#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

DeFi | Breaking Cybersecurity News | The Hacker News

Category — DeFi
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware

Feb 03, 2025 Cybercrime / Cryptocurrency
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC , Atomic macOS Stealer (aka AMOS ), and Angel Drainer . "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a well-coordinated network of traffers — social engineering experts tasked with redirecting legitimate traffic to malicious phishing pages," Recorded Future's Insikt Group said in an analysis. The use of a diverse malware arsenal cryptoscam group is a sign that the threat actor is targeting users of both Windows and macOS systems, posing a risk to the decentralized finance ecosystem. Crazy Evil has been assessed to be active since at least 2021, functioning primarily as a traffer team tasked with redirecting legitimate traffic to malicious landing pages operated by other criminal cre...
North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

Nov 07, 2024 Cryptocurrency / Malware
A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices . Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk , attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as RustBucket , KANDYKORN , ObjCShellz , RustDoor (aka Thiefbucket ), and TodoSwift . The activity "uses emails propagating fake news about cryptocurrency trends to infect targets via a malicious application disguised as a PDF file," researchers Raffaele Sabato, Phil Stokes, and Tom Hegel said in a report shared with The Hacker News. "The campaign likely began as early as July 2024 and uses email and PDF lures with fake news headlines or stories about crypto-related topics." As revealed by the U.S. Federal Bureau of Investigation (FBI) in a September 2024 advisory, the...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Sep 28, 2024 Cryptocurrency / Mobile Security
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results," the cybersecurity company said in an analysis, adding it's the first time a cryptocurrency drainer has exclusively targeted mobile device users. Over 150 users are estimated to have fallen victim to the scam, although it's believed that not all users who downloaded the app were impacted by the cryptocurrency drainer. The campaign involved distributing a deceptive app that went by several names such as "Mestox Calculator," "WalletConnect - DeFi &...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident

Sep 21, 2022
In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute . The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the  attacker's wallet . The company said that its centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security incident. It did not disclose when the hack took place. The digital asset market maker, which provides liquidity to more several exchanges and crypto platforms, warned of disruption to its services in the coming days, but stressed that it's "solvent with twice over that amount in equity left." "We are (still) open to treat[ing] this as a white hat, so if you are the attacker – get in touch," the company's founder and CEO, Evgeny Gaevoy,  said  in a tweet. Detai...
U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers

U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers

Sep 09, 2022
More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains," Erin Plante, senior director of investigations at Chainalysis,  said . The development arrives more than five months after the  crypto hack  resulted in the theft of $620 million from the decentralized finance (DeFi) platform Ronin Network, with the attackers laundering a majority of the proceeds – amounting to $455 million – through the Ethereum-based cryptocurrency tumbler Tornado Cash. The March 2022 cryptocurrency heist resulted in losses totaling 173,600 ETH ...
FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

Aug 30, 2022
The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance (DeFi) platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the agency  said  in a notification. Attackers are said to have used different methods to hack and steal cryptocurrency from DeFi platforms, including initiating flash loans that trigger exploits in the platforms' smart contracts and exploiting signature verification flaws in their token bridge to withdraw all investments. The agency has also observed criminals defrauding the platforms by manipulating cryptocurrency price pairs – assets that can be traded for each other on an exchange – by exploiting a series of vulnerabilities to bypass  slippage checks  and steal roughly $35 million in digital funds. It further said that the threat a...
Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks

Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks

Feb 18, 2022
Microsoft has warned of emerging threats in the  Web3  landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers. "One aspect that the immutable and public blockchain enables is complete transparency, so an attack can be observed and studied after it occurred," Christian Seifert, principal research manager at Microsoft's Security and Compliance group,  said . "It also allows assessment of the financial impact of attacks, which is challenging in traditional Web2 phishing attacks." The theft of the keys could be carried out in several ways, including im...
Expert Insights / Articles Videos
Cybersecurity Resources