A severe hack targeting the Flow blockchain, developed by Dapper Labs, led to the theft of approximately $3.9 million due to an execution layer vulnerability. The incident caused the token FLOW to plummet by over 50%, dropping from $0.173 to $0.079, though it later partially recovered to around $0.107. Initially, the Flow Foundation proposed rolling back the network to a checkpoint before the attack to remove all transactions within a six-hour window, aiming to eliminate fraudulent activity. However, this plan faced strong opposition from cross-chain bridge partners and community members. Key partners, including deBridge and LayerZero, warned that a rollback could cause severe issues like double-spending and inconsistent asset states across chains, potentially harming legitimate users and bridge operators. Under significant criticism, Flow abandoned the rollback plan and instead adopted an "Isolation and Recovery" strategy. This new approach involves no chain reorganization, preserves all legitimate user transactions, and temporarily restricts accounts that received illicitly minted assets. The recovery is being executed in phases, with Cadence environment repairs prioritized first, followed by gradual reactivation of EVM functionality and cross-chain services. The incident sparked a broader debate about decentralization and chain integrity, with critics arguing that the initial rollback proposal revealed excessive centralization. The revised recovery plan has eased some tensions, but the event remains a significant test for Flow's ecosystem stability and trustworthiness.

Odaily星球日报12/29 05:09

Hacker Attack Cuts Flow in Half, Rollback Plan Sparks Civil War Within Ecosystem

Odaily星球日报12/29 05:09

Flow Network exploit triggers panic selling, plunges price by 46%

Flow Network suffered a $3.9 million exploit on December 27th due to a vulnerability in its execution layer. The attacker laundered funds through multiple bridges and cross-chain protocols. Although user balances remained safe, the attacker’s wallet was identified and frozen with the help of major exchanges and stablecoin issuers. The incident triggered panic selling, causing FLOW’s price to plummet 46% to a new all-time low of $0.097. It later rebounded slightly to $0.117, but selling pressure remained dominant. Key momentum indicators like RSI and DMI reflected strong bearish sentiment, suggesting potential further declines unless buyer interest returns.

ambcrypto12/28 08:32

Flow Network exploit triggers panic selling, plunges price by 46%

ambcrypto12/28 08:32

Trust Wallet confirms $7M impact from browser extension incident, promises full user refunds

Trust Wallet confirmed a security incident affecting its browser extension version 2.68, resulting in approximately $7 million in losses. The company has pledged full refunds to all affected users and is finalizing the reimbursement process. Only users of the compromised extension version were impacted; mobile users and other extension versions remained unaffected. The issue was flagged by blockchain investigators after suspicious activity was detected, with suspicions of a supply-chain compromise. Users were advised to disable version 2.68 and upgrade to the secure version 2.69. The incident highlights broader concerns around browser extension security and update-related vulnerabilities in crypto wallets.

ambcrypto12/26 17:37

Trust Wallet confirms $7M impact from browser extension incident, promises full user refunds

ambcrypto12/26 17:37

MoveBit Research Release | Belobog: A Move Fuzzing Framework for Real-World Attacks

MoveBit introduces Belobog, a novel fuzzing framework designed specifically for Move smart contracts to address security challenges beyond syntax and type errors. Unlike traditional fuzzing methods that struggle with Move’s strong type system and resource semantics, Belobog leverages type-guided input generation and mutation. It constructs a type graph to produce semantically valid and executable transaction calls, significantly improving the efficiency and depth of state exploration. The framework integrates concolic execution (combining concrete and symbolic execution) to penetrate complex constraints and branch conditions, enabling deeper coverage of potential vulnerabilities. Evaluated on 109 real-world Move contracts, Belobog detected 100% of Critical and 79% of Major vulnerabilities confirmed by manual audits. It also demonstrated the ability to reproduce full exploit paths without prior knowledge of vulnerabilities. Designed to be developer-friendly, Belobog will be released as open-source to encourage community adoption and extension. The work is currently under peer review for PLDI’26. Preprint: https://arxiv.org/abs/2512.02918

marsbit12/16 09:12

MoveBit Research Release | Belobog: A Move Fuzzing Framework for Real-World Attacks

marsbit12/16 09:12

活动图片

Project Updates

Regulatory Policy