CryptoCurrency
Hacker steals over $120 million from Balancer DeFi crypto protocol
The Balancer Protocol announced that hackers had targeted its v2 pools, with losses reportedly estimated to be more than $128 million. Balancer is a decentralized finance (DeFi) protocol built on the Ethereum blockchain as an automated market maker and liquidity infrastructure layer. It provides flexible pools with custom token mixes, allowing users to deposit assets, […]
Fake LastPass death claims used to breach password vaults
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. The activity started in mid-October, and the domains and infrastructure used point to a financially motivated threat group called CryptoChameleon (UNC5356). CryptoChamemelon employs a phishing kit specializing in cryptocurrency theft, targeting multiple wallets […]
North Korean hackers stole over $2 billion in crypto this year
North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. The figure brings the total confirmed amount stolen by these threat actors to more than $6 billion. According to the United Nations and government agencies, these funds are used to further the development […]
UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure
The Metropolitan Police has secured a conviction in what is believed to be the world’s largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion). Zhimin Qian, 47, also known as Yadi Zhang, pleaded guilty today at Southwark Crown Court to acquiring and possessing criminal property under the Proceeds of Crime Act. Police said […]
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust’s official crate repository scanned developers’ systems to steal cryptocurrency private keys and other secrets. Rust crates are distributed through a central registry at Crates.io, the equivalent of npm for JavaScript, PyPI for Python, and Ruby Gems for Ruby. The malicious crates, named faster_log and async_println, were published on the platform on […]
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds and mentors projects in their early stages, and connects founders with a network of alumni and venture capital firms. The attacker abused GitHub’s notification system to […]
Police dismantles crypto fraud ring linked to €100 million in losses
Law enforcement authorities in Europe have arrested five suspects linked to a cryptocurrency investment fraud ring that stole over €100 million ($118 million) from more than 100 victims. The joint operation started in September 2020 and was carried out by investigative teams from Spain, Portugal, Bulgaria, Italy, Lithuania, and Romania, coordinated by Eurojust and supported […]
Verified Steam game steals streamer’s cancer treatment donations
A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named BlockBlasters that drained his cryptocurrency wallet. BlockBlasters is a 2D platformer that was available on Steam for almost two months, between July 30 and September 21. The game was safe until August 30, when a cryptodrainer component was added. Published […]
Canada dismantles TradeOgre exchange, seizes $40 million in crypto
The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal activities. This is the first time a crypto exchange has been shut down by Canadian law enforcement, and it also marks the largest asset seizure in the country’s history. TradeOgre was a […]
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but the attacker made little profit off it. The attack occurred earlier this week after maintainer Josh Junon (qix) fell for a password reset phishing lure and compromised multiple highly popular NPM packages, among them chalk and degub-js, that cumulatively have more than 2.6 billion weekly downloads. […]