<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: mrtd</title>
    <description>The latest articles on DEV Community by mrtd (@mrtd).</description>
    <link>https://dev.to/mrtd</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3989841%2F3c1d505f-0e9c-47e8-acab-db8631c4381a.jpeg</url>
      <title>DEV Community: mrtd</title>
      <link>https://dev.to/mrtd</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/mrtd"/>
    <language>en</language>
    <item>
      <title>How to Store Your Seed Phrase Safely (Without Losing It Forever)</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Wed, 24 Jun 2026 00:05:27 +0000</pubDate>
      <link>https://dev.to/mrtd/how-to-store-your-seed-phrase-safely-without-losing-it-forever-38i0</link>
      <guid>https://dev.to/mrtd/how-to-store-your-seed-phrase-safely-without-losing-it-forever-38i0</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/how-to-store-seed-phrase-safely/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Your seed phrase &lt;em&gt;is&lt;/em&gt; your crypto — treat it that way
&lt;/h2&gt;

&lt;p&gt;A seed phrase (the 12 or 24 words your wallet shows you when you first set it up) is the master key to everything in that wallet. Anyone who has it controls your funds; anyone who loses it loses their funds. There is no password reset, no support line that can recover it, no bank to call. That single property — total power, zero recovery — is why how you store those words matters more than almost anything else you do in crypto.&lt;/p&gt;

&lt;p&gt;This is the storage companion to our &lt;a href="https://dev.to/protect-your-crypto-lessons-from-the-hacks/"&gt;defense checklist&lt;/a&gt; and our guide to &lt;a href="https://dev.to/crypto-social-engineering-scams-how-to-protect/"&gt;social-engineering scams&lt;/a&gt;, which covers the other half of the problem: people being tricked into &lt;em&gt;giving&lt;/em&gt; the phrase away.&lt;/p&gt;

&lt;h2&gt;
  
  
  How much crypto simply vanishes
&lt;/h2&gt;

&lt;p&gt;Lost keys are not a rare edge case. Analysts at Chainalysis have estimated that on the order of &lt;strong&gt;1.8 million BTC&lt;/strong&gt; sit in wallets that haven't moved since 2014 or earlier — coins that are most likely gone for good. Broader estimates, summarized by &lt;a href="https://www.ledger.com/academy/topics/economics-and-regulation/how-many-bitcoin-are-lost-ledger" rel="noopener noreferrer"&gt;Ledger Academy&lt;/a&gt;, put permanently lost bitcoin at roughly &lt;strong&gt;2.3 to 3.7 million coins&lt;/strong&gt; — well over 10% of the supply that will ever exist. Most of that wasn't stolen. It was misplaced backups, dead hard drives, forgotten passphrases, and seed words nobody can find anymore.&lt;/p&gt;

&lt;p&gt;The takeaway: for most people, &lt;strong&gt;losing&lt;/strong&gt; the phrase is at least as big a risk as someone &lt;strong&gt;stealing&lt;/strong&gt; it. Good storage has to defend against both.&lt;/p&gt;

&lt;h2&gt;
  
  
  The two failure modes
&lt;/h2&gt;

&lt;p&gt;Every storage decision is a trade-off between two opposite dangers:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Loss / destruction&lt;/strong&gt; — fire, flood, a faded ballpoint scrawl, a backup thrown out by mistake, a single copy in one place that gets destroyed.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Theft / exposure&lt;/strong&gt; — a roommate, burglar, repair worker, or house guest who finds the words, or a digital copy that ends up somewhere it can be read.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Push too hard against one and you invite the other. One copy locked in a single safe is theft-resistant but a single point of failure. Five copies scattered around are loss-resistant but five chances to be stolen. The whole craft of seed storage is balancing these.&lt;/p&gt;

&lt;h2&gt;
  
  
  Rule 1 — Never store it digitally
&lt;/h2&gt;

&lt;p&gt;The fastest way to lose a wallet is to put the words somewhere connected to the internet. No photos, no screenshots, no cloud notes, no email drafts, no password manager, no text file, no messaging yourself. Anything that touches a synced device or an online account can be exposed by malware or a breach of that service. Seed phrases belong &lt;strong&gt;offline and analog&lt;/strong&gt;, full stop.&lt;/p&gt;

&lt;h2&gt;
  
  
  Rule 2 — Make the backup survive fire and water
&lt;/h2&gt;

&lt;p&gt;Paper is fine until the first house fire, flood, or decade of humidity. The accepted gold standard is &lt;strong&gt;metal&lt;/strong&gt;: a stainless-steel plate or capsule that is fireproof and corrosion-resistant, with no electronics to fail. As storage specialists like &lt;a href="https://www.unchained.com/blog/how-to-store-bitcoin-seed-phrase-backups" rel="noopener noreferrer"&gt;Unchained&lt;/a&gt; and &lt;a href="https://blog.keyst.one/how-to-safely-store-bitcoin-seed-phrases-a-simple-guide" rel="noopener noreferrer"&gt;Keystone&lt;/a&gt; note, &lt;strong&gt;stamped&lt;/strong&gt; letters survive heat and time better than &lt;strong&gt;engraved&lt;/strong&gt; ones, where the thin surface layer (and the inscription) is the first thing destroyed in a fire. If you only ever do one upgrade to your setup, move from paper to metal.&lt;/p&gt;

&lt;h2&gt;
  
  
  Rule 3 — Redundancy in separate places
&lt;/h2&gt;

&lt;p&gt;One backup is a single point of failure. Two or three identical copies remove the "my only copy burned" risk — but each full copy is also one more place it can be stolen, so &lt;strong&gt;geography matters&lt;/strong&gt;. Keep copies in genuinely separate locations you control or trust: home safe, a relative's house, a bank safe-deposit box. The goal is that no single fire, flood, or break-in can take all of them at once.&lt;/p&gt;

&lt;h2&gt;
  
  
  Rule 4 — For serious amounts, split the secret
&lt;/h2&gt;

&lt;p&gt;If a wallet holds more than you'd be comfortable trusting to one hidden plate, stop relying on a single complete copy of the words anywhere. Two well-established approaches remove that single point:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Multisig (e.g. 2-of-3).&lt;/strong&gt; Funds need any two of three independent keys. You can lose — or have stolen — one key entirely and still be safe, and still recover. It's why one key can sit with a custodian or in a safe-deposit box without putting the funds at the mercy of that one location.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Shamir's Secret Sharing (SLIP-39).&lt;/strong&gt; Splits the secret into several shares where only a chosen number are needed to rebuild it. Some hardware wallets implement it directly. No single share, found on its own, reveals anything.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Both mean an attacker has to compromise multiple places, and you can survive losing one — the best of both failure modes.&lt;/p&gt;

&lt;h2&gt;
  
  
  Rule 5 — Plan for the day you're not around
&lt;/h2&gt;

&lt;p&gt;A backup so good that &lt;em&gt;only&lt;/em&gt; you can ever find or understand it becomes a guaranteed loss the moment something happens to you. A real plan includes inheritance: a trusted person who knows a recovery exists, enough documented instructions (kept separate from the words themselves) for them to act, and, for larger estates, proper legal arrangements. Plenty of the permanently lost coins above belonged to people who simply never told anyone how to recover them.&lt;/p&gt;

&lt;h2&gt;
  
  
  Common mistakes that quietly lose wallets
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;A &lt;strong&gt;single paper copy&lt;/strong&gt; in a drawer — one accident from gone.&lt;/li&gt;
&lt;li&gt;A &lt;strong&gt;photo or cloud note&lt;/strong&gt; "just in case" — the case it creates is theft.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Faded or smudged ink&lt;/strong&gt;, or cheap label-maker tape that peels in a year.&lt;/li&gt;
&lt;li&gt;Storing the words &lt;strong&gt;next to the hardware wallet&lt;/strong&gt; — one theft takes both.&lt;/li&gt;
&lt;li&gt;Telling &lt;strong&gt;no one&lt;/strong&gt;, with no inheritance path.&lt;/li&gt;
&lt;li&gt;A secret passphrase (the optional "25th word") that's &lt;strong&gt;memorized and never backed up&lt;/strong&gt; — forget it and the metal plate is useless.&lt;/li&gt;
&lt;li&gt;Typing the words into a "wallet validation" or "sync" tool — that's not storage, that's how the phrase is &lt;a href="https://dev.to/crypto-social-engineering-scams-how-to-protect/"&gt;stolen&lt;/a&gt;.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  A simple, solid setup for most people
&lt;/h2&gt;

&lt;p&gt;You don't need an elaborate scheme to be in far better shape than average:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Generate the wallet on a hardware device; &lt;strong&gt;write the words on paper once&lt;/strong&gt;, offline, to start.&lt;/li&gt;
&lt;li&gt;Transfer them to a &lt;strong&gt;stamped metal backup&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Keep &lt;strong&gt;two copies in two separate, secure locations&lt;/strong&gt; you trust.&lt;/li&gt;
&lt;li&gt;Store backups &lt;strong&gt;away from the hardware wallet itself&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;Tell &lt;strong&gt;one trusted person&lt;/strong&gt; that a recovery exists and how to reach it if needed.&lt;/li&gt;
&lt;li&gt;For larger holdings, graduate to &lt;strong&gt;multisig or SLIP-39&lt;/strong&gt; so no one place holds the whole key.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Storage is the unglamorous part of crypto security, and it's exactly where most coins are quietly lost — not to hackers, but to fire, water, and forgetting. The reassuring part is that a metal plate, two locations, and one trusted contact already put you ahead of the people whose coins make up that lost-forever statistic. And if the worst does happen and funds are taken rather than lost, understand the limits of &lt;a href="https://dev.to/how-stolen-crypto-is-traced-and-recovered/"&gt;recovery and tracing&lt;/a&gt; before you assume anything can be undone.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial or security advice.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>seedphrase</category>
    </item>
    <item>
      <title>Fake GTA 6 'Early Access' Sites Are Draining Crypto Wallets -- There Is No Early Access</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Tue, 23 Jun 2026 16:40:15 +0000</pubDate>
      <link>https://dev.to/mrtd/fake-gta-6-early-access-sites-are-draining-crypto-wallets-there-is-no-early-access-23lj</link>
      <guid>https://dev.to/mrtd/fake-gta-6-early-access-sites-are-draining-crypto-wallets-there-is-no-early-access-23lj</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/gta-6-early-access-scam-malware/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  There is no paid "early access" to GTA 6 — only scams
&lt;/h2&gt;

&lt;p&gt;With &lt;em&gt;Grand Theft Auto VI&lt;/em&gt; set to launch on November 19, 2026 and official pre-orders opening &lt;strong&gt;June 25&lt;/strong&gt;, years of pent-up hype have created a near-perfect environment for fraud. Security firms are now reporting a surge of fake "early access" sites that take your money — often in crypto — and deliver malware or nothing at all. The single most useful fact to hold onto: &lt;strong&gt;Rockstar Games is not selling early access to anyone.&lt;/strong&gt; Any site that offers it is a scam.&lt;/p&gt;

&lt;h2&gt;
  
  
  Two scams wearing the same Vice City paint
&lt;/h2&gt;

&lt;p&gt;The fake sites look the part — neon Vice City artwork, GTA 6 logos, luxury cars, AI-generated splash images — and they split into two money-making schemes:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Pay-in-crypto "VIP early access."&lt;/strong&gt; You're asked to send a few hundred dollars in cryptocurrency, enter a payment code, and the game "unlocks." It never does. As &lt;a href="https://www.helpnetsecurity.com/2026/06/23/gta-6-early-access-scam/" rel="noopener noreferrer"&gt;Help Net Security&lt;/a&gt; and &lt;a href="https://www.malwarebytes.com/blog/threat-intel/2026/06/gta-6-early-access-is-nothing-but-a-scam" rel="noopener noreferrer"&gt;Malwarebytes&lt;/a&gt; document, the crypto angle is the whole point for the scammer: payments are irreversible, there's no chargeback and no fraud department to call. Once it's sent, it's gone.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Fake "installers" that are malware.&lt;/strong&gt; Other sites mimic Rockstar's branding and push "downloads" through Discord servers, YouTube links, and forums — Windows installers or Android APKs that actually install trojans. Per &lt;a href="https://www.infosecurity-magazine.com/news/gta-6-scams-emerge-as-preorders/" rel="noopener noreferrer"&gt;Infosecurity Magazine&lt;/a&gt; and &lt;a href="https://gizmodo.com/fake-gta-6-real-malware-the-new-scam-targeting-windows-and-android-2000766397" rel="noopener noreferrer"&gt;Gizmodo&lt;/a&gt;, the payloads range from credential stealers (browser-saved passwords, banking logins, game session tokens) to cryptominers and &lt;strong&gt;cryptocurrency-wallet drainers&lt;/strong&gt; — and some Android versions intercept SMS messages to defeat text-based two-factor authentication.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why this is a crypto-security story, not just a gaming one
&lt;/h2&gt;

&lt;p&gt;The two schemes converge on your wallet. The "early access" sites want an irreversible crypto payment; the malware sites want to install a drainer that empties the wallet you already have — and, on Android, to read the SMS codes that would otherwise protect your exchange and bank logins. If you keep crypto on the same device you game on, a single bad "GTA 6 installer" can cost far more than the price of the game.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to stay safe
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Treat every paid "GTA 6 early access" offer as fraud.&lt;/strong&gt; There isn't one. Official pre-orders open June 25 through legitimate storefronts (Steam, PlayStation Store, Xbox) and select retailers — nowhere else.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Never pay cryptocurrency for game access.&lt;/strong&gt; A request for crypto in exchange for "unlocking" anything is a flashing red flag precisely because it can't be reversed.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Don't run "installers" or APKs from Discord, YouTube descriptions, forums, or lookalike sites.&lt;/strong&gt; That's the malware delivery vector. Until launch, there is no GTA 6 file to install.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;If you already interacted with one:&lt;/strong&gt; assume the device and any wallet on it may be compromised. Move funds to a clean wallet, &lt;strong&gt;&lt;a href="https://dev.to/revoke-token-approvals-protect-wallet-drainers/"&gt;revoke token approvals&lt;/a&gt;&lt;/strong&gt;, change passwords from a different device, and run a malware scan. The SMS-interception angle is also a good reason to move 2FA off text messages to an authenticator app.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is the same playbook we cover in our guide to &lt;a href="https://dev.to/crypto-social-engineering-scams-how-to-protect/"&gt;social-engineering scams&lt;/a&gt;: manufactured urgency around something people desperately want, an irreversible payment, and a download that isn't what it claims. The hype is real; the early access is not.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial or security advice. This is a developing story; details may change as security researchers track new variants.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>gta6</category>
    </item>
    <item>
      <title>The Crypto Scam Texts You Ignore Are Run by Trafficking Victims</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Tue, 23 Jun 2026 14:35:40 +0000</pubDate>
      <link>https://dev.to/mrtd/the-crypto-scam-texts-you-ignore-are-run-by-trafficking-victims-2i3o</link>
      <guid>https://dev.to/mrtd/the-crypto-scam-texts-you-ignore-are-run-by-trafficking-victims-2i3o</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/southeast-asia-crypto-scam-compounds/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The "wrong number" text isn't a wrong number
&lt;/h2&gt;

&lt;p&gt;"Hi, is this Jessica?" "Sorry to bother you — are you free to invest?" The misfired text from a stranger who keeps the conversation friendly and eventually mentions a can't-miss crypto opportunity is one of the most common scam openers on the planet. What most people don't realize is who is usually on the other end: not a lone con artist, but a person who was trafficked, had their passport taken, and is being forced to run that script under threat of violence.&lt;/p&gt;

&lt;p&gt;This is the supply side of the scams we cover in our &lt;a href="https://dev.to/crypto-social-engineering-scams-how-to-protect/"&gt;social-engineering guide&lt;/a&gt;, and understanding it makes the scams much easier to refuse.&lt;/p&gt;

&lt;h2&gt;
  
  
  The pipeline: fake job, seized passport, forced fraud
&lt;/h2&gt;

&lt;p&gt;The operations run out of guarded compounds across Southeast Asia — concentrated in border areas of Myanmar, Cambodia, Laos, and connected through Thailand. The recruitment funnel is brutally simple:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;A fake job offer.&lt;/strong&gt; Ads promise well-paid "customer service," "translator," "crypto," or tech roles, often requiring travel to the region.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Arrival and capture.&lt;/strong&gt; On landing, recruits' identity documents are seized and many are trafficked across a border into a compound.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Forced scamming.&lt;/strong&gt; Inside, they're held against their will and made to defraud strangers online. The U.S. Department of Justice and U.N. human-rights investigators have documented &lt;a href="https://www.ohchr.org/en/stories/2026/02/matter-survival-human-cost-cyber-scam-operations-south-east-asia" rel="noopener noreferrer"&gt;beatings, torture, and worse&lt;/a&gt; used to enforce quotas.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;So the manipulation aimed at &lt;em&gt;you&lt;/em&gt; is itself the product of coercion aimed at someone else. There are two sets of victims in every one of these chats.&lt;/p&gt;

&lt;h2&gt;
  
  
  The money: "pig butchering" at industrial scale
&lt;/h2&gt;

&lt;p&gt;The dominant playbook is what's grimly called "pig butchering" — building trust or a fake romance over weeks, then steering the target onto a bogus crypto investment platform that shows fake gains until the moment they try to withdraw. According to &lt;a href="https://www.chainalysis.com/blog/crypto-scams-2026/" rel="noopener noreferrer"&gt;Chainalysis&lt;/a&gt;, crypto investment fraud of this kind drove an estimated &lt;strong&gt;$7.2 billion in losses in 2025&lt;/strong&gt;, making it one of the most financially devastating forms of cybercrime.&lt;/p&gt;

&lt;h2&gt;
  
  
  2026: the biggest crackdowns yet — and why the texts keep coming
&lt;/h2&gt;

&lt;p&gt;This year brought the largest coordinated response so far. The DOJ's &lt;a href="https://www.justice.gov/opa/pr/scam-center-strike-force-takes-major-actions-against-southeast-asian-scam-centers-targeting" rel="noopener noreferrer"&gt;Scam Center Strike Force&lt;/a&gt; and partner agencies restrained more than &lt;strong&gt;$701 million in cryptocurrency&lt;/strong&gt; tied to laundered victim funds and removed over a million scam social-media accounts; a separate &lt;a href="https://thehackernews.com/2026/05/global-crackdown-arrests-276-shuts-9.html" rel="noopener noreferrer"&gt;global operation&lt;/a&gt; reported hundreds of arrests and multiple centers shut. These are real blows.&lt;/p&gt;

&lt;p&gt;But the model is resilient: when one compound is raided, operators relocate across a porous border and rebuild. Enforcement alone won't end it — which is why the most reliable protection is still the target refusing to bite.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to protect yourself — on both sides of the funnel
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;If you're the target of the scam:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Treat &lt;em&gt;any&lt;/em&gt; unsolicited contact that drifts toward investing — especially crypto with great returns — as a scam, no matter how warm or long-running the relationship feels. Romance plus a can't-lose investment is the signature.&lt;/li&gt;
&lt;li&gt;The tell is the withdrawal. Fake platforms show profits and then invent fees, taxes, or "verification" to stop you cashing out. Real ones don't.&lt;/li&gt;
&lt;li&gt;Never let someone you met online walk you into a platform, an app, or a "support agent." The hard rules in our &lt;a href="https://dev.to/crypto-social-engineering-scams-how-to-protect/"&gt;social-engineering guide&lt;/a&gt; neutralize almost all of it.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;If you're job-hunting:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Be deeply skeptical of high-paying overseas "crypto," "customer service," or "translator" roles that need you to travel fast and hand over your passport. That is the trafficking funnel, not a career.&lt;/li&gt;
&lt;li&gt;Verify the employer independently — real company, real address, real people — before you book anything, and tell someone where you're going.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The uncomfortable truth is that the spam you delete without thinking is the front end of a violent, multibillion-dollar industry built on trafficked labor. The same five seconds of skepticism that protects your savings also helps starve it.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial or security advice. If you or someone you know may be trapped in one of these operations, contact local authorities or an anti-trafficking organization.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>pigbutchering</category>
    </item>
    <item>
      <title>Social Engineering Is How Crypto's Biggest Thefts Now Happen — and How Not to Be Next</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Tue, 23 Jun 2026 00:04:10 +0000</pubDate>
      <link>https://dev.to/mrtd/social-engineering-is-how-cryptos-biggest-thefts-now-happen-and-how-not-to-be-next-2gm8</link>
      <guid>https://dev.to/mrtd/social-engineering-is-how-cryptos-biggest-thefts-now-happen-and-how-not-to-be-next-2gm8</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/crypto-social-engineering-scams-how-to-protect/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The biggest threat to your crypto isn't a hack — it's you
&lt;/h2&gt;

&lt;p&gt;Audited contracts, hardware wallets, cold storage — none of it matters if someone convinces &lt;em&gt;you&lt;/em&gt; to hand over the keys. In 2026, social engineering is the leading cause of crypto loss, not exotic exploits. Of an estimated &lt;strong&gt;$11.36 billion&lt;/strong&gt; in crypto scam losses, roughly &lt;strong&gt;65% trace to social engineering&lt;/strong&gt; — manipulating a human, not breaking a system. The most expensive failures are psychological, and the defense is mostly a set of hard rules you decide in advance.&lt;/p&gt;

&lt;p&gt;This is the human-layer companion to our &lt;a href="https://dev.to/revoke-token-approvals-protect-wallet-drainers/"&gt;token-approvals guide&lt;/a&gt; and &lt;a href="https://dev.to/protect-your-crypto-lessons-from-the-hacks/"&gt;defense checklist&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  How the manipulation actually works
&lt;/h2&gt;

&lt;p&gt;The mechanics vary; the playbook rarely does. Attackers build trust or urgency, then get you to do one irreversible thing.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Support impersonation.&lt;/strong&gt; A "support agent" for your exchange or hardware-wallet maker contacts you — on Telegram, X, email, or via a paid search ad — and walks you toward entering your seed phrase or approving a transaction. Investigator &lt;a href="https://decrypt.co/336279/bitcoin-investor-loses-91-million-to-social-engineering-scam-zachxbt" rel="noopener noreferrer"&gt;ZachXBT&lt;/a&gt; documented a victim who lost &lt;strong&gt;$91M (783 BTC)&lt;/strong&gt; to attackers impersonating exchange &lt;em&gt;and&lt;/em&gt; hardware-wallet support, and a separate &lt;strong&gt;$282M&lt;/strong&gt; hardware-wallet case. The iron rule: &lt;strong&gt;real support never contacts you first, and never asks for your seed phrase.&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The "your account is compromised, move funds now" panic play.&lt;/strong&gt; A fake alert pushes you to "secure" your assets by moving them to a wallet the attacker controls. Urgency is the weapon.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Romance / "pig butchering."&lt;/strong&gt; A long con that builds a relationship over weeks before introducing a fake investment platform with fake returns — until you can't withdraw.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Fake jobs, airdrops, and "verification."&lt;/strong&gt; Recruiters, giveaways, and support bots that all funnel toward one thing: your seed phrase, a malicious signature, or a "verify your wallet" approval.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Most of it arrives through &lt;strong&gt;messaging platforms — Telegram above all — phishing pages, and impersonated profiles.&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Hardware wallets don't make you immune
&lt;/h2&gt;

&lt;p&gt;A hardware wallet protects your key from malware. It does &lt;strong&gt;not&lt;/strong&gt; protect you from &lt;em&gt;yourself&lt;/em&gt; typing the seed phrase into a fake "wallet validation" site, or from approving a malicious transaction on a spoofed dApp. Social engineering routes around the hardware entirely by targeting the one part it can't secure: your decision.&lt;/p&gt;

&lt;h2&gt;
  
  
  The rules that stop almost all of it
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Your seed phrase is never needed by anyone, ever.&lt;/strong&gt; Not support, not "validation," not a migration, not an airdrop. Anyone asking is an attacker. Full stop.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Real support never DMs you first.&lt;/strong&gt; Exchanges and wallet makers don't slide into your DMs. Treat any unsolicited "support" contact as impersonation and block it without engaging.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Reach support only through bookmarks or in-app help&lt;/strong&gt; — never a paid search ad, a DM link, or a number someone gives you. Lookalike URLs and sponsored results are a primary vector.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Urgency is a red flag, not a reason.&lt;/strong&gt; Every social-engineering script needs you to act &lt;em&gt;now&lt;/em&gt;. Slow down; a real problem survives a five-minute pause to verify through official channels.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Verify every signature.&lt;/strong&gt; If a request asks you to approve a token you're not trading, sign a message you don't understand, or "validate" your wallet, stop.&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  A practical defense setup
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Compartmentalize.&lt;/strong&gt; Keep savings on a hardware wallet that never touches random dApps; use a separate, low-balance hot wallet for day-to-day interactions.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Assume every unsolicited contact is a scam&lt;/strong&gt; — recruiter, support, influencer giveaway, "I can recover your funds." Especially the funds-recovery ones; they prey on prior victims.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Never type your seed phrase into anything connected to the internet.&lt;/strong&gt; No legitimate process requires it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Independently verify&lt;/strong&gt; people and platforms before sending money or signing — official sites, known channels, a second source.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;If you're hit&lt;/strong&gt;, move remaining funds to a fresh wallet, revoke approvals, and report it; understand that, as we cover in &lt;a href="https://dev.to/how-stolen-crypto-is-traced-and-recovered/"&gt;how stolen crypto gets traced&lt;/a&gt;, speed is everything and recovery is rarely guaranteed.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The uncomfortable summary: the strongest wallet in the world has a human attached to it, and that's what attackers target. The good news is that a handful of non-negotiable rules — never share the seed, never trust unsolicited support, never act on urgency — neutralize the overwhelming majority of these attacks.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial or security advice.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>socialengineering</category>
    </item>
    <item>
      <title>Token Approvals: The Silent Way Wallets Get Drained — and How to Revoke Them</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Mon, 22 Jun 2026 00:07:58 +0000</pubDate>
      <link>https://dev.to/mrtd/token-approvals-the-silent-way-wallets-get-drained-and-how-to-revoke-them-1852</link>
      <guid>https://dev.to/mrtd/token-approvals-the-silent-way-wallets-get-drained-and-how-to-revoke-them-1852</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/revoke-token-approvals-protect-wallet-drainers/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The drain that needs no exploit
&lt;/h2&gt;

&lt;p&gt;Most wallets aren't emptied by some exotic smart-contract hack. They're emptied because the owner &lt;em&gt;signed a permission&lt;/em&gt; — usually on a convincing phishing site — and a drainer used that permission to move the tokens out minutes later. No private key stolen, no zero-day. Just an approval the victim granted and forgot. This is the single most common way ordinary holders lose funds, and the defense is boring, free, and entirely in your control.&lt;/p&gt;

&lt;p&gt;This pairs with our &lt;a href="https://dev.to/protect-your-crypto-lessons-from-the-hacks/"&gt;defense checklist&lt;/a&gt; and the incidents in our &lt;a href="https://dev.to/crypto-hack-tracker-2026/"&gt;Crypto Hack Tracker&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  What a token approval actually is
&lt;/h2&gt;

&lt;p&gt;To let a dApp (a DEX, a lending protocol, an NFT marketplace) move your ERC-20 tokens, you grant it an &lt;strong&gt;allowance&lt;/strong&gt; — an on-chain permission to spend up to some amount of a specific token from your wallet. That's normal and necessary; it's how DeFi works.&lt;/p&gt;

&lt;p&gt;The trap is the &lt;strong&gt;"unlimited" (infinite) approval&lt;/strong&gt;. To save you from re-approving on every trade, most dApps request permission to spend &lt;em&gt;as many tokens as you hold — now and forever&lt;/em&gt;. Convenient, and also a standing key to your tokens that never expires. If the contract you approved is malicious, or is later compromised, or you signed it on a phishing clone, that allowance is all an attacker needs.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why old approvals are a liability
&lt;/h2&gt;

&lt;p&gt;Approvals don't disappear when you stop using a dApp or disconnect your wallet — &lt;strong&gt;disconnecting is not revoking&lt;/strong&gt;. The allowance sits on-chain indefinitely. Over a year of DeFi use, a typical wallet accumulates dozens of live approvals, many of them unlimited, to contracts the owner barely remembers. Each one is attack surface. The fix is to treat approvals like passwords: review them, and revoke the ones you don't need.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to check and revoke
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;&lt;a href="https://revoke.cash/" rel="noopener noreferrer"&gt;Revoke.cash&lt;/a&gt;&lt;/strong&gt; is the most-used tool, covering 100+ networks. Enter your address (or connect your wallet), and it lists every active approval. &lt;strong&gt;Sort newest-to-oldest&lt;/strong&gt; if you suspect you just signed something malicious, and pay special attention to anything marked &lt;em&gt;unlimited&lt;/em&gt;. Revoking sends an on-chain transaction (you'll pay a small gas fee in the network's native token) that sets the allowance back to zero.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;a href="https://etherscan.io/tokenapprovalchecker" rel="noopener noreferrer"&gt;Etherscan's Token Approval Checker&lt;/a&gt;&lt;/strong&gt; (and the equivalent on other explorers) does the same from the block explorer side.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;&lt;a href="https://support.metamask.io/more-web3/learn/how-to-revoke-smart-contract-allowances-token-approvals/" rel="noopener noreferrer"&gt;MetaMask&lt;/a&gt;&lt;/strong&gt; and other modern wallets now surface and let you revoke allowances natively.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;One critical caution: &lt;strong&gt;phishing clones of Revoke.cash exist.&lt;/strong&gt; Bookmark the real site and use the bookmark — never reach a "revoke" tool through a search ad or a link someone DMs you.&lt;/p&gt;

&lt;h2&gt;
  
  
  If you think you're already compromised
&lt;/h2&gt;

&lt;p&gt;Move fast — the window is short:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Disconnect&lt;/strong&gt; your wallet from all dApps.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Revoke every approval&lt;/strong&gt; via Revoke.cash or the Etherscan checker, prioritizing unlimited ones.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Move remaining funds to a fresh wallet&lt;/strong&gt; (a brand-new seed phrase the attacker has never seen).&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Be clear-eyed about the limit: &lt;strong&gt;revoking does not recover already-stolen funds and does not reverse transactions.&lt;/strong&gt; It stops &lt;em&gt;further&lt;/em&gt; draining and closes the door. For where stolen funds go next, see &lt;a href="https://dev.to/how-stolen-crypto-is-traced-and-recovered/"&gt;How Stolen Crypto Gets Traced&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Habits that keep you safe
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Prefer limited approvals over unlimited&lt;/strong&gt; when a wallet offers the choice — approve only what the transaction needs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Revoke periodically.&lt;/strong&gt; A monthly sweep of Revoke.cash clears the junk you've accumulated.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Use a separate "hot" wallet for dApp interactions&lt;/strong&gt;, holding only what you're actively using; keep savings in a hardware wallet that never touches random dApps.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Verify every signature request.&lt;/strong&gt; If a site asks you to approve a token you're not trading, or requests an allowance that doesn't match what you're doing, stop.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bookmark the tools you trust.&lt;/strong&gt; Most drains start with a lookalike URL.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The uncomfortable truth is that the most expensive mistakes in crypto are usually a single careless click on "Approve." The good news is the antidote costs a few minutes and a little gas.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial or security advice.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>tokenapprovals</category>
    </item>
    <item>
      <title>Hackers Hijack Brazil's Emergency Alert System, Waking Millions With a Fake 'Extreme Alert'</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Sun, 21 Jun 2026 07:46:34 +0000</pubDate>
      <link>https://dev.to/mrtd/hackers-hijack-brazils-emergency-alert-system-waking-millions-with-a-fake-extreme-alert-3boc</link>
      <guid>https://dev.to/mrtd/hackers-hijack-brazils-emergency-alert-system-waking-millions-with-a-fake-extreme-alert-3boc</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/brazil-emergency-alert-system-hacked-fake-extreme-alert/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  A nation woken by an alert that should never have fired
&lt;/h2&gt;

&lt;p&gt;Late on Friday, June 19, 2026 — around 11:40 p.m. local time and into the early hours of Saturday — phones across multiple Brazilian states blared a top-severity &lt;strong&gt;"Extreme Alert,"&lt;/strong&gt; the class normally reserved for imminent threats to life. It overrode silent mode by design, jolting people awake in São Paulo, Rio de Janeiro, Brasília, Bahia and Pará. There was no emergency. The national public-warning system had been hijacked.&lt;/p&gt;

&lt;h2&gt;
  
  
  The message was a taunt, not a warning
&lt;/h2&gt;

&lt;p&gt;Instead of evacuation instructions or a hazard notice, the alert read &lt;strong&gt;"misantropi4"&lt;/strong&gt; — a stylized spelling of the Portuguese &lt;em&gt;misantropia&lt;/em&gt; (misanthropy, a hatred of humankind), with the final letter swapped for a "4." The content made clear this was not a malfunction or a mistaken broadcast but a deliberate intrusion into the system that Brazilians are supposed to be able to trust without question.&lt;/p&gt;

&lt;h2&gt;
  
  
  The regulator pulled the system offline
&lt;/h2&gt;

&lt;p&gt;Brazil's telecoms regulator, &lt;strong&gt;Anatel&lt;/strong&gt;, took the national warning platform — the Cell Broadcast–based Civil Defense alerting system — offline at around 1:30 a.m. to stop further messages from going out. The &lt;strong&gt;Federal Police&lt;/strong&gt; opened an investigation into what officials have described as a &lt;strong&gt;probable remote intrusion&lt;/strong&gt; into the country's critical public-warning infrastructure. As of reporting, no suspect has been publicly identified and authorities have not detailed how the system was accessed.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why a fake alert is far more than a prank
&lt;/h2&gt;

&lt;p&gt;Emergency alert systems are engineered for maximum trust and reach. They bypass silent mode, hit every phone within a geographic cell, and are reserved for genuine threats to life. That same design is exactly what makes a breach dangerous — not because of what &lt;em&gt;this&lt;/em&gt; message said, but because of what the &lt;strong&gt;next&lt;/strong&gt; false alarm could do.&lt;/p&gt;

&lt;p&gt;A population that is jolted awake by a meaningless "Extreme Alert" learns, a little, to distrust the channel. The real damage of a hijacked warning system is the &lt;strong&gt;"cry wolf" effect&lt;/strong&gt;: every false alert erodes the public's willingness to act on the real one that may follow — the flood, the wildfire, the evacuation order these systems exist to deliver. A warning channel only works if people believe it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Critical civic infrastructure is an attack surface
&lt;/h2&gt;

&lt;p&gt;Public-warning platforms belong on the same list as power grids, water utilities and transit systems: civic infrastructure that is high-impact, broadly accessible, and — by mandate — able to command the attention of an entire nation in seconds. They are operated jointly by governments and mobile carriers and tie together many moving parts, which is part of what makes them attractive and difficult to fully lock down.&lt;/p&gt;

&lt;p&gt;The risk isn't hypothetical. Even &lt;em&gt;accidental&lt;/em&gt; false alerts have shown how fast a single message spreads panic across a population — the 2018 erroneous ballistic-missile alert in Hawaii, a human error rather than an attack, sent an entire state scrambling before the correction came. A deliberate intrusion into the same kind of system raises the stakes considerably.&lt;/p&gt;

&lt;h2&gt;
  
  
  What to take from it
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;For the public:&lt;/strong&gt; a legitimate emergency alert describes a real, specific hazard and points to official guidance. A cryptic word or an obvious taunt is a red flag, not an instruction. When in doubt, confirmation comes from broadcasters and official government channels — not from the alert alone.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;For operators:&lt;/strong&gt; the episode is a blunt reminder that alert &lt;em&gt;origination&lt;/em&gt; needs strong authentication and continuous monitoring, that a fast kill-switch matters (Anatel's quick takedown limited the damage), and that a clear public-communication plan is part of incident response — because in a warning system, restoring &lt;strong&gt;trust&lt;/strong&gt; is as urgent as restoring the service.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;This is a developing story; details may change as Brazilian authorities continue their investigation.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>security</category>
      <category>privacy</category>
      <category>technology</category>
      <category>cyber</category>
    </item>
    <item>
      <title>How to Get a New Site Indexed by Google in 2026 (What Works, What's a Waste)</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Sun, 21 Jun 2026 00:03:01 +0000</pubDate>
      <link>https://dev.to/mrtd/how-to-get-a-new-site-indexed-by-google-in-2026-what-works-whats-a-waste-8do</link>
      <guid>https://dev.to/mrtd/how-to-get-a-new-site-indexed-by-google-in-2026-what-works-whats-a-waste-8do</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/how-to-get-indexed-by-google-2026/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The uncomfortable first lesson
&lt;/h2&gt;

&lt;p&gt;You built a clean site, submitted a sitemap, maybe pinged IndexNow — and Google still shows nothing. Here's the part most guides skip: &lt;strong&gt;getting indexed by Google and getting indexed by everything else are two different problems&lt;/strong&gt;, and conflating them wastes weeks. We separate what actually moves Google in 2026 from the folklore that just feels productive.&lt;/p&gt;

&lt;h2&gt;
  
  
  Bing, Yandex and ChatGPT are the easy half
&lt;/h2&gt;

&lt;p&gt;If you've set up &lt;a href="https://www.indexnow.org/documentation" rel="noopener noreferrer"&gt;IndexNow&lt;/a&gt;, you've largely solved discovery for &lt;strong&gt;Bing, Yandex, Naver, Seznam and Yep&lt;/strong&gt; — you POST your new/changed URLs to one endpoint and they get notified instantly. And because &lt;strong&gt;ChatGPT Search retrieves from Bing's index&lt;/strong&gt;, confirmed Bing indexing effectively gates your visibility in ChatGPT's web results. That's a big chunk of the modern search surface handled with one integration.&lt;/p&gt;

&lt;p&gt;The catch: &lt;strong&gt;Google does not use IndexNow.&lt;/strong&gt; It has said so repeatedly. So every "instant indexing" claim that leans on IndexNow is talking about &lt;em&gt;Bing's&lt;/em&gt; world, not Google's. For Google, you need different levers.&lt;/p&gt;

&lt;h2&gt;
  
  
  What actually gets you into Google
&lt;/h2&gt;

&lt;p&gt;There are really only two fast paths, plus one slow one.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Google Search Console — the only direct lever.&lt;/strong&gt; Verify your domain (a private DNS TXT record; it does &lt;strong&gt;not&lt;/strong&gt; trigger penalties or "re-evaluation," a common fear), submit your &lt;code&gt;sitemap.xml&lt;/code&gt;, then use &lt;strong&gt;URL Inspection → Request Indexing&lt;/strong&gt; on your key pages. There's a soft daily cap (~10–12 URLs), so spread a new site's pages over a few days. GSC is also the only place you can see whether a domain carries an inherited problem — essential if you bought an aged or expired domain.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Links on pages Google already re-crawls hourly.&lt;/strong&gt; Googlebot's crawl budget for a brand-new, zero-authority domain is tiny. The fastest way to get a new URL &lt;em&gt;discovered&lt;/em&gt; is a link to it from a page Google visits constantly — Reddit, Hacker News, Medium, established communities. These links are usually &lt;code&gt;nofollow&lt;/code&gt;, but in 2026 &lt;strong&gt;nofollow is a hint, not a wall&lt;/strong&gt; — it still seeds discovery. The rule: genuine participation only. One useful link in a relevant thread beats ten drops that get your account banned and stamp an unnatural-link footprint on your domain.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Time plus a track record.&lt;/strong&gt; Consistent, original, bylined publishing with clean technical signals is what graduates you from "crawled occasionally" to "crawled and trusted." There's no button for this.&lt;/p&gt;

&lt;h2&gt;
  
  
  The myths that waste your time
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;"Use the Google Indexing API."&lt;/strong&gt; It's officially restricted to &lt;code&gt;JobPosting&lt;/code&gt; and livestream &lt;code&gt;BroadcastEvent&lt;/code&gt; structured data. Using it for articles is against Google's terms, unreliable, and risks losing API access. Ignore the blog posts recommending it.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;"Ping Google with your sitemap URL."&lt;/strong&gt; Google &lt;a href="https://developers.google.com/search/blog/2023/06/sitemaps-lastmod-ping" rel="noopener noreferrer"&gt;deprecated the sitemap ping endpoint in 2023&lt;/a&gt;. It does nothing now. Google schedules recrawls off your &lt;code&gt;&amp;lt;lastmod&amp;gt;&lt;/code&gt; — so keep it &lt;em&gt;accurate&lt;/em&gt; (only bump it on real content changes; inflating it on every page erodes the signal).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;"Pay a Telegram indexing bot / a 300-site submission service."&lt;/strong&gt; These are the exact spam footprints Google's 2024–2026 spam updates target. On an aged/expired domain you're &lt;em&gt;more&lt;/em&gt; sensitive to this, not less. Net effect ranges from zero to a penalty.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;"Apply to Google News for traffic."&lt;/strong&gt; Google News is auto-discovery now — no application. A days-old site won't get Top Stories; that needs a publishing track record, clear bylines/datelines, and correct &lt;code&gt;NewsArticle&lt;/code&gt; schema. Anyone selling "instant approval" is running a scam.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Don't forget the AI crawlers
&lt;/h2&gt;

&lt;p&gt;ChatGPT-Search (OAI-SearchBot), Perplexity and Google's AI systems matter now — and a crucial 2026 detail: &lt;strong&gt;most AI crawlers and Google News do not execute JavaScript.&lt;/strong&gt; If your content is injected client-side, they see an empty shell. Ship server-rendered or static HTML, confirm it with &lt;code&gt;curl -A "OAI-SearchBot" &amp;lt;url&amp;gt;&lt;/code&gt;, and make sure &lt;code&gt;robots.txt&lt;/code&gt; doesn't accidentally block &lt;code&gt;OAI-SearchBot&lt;/code&gt;, &lt;code&gt;Googlebot&lt;/code&gt;, &lt;code&gt;PerplexityBot&lt;/code&gt;. Structured data (&lt;code&gt;Organization&lt;/code&gt;, &lt;code&gt;NewsArticle&lt;/code&gt;, &lt;code&gt;FAQPage&lt;/code&gt;, &lt;code&gt;Dataset&lt;/code&gt;) and a clean entity footprint help these systems decide you're a real, citable source.&lt;/p&gt;

&lt;h2&gt;
  
  
  A realistic checklist for a new site
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Server-render&lt;/strong&gt; your content; verify with a bot user-agent. Non-negotiable.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;IndexNow&lt;/strong&gt; on every publish → Bing/Yandex/ChatGPT-Search covered.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;GSC&lt;/strong&gt;: verify, submit sitemap, Request Indexing on key URLs over a few days.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Bing Webmaster&lt;/strong&gt;: one-click import from GSC; confirms ChatGPT-Search eligibility.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Earn a few links on fast-crawled, high-authority pages&lt;/strong&gt; — genuinely.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Internal linking + accurate lastmod + a frequently-updated homepage&lt;/strong&gt; so what Google does crawl, it crawls efficiently.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Publish consistently&lt;/strong&gt; and wait. Authority is earned, not pinged.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The honest summary: indexing isn't one switch. Bing-class engines you can notify instantly; Google you have to &lt;em&gt;earn&lt;/em&gt; with verification, real links, clean signals and time. Anything promising to shortcut that last part is selling you the myth.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;This is a practitioner's evidence-based guide, not a guarantee — search behavior changes. For our take on AI-search specifically, see our &lt;a href="https://dev.to/ai-search-visibility-seo-geo-aeo-what-works/"&gt;AI-search visibility analysis&lt;/a&gt;.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>seo</category>
      <category>marketing</category>
      <category>webdev</category>
      <category>googleindexing</category>
    </item>
    <item>
      <title>How Stolen Crypto Gets Traced — and Why It Rarely Stays Hidden</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Sat, 20 Jun 2026 00:03:01 +0000</pubDate>
      <link>https://dev.to/mrtd/how-stolen-crypto-gets-traced-and-why-it-rarely-stays-hidden-3nae</link>
      <guid>https://dev.to/mrtd/how-stolen-crypto-gets-traced-and-why-it-rarely-stays-hidden-3nae</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/how-stolen-crypto-is-traced-and-recovered/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  The counterintuitive truth about stolen crypto
&lt;/h2&gt;

&lt;p&gt;When a protocol gets drained, the instinct is to assume the money is gone — spirited into the anonymous ether. The opposite is usually true. Public blockchains record &lt;strong&gt;every transfer permanently and openly&lt;/strong&gt;, so stolen funds leave an immutable, timestamped trail that anyone can follow in real time. Thieves can &lt;em&gt;move&lt;/em&gt; the money almost instantly; what they struggle to do is &lt;em&gt;spend&lt;/em&gt; it without revealing themselves. That gap — between moving and cashing out — is where nearly every recovery happens.&lt;/p&gt;

&lt;p&gt;This is an evergreen companion to our &lt;a href="https://dev.to/crypto-hack-tracker-2026/"&gt;Crypto Hack Tracker&lt;/a&gt; and incident &lt;a href="https://dev.to/category/crypto-security/"&gt;post-mortems&lt;/a&gt;: not how thefts happen, but how the stolen funds get chased.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why crypto is traceable in the first place
&lt;/h2&gt;

&lt;p&gt;Three properties make blockchains hostile to launderers:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;The ledger is public and permanent.&lt;/strong&gt; Once funds move, the transaction is visible forever. There is no delete button.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Wallets are pseudonymous, not anonymous.&lt;/strong&gt; An address isn't a name — but the moment any address touches a service that knows its customer (an exchange, an off-ramp), its entire history becomes attributable.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Address clustering.&lt;/strong&gt; Analysts group wallets likely controlled by one actor using on-chain heuristics — funding sources, change-address patterns, repeated gas-payers, contract fingerprints — collapsing dozens of scattered addresses into a single traceable entity.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Who does the tracing
&lt;/h2&gt;

&lt;p&gt;A mature forensics industry now exists. Commercial analytics firms — &lt;strong&gt;Chainalysis&lt;/strong&gt;, &lt;strong&gt;TRM Labs&lt;/strong&gt;, &lt;strong&gt;Elliptic&lt;/strong&gt;, and intelligence platforms like &lt;strong&gt;Arkham&lt;/strong&gt; — map fund flows and label entities. TRM's &lt;strong&gt;Beacon Network&lt;/strong&gt; (2025) gives investigators, exchanges and custodians a real-time channel to coordinate freezes. Security outfits like &lt;strong&gt;PeckShield&lt;/strong&gt;, &lt;strong&gt;SlowMist&lt;/strong&gt; and &lt;strong&gt;Lookonchain&lt;/strong&gt; flag incidents within minutes and publish the fund movements, while independent investigators such as &lt;strong&gt;ZachXBT&lt;/strong&gt; fuse on-chain tracing with old-fashioned OSINT. The speed of that public alerting is itself a weapon: the faster an address is labeled "stolen," the harder it is to cash out.&lt;/p&gt;

&lt;h2&gt;
  
  
  What thieves try — and why it usually isn't enough
&lt;/h2&gt;

&lt;p&gt;Launderers do have tools to break the trail. &lt;strong&gt;Mixers&lt;/strong&gt; like Tornado Cash pool funds to sever the link between deposit and withdrawal. &lt;strong&gt;Cross-chain bridges&lt;/strong&gt; and chain-hopping move value between blockchains to shake single-chain tools. &lt;strong&gt;Peel chains&lt;/strong&gt; skim small amounts across thousands of hops. State-linked actors stretch laundering over weeks in sub-$500K tranches.&lt;/p&gt;

&lt;p&gt;But each of these &lt;em&gt;obscures&lt;/em&gt; rather than &lt;em&gt;erases&lt;/em&gt;. Mixers leak signal through timing and amounts; bridges are increasingly mapped by cross-chain analytics; peel chains are pattern-recognizable; and all of it eventually has to converge on an exit. Tornado Cash itself shows the cat-and-mouse: OFAC-sanctioned in August 2022 (cited as laundering over $7B, including $455M+ for North Korea's Lazarus Group), then &lt;a href="https://home.treasury.gov/news/press-releases/sb0057" rel="noopener noreferrer"&gt;delisted in March 2025&lt;/a&gt; after a court ruled its immutable contracts aren't sanctionable property. The legal status changed; the traceability did not.&lt;/p&gt;

&lt;h2&gt;
  
  
  The choke points
&lt;/h2&gt;

&lt;p&gt;Funds become catchable wherever crypto meets the regulated world:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Centralized exchanges + KYC&lt;/strong&gt; — the decisive choke point. When laundered funds hit a compliant exchange, accounts get identified and balances frozen. This is the mechanism behind most seizures.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Fiat off-ramps&lt;/strong&gt; — converting to bank money requires KYC'd intermediaries.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Stablecoin freezes&lt;/strong&gt; — issuers can freeze tokens on-chain. &lt;strong&gt;Tether&lt;/strong&gt; says it has helped freeze billions in USDT across thousands of cases with law enforcement worldwide (a single August 2025 action froze ~$344M alongside OFAC); Circle can freeze USDC too, more conservatively.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Law-enforcement coordination&lt;/strong&gt; — the FBI, IRS-CI and partners act on the trail that analytics firms hand them, within a freeze window measured in hours.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  It does work — the receipts
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Bitfinex (2016):&lt;/strong&gt; US authorities &lt;a href="https://www.justice.gov/usao-dc/pr/bitfinex-hacker-sentenced-money-laundering-conspiracy-involving-billions-stolen" rel="noopener noreferrer"&gt;seized 94,000+ BTC&lt;/a&gt; in 2022 (then ~$3.6B); Ilya Lichtenstein was sentenced to 5 years in 2024.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Poly Network (2021):&lt;/strong&gt; ~$610M drained — and &lt;a href="https://www.cnbc.com/2021/08/23/poly-network-hacker-returns-remaining-cryptocurrency.html" rel="noopener noreferrer"&gt;returned almost entirely&lt;/a&gt; within days.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Euler Finance (2023):&lt;/strong&gt; ~$197M exploited; the attacker &lt;a href="https://www.coindesk.com/business/2023/04/03/euler-says-all-recoverable-funds-stolen-in-200m-hack-have-been-returned" rel="noopener noreferrer"&gt;returned the recoverable funds&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Ronin / Axie Infinity (2022):&lt;/strong&gt; ~$600M stolen by Lazarus; Chainalysis and US agencies &lt;a href="https://www.chainalysis.com/blog/axie-infinity-ronin-bridge-dprk-hack-seizure/" rel="noopener noreferrer"&gt;clawed back ~$30M&lt;/a&gt; — the first-ever seizure of crypto stolen by a North Korean group.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  The hard reality
&lt;/h2&gt;

&lt;p&gt;Recovery is bimodal. When the attacker is cooperative or careless and the theft is reported fast, most funds can come back (Poly Network, Euler). Against professional or state actors, expect partial recovery at best. &lt;a href="https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/" rel="noopener noreferrer"&gt;Chainalysis&lt;/a&gt; put 2025 crypto theft above $3.4B, with North Korea's Lazarus alone responsible for roughly $2B — about three-quarters of service-compromise losses. Bybit's $1.5B 2025 loss was mostly laundered despite intense tracing. Tracing isn't magic; it's leverage.&lt;/p&gt;

&lt;h2&gt;
  
  
  If you're hit: the playbook
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Move in hours, not days.&lt;/strong&gt; The freeze window is tiny and closes as funds split and hop. Speed is the single biggest determinant of recovery.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Notify exchanges and stablecoin issuers immediately&lt;/strong&gt; with the attacker addresses — on-chain freezes can lock funds before cash-out.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Engage analytics/IR firms&lt;/strong&gt; (Chainalysis, TRM, Elliptic) and credible independent investigators to trace and publicly flag the flow.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Report to law enforcement early&lt;/strong&gt; — seizures legally require their involvement.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Preserve evidence:&lt;/strong&gt; transaction hashes, timestamps, the anchor attacker addresses, logs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Set expectations.&lt;/strong&gt; Making stolen funds unspendable is a win even when full recovery isn't possible.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The thief's problem is permanent: the blockchain remembers. For the defensive side of this coin, see &lt;a href="https://dev.to/protect-your-crypto-lessons-from-the-hacks/"&gt;How to Actually Protect Your Crypto&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial, legal, or security advice.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>onchainforensics</category>
    </item>
    <item>
      <title>Weaponized DMCA: How Fake Copyright Strikes Bury Competitors in Google — and How to Fight Back</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Fri, 19 Jun 2026 00:04:03 +0000</pubDate>
      <link>https://dev.to/mrtd/weaponized-dmca-how-fake-copyright-strikes-bury-competitors-in-google-and-how-to-fight-back-36np</link>
      <guid>https://dev.to/mrtd/weaponized-dmca-how-fake-copyright-strikes-bury-competitors-in-google-and-how-to-fight-back-36np</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/weaponized-dmca-fake-takedowns-bury-competitors-seo/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  A takedown that proved the point
&lt;/h2&gt;

&lt;p&gt;In April 2026, someone filed a bogus copyright complaint to bury a &lt;em&gt;Press Gazette&lt;/em&gt; investigation into Clickout Media — a firm reported to be buying up news brands, swapping staff for AI, and stuffing the sites with offshore-gambling affiliate links. The DMCA notice falsely claimed the original reporting had copied an unrelated article. Google removed the story from search before adjudicating anything; a &lt;em&gt;Search Engine Land&lt;/em&gt; follow-up got delisted too. Both were reinstated about two weeks later after counter-notices, but the lesson landed: a single piece of paper can knock a competitor off Google for days, no court and no evidence required (&lt;a href="https://www.techdirt.com/2026/04/09/someone-filed-a-bogus-dmca-notice-to-kill-a-story-about-a-sketchy-seo-firm-it-worked-briefly/" rel="noopener noreferrer"&gt;Techdirt&lt;/a&gt;).&lt;/p&gt;

&lt;h2&gt;
  
  
  How a DMCA notice actually hits your rankings
&lt;/h2&gt;

&lt;p&gt;There are two distinct mechanisms, and conflating them fuels a lot of bad SEO advice:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;URL delisting.&lt;/strong&gt; A single facially valid notice removes the specific URL(s) from Google Search. Google acts on the &lt;em&gt;paperwork&lt;/em&gt;, not a ruling — verification effectively happens &lt;em&gt;after&lt;/em&gt; removal. That ordering is exactly what makes the system abusable.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Site-wide demotion.&lt;/strong&gt; Since the 2012 "Pirate Update," Google has used the &lt;em&gt;volume of valid removal notices&lt;/em&gt; as a ranking signal: "If we receive multiple valid removal notices for a site, the entire site may be downgraded in Search results" (&lt;a href="https://searchengineland.com/dmca-requests-now-used-in-googles-ranking-algorithm-130118" rel="noopener noreferrer"&gt;Search Engine Land&lt;/a&gt;).&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;If you're hit, it surfaces in &lt;strong&gt;Search Console&lt;/strong&gt; as a "Notice of DMCA removal" — not a manual action, not a security issue, which is why owners often miss it.&lt;/p&gt;

&lt;h2&gt;
  
  
  The "18-month penalty" is a myth
&lt;/h2&gt;

&lt;p&gt;A claim circulating in SEO circles says mass DMCA complaints trigger a fixed ~18-month algorithmic filter. We could find &lt;strong&gt;no evidence&lt;/strong&gt; for it — not from Google, Search Engine Land, TorrentFreak, or court filings. Google's own description is the opposite of a fixed sentence: the copyright demotion is a &lt;em&gt;periodically re-checked, decaying signal&lt;/em&gt; that eases as a site's valid-notice volume falls. There's no published clock. Treat "18 months" as folklore, not a mechanism.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why it's abused — and what it costs the abuser
&lt;/h2&gt;

&lt;p&gt;Because removal precedes verification, "spray a pile of notices" is a real tactic, not a hypothetical: TorrentFreak has documented mass &lt;em&gt;bogus&lt;/em&gt; notices impersonating well-known brands to knock out legitimate tools. There's also a murkier "takedown-as-a-service" market — though the specific pricing and volume figures floating around trace to single trade-press sources and should be taken as illustrative, not gospel.&lt;/p&gt;

&lt;p&gt;Filing a knowingly false notice is not free of risk. Under &lt;strong&gt;17 U.S.C. §512(f)&lt;/strong&gt;, anyone who &lt;em&gt;knowingly misrepresents&lt;/em&gt; that material is infringing is liable for damages and attorneys' fees. Courts have enforced it — &lt;em&gt;Online Policy Group v. Diebold&lt;/em&gt; (2004) cost Diebold &lt;strong&gt;$125,000&lt;/strong&gt;, and &lt;em&gt;Automattic v. Steiner&lt;/em&gt; (2014) produced a &lt;strong&gt;~$25,000&lt;/strong&gt; judgment for a fraudulent takedown. The catch: §512(f) wins are rare. Courts require &lt;em&gt;subjective&lt;/em&gt; bad faith (&lt;em&gt;Rossi&lt;/em&gt;, &lt;em&gt;Lenz&lt;/em&gt;), so honest-mistake filers usually walk. It's a real deterrent, but a limited one.&lt;/p&gt;

&lt;h2&gt;
  
  
  If you're hit: the defense playbook
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Catch it early.&lt;/strong&gt; Watch Search Console for "Notice of DMCA removal," set alerts on sudden traffic/ranking drops, and search the &lt;strong&gt;Lumen Database&lt;/strong&gt; (Harvard) — where Google deposits notices — for the complaint text and the (often anonymous or foreign) filer.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;File a counter-notification&lt;/strong&gt; via Google's official form, asserting a good-faith belief the removal was mistaken. If no lawsuit follows, content is typically reinstated in &lt;strong&gt;~10–14 business days&lt;/strong&gt;.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Document everything&lt;/strong&gt;: authorship and publication proof (drafts, originals, archive.org captures), the Lumen copy of the notice, and your traffic/ranking loss.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Escalate&lt;/strong&gt; to your host, registrar, and Google with proof of original authorship — Google can and does decline clearly non-infringing URLs.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Weigh §512(f)&lt;/strong&gt; action or a demand letter where bad faith is provable.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Go public.&lt;/strong&gt; Reporting egregious abuse to outlets like TorrentFreak, Techdirt or the EFF has reversed bogus takedowns through pressure alone.&lt;/li&gt;
&lt;/ol&gt;

&lt;h2&gt;
  
  
  The takeaway
&lt;/h2&gt;

&lt;p&gt;Weaponized DMCA works because of a structural choice — remove first, verify later — not because of a secret penalty timer. Knowing the real mechanics (URL delisting vs. demotion signal), ignoring the folklore, and having a counter-notice + documentation drill ready is the difference between a two-week dip and a permanent one. Monitor Lumen, watch Search Console, and keep your authorship trail.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not legal advice. Consult a qualified attorney for your situation.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>seo</category>
      <category>marketing</category>
      <category>webdev</category>
      <category>dmca</category>
    </item>
    <item>
      <title>UXLINK Exploiter Routes 8,340 ETH Through Tornado Cash as $44M Haul Is Laundered</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Fri, 19 Jun 2026 00:03:57 +0000</pubDate>
      <link>https://dev.to/mrtd/uxlink-exploiter-routes-8340-eth-through-tornado-cash-as-44m-haul-is-laundered-4hf</link>
      <guid>https://dev.to/mrtd/uxlink-exploiter-routes-8340-eth-through-tornado-cash-as-44m-haul-is-laundered-4hf</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/uxlink-exploiter-launders-8340-eth-tornado-cash/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  What's happening now
&lt;/h2&gt;

&lt;p&gt;The wallet attributed to the &lt;strong&gt;UXLINK exploiter&lt;/strong&gt; has resumed moving its haul. On &lt;strong&gt;June 17, 2026&lt;/strong&gt;, the address swapped roughly &lt;strong&gt;14.6 million DAI for about 8,298.6 ETH&lt;/strong&gt;, then deposited &lt;strong&gt;8,340 ETH into Tornado Cash&lt;/strong&gt;, according to on-chain alerts from &lt;a href="https://www.cryptotimes.io/2026/06/18/uxlink-exploiter-moves-8340-eth-then-sends-it-to-tornado-cash/" rel="noopener noreferrer"&gt;PeckShield&lt;/a&gt; and corroborating reporting from &lt;a href="https://www.cryptotimes.io/2026/06/18/uxlink-exploiter-moves-8340-eth-then-sends-it-to-tornado-cash/" rel="noopener noreferrer"&gt;The Crypto Times&lt;/a&gt; and &lt;a href="https://fxdailyreport.com/uxlink-faces-exploit-attacker-launders-8340-eth/" rel="noopener noreferrer"&gt;FX Daily Report&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The Tornado Cash deposits were broken into &lt;strong&gt;uneven tranches&lt;/strong&gt; — amounts like 100 ETH, 10 ETH and 2.6458848 ETH — a routine obfuscation pattern meant to frustrate clustering. The same wallet also &lt;strong&gt;bridged about 2.64 ETH (~$4,600) from Ethereum to a Bitcoin address&lt;/strong&gt;. Even after this round, blockchain trackers say the wallet &lt;strong&gt;still holds roughly 10.54 million DAI&lt;/strong&gt; that has not moved — a large, fully traceable balance sitting in the open.&lt;/p&gt;

&lt;h2&gt;
  
  
  Background, in brief
&lt;/h2&gt;

&lt;p&gt;UXLINK, a Web3 social protocol, disclosed a security breach on &lt;strong&gt;September 22, 2025&lt;/strong&gt;, tied to a compromise of its administrative multisig. Headline loss estimates have clustered around &lt;strong&gt;$44 million&lt;/strong&gt;, though component figures vary across outlets and were never fully reconciled. Early attribution and forensic tracking came from &lt;a href="https://crypto.news/uxlink-hack-token-swap-plans-advance-as-protocol-prepares-compensation/" rel="noopener noreferrer"&gt;SlowMist&lt;/a&gt; and PeckShield. This article does &lt;strong&gt;not&lt;/strong&gt; detail how the breach was carried out; our focus is the public, on-chain movement of the already-stolen funds.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Tornado Cash factor
&lt;/h2&gt;

&lt;p&gt;Why route through Tornado Cash now? Because the legal calculus changed. OFAC &lt;strong&gt;delisted Tornado Cash from the SDN list on March 21, 2025&lt;/strong&gt;, following the Fifth Circuit's &lt;em&gt;Van Loon v. Treasury&lt;/em&gt; ruling that its immutable smart contracts are not sanctionable "property." In April 2025, a federal judge in the Western District of Texas issued a &lt;strong&gt;permanent injunction barring OFAC from re-sanctioning&lt;/strong&gt; the protocol (&lt;a href="https://www.coindesk.com/policy/2025/04/29/tornado-cash-can-t-be-sanctioned-again-texas-judge-rules" rel="noopener noreferrer"&gt;CoinDesk&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;That means simply &lt;em&gt;using&lt;/em&gt; the mixer is no longer an OFAC violation per se — which is precisely why exploiters can now route funds through it with less friction. The caveats matter, though: &lt;strong&gt;laundering criminal proceeds remains illegal regardless&lt;/strong&gt;, co-founder Roman Semenov is still individually SDN-listed, and developer Roman Storm's criminal case continued into 2026 (&lt;a href="https://www.coindesk.com/business/2026/03/10/u-s-requests-october-retrial-for-tornado-cash-developer-roman-storm" rel="noopener noreferrer"&gt;CoinDesk&lt;/a&gt;). Delisting the tool did not decriminalize what it's being used for.&lt;/p&gt;

&lt;h2&gt;
  
  
  A months-long laundering pattern
&lt;/h2&gt;

&lt;p&gt;This is not a one-off. Trackers have watched the same wallet &lt;strong&gt;alternate between ETH and stablecoins for months&lt;/strong&gt;. Back around &lt;strong&gt;March 20, 2026&lt;/strong&gt;, it ran the opposite leg — swapping &lt;strong&gt;5,496 ETH for roughly 11 million DAI&lt;/strong&gt;, with Lookonchain estimating about &lt;strong&gt;$935,000 in trading profit&lt;/strong&gt; on that move alone (&lt;a href="https://www.cryptotimes.io/2026/03/20/uxlink-hacker-converts-5496-eth-to-11m-dai-after-44m-breach/" rel="noopener noreferrer"&gt;The Crypto Times&lt;/a&gt;). The pattern — park value in DAI when ETH looks rich, rotate back to ETH before mixing — suggests an actor managing the haul actively rather than dumping it.&lt;/p&gt;

&lt;h2&gt;
  
  
  What UXLINK has done
&lt;/h2&gt;

&lt;p&gt;In the aftermath, UXLINK &lt;strong&gt;coordinated with centralized exchanges and law enforcement&lt;/strong&gt; across Singapore, South Korea and Japan to flag and freeze suspicious transfers, recovering a portion of the assets. The project ran a two-phase &lt;strong&gt;user-compensation plan&lt;/strong&gt; and executed a first token buyback in October 2025 using recovered funds. There is &lt;strong&gt;no reported freeze or seizure&lt;/strong&gt; of the specific ETH now headed into Tornado Cash, and no public negotiation with the attacker.&lt;/p&gt;

&lt;h2&gt;
  
  
  The takeaway
&lt;/h2&gt;

&lt;p&gt;Two lessons stand out. For projects: an &lt;strong&gt;admin multisig is critical infrastructure&lt;/strong&gt; — signer hygiene, hardware isolation and spending limits are not optional once a treasury or mint authority is attached. For the ecosystem: &lt;strong&gt;tracing still works&lt;/strong&gt;. The funds are labeled, followed and reported in near-real-time; ~$10.5M of the haul remains frozen-in-place by visibility alone. What the mixer delisting changed is the &lt;em&gt;exit&lt;/em&gt; — the off-ramp is now legally cleaner, which shifts more of the deterrence burden onto exchanges and on-chain analytics rather than sanctions designations.&lt;/p&gt;

&lt;p&gt;See this incident alongside other 2026 exploits in our &lt;a href="https://dev.to/crypto-hack-tracker-2026/"&gt;Crypto Hack Tracker&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Informational only — not financial or security advice. Figures are based on third-party on-chain analytics and may be revised.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>uxlink</category>
    </item>
    <item>
      <title>How to Actually Protect Your Crypto: 9 Lessons From the Hacks We Cover</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Thu, 18 Jun 2026 10:44:35 +0000</pubDate>
      <link>https://dev.to/mrtd/how-to-actually-protect-your-crypto-9-lessons-from-the-hacks-we-cover-3hp9</link>
      <guid>https://dev.to/mrtd/how-to-actually-protect-your-crypto-9-lessons-from-the-hacks-we-cover-3hp9</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/protect-your-crypto-lessons-from-the-hacks/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;We cover crypto-security incidents every week, and after enough post-mortems a pattern emerges: the losses are rarely exotic. The same handful of mistakes show up again and again. Here is a practical defense checklist drawn straight from the cases we've reported — no hype, just what actually moves the needle.&lt;/p&gt;

&lt;h2&gt;
  
  
  1. Treat your seed phrase as the whole game
&lt;/h2&gt;

&lt;p&gt;A hardware wallet never asks for your seed phrase on a website. The biggest retail losses start with a phished seed or a fake "wallet validation" page. If anything — an app, a support agent, a pop-up — asks you to type your 12/24 words, it is a scam. Store the phrase offline, never as a photo or cloud note.&lt;/p&gt;

&lt;h2&gt;
  
  
  2. Audit your token approvals
&lt;/h2&gt;

&lt;p&gt;Many drains don't steal your keys — they abuse an &lt;strong&gt;approval&lt;/strong&gt; (allowance) you granted a contract long ago. A buggy or abandoned contract you once approved is a standing door into your wallet. Periodically review and revoke allowances (tools like revoke.cash make this easy), especially for routers and bridges you no longer use.&lt;/p&gt;

&lt;h2&gt;
  
  
  3. "Deprecated" is not "safe" — withdraw from dead protocols
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://dev.to/aztec-connect-deprecated-router-2-19m-drain/"&gt;Aztec Connect drain of ~$2.19M&lt;/a&gt; happened three years after the product shut down, because the immutable contract still held residual funds with no team to pause it. Treat any shutdown announcement as a deadline: withdraw your balance and revoke approvals before you forget.&lt;/p&gt;

&lt;h2&gt;
  
  
  4. Be paranoid around security disclosures and "urgent updates"
&lt;/h2&gt;

&lt;p&gt;Scammers ride the news cycle. After any legitimate disclosure, expect fake "firmware update" or "migrate your funds now" messages. Update wallet firmware only inside the official app, bookmark official sites, and distrust urgency.&lt;/p&gt;

&lt;h2&gt;
  
  
  5. Avoid thin-liquidity tokens
&lt;/h2&gt;

&lt;p&gt;Most retail blow-ups happen in low-liquidity altcoins and freshly minted "mining" tokens that are trivial to manipulate. There's a reason &lt;a href="https://dev.to/russia-retail-crypto-allowlist-btc-eth-usdt-july-2026/"&gt;Russia's regulator restricted retail investors to just BTC, ETH and USDT&lt;/a&gt; — depth is protection. The deeper and more boring the market, the harder you are to rug.&lt;/p&gt;

&lt;h2&gt;
  
  
  6. Assume romance/investment "opportunities" are scams
&lt;/h2&gt;

&lt;p&gt;The industrial "pig-butchering" networks behind the &lt;a href="https://dev.to/us-15b-bitcoin-seizure-prince-group-reserve-vs-victims/"&gt;largest-ever $15B bitcoin seizure&lt;/a&gt; and the &lt;a href="https://dev.to/disruption-week-14m-scam-accounts-3m-frozen/"&gt;Disruption Week takedown&lt;/a&gt; all run the same playbook: a friendly stranger, a slow build, a fake platform showing fake gains. If someone you met online is guiding your crypto investing, you are the target.&lt;/p&gt;

&lt;h2&gt;
  
  
  7. Lock down your accounts AND your registrar
&lt;/h2&gt;

&lt;p&gt;Account security isn't just 2FA. The &lt;a href="https://dev.to/godaddy-transferred-27-year-domain-to-stranger-2fa-lock/"&gt;GoDaddy case&lt;/a&gt; showed a domain moving despite 2FA and a transfer lock — because the registrar's support desk operated above the customer's settings. For anything critical (exchange logins, your domain, email), use phishing-resistant 2FA (a passkey or hardware key, not SMS) and a registry-level lock on key domains.&lt;/p&gt;

&lt;h2&gt;
  
  
  8. The money rarely comes back — prevention is the whole strategy
&lt;/h2&gt;

&lt;p&gt;Across enforcement actions, recovered funds are a tiny fraction of what's stolen; mixers and cross-chain bridges move proceeds faster than freezes land. Don't rely on getting hacked funds back. The defense is not falling for it in the first place.&lt;/p&gt;

&lt;h2&gt;
  
  
  9. Verify before you trust a "no admin keys" claim
&lt;/h2&gt;

&lt;p&gt;"Fully decentralized, no admin keys" is marketed as safety, but it can also mean &lt;em&gt;no one can stop an exploit either.&lt;/em&gt; Immutability cuts both ways. For any protocol holding your funds, look for real audits, a live bug bounty, and a track record — not just a slogan.&lt;/p&gt;

&lt;p&gt;None of this is complicated, and that's the point. The exotic-sounding hacks we write up almost always reduce to one of these nine failures. Get them right and you've eliminated the vast majority of how people actually lose crypto.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;We turn every incident into lessons like these. Follow &lt;a href="https://t.me/mrtdnet" rel="noopener noreferrer"&gt;@mrtdnet&lt;/a&gt; on Telegram for the next one.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>cryptosecurity</category>
    </item>
    <item>
      <title>Russia Will Let Retail Investors Hold Just 3 Cryptos — BTC, ETH, USDT — From July 2026</title>
      <dc:creator>mrtd</dc:creator>
      <pubDate>Thu, 18 Jun 2026 06:33:30 +0000</pubDate>
      <link>https://dev.to/mrtd/russia-will-let-retail-investors-hold-just-3-cryptos-btc-eth-usdt-from-july-2026-4h24</link>
      <guid>https://dev.to/mrtd/russia-will-let-retail-investors-hold-just-3-cryptos-btc-eth-usdt-from-july-2026-4h24</guid>
      <description>&lt;p&gt;&lt;em&gt;Originally published on &lt;a href="https://mrtd.net/russia-retail-crypto-allowlist-btc-eth-usdt-july-2026/" rel="noopener noreferrer"&gt;MRTD.NET&lt;/a&gt; — fast, sourced news on crypto security, cyber &amp;amp; SEO.&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Russia is about to do something most crypto-friendly framings avoid saying out loud: tell ordinary investors exactly which coins they are allowed to own. From &lt;strong&gt;July 1, 2026&lt;/strong&gt;, non-qualified retail investors in Russia will be permitted to trade just &lt;strong&gt;three digital assets — Bitcoin, Ethereum, and USDT&lt;/strong&gt; — under the country's incoming "On Digital Currency and Digital Rights" law. First Deputy Governor &lt;strong&gt;Vladimir Chistyukhin&lt;/strong&gt; laid out the framework in early June and pointedly tamped down hopes of near-term additions.&lt;/p&gt;

&lt;h2&gt;
  
  
  What the rules actually say
&lt;/h2&gt;

&lt;p&gt;Three constraints define the retail regime, per &lt;a href="https://cryptobriefing.com/russia-central-bank-restricts-retail-crypto/" rel="noopener noreferrer"&gt;reporting from Crypto Briefing&lt;/a&gt; and others:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;A three-asset allowlist.&lt;/strong&gt; Bitcoin, Ethereum and USDT are in. Everything else — Solana, &lt;strong&gt;XRP&lt;/strong&gt;, Cardano, the long tail — is &lt;strong&gt;off-limits&lt;/strong&gt; to ordinary investors unless they qualify as "professional."&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;A hard spending cap.&lt;/strong&gt; Retail buyers face an annual limit of about &lt;strong&gt;300,000 rubles (~$4,000)&lt;/strong&gt; on crypto bought through brokers.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Mandatory risk testing.&lt;/strong&gt; All investors, qualified or not, must pass a risk-awareness test before trading.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is not a ban — Russia is building a regulated on-ramp — but it is a tightly fenced one.&lt;/p&gt;

&lt;h2&gt;
  
  
  In, out, and the "professional" escape hatch
&lt;/h2&gt;

&lt;p&gt;The split is stark. Out of the &lt;strong&gt;10,000-plus&lt;/strong&gt; tokens that trade somewhere on the market, Russia's retail allowlist is exactly &lt;strong&gt;three&lt;/strong&gt; — about &lt;strong&gt;0.03%&lt;/strong&gt; of available assets. Yet those three carry the overwhelming majority of real liquidity: Bitcoin and Ethereum together account for roughly &lt;strong&gt;two-thirds of total crypto market capitalization&lt;/strong&gt;, and USDT is the stablecoin that settles the bulk of global crypto trading pairs.&lt;/p&gt;

&lt;p&gt;The notable omission is &lt;strong&gt;XRP&lt;/strong&gt; — despite its large market cap and active community, it did not make the cut, a reminder that "big" and "liquid/regulator-approved" are not the same thing. Anything beyond the three requires clearing the &lt;strong&gt;professional-investor&lt;/strong&gt; bar, which is precisely the gate that keeps the retail majority inside the fence.&lt;/p&gt;

&lt;h2&gt;
  
  
  The logic, and the signal
&lt;/h2&gt;

&lt;p&gt;The central bank's stated rationale is &lt;strong&gt;liquidity and risk&lt;/strong&gt;: restrict newcomers to the deepest, hardest-to-manipulate markets, cap their exposure, and make them acknowledge the risk in writing. Whatever one thinks of the paternalism, the mechanism is coherent — thin-liquidity altcoins are where retail investors get hurt most.&lt;/p&gt;

&lt;p&gt;The more interesting question is whether this becomes a &lt;strong&gt;template&lt;/strong&gt;. Russia is effectively treating retail crypto like a regulated securities product: an approved-instrument list, position caps, and suitability testing. That is a very different model from the US "regulation by enforcement" approach or the EU's MiCA licensing regime. An explicit, short &lt;strong&gt;allowlist&lt;/strong&gt; is simple to administer and easy for other risk-averse regulators to copy — and it quietly concentrates legitimacy in BTC, ETH, and the dominant stablecoin while sidelining everything else.&lt;/p&gt;

&lt;h2&gt;
  
  
  Bottom line
&lt;/h2&gt;

&lt;p&gt;For Russian retail, the practical effect from July 2026 is narrow: three coins, a ~$4,000 yearly cap, and a test. For the wider market, the signal is bigger. When a G20 central bank writes down a three-name allowlist, it is making a statement about which crypto assets it considers real enough to let citizens touch — and which it does not. Expect the "approved list" model to come up elsewhere.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;We track crypto policy alongside the hacks. Have detail on the final rule text? Reach us via &lt;a href="https://t.me/mrtdnet" rel="noopener noreferrer"&gt;@mrtdnet&lt;/a&gt; on Telegram.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>crypto</category>
      <category>security</category>
      <category>blockchain</category>
      <category>russia</category>
    </item>
  </channel>
</rss>
