HashDit | now with Pro Extension

9 months ago

BREAKING: Introducing our latest "HashDit Pro" Chrome Extension🎉🥳 The latest Extension will offer : 🔹 Powered up Threat Protection (stay SECURED against address poisoning / drainer + any other phishing attacks) 🔹 Smart Contract Simulation (preview balance changes and approval changes) 🔹 Supporting 7 popular wallets + all EVM chains 🔹 Website checker (Clear pop-up warning when visiting malicious websites) 🤔 What you should do if you are using the old Extension? Remove the old Extension and install our latest Extension for continuous improved protection! Download here NOW for FREE: https://t.co/gaGayreOLI Stay safe with HashDit Pro! 🛡️

HashDit's tweet photo. BREAKING: Introducing our latest "HashDit Pro" Chrome Extension🎉🥳

The latest Extension will offer :
🔹 Powered up Threat Protection (stay SECURED against address poisoning / drainer + any other phishing attacks)
🔹 Smart Contract Simulation (preview balance changes and approval changes)
🔹 Supporting 7 popular wallets + all EVM chains
🔹 Website checker (Clear pop-up warning when visiting malicious websites)

🤔 What you should do if you are using the old Extension? Remove the old Extension and install our latest Extension for continuous improved protection!

Download here NOW for FREE: https://t.co/gaGayreOLI

Stay safe with HashDit Pro! 🛡️

69K

3 days ago

🚨 HashDit Alert🚨 Multiple reports indicate that @Humanityprot has been compromised! ⚠️ Our analysis shows >$30M stolen so far, with the exploit still ongoing. Current Root Cause points to Key Compromise. Funds are here now on ETH: 0x9e995952eF7665B243eeEF0693acD7FEd7150504 0xf3590Fc0D591A3868e19b9A200A85165592f9734 0x59Eff548CD9BcfBc169B6340f734e442c764A814 0x36560d6aC2004e1BB483e77b791E905dd4F5E672 0xAf2a4989922299EB14A29E332dad1012A8aaD3A0 On BSC, 0x6aa22cb8420e94fc2119364b4c7885710ae753bb has minted 100m $H tokens and is currently still dumping with >$350k realized so far! Stay Safe!

Humanity

@Humanityprot

3 days ago

We're aware of a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation. The safety of our community is our top priority, and we want to be fully transparent about what we know. As a precaution, please do NOT interact with the bridge or any liquidity pools until we give the all clear. This is the single most important step you can take to protect your funds right now. We are actively working with leading security experts and our exchange partners to assess the scope of the incident and secure all affected systems. We're deeply sorry that this has happened. Protecting this community is our responsibility, and we don't take that lightly. We will share verified updates as soon as we have them and we won't speculate before facts are confirmed. Official updates will only come from this account or @terencekwok Beware of the scammers and impersonators who exploit moments like this. We will never DM you first or ask for your seed phrase or private keys.

422

421

349K

304

14 days ago

🚨 HashDit Alert🚨 Multiple reports indicate that @dxsale has been compromised! ⚠️ Any project with LP funds locked on DxSale should check immediately and withdraw if possible Our analysis shows around $3M stolen so far, with the exploit still ongoing. Main Theft address: 0xC4574DDEF299e7E563971e200433e592EeaaFA69 The attacker has also raised locking fees to 100 BNB, effectively blocking normal use. With Discord, TG, and X all silent, the project appears either fully compromised or rugpulled... Stay Safe!

447

18 days ago

🚨 HashDit Alert! 🚨 A crypto stealer campaign has been identified involving malicious npm packages, for example "token-usage-tracker". This is a confirmed TrapDoor attack designed to steal credentials and crypto assets. If installed, delete it immediately and rotate your keys/secrets. To track AI token usage safely, use trusted packages that wrap official APIs, local tokenizers like tiktoken for estimation, and keep cost sheets updated with minimal external dependencies. Stay safe!

Building. Formerly @CERN, @SpaceX, @zksync.

18 days ago

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. TrapDoor targets #crypto, #DeFi, AI, and security developers, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, env vars, and API keys. Socket detected releases with a median detection time of 5 minutes, 27 seconds. The fastest detection occurred 58 seconds after publication.

SocketSecurity's tweet photo. 🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.io.

Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems.

TrapDoor targets #crypto, #DeFi, AI, and security developers, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, env vars, and API keys.

Socket detected releases with a median detection time of 5 minutes, 27 seconds. The fastest detection occurred 58 seconds after publication.

133

424

736

773K

467

Who to follow

Anthony Rose

@anthonykrose

Orbiter Finance 🛸

@Orbiter_Finance

🛸 Orbiter Finance is a ZK-tech based cross-chain protocol offers fast, secure, and instant transfer.

Alvin Kan

@alvin_kan

Onchain is the new Online

18 days ago

References 1/ Binance Oracle : https://t.co/hXMsNSKvQz 2/ Pyth Network: https://t.co/ENIomKRFRf

235

18 days ago

🚨 HashDit Update 🚨 Two oracle service changes are underway: • Binance Oracle will transition to @AtlasOracleX , affiliated with @CoinMarketCap , over a 90-day period, with full completion by Aug 6. • @PythNetwork is upgrading Pyth Core on July 31, and Hermes users will now require Pyth API keys. Projects using either provider should update their oracle feed addresses accordingly.

288

23 days ago

Reported Impact: The exfiltrated data consists of approximately 3,800 GitHub-internal repositories containing GitHub's own platform source code and internal tooling — not user data, secrets, or third-party code. Critical internal credentials have already been rotated. No evidence of follow-on attacks against GitHub's production platform or customer-facing services has been reported.

232

23 days ago

🚨 HashDit Alert! 🚨 GitHub has reported unauthorized access to some of its internal repositories! Web3 / Crypto devs: now is a good time to audit your repos, check for any abnormal commits and remove any sensitive data that should NOT be there in the first place ⚠️ With AI-powered attacks on the rise, breaches like this will become more and more common. Stay extra cautious with permissions, secrets management, and credential storage 🛡️ Stay safe!

GitHub

@github

23 days ago

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

25K

14M

540

27 days ago

5/5 🛡 How can you protect yourself moving forward? - Pin exact dependency versions - Avoid `^` / `~` for critical packages - Delay new package adoption by 7–14 days - Use behavior-based supply chain scanners - Isolate build environments - Never expose production secrets to npm install hosts - Enable 2FA on registry accounts Stay safe!

174

27 days ago

🚨 HashDit Alert! 🚨 1/5 The popular `node-ipc` npm package has been compromised with a credential-stealing payload! Confirmed malicious versions: - `9.1.6` - `9.2.3` - `12.0.1` If your environment touched these versions, assume risk ⚠️

28 days ago

🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads. Affected versions: [email protected] [email protected] [email protected] Socket’s AI scanner flagged the malware within ~3 minutes of publication. Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.

SocketSecurity's tweet photo. 🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads.

Affected versions:
node-ipc@9.1.6
node-ipc@9.2.3
node-ipc@12.0.1

Socket’s AI scanner flagged the malware within ~3 minutes of publication.

Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.

562

116

184

467K

660

27 days ago

4/5 🛠 Remediation: Step 1️⃣ — Remove malicious versions Pin a known-safe version, such as: - `12.0.0` - `9.2.1` for the 9.x line Then reinstall cleanly: ```bash rm -rf node_modules package-lock.json npm install ``` Use the equivalent lockfile cleanup for Yarn/pnpm. Step 2️⃣ — Rotate secrets immediately Rotate anything that may have been accessible, including: - cloud credentials - SSH keys - API keys - CI/CD secrets - Kubernetes credentials - deploy keys - wallet-related secrets if present Step 3️⃣ — Block attacker infrastructure Block at firewall/proxy level: - `https://t.co/zeGKudtopE` - `37.16.75.69` Also quarantine the malicious versions in your private registry/proxy: - Artifactory - Verdaccio - internal mirrors

213

28 days ago

🚨 HashDit Alert🚨 @zachxbt has reported that @THORChain has been compromised, with total stolen funds amounting to >$7.4m. Source: https://t.co/FkhLGB4EDe DO NOT interact with the project until the team gives the all clear. Stay Safe!

HashDit's tweet photo. 🚨 HashDit Alert🚨

@zachxbt has reported that @THORChain has been compromised, with total stolen funds amounting to >$7.4m.

Source: https://t.co/FkhLGB4EDe

DO NOT interact with the project until the team gives the all clear.

Stay Safe! https://t.co/YCIIyl20ia

447

HashDit retweeted

NFT_Dreww.eth

@nft_dreww

about 1 month ago

⚠️Official PSA for Discord to address a major widespread issue⚠️ Scammers are violating @discord's ToS to use APIs/Automation to scam users... They have automated flows set up to watch for new members joining... The moment someone joins, they send a friend request impersonating team members or support... This confuses new members and can lead to scams. Let me explain ⤵️⤵️ This can happen to any servers, the servers shown in the video below are just an example as scammers do this to all popular servers!! Regardless of the servers security!

HashDit retweeted

about 1 month ago

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional @squawk/* packages on npm guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.pyz, writes it to /tmp/transformers.pyz, and runs it with python3 without integrity verification. The git-tanstack.com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds Regardless I just came to say hello :^)” The page also linked to a YouTube video and you can probably guess which one.

SocketSecurity's tweet photo. 🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading.

Newly confirmed compromised artifacts:

@opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads)

mistralai: 2.4.6 on PyPI

guardrails-ai: 0.10.1 on PyPI

additional @squawk/* packages on npm

guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.pyz, writes it to /tmp/transformers.pyz, and runs it with python3 without integrity verification.

The git-tanstack.com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds
Regardless I just came to say hello :^)”

The page also linked to a YouTube video and you can probably guess which one.

483

924

963K

HashDit retweeted

about 2 months ago

🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline. We’ll continue updating our coverage as more details are confirmed. https://t.co/G0aakn8swq

SocketSecurity's tweet photo. 🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.

We’ll continue updating our coverage as more details are confirmed.

https://t.co/G0aakn8swq https://t.co/hcc4l21B7n

531

762

about 2 months ago

⚠️ Web3 social managers on X: stay alert. Scam phishing emails targeting crypto are circulating again. If you enter your project's credentials into the fake login page, your X account WILL GET HACKED! Stay vigilant!! Refer to this for more information: https://t.co/D7b6ZJDNFv

8 months ago

🚨 WARNING: Recently, there has been a rise of Web3 Crypto X Accounts being compromised. Through our investigation, we noticed there has been a 6 month campaign of scam X phishing emails usually preying on the urgency to 'verify' their account. So what should you do if you are a social media manager: 🧵👇 1. Be wary of what email you are interacting with. Hover your mouse over 'sender' to check the sender’s domain (should end in @x.com or @help.x.com). On mobile, you can tap and hold to view the 'sender'. 2. Be extra vigilant of any unknown DMs across all social media asking for any collaborations or partnerships. 3. Be careful what Third-Party App or X account you will be connecting or delegating too. Regularly check permissions and revoke if unused. Stay safe!! #CryptoScams #Web3 #Cybersecurity

564

HashDit retweeted

Vercel @vercel

about 2 months ago

In collaboration with @github, @Microsoft, @npmjs, and @SocketSecurity, our security team has confirmed that no npm packages published by Vercel have been compromised. There is no evidence of tampering, and we believe the supply chain remains safe. https://t.co/0S939n3qHC

227

161

240K

about 2 months ago

3/ Long term solutions: 1. Pin exact dependency versions (avoid using ^ ranges) 2. Use and review lockfile changes in PRs 3. Use --ignore-scripts in CI when possible 4. Run installs in isolated environments without production secrets Stay safe!!

231

about 2 months ago

🚨 Vercel and Next.js devs do this now! 🚨 ShinyHunters (the threat actor behind the Rockstar/Ticketmaster breach) hacked @vercel via a compromised third-party AI tool's Google Workspace OAuth app!! ⚠️⚠️⚠️ Do this now before reading further! 1. Rotate all important Vercel env vars immediately - especially npm, GitHub, API, and deployment tokens 2. Review and remove unnecessary connected apps - remove https://t.co/eOZJw6BYZe from Google Workspace accessed apps - revoke Vercel/GitHub integrations Why this matters if you are in #Web3/#Crypto: Vercel hosts hundreds of DeFi frontends, and stolen CI/CD credentials could enable wallet-drainer injection at scale! ⚠️ 1/ Affected Impact 2/ Root Cause 3/ Long term solution

Vercel @vercel

about 2 months ago

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: https://t.co/0S939n3qHC

697

11M

17K