Crypto Threats

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations

The North Korea-associated threat group UNC1069 has intensified its cyber operations against the cryptocurrency sector, leveraging advanced social engineering and artificial intelligence techniques to compromise Windows and macOS systems. The campaign is primarily designed to extract sensitive credentials and enable large-scale financial theft. According to findings from Google Mandiant researchers Ross Inman and Adrian Hernandez, the operation […]

North Korea-Linked UNC1069 Uses AI Lures to Target Cryptocurrency Organizations Read More »

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware

Cybersecurity researchers have uncovered a software supply chain attack involving compromised packages on npm and the Python Package Index (PyPI) that were used to distribute cryptocurrency wallet stealers and remote access malware. The malicious activity targeted developer tools associated with the dYdX v4 protocol, a decentralized exchange used for margin and perpetual trading. The affected package versions are listed below. Affected Packages

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware Read More »

Malicious Chrome Extension Steals MEXC API Keys While Posing as a Trading Tool

Cybersecurity analysts have uncovered a dangerous Google Chrome extension designed to steal API credentials from users of MEXC, a centralized cryptocurrency exchange operating in more than 170 countries. The extension disguises itself as a legitimate automated trading utility, tricking users into granting access that ultimately compromises their accounts. The extension, identified as MEXC API Automator with the

Malicious Chrome Extension Steals MEXC API Keys While Posing as a Trading Tool Read More »

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials

A renewed wave of GoBruteforcer activity has been observed targeting databases linked to cryptocurrency and blockchain projects. The campaign aims to hijack vulnerable servers and enroll them into a botnet capable of brute forcing user credentials for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux based systems. Campaign Drivers and Initial Findings According

GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials Read More »

Trust Wallet Chrome Extension Breach Leads to 7 Million Dollar Crypto Loss via Malicious Code

Trust Wallet has issued an urgent advisory asking users to update its Google Chrome browser extension after confirming a security incident that resulted in cryptocurrency losses totaling approximately $7 million. The breach specifically affected Trust Wallet Chrome Extension version 2.68, while users who upgraded to version 2.69 are no longer at risk. According to the

Trust Wallet Chrome Extension Breach Leads to 7 Million Dollar Crypto Loss via Malicious Code Read More »

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips

The U.S. Securities and Exchange Commission (SEC) has brought charges against several companies accused of running a large scale cryptocurrency investment scam that defrauded retail investors of more than 14 million dollars by promoting fake artificial intelligence based trading strategies. According to the SEC’s complaint, the alleged fraud involved crypto trading platforms Morocoin Tech Corp.,

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips Read More »

North Korea Linked Hackers Steal 2.02 Billion Dollars in 2025 to Lead Global Crypto Theft

Threat actors associated with the Democratic People’s Republic of Korea, also known as North Korea, have emerged as the leading force behind global cryptocurrency theft in 2025. According to a new report released by blockchain intelligence firm Chainalysis, North Korea linked groups are responsible for stealing at least 2.02 billion dollars out of more than

North Korea Linked Hackers Steal 2.02 Billion Dollars in 2025 to Lead Global Crypto Theft Read More »

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign

A large scale cryptocurrency mining campaign has been detected targeting cloud environments by abusing compromised Identity and Access Management credentials within Amazon Web Services. The operation leverages stolen IAM permissions to rapidly deploy crypto mining infrastructure across multiple AWS services. The activity was first identified on November 2, 2025, through automated threat detection systems operated

Compromised IAM Credentials Fuel Large AWS Crypto Mining Campaign Read More »

North Korean hackers use 197 npm packages to spread updated OtterCookie malware

A North Korean threat group linked to the Contagious Interview activity has continued its aggressive malware distribution by uploading 197 additional malicious packages to the npm registry since last month. Researchers at Socket confirmed that these packages have been downloaded more than 31000 times. Each of them is designed to install a modified version of

North Korean hackers use 197 npm packages to spread updated OtterCookie malware Read More »

Chrome extension exposed for adding secret Solana transfer fees to Raydium swaps

Cybersecurity analysts have identified a malicious Chrome extension that secretly adds an unauthorized Solana transfer during Raydium swap transactions and redirects the funds to a cryptocurrency wallet controlled by an attacker. The extension, called Crypto Copilot, was released by a user known as “sjclark76” on May 7, 2024. It is marketed as a tool that

Chrome extension exposed for adding secret Solana transfer fees to Raydium swaps Read More »