Security Incidents

_Ledger Donjon exposed a MediaTek vulnerability that extracts Android wallet seed phrases in under 45 seconds, affecting millions of devices. CVE-2025-20435._ Ledger Donjon has uncovered a serious MediaTek vulnerability. It lets attackers pull wallet seed phrases from Android phones in seconds.

In brief Europol and partners announced the disruption of the “SocksEscort” malicious proxy service and the freezing of $3.5 million in cryptocurrency linked to the operation. The network allegedly compromised more than 369,000 routers and IoT devices and offered customers more than 35,000 p

CertiK released a report showing that cryptocurrency ATM fraud losses in the United States reached $330 million in 2025, with a 33% increase. Fraud tactics are gradually escalating, with elderly people becoming the primary targets. AI-driven fraud has 4.5 times the profitability of traditional methods, and the threat from transnational criminal organizations continues to rise.

Gate News reports that on March 12, the China Artificial Intelligence Industry Development Alliance is continuously tracking the security risk dynamics of OpenClaw and compiling an enterprise-level OpenClaw deployment risk management guide.

Tencent launched the OpenClaw Security Toolkit on March 12th to address security challenges brought by AI Agents, providing multi-layered protection for enterprises and users. The toolkit includes security solutions for cloud and personal computers, supporting environment isolation and monitoring of anomalous instructions.

Security experts discovered malicious code on Bonk.fun that exposed users to potential wallet-draining attacks. However, security experts have expressed fears that users of decentralized sites remain

The BONKfun Memecoin launchpad on Solana faced a serious security breach when hackers compromised a team account, enabling a crypto drainer that affected users who approved fraudulent transfers. The incident has raised concerns about user safety and trust in the Solana ecosystem.

GoPlus released a report on March 12 scanning 100 frequently downloaded skills in the ClawHub ecosystem for security. The results showed that 21% were blocked and 17% received warnings. The report recommends implementing manual confirmation mechanisms for high-risk skills to enhance security.

Researchers discovered a vulnerability in MediaTek-powered Android smartphones that allows attackers to extract sensitive data in under a minute, even when the device is off. This flaw, impacting millions of devices, highlights the risks of software-based crypto wallets compared to dedicated hardware security.

The Chinese government has issued its first risk alert regarding the industrial applications of AI Agent Lobster OpenClaw, identifying three major risks including unauthorized access to industrial hosts, sensitive information disclosure, and expanded attack surface. The cybersecurity center has called on enterprises to strengthen self-inspection and defense measures to address potential threats.

Bonk.fun, a Solana-based memecoin issuance platform, experienced a security crisis when its official website was hijacked by hackers and infected with malicious code, causing some users to suffer financial losses. The team emphasized that actual losses are minimal and urged users to refrain from interacting with the website while working full force to patch vulnerabilities. Recently, cryptocurrency scam tactics have been continuously evolving, employing AI and social engineering methods to attack users.

China's National Industrial Information Security Development and Research Center issued an alert pointing out that the deployment of OpenClaw in the industrial sector poses security risks, including loss of control of industrial control systems and information leakage. The center recommends that enterprises strengthen permission management, network isolation, and vulnerability patching to ensure security protection.

Meta has launched new AI tools for Facebook and WhatsApp aimed at detecting and preventing online and crypto scams. These advanced technologies will help protect users from fraudulent activities and create a safer digital space.

On March 12th, the AM/USDT liquidity pool on the BSC chain was attacked, resulting in a loss of approximately $131,000. The attacker exploited a flaw in the token burn mechanism to manipulate the AM reserves and price, profiting from the price increase.

Gate News Announcement: On March 12,, Anhui Normal University, Jiangsu Normal University, Zhuhai University of Science and Technology, and other universities recently issued emergency notices prohibiting the installation and operation of the open-source AI intelligent agent OpenClaw ("Lobster") on campus office equipment and network environments. Violators will be dealt with seriously.

Three men conspired to steal over $6.9 million in cryptocurrency from the SafeX trading platform, and 38-year-old Chinese man Zhang Xinghua was sentenced to two years for money laundering. The police have frozen $2.1 million in cryptocurrency, and the remaining $4.8 million cannot be recovered because it is stored in offshore wallets.

Gate News Report, March 12 — According to BlockSec monitoring, suspicious transactions targeting the DBXen_crypto contract were detected, estimated to have caused losses of approximately $150,000. The root cause is the inconsistency in the sender's identity in the ERC2771 meta-transaction, which allows attackers to manipulate the reward settlement logic and steal assets from the contract.

The report shows that with the use of AI and deepfake technology, cryptocurrency ATM scams in the United States are rapidly increasing, with losses expected to reach $333 million by 2025. Crypto ATMs are widely exploited due to low authentication standards, with seniors being significantly affected. The scams are diverse, and AI technology has enhanced the efficiency of fraud. Regulators have begun to pay attention and have proposed relevant legislation to strengthen protections.

A security incident occurred on the Bonk.fun platform, where an attacker gained control of the domain and injected malicious content, resulting in some users' funds being stolen. The team has issued a warning, suspended operations, and taken measures to restore security. The attack mainly affected users who signed false agreements. As cyberattack techniques advance, the encryption industry faces greater risks.

Solana meme coin platform BONK.fun was hacked, with internal team accounts compromised, leading to the deployment of a wallet theft program. Users are advised to stop interacting immediately. This incident highlights the platform's security vulnerabilities and may accelerate user attrition, with market share dropping from 84% to 7%. Future security measures need to be strengthened to prevent similar attacks.