TheDinarian
News • Business • Investing & Finance
Symbiotic X hacked, malware is infecting SVG files: Crypto-Sec
The Symbiotic X account has been promoting a phishing site for two days, and researchers found malware in image files.
October 08, 2024
post photo preview

Phish of the week: Symbiotic X account is compromised

According to a report from PeckShield, the X account for the staking protocol Symbiotic was hacked on Oct. 5. The team’s official website said the account was still compromised as of Oct. 7.

The compromised account promotes a “points” checklist and asks users to click on a link to check how many points they have. However, the link leads to the wrong URL, network-symbiotic[.]fi, instead of the correct one, symbiotic.fi.

                              Phishing post from Symbiotic X hacker. Source: Symbiotic.

When users connect to the fake phishing site with a wallet, they are presented with a page that claims they have earned thousands of points, even if they have never interacted with the Symbiotic protocol.

The page urges users to redeem their points immediately and claims they will be lost if they do not click a large, green, “redeem” button in the middle of the screen.

     Fake Symbiotic site allegedly used for phishing attacks. Source: network-symbiotic.fi

Pushing the “Redeem Points” button with an empty wallet results in an error message stating that the user should try a different wallet, with a standard error message found on phishing sites asking for message signatures.

If a user’s wallet contains Symbiotic tokens, the site likely asks the user to sign a message, which is then used to drain the user’s tokens. Cointelegraph did not test the app with a wallet that had funds in it.

From its official website, the Symbiotic team is currently warning users that its X has been compromised and that users should not interact with any sites linked to the account.

                 Symbiotic warning of compromised X account. Source: Symbiotic.fi

X account hacks have become a routine problem in the crypto space. Users should consider bookmarking the URL for apps they frequently use, as this is generally a more reliable way of getting to the correct website than relying on X links, although it is not 100% foolproof either. Users should be especially cautious when asked to sign a message written in code, as this is often, but not always, a sign of a phishing attack.

Malware corner: Attackers now using SVG files to lure victims

Attackers are now using SVG image files to infect victims’ computers, according to a September report from HP’s Wolf Security team.

⚠️The new method allows attackers to gain control of a victim’s computer through remote access trojan (RAT) software. Once the software is installed, the attackers use it to steal the victim’s website passwords, seed words, and other personal information. If the user owns cryptocurrency, these credentials are then used in further attempts to gain access to the user’s wallet and empty it.⚠️

Researchers found that the malware was disguised as a ZIP archive that loaded when the image was opened in a browser. It also featured a .pdf file that loaded as a distraction for the victim while the malicious program was being downloaded and installed in the background.

According to Adobe, Scalable Vector Graphics (SVG) files store images “via mathematical formulas based on points and lines on a grid” instead of through pixels. This means that they can be easily resized without losing their quality. In addition, they are written in XML code, which allows them to store text inside of themselves. 

According to Mozilla, SVG files also contain a “script” element that allows developers to embed executable programs within them. It is this scripting ability that the malware developers have reportedly learned to abuse.

HP researchers found an image that produces a ZIP archive when opened in a browser. If the user clicks on the archive, it opens a File Explorer window and begins to download a shortcut file.

Clicking the shortcut causes a decoy .pdf file to load on the victim’s screen. Meanwhile, the device begins to copy various scripts and store them in the victim’s music, photos, and startup directories, allowing the program to persist over time.

Malicious URL file in infected SVG and decoy .pdf meant to distract the user—source: HP Wolf Security.

⚠️After copying these scripts onto the device, it runs them. The result is that a number of dangerous malware programs, including VenomRAT, AsyncRAT, Remcos and XWORM, are installed on the user’s device. Once the malware is installed, the attacker can take full control of the victim’s computer, swiping any files held within it.⚠️

Given this new attack vector, crypto users should exercise caution when interacting with SVG image files from sources they do not entirely trust. When opened, if an image loads other types of files, users should consider rejecting these files by closing the browser window.

Fire token exploit illustrates risks of novel tokens

Buying new tokens with novel features and unaudited contracts is often risky, as is illustrated by what happened to the FIRE token on Oct. 1.

The Uniswap pool for the token was drained of nearly all of its liquidity after an attacker exploited the token’s contract to repeatedly sell it at a higher and higher price each time.

After the exploit, the token’s team immediately deleted their social accounts and vanished, implying that the project may have been a rug pull or exit scam from the start.

The token has not traded since Oct. 2, which implies that there may be so little liquidity for it that selling may be impossible.

The idea presented to FIRE investors was simple. According to its website, it was an “ultra-hyper-deflationary token.” Whenever holders sold their FIRE into the token’s Uniswap liquidity pool, it would automatically be sent to a burner address. This would cause the token supply to shrink, driving up the value of the FIRE held by those who didn’t sell.

                                              Fire token website. Source: Fire.

The token was launched at 8:00 am UTC on Oct. 1. About 90 seconds after the launch, an account ending in 1e2e drained some $22,000 worth of Ether ETHtickers down$2,439.75 from the token’s liquidity pool.

To accomplish this, it first took out a flash loan of 20 ETH from the lending platform Spark Protocol. Then it created a malicious contract that swapped the ETH for FIRE, then swapped it back, destroying the newly acquired FIRE in the process and raising its price.

This process was repeated through 122 transfers through 16 different smart contracts, with each transfer being part of a single transaction. Each time FIRE was swapped for ETH, a slightly larger amount of ETH was received in return. As a result, the attacker was able to drain the pool of the $22,000 worth of ETH. In addition, this transaction destroyed 230 FIRE tokens.

The attack was repeated over and over again, with the final exploit transaction taking place on Oct. 2 at 1:14 am UTC.

Blockchain security platform TenArmor reported the attack on X. “Our system has detected that #FIRE token @Fire_TokenEth on #ETH was attacked, resulting in an approximate loss of $22.3K,” the post stated.

                                                               Source: TenArmor.

According to price data from tthe rading platform Apespace, the initial price of FIRE was set at approximately 33 ETH ($81,543 at current prices) or around $8 per 0.0001 FIRE. At the moment of the exploit, the price of FIRE skyrocketed, increasing to 30 billion ETH per coin or $244.6 billion per 0.0001 FIRE. It then fell to 4.7 billion ETH per coin over the next two minutes.

Note that by the time these high prices were reached, significantly less than one FIRE coin remained in circulation, as most of the token’s supply had been destroyed in the exploit.

    FIRE one-minute chart showing exploit at approximately 8:13 am. Source: Apespace.

After the exploit, the FIRE team deleted its X and Telegram accounts, which suggests that the attacker may have been affiliated with the team. The token’s Apespace page also features a warning that the FIRE contract contains a “blacklisting” feature allowing developers to blacklist any user’s account and prevent them from selling the token. The developers may have used this blacklisting feature to only allow themselves to sell.

Users should exercise caution when interacting with tokens that have novel features that may not be fully understood.

In this case, the developers explicitly stated that anyone who sells into the pool destroys tokens, reducing their supply. Still, some users may not have realized that this allows a single trader to repeatedly swap into and out of the token to artificially raise its price and drain its liquidity.

 

Link

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
Have you noticed a Personality Change in those who took the experimental Covid Vaccines?

If so, here’s the theory as to why this has happened, and it makes perfect sense as to why the elites would do this. THEY do not want you to be able to step into your power. With this destroyed, THEY win.

00:01:10
Stargate: Establishing the Physical Foundations of the AI Revolution 🛰️🌎

The Stargate initiative represents the most substantial investment in artificial intelligence infrastructure to date, as it begins to materialize on a global scale. While many perceive AI as an ethereal technology—simply accessed via applications like ChatGPT 🤖—each digital interaction is, in fact, powered by extensive physical resources: vast data centers 🏢, thousands of cutting-edge GPUs 💾, sophisticated cooling systems 💧, dedicated power grids ⚡, and essential water pipelines 🚰. AI does not reside on personal devices; it is anchored on Earth and demands significant resources.

As artificial intelligence continues to advance, its infrastructure needs only intensify. Regardless of improvements in model efficiency, the explosive growth in usage—billions of queries, ongoing model training, and worldwide deployment—necessitates ever-greater computing power, land, electricity, and semiconductors. This expansion is not plateauing; it is accelerating 📈.

Stargate stands ...

00:01:55
🚨 A Senior UAE Official Has Forecasted...👀

🇦🇪 The United Arab Emirates has taken a decisive step that the United States has been reluctant to pursue.

👉 “Within the next two years, cryptocurrency will be used more frequently than traditional currencies like the dollar or dirham, even for everyday purchases such as coffee and groceries.” 🏦☕🛒

It is worth noting which cryptocurrencies offer transaction fees that are virtually negligible. 😏

The official further stated: “Mark my words, I believe in actions, not just words.”

00:01:00
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading
The Vatican's Control Runs Deep 👀

The Vatican has been the subject of countless theories throughout history. From secret archives to alleged world domination schemes. Let's explore the most common Vatican theories, their origins, and what we actually know.

The Major Vatican Theories:

The Illuminati Connection: The Vatican secretly controls or collaborates with the Illuminati to establish a New World Order.

Secret Archives Control: The Vatican Secret Archives contain proof of alien contact, suppressed scientific discoveries, or evidence of historical cover-ups.

The P2 Masonic Lodge Scandal: The Vatican Bank was involved in a massive conspiracy involving the P2 Masonic lodge, political corruption, and murder.

Suppression of Scientific Knowledge: The Vatican has systematically suppressed scientific discoveries that contradict Church doctrine.

The Third Secret of Fatima: The Vatican is hiding apocalyptic prophecies revealed at Fatima that would cause global panic if disclosed.

Financial Scandals: Legitimate concerns about ...

post photo preview
Veritaseum Hodlers, Are You Ready For Chaos? 🚀 👩‍🚀

What would happen if Veritaseum was "Resurrected" from the Land of Dead Cryptos? Would Clif High's prediction of Veri trading 1 to 1 with Bitcoin actually come TRUE?! We may just find out SOONER than you think!!

$Velos New Payfi Litepaper 📝

As the market evolves, so do we. Our new PayFi Litepaper reflects our commitment to adapt fast, stay ahead, and win.

Dive into our latest vision and strategy for what’s next.

https://x.com/veloprotocol/status/1917550676860887446

post photo preview
Stellar's Ecosystem Surges Forward: Smart Contracts, Lightning Speed, and Real-World Impact in 2025

The Stellar blockchain ecosystem is experiencing remarkable momentum in 2025, with groundbreaking technical achievements and expanding real-world adoption that position it as a major player in the decentralized finance landscape. From lightning-fast transaction speeds to innovative smart contract capabilities, Stellar is demonstrating that blockchain technology can deliver both performance and practical utility.

Technical Breakthroughs Drive Performance

The Stellar Development Foundation's Q1 2025 quarterly report reveals impressive technical milestones that showcase the network's maturation. The platform now processes an astounding 5,000 transactions per second with remarkably fast 2.5-second block times, putting it among the fastest blockchain networks in operation today.

This performance leap isn't just about raw numbers—it represents Stellar's commitment to creating infrastructure that can handle real-world demand. Whether it's cross-border payments, asset tokenization, or decentralized applications, the network's enhanced capabilities provide the foundation for scalable blockchain solutions.

Smart Contracts Get Smarter with Soroban

One of the most significant developments has been the launch and continued evolution of Soroban, Stellar's smart contract platform. The introduction of Contract Copilot represents a major advancement in developer experience, enabling faster and safer smart contract development through enhanced tooling and guidance.

This focus on developer experience is crucial for ecosystem growth. By lowering barriers to entry and improving the development process, Stellar is positioning itself to attract innovative projects and talented developers who might otherwise choose competing platforms.

New Token Standards Meet Market Needs

The Stellar Development Foundation has introduced new token standards developed specifically based on feedback from developers and institutional users. This responsive approach to platform development demonstrates Stellar's commitment to building technology that meets actual market needs rather than theoretical requirements.

These standards are particularly important as institutional adoption continues to grow, with organizations requiring robust, compliant, and flexible token frameworks for their blockchain initiatives.

Global USDC Integration Expands Utility

The integration of USDC across Stellar's global network represents a significant milestone for practical cryptocurrency adoption. Stablecoins like USDC provide the price stability necessary for everyday transactions and business operations, making them crucial for blockchain platforms seeking real-world utility.

This integration is particularly impactful in emerging markets, where access to stable digital currencies can provide financial services to underbanked populations and facilitate more efficient cross-border transactions.

Industry Events Build Community Momentum

The Stellar ecosystem's growing influence is evident in its presence at major industry events. The foundation's participation as a sponsor at Consensus 2025 in Toronto and Digital Assets Week in New York demonstrates its commitment to engaging with builders, investors, and institutional leaders across the blockchain space.

These events serve as crucial networking opportunities and platforms for showcasing innovative projects within the Stellar ecosystem. Recent Meridian events have highlighted creative projects like Skyhitz and HoneyCoin, illustrating the collaborative spirit and diverse applications being built on the platform.

Real-World Impact in Emerging Markets

Perhaps most importantly, Stellar's growth isn't just about technical metrics—it's about real-world impact. The platform's focus on emerging markets addresses genuine financial inclusion challenges, providing efficient payment rails and access to digital financial services where traditional banking infrastructure may be limited.

This practical approach to blockchain implementation sets Stellar apart from projects that focus primarily on speculative trading or theoretical use cases. By solving actual problems for real users, Stellar is building sustainable demand for its technology.

Looking Ahead: Enterprise-Grade Infrastructure

Stellar positions itself as offering enterprise-grade asset tokenization alongside its DeFi capabilities and payment infrastructure. This comprehensive approach makes it attractive to institutions looking for a single platform that can handle multiple blockchain use cases.

The combination of fast transactions, low costs, smart contract capabilities, and regulatory-conscious development creates a compelling value proposition for enterprises considering blockchain adoption.

The Road Forward

As 2025 progresses, Stellar's ecosystem appears well-positioned for continued growth. The technical infrastructure improvements, developer-focused enhancements, and real-world adoption initiatives create a strong foundation for expanding use cases and user adoption.

The blockchain industry has seen many projects promise revolutionary capabilities, but Stellar's focus on delivering measurable performance improvements and practical solutions suggests a mature approach to blockchain development. With transaction speeds that rival traditional payment systems and growing institutional adoption, Stellar is demonstrating that blockchain technology can move beyond experimental phases into mainstream utility.

For developers, institutions, and users looking for blockchain solutions that prioritize both performance and practical applicability, Stellar's 2025 developments represent significant progress toward a more accessible and useful decentralized financial ecosystem.

Source: The Dinarian ⚡ Claude AI

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 The Dinarian

Read full Article
post photo preview
Soroban Security Audit Bank: Raising the Standard for Smart Contract Security

The Stellar Development Foundation (SDF) is deeply committed to helping ensure that the highest security standards are available for projects building on the Stellar network. Last year SDF launched the Soroban Security Audit Bank, an initiative to provide projects access to auditing experts and tooling that are proven to help prevent hacks by catching potential bugs, inefficiencies, and security flaws before contracts go live. Through the Soroban Security Audit Bank, we’re empowering teams building on Soroban with comprehensive security audits from leading audit firms, enhanced readiness support, and robust tooling, significantly elevating the ecosystem’s safety and efficiency.

Since launch, the Soroban Security Audit Bank has successfully conducted over 40 essential audits, deploying over $3 million to support security of the smart contracts on Stellar. Check it out!

 

Ecosystem Success Stories: How the Soroban Audit Bank Drives Security Forward

By making automated formal verification available to developers, in addition to allocating significant budget for securing many of the top DeFi protocols built on top of Stellar, SDF has established a new security standard in the Web3 ecosystem. Mooly Sagiv, Co-Founder of Certora
SDF has been a strong partner as we’ve worked with teams across the Stellar ecosystem. SDF’s Audit Bank initiative allows for a smooth and streamlined review process, and is a clear reflection of the Stellar ecosystem’s enhanced commitment to security. Robert Chen, CEO of OtterSec
 

Leading projects within the Soroban ecosystem have highlighted the impact of the Audit Bank

Finding a good auditor is difficult, expensive, and high-stakes. The Audit Bank streamlines the process and supports ecosystem projects with security review at critical growth milestones. Markus Paulson, Co-Founder of Script3
The audit firms we worked with deeply understood the full ecosystem and the underlying protocols used. Their expertise and the tools from the Audit Bank strengthened our security and supported user and investor trust. Esteban Iglesias Manríquez, Co-Founder of Palta.Labs

What's New in 2025: Enhanced Audit Support for Soroban Builders

Teams building financial protocols, high-dependency data services, high-traction dApps funded by the Stellar Community Fund are able to request an audit and will typically be matched with a reputable audit firm within two weeks. We recently restructured the program for this year to enhance audit efficiency and incentivize accountability, and rapid and complete vulnerability remediation:

  • Complimentary Initial Audit: Projects will need to contribute 5% of the audit cost upfront, but this co-payment amount is eligible for a full refund, provided that critical, high, and medium vulnerabilities identified are swiftly remediated within 20 business days of receiving the initial audit report (learn more).
  • Incentivized Security at Key Traction Milestones: Complimentary, extensive follow-up audits are available as projects achieve critical traction milestones (e.g., $10M and $100M TVL). These audits include deeper assessments such as formal verification or competitive audits, significantly boosting project security at pivotal stages.
  • Advanced Security Tooling: Projects can enhance their security self-serve through complimentary or discounted access to specialized tooling, which provide vulnerability detection and formal verification capabilities (see full list of available tooling). These tools are encouraged to capture ‘easy-to-spot’ issues prior to audit as well as a final check post-audit to increase the effectiveness and thoroughness of audits.
  • Enhanced Audit Readiness Support: Projects receive structured preparation support, including the implementation of best practices and security standards based on the STRIDE threat modeling framework. This ensures project teams are thoroughly prepared, optimizing audit efficiency and minimizing delays.

Get Started Today

If you're already funded through the Stellar Community Fund, meet the criteria and ready to secure your smart contracts, check your email for an invitation to submit an audit request–if you haven’t received one, contact [email protected].

If you haven't built on Stellar yet, we encourage you to start your journey with the Stellar Community Fund to become eligible for future security audits and ecosystem support. For any broader questions on the program, contact [email protected].

Also, we’re organizing an exciting series of workshops–join us for the kick-off on Soroban Security Best Practices on Friday, May 30, 2025 at 2 PM ET on @StellarOrg. Together, we're shaping a secure and resilient future for smart contracts on Stellar.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 The Dinarian

Read full Article
post photo preview
Santander mulls stablecoin, crypto offering

Bloomberg reported that Banco Santander is mulling introducing euro and dollar stablecoins, or potentially making a third party coin available to clients, citing sources. This move aligns with broader crypto ambitions, as its digital bank, Openbank, has reportedly applied for a European cryptocurrency license under the Mica Regulations and may enable retail access to digital assets.

Systemically important banks embrace stablecoins?

Major banks are now moving from observers to participants in this expanding market. Should Santander confirm plans to launch a stablecoin, it will be the fourth global systemically important bank (G-SIB) to do so. Societe Generale’s FORGE subsidiary launched the EURCV euro coin in 2023. Deutsche Bank is a partner in ALLUnity, another stablecoin initiative with plans to launch this year, subject to regulatory approval. And Standard Chartered is part of a joint venture in Hong Kong that intends to introduce a stablecoin.

Santander’s involvement could extend beyond an individual initiative. The bank is a shareholder in The Clearing House, where the Wall Street Journal reported that US banks are exploring the potential to create a joint stablecoin. If a US initiative took that route it could involve nine more G-SIBs including Bank of America, Barclays, BMO, BNY Mellon, Citi, HSBC, JP Morgan, TD Bank and Wells Fargo.

Apart from these initiatives, our research shows that more than 20 other banks have been involved in stablecoin projects.

Until recently stablecoins were mainly used to settle cryptocurrency transactions and by residents in countries with volatile domestic currencies. During the last year stablecoin infrastructure has been expanding, especially for mainstream cross border payments. Plus, President Trump issued an executive order prioritizing stablecoins. One of the administration’s motivations is this increases demand for US Treasuries, lowering the interest rate the government pays on the Treasury bills.

Santander as an early digital assets mover

Santander’s stablecoin consideration builds on years of blockchain experience. The bank was an early Ripple investor and previously used Ripple’s permissioned network for payments (not XRP), while also embracing permissionless blockchain activities including issuing a digital bond on Ethereum in 2019. This dual approach led to collaborations with other major players – alongside Societe Generale FORGE and Goldman Sachs, Santander participated in the European Investment Bank’s first digital bond, also on Ethereum. Currently, the bank’s most significant digital money initiative involves Fnality, the wholesale blockchain-based settlement network, where Santander ranks among 20 institutional backers and is part of the early adopter group alongside Lloyds Bank and UBS.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 The Dinarian

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals