Latest News

A Storm of Scams Awaits!

Plus: The world’s “largest illicit online marketplace” gets hit by regulators, police seize the Garantex crypto exchange, and scammers trick targets by making up ransomware attacks.

**Nature of issue:** Crash (Denial of Service) **Source of issue:** Dependent package (ring) **Affected versions of qcp:** 0.1.0-0.3.2 **Recommendation:** Upgrade to qcp 0.3.3 or later ### Who is affected All versions of qcp from 0.1.0 to 0.3.2 are affected, but **only if built with runtime overflow checks.** * Released qcp binaries do not enable runtime overflow checks by default. **If you use an official released qcp binary download, you are not affected.** * If you built qcp yourself in debug mode, you are affected unless your debug configuration explicitly disables overflow checks. * If you built qcp yourself in release mode, you are only affected if you explicitly requested runtime overflow checks at build time by setting the appropriate `RUSTFLAGS`, or in your Cargo.toml profile. ### What to do if you are affected **We recommend you upgrade to qcp 0.3.3 or later.** Users upgrading from versions prior to 0.3.0 should note that an incompatible protocol change was introduced in...

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.

Outpost24’s KrakenLabs reveals EncryptHub’s multi-stage malware campaign, exposing their infrastructure and tactics through critical OPSEC failures. Learn how…

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the message on untrusted data.

# **Horcrux Incident Disclosure: Possible Double-Sign** ## **Summary** On March 6, 2025, a Horcrux user (01node) experienced a double-signing incident on the Osmosis network, resulting in a 5% slash penalty (approximately 75,000 OSMO or $20,000 USD). After thorough investigation, we have identified a race condition in Horcrux's signature state handling as the root cause. This vulnerability was introduced in July 2023 as part of PR [\#169](https://github.com/strangelove-ventures/horcrux/pull/169) and affects all Horcrux versions from v3.1.0 through v3.3.1. A fix has been developed and is being deployed immediately. ## **Probability** The bug has an extremely low probability of occurrence, affecting one validator out of hundreds that have been using the affected software versions to validate over the past few years. In the added tests, the probability on typical hardware is in the range of 1 in 1 billion per signed vote due to the root cause needing two independent events to occur wi...

Cryptocurrency offers financial freedom, but it also comes with privacy challenges. Unlike traditional banking, where transactions remain relatively…

Reddit administratrion announced that the platformwill start sending warnings to users that upvote violent content.

`ring::aead::quic::HeaderProtectionKey::new_mask()` may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received. On 64-bit targets operations using `ring::aead::{AES_128_GCM, AES_256_GCM}` may panic when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk. Overflow checking is not enabled in release mode by default, but `RUSTFLAGS="-C overflow-checks"` or `overflow-checks = true` in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.