TechFlow News: On March 17, SlowMist founder Yu Xian posted on X, stating that an ongoing on-chain asset theft incident targeting a specific user group is currently unfolding. The hacker’s address—0x913efc2062984288a0a083cd42b3a3422c07fcef—has accumulated approximately $85,000 in illicit gains so far, with the amount still increasing; the hacker is actively consolidating the stolen funds.
According to community feedback, victims are primarily “airdrop farmers,” and their private keys or mnemonic phrases are suspected to have been previously compromised by the attacker. Some users reported using the MoreLogin fingerprint browser with both Binance Wallet and OKX Wallet extensions installed, and assets within their OKX Wallet were subsequently drained.
Yu Xian noted there is currently no direct evidence implicating MoreLogin itself or its associated extensions as the root cause. He recommends that MoreLogin users promptly monitor their accounts and transfer their assets. Affected users are encouraged to provide details—including the fingerprint browser used, installed extensions, and the compromised wallet—to assist in the investigation.
