Crypto M - Crypto News

🚀 Telegram CEO Criticizes WhatsApp's Encryption Practices Telegram CEO Pavel Durov has criticized WhatsApp's end-to-end encryption, labeling it as a 'massive consumer fraud.' According to ChainCatcher, Durov highlighted that approximately 95% of private messages are stored in unencrypted backups on Apple and Google servers. Durov expressed concerns that this situation poses a risk to user privacy. Despite WhatsApp's claims of using end-to-end encryption for message transmission, the backup mechanism fails to ensure complete encryption of user information. His remarks have sparked industry attention regarding privacy protection measures in mainstream communication applications. #Telegram#WhatsApp#Encryption#Privacy#DataSecurity#PavelDurov#CyberSecurity#MessagingApps#TechNews#EndToEndEncryption

🚀 Security Concerns Arise Over LLM Agent API Routers On April 10, Solayer founder @Fried_rice highlighted on social media the growing reliance of large language model (LLM) agents on third-party API routers, which distribute tool call requests to multiple upstream providers. According to BlockBeats, these routers operate as application layer proxies and can access each JSON payload in plaintext during transmission. However, no provider currently enforces encryption integrity protection between the client and upstream models. A study tested 28 paid routers purchased from platforms like Taobao, Xianyu, and Shopify independent sites, along with 400 free routers collected from public communities. The findings revealed that one paid router and eight free routers were actively injecting malicious code. Additionally, two routers deployed adaptive evasion triggers, 17 accessed AWS Canary credentials owned by researchers, and one stole ETH from a private key held by researchers. Further poisoning studies demonstrated that seemingly harmless routers could also be exploited. A leaked OpenAI key was used to generate 100 million GPT-5.4 tokens and over seven Codex sessions. Weaker bait configurations resulted in 2 billion billing tokens, 99 credentials across 440 Codex sessions, and 401 sessions running autonomously in YOLO mode. The research team developed an experimental proxy named Mine, capable of executing all four types of attacks on four public proxy frameworks. They also verified three client defense strategies: fault lock strategy gating, response-side anomaly screening, and append-only transparent logging. #LLM#API#Security#CyberSecurity#Malware#DataBreach#Encryption#Proxy#AI#MachineLearning#ETH