Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Blockchain. Show all posts
Web3
Blockchain cryptocurrency Cyber Attacks CyberCrime Cybersecurity global threat Hacking IT workers North Korea Sanctions Web3

North Korea’s Global Cybercrime Network Uncovered: Fake IT Workers Funding Regime's Ambitions

 

A new report by cybersecurity firm DTEX has exposed how North Korea is operating a sophisticated international cybercrime network by embedding fake information technology workers within leading global corporations. These operatives, disguised as freelance developers, are channeling millions in stolen cryptocurrency to fund the reclusive nation’s military and weapons programs.

According to the report, North Korean agents are not driven by ideology but by a systemic need to survive. Trained from a young age, many are groomed to become covert cyber operatives or IT contractors. Two individuals, using the aliases “Naoki Murano” and “Jenson Collins,” were found residing in Russia and are believed to be involved in infiltrating Western companies. They’ve been linked to a $6 million cryptocurrency theft.

The regime operates through shadowy IT entities like Chinyong, which positions agents in countries like China, Laos, and Russia. These agents gain trust within blockchain and cryptocurrency projects, ultimately diverting digital assets back to Pyongyang. Since 2017, North Korea has reportedly funneled tens of millions of dollars through such schemes—prompting U.S. sanctions for financing weapons development (see: US Sanctions North Korean Entities for Sending Regime Funds).

The report states that North Korea’s cyber program has reached a pivotal stage, with its tactics becoming more aggressive and unpredictable. The regime now deploys techniques ranging from supply chain attacks to financial sector infiltration and even online propaganda. DTEX researchers noted that these operatives are so deeply integrated into major cryptocurrency and Web3 initiatives that, “it would seem that every other Web3 project has a North Korean on the payroll.”

“The threat of unintentionally hiring North Korean IT workers is larger than most people realize,” Kevin Mandia, founder and former CEO of Mandiant, said in a statement accompanying the report. “It's cover is global and active right now - which is why the industry and government need to work together to come up with solutions to counter the threat.”

The study also challenges the notion that North Korean cyber operatives follow rigid roles. Instead, many shift between missions, take on leadership responsibilities, and reuse false identities—suggesting a highly adaptive and fluid structure.

Past investigations have revealed that North Korean attacks on European tech firms were often facilitated by individuals operating from the U.S. and the U.K. An April report by Mandiant warned of increasing attempts by North Korean IT workers to secure positions in defense and government agencies, with U.S. businesses being their primary focus—even as operations grow across Europe (see: North Korean IT Scammers Targeting European Companies).

Michael Barnhart, the lead analyst behind the DTEX report, said his research is based on open-source intelligence, testimonies from defectors, blockchain forensics, and insights from Web3 infrastructure. He also leveraged proprietary datasets from unnamed partners to trace how North Korean agents shift money, access, and identities across borders.

“DPRK operatives are persistent,” Barnhart wrote, adding that North Korean cyber agents “do not take kindly to scrutiny” and “will try to uncover who is studying them and how.”
Read more »
WebSockets
Blockchain codebase Credentials Crypto Cybersecurity dataexfiltration dependency devtools Firewall Gmail Hacking malware phishing PyPI python scripts SMTP Spoofing Threatactors WebSockets

Malicious PyPI Packages Exploit Gmail to Steal Sensitive Data

 

Cybersecurity researchers have uncovered a disturbing new tactic involving malicious PyPI packages that use Gmail to exfiltrate stolen data and communicate with threat actors. The discovery, made by security firm Socket, led to the removal of the infected packages from the Python Package Index (PyPI), although not before considerable damage had already occurred.

Socket reported identifying seven malicious packages on PyPI, some of which had been listed for more than four years. Collectively, these packages had been downloaded over 55,000 times. Most were spoofed versions of the legitimate "Coffin" package, with deceptive names such as Coffin-Codes-Pro, Coffin-Codes, NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, and Coffin-Grave. Another package was titled cfc-bsb.

According to the researchers, once installed, these packages would connect to Gmail using hardcoded credentials and initiate communication with a command-and-control (C2) server. They would then establish a WebSockets tunnel that leverages Gmail’s email server, allowing the traffic to bypass traditional firewalls and security systems.

This setup enabled attackers to remotely execute code, extract files, and gain unauthorized access to targeted systems.

Evidence suggests that the attackers were mainly targeting cryptocurrency assets. One of the email addresses used by the malware featured terms like “blockchain” and “bitcoin” — an indication of its intent.

“Coffin-Codes-Pro establishes a connection to Gmail’s SMTP server using hardcoded credentials, namely sphacoffin@gmail[.]com and a password,” the report says.
“It then sends a message to a second email address, blockchain[.]bitcoins2020@gmail[.]com politely and demurely signaling that the implant is working.”

Socket has issued a warning to all Python developers and users who may have installed these packages, advising them to remove the compromised libraries immediately, and rotate all sensitive credentials.

The researchers further advised developers to remain alert for suspicious outbound connections:

“especially SMTP traffic”, and warned them not to trust a package just because it was a few years old.
“To protect your codebase, always verify package authenticity by checking download counts, publisher history, and GitHub repository links,” they added.

“Regular dependency audits help catch unexpected or malicious packages early. Keep strict access controls on private keys, carefully limiting who can view or import them in development. Use isolated, dedicated environments when testing third-party scripts to contain potentially harmful code.”
Read more »
python
Blockchain cryptocurrency Cyber Attacks Cybersecurity GitHub Hacker JavaScript Linkedin malware python

North Korean Hacker Group Targets Cryptocurrency Developers via LinkedIn

 

A North Korean threat group known as Slow Pisces has launched a sophisticated cyberattack campaign, focusing on developers in the cryptocurrency industry through LinkedIn. Also referred to as TraderTraitor or Jade Sleet, the group impersonates recruiters offering legitimate job opportunities and coding challenges to deceive their targets. In reality, they deliver malicious Python and JavaScript code designed to compromise victims' systems.

This ongoing operation has led to massive cryptocurrency thefts. In 2023 alone, Slow Pisces was tied to cyber heists exceeding $1 billion. Notable incidents include a $1.5 billion breach at a Dubai exchange and a $308 million theft from a Japanese firm. The attackers typically initiate contact by sending PDFs containing job descriptions and later provide coding tasks hosted on GitHub. Although these repositories mimic authentic open-source projects, they are secretly altered to carry hidden malware.

As victims work on these assignments, they unknowingly execute malicious programs like RN Loader and RN Stealer on their devices. These infected projects resemble legitimate developer tools—for instance, Python repositories that claim to analyze stock market data but are actually designed to communicate with attacker-controlled servers.

The malware cleverly evades detection by using YAML deserialization techniques instead of commonly flagged functions like eval or exec. Once triggered, the loader fetches and runs additional malicious payloads directly in memory, making the infection harder to detect and eliminate.

One key malware component, RN Stealer, is built to extract sensitive information, including credentials, cloud configuration files, and SSH keys, especially from macOS systems. JavaScript-based versions of the malware behave similarly, leveraging the Embedded JavaScript templating engine to conceal harmful code. This code activates selectively based on IP addresses or browser signatures, targeting specific victims.

Forensic investigations revealed that the malware stores its code in hidden folders and uses HTTPS channels secured with custom tokens to communicate. However, experts were unable to fully recover the malicious JavaScript payload.

Both GitHub and LinkedIn have taken action against the threat.

"GitHub and LinkedIn removed these malicious accounts for violating our respective terms of service. Across our products, we use automated technology, combined with teams of investigation experts and member reporting, to combat bad actors and enforce terms of service. We continue to evolve and improve our processes and encourage our customers and members to report any suspicious activity," the companies said in a joint statement.

Given the increasing sophistication of these attacks, developers are urged to exercise caution when approached with remote job offers or coding tests. It is recommended to use robust antivirus solutions and execute unknown code within secure, sandboxed environments, particularly when working in the high-risk cryptocurrency sector.

Security experts advise using trusted integrated development environments (IDEs) equipped with built-in security features. Maintaining a vigilant and secure working setup can significantly lower the chances of falling victim to these state-sponsored cyberattacks.
Read more »
TON
Blockchain Crypto Cyberattacks CyberCrime Cybersecurity CyberThreat Digital Privacy Technology Telegram TON

Telegram's TON Blockchain Embarks on US Growth Mission

 



A foundation, closely associated with Telegram, called the Open Network (TON), is pursuing ambitious expansion in the United States. A strategic move like this comes amid the expectation that Donald Trump's upcoming administration will be able to offer a more favourable regulatory environment. The TON Foundation is proud to announce a pivotal leadership transition: Manuel "Manny" Stotz, an experienced investor and blockchain advocate, has been selected as President of the organisation. 

There is a new chapter in the foundation's journey to accelerate global adoption of the blockchain, emphasising expanded operations in the United States as part of a strategic expansion plan. In a statement released by a spokesperson for the TON Foundation to Cointelegraph on January 14, a spokesperson confirmed to the Cointelegraph that the US will become one of the most important markets for TON under the Trump Administration. 

The TON Foundation has recently appointed Manuel Stotz, one of the world's leading digital asset investors, as its new president. The foundation will be able to expand its operations in the U.S. market with Stotz, the founder of Kingsway Capital Partners. Stotz stated that the U.S. would soon become a global crypto centre specialising in innovation. Steve Yun, who will remain a board member, will resign from the presidency, and he will be taking over the CEO role. 

In light of the trend that a new president in the US is expected to provide a more favourable environment for cryptocurrency, this shift reflects this expectation. It is expected that his administration will address some of the most important regulatory issues on the day of his inauguration, which is scheduled for January 20, among crypto supporters. Among the concerns is how digital assets are treated by banks, with many in the crypto sector hoping that a change will happen in the rules regarding whether they will be accounted for as liabilities. 

In addition to the issue of “de-banking,” which has impacted many crypto firms in the U.S., another issue that may be addressed is the issue of blockchain technology and its prospects. It has been Stotz's honour to serve as a board member of the TON Foundation since it was founded in Switzerland in 2023. With his new role at the TON Foundation, he will replace Steve Yun, who remains on the board. Stotz is a major investor in the digital asset industry and is the founder of Kingsway Capital Partners, an investment management firm. 

There have been over 50 projects backed by the firm, among them Animoca Brands, Blockchain.com, CoinDCX, Toncoin, Genesis Digital Assets, and others. In the TON Foundation's opinion, the changing regulatory environment in the United States offers new opportunities for blockchain technology. Notably, several industry participants are optimistic about the incoming administration's pro-crypto stance, which includes plans for creating a national Bitcoin reserve and promoting blockchain-based economic reform. 

As President-elect Trump has also indicated his desire to advance the field by appointing influential figures, such as Paul Atkins and David Sacks, to key positions in the sector, it is anticipated that these developments will lead to a surge in blockchain and artificial intelligence innovation. TON Foundation president Stotz believes that these developments may signify a turning point for the industry as a whole, and he believes that the US is an important market for accelerating blockchain adoption worldwide.

A decentralised project called TON is closely related to Telegram's TON blockchain, which was developed by the messenger and then turned into a decentralised project. The Toncoin token allows the network to provide 950 million Telegram users with services such as in-app payments and games, and with Stotz's leadership, TON plans to increase its user base and integrate blockchain-based solutions into everyday applications under Stotz's leadership. 

The main objective of the fund is to use Telegram's vast global audience to promote the widespread adoption of blockchain technologies. With the TON Foundation, which is dedicated to supporting the development of the TON blockchain, Telegram's 950 million users will have access to crypto services through Telegram's platform. In 2023, Telegram formalised the foundation in Switzerland, a year after a 2020 settlement with the SEC ended Telegram's earlier fundraising efforts. 

It was announced in December 2024 that the foundation would be expanding to Abu Dhabi following the ADGM's distributed ledger technology framework. This move is intended to provide legal backing for decentralised projects throughout the MENA and APAC regions, with a target of reaching 500 million users by 2028. In the crypto industry, the return of Trump to power could be considered a turning point in the market as a result. He has announced that cryptocurrencies will be treated differently in the United States of America than they were in the past, which could result in more blockchain projects coming into the country in the future and increased innovation in decentralised technologies. 

Despite this change in leadership at the TON Foundation, the organisation continues to adhere to its mission and values even during this transition and continues to follow through with its objectives. As a board member of the foundation, Steve Yun provides ongoing leadership and direction and Manny Stotz plays a pivotal role in helping to make it a place for growth, collaboration, and innovation in the future. TON anticipates milestones to be achieved in the US over the coming months, which will further enhance the company's reputation as one of the leading blockchain companies in the world.

Read more »
Technology
Artificial Intelligence Blockchain Developers Healthcare Marketing Technology

AI and Blockchain: Shaping the Future of Personalization and Security

 

The integration of Artificial Intelligence (AI) and blockchain technology is revolutionizing digital experiences, especially for developers aiming to enhance user interaction and improve security. By combining these cutting-edge technologies, digital platforms are becoming more personalized while ensuring that user data remains secure. 

Why Personalization and Security Are Essential 

A global survey conducted in the third quarter of 2024 revealed that 64% of consumers prefer to engage with companies that offer personalized experiences. Simultaneously, 53% of respondents expressed significant concerns about data privacy. These findings highlight a critical balance: users desire tailored interactions but are equally cautious about how their data is managed. The integration of AI and blockchain offers innovative solutions to address both personalization and privacy concerns. 

AI has seamlessly integrated into daily life, with tools like ChatGPT becoming indispensable across industries. A notable advancement in AI is the adoption of Common Crawl's customized blockchain. This system securely stores vast datasets used by AI models, enhancing data transparency and security. Blockchain’s immutable nature ensures data integrity, making it ideal for managing the extensive data required to train AI systems in applications like ChatGPT. 

The combined power of AI and blockchain is already transforming sectors like marketing and healthcare, where personalization and data privacy are paramount.

  • Marketing: Tools such as AURA by AdEx allow businesses to analyze user activity on blockchain platforms like Ethereum. By studying transaction data, AURA helps companies implement personalized marketing strategies. For instance, users frequently interacting with decentralized exchanges (DEXs) or moving assets across blockchains can receive tailored marketing content aligned with their behavior.
  • Healthcare: Blockchain technology is being used to store medical records securely, enabling AI systems to develop personalized treatment plans. This approach allows healthcare professionals to offer customized recommendations for nutrition, medication, and therapies while safeguarding sensitive patient data from unauthorized access.
Enhancing Data Security 

Despite AI's transformative capabilities, data privacy has been a longstanding concern. Earlier AI tools, such as previous versions of ChatGPT, stored user data to refine models without clear consent, raising privacy issues. However, the industry is evolving with the introduction of privacy-centric tools like Sentinel and Scribe. These platforms employ advanced encryption to protect user data, ensuring that information remains secure—even from large technology companies like Google and Microsoft. 
 
The future holds immense potential for developers leveraging AI and blockchain technologies. These innovations not only enhance user experiences through personalized interactions but also address critical privacy challenges that have persisted within the tech industry. As AI and blockchain continue to evolve, industries such as marketing, healthcare, and beyond can expect more powerful tools that prioritize customization and data security. By embracing these technologies, businesses can create engaging, secure digital environments that meet users' growing demands for personalization and privacy.
Read more »
Technology
Blockchain Economy Finance Innovation Jordan Technology

Jordan Approves Blockchain Technology to Boost Innovation


As part of its initiatives to enhance public services and modernize government processes, Jordan has approved the 2025 Blockchain Technology Policy. The Jordanian Council of Ministers unveiled a new policy to improve service delivery to citizens, cut expenses, and streamline administrative procedures. 

This strategy is an integral part of Jordan's broader goal for digital transformation and economic modernization, which also involves promoting startup growth and developing skills linked to blockchain. 

About Jordan’s blockchain technology policy

The 2025 Blockchain Technology Policy aims to revolutionize public administration by integrating blockchain technology into government operations. According to officials, the objective is to decrease delays in governmental workflows, automate procedures, and validate transactions instantly.

The policy places a high priority on preserving citizens' data. The government intends to employ blockchain's secure infrastructure to protect data privacy and boost public trust in governmental organizations.

Key features

The policy is going to assist startups using blockchain technology. This involves developing chances for businesses and providing workers with the skills required to succeed in blockchain-related industries.

Jordan intends to make government transactions more efficient and accessible to citizens and businesses by leveraging blockchain's capacity to record and verify data instantaneously.

In addition, the blockchain's distributed architecture will generate records that cannot be changed, assuring improved accuracy in government reporting and decreasing errors.

Authorities think it will result in improved oversight of government services.

Impact on economy and infrastructure

Jordan has recently expressed an increased interest in blockchain and Bitcoin. In 2022, Jordan saw an increase in crypto activity as citizens sought solutions to unemployment and other concerns, showing blockchain's ability to address economic issues.

Jordan's blockchain program is part of a broader regional trend of using emerging technologies to enhance government operations.

Syria, for example, revealed plans to regulate Bitcoin [BTC] and automate its currency to stabilize its financial sector and draw foreign investment. In the UAE, Dubai has permitted the expansion of blockchain-based payment systems, while Abu Dhabi has established a legal framework for decentralized solutions.

These initiatives indicate a growing interest in blockchain as a solution to economic and administrative difficulties in the Middle East.

Read more »
Technology
Bitcoin Blockchain Cyberattacks Cyberhackers Cybersecurity CyberThreat Quantum Resistance Solana Technology

Solana Pioneers Quantum Resistance in Blockchain Technology

 


There is no denying that Solana, one of the fastest-growing blockchain networks, has introduced a groundbreaking security feature called the Winternitz Vault. This feature will protect digital assets from quantum computing threats while maintaining the platform's high performance. Solana intends to address the challenges posed by quantum computing proactively to safeguard its users' funds and ensure the longevity of its blockchain infrastructure. 

With the help of a decades-old cryptographic technique, Solana has developed a quantum-resistant vault that uses this technique to protect users' funds from quantum computer attacks. As part of the solution, known as the Solana Winternitz Vault, new keys are generated for every transaction as part of a hash-based signature system. 

The company introduced a system called the "Solana Winternitz Vault" that protects user funds from quantum threats. The vault utilises a hash-based signature system that generates new keys for every transaction, making it highly secure. The chief scientist at Zeus Network, Dean Little, who is also a cryptography researcher, elaborated in a GitHub post that this approach complicates quantum computing and makes it harder for quantum computers to orchestrate coordinated attacks on public keys that are exposed during transactions, diminishing their ability to execute coordinated attacks. Since the vault exists in the current version as an optional feature, rather than as part of the network security upgrade, no fork is in sight. 

As a result, users will need to actively store their funds in Winternitz Vaults instead of regular Solana Wallets if they wish to ensure that their funds remain quantum-proof. Even though the quantum-resistant vault is an optional feature rather than a system-wide requirement, it is important to note that it is still an optional feature. For this enhanced security to be realised, users need to choose to store their funds in the Winternitz Vault rather than the standard Solana wallet. 

The vault's operation includes creating a split-and-refund account system to ensure secure fund transfers while protecting residual balances. The Winternitz Vault, a quantum-resistant solution developed by Solana developers, has been implemented to counter this risk and is based on a cryptographic technique dating back decades. 

As a result of the vault's hash-based signature system, which generates new keys with each transaction, quantum computers are less likely to be able to crack the cryptographic keys because the vault employs a hash-based signature system. Using the Winternitz One-Time Signatures protocol, this vault creates 32 private key scalars that are hashed 256 times. It does not store the entire public key but only its hash for verification purposes. 

It is important to note that every time a transaction is carried out, the vault creates a new set of keys, so no hacker can predict or steal a key before it is used. Solana's Winternitz Vault sets a new benchmark for blockchain security in the face of quantum computing, allowing users to take advantage of the optional tools necessary to protect their digital assets against future threats. 

By implementing this forward-looking strategy, Solana reinforces its commitment to innovation and security that it has always displayed, placing it as a market leader in the blockchain space as quantum computing continues to develop, providing blockchain networks like Solana the flexibility to adapt to new challenges as they arise. It is Solana's goal to stay abreast of such advancements, ensuring its users can be assured that their digital assets can be safeguarded with confidence, regardless of future technological advances. 

Nonetheless, Cornell University researchers have found that breaking an elliptic curve cryptographic key with 160 bits would require approximately 1,000 qubits, which is far more than is currently available. The blockchain industry is still pushing forward despite this. In its beta stage, QAN, for example, claimed it had achieved "quantum hardness," and other protocols have quietly improved their cryptographic foundations. 

In recent years, quantum computing power has been predicted to grow exponentially – a phenomenon known as Neven's Law – and some experts believe that this will happen in the future. This forecast has driven more blockchain developers to implement quantum-resistant solutions, even though full-scale quantum computers are still years or decades away from seriously threatening the current cryptographic standards for coins, tokens, and other applications. Considering quantum resistance as an extra feature for many crypto projects may seem overkill, but Web3 developers are known for always being two steps ahead of the game.

Read more »
Quantum computing
Bitcoin Bitcoin Vulnerability Blockchain Blockchain Technology Computing Cryptography Cyber Secuirty Encryption Quantum computing

Bitcoin Security Concerns Amid Quantum Computing Advancements

 

Chamath Palihapitiya, CEO of Social Capital, has raised alarms over Bitcoin’s future security, cautioning that its SHA-256 encryption may become vulnerable within the next two to five years. Speaking on the All-In Podcast, he highlighted rapid advancements in quantum computing, particularly Google’s unveiling of the Willow quantum chip featuring 105 qubits. Palihapitiya estimates that 8,000 such chips could potentially breach SHA-256 encryption, underscoring the pressing need for blockchain networks to adapt.

Quantum Computing's Impact on Cryptography

While acknowledging the infancy of quantum computing, Palihapitiya pointed to Google’s Willow chip as a pivotal development that could accelerate breakthroughs in cryptography. Despite scalability challenges, he remains optimistic that the cryptocurrency sector will evolve to develop quantum-resistant encryption methods.

Not all experts share his concerns, however. Ki Young Ju, founder of CryptoQuant, has expressed confidence that Bitcoin’s encryption is unlikely to face quantum threats within this decade.

Satoshi Nakamoto’s Early Solutions

Bitcoin’s pseudonymous creator, Satoshi Nakamoto, had anticipated such scenarios. In 2010, Satoshi proposed that the Bitcoin community could agree on the last valid blockchain snapshot and transition to a new cryptographic framework if SHA-256 were compromised. However, these early solutions are not without controversy.

Emin Gün Sirer, founder of Avalanche, has warned that some of Satoshi’s early-mined coins used an outdated Pay-To-Public-Key (P2PK) format, which exposes public keys and increases the risk of exploitation. Sirer suggested the Bitcoin community should consider freezing these coins or setting a sunset date for outdated transactions to mitigate risks.

Recent advancements in quantum computing, including Google’s Willow chip, briefly unsettled the cryptocurrency market. A sudden wave of liquidations resulted in $1.6 billion being wiped out within 24 hours. However, Bitcoin demonstrated resilience, reclaiming the $100,000 resistance level and achieving a 4.6% weekly gain.

Proactive Measures for Long-Term Security

Experts widely agree that proactive steps, such as transitioning to quantum-resistant cryptographic frameworks, will be essential for ensuring Bitcoin’s long-term security. As the quantum era approaches, collaboration and innovation within the cryptocurrency community will be pivotal in maintaining its robustness against emerging threats.

The ongoing advancements in quantum computing present both challenges and opportunities. While they highlight vulnerabilities in existing systems, they also drive the cryptocurrency sector toward innovative solutions that will likely define the next chapter in its evolution.

Read more »
Subscribe to: Posts (Atom)