Tag:

Chains

BNB Chain’s X Account Hacked as SlowMist Exec Flags Inferno Links

by admin October 1, 2025

The official X account of the BNB Chain blockchain network, with nearly four million followers, was compromised on Wednesday. Hackers used the account to spread phishing links targeting cryptocurrency wallets.

Binance founder Changpeng “CZ” Zhao confirmed the incident, warning his followers not to interact with the malicious posts containing phishing links. “The hacker posted a bunch of links to phishing websites that ask for Wallet Connect. Do NOT connect your wallet,” CZ wrote.

He added that BNB Chain’s security teams have notified X and are working to suspend the account and restore access. Zhao said takedown requests for the phishing sites have already been submitted.

A BNB Chain team member told Cointelegraph that their team is currently investigating and will share more information shortly.

Source: Changpeng Zhao

Phishing links disguised as Wallet Connect prompts

SlowMist’s chief information security officer, who goes by the handle 23pds on X, said attackers used a classic trick, swapping letters in the phishing domain to make it appear legitimate.

“BNB Chain’s English official X account has been hacked! The phishing website changed the letter i into l,” 23pds posted, warning users not to be deceived. The security professional also suggested that the malicious domain belongs to the infamous Inferno phishing group.

The Inferno Drainer is a crypto wallet-draining software and phishing-as-a-service platform that emerged around 2022 and gained notoriety in 2023. It operates by allowing its affiliates to deploy ready-made phishing sites that mimic legitimate crypto project interfaces.

The incident highlights challenges in protecting official crypto project accounts from takeovers. The SlowMist CISO suggested that the breach raises questions about the team’s security practices.

“The BNB Chain team’s security awareness shouldn’t be this poor,” 23pds said.

Source: 23pds

Related: Hide your crypto: Infamous ‘try my game’ Discord scam on the rise

CZ warns users to check domains carefully

In his X post, Zhao advised community members to always check domains even when the links are coming from official or verified social handles. “Always check the domains very carefully, even from official X handles. Stay SAFU!” he wrote.

One of the phishing links shared by malicious attackers. Source: X

At the time of writing, the phishing posts were no longer visible, yet it remains uncertain whether any users connected their wallets or lost funds.

Magazine: Avalanche in deal with ETF giant, yuan stablecoin ‘fake news’: Asia Express

Source link

October 1, 2025 0 comments

Crypto Trends

BREAKING: Binance’s CZ Issues Major Security Alert About BNB Chain’s X Account

by admin October 1, 2025

Former Binance CEO Changpeng Zhao has issued a major security warning about the official X account of BNB Chain, which appears to have been compromised by hackers.

ALERT 🚨: The @BNBCHAIN X account may have been compromised.

Please do not click on any links recently posted from this account.

The teams are investigating and will share updates as soon as possible. 🙏

— CZ 🔶 BNB (@cz_binance) October 1, 2025

Several minutes ago, the account posted “$4” alongside the phrase “FOR THE MEME.” This was accompanied by a wallet address and a picture of CZ.

The obviously fraudulent social media post has been pinned by the attackers to gain more exposure. Notably, @BNBCHAIN boasts a whopping 3.6 million followers, which makes it one of the most popular cryptocurrency-related pages on X (and a very juicy target for attackers).

CZ has warned against clicking any suspicious links posted from the account, adding that the team is currently investigating the issue.

Other recent crypto account hacks

Crypto scams have been plaguing social media networks for years. In 2025, there have been several other high-profile X hacks pulled off by crypto scammers. In February, the official account of Pump.fun was used to announce a fake governance token.

During the same month, an account belonging to a WIRED reporter was also compromised to promote a fake WIRED-branded meme token.

Hackers are also targeting public figures. In March, the official X account of Ghana President John Mahama was compromised to promote “Solanafrica,” a fraudulent token on the Solana network. In April, the X account of UK government minister Lucy Powell was hacked to advertise a bogus “community-driven digital currency.”

Source link

October 1, 2025 0 comments

NFT Gaming

PayPal’s PYUSD Stablecoin Now Available On 9 More Chains

by admin September 20, 2025

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

PayPal’s stablecoin PYUSD is now available on nine more blockchains, thanks to integration with LayerZero’s interoperability protocol.

PayPal’s Stablecoin Now On Tron, Avalanche, & Seven Other Networks

As announced by LayerZero in a blog post, PayPal USD (PYUSD) is getting a major expansion through integration with its Stargate Hydra system, allowing users to move the stablecoin to blockchains on which it is natively unavailable. This is made possible with PYUSD0, a new permissionless token that’s fully fungible with the original PYUSD.

Currently, PayPal’s stablecoin is natively issued by Paxos on Abritrum, Solana, Ethereum, and Stellar. With PYUSD0, it will now also be transferable to Abstract, Aptos, Avalanche, Ink, Sei, Stable, and Tron. According to LayerZero, more networks beyond these are also set to come.

Previously, PYUSD was already bridged to two other networks, Berachain (BYUSD) and Flow (USDF), and both will now be receiving upgrades to PYUSD0. This makes a total of nine networks on which the new token will be accessible.

“As the stablecoin market continues its rapid growth beyond $270 billion, innovations like this are essential for creating the seamless, interoperable financial infrastructure that users and developers demand,” says David Weber, Head of Ecosystem, PayPal USD.

PayPal launched its stablecoin back in 2023, becoming one of the first payment processing giants to embrace fiat-tied tokens. Since then, the firm has been taking measures to increase the reach of its coin, most recently with the Stellar version launch on Thursday.

Now, with the LayerZero integration, the company has taken another step toward its goal. “By working together, we will enable PYUSD to reach new markets faster while maintaining compliance and composability from day one,” notes Weber.

The PYUSD0 system is built on three pieces of infrastructure: PayPal’s stablecoin itself, Stargate Hydra, and LayerZero. Stargate, which was acquired by LayerZero last month, acts as the transfer interface, while LayerZero handles minting, burning, and deployment of PYUSD0 to the new blockchains.

“With PYUSD0, PayPal USD expands its reach and flexibility to work across today’s networks and tomorrow’s,” says Bryan Pellegrino, Co-Founder and CEO at LayerZero Labs. “Launches like this make it obvious that we are at the start of a global financial market that breaks down borders and works around the clock.”

Besides its stablecoin, PayPal has also been making developments in its cryptocurrency payments ecosystem lately. In late July, the payments processor firm unveiled a “Pay with Crypto” service to help merchants receive digital asset payments, and earlier this week, it also announced cryptocurrency integration into its peer-to-peer (P2P) payments system.

Bitcoin Has Seen A Pullback During The Past Day

Bitcoin recovered to $117,900 on Thursday, but the asset has since gone down as its price is back at $116,400. The below chart shows how the coin’s recent trajectory has looked.

The price of the asset seems to have overall moved sideways over the last five days | Source: BTCUSDT on TradingView

The pullback in Bitcoin and other digital assets has induced $133 million in long liquidations over the last 24 hours, according to data from CoinGlass.

The data for the cryptocurrency liquidations during the past day | Source: CoinGlass

Featured image from Dall-E, CoinGlass.com, chart from TradingView.com

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Source link

September 20, 2025 0 comments

NFT Gaming

BNB Chain’s New Gold Protocol hit by $2m launch-day hack

by admin September 19, 2025

AI-driven, self-described “DeFi 3.0” staking protocol The New Gold Protocol, built “with sustainability at its core,” was hacked hours after launch. The hacking took place on Sept. 18, 2025. The hacker exploited two flaws in the design of NGP. The case demonstrates how negligence in protocol design may doom a project from day one.

Summary

Nearly $2 million in crypto was stolen from the just-launched New Gold Protocol platform via a flash loan attack.
Stolen money was sent to Tornado Cash. The hacker is not identified.
The team behind the New Gold Protocol keeps silent.
The biggest flash loan attacks resulted in over $100 million in losses.

What is New Gold Protocol?

The New Gold Protocol is a staking protocol built on top of the BNB blockchain and launched on Sept. 18.

One of the problems that The New Gold Protocol aimns to solve is the “lack of pricing rules.” According to the whitepaper, many DeFi protocols “lack standardized mechanisms for behavior pricing, resulting in volatility and disorder.”

The “next-generation DeFi 3.0” New Gold Protocol was meant to outperform competitors that do not have intrinsic earnings and whose governance models are inefficient. The NGP team saw the way to achieve transparency, fairness, and sustainability through AI optimization.

The New Gold Protocol was striving to create an inclusive staking platform with a transparent, automated environment sustained via smart contracts. Due to token burns, NGP promoted its native token as deflationary. It promised real-yield distributions instead of inflationary and speculative incentives. The NGP whitepaper suggested that transparency ensures accountability. However, it turned out that this was not enough.

How was NGP hacked?

The hacking took place shortly after the launch of the NGP token. The amount of NGP tokens that could be bought was limited to prevent price-inflation attacks, but the hacker found a way to bypass it.

According to analysts from blockchain security company Hacken, six hours before the attack the hacker accumulated a high number of assets via flash loans using different accounts. Flash loans are a feature popular on DeFi platforms. They allow borrowing crypto assets quickly without collateral. Borrowed funds may be used for arbitrage trading, stealing funds from a protocol, or price manipulation. As Hacken notes, the damage caused through flash loan attacks may amount to millions of dollars.

The attacker used an oracle-manipulation tactic. The protocol determined the NGP token price by scanning its reserves in the DEX’s liquidity pool, which allowed the attacker to manipulate the price. The attacker began swapping BUSD to NGP on PancakePair, which pumped NGP’s price quickly.

The New Gold Protocol contained two limits: a buying limit and a cooldown limit for buyers. Both were bypassed as the attacker used the “dEaD” address as the recipient.

The next move was draining nearly all the BUSD tokens from the protocol via selling NGP. It left The New Gold Protocol with almost no funds. The attacker then gained $1.9 million worth of crypto and immediately swapped the funds to BNB-based ETH.

According to the Hacken team, the following actions included depositing stolen funds to Tornado Cash through Ethereum bridged with Across. The action sent the NGP price up while leaving the protocol with only a small amount of funds. Soon, the NGP token price plummeted 88%.

Unfortunately, despite ambitious plans to reshape the DeFi sector and build a sustainable product, The New Gold Protocol neglected its own security and faced severe damage. The company did not comment on the issue. The latest tweet reads “stability meets growth.” It was published several hours before the attack and now looks like a bitter joke.

Other flash loan attacks

As soon as flash loans were introduced, flash loan attacks quickly became one of the tactics used by criminals.

The biggest attack took place in March 2023. The hacker managed to steal around $197 million in Wrapped Bitcoin, Wrapped Ethereum, and other assets from the Euler Finance protocol. The hacker was using an error in the platform’s calculation rate. The funds were sent to an address used earlier by the notorious DPRK hackers, the Lazarus Group. What made this case especially notable is that the hacker voluntarily returned all the funds and apologized.

Other notable examples include the Cream Finance hack ($130 million stolen in 2021) and Polter ($12 million stolen in 2024). A flash loan was part of the scheme used in 2025 to wipe out $223 million in crypto from the Cetus protocol based on Sui.

Source link

September 19, 2025 0 comments

NFT Gaming

Tether halts USDT freeze on legacy chains, adopts ‘unsupported’ status

by admin August 30, 2025

Tether will no longer freeze USDT on Omni, BCH SLP, Kusama, EOS, Algorand, and other legacy chains. The assets, however, become “unsupported,” entering a financial limbo without official issuance or redemptions.

Summary

Tether halts its planned USDT freeze on legacy blockchains, including Omni, BCH SLP, Kusama, EOS, and Algorand.
Tokens on these networks become “unsupported,” with transfers allowed but no official issuance or redemption.
The update follows community feedback and aligns with Tether’s broader strategic focus on active, high-demand chains.

On August 29, USDT issuer Tether announced a significant revision to its transition plan for legacy blockchains. Originally, the company had planned to freeze USDT tokens and halt redemptions on networks including Omni Layer, Bitcoin Cash SLP, Kusama, EOS, and Algorand starting September 1, 2025.

Following extensive feedback from user communities, Tether opted to abandon the freeze while still discontinuing official issuance and redemption. This leaves tokens on these networks in an “unsupported” state, where transfers between wallets remain possible but the assets no longer carry the same backing or operational support as USDT on active chains.

“While users will still be able to transfer the tokens between wallets, Tether will discontinue direct issuance and redemption on these blockchains. This means the tokens will no longer be officially supported as other Tether tokens,” the USDT issuer said in the statement.

A strategic pivot, not a retreat

Tether’s decision to walk back the freeze suggests that pushback from developers and users on networks like EOS and Algorand presented a reputational risk that outweighed the technical simplicity of a clean break.

The revised approach, which Tether states “aligns with its broader strategy,” is a pragmatic compromise. It allows the firm to shed the operational burden of supporting low-traffic chains while avoiding the public relations nightmare of effectively destroying user assets.

However, while the issuer pares down its support on one front, it is aggressively expanding on another. Just one day prior to this announcement, Tether revealed plans to launch a native USDT on Bitcoin via the RGB protocol.

The move can be seen as Tether’s strategic bet on Bitcoin’s foundational security. Unlike wrapped assets on bridges, which introduce counterparty risk, RGB leverages Bitcoin’s own scripting and client-side validation to make USDT an intrinsic part of the Bitcoin ecosystem.

Tether already distributes the stablecoin across Ethereum and Tron, each with over $80 billion in circulation, and on smaller platforms like Solana, Avalanche, Celo, and Cosmos.

Source link

August 30, 2025 0 comments

Google Doubles Down on AI: Veo 3, Imagen 4 and Gemini Diffusion Push Creative Boundaries

GameFi Guides

Google Reveals Layer-1 ‘Universal Ledger’ Plans as Circle, Stripe Prep Rival Chains

by admin August 27, 2025

In brief

Rich Widmann, Google Cloud’s head of Web3 strategy, confirmed that the Universal Ledger is a layer-1 blockchain.
The system uses Python for smart contracts, diverging from industry standards like Solidity and Rust.
Analysts question Google’s neutrality as it competes with Stripe and Circle for institutional blockchain infrastructure.

Over five months after Google Cloud announced a partnership with CME Group, Rich Widmann, the tech giant’s head of Web3 strategy, confirmed Tuesday that the company’s Universal Ledger is indeed a layer-1 blockchain.

“All this talk of layer-1 blockchains has brought Google’s own layer-1 into focus,” Widmann wrote on LinkedIn. “If you’re building a layer-1, it has to be differentiated.”

Widmann’s statement follows CME Group’s March 25 announcement that it has completed the first phase of integration and testing for the project. At the time, details were sparse on whether it was public or private, as well as if it was a layer-1 chain.

A layer-1 or L1 blockchain is a foundational network that runs independently, handling transactions and security directly. Unlike layer-2 or L2 chains, it doesn’t rely on another chain for validation or settlement, though those can extend and improve a chain’s efficiency.

Decrypt reached out separately to Widmann and Google, but did not receive an immediate response.

Why Python?

Dubbed the Google Cloud Universal Ledger (GCUL), Widmann described it as a base layer enabling Python-based smart contracts, setting a programmable, distributed ledger for wholesale payments and asset tokenization.

The choice of programming language sets Google’s L1 apart from those typically used and accepted as standard in the crypto industry, such as Solidity for Ethereum-compatible chains and Rust for chains like Solana, Aptos, and Sui.

Choosing Python is “pragmatic” because it “lowers the barrier for enterprises and fintech developers who already use it for data, finance, and machine learning,” Christine Erispe, a developer advocate at Ethereum Philippines, told Decrypt.

With Python, the upcoming L1 could “accelerate experimentation,” but may also “silo developers” unless Google makes efforts to provide “strong tooling, auditing, and interoperability bridges,” Erispe said.

That move is “a contrarian bet,” because “instead of being EVM-compatible, it leans on Google’s scale, financial institution reach, and a differentiated programming model,” she added.

Credibly neutral?

Unlike other upcoming layer-1 chains such as Stripe’s Tempo or Circle’s Arc, Google’s network is positioned as open infrastructure, with Widmann describing it as a “performant, credibly neutral” chain that “any financial institution” can build on.

While Stripe and Circle are “building chains that fit directly into their existing businesses,” Google is “playing a different game: scale and neutrality,” Aharon Miller, co-founder and COO of crypto payments gateway Oobit, told Decrypt.

As a centralized tech giant, Google “already runs half of the internet’s infrastructure, but the real test is whether institutions believe they’ll stay neutral in the long term,” Miller said.

However, Dr. Sean Yang, chief technology officer at OORT—a data cloud for decentralized AI—argued that Google’s neutrality claim may be “more marketing than reality.”

Google has “massive conflicts of interest across payments, cloud services, and advertising,” Yang told Decrypt.

Asked about the differences between the three L1s underway, Yang said Google is “going broad” while “Circle is going deep,” and “Stripe is targeting developers and payment companies.”

While not in direct competition, the three are “carving out different segments of institutional blockchain infrastructure,” Yang said.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Source link

August 27, 2025 0 comments

Gaming Gear

FTC Sues Gym Chains for Making It Hard to Cancel Memberships

by admin August 20, 2025

The Federal Trade Commission filed a lawsuit against the operators of several gym chains, including LA Fitness, on Wednesday over allegations that they make it too difficult to cancel memberships. And that’s probably welcome news for anyone who’s had the displeasure of trying to cancel with their gym.

The companies being sued by the FTC are Fitness International and Fitness & Sports Clubs, which own gym chains like Esporta Fitness, City Sports Club, and Club Studio. The largest chain, LA Fitness, has over 600 locations across the U.S.

The 22-page complaint, which has been posted online, details how the FTC believes LA Fitness and others have created a cumbersome process for consumers to cancel. For starters, members are required to log in to their website and print off a cancellation form. But users are encouraged at sign-up to use the LA Fitness app and a QR code, meaning that many people apparently don’t know their login information for the website. There’s no way to cancel through the app, according to the FTC.

Customers who don’t know how to log in with their credentials need to jump through even more hoops to get them. The user must provide the original email address used to get the membership account, the “key tag number” handed out when they signed up, and the first five digits of the bank account or credit card number listed on the account, according to the complaint.

The cancellation form isn’t made publicly available on the company’s website and can only be found after users log in. And the form must be printed out, a very real hurdle for many households in the year 2025.

Even if you figure out how to log in with your credentials and print out the form, customers are required to either mail the form or bring the form to a physical location, where they’ll face even more hurdles. The FTC says customers are required to send cancellation forms via registered or certified mail. And even though most LA Fitness locations are open seven days a week, often for 19 hours a day, cancellations are only accepted between 9 a.m. and 5 p.m., when most people are at work.

Nobody really wants to take PTO to cancel their gym membership. And that’s how people can get stuck with gym memberships they no longer want.

The FTC’s press release announcing the lawsuit also alleges that LA Fitness has trained staff to reject requests to cancel by phone or email. And “consumers who try to cancel their memberships by stopping charges to their bank or credit card find they are rebilled, often under new account numbers.” The FTC says that violates the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA). Cancelling with nothing more than a click on the app seems like it would be a reasonable and consumer-friendly way to conduct business.

“The FTC’s complaint describes a scenario that too many Americans have experienced—a gym membership that seems impossible to cancel,” Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection, said in a press release.

“Tens of thousands of LA Fitness customers reported difficulties—cancellation was often restricted to specific times or required speaking to specific managers who were often not present or available. The FTC will not hesitate to act on behalf of consumers when it believes companies are stifling consumers’ ability to choose which recurring charges they want to keep.”

LA Fitness is far from the only business that seems to thrive on cumbersome auto-renewal policies. How many times have you signed up for a digital subscription of some kind and failed to cancel before you were charged again? It seems like an increasingly popular business model these days. And the FTC has taken notice.

Fitness International, the operator of LA Fitness, didn’t immediately respond to questions emailed on Wednesday. Gizmodo will update this post when we hear back.

Source link

August 20, 2025 0 comments