Home
In-Depth
Newsflash
Event Calendar
Series
Directory
Data
Discover
Blockchain security is no small matter
What risks will we encounter in the blockchain dark forest? How should we deal with them?
75 articles
Is your "crayfish" running naked? CertiK test: How the vulnerable OpenClaw Skill can fool the audit and take over your computer without authorization.
Recently, CertiK, the world's largest Web3 security company, released its latest research on Skill security. The article points out that there is a misconception in the market regarding the security boundaries of the AI agent ecosystem: the industry generally treats "Skill scanning" as the core security boundary, but this mechanism is almost useless in the face of hacker attacks.
CertiK
6 hours ago
Seven Deadly Threats to AI Agents Revealed: Malicious Plugins Are Targeting Your API Key
New fraud patterns targeting Agent users, malicious plugin attacks, and API key abuse are gradually becoming new security threats.
慢雾科技
2 authors
14 hours ago
A must-read for those jumping on the "lobster farming" bandwagon! OpenClaw is riddled with vulnerabilities, resulting in the compromised devices and stolen assets of thousands.
The recent surge in popularity of the AI tool OpenClaw coincided with a large-scale security incident. Due to issues such as excessive privileges and lack of security configurations, it suffered from four major fatal risks, including prompt word injection and AI malfunction. More than 30,000 instances worldwide were compromised by hackers, and the black market also took the opportunity to launch related scams such as counterfeit currency and inducement to transfer funds. Relevant national agencies have issued emergency security warnings one after another.
零时科技
03/17/2026, 12:01 AM
Analysis of Guarantee Platforms and Black Market Operations: Including On-Chain Tracking, Legal Interpretation, and Countermeasures
Uncover the "shell-changing game" of overseas guarantee platforms, stay away from black and gray industry traps, and protect your property and freedom.
链析加密实验室
03/12/2026, 02:22 AM
2025加密犯罪报告:杀猪盘、跨链桥与Lazarus,谁接收了最多的黑灰产资金?
025加密犯罪报告:波场沦为结算温床,以太坊成洗钱“工具箱”
BlockSec
03/09/2026, 01:45 PM
2月加密安全报告出炉,AI仿冒钓鱼成头号威胁
2026 年 2 月区块链安全事件总损失约 2.28 亿美元,黑客攻击与合约漏洞占 1.26 亿美元,诈骗类占 1.02 亿美元。攻击集中于预言机、跨链桥及合约漏洞,模仿攻击增多;诈骗以仿冒钓鱼、资金盘跑路为主,AI 仿冒页面隐蔽性更强。
零时科技
03/02/2026, 03:27 AM
当黑客「更高效」用上 AI,Web3 的「矛与盾」军备竞赛如何升级?
当黑客开始利用 AI 规模化生成攻击,Web3 用户的安全盾牌,也必须随之进化。
imToken
01/19/2026, 02:30 PM
From Beginner to Risk Control: A Practical Guide to HIP-3 Security for Builders
Three months after HIP-3 launched its mainnet, third-party marketplace transactions exceeded $13 billion. The shift from platform approval to open APIs for new perpetual contracts lowers the barrier to innovation but requires addressing security risks.
BlockSec
01/19/2026, 10:30 AM
Polymarket上Top级Trading Bot Polycule被攻击,预测市场项目该如何做好安全防范
2026 年 1 月 13 日,Polycule 官方确认其 Telegram 交易机器人遭遇黑客攻击,约 23 万美元用户资产受损。随着机器人下线与赔付承诺公布,事件迅速引发行业对 Telegram Trading Bot 安全性的讨论。透过 Polycule 的功能结构与设计逻辑,可以看到这并非单点失误,而是交易机器人模式下长期存在却被低估的安全风险集中爆发。
ExVul Security
01/14/2026, 02:50 AM
区块链安全科普:远离虚拟币传销的五大识别技巧
虚拟币网络传销借区块链包装,以高返利为诱饵,靠拉人头发展层级敛财,衍生多种隐晦模式,危害财产与金融秩序。防范需警惕高收益噱头、坚守理性。零时科技可提供骗局辨析、安全检测等服务,助力守护财产安全。
零时科技
01/08/2026, 03:30 AM
Web3安全系列:误转到其他链上的资金,还能救回来吗?
币打错链,心惊肉跳?别急着绝望!你的资产可能还有救!本文将揭示找回跨链误转资金的关键。
ZAN Team
12/16/2025, 03:00 AM
10,000-word investigation: How North Korea infiltrates the cryptocurrency industry
A CoinDesk investigation has found that more than a dozen blockchain companies have unwittingly hired undercover IT workers from North Korea, creating cybersecurity and legal risks.
Joy
10/03/2024, 02:10 AM
再怎么强调也不为过(一):确保加密资产安全的10个步骤
让我们深入探讨10个简单的步骤,你可以使用这些步骤来确保你的资产保持安全,并确保你的加密货币前沿之旅畅通无阻。
讯流InfoFlow
08/28/2023, 08:17 AM
Saddle Finance之殇:从Curve的强有力竞争者走到清算关闭
顶级VC的投资与强烈的空投预期为Saddle Finance带来了很高的起点,但后续遭到闪电贷攻击,现在市值已经接近归零,面临清算。
蒋海波
08/10/2023, 09:52 AM
PA图说 | 一图速览大型跨链桥攻击及处理情况
跨链桥安全事件频发,历史上涉及的资金超过20亿美元,本月已有Poly Network和Multichain两个知名跨链桥资金被盗或异常转移。
PA图说
07/07/2023, 04:41 AM
签名就被盗?揭秘Uniswap Permit2签名钓鱼骗局
本文Beosin联合独立研究员菠菜对Uniswap Permit2签名钓鱼骗局进行科普,尽量避免大家更多的资产损失。
Beosin
06/09/2023, 08:34 AM
警惕eth_sign盲签骗局:介绍、手段及防范
近期,我们注意到 eth_sign 盲签骗局异常活跃,许多用户在不明网站上被诱导签署看似无害的 eth_sign 签名,结果造成钱包内的资产不翼而飞。
imToken
05/23/2023, 12:41 PM
为何我总收到“交易所清退”短信?一文了解Web3.0数据泄露事件分类及保护措施
本文即将带你了解:Web3.0 数据泄露事件的分类,以及为了保护自己的数据安全,我们应该采取何种措施。
CertiK
05/18/2023, 11:19 AM
什么是Rug Pull?我们又该如何甄别避免?
随着加密货币投资的兴起,诈骗也随之兴起。加密世界中最常见的骗局之一是rug pull。本文将从什么是Rug Pull,它的不同类型,以及如何识别和避免这些欺诈行为等方面展开介绍。
Numen Cyber
04/28/2023, 01:40 PM
揭秘Web3.0移动钱包新型骗局:模态钓鱼攻击Modal Phishing
一茬接一茬,Web3.0移动钱包又现独特钓鱼攻击手法:Modal Phishing。
CertiK
04/20/2023, 07:27 AM
Load More
