The cryptocurrency security sector is on high alert following reports of a potential widespread security breach involving mass coin theft. On March 17, 2026, SlowMist founder Cosine issued a warning via social media regarding a series of hacking incidents targeting users of specific management tools. Preliminary investigations suggest that hackers may have preemptively collected private keys or mnemonic phrases from unsuspecting victims, leading to significant financial losses across various blockchain networks.
Investigation into the 0x913 Hacker Address
Data provided by security researchers highlights a specific malicious address, 0x913efc2062984288a0a083cd42b3a3422c07fcef, which has been identified as a primary recipient of the stolen assets. At the time of the report, the attacker had accumulated profits of approximately $250,000, with the total value continuing to rise as more victims are identified. The pattern of the attacks suggests a coordinated effort rather than isolated incidents of phishing, pointing toward a possible compromise of infrastructure tools.
Suspected Vulnerabilities in Fingerprint Browsers
Community feedback has increasingly pointed toward MoreLogin, a popular fingerprint browser used by crypto enthusiasts and airdrop hunters to manage multiple accounts. However, Cosine emphasized that a definitive link has not yet been established.
There is no conclusive evidence yet that MoreLogin or its related plugins are the cause.
Despite the lack of a "smoking gun", the investigation is currently focusing on:
- The potential compromise of browser-based wallet plugins.
- The possibility of data leaks from synchronization services used by fingerprint browsers.
- The role of third-party extensions in harvesting mnemonic phrases.
Next Steps for Affected Users
Security experts are urging the community to assist in the ongoing forensic analysis. Users who have experienced unauthorized transfers are encouraged to provide detailed information regarding their digital environment. Specifically, SlowMist is requesting data on the fingerprint browser versions used, all installed browser plugins, and the specific wallet applications where the funds were held. This collective data is essential for determining whether the vulnerability lies within the MoreLogin software, a malicious plugin, or an external script.
In light of these events, investors are advised to review their security protocols and consider migrating assets to hardware wallets or non-custodial solutions that do not rely on browser-based synchronization for sensitive data. Maintaining rigorous operational security is vital as hackers increasingly target tools designed for multi-account management in the Web3 ecosystem.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.