ALL POSTS

Key Findings A counterfeit Ledger Live app on Apple's App Store stole approximately $9.5 million from over 50 users between April 7-13, 2024 The fake app was listed under "SAS Software Company" and "Leva Heal Limited," featuring convincing branding and fake positive reviews Victims lost funds across Bitcoin, Ethereum, Solana, Tron, and XRP networks, indicating a multi-chain attack Stolen assets were routed through 150+ KuCoin deposit addresses and then sent through a centrali

Key Findings Chrome extension "Safery: Ethereum Wallet" is a malicious extension posing as a legitimate crypto wallet The extension is designed to steal users' Ethereum wallet seed phrases The seed phrases are exfiltrated by encoding them into Sui blockchain transactions Background The malicious extension was uploaded to the Chrome Web Store on September 29, 2025 It is still available for download as of November 12, 2025 The extension is ranked fourth in search results for "E