ALL POSTS

Key Findings North Korea-linked threat actor UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive victims UNC1069 has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reput

Key Findings On February 6, 2026, South Korean cryptocurrency exchange Bithumb accidentally credited 620,000 bitcoins (worth around $40 billion) to 695 customer accounts instead of the small rewards (worth around $1.40) they were supposed to receive. The error occurred due to a system configuration mistake during a promotional event, where the payment unit was mistakenly set as "BTC" instead of "Korean won". Bithumb was able to recover 99.7% of the mistakenly distributed bitc

Key Findings: The U.S. government has seized over $400 million in assets linked to the notorious darknet cryptocurrency mixer Helix. The assets include cryptocurrencies, real estate, and other monetary holdings previously owned by Helix's Ohio-based operator, Larry Dean Harmon. Helix processed an estimated 354,468 bitcoins, worth around $311 million at the time, through over 1.2 million transactions between 2014 and 2017. The service was popular among darknet drug dealers and

Key Findings The second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain attack in November 2025 was likely responsible for the hack of Trust Wallet's Google Chrome extension. The attack resulted in the theft of approximately $8.5 million in cryptocurrency assets from 2,520 wallet addresses. The attacker obtained full access to the Chrome Web Store (CWS) API key, allowing them to upload a trojanized version of the extension with a backdoor capable of harvesting users

Key Findings Cybersecurity researchers have discovered a malicious Chrome extension named "Crypto Copilot" that injects hidden Solana transfer fees into Raydium swap transactions. The extension silently appends an extra transfer instruction to each swap, siphoning a minimum of 0.0013 SOL or 0.05% of the trade amount to an attacker-controlled wallet. The malicious behavior is concealed through obfuscation techniques, and the extension's user interface only shows the legitimate