SlowMist (@SlowMist_Team)

🚨 SlowMist TI Alert 🚨 MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1. Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately. Detection & Remediation: Please urgently audit your environments for exposure: • Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions. • Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges. • CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.). ⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner. As always, stay vigilant!

🚨SlowMist TI Alert🚨 💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003) 🔍 Root Cause: Unprotected initialize(address varg0) in SafeOwnable Facet. Diamond set owner via non-initialize path without updating _initialized version slot (bytes 0-7 of 0xf0c57e...) from 0, allowing re-init by attacker to overwrite owner, call diamondCut to inject malicious facet with pullERC20, and drain approved USDC. 📌 Victim Contract: 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2 📌 Vulnerable Facet: 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f 📌 Attacker EOA: 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca Attacker seized Diamond ownership and drained USDC from approved victims including 0x2e933518..., 0xa90714a1..., 0xeced2d37.... Powered by #SlowMist#.AI

🚨 MistEye TI Alert 🚨 MistEye has detected a highly sophisticated npm worm, "Mini Shai-Hulud," spreading through trusted developer projects like TanStack, UiPath, and DraftLab. The attackers hijacked GitHub credentials to publish malicious, yet seemingly legitimate, package updates. The malware injects a heavily disguised hidden script (router_init.js) that runs silently in the background of CI/CD environments (like GitHub Actions). It is specifically designed to harvest highly sensitive data, including CI/CD secrets, cloud infrastructure keys, and cryptocurrency wallets. The stolen data is then stealthily smuggled out using GitHub's own infrastructure. We have synchronized these critical IOCs with our clients. If your projects utilize the affected packages, immediate action is required: please audit your CI/CD pipelines for the presence of the router_init.js file, rotate all exposed GitHub, cloud, and crypto credentials, and closely monitor your development environments for any unauthorized background activity. As always, stay vigilant!

🚨 MistEye Security Gate Officially Released｜Building Frontline Security Detection for AI Agents SlowMist has officially released MistEye Security Gate, a pre-execution security gateway Skill that provides security detection capabilities for dependency installation and domain access for mainstream #AI# coding agents such as @claudeai , @cursor_ai , and @OpenAI GPT. 👉 MistEye Security Gate enables: 🔹 Supply chain package risk detection (npm/pypi/go etc.) 🔹 Real-time scanning of domains/URLs/IPs/emails 🔹 File hash & malicious Skill/MCP identification 🔹 Hard blocking mechanism + daily automated inspections Core Scenarios Covered: - Dependency installation checks (requirements.txt, package.json, etc.) - External link / domain threat validation - Continuous security inspection of installed Skills How to Deploy: 1️⃣ GitHub Repo: 2️⃣ Get free API Key: 3️⃣ Set MISTEYE_API_KEY (env var preferred, or config file with 600 permission) 🛡️ Why It Matters: It cuts off #AIAgent# supply chain and external interaction risks at the source, strengthening the frontline defense. Ready to make your AI Agents run more securely? Welcome to integrate MistEye Security Gate! 🔗 Full article:

🚨SlowMist TI Alert🚨 💸 Loss: 140,180 USDT (140,180,175,562 tokens) 🔍 Root Cause: Missing access control in addUsers (0x4777ff62) function of PayrollDistribution. Anyone can register users for existing drop and set arbitrary totalAmount. 📌 Attacker: 0x90b147592191388e955401af43842e19faa87ee2 📌 Victim: 0xa184af4b1c01815a4b57422a3419e4fb78a96ee4 📌 Vulnerable Contract: 0xef2c77f3b9b8aaa067239bc6b4588bae26433494 Attacker registered exploit contract via addUsers in constructor, flash loaned USDT deposit, claimed oversized payroll from drop #3#. Powered by #SlowMist#.AI

🚀SlowMist RWA Smart Contract Security Audit Service Officially Launched！ RWA (Real World Assets) has become a major frontier where #Web3# meets traditional finance. Unlike traditional DeFi projects, #RWA# security involves far greater complexity — including ownership verification, compliance governance, and on-chain/off-chain consistency. Drawing on years of blockchain security expertise, SlowMist has officially launched a specialized RWA smart contract audit service, delivering comprehensive protection across compliance, permission systems, and on/off-chain consistency. Read full announcement👇 RWA project teams and institutions are welcome to contact us for collaboration! 🤗 📮team@slowmist.com

🚨 A typical AI Agent security incident recently occurred on the Base chain. An attacker sent a carefully crafted Morse code message to @grok, inducing it to output transfer instructions. @bankrbot then directly parsed and executed those instructions, ultimately leading to the transfer of real on-chain assets. Our analysis found that the core issue was NOT that Grok held private keys. Instead, the real problem was: • Untrusted #AI# natural language outputs were treated as executable financial commands • Permission isolation was insufficient • Trust boundaries between AI output and execution systems were poorly defined This incident highlights the growing security risks at the intersection of AI + Crypto Agents.⚠️ Full analysis 👇

🚨SlowMist TI Alert🚨 💸 Loss: ~1,291.16 ETH + ~1,268,771 USDC + ~206,282 USDT + ~16.94 WBTC @trustedvolumes 🔍 Root Cause: In fillOrder function (selector 0x4112e1c2) of RFQ Implementation, signature validation checks _allowedSigners[msg.sender][signer] using caller (taker) instead of order's maker as key, allowing registration via registerAllowedOrderSigner for attack contract and execution of forged orders for any maker. 📌 Attacker EOA: 0xc3ebddea4f69df717a8f5c89e7cf20c1c0389100 📌 Victim Contract: 0x9ba0cf1588e1dfa905ec948f7fe5104dd40eda31 📌 Vulnerable Contract: 0x88eb28009351fb414a5746f5d8ca91cdc02760d8 Attacker drained assets from custodial contract with unlimited approvals via 4 forged RFQ orders.

🚨SlowMist TI Alert🚨 We have detected a malicious transaction exploiting a flawed EIP-7702 account, resulting in a loss of 1,988.5 $QNT (approx. 54.93 $ETH). The root cause is that the admin identity of a QNT reserve pool is held by an EOA (0xc6ddf90790b433743bd050c1d1d45f673a3413f4), which delegated its code to a `BatchExecutor` contract via the EIP-7702 mechanism. Unfortunately, `BatchExecutor` designates the permissionless `BatchCall` contract (0x044dc3e39c566a95011e272ec800dbd2cc9c057c) as an authorized caller. However, `BatchCall.batch()` is entirely open to any external caller without any permission checks. This led to an arbitrary call vulnerability, allowing the attacker to drain the $QNT tokens from the reserve pool. Exploit tx: Powered by #SlowMist#.AI

🥳Unphishable is participating in the current @thedaofund × @Giveth Ethereum Security Quadratic Funding round! If you care about #Web3# security and want to help users stay safe from phishing scams, please consider supporting us.🫶 Unphishable ( is a free, browser-based phishing simulation platform with 30+ realistic challenges. Train to detect real-world attacks like seed phrase scams, fake airdrops, malicious approvals, fake job interviews, and more — all in a safe, gamified environment (MetaMask testnet only). Built jointly by @DeFiHackLabs,@realScamSniffer, and @SlowMist_Team 🙌 It’s quadratic funding, which means small donations get massively amplified by the matching pool. Even a modest contribution can have a huge impact! 🔥 👉 Support Unphishable here: Big thanks to @1nf0s3cpt for the collaboration and strong support!🥰🛡️

🚨. @ZetaChain has been exploited. Based on initial analysis, the following outlines the root cause. Root Cause The core vulnerability lies in the call function of ZetaChain's GatewayZEVM contract, which lacks both access control and input validation. This allows any arbitrary user to invoke cross-chain calls through GatewayZEVM and execute arbitrary operations on external chains via the relayer. Specifically, an attacker can craft a malicious call on ZetaChain to emit a cross-chain event. ZetaChain's relayer picks up this event and, through TSS, executes the malicious call on the destination chain — enabling the attacker to drain funds. Transactions:

🚨 SlowMist TI Alert 🚨 MistEye has monitored threat intelligence regarding a sophisticated supply chain campaign targeting official Checkmarx distribution channels. The attack involved maliciously overwriting tags in the checkmarx/kics Docker Hub repository and injecting remote payload execution logic into specific extension versions, including checkmarx/cx-dev-assist (1.17.0, 1.19.0) and checkmarx/ast-results (2.63.0, 2.66.0). This campaign specifically aims to exfiltrate developer and cloud credentials to obtain GitHub and npm tokens for lateral propagation. Consequently, this propagation has led to the compromise of the @bitwarden/cli@2026.4.0 package, which now contains a malicious file named bw1.js. These IOCs have been synchronized with clients immediately. It is advised to avoid unverified checkmarx/kics Docker images and strictly refrain from using the compromised extension or CLI versions mentioned above. Immediate auditing of development environments and rotation of any potentially exposed credentials or tokens is strongly recommended. As always, stay vigilant!

🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the community regarding an active and highly destructive macOS infostealer known as "MacSync Stealer" (v1.1.2). Threat actors are targeting macOS users to extract sensitive data, including crypto wallets, browser credentials, system Keychains, and infrastructure keys (SSH/AWS/K8s). The malware uses fake AppleScript system dialogs to phish for login passwords and displays a fake "not supported" error after data exfiltration. We have synchronized this IOC with our clients immediately. Please do NOT execute unverified macOS scripts and be extremely cautious of unexpected system password prompts. In the event of a suspected compromise, immediate remediation is critical: rotate all infrastructure credentials (SSH/AWS/K8s), invalidate exposed Keychains, and swiftly migrate cryptocurrency assets to secure wallets. As always, stay vigilant!

Big thanks to @Techub_News for the in-depth interview and coverage on the recent KelpDAO × LayerZero security incident. 🙌 This wasn’t a single-point bug — it’s a classic DeFi structural risk exposure ⚠️ In the interview, we also shared our views on the attack path, responsibility boundaries, and where the industry is heading next 🔍 Details:👇

🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the community regarding an active social engineering campaign utilizing fraudulent "Harmony Voice" links (harmony-voice[.]app). Threat actors are targeting individuals under the guise of project collaboration, requesting the use of this fake software for real-time translation. We have synchronized this IOC with our clients immediately. Please do NOT click on any harmony-voice[.]app/invite/room/... links, download associated software, or interact with unsolicited testing requests. As always, stay vigilant!

🚨Security Reminder: How to Use SlowMist Security in Hermes Agent ？ Previously, we have integrated SlowMist security capabilities into @NousResearch’s Hermes Agent, making it ready to use directly.🌟 👉Simply install: For smoother and more stable interactions in the future, you can also define a shortcut for your Agent: “From now on, when I mention ‘smas’, it refers to slowmist-agent-security.” Secure your agents. Build with confidence. 🚀cc @evilcos

🔍 SlowMist Security Assessment 📑 After a dedicated security audit and wallet sensitive information detection, the #OKX# Web3 @wallet has been verified to NOT transmit private keys or mnemonic phrases to any external servers. ✅ Detection content: Whether the app sends the private key or mnemonic to an external server ✅ Whether to leak sensitive information: Not Found 🧩 Versions: 🔹 iOS: 6.150.0 🔹 Android: 6.150.0 🔹 Extension: 3.83.0 🔹 Commit: 541d37b00da13591568f8436a7112f0beff642b0 📄 Full Statement: ⚠️ Note: This conclusion applies only to the audited version and provided information at the time of review.

🚨 SlowMist TI Alert 🚨 Please check for Malicious Versions of #axios# 1.14.1 / 0.30.4 and Historical Exposure Risk from global #OpenClaw# npm Installation. As of March 31, 2026, open-source intelligence indicates that axios@1.14.1 and axios@0.30.4 have been confirmed as malicious versions. Both contain an extra dependency, plain-crypto-js@4.2.1, which can deliver cross-platform malicious payloads via its postinstall script. 1️⃣/ The impact on OpenClaw needs to be assessed per scenario: 1) Source Build Scenario: Not Affected 🤖 👉 Lock files in v2026.3.28 actually lock axios@1.13.5 / 1.13.6, which are not malicious versions. 2) npm install -g openclaw@2026.3.28 Scenario: Historical Exposure Risk Exists 🔍 👉 This is because the dependency chain includes: openclaw -> @line/bot-sdk@10.6.0 -> optionalDependencies.axios@^1.7.4 During the time window when the malicious versions were online, axios@1.14.1 could have been resolved. 3) Current Reinstallation Result: npm now resolves to axios@1.14.0 🧩 👉 However, environments that installed within the attack window should still be treated according to the affected scenario, and IoC checks are recommended. 2️⃣/ Reference for Checks ✅ Check for malicious versions and modules first: npm list axios 2>/dev/null | grep -E "1.14.1|0.30.4" grep -A1 '"axios"' package-lock.json 2>/dev/null | grep -E "1.14.1|0.30.4" ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENTIALLY AFFECTED" ✅ If OpenClaw was installed globally, also check the global path: npm root -g npm ls -g openclaw axios plain-crypto-js @ line/bot-sdk --depth=4 3️⃣/ Known IoC Path Checks #macOS# ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "COMPROMISED" #Linux# ls -la /tmp/ld.py 2>/dev/null && echo "COMPROMISED" #Windows# (cmd.exe) dir "%PROGRAMDATA%\wt.exe" 2>nul && echo COMPROMISED 4️⃣/ Additional Notes If the plain-crypto-js directory exists, even if its package.json has been cleaned, it should still be treated as a high-risk execution trace. ⚠️ For hosts that executed npm install or npm install -g openclaw@2026.3.28 within the attack window, immediate credential rotation and host-side investigation are recommended.

🚨 Another major supply chain incident 🚨 axios — one of the most widely used npm packages — has been compromised. Malicious versions axios@1.14.1 and axios@0.30.4 were published and are actively dropping malware. The attack pulls in a newly created dependency plain-crypto-js@4.2.1, confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces. With 100M+ weekly downloads, this is a live, large-scale supply chain attack. More details:

🎉🎉 We’ve officially upgraded our #Web3# Annual Security Service Framework — moving from one-time audits to continuous, AI-powered, full-lifecycle protection. What’s new👇 • From fixed delivery → dynamic, on-demand security • From single audits → customized, full-stack security systems • From manual analysis → AI-driven threat detection & response 🔁 Pre · During · Post — a complete security loop 🤖 AI-powered stack: MistAgent · MistEye · MistTrack 🛡️ From design → launch → long-term operations Security is no longer an action. It’s a capability that evolves with your project.💪 From #DeFi# to #AIAgents# — we’ve got you covered.🫡 If you’re interested in customized service plans or pricing, feel free to reach out anytime. 📮👉team@slowmist.com 📖 Read more: