According to @FoxNews, a North Korean hacking group known as Famous Chollima is targeting cryptocurrency professionals with a new Python-based malware called PylangGhost. Citing research from Cisco Talos, the report details how the hackers impersonate major firms like Coinbase, Robinhood, and Uniswap through fake career sites. The attack lures applicants into downloading the malware, disguised as a skills test component, which is a remote access trojan (RAT) designed to steal credentials and data from over 80 crypto wallet extensions, including MetaMask, Phantom, and TronLink. This campaign poses a significant security risk for traders and the broader crypto ecosystem, as the ultimate goal is to gain access to the internal systems of cryptocurrency companies.

According to @KookCapitalLLC, traders and developers in the cryptocurrency space face heightened security risks from sophisticated social engineering attacks. Researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting crypto professionals with a new Python-based malware called PylangGhost, as cited in the report. The attack involves fake job applications from impersonated top firms like Coinbase, Robinhood, and Uniswap, luring victims into installing a Remote Access Trojan (RAT) that steals credentials and wallet data from over 80 browser extensions, including MetaMask and Phantom. This security threat emerges as major cryptocurrencies experience downward pressure; market data shows Ethereum (ETH) trading around $2,521, down approximately 2.5%, and Chainlink (LINK) at $12.96, down over 3.4% in the last 24 hours. The source also highlights another prevalent threat where a crypto media outlet's website was compromised with a front-end exploit, deploying a fake airdrop pop-up to drain user wallets, underscoring the need for extreme caution when connecting wallets to any web platform.

According to @zachxbt, decentralized protocols are increasingly soft targets for North Korean hackers due to severe operational security (OPSEC) failures, not just smart contract vulnerabilities. A TRM Labs report indicates a record $2.1 billion was stolen in the first half of 2025, with attackers exploiting human weaknesses like poor key management and unvetted contributors. Over 80% of these losses originated from infrastructure-level breaches such as private key theft, proving far more lucrative than code exploits. For traders, this highlights a systemic risk to assets like Ethereum (ETH), currently trading around $2,599, and Solana (SOL) at $155.55, as many DeFi teams lack the robust, layered security common in traditional finance, making them vulnerable to governance takeovers and treasury drains.

According to @zachxbt, researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting cryptocurrency workers with new Python-based malware called PylangGhost. The attack vector involves impersonating major crypto firms like Coinbase, Robinhood, and Uniswap through fake job applications to trick individuals into installing the malware. This Remote Access Trojan (RAT) is designed to steal sensitive data from over 80 browser extensions, including critical crypto wallets like MetaMask, Phantom, and TronLink, posing a direct threat to user assets and company security. In a related development for industry security, former FBI Supervisory Special Agent Christopher Wong, who co-led the investigation into the $3.6 billion Bitfinex hack and the Axie Infinity Ronin Bridge breach, has joined blockchain intelligence firm TRM Labs. This move signals a significant enhancement in the private sector's capabilities to track and combat illicit crypto activities, a crucial development for investor confidence.

According to @zachxbt, the first half of 2025 has set a grim record with over $2.1 billion lost to crypto hacks and exploits, marking the worst six-month period for digital asset security. A TRM Labs report highlights that North Korean-linked groups are the primary threat, responsible for $1.6 billion (70%) of these losses, heavily skewed by the historic $1.5 billion Bybit hack. From a trading perspective, the attack vectors have critically shifted; over 80% of stolen funds now originate from infrastructure-level breaches like private key theft, which are ten times more lucrative than the once-dominant DeFi smart contract exploits. Concurrently, a new malware threat named PylangGhost has emerged, as detailed by Cisco Talos. This malware, operated by the North Korean group Famous Chollima, targets crypto professionals through fake job applications for major firms like Coinbase, Robinhood, and Uniswap. The malware is designed to steal credentials and data from over 80 browser extensions, including popular wallets like MetaMask and Phantom, posing a direct and severe risk to individual traders' holdings. Despite these significant security threats, market data indicates resilience, with Ethereum (ETH) posting a 24-hour gain of over 6%, trading around $2,600.

According to @phantom, traders should be on high alert as sophisticated security threats escalate. Researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, deploying a new Python-based malware called PylangGhost, as cited in the report. This Remote Access Trojan (RAT) is disguised within fake job applications from major crypto firms like Coinbase and Uniswap, targeting industry professionals. The malware is designed to steal sensitive data, including login credentials and wallet information from over 80 browser extensions such as MetaMask and Phantom. Concurrently, a separate front-end exploit targeted a major crypto news website with a fake airdrop pop-up designed to drain user wallets, a tactic also recently used against CoinMarketCap. These mounting security risks coincide with negative market performance, with Ethereum (ETH) falling approximately 3.6% to $2,405.01 and Chainlink (LINK) declining by 3.46% to $12.84, highlighting how security breaches can impact trader sentiment and asset valuations.

According to @karpathy, traders should be on high alert as a North Korean hacking group, Famous Chollima, is deploying new Python-based malware called PylangGhost to compromise crypto workers. A report from Cisco Talos indicates the malware is hidden in fake job applications from top firms like Coinbase and Uniswap, and is designed to steal credentials and data from over 80 browser extensions, including critical wallets like MetaMask, Phantom, and TronLink. This security threat emerges as the crypto market shows notable strength. Market data reveals Ethereum (ETH) has surged 5.41% to $2620.25, with Chainlink (LINK) rising 4.21% to $13.86, and Solana (SOL) up 1.20% to $152.61. The report also highlights the long-term convergence of AI and Web3, exemplified by innovators like Nkiru Uwaje of MANSA, whose project secured a pre-seed round from Tether, underscoring continued venture interest in the space despite security risks.

According to @FoxNews, researchers at Cisco Talos have identified a North Korean hacking group, known as Famous Chollima, targeting cryptocurrency professionals with a new Python-based malware called PylangGhost. The attack involves luring developers and marketers with fake job applications from major firms like Coinbase, Robinhood, and Uniswap. The malware, a Remote Access Trojan (RAT), is installed through a deceptive 'skill test' and is designed to steal sensitive data from over 80 browser extensions, including critical crypto wallets like MetaMask, Phantom, and TronLink. This creates a significant trading risk, as compromised credentials could lead to direct asset theft from individual wallets and potentially grant hackers access to internal systems of major crypto companies, impacting market stability and the security of associated assets like ETH, UNI, and SOL.

According to phantom, a North Korean hacking group known as Famous Chollima is actively targeting cryptocurrency professionals with a new Python-based malware named PylangGhost. The attack vector involves impersonating top crypto firms like Coinbase, Robinhood, and Uniswap through sophisticated fake career websites, as detailed in a report by Cisco Talos. Job applicants, particularly software engineers and designers in India, are lured into a fake skills test that tricks them into running a command to install the malware. For traders, the primary risk is the malware's ability to steal critical data from over 80 browser extensions, including popular wallets like MetaMask, Phantom, and TronLink, as well as password managers like 1Password. This could lead to the direct theft of user funds, compromising individual accounts and potentially impacting the security and reputation of the targeted platforms. The malware grants attackers full remote control over infected Windows machines, posing a significant threat to the assets held by employees and users of major crypto companies.