List of Flash News about North Korea hackers
Time | Details |
---|---|
2025-07-02 12:35 |
North Korean Hackers Exploit DeFi's Human Layer, Causing Record $2.1B in Crypto Thefts
According to @zachxbt, decentralized protocols are increasingly soft targets for North Korean hackers due to severe operational security (OPSEC) failures, not just smart contract vulnerabilities. A TRM Labs report indicates a record $2.1 billion was stolen in the first half of 2025, with attackers exploiting human weaknesses like poor key management and unvetted contributors. Over 80% of these losses originated from infrastructure-level breaches such as private key theft, proving far more lucrative than code exploits. For traders, this highlights a systemic risk to assets like Ethereum (ETH), currently trading around $2,599, and Solana (SOL) at $155.55, as many DeFi teams lack the robust, layered security common in traditional finance, making them vulnerable to governance takeovers and treasury drains. |
2025-07-02 12:35 |
North Korean Hackers Target Crypto Firms with New Malware; FBI Veteran Joins TRM Labs to Combat Illicit Finance
According to @zachxbt, researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting cryptocurrency workers with new Python-based malware called PylangGhost. The attack vector involves impersonating major crypto firms like Coinbase, Robinhood, and Uniswap through fake job applications to trick individuals into installing the malware. This Remote Access Trojan (RAT) is designed to steal sensitive data from over 80 browser extensions, including critical crypto wallets like MetaMask, Phantom, and TronLink, posing a direct threat to user assets and company security. In a related development for industry security, former FBI Supervisory Special Agent Christopher Wong, who co-led the investigation into the $3.6 billion Bitfinex hack and the Axie Infinity Ronin Bridge breach, has joined blockchain intelligence firm TRM Labs. This move signals a significant enhancement in the private sector's capabilities to track and combat illicit crypto activities, a crucial development for investor confidence. |
2025-07-02 12:35 |
North Korean Hackers Drive Record $2.1B Crypto Losses in H1 2025; New Malware Targets Coinbase, Uniswap, and MetaMask Users
According to @zachxbt, the first half of 2025 has set a grim record with over $2.1 billion lost to crypto hacks and exploits, marking the worst six-month period for digital asset security. A TRM Labs report highlights that North Korean-linked groups are the primary threat, responsible for $1.6 billion (70%) of these losses, heavily skewed by the historic $1.5 billion Bybit hack. From a trading perspective, the attack vectors have critically shifted; over 80% of stolen funds now originate from infrastructure-level breaches like private key theft, which are ten times more lucrative than the once-dominant DeFi smart contract exploits. Concurrently, a new malware threat named PylangGhost has emerged, as detailed by Cisco Talos. This malware, operated by the North Korean group Famous Chollima, targets crypto professionals through fake job applications for major firms like Coinbase, Robinhood, and Uniswap. The malware is designed to steal credentials and data from over 80 browser extensions, including popular wallets like MetaMask and Phantom, posing a direct and severe risk to individual traders' holdings. Despite these significant security threats, market data indicates resilience, with Ethereum (ETH) posting a 24-hour gain of over 6%, trading around $2,600. |
2025-07-01 19:06 |
North Korean Hackers Target Crypto Firms with PylangGhost Malware; ETH and LINK Prices Dip Amid Rising Security Threats
According to @phantom, traders should be on high alert as sophisticated security threats escalate. Researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, deploying a new Python-based malware called PylangGhost, as cited in the report. This Remote Access Trojan (RAT) is disguised within fake job applications from major crypto firms like Coinbase and Uniswap, targeting industry professionals. The malware is designed to steal sensitive data, including login credentials and wallet information from over 80 browser extensions such as MetaMask and Phantom. Concurrently, a separate front-end exploit targeted a major crypto news website with a fake airdrop pop-up designed to drain user wallets, a tactic also recently used against CoinMarketCap. These mounting security risks coincide with negative market performance, with Ethereum (ETH) falling approximately 3.6% to $2,405.01 and Chainlink (LINK) declining by 3.46% to $12.84, highlighting how security breaches can impact trader sentiment and asset valuations. |
2025-06-30 15:35 |
Crypto Security Alert: North Korean Hackers Target MetaMask & Phantom Wallets as ETH Price Surges 5.4% to $2620
According to @karpathy, traders should be on high alert as a North Korean hacking group, Famous Chollima, is deploying new Python-based malware called PylangGhost to compromise crypto workers. A report from Cisco Talos indicates the malware is hidden in fake job applications from top firms like Coinbase and Uniswap, and is designed to steal credentials and data from over 80 browser extensions, including critical wallets like MetaMask, Phantom, and TronLink. This security threat emerges as the crypto market shows notable strength. Market data reveals Ethereum (ETH) has surged 5.41% to $2620.25, with Chainlink (LINK) rising 4.21% to $13.86, and Solana (SOL) up 1.20% to $152.61. The report also highlights the long-term convergence of AI and Web3, exemplified by innovators like Nkiru Uwaje of MANSA, whose project secured a pre-seed round from Tether, underscoring continued venture interest in the space despite security risks. |
2025-06-29 23:37 |
North Korean Hackers Target Crypto Firms with PylangGhost Malware, Posing Major Security Threat to MetaMask and Phantom Wallets
According to @FoxNews, researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting cryptocurrency professionals with a new Python-based malware called PylangGhost. The attack involves luring developers and marketers with fake job applications from major firms like Coinbase, Robinhood, and Uniswap. The malware, a Remote Access Trojan (RAT), is installed through a deceptive 'skill test' and is designed to steal sensitive data from over 80 browser extensions, including critical crypto wallets like MetaMask, Phantom, and TronLink. This creates a significant trading risk, as compromised credentials could lead to direct asset theft from individual wallets and potentially grant hackers access to internal systems of major crypto companies, impacting market stability and the security of associated assets like ETH, UNI, and SOL. |
2025-06-28 18:44 |
North Korean Hackers Target Coinbase and Uniswap Job Applicants With New PylangGhost Malware
According to phantom, a North Korean hacking group known as Famous Chollima is actively targeting cryptocurrency professionals with a new Python-based malware named PylangGhost. The attack vector involves impersonating top crypto firms like Coinbase, Robinhood, and Uniswap through sophisticated fake career websites, as detailed in a report by Cisco Talos. Job applicants, particularly software engineers and designers in India, are lured into a fake skills test that tricks them into running a command to install the malware. For traders, the primary risk is the malware's ability to steal critical data from over 80 browser extensions, including popular wallets like MetaMask, Phantom, and TronLink, as well as password managers like 1Password. This could lead to the direct theft of user funds, compromising individual accounts and potentially impacting the security and reputation of the targeted platforms. The malware grants attackers full remote control over infected Windows machines, posing a significant threat to the assets held by employees and users of major crypto companies. |