
Source Defense researchers have discovered a Magecart digital skimming campaign that uses Ethereum smart contracts as command-and-control infrastructure. By storing routing information inside smart contracts rather than hardcoded domains, attackers can dynamically rotate infrastructure and evade takedown efforts. The campaign involves over 15 Ethereum smart contracts, multiple infrastructure clusters, and dozens of domains. The malware hijacks e-commerce checkout flows, clones payment elements, and harvests card data and personal information. Researchers warn that blockchain-based C2 makes disruption significantly harder, and that PCI DSS 4.0 compliance gaps and under-prioritized client-side security leave many organizations exposed.
Nguồn: https://securityboulevard.com/2026/07/researchers-uncover-magecart-attack-leveraging-blockchain-infrastructure. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
Brave công bố lộ trình BAT 4.0 với những cải tiến quan trọng như hỗ trợ x402 và Machine Payments Protocol (MPP) cho thanh toán tự động, ví Brave Wallet mới tích hợp đa phương thức, giao thức BravePay cho giao dịch ổn định, thẻ Brave Rewards (ảo và vật lý) tích điểm BAT, cùng giao thức đóng góp cho nhà sáng tạo khi AI sử dụng nội dung. Doanh thu từ các tính năng này sẽ tài trợ mua lại BAT để duy trì phần thưởng cho người dùng và nhà sáng tạo.
Lập trình viên nên đọc bài này để khám phá cách Brave Wallet và BravePay không chỉ mở rộng khả năng tích hợp giao dịch số, mà còn cung cấp SDK mở rộng cho các ứng dụng web3, từ thanh toán tự động cho AI đến tích hợp với hệ sinh thái Creator Contribution Protocol.
Eli Ben-Sasson, co-inventor of STARK proofs and CEO of StarkWare, argues that prediction markets like Polymarket face a real quantum computing threat. Because these platforms rely on conventional elliptic-curve cryptography (Polygon PoS), a sufficiently powerful quantum computer could derive private keys from exposed public keys, allowing attackers to forge signatures, steal positions, and manipulate markets without any traditional hack. He explains that hash-based proof systems like STARKs are inherently quantum-resistant and already deployed at scale on Starknet, proving the engineering path exists. He credits Ethereum for prioritizing quantum safety on its roadmap but criticizes the timeline as too slow, and calls out Bitcoin for lacking a protocol-wide migration plan. The core message: the industry must begin post-quantum migration now, before quantum computers make the threat obvious.
A growing but fragmented market for AI-generated art is taking shape, spanning NFTs, physical museum installations, and stock image platforms. Artist SHL0MS exposed anti-AI bias by selling a real Monet cropped of its signature as an NFT for $40,000. Refik Anadol's Dataland, the world's first generative AI museum in Los Angeles, sold 1,000 AI data sculptures at $5,000 each in 34 minutes. Stanford research shows AI images boosted stock platform sales 80% while crowding out traditional contributors. Curators like the Whitney's Christiane Paul draw a sharp line between prompt-generated images and serious AI art, which involves training custom models and building control systems — work they describe as far harder than traditional media.
A comparison of five Ethereum payment gateways for businesses in 2026: NOWPayments, Coinbase, CoinGate, BitPay, and Coinremitter. Each is evaluated on ETH and ERC-20 stablecoin support, fee structures, settlement speed, and business-focused features like mass payouts and e-commerce integrations. NOWPayments is ranked first for high-volume merchants needing a full-stack crypto operations platform, while Coinbase suits simple non-custodial setups, CoinGate targets EU merchants needing MiCA compliance, BitPay serves enterprise fiat settlement needs, and Coinremitter appeals to small businesses seeking low fees.
When an AI agent can submit state-changing blockchain transactions without per-action human approval, the critical question shifts from capability to authority. The post argues that DAO governance provides the right framework for defining, enforcing, and revoking agent permissions when multiple parties share economic risk. It outlines a minimal authorization layer composed of four elements: explicit machine-readable permission scopes ratified by governance, hard contract-enforced limits that reject out-of-scope actions, fast-path multisig revocation bypassing governance timelocks, and a public on-chain authorization record with action logs. Real-world asset (RWA) tokenization exposes the boundary clearly — a DAO can govern on-chain exposure but cannot control off-chain issuer redemption. Existing standards (ERC-4337, EIP-7702, ERC-7579, ERC-8004) provide infrastructure pieces but no complete mandate. Major protocols like Aave, Arbitrum, and Uniswap have governance machinery that could be extended, but none currently publish a complete agent authorization process. The authorization record can prove what was permitted and logged, but cannot validate oracle integrity, custodian reserves, or legal compliance.
Web3 is examined as a potential next evolution of the internet, built on blockchain technology that promises user ownership of digital assets and data without reliance on centralized platforms. The piece traces the progression from Web1 (read-only) through Web2 (read/write, platform-dominated) to Web3's 'read, write, own' model. Potential applications include decentralized identity, cross-border payments, tokenized assets, DeFi, and creator economies. Skeptics point to poor usability, regulatory uncertainty, scalability issues, and the reality that many 'Web3' services remain centralized in practice. The author concludes that Web3 is neither proven fact nor empty hype, but a live experiment that may result in a hybrid model combining centralized convenience with decentralized ownership.
A bug in the Solidity compiler (versions 0.8.29–0.8.35) causes the C3-linearized list of base contracts to be permanently reversed in memory when Warning 3495 (storage layout too close to end of storage) is emitted. The root cause is use of ranges::actions::reverse instead of ranges::views::reverse from the ranges-v3 library, which mutates the underlying container in place. This reversal corrupts inheritance-dependent behavior including constructor invocation order, state-variable initialization, super and virtual function resolution, and can cause silent miscompilations or internal compiler errors. The bug only affects contracts using a custom storage layout placed within the last 2^64 slots of storage AND using inheritance. A Sourcify scan found no deployed contracts meeting these conditions. The fix is available in Solidity 0.8.36, which replaces the mutating call with a non-mutating view.
Máy tính lượng tử sắp ra đời có thể phá vỡ bảo mật của blockchain, đặc biệt là Bitcoin, khi chúng tấn công được elliptic-curve cryptography. Hiện chưa blockchain top-20 nào triển khai post-quantum cryptography, nhưng Ethereum và Algorand đang nỗ lực chuẩn bị.
Lập trình viên nên đọc bài này để hiểu cách bảo vệ hệ thống blockchain của mình trước nguy cơ mất an toàn do máy tính lượng tử, đặc biệt khi biết rằng nhiều dự án vẫn chưa chuẩn bị sẵn sàng và thời gian đến của công nghệ này gần hơn nhiều so với dự đoán trước.