Gate News, March 11 — GoPlus issued a security alert stating that attackers are using Google search ads to distribute malware that perfectly clones the official Claude Code installation page at a pixel level. This malware can steal user passwords, cookies, session tokens, crypto wallet credentials, and system information. GoPlus recommends users take the following precautions: identify ad labels in search results and carefully verify URL differences from the official website; verify installation methods through official documentation, social media, or GitHub repositories via multiple channels; avoid executing unfamiliar commands directly and analyze command behavior before running; install security plugins to intercept phishing links, risk signatures, authorizations, and transactions in real time.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ripple CTO: Kelp DAO Exploit Reflects Bridge Security Trade-Offs
David Schwartz, CTO Emeritus at Ripple, analyzed bridge security vulnerabilities following the $292 million Kelp DAO exploit. He noted that providers prioritized convenience over robust security, undermining essential protective features. The Kelp DAO breach stemmed from a private key leak, exacerbated by a simplified security configuration in their LayerZero implementation.
CryptoFrontier53m ago
rsETH LayerZero bridge hacked, Aave and other protocols urgently freeze funds
Kelp DAO’s liquidity re-staking token rsETH was attacked on April 19 by a hacker exploiting a cross-chain message verification vulnerability, resulting in 116,500 rsETH being released to an address controlled by the attacker. Multiple DeFi protocols urgently froze related functions to address potential losses. LayerZero stated that it is actively fixing the vulnerability and will release a post-incident analysis report.
MarketWhisper53m ago
France Logs 41 Crypto-Related Kidnappings and Home Invasions in 2025
In 2025, France documented 41 crypto-related kidnappings amid rising "wrench attacks," prompting heightened security around blockchain events. Global incidents of coercion surged by 75%, with France leading in cases. Efforts to improve safety and address concerns about becoming a crypto hub are underway.
GateNews1h ago
eth.limo domain hijacked; EasyDNS admits first social engineering attack in 28 years
The eth.limo domain was subject to DNS hijacking on April 17. The attacker, posing as a team member, successfully tricked the domain registrar EasyDNS into executing account recovery for the domain. Although this incident did not affect users, because the attacker did not obtain the DNSSEC key material, they were unable to bypass the trust chain. This incident highlighted the risks of social engineering in the crypto space and prompted eth.limo to switch to the Domainsure service, which does not support account recovery, to enhance security.
MarketWhisper1h ago
Curve Finance Suspends LayerZero Bridging as a Precaution, Limits CRV and crvUSD Bridge Access
Curve Finance has been attacked over LayerZero infrastructure related to rsETH, and has temporarily suspended cross-chain functionality to prevent risk, impacting CRV cross-chain bridging and the fast bridging of crvUSD. Founder Egorov said the incident demonstrates the risk of “non-isolated lending,” and proposed a fully isolated mode as an alternative. Kelp DAO also suffered losses of about $292 million due to the attack, affecting lending activity on the Aave platform.
MarketWhisper2h ago
A Kelp bridge hack spreads and affects Aave, as TVL plunges and bad debt surges to 196 million
Liquidity re-staking protocol Kelp’s cross-chain bridge was attacked, stealing 116,500 rsETH and depositing it into Aave V3, resulting in roughly $196 million in bad debt. Aave’s contracts were not affected, but the incident revealed the systemic risk of LRT collateral, prompting DeFi protocols to re-evaluate their risk models, which could lead to losses for stkAAVE holders.
MarketWhisper2h ago
