#hacked
hacked
511,410 views
296 Discussing
Hot
Latest
Android Hackers Target 800 Banking, Crypto and Social Media Apps With ‘Near-Zero Detection Rates’: Zimperium
Android hackers are now targeting more than 800 applications across banking, cryptocurrency and social media sectors.
The cybersecurity firm Zimperium says its researchers have identified four active malware families that use advanced command-and-control infrastructure to steal credentials, conduct unauthorized financial transactions and exfiltrate data at scale.
“Collectively, these campaigns target over 800 applications across the banking, cryptocurrency, and social media sectors.
By employing advanced anti-analysis techniques and structural APK tampering, these families often maintain near-zero detection rates against traditional signature-based security mechanisms.”
The names of the malware families are RecruitRat, SaferRat, Astrinox and Massiv.
Attackers commonly rely on phishing websites, fraudulent job offers, fake software updates, text-message scams and promotional lures to convince victims to install malicious Android apps.
Once installed, the malware can request Accessibility permissions, hide app icons, block uninstall attempts, steal PINs and passwords through fake lock screens, capture one-time passcodes, stream live device screens and overlay counterfeit login pages on legitimate banking or crypto apps.
“Overlay attacks remain the cornerstone of the credential-harvesting lifecycle. Using Accessibility Services to monitor the foreground, the malware detects the exact moment a victim launches a financial application. The malware then fetches a malicious HTML payload and overlays it onto the legitimate application’s user interface, creating a highly convincing, deceptive facade.”
The company said the campaigns use HTTPS and WebSocket communications to blend malicious traffic with normal app activity, while some variants add extra encryption layers to evade detection.
More news — subscribe
#hacked
Android hackers are now targeting more than 800 applications across banking, cryptocurrency and social media sectors.
The cybersecurity firm Zimperium says its researchers have identified four active malware families that use advanced command-and-control infrastructure to steal credentials, conduct unauthorized financial transactions and exfiltrate data at scale.
“Collectively, these campaigns target over 800 applications across the banking, cryptocurrency, and social media sectors.
By employing advanced anti-analysis techniques and structural APK tampering, these families often maintain near-zero detection rates against traditional signature-based security mechanisms.”
The names of the malware families are RecruitRat, SaferRat, Astrinox and Massiv.
Attackers commonly rely on phishing websites, fraudulent job offers, fake software updates, text-message scams and promotional lures to convince victims to install malicious Android apps.
Once installed, the malware can request Accessibility permissions, hide app icons, block uninstall attempts, steal PINs and passwords through fake lock screens, capture one-time passcodes, stream live device screens and overlay counterfeit login pages on legitimate banking or crypto apps.
“Overlay attacks remain the cornerstone of the credential-harvesting lifecycle. Using Accessibility Services to monitor the foreground, the malware detects the exact moment a victim launches a financial application. The malware then fetches a malicious HTML payload and overlays it onto the legitimate application’s user interface, creating a highly convincing, deceptive facade.”
The company said the campaigns use HTTPS and WebSocket communications to blend malicious traffic with normal app activity, while some variants add extra encryption layers to evade detection.
More news — subscribe
#hacked
E Alex:
Damn, 800 apps with near-zero detection? That's wild. Stay safe out there.
🚨 THE $17,000,000,000 WAKE-UP CALL 🚨
In just 10 years, hackers have drained $17B across 518 major incidents. The transition from DeFi exploits to CeFi targets in 2026 shows no one is safe without a plan.
The Reality Check:
Total Stolen: $17 Billion 💸
Total Hacks: 518 ⚔️
Biggest Lesson: Greed kills, but bad security buries you.
Stay SAFU by using 2FA (Non-SMS) and verifying every link.
What is the one security tool you can't live without? Let’s help each other stay safe! 👇
#CryptoSecurity #Hacked
In just 10 years, hackers have drained $17B across 518 major incidents. The transition from DeFi exploits to CeFi targets in 2026 shows no one is safe without a plan.
The Reality Check:
Total Stolen: $17 Billion 💸
Total Hacks: 518 ⚔️
Biggest Lesson: Greed kills, but bad security buries you.
Stay SAFU by using 2FA (Non-SMS) and verifying every link.
What is the one security tool you can't live without? Let’s help each other stay safe! 👇
#CryptoSecurity #Hacked
🚨 BINANCE SQUARE POST
$606,000,000 stolen in 18 days. April 2026 is already the worst month for crypto hacks since the $1.4B Bybit breach.
Two attacks. Both Lazarus Group. Both devastating:
→ $285M — Drift Protocol (April 1)
→ $292M — KelpDAO (April 18)
The KelpDAO exploit alone triggered $10B+ in Aave outflows and sent shockwaves across 20+ connected protocols.
And it's not slowing down. DeFi attack frequency is up 68% year-on-year. Smart contract audits alone are no longer enough — attackers have shifted to private keys, bridge infrastructure, and AI-driven social engineering.
😫Most retail traders only think about fees and leverage when choosing an exchange. Security should be the first filter.
What actually matters when vetting an exchange:
✅ Proof of reserves (independently verified)
✅ Cold storage ratio
✅ Track record after a breach — did they compensate users?
✅ MiCA / regulated status in your jurisdiction
✅ Insurance funds
We review every exchange on these criteria before anything else.
🔗 Full exchange rankings: https://trading365.org/reviews
Don't let the next hack be your exit from crypto.
#Hacked #StolenFunds
$606,000,000 stolen in 18 days. April 2026 is already the worst month for crypto hacks since the $1.4B Bybit breach.
Two attacks. Both Lazarus Group. Both devastating:
→ $285M — Drift Protocol (April 1)
→ $292M — KelpDAO (April 18)
The KelpDAO exploit alone triggered $10B+ in Aave outflows and sent shockwaves across 20+ connected protocols.
And it's not slowing down. DeFi attack frequency is up 68% year-on-year. Smart contract audits alone are no longer enough — attackers have shifted to private keys, bridge infrastructure, and AI-driven social engineering.
😫Most retail traders only think about fees and leverage when choosing an exchange. Security should be the first filter.
What actually matters when vetting an exchange:
✅ Proof of reserves (independently verified)
✅ Cold storage ratio
✅ Track record after a breach — did they compensate users?
✅ MiCA / regulated status in your jurisdiction
✅ Insurance funds
We review every exchange on these criteria before anything else.
🔗 Full exchange rankings: https://trading365.org/reviews
Don't let the next hack be your exit from crypto.
#Hacked #StolenFunds
Cybersecurity in Crypto
Ways to safeguard your assets from hacks. Solve interactive challenges to uncover vulnerabilities in your account.
#HotTrends
#Hacked
$BTC
$XRP
$USDC
Ways to safeguard your assets from hacks. Solve interactive challenges to uncover vulnerabilities in your account.
#HotTrends
#Hacked
$BTC
$XRP
$USDC
DefiLlama data shows that over the past decade, the crypto industry has experienced 518 attacks, resulting in total losses exceeding 17 billion USD.
This 17 billion is essentially the industry's painful tuition fee, but this data has been thrown out, and not even a ripple has been seen in the market. Today's players have become completely desensitized to hacker news; this 'security aesthetic fatigue' is actually a typical emotional turning point.
From a chip perspective, a large portion of the stolen coins have become a black hole that can never be recovered, effectively completing a forced deflation. When such negative news can no longer trigger panic selling and is even regarded as old news, it indicates that the resilience of the market bottom has already been forged. Instead of worrying about code vulnerabilities, people might as well be concerned that their wallets haven't yet seen a hundredfold dog.
After so many years, have you contributed 'tuition fees' to hackers? #Security #DeFi #Hacked $BTC $ETH
This 17 billion is essentially the industry's painful tuition fee, but this data has been thrown out, and not even a ripple has been seen in the market. Today's players have become completely desensitized to hacker news; this 'security aesthetic fatigue' is actually a typical emotional turning point.
From a chip perspective, a large portion of the stolen coins have become a black hole that can never be recovered, effectively completing a forced deflation. When such negative news can no longer trigger panic selling and is even regarded as old news, it indicates that the resilience of the market bottom has already been forged. Instead of worrying about code vulnerabilities, people might as well be concerned that their wallets haven't yet seen a hundredfold dog.
After so many years, have you contributed 'tuition fees' to hackers? #Security #DeFi #Hacked $BTC $ETH
Bearish sentiment around $AAVE after the #KelpDAO rsETH exploit.
Around $290M in rsETH was reportedly drained, then used on Aave as collateral to borrow WETH, creating potential bad debt inside #Aave pools.
Important Aave itself was not #hacked but it is now exposed to fallout from worthless collateral.
Short term outlook remains bearish until
Exact bad debt is confirmed
Aave announces recovery measures
Market confidence returns
For investors. waiting may be safer than rushing to buy. If you believe in Aave long term, scaling in slowly could be smarter than going all in.
Fear is high, but if Aave handles this well, recovery is still possible.
#KelpDAOFacesAttack
Around $290M in rsETH was reportedly drained, then used on Aave as collateral to borrow WETH, creating potential bad debt inside #Aave pools.
Important Aave itself was not #hacked but it is now exposed to fallout from worthless collateral.
Short term outlook remains bearish until
Exact bad debt is confirmed
Aave announces recovery measures
Market confidence returns
For investors. waiting may be safer than rushing to buy. If you believe in Aave long term, scaling in slowly could be smarter than going all in.
Fear is high, but if Aave handles this well, recovery is still possible.
#KelpDAOFacesAttack
Kelp DAO, a liquid restaking protocol connected to EigenLayer, was exploited on April 18, 2026. Around $292 million worth of $RSETH was drained through its LayerZero cross-chain bridge.
The attacker forged a cross-chain message that the system accepted as valid, even though no real deposit happened on the source chain. This allowed them to mint or unlock about 116,500 rsETH without any actual ETH backing it.
The stolen rsETH was then sent to Aave, a major DeFi lending protocol, where it was used as collateral to borrow large amounts of real ETH and wrapped ETH. By the time protocols responded, much of the borrowed ETH had already moved.
A second attack was nearly executed that could have drained another $100M, but a rapid blacklist response stopped it just before it went through.
Kelp DAO paused rsETH contracts across mainnet and several Layer-2 chains. Aave froze the $RSETH markets. Compound, Euler Labs, and Venus Protocol also reviewed and adjusted their exposure.
The failure is reported to have happened in the Decentralized Verifier Network layer, which is responsible for confirming cross-chain messages, not in the core smart contracts themselves. This points to a configuration weakness in how external validation was trusted.
The exploit was first reported by the blockchain investigator ZachCBT and is now considered one of the largest DeFi incidents of 2026, showing how a single bridge failure can spread risk across the entire DeFi ecosystem within minutes.
#KelpDAO #security #Hack #Hacked #exploit
The attacker forged a cross-chain message that the system accepted as valid, even though no real deposit happened on the source chain. This allowed them to mint or unlock about 116,500 rsETH without any actual ETH backing it.
The stolen rsETH was then sent to Aave, a major DeFi lending protocol, where it was used as collateral to borrow large amounts of real ETH and wrapped ETH. By the time protocols responded, much of the borrowed ETH had already moved.
A second attack was nearly executed that could have drained another $100M, but a rapid blacklist response stopped it just before it went through.
Kelp DAO paused rsETH contracts across mainnet and several Layer-2 chains. Aave froze the $RSETH markets. Compound, Euler Labs, and Venus Protocol also reviewed and adjusted their exposure.
The failure is reported to have happened in the Decentralized Verifier Network layer, which is responsible for confirming cross-chain messages, not in the core smart contracts themselves. This points to a configuration weakness in how external validation was trusted.
The exploit was first reported by the blockchain investigator ZachCBT and is now considered one of the largest DeFi incidents of 2026, showing how a single bridge failure can spread risk across the entire DeFi ecosystem within minutes.
#KelpDAO #security #Hack #Hacked #exploit
#ScrollCoFounderXAccountHacked
Bigger Lesson for Web3 Founders
🔐 #ScrollCoFounderXAccountHacked
This incident is another wake-up call for Web3 founders and teams. As public-facing figures, their accounts carry massive influence and are prime targets for hackers. A single compromised post can lead to financial losses for followers and reputational damage for projects. Best practices like hardware-based 2FA, limited access permissions, and rapid response protocols are no longer optional. For users, the key takeaway is simple: never trust announcements blindly—even from well-known founders—without cross-checking official project channels
#Hack #HackerAlert #Hacked
Bigger Lesson for Web3 Founders
🔐 #ScrollCoFounderXAccountHacked
This incident is another wake-up call for Web3 founders and teams. As public-facing figures, their accounts carry massive influence and are prime targets for hackers. A single compromised post can lead to financial losses for followers and reputational damage for projects. Best practices like hardware-based 2FA, limited access permissions, and rapid response protocols are no longer optional. For users, the key takeaway is simple: never trust announcements blindly—even from well-known founders—without cross-checking official project channels
#Hack #HackerAlert #Hacked
🚨OKX #SLAPS BACK AT JUSTIN SUN OVER #STOLEN FUNDS FREEZE DRAMA
🔹Tron’s X account #hacked ; malicious contract posted, DMs sent.
🔹Justin Sun claims OKX ignored a law enforcement freeze notice.
🔹OKX #CEO Star Xu denies receiving any such request—even checked spam folder.
🔹Xu: “We need legal process, not personal posts or oral requests.”
🔹OKX demands proof of request, while Sun deletes key posts.
🔹Part of ongoing trend of high-profile crypto X hacks (e.g., Kaito AI, Pump.fun).
$TRX
🔹Tron’s X account #hacked ; malicious contract posted, DMs sent.
🔹Justin Sun claims OKX ignored a law enforcement freeze notice.
🔹OKX #CEO Star Xu denies receiving any such request—even checked spam folder.
🔹Xu: “We need legal process, not personal posts or oral requests.”
🔹OKX demands proof of request, while Sun deletes key posts.
🔹Part of ongoing trend of high-profile crypto X hacks (e.g., Kaito AI, Pump.fun).
$TRX
Bybit Hackers Identified – North Korean Cybercriminals Behind $1.5B Theft! 🚨
Investigations confirm that Park Jin Hyok, a North Korean computer engineer linked to the Lazarus Group, played a key role in the $1.5 billion Bybit hack. The notorious cybercrime syndicate has been responsible for some of the biggest crypto heists in history!
🔎 Key Findings:
• Blockchain analyst ZachXBT, in collaboration with Arkham Intelligence, traced stolen funds back to Lazarus-linked wallets.
• The same group was previously linked to the $70M Phemex attack in January 2025.
• Lazarus continues to exploit crypto exchanges, DeFi platforms, and bridge protocols, targeting weak security systems.
🔥 What This Means for Crypto?
With North Korean state-sponsored hackers intensifying their attacks, crypto traders and exchanges must prioritize security to prevent future breaches. Regulators are closely watching!
💡 Pro Tip: Always use hardware wallets, enable 2FA, and avoid interacting with unknown smart contracts to keep your assets safe!
#BinanceAirdropAlert
#Hacked
Investigations confirm that Park Jin Hyok, a North Korean computer engineer linked to the Lazarus Group, played a key role in the $1.5 billion Bybit hack. The notorious cybercrime syndicate has been responsible for some of the biggest crypto heists in history!
🔎 Key Findings:
• Blockchain analyst ZachXBT, in collaboration with Arkham Intelligence, traced stolen funds back to Lazarus-linked wallets.
• The same group was previously linked to the $70M Phemex attack in January 2025.
• Lazarus continues to exploit crypto exchanges, DeFi platforms, and bridge protocols, targeting weak security systems.
🔥 What This Means for Crypto?
With North Korean state-sponsored hackers intensifying their attacks, crypto traders and exchanges must prioritize security to prevent future breaches. Regulators are closely watching!
💡 Pro Tip: Always use hardware wallets, enable 2FA, and avoid interacting with unknown smart contracts to keep your assets safe!
#BinanceAirdropAlert
#Hacked
A known contact on TG reached out to me to ask for a chat. Scheduled a Zoom call. When I got on the Zoom, it asked me for camera access which I found a bit odd because I have used Zoom many times.
Even crazier, the team members had their cameras on. I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file.
I immediately left. Messaged the guy on Telegram and told him to call me on TG to verify him. He then proceeded to erase all the messages and block me.
#Hacked #HackerAlert
Even crazier, the team members had their cameras on. I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file.
I immediately left. Messaged the guy on Telegram and told him to call me on TG to verify him. He then proceeded to erase all the messages and block me.
#Hacked #HackerAlert
Login to explore more contents