Malone Lam, 20, splurged on mansions, luxury cars with millions in crypto allegedly stolen from investors. Read more at straitstimes.com.

Cryptocurrency was a theft target like never before in 2024

The Invisible Threat in Your Crypto Wallet Let’s set a scene. You’ve been navigating the crypto world for a while. You regularly send ETH to a friend, or maybe move…

AmiMoJo writes: In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing ...

A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers.

 A Russian blockchain engineer lost over $500,000 worth of cryptocurrencies in a sophisticated cyberattack, highlighting the persisting and increasing threats posed by hostile open-source packages. Even seasoned users can be duped into installing malicious software by attackers using public repositories and ranking algorithms, despite the developer community's growing knowledge and caution. The incident was discovered in June 2025, when the victim, an experienced developer who had recently reinstalled his operating system and only employed essential, well-known applications, noticed his crypto assets had been drained, despite rigorous attention to cybersecurity.  The researchers linked the breach to a Visual Studio Code-compatible extension called "Solidity Language" for the Cursor AI IDE, a productivity-boosting tool for smart contract developers. The extension, which was made public via the Open VSX registry, masqueraded as a legal code highlighting tool but was actually a vehicle for remote code execution. After installation, the rogue extension ran a JavaScript file called extension.js, which linked to a malicious web site to download and run PowerShell scripts.  These scripts, in turn, installed the genuine remote management tool ScreenConnect, allowing the perpetrators to maintain remote access to the compromised PC. The attackers used this access to execute further VBScripts, which delivered additional payloads such as the Quasar open-source backdoor and a stealer module capable of syphoning credentials and wallet passphrases from browsers, email clients, and cryptocurrency wallets.  The masquerade was effective: the malicious extension appeared near the top of search results in the extension marketplace, thanks to a ranking mechanism that prioritised recency and perceived activity over plain download counts. The attackers also plagiarised descriptions from legitimate items, thus blurring the distinction between genuine and fraudulent offerings. When the bogus extension failed to deliver the promised capabilities, the user concluded it was a glitch, allowing the malware to remain undetected.  In an additional twist, after the malicious item was removed from the store, the threat actors swiftly uploaded a new clone called "solidity," employing advanced impersonation techniques. The malicious publisher's name differed by only one character: an uppercase "I" instead of a lowercase "l," a discrepancy that was nearly hard to detect due to font rendering. The bogus extension's download count was intentionally boosted to two million in a bid to outshine the real program, making the correct choice difficult for users. The effort did not end there; similar attack tactics were discovered in further malicious packages on both the Open VSX registry and npm, which targeted blockchain developers via extensions and packages with recognisable names. Each infection chain followed a well-known pattern: executing PowerShell scripts, downloading further malware, and communicating with attacker-controlled command-and-control servers. This incident highlights the ongoing threat of supply-chain attacks in the open-source ecosystem.

Blockchain investigator ZachXBT has traced the flow of 783 BTC, worth $91 million, that was taken in a social engineering scam.

North Korea-linked Hackers Stole Over $2 Billion in Crypto So Far in 2025: Report  Finance Magnates http://dlvr.it/TNXY1j

Explore the new XCSSET macOS malware variant's tactics in crypto theft and advanced obfuscation techniques.

 North Korean hackers have stolen over $2 billion in cryptocurrency in 2025, while a Discord breach exposed sensitive user data, including government IDs of approximately 70,000 individuals. These incidents highlight the growing sophistication of cyber threats targeting both financial assets and personal information. Cybercrime surge North Korean state-sponsored hacking groups, such as the Lazarus Group, have significantly increased their cryptocurrency thefts, amassing more than $2 billion in 2025 alone, marking a record for these cybercriminals. The funds are believed to support North Korea’s nuclear weapons and missile development programs.The regime’s hacking activities now contribute approximately 13% to its estimated $15.17 billion GDP.  The largest single theft occurred in February 2025, when hackers stole $1.4 billion from the crypto exchange ByBit, with other attacks targeting platforms like WOO X and Seedify resulting in millions more in losses. North Korean hackers are increasingly focusing on wealthy individual cryptocurrency holders, who often lack the robust security measures of institutional investors, making them vulnerable targets.  Discord ID breach and data exposure Discord confirmed a breach in which hackers accessed the government-issued identification documents of around 70,000 users who had uploaded them for age verification disputes. The attackers infiltrated a third-party customer service provider, 5CA, to gain access to this sensitive data.  The stolen information, including selfies holding IDs, email addresses, and partial phone numbers, is being shared in Telegram groups, raising serious privacy concerns about digital age verification systems. This incident underscores the risks associated with centralized storage of personal identification documents. New tactics: EtherHiding on blockchains In a significant evolution of cyber-espionage tactics, a North Korean threat actor tracked as UNC5342 has been observed using a technique called “EtherHiding” since February 2025. This method involves embedding malicious code within smart contracts on public blockchains like Ethereum or BNB Smart Chain, using the decentralized ledger as a resilient command-and-control server.  This approach, part of a campaign named “Contagious Interview,” uses social engineering—posing as recruiters on LinkedIn—to lure victims into executing malware that downloads further payloads via blockchain transactions. The decentralized nature of blockchains makes EtherHiding highly resistant to takedown efforts, presenting a new challenge for cybersecurity defenses.

A new Discord invite link hijacking campaign uses clever tricks and trusted platforms to steal crypto wallets and personal data. Learn how it works—and how to avoid it.

OKX becomes the latest victim of crypto theft as SMS notification security fails; OKX is investigating the crypto theft and has contacted the affected users. The number of crypto larceny incidents has increased as hackers have utilized innovative methods…

A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko...

  Hyperliquid user, identified by the wallet address 0x0cdC…E955, has reportedly lost $21 million in cryptocurrency after hackers gained access to their private key. According to blockchain security firm PeckShield, the attackers swiftly transferred the compromised funds to the Ethereum network, as confirmed through on-chain tracking. The stolen crypto included approximately 17.75 million DAI tokens and 3.11 million MSYRUPUSDP tokens. PeckShield also shared visual data mapping out the wallet addresses connected to the heist. “A victim 0x0cdC…E955 lost ~$21M worth of cryptos due to a private key leak. The hacker has bridged the stolen funds… including 17.75M & 3.11M,” — PeckShieldAlert (@PeckShieldAlert) Blockchain records indicate that the stolen tokens were strategically transferred and redistributed across multiple wallets, mirroring tactics seen in earlier high-profile crypto thefts. An unusual detail in the case is the timing of certain trading activities. Just as PeckShield’s alert went public, data showed that a Hyperliquid account closed a $16 million HYPE long position, followed by the liquidation of 100,000 HYPE tokens worth about $4.4 million. Researchers analyzing transactions on Hypurrscan suggested that this trading account might have belonged to the same compromised user. Their findings indicate that the liquidated assets were later converted into USDC and DAI, with transfers spanning both the Ethereum and Arbitrum networks—aligning closely with the hacker’s movements identified by PeckShield. The breach wasn’t limited to Hyperliquid balances. Investigations revealed an additional $3.1 million was siphoned from the Plasma Syrup Vault liquidity pool, with the tokens quickly routed to a newly created wallet. Prominent X (formerly Twitter) user Luke Cannon suggested that the total damage could be higher, estimating another $300,000 stolen from linked wallet addresses. Recurring Attacks Raise Security Concerns Another Hyperliquid user, @TradeThreads (BRVX), reported losing $700,000 in HYPE tokens last month under similar circumstances. “Lost 700k in hype in a similar incident last month. Not sure how they hacked. No malware, no discord chats, no TG calls, no email download,” — BRVX (@TradeThreads) He speculated that Windows malware might have been the cause, as he had not accessed his wallets for a week and had recently switched to a new MacBook where the wallet wasn’t even set up. Unlike exchange or smart contract vulnerabilities, this breach resulted from a private key leak, which grants attackers full access to wallet credentials. Such leaks often stem from phishing attacks, malware, or insecure key storage practices. Cybersecurity experts continue to emphasize the importance of cold wallets or multi-signature setups for protecting high-value crypto assets. Recently, Blockstream issued a security alert warning Jade hardware wallet owners of a phishing campaign spreading through fake firmware update emails. Growing Pattern of Private Key Exploits Private key-related hacks are becoming alarmingly common. Just weeks ago, North Korean hackers reportedly stole $1.2 million from Seedify’s DAO launchpad, causing its token SFUND to drop by 99%. Similarly, a Venus Protocol user on BNB Chain lost $27 million to a key breach in September. According to CertiK’s annual security report, over $2.36 billion was lost across 760 on-chain security incidents last year, with $1.05 billion directly linked to private key compromises—making up 39% of all attacks. The report explains that phishing remains a preferred method among hackers because it exploits human error rather than technological weaknesses. Since blockchain transactions are irreversible, even a single mistake can result in irreversible losses. The Ethereum network continues to witness the most attacks, followed by Binance Smart Chain (BSC)—but experts warn that Hyperliquid is now becoming a new target for cybercriminals due to its decentralized infrastructure.