slow

BIT Official released a daily chart analysis stating that the spot Bitcoin ETF has recorded net inflows for nine consecutive trading days, with institutional buying continuing to accumulate, providing support for the price.It stated that Strategy has invested approximately $11 billion this year to increase its Bitcoin holdings, and the inflow of ETF funds combined with corporate buying helps strengthen market support. Analysts believe that, in the absence of significant risk events, the current market structure still supports Bitcoin's gradual upward movement.

According to crypto analyst Yu Jin @EmberCN's monitoring, after Aave coordinated the establishment of "DeFi United" and obtained approximately 30,000 ETH in loans and 13,500 ETH in donations, there are signs of a slowdown in capital outflows from the platform.Data shows that Aave's current total deposit size is approximately $28.6 billion, a decrease of about $17.2 billion compared to before the rsETH event, a decline of about 37%.

The Chief Information Security Officer of Slow Fog, 23pds, tweeted that HexagonalRodent, a subsidiary of the Lazarus Group, is targeting Web3 developers through social engineering tactics such as "high-paying remote positions" and "recruitment for well-known projects" to induce the execution of malicious code, ultimately stealing users' cryptocurrency assets.On March 9, 2026, a user with the same name as a fast-draft extension developer was infected with the OtterCookie malware, which was used to distribute malicious programs. Attackers extensively used ChatGPT and Cursor to assist in executing the attacks, further enhancing the disguise and deception.

The Chief Information Security Officer of Slow Fog Technology, 23pds, forwarded a message from the dark web intelligence account Dark Web Intelligence (@DailyDarkWeb), stating that the hacker group ShinyHunters claims to have infiltrated internal systems related to the Anthropic Mythos model and has shared screenshots of the user management panel, AI experiment dashboard, model performance, and cost analysis. The authenticity of this information has not yet been confirmed by Anthropic.Given that many companies have previously applied to trial the related models, if the news is true, it could pose indirect security risks to leading tech companies and those in the cryptocurrency industry.

According to monitoring by the blockchain security firm SlowMist, MistEye has received threat intelligence from the community indicating that a malware named "MacSync Stealer" (v1.1.2) is active and highly destructive. This malware targets macOS users, stealing sensitive data including cryptocurrency wallets, browser credentials, system keychains, and infrastructure keys (SSH/AWS/K8s).The malware uses a spoofed AppleScript system dialog for phishing and displays fake error messages stating "unsupported" after data leakage. It has immediately synchronized this IOC (Indicator of Compromise) to clients. Do not execute unverified macOS scripts and remain highly vigilant against unexpected system password prompts. If an attack is suspected, immediate remediation is required: change all infrastructure credentials (SSH/AWS/K8s), invalidate any exposed keychains, and quickly migrate cryptocurrency assets to a secure wallet.

Jefferies, a Wall Street investment bank, pointed out that the approximately $293 million attack incident on Kelp DAO exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes that the attackers triggered market sell-offs and liquidity strains by minting uncollateralized tokens and engaging in cross-platform lending. This incident is thought to be related to the Lazarus Group and also highlights the single point of failure issues in the verification mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), the associated risks may cause some banks and asset management institutions to delay deployment and prioritize examining system security. Especially in scenarios that rely on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Under the backdrop of regulatory advancements and continuous improvements in infrastructure, applications such as stablecoins still have growth potential. However, the industry as a whole is still in the early stages of development and requires time to enhance system robustness.

According to SlowMist founder Yu Xian (@evilcos), the core of the KelpDAO theft incident, which involved approximately $290 million, was a targeted poisoning attack on the downstream RPC infrastructure of LayerZero DVN (Decentralized Validator Network).The specific attack steps were: first, obtaining the list of RPC nodes used by LayerZero DVN, then breaching two independent clusters and replacing the op-geth binary file; using selective deception techniques to return forged malicious payloads only to DVN while returning real data to other IPs; simultaneously launching DDoS attacks on the unbreached RPC nodes, forcing DVN to failover to the poisoned nodes, completing the forged message verification, and then the malicious binary self-destructing and clearing logs. This ultimately led to LayerZero DVN issuing validations for "transactions that never occurred."

The Chief Information Security Officer of Slow Fog Technology, 23pds, retweeted that the internal system of the cloud hosting platform Vercel was accessed without authorization, which is suspected to be related to an internal data breach.The related tweet indicated that someone on BreachForums claimed to be ShinyHunters and is selling the so-called Vercel internal database, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens for $2 million. The related data is suspected to involve Vercel's internal Linear system and internal user management system.Previously, the cloud hosting platform Vercel disclosed that its internal system was accessed without authorization, affecting a small number of customers.

According to the threat intelligence released by the SlowMist security team, its threat intelligence system MistEye has received community feedback regarding an active social engineering attack targeting cryptocurrency users.The attackers contact target users under the pretext of project collaboration, luring them to use a counterfeit "Harmony Voice" software (domain: harmony-voice[.]app) for so-called real-time translation, which is actually malware. SlowMist has synchronized the relevant threat intelligence (IOC) to its corporate clients.

According to Jinshi News, Joe Capros, head of the International Economics Department at the Commonwealth Bank of Australia (CBA), stated that the dollar index remains stable above 98, and the dollar is expected to continue benefiting from the slowdown in global economic growth.He pointed out that the global economy needs to adapt to the reduction in energy supply, and interest rate hikes will help align demand with supply.

According to CCTV News, to prevent Israel's military actions in Lebanon from interfering with the upcoming US-Iran negotiations, President Trump has asked Israeli Prime Minister Netanyahu to reduce the intensity of strikes against Lebanon.Reports indicate that Trump spoke with Netanyahu and "sternly" stated that while the US understands Israel's security concerns, Israel should slow down its military strikes against Lebanon to maintain the upcoming negotiations.A US official revealed that the duration of this call was "shorter than usual." The official stated that the Trump administration had never before requested Israel to slow down its military actions against Hezbollah in Lebanon. This pressure comes after Iran and mediator Pakistan accused Israel of violating the ceasefire agreement, and Trump is concerned that continued strikes could affect the US-Iran ceasefire and disrupt the openness of the Strait of Hormuz.

According to Jin Shi reports, "Fed mouthpiece" Nick Timiraos stated that the Federal Reserve's meeting minutes show that "the vast majority" of officials believe that the pace of inflation relief may be slower than expected, mainly due to three intertwined concerns: the impact of tariffs on commodity prices may take longer to dissipate; the transmission effect of oil prices on core inflation; and the years of inflation rates being above the target level, which makes inflation expectations more susceptible to new shocks.

According to Jinshi reports, Federal Reserve Vice Chairman Jefferson stated that current employment growth has slowed but may be stabilizing.

According to Jinshi reports, International Monetary Fund (IMF) President Kristalina Georgieva stated that the Middle East war will lead to increased inflation and may slow down global economic growth.

According to official news, the blockchain security agency SlowMist recently released a security assessment report, conducting a special audit of OKX Wallet. The results showed that in the audited version, no behavior was found where the application transmitted sensitive information such as private keys or mnemonic phrases to external servers, and no risk of sensitive data leakage was detected overall.It is reported that this assessment focused on whether there were issues with the external transmission of private keys and mnemonic phrases in OKX Wallet, and the results indicated that the relevant core information was processed locally. The current handling of private keys and mnemonic phrases has become the core of wallet security, and such audit results also provide users with a more direct security reference.

The analysis of the Drift theft incident by Slow Fog pointed out that a week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attacker then gained administrator privileges, forged CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the liquidity pool.Currently, the stolen funds have mainly been aggregated to an Ethereum address, totaling approximately 105,969 ETH (about 226 million USD). Slow Fog stated that the flow of related funds is still being tracked.

According to Jinshi reports, Federal Reserve official Barkin stated that inflation progress is expected to be slow and will not quickly return to target levels.

According to Jinshi Data, job vacancies in the U.S. decreased in February, and hiring has significantly slowed, indicating that labor demand has cooled ahead of the additional uncertainties brought about by the war in Iran.Data released by the U.S. Bureau of Labor Statistics on Tuesday showed that job vacancies fell from a revised 7.24 million in January to 6.88 million. After a brief rebound in job vacancies at the beginning of the year, the simultaneous slowdown in hiring and vacancies suggests that companies are becoming cautious in hiring after experiencing nearly zero growth for a year.Looking ahead, the surge in oil prices triggered by the war may increase operational costs for businesses and pose a barrier to further hiring. The decline in job vacancies is primarily driven by a retreat in accommodation and food services, healthcare and social assistance, and manufacturing. The hiring rate has dropped to its lowest level since April 2020, while the layoff rate has slightly increased.Despite large companies, including Meta and Oracle, pushing for large-scale layoffs to reallocate resources to AI investments, the overall level of layoffs in the economy remains relatively mild.

Slow Fog has once again issued a security reminder stating to pay attention to checking for malicious versions of axios and the exposure risk of OpenClaw npm global installation history. axios@1.14.1 and axios@0.3.4 have been confirmed as malicious versions, both of which have injected the dependency plain-crypto-js@4.2.1, delivering cross-platform malicious payloads through the postinstall script.The impact of OpenClaw is assessed based on scenarios: source code builds are not affected, as the locked versions in the lock file are 1.13.5/1.13.6; however, users who installed via npm install -g openclaw@2026.3.28 face historical exposure risks due to the presence of optionalDependencies.axios@^1.7.4 in the dependency chain, which may resolve to axios@1.14.1 during the time window when the malicious version is still online. Currently, npm has reverted the resolution to axios@1.14.0, but environments that were installed during the attack window are still advised to be checked. Slow Fog has provided inspection commands and IoC paths for various platforms; if the plain-crypto-js directory is found, even if the package.json has been cleaned, it should still be regarded as high-risk execution traces. It is recommended that affected hosts immediately rotate credentials and conduct host-side inspections. Previously, Slow Fog founder Yu Xian reminded that OpenClaw version 3.28 may introduce a toxic version of axios, and users need to urgently check.

Yuxian, the founder of Slow Fog, posted on the X platform stating that Coinbase has taken down the page requiring users to enter their plaintext mnemonic phrases. He pointed out that the security model of online web pages for wallets is very low, much lower than that of extensions or apps; the practice of collecting plaintext mnemonic phrases on online web pages can easily be imitated by phishing websites and has long been a common phishing technique.