Web3 Security | Breaking Cybersecurity News | The Hacker News

Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.5 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," Bybit said in a post on X. "As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address." In a separate statement posted on the social media platform, Bybit's CEO Ben Zhou emphasized that all other cold wallets are secure. The company further said it has reported the case to the appropriate authorities. While there is no official conf...

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge," researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said . The malware functions as a launchpad to compromise the target's macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons. It's worth pointing out that this is one of many activity clusters – namely Operation Dream Job , Contagious Interview , and others – undertaken by North Korean hacking groups that make use of job-related decoys to infect targets with malware. Recruiting-themed lures have ...