hodler

21 Jan 2026, 16:15

Bitcoin World iOS App Service Restored After Critical Outage: Users Regain Access Following Update Disruption

BitcoinWorld Bitcoin World iOS App Service Restored After Critical Outage: Users Regain Access Following Update Disruption San Francisco, CA – April 15, 2025 – The Bitcoin World iOS application has successfully restored full service following a significant temporary outage that disrupted user access. This critical restoration comes after an application update introduced unexpected technical complications. Consequently, the development team has resolved the core service disruption. However, some users may still encounter difficulties locating the application through the iOS App Store search function, a secondary issue the team is actively addressing. Bitcoin World iOS App Service Restored: Analyzing the Outage Timeline The service interruption began shortly after the deployment of a scheduled application update. Initially, users reported an inability to log in or access portfolio data. Subsequently, the Bitcoin World support team acknowledged the issue via official communication channels. They identified the update’s interaction with Apple’s latest iOS security protocols as the primary cause. This type of disruption highlights the complex dependencies within mobile cryptocurrency platforms. Furthermore, it underscores the critical need for rigorous pre-release testing in volatile digital asset environments. Mobile application outages in the cryptocurrency sector carry unique risks. Unlike traditional finance apps, crypto apps provide direct access to volatile markets and self-custodied assets. Therefore, even brief service lapses can prevent users from executing time-sensitive trades. The Bitcoin World incident lasted approximately six hours before engineers implemented a server-side patch. This restoration timeline is relatively standard for critical fintech updates, though user expectations for 24/7 access remain exceptionally high. The Technical Breakdown and Restoration Process Technical analysis suggests the outage stemmed from an authentication handshake failure. Specifically, the updated app client could not properly validate session tokens with the backend API. The development team’s response involved a multi-phase rollback and hotfix deployment. First, they temporarily suspended the update’s distribution. Next, they reverted backend services to a stable configuration. Finally, they issued a corrective patch that restored connectivity for all existing app installations. The table below outlines the key phases of the incident response: Phase Timeframe Action Taken Detection First 30 minutes User reports trigger internal monitoring alerts. Diagnosis Hour 1 Engineers isolate the authentication protocol failure. Mitigation Hours 2-4 Update distribution halted; backend rollback initiated. Resolution Hours 5-6 Server-side patch deployed; full service restored. Post-Mortem Ongoing Addressing App Store search visibility issue. Ongoing iOS App Store Search Visibility Challenges Despite the core service restoration, a secondary complication persists. Some users report the Bitcoin World app does not appear in standard iOS App Store search results. This is a distinct issue from the service outage, often related to Apple’s search algorithm indexing. App Store Optimization (ASO) factors, including keyword relevance and recent update metadata, can temporarily affect discoverability. The Bitcoin World team confirmed they are coordinating with Apple’s developer support to expedite re-indexing. Users needing immediate access can employ these verified workarounds: Direct Link: Use a previously saved link to the app’s App Store page. Developer Page: Search for ‘Bitcoin World’ directly via the developer’s publisher page. Alternative Access: Utilize the fully functional web platform while the App Store issue resolves. Historically, App Store search indexing delays can last from 24 to 72 hours after an app update. This process is largely automated by Apple’s systems. Consequently, developer intervention capabilities are sometimes limited. The situation mirrors past incidents with major financial apps, where rapid update cycles occasionally trigger temporary discoverability gaps. Broader Context: Cryptocurrency App Reliability in 2025 This incident occurs within a broader industry trend. As regulatory scrutiny increases, cryptocurrency applications must implement more frequent compliance and security updates. Each update introduces potential stability risks. According to data from App Annie, the average major fintech app experienced 1.2 significant outage events in 2024. These were primarily update-related. Therefore, the Bitcoin World event is not an isolated case but part of a sector-wide challenge. Expert commentary from fintech infrastructure analysts emphasizes layered resilience strategies. Modern applications now commonly employ: Canary Releases: Rolling out updates to a small user subset first. Feature Flags: Enabling/disabling new code paths without full redeployment. Robust Rollback Protocols: Pre-tested procedures to revert changes quickly. The swift restoration of the Bitcoin World iOS app service suggests their team had effective rollback measures in place. This is a positive indicator of their operational maturity. Nevertheless, the event serves as a reminder for all users to maintain backup access methods, such as written recovery phrases and alternative device access. Conclusion The Bitcoin World iOS app service has been successfully restored following a temporary outage triggered by an update. The development team resolved the core authentication issue within a standard operational timeframe. Meanwhile, they continue to address the ancillary App Store search visibility problem with Apple’s support. This event highlights the inherent complexities of maintaining always-available cryptocurrency infrastructure. It also demonstrates the importance of robust incident response protocols in the fast-evolving digital asset landscape. Users should now have full functional access to their accounts via the app, with normal discoverability expected to resume shortly. FAQs Q1: Is the Bitcoin World iOS app fully functional now? A1: Yes, the core service has been fully restored. Users can log in, view portfolios, and execute transactions. The only remaining issue is that some may have difficulty finding the app via the App Store search bar. Q2: What caused the temporary outage? A2: The outage was caused by an unexpected technical conflict between a recent app update and Apple’s iOS security protocols. This led to an authentication failure that prevented the app from connecting to its servers. Q3: How can I access the app if I can’t find it in the App Store search? A3: You can try accessing the developer’s page directly, using a previously saved link to the app, or visiting the Bitcoin World website to find a direct App Store link. The app itself is still available for download. Q4: Was user fund security compromised during the outage? A4: No evidence suggests any security compromise or risk to user funds. The issue was related to service accessibility, not security breaches. User assets remain secured by the underlying blockchain and wallet protocols. Q5: How long will the App Store search issue last? A5: Based on historical patterns with Apple’s indexing systems, full search visibility typically returns within 24 to 72 hours. The Bitcoin World team is actively working with Apple to expedite this process. This post Bitcoin World iOS App Service Restored After Critical Outage: Users Regain Access Following Update Disruption first appeared on BitcoinWorld .

21 Jan 2026, 15:40

Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux

Cryptocurrency hackers are exploiting trusted Linux software to steal digital assets, using a new technique that turns legitimate Snap Store packages into malware. Key Takeaways: Hackers are exploiting trusted Snap Store packages to steal cryptocurrency by hijacking existing publisher accounts. The attacks rely on expired domains and email addresses to push malicious updates. The incidents reveal weaknesses in the platform’s trust and security model. Rather than creating fresh accounts on the Snap Store, which is operated by Canonical, attackers are now taking over existing publisher accounts, according to a warning from Ubuntu contributor and former Canonical developer Alan Pope. The method relies on identifying expired web domains and email addresses linked to long-standing Snap Store developers, registering those domains, and then using the recovered access to hijack Snapcraft accounts. Attackers Turn Legitimate Packages Malicious Once inside, the attackers push malicious updates to packages that were previously benign, catching users off guard through automatic updates and long-established trust signals. The Snap Store, like other major package repositories, has long been a target for malware campaigns. Early efforts were relatively unsophisticated, with scammers publishing fake crypto wallet applications under newly created accounts. When those attempts became easier to detect, attackers began disguising malicious apps using lookalike characters from other alphabets to evade filters. According to Pope, the tactic then evolved into a bait-and-switch approach. Attackers would publish harmless software under neutral names such as “lemon-throw” or “alpha-hub,” often posing as simple games. After approval and a period of inactivity, a follow-up update would quietly introduce a fake crypto wallet designed to steal funds. The latest development raises the stakes. In at least two confirmed cases, attackers took control of expired domains once owned by legitimate Snap publishers and used them to distribute wallet-stealing malware through automatic updates. A new Snap Store scam campaign abuses expired publisher domains to bypass trust signals and deliver malicious app updates. https://t.co/nWL9HGXACe #Linux #OpenSource — Linuxiac (@linuxiac) January 19, 2026 The affected applications appeared normal on the surface but were built to harvest wallet recovery phrases and transmit them to attacker-controlled servers. By the time users noticed suspicious behavior, funds and sensitive data were already compromised. Canonical has since removed the malicious snaps, but Pope warned that the response highlights deeper weaknesses in the platform’s trust model. He said domain takeovers undermine publisher longevity as a safety signal and called for additional safeguards, including monitoring domain expirations, enforcing stronger account verification for dormant publishers, and requiring mandatory two-factor authentication. Security Researcher Warns of Delayed Snap Store Takedowns Pope also noted delays in removing reported malicious snaps, sometimes stretching over several days. He advised users to exercise extra caution when installing cryptocurrency wallets on Linux and to consider downloading them directly from official project websites instead of app stores. To help users assess risk, Pope created SnapScope, a web-based tool that flags snaps as suspicious or malicious before installation. He also urged developers to keep domain registrations active and secure Snapcraft and email accounts with two-factor authentication. According to Chainalysis, illicit cryptocurrency addresses received a record $154 billion in 2025 , a sharp increase from the year before. In another case, US prosecutors have charged a 23-year-old Brooklyn resident , Ronald Spektor, with stealing roughly $16 million in cryptocurrency from around 100 Coinbase users through an alleged phishing and social engineering scheme. The post Hackers Hijack Snap Store Accounts to Push Crypto-Stealing Malware on Linux appeared first on Cryptonews .

21 Jan 2026, 15:23

Hackers hijack Snap Store accounts to steal crypto from Linux users

Linux users face a new threat as cybercriminals exploit a critical vulnerability in Canonical’s Snap Store, hijacking trusted developer accounts to distribute cryptocurrency-stealing malware disguised as legitimate wallet applications. SlowMist’s chief information security officer, 23pds, who has the X handle @im23pds, warned that attackers are monitoring developer accounts whose associated domain names have expired. How does the Snap Store attack work? 23pds wrote , “Linux users beware: A new type of attack is raging in Snap Store — expired domains have been taken over by hackers and turned into backdoors to steal users’ crypto assets. The tampered applications are disguised as well-known crypto wallets such as Exodus, Ledger Live, or Trust Wallet, tricking users into entering their ‘wallet recovery seed phrase,’ resulting in complete theft of funds.” Once a target domain expires and becomes available for registration, the attackers immediately purchase it, then use the email address linked to that domain to trigger password resets on the Snap Store. This grants them complete control over long-established, trusted publisher identities without raising immediate suspicion. At least two developer accounts have been confirmed as compromised using this method, with domains storewise.tech and vagueentertainment.com falling into the attackers’ hands. The malicious actors, believed to be based in Croatia according to Alan Pope, a former Canonical developer and Ubuntu contributor, have been conducting campaigns against Snap Store users for approximately two years. The domain takeover is the latest and most concerning evolution of the action of these bad actors, as it now means that “legitimate software installed and trusted by users for years could have malicious code injected by hackers through official update channels overnight.” According to 23pds, “The tampered applications are usually disguised as well-known crypto wallets such as Exodus, Ledger Live, or Trust Wallet, with interfaces almost indistinguishable from the genuine versions.” He stated, “After the app launches, it first connects to a remote server to verify the network, then immediately prompts the user to enter their ‘wallet recovery mnemonic phrase.’ Once the user submits it, these sensitive details are instantly transmitted to the attacker’s server, resulting in the theft of funds.” Victims often discover that their funds have been stolen before noticing that anything is wrong because the attack exploits long-standing trust relationships. What are major platforms doing to curtail domain resurrection attacks? GitHub, PyPI, and npm have all experienced similar domain resurrection attacks . A 2022 academic study identified over 2,800 npm developer accounts configured with email addresses whose domains had subsequently expired, highlighting the scale of potential vulnerability. In June 2025, the Python security team removed more than 1,800 expired email addresses from developer accounts, forcing developers to re-verify their credentials with active domains upon their next login. The problem stems from what security experts call internet or link rot, where developers moving between jobs or email providers fail to update account information across all platforms, creating exploitable security gaps. Pope stated that Canonical needs to address the issue by implementing safeguards, which could be monitoring domain expiry on publisher accounts, requiring additional verification for dormant accounts, implementing mandatory two-factor authentication, or other measures. If you're reading this, you’re already ahead. Stay there with our newsletter .

21 Jan 2026, 15:17

Paradex integration hacked as Mithril trading bot subkeys compromised

Paradex, a decentralized perpetual futures exchange, is back in the headlines after it announced that one of its integrations, the Mithril trading bot, was involved in a security compromise. The latest news comes days after it initiated a major chain rollback prompted by a serious technical glitch. The previous incident was not caused by an exploit, but this most recent one, which was announced on January 21, has been linked to a hacker. What happened to the Mithril trading bot? According to the official post from the Paradex team, an attacker gained access to Mithril’s internal systems, which led to approximately 57 user subkeys getting compromised. Subkeys are known as limited-permission keys that take trades on behalf of a user; however, they don’t have the ability to withdraw funds from your account and are commonly used by third-party applications and bots . The team has acted promptly in response to the compromise. They have paused all XP transfers and promised to re-enable them shortly, and have also revoked all subkeys linked with Mithril trading accounts. Only users who had their accounts connected to the trading bots were potentially affected by this exploit, the team has claimed. The team ended the post by pointing out that anyone who grants a subkey to any third-party bot, app, or platform is effectively trusting their security practices to protect their respective accounts. “Paradex cannot control or audit how external services store and secure your keys. Before connecting to any third-party service, consider the risks and only grant permissions to platforms you trust,” the team wrote on X. Those are carefully chosen words and could be seen as the team shifting responsibility to users and the third-party provider rather than fully owning any potential partnership shortcomings. Technical glitch forced Paradex to initiate a chain rollback A couple of days before this attack, on January 19, 2026, Paradex suffered a serious technical glitch during what was described as a scheduled maintenance. The glitch was caused by a faulty database migration, which caused the platform to erroneously price assets at $0, shocking many of the traders, especially those who had open positions. It triggered through an automated liquidation engine, resulting in mass forced closures of leveraged positions across the Perps exchange. The error went beyond mere UI display issues, as several other services were reported down before the team intervened. To fix the problem, the team proposed a chain rollback, and even though there was some resistance, they went ahead with it, rolling the blockchain back to an earlier verified state. This effectively reversed the problematic transactions and halted trading for some hours. On X, the team reassured community members and users that funds were mostly safe and the platform was able to return to normal after the recovery. One day later, the team announced that it had completed a review of accounts impacted by the incident and had refunded all users who were incorrectly liquidated (primarily related to PAXG). In total, $650,000 was reportedly distributed across 200 accounts, and since then, Gigavault deposits and withdrawals have resumed. “Tickets related to these refunds will be closed automatically. All other tickets will be reviewed and addressed over the next few days,” the team wrote on X, thanking users for their patience. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

20 Jan 2026, 18:00

TRON DAO Integrates Blockaid to Deliver Real-Time On-Chain Security Across Its Network

TRON DAO has announced the integration of Blockaid adding real-time, production-grade security protections across the TRON ecosystem as the network continues to scale global usage. The integration introduces transaction simulation and validation, dApp risk detection and token validation tools designed to block malicious activity before users are exposed. TRON said the collaboration brings an additional layer of protection to its more than 358 million users, strengthening security across token transfers, decentralized applications, and DeFi activity. Real-Time Protection for a Growing Ecosystem The announcement comes as TRON surpasses 12 billion total transactions and maintains its position as one of the most widely used blockchain networks for stablecoin activity. With adoption accelerating the network has prioritized security infrastructure that can operate at internet scale. According to the firm by adding Blockaid’s security capabilities directly into the TRON network, users gain real-time visibility into potentially malicious behavior. Transaction simulation and validation help identify wallet drainers and exploit attempts before transactions are signed while dApp validation flags risky or malicious applications prior to user connection. Token validation further enhances protection by detecting impersonation tokens, spam assets, and common scam patterns that have proliferated across public blockchains. Scaling Security Alongside Adoption TRON DAO explains that the integration is designed to ensure security scales in parallel with user growth. “With more than 358 million users interacting across the TRON ecosystem, proactive security is essential to protecting users at scale,” said Sam Elfarra, Community Spokesperson at TRON DAO. “ At this scale, even isolated vulnerabilities can impact a large user base. Integrating Blockaid helps protect users from malicious activity as they explore on-chain applications and ensures security scales alongside adoption,” adds Elfarra. The collaboration reflects a broader industry trend toward preventative security, moving beyond reactive responses to exploits and scams. Blockaid Expands Reach Across Web3 Infrastructure Blockaid specializes in detecting and responding to on-chain and off-chain threats, said the integration allows users to receive immediate, contextual insight into the risks associated with their on-chain interactions. “As adoption accelerates, users need immediate, reliable insight into what they’re interacting with on-chain,” said Ido Ben-Natan, Co-Founder and CEO of Blockaid. “Together, TRON and Blockaid are protecting users and builders at the exact moments where trust matters most.” Strengthening Trust in Decentralized Infrastructure By integrating real-time security directly into the network layer, TRON aims to reinforce trust across one of the most active blockchain ecosystems in Web3. The move shows the growing importance of security and transparency as decentralized infrastructure supports increasingly mainstream financial and application use cases. The post TRON DAO Integrates Blockaid to Deliver Real-Time On-Chain Security Across Its Network appeared first on Cryptonews .

20 Jan 2026, 16:13

$282M Crypto Scam Ends in XMR — Why Privacy Coins Keep Spiking After Hacks

A major crypto fraud has resulted in millions vanishing into the shadows, raising questions about digital privacy's rise. Attention is drawn to privacy coins, which often surge post-breach. These hidden assets, celebrated for their secrecy, might be positioning for growth. Discover which coins are primed to soar amidst this unfolding drama. Monero Shows Promise Despite Recent Dip Source: tradingview Monero (XMR) is currently trading between $480 and $730. Recently, it has dipped by about 6% in the past week, but it has grown by more than 24% over the past month and nearly 89% over six months. This suggests a strong upward trend despite short-term setbacks. The nearest resistance level is just under $900, hinting at potential gains if the price breaks through. Its support sits below $400, offering some stability. With an RSI indicating that Monero is neither overbought nor oversold, there is room for growth. If Monero can maintain its positive momentum, there is a chance for an impressive climb, possibly challenging the second resistance level close to $1140. Conclusion Privacy coins like XMR often gain traction following security breaches. This trend showcases the growing preference for anonymity and secure transactions after incidents. The move to privacy-focused coins underscores their role in protecting user identities. This pattern is likely to continue as the demand for privacy in the crypto market remains strong. The recurring increase in their use highlights their importance in post-hack scenarios. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.