Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto. Show all posts
North Korea
AI Bybit Crypto cryptocurrency Cyber Attacks Ethereum Internet North Korea

ByBit Crypto Heist: First Half of 2025 Records All-time High Crypto Theft

ByBit Crypto Heist: First Half of 2025 Records All-time High Crypto Theft

2025 H1 records all-time crypto theft

In the first half of 2025, hackers stole a record $2.1 billion in cryptocurrency, marking an all-time high. The data highlights the vulnerable state of the cryptocurrency industry. North Korean state-sponsored hackers accounted for 70% of the losses, responsible for USD 1.6 billion, rising as the most notorious nation-state actor in the crypto space, according to a report by TRM Labs

This indicates a significant increase in illegal operations, surpassing the 2022 H1 record by 10% and nearly matching the total amount stolen for the entire 2022 year, highlighting the danger to digital assets. 

Implications of nation-state actors in crypto attacks

The biggest cryptocurrency attack has redefined the H1 2025 narrative, the attack on Dubai-based crypto exchange Bybit. TRM believes the attack highlights a rising effort by the Democratic People’s Republic of Korea (DPRK) for cryptocurrency profits that can help them escape sanctions and fund strategic aims like nuclear weapons programs, besides being a crucial component of their statecraft. 

“Although North Korea remains the dominant force in this arena, incidents such as reportedly Israel-linked group Gonjeshke Darande (also known as Predatory Sparrow) hacking Iran’s largest crypto exchange, Nobitex, on June 18, 2025, for over USD 90 million, suggest other state actors may increasingly leverage crypto hacks for geopolitical ends,” TRM said in a blog post. 

Mode of operation

"Infrastructure attacks — such as private key and seed phrase thefts, and front-end compromises — accounted for over 80% of stolen funds in H1 2025 and were, on average, ten times larger than other attack types," reports TRM. These attacks target the technical spine of the digital asset system to get illicit access, reroute assets, and mislead users. Infrastructure attacks are done via social engineering or insider access and expose fractures in the cryptosecurity foundation.

Takeaways 

H1 2025 has shown a shift towards crypto hacking, attacks from state-sponsored hackers, and geopolitically motivated groups are rising. Large-scale breaches related to nation-state attacks have trespassed traditional cybersecurity. The industry must adopt advanced, effective measures to prevent such breaches. Global collaboration through information sharing and teamed efforts can help in the prosecution of such cyber criminals. 

Read more »
North Korea cyberattacks
Crypto cryptocurrency cryptocurrency hacks cryptocurrency scam cryptocurrency theft cryptocurrency wallet Cyber Attacks Hacker attack North Korea North Korea cyberattacks

North Korea-Linked Hackers Behind $2.1 Billion in Crypto Theft in Early 2025

 

A new report from blockchain analytics firm TRM Labs reveals that hackers stole an unprecedented $2.1 billion in cryptocurrency during the first half of 2025—marking the highest amount ever recorded for a six-month period. A staggering 70% of the total, or around $1.6 billion, has been attributed to cybercriminal groups sponsored by North Korea. 

According to TRM Labs’ “H1 2025 Crypto Hacks and Exploits” report, this figure surpasses the previous record set in 2022 by 10%, pointing to an escalating trend in high-stakes cybercrime. The report also emphasizes how North Korea has solidified its role as the leading state-backed threat actor in the cryptocurrency ecosystem.  

“These thefts are not just criminal—they’re tools of statecraft,” the report states, highlighting how stolen crypto plays a strategic role in funding the sanctioned regime’s national objectives, including its controversial weapons program. 

Much of this year’s unprecedented losses stem from a single massive incident: the $1.5 billion hack targeting Ethereum and related assets held by the crypto exchange Bybit in February. This attack is being considered the largest theft in the history of the cryptocurrency sector.  

Safe, a provider of multi-signature wallet solutions, traced the breach back to a compromised laptop belonging to one of its senior developers. The device was reportedly infected on February 4 after interacting with a malicious Docker project. The infiltration ultimately allowed attackers to gain unauthorized access to private keys.  

Both U.S. law enforcement and TRM Labs have linked the Bybit attack to North Korean hackers, aligning with prior assessments that the regime increasingly relies on crypto theft as a state-funded operation. 

This event drastically skewed the average size of crypto heists for 2025 and emphasized the changing nature of these attacks—from purely profit-driven motives to broader geopolitical strategies. 

TRM Labs noted that 80% of all crypto losses in 2025 were due to infrastructure breaches, with attackers exploiting vulnerabilities in systems that store private keys and seed phrases—essential components in controlling digital wallets. 

Analysts warn that such incidents signal a shift in the threat landscape. “Crypto hacking is becoming less about financial gain and more about political symbolism or strategic advantage,” TRM concluded. 

As the year continues, security experts urge crypto platforms and users to enhance infrastructure protection, especially against sophisticated, nation-backed threats that blur the line between cybercrime and cyberwarfare.
Read more »
North Korea
Black Mail Businesses Crypto Cyber Crime Extortion NFTs North Korea

US Seizes $7.7 Million From Crypto Linked to North Korea's IT Worker Scam


The US Department of Justice has filed a civil forfeiture complaint against North Korean IT workers for illegally gaining employment with US businesses, and earning millions for the Korean government, which amounts to violations of sanctions.

The government seized $7.7m in funds in 2023 that involved Sim Hyon Sop- a worker at the North Korean Foreign Trade Bank (FTB) who joined hands with IT workers to launder the money for Pyongyang.

According to the complaint, the North Korean IT workers escaped security via fraud IDs and tactics that hid their real location. The salaries were credited in stablecoins like USDT and USDC.

To launder the money, employees created accounts using fake IDs, transferred funds in small amounts to other blockchains (chain hopping), and/or converted them into other digital currencies (token swapping).

Scammers also bought non-fungible tokens (NFTs) and used US accounts to make their operations look real. Sim worked with Kim Sang Man, the CEO of the “Jinyong IT Cooperation Company,” who served as a middleman between the FTB and the IT workers. 

According to the Justice Department’s National Security Division, North Korea, for years has “exploited global remote IT contracting and cryptocurrency ecosystems to evade US sanctions and bankroll its weapons programs.” 

Department head Sue Bai said, “Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes. We will continue to use every legal tool available to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”

North Korean IT workers have been slithering their way into employment in US firms for many years.  However, the advancement of these operations was exposed in 2024 when security expert KnowBe4 disclosed that even their organization was tricked into hiring an IT specialist from North Korea.

After that, Google has cautioned that US businesses remain a primary target and also warned that the threat actors have nor started focusing their operations at Europan firms.  While few do normal work to get paid, there is also a concern that their organization access allows them to extract important data and use it for extortion.

Read more »
Social Media
Crypto Cyber Security Facebook Instagram Internet Meta Pig Butchering Scam Social Media

Beware of Pig Butchering Scams That Steal Your Money

Beware of Pig Butchering Scams That Steal Your Money

Pig butchering, a term we usually hear in the meat market, sadly, has also become a lethal form of cybercrime that can cause complete financial losses for the victims. 

Pig Butchering is a “form of investment fraud in the crypto space where scammers build relationships with targets through social engineering and then lure them to invest crypto in fake opportunities or platforms created by the scammer,” according to The Department of Financial Protection & Innovation. 

Pig butchering has squeezed billions of dollars from victims globally. Cambodian-based Huione Group gang stole over $4 billion from August 2021 to January 2025, the New York Post reported.

How to stay safe from pig butchering?

Individuals should watch out for certain things to avoid getting caught in these extortion schemes. Scammers often target seniors and individuals who are not well aware about cybercrime. The National Council on Aging cautions that such scams begin with receiving messages from scammers pretending to be someone else. Never respond or send money to random people who text you online, even if the story sounds compelling. Scammers rely on earning your trust, a sob story is one easy way for them to trick you. 

Another red flag is receiving SMS or social media texts that send you to other platforms like WeChat or Telegram, which have fewer regulations. Scammers also convince users to invest their money, which they claim to return with big profits. In one incident, the scammer even asked the victim to “go to a loan shark” to get the money.

Stopping scammers

Last year, Meta blocked over 2 million accounts that were promoting crypto investment scams such as pig butchering. Businesses have increased efforts to combat this issue, but the problem still very much exists. A major step is raising awareness via public posts broadcasting safety tips among individuals to prevent them from falling prey to such scams. 

Organizations have now started releasing warnings in Instagram DMs and Facebook Messenger warning users about “potentially suspicious interactions or cold outreach from people you don’t know”, which is a good initiative. Banks have started tipping of customers about the dangers of scams when sending money online. 

Read more »
Ransom
Coinbase Crypto Crypto Wallet cryptocurrency Cyber Security Data Theft Extortion Ransom

$400Million Coinbase Breach Linked to Customer Data Leak from India


Coinbase data breach linked to India

A Reuters investigation revealed that cryptocurrency exchange Coinbase knew in January about a breach affecting outsourced customer support agents in India. Six people who knew about the incident said Coinbase was aware of sensitive user data compromise through its contractor, TaskUs, before it was officially announced in May. 

On 14th May, TaskUs filed an SEC document revealing that an India-based TaskUs employee was found taking pictures of a computer screen with her phone. Five former TaskUs employees confirmed that the worker and one accomplice were bribed by threat actors to get Coinbase user data.

The breach cost $400 million

After this information, more than 200 TaskUs employees were fired in a mass layoff from the Indore center, which drew media attention in India. Earlier, Coinbase suspected ‘overseas support agents’ but now the breach is estimated to cost 400 million dollars.

Coinbase had been a long-term partner of TaskUs, a Texas-based outsourcing firm, cost-cutting labor by giving customer support work to offshore teams. After 2017, TaskUs agents, mostly from developing countries, handled Coinbase customer inquiries. 

In the May SEC filing, Coinbase said it didn’t know about the full scale of the breach until it received an extortion demand of $20 Million on 11th May. As a cautionary measure, Coinbase cut ties with TaskUs employees and other unknown foreign actors. Coinbase has notified regulators, compensated affected users, and taken strict measures to strengthen security. 

In a public statement, TaskUs confirmed it had fired two staff (unnamed) for data theft but didn’t mention Coinbase. The company found the two staff involved in a cyber attack campaign that targeted other service providers linked to the client. 

Hackers use social engineering tactic

Hackers did not breach the Coinbase crypto wallets directly, they cleverly used the stolen information to impersonate the Coinbase employees in a series of social engineering scams. The hackers posed as support agents, fooling victims into transferring their crypto assets. 

According to Money Control, “The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment.”

Read more »
WebSockets
Blockchain codebase Credentials Crypto Cybersecurity dataexfiltration dependency devtools Firewall Gmail Hacking malware phishing PyPI python scripts SMTP Spoofing Threatactors WebSockets

Malicious PyPI Packages Exploit Gmail to Steal Sensitive Data

 

Cybersecurity researchers have uncovered a disturbing new tactic involving malicious PyPI packages that use Gmail to exfiltrate stolen data and communicate with threat actors. The discovery, made by security firm Socket, led to the removal of the infected packages from the Python Package Index (PyPI), although not before considerable damage had already occurred.

Socket reported identifying seven malicious packages on PyPI, some of which had been listed for more than four years. Collectively, these packages had been downloaded over 55,000 times. Most were spoofed versions of the legitimate "Coffin" package, with deceptive names such as Coffin-Codes-Pro, Coffin-Codes, NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, and Coffin-Grave. Another package was titled cfc-bsb.

According to the researchers, once installed, these packages would connect to Gmail using hardcoded credentials and initiate communication with a command-and-control (C2) server. They would then establish a WebSockets tunnel that leverages Gmail’s email server, allowing the traffic to bypass traditional firewalls and security systems.

This setup enabled attackers to remotely execute code, extract files, and gain unauthorized access to targeted systems.

Evidence suggests that the attackers were mainly targeting cryptocurrency assets. One of the email addresses used by the malware featured terms like “blockchain” and “bitcoin” — an indication of its intent.

“Coffin-Codes-Pro establishes a connection to Gmail’s SMTP server using hardcoded credentials, namely sphacoffin@gmail[.]com and a password,” the report says.
“It then sends a message to a second email address, blockchain[.]bitcoins2020@gmail[.]com politely and demurely signaling that the implant is working.”

Socket has issued a warning to all Python developers and users who may have installed these packages, advising them to remove the compromised libraries immediately, and rotate all sensitive credentials.

The researchers further advised developers to remain alert for suspicious outbound connections:

“especially SMTP traffic”, and warned them not to trust a package just because it was a few years old.
“To protect your codebase, always verify package authenticity by checking download counts, publisher history, and GitHub repository links,” they added.

“Regular dependency audits help catch unexpected or malicious packages early. Keep strict access controls on private keys, carefully limiting who can view or import them in development. Use isolated, dedicated environments when testing third-party scripts to contain potentially harmful code.”
Read more »
Hacking
Crypto Cyber Attacks Cybersecurity Hacking

‘Elusive Comet’ Hackers Exploit Zoom to Target Crypto Users in Sophisticated Scam

 

A newly identified hacking group known as Elusive Comet is targeting cryptocurrency users through a deceptive campaign that leverages Zoom’s remote control feature to gain unauthorized access to victims' systems.

The remote control tool, built into Zoom, enables meeting participants to take control of another person's computer — a capability now being manipulated by cybercriminals to bypass technical defenses through social engineering rather than traditional code exploitation.

According to a report from cybersecurity firm Trail of Bits, the group’s tactics closely resemble those used in the $1.5 billion Bybit crypto heist believed to be linked to the Lazarus group.

"The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities," explains the Trail of Bits report.

Trail of Bits uncovered the campaign when attackers attempted to target their CEO via a direct message on X (formerly Twitter), posing as representatives of Bloomberg Crypto.

The ruse begins with a fraudulent invitation to a "Bloomberg Crypto" interview, sent to high-profile individuals either through email (bloombergconferences[@]gmail.com) or social media. The attackers use sock-puppet accounts, mimicking journalists or crypto media outlets, and send Calendly links to schedule the meeting.

Because both Calendly and Zoom links are genuine, the setup appears trustworthy to the victims. During the meeting, the attackers launch a screen-sharing session and issue a remote control request — with a crucial twist: their Zoom display name is changed to “Zoom.”

This results in a misleading prompt that reads:
"Zoom is requesting remote control of your screen,"
— tricking the target into thinking the request is from the app itself.

Granting access allows the attacker full remote control, enabling data theft, malware installation, unauthorized file access, or even the initiation of crypto transactions. In some cases, attackers establish persistence through hidden backdoors, remaining unnoticed even after disconnecting.

"What makes this attack particularly dangerous is the permission dialog's similarity to other harmless Zoom notifications," says Trail of Bits.
"Users habituated to clicking 'Approve' on Zoom prompts may grant complete control of their computer without realizing the implications."

To guard against such threats, Trail of Bits recommends the use of Privacy Preferences Policy Control (PPPC) profiles to restrict system accessibility permissions. For highly sensitive environments — particularly those handling digital assets or crypto transactions — the firm advises removing the Zoom desktop client entirely.

"For organizations handling particularly sensitive data or cryptocurrency transactions, the risk reduction from eliminating the Zoom client entirely often outweighs the minor inconvenience of using browser-based alternatives," explains Trail of Bits.
Read more »
Technology
BitcoinOS Crypto Digital Security Innovation Technology

BitcoinOS to Introduce Alpha Mainnet for Digital Ownership Platform

 

BitcoinOS and Sovryn founder Edan Yago is creating a mechanism to turn Bitcoin into a digital ownership platform. Growing up in South Africa and coming from a family of Holocaust survivors, Yago's early experiences sneaking gold coins out of the nation between the ages of nine and eleven influenced his opinion that having financial independence is crucial for both human dignity and survival. 

"Money is power, and power is freedom," Yago explains. "Controlling people's access to capital means controlling their freedom. That's why property rights are critical. This conviction drives his work on BitcoinOS, which seeks to establish a foundation for digital property rights independent of governments or companies. 

Yago sees technology as the fundamental cause of societal transformation. He argues that the Industrial Revolution made slavery economically unviable, not a sudden moral awakening. However, he warns that technology needs direction, referencing how the internet morphed from a promise of decentralisation to a system dominated by industry titans.

When Yago uncovered Bitcoin in 2011, he saw it as "the missing piece" of digital property rights. Bitcoin introduced a decentralised ledger for ownership records, while Ethereum added smart contracts for decentralised computing, but both have size and efficiency restrictions.

BitcoinOS addresses these issues with zero-knowledge proofs, which enable computations to be confirmed without running on every node. "Instead of putting everything on a blockchain, we only store the proof that a computation happened correctly," Yago tells me. This technique can allow Bitcoin to support numerous types of property, including: real estate, stocks , digital identities, and other assets in Bitcoin's global ledger.

Yago characterises the cryptocurrency business as being in its "teenage years," but believes it will mature over the next decade. His vision goes beyond Bitcoin to embrace digital sovereignty and encryption as ways to better safeguard rights than traditional legal systems. 

BitcoinOS plans to launch its alpha mainnet in the coming months. Yago is optimistic about the project's potential: "We're creating property rights for the digital age." When you comprehend that, everything else comes into place." 

The quest for Bitcoin-based solutions coincides with increased institutional usage. BlackRock, the world's largest asset management, has recently launched its first Bitcoin exchange-traded product in Europe, which is now available on platforms in Paris, Amsterdam, and Frankfurt. This follows BlackRock's success in the United States, where it raised more than $50 billion for similar products.
Read more »
Subscribe to: Posts (Atom)