hack
922,754 views
456 Discussing
Hot
Latest
See original
How do hackers actually steal people's wallets… and how can you protect yourself? 👇🔥
The crypto world is full of traps… one wrong step can wipe your wallet forever.
Here are the most dangerous methods used by hackers — and the ones you need to be aware of:
🔹 1) Phishing — The most dangerous door to theft
Fake sites, same look, same logo…
Log in? Private Key is gone.
✔️ Always check the link before you access your wallet.
🔹 2) Malware spying on you
Download a cracked program? Unknown file?
The hacker records every key you type.
✔️ Use a clean device and original software.
🔹 3) The Approve trap
Doing an Airdrop or Mint?
Agree to a malicious contract?
The hacker gets full Access to withdraw everything.
✔️ Regularly check your permissions at Revoke.cash.
🔹 4) SIM Swap — Hijacking your number
The hacker takes control of your number → accesses your accounts → bypasses SMS 2FA.
✔️ Use an Authenticator instead of SMS messages.
🔹 5) The cold wallet… the last line of defense
Ledger / Trezor
The private key never leaves the device = impossible to hack remotely.
---
In summary:
Hackers don’t always attack the blockchain… many times they attack your mind and exploit you.
The strongest protection?
Awareness + cold wallet + refusing any untrusted link.
❓ Personally… what’s the most common trap you’ve seen lately?
#scam #Hack #protection #WalletProtection
The crypto world is full of traps… one wrong step can wipe your wallet forever.
Here are the most dangerous methods used by hackers — and the ones you need to be aware of:
🔹 1) Phishing — The most dangerous door to theft
Fake sites, same look, same logo…
Log in? Private Key is gone.
✔️ Always check the link before you access your wallet.
🔹 2) Malware spying on you
Download a cracked program? Unknown file?
The hacker records every key you type.
✔️ Use a clean device and original software.
🔹 3) The Approve trap
Doing an Airdrop or Mint?
Agree to a malicious contract?
The hacker gets full Access to withdraw everything.
✔️ Regularly check your permissions at Revoke.cash.
🔹 4) SIM Swap — Hijacking your number
The hacker takes control of your number → accesses your accounts → bypasses SMS 2FA.
✔️ Use an Authenticator instead of SMS messages.
🔹 5) The cold wallet… the last line of defense
Ledger / Trezor
The private key never leaves the device = impossible to hack remotely.
---
In summary:
Hackers don’t always attack the blockchain… many times they attack your mind and exploit you.
The strongest protection?
Awareness + cold wallet + refusing any untrusted link.
❓ Personally… what’s the most common trap you’ve seen lately?
#scam #Hack #protection #WalletProtection
أمير المعلومات:
رابط الموقع لما يفتح اسم المنصة Usdt
See original
Hello..friend.
According to one X account, the incident affecting $PIGGY is intentional and carried out in a very orderly and well-coordinated manner.
The fact is this is not #Hack but is done intentionally by certain parties. This also represents a game for the future that will happen on #TOKENLAIN "just waiting and see our money is gone by them"
According to one X account, the incident affecting $PIGGY is intentional and carried out in a very orderly and well-coordinated manner.
The fact is this is not #Hack but is done intentionally by certain parties. This also represents a game for the future that will happen on #TOKENLAIN "just waiting and see our money is gone by them"
Ohhh traders this coin just got hacked 😳
After the hack price crashed really hard and scared everyone.
Most people thought it was completely over.
But look at this now 👀
Even after such a big dump price is showing signs of a pump again.
That tells one thing very clearly
Market never moves on emotions only
Smart money always looks for opportunity in chaos
High risk coin
High volatility
Only for those who understand what they are doing.
#piggy #Hack
$PIGGY
After the hack price crashed really hard and scared everyone.
Most people thought it was completely over.
But look at this now 👀
Even after such a big dump price is showing signs of a pump again.
That tells one thing very clearly
Market never moves on emotions only
Smart money always looks for opportunity in chaos
High risk coin
High volatility
Only for those who understand what they are doing.
#piggy #Hack
$PIGGY
🚨 Gemini Hack Scandal Breakthrough
A suspect tied to the $243M Gemini creditors hack has reportedly been arrested in Dubai after blockchain sleuth ZachXBT tracked wallet movements 🔍
Funds traced → villa raid → arrest.
Crypto crime is running out of hiding places.
Stay updated — subscribe now!
#Crypto #Hack #Gemini #Security #bitinsider
A suspect tied to the $243M Gemini creditors hack has reportedly been arrested in Dubai after blockchain sleuth ZachXBT tracked wallet movements 🔍
Funds traced → villa raid → arrest.
Crypto crime is running out of hiding places.
Stay updated — subscribe now!
#Crypto #Hack #Gemini #Security #bitinsider
#hack #sol
❌ Popular Android chip found to be flawed – Solana smartphones at risk.
Ledger researchers hacked the MediaTek Dimensity 7300 using an electromagnetic attack, gaining full control of the device. The issue is in the boot ROM and cannot be fixed.
Key points:
• The vulnerability is embedded in the silicon itself and cannot be patched.
• The attack allows privilege escalation to the maximum level.
• Solana Seeker smartphones are equipped with the same chip and are vulnerable to the same hardware vulnerability.
• Storing private keys on smartphones with this chip is unsafe.
• Ledger reminds everyone that only secure-element chips in hardware wallets provide protection against such attacks.
❌ Popular Android chip found to be flawed – Solana smartphones at risk.
Ledger researchers hacked the MediaTek Dimensity 7300 using an electromagnetic attack, gaining full control of the device. The issue is in the boot ROM and cannot be fixed.
Key points:
• The vulnerability is embedded in the silicon itself and cannot be patched.
• The attack allows privilege escalation to the maximum level.
• Solana Seeker smartphones are equipped with the same chip and are vulnerable to the same hardware vulnerability.
• Storing private keys on smartphones with this chip is unsafe.
• Ledger reminds everyone that only secure-element chips in hardware wallets provide protection against such attacks.
🚨 $PEPE Website Alert
The official PEPE website has been hacked and is now redirecting users to malicious links. Security teams, including Blockaid, confirmed a front-end attack that injected Inferno Drainer a dangerous toolkit used for phishing and wallet theft.
⚠️ Do NOT connect your wallet or click any links from the site until an official fix is announced. Stay safe!
#PEPE
#marketcrash
#Hack
#Market_Update
#MarketSentimentToday
The official PEPE website has been hacked and is now redirecting users to malicious links. Security teams, including Blockaid, confirmed a front-end attack that injected Inferno Drainer a dangerous toolkit used for phishing and wallet theft.
⚠️ Do NOT connect your wallet or click any links from the site until an official fix is announced. Stay safe!
#PEPE
#marketcrash
#Hack
#Market_Update
#MarketSentimentToday
PEPE
Holding
Cumulative PNL
-25.8 USDT
umm Shaban:
Acha howa
In European Central Bank (ECB)’s recent 2025 guidance, there is a recommendation that households in the EU keep a small supply of cash at home to cover essential needs for a few days, in case of “systemic instability” that disrupts digital payments.
In Sweden and Norway authorities — recently, as of 2024–2025 — there have been advisories to citizens to hold some cash, in recognition of potential risks from cyber-attacks, digital payment disruptions, or other crises.
In Germany, the national civil-protection agency has urged households to prepare for emergencies (power outages, sabotage/cyberattacks) by storing basic supplies — including a certain amount of cash for contingency.
So for Sweden, Norway, Germany (and more broadly the EU via ECB), there is credible, documented advice for emergency-planning that includes having cash at home.$BTC $ETH #Hack #BTC86kJPShock
In Sweden and Norway authorities — recently, as of 2024–2025 — there have been advisories to citizens to hold some cash, in recognition of potential risks from cyber-attacks, digital payment disruptions, or other crises.
In Germany, the national civil-protection agency has urged households to prepare for emergencies (power outages, sabotage/cyberattacks) by storing basic supplies — including a certain amount of cash for contingency.
So for Sweden, Norway, Germany (and more broadly the EU via ECB), there is credible, documented advice for emergency-planning that includes having cash at home.$BTC $ETH #Hack #BTC86kJPShock
See original
🚨 Hacked for $9M: Is Yearn Finance under attack again?
☕️ The Yearn Finance project has fallen victim to an attack — according to PeckShield, the hacker managed to withdraw around $9 million.
😈 The vulnerability allowed the attacker to "print" an unlimited amount of yETH, after which he drained the pool in a single transaction.
🔥 What is known so far:
• A custom contract was attacked — a modified version of the stableswap code
• This contract is not related to other Yearn products
• The team has already started a full investigation
• According to Yearn, the other products in the ecosystem are safe 🚬
This means that it is not a global hack of the protocol, but rather a problem in a separate custom module — yet the amount of damage is still significant.
📉 Once again, DeFi reminds us: one unconventional contract can cost millions.
#defi #Hack #YearnFinance #CryptoNews
If this was helpful — subscribe to not miss the most important updates in crypto 😎
☕️ The Yearn Finance project has fallen victim to an attack — according to PeckShield, the hacker managed to withdraw around $9 million.
😈 The vulnerability allowed the attacker to "print" an unlimited amount of yETH, after which he drained the pool in a single transaction.
🔥 What is known so far:
• A custom contract was attacked — a modified version of the stableswap code
• This contract is not related to other Yearn products
• The team has already started a full investigation
• According to Yearn, the other products in the ecosystem are safe 🚬
This means that it is not a global hack of the protocol, but rather a problem in a separate custom module — yet the amount of damage is still significant.
📉 Once again, DeFi reminds us: one unconventional contract can cost millions.
#defi #Hack #YearnFinance #CryptoNews
If this was helpful — subscribe to not miss the most important updates in crypto 😎
See original
🚨🚩 THE ₿ITCOIN PLUMMETS TO US$ 86K 🩸
☠️ 🕸 YEARN FINANCE HACKED💥
🔺 DECEMBER IN THE CRYPTO MARKET BEGINS WITH BLOOD❗ 🩸
⚡ CRASH NOW
📉 Bitcoin ⥱ $BTC ⥱ -5.3% → US$ 86.075
🔻 Minimum: US$ 85.638
😱 November: -16%
🔥 THE CAUSE
Yearn Finance HACKED
Vulnerability in the yETH pool
💀 yETH tokens created WITHOUT COLLATERAL
📊 Artificially inflated supply
🏃 Mass exits
⚠️ Trust DESTROYED
💰 DOMINO EFFECT
📉 Ethereum: -5.7% → US$ 2.826
📉 XRP: -7.3% → US$ 2.03
📉 Solana: -7.5%
📉 Cardano: -8%
📉 Polygon: -6.5%
🏦 FED IN FOCUS
87% chance of a 0.25% cut (Dec 9-10)
Was 40% a week ago!
Donald $TRUMP Has chosen the next Fed president
(name not revealed)
🧠 LESSONS
⚠️ DeFi has vulnerabilities
💔 Trust is FRAGILE
🔐 Security > Yields
📊 One protocol can bring down the market
💡 CONTRAST
✅ Fed dovish positive
✅ Inflation improving
❌ Hack destroyed sentiment
❌ Capital fleeing DeFi
📈 LEVELS
🎯 Support: US$ 85k
⚠️ Next: US$ 82k
📊 Resistance: US$ 95k
🚀 Recovery: US$ 100k+
🔮 NEXT EVENTS
🎯 Fed Dec 9-10
💰 Jobs Friday
📊 Yearn Repair
🔐 Test DeFi trust
💭 NEVER FORGET
1️⃣ Don't put everything in 1 protocol
2️⃣ Security > APY
3️⃣ Hacks happen
4️⃣ Market is sensitive
⚡ STRATEGY
🎯 Wait for stabilization
📊 DCA US$ 85k-88k
🛡️ Active stop loss
🚀 Post-Fed rally
💬 AND YOU? Sold or ARE Buying?
💡 Disclaimer
⚠️ The channel @Leandro-Fumao 📜 Warns 📣 The information presented in this post is for educational and informational purposes only and should not be considered investment advice.
📚 Study before making any investment decision.
#bitcoin #BTC走势分析 #YearnFinance #Hack #Fed
☠️ 🕸 YEARN FINANCE HACKED💥
🔺 DECEMBER IN THE CRYPTO MARKET BEGINS WITH BLOOD❗ 🩸
⚡ CRASH NOW
📉 Bitcoin ⥱ $BTC ⥱ -5.3% → US$ 86.075
🔻 Minimum: US$ 85.638
😱 November: -16%
🔥 THE CAUSE
Yearn Finance HACKED
Vulnerability in the yETH pool
💀 yETH tokens created WITHOUT COLLATERAL
📊 Artificially inflated supply
🏃 Mass exits
⚠️ Trust DESTROYED
💰 DOMINO EFFECT
📉 Ethereum: -5.7% → US$ 2.826
📉 XRP: -7.3% → US$ 2.03
📉 Solana: -7.5%
📉 Cardano: -8%
📉 Polygon: -6.5%
🏦 FED IN FOCUS
87% chance of a 0.25% cut (Dec 9-10)
Was 40% a week ago!
Donald $TRUMP Has chosen the next Fed president
(name not revealed)
🧠 LESSONS
⚠️ DeFi has vulnerabilities
💔 Trust is FRAGILE
🔐 Security > Yields
📊 One protocol can bring down the market
💡 CONTRAST
✅ Fed dovish positive
✅ Inflation improving
❌ Hack destroyed sentiment
❌ Capital fleeing DeFi
📈 LEVELS
🎯 Support: US$ 85k
⚠️ Next: US$ 82k
📊 Resistance: US$ 95k
🚀 Recovery: US$ 100k+
🔮 NEXT EVENTS
🎯 Fed Dec 9-10
💰 Jobs Friday
📊 Yearn Repair
🔐 Test DeFi trust
💭 NEVER FORGET
1️⃣ Don't put everything in 1 protocol
2️⃣ Security > APY
3️⃣ Hacks happen
4️⃣ Market is sensitive
⚡ STRATEGY
🎯 Wait for stabilization
📊 DCA US$ 85k-88k
🛡️ Active stop loss
🚀 Post-Fed rally
💬 AND YOU? Sold or ARE Buying?
💡 Disclaimer
⚠️ The channel @Leandro-Fumao 📜 Warns 📣 The information presented in this post is for educational and informational purposes only and should not be considered investment advice.
📚 Study before making any investment decision.
#bitcoin #BTC走势分析 #YearnFinance #Hack #Fed
See original
⚠ Yearn Finance was exploited, losing 9 million USD in ETH
The yETH fund of Yearn Finance has just been exploited due to a vulnerability in the contract on Ethereum, resulting in a loss of about 9 million USD. The vulnerability allowed the attacker to create excess yETH tokens, reducing liquidity to almost zero and withdrawing all funds immediately, despite normal limits and audits.
The attacker transferred 1,000 ETH (~3 million USD) into Tornado Cash to cover their tracks, retaining about 6.2 million USD in other crypto including ETH, stETH, pXETH…
Source: PeckShieldAlert
#hack #ETH
The yETH fund of Yearn Finance has just been exploited due to a vulnerability in the contract on Ethereum, resulting in a loss of about 9 million USD. The vulnerability allowed the attacker to create excess yETH tokens, reducing liquidity to almost zero and withdrawing all funds immediately, despite normal limits and audits.
The attacker transferred 1,000 ETH (~3 million USD) into Tornado Cash to cover their tracks, retaining about 6.2 million USD in other crypto including ETH, stETH, pXETH…
Source: PeckShieldAlert
#hack #ETH
See original
🚨 ATTACK ON YEARN FINANCE: yETH EXPLOIT AND THEFT OF 3 MILLION DOLLARS 🚨
A new attack has struck the DeFi ecosystem: Yearn Finance's yETH product was exploited in a sophisticated exploit that allowed the attacker to mint almost unlimited amounts of yETH, draining the pool in a single transaction.
The estimated profit is around 1,000 ETH, equivalent to about 3 million dollars at the current exchange rate.
According to on-chain data, the operation involved several newly created smart contracts, all subsequently self-destructed to make tracking the funds more difficult.
A part of the loot has already been sent to Tornado Cash, the Ethereum mixer often used to obscure the origins of stolen funds.
Yearn Finance has confirmed that it is working to analyze the attack in detail.
The hack seems to have exclusively targeted the contract related to the yETH token, while the Yearn Vaults, both V2 and V3 versions, appear to be unaffected.
The incident reignites the debate on the security of DeFi protocols and the complexity of smart contracts, reminding us how even established projects like Yearn Finance remain exposed to ever-evolving technical vulnerabilities.
#YearnFinance #Hack #yETH
A new attack has struck the DeFi ecosystem: Yearn Finance's yETH product was exploited in a sophisticated exploit that allowed the attacker to mint almost unlimited amounts of yETH, draining the pool in a single transaction.
The estimated profit is around 1,000 ETH, equivalent to about 3 million dollars at the current exchange rate.
According to on-chain data, the operation involved several newly created smart contracts, all subsequently self-destructed to make tracking the funds more difficult.
A part of the loot has already been sent to Tornado Cash, the Ethereum mixer often used to obscure the origins of stolen funds.
Yearn Finance has confirmed that it is working to analyze the attack in detail.
The hack seems to have exclusively targeted the contract related to the yETH token, while the Yearn Vaults, both V2 and V3 versions, appear to be unaffected.
The incident reignites the debate on the security of DeFi protocols and the complexity of smart contracts, reminding us how even established projects like Yearn Finance remain exposed to ever-evolving technical vulnerabilities.
#YearnFinance #Hack #yETH
See original
Hacking at Upbit: Suspicions of Lazarus Group
🔐 What happened at Upbit — incident summary
On
November 27, 2025
, Upbit detected an unauthorized exit (“an anomalous transfer”) from one of its hot wallets on the Solana network.
The amount withdrawn amounts to
44.5 billion South Korean won
, equivalent to approximately
US$ 30–31 million
.
Immediately, Upbit
suspended deposits and withdrawals
to prevent further outflows and initiated an internal investigation.
According to their report, the loss for the company (equity) was about
On
November 27, 2025
, Upbit detected an unauthorized exit (“an anomalous transfer”) from one of its hot wallets on the Solana network.
The amount withdrawn amounts to
44.5 billion South Korean won
, equivalent to approximately
US$ 30–31 million
.
Immediately, Upbit
suspended deposits and withdrawals
to prevent further outflows and initiated an internal investigation.
According to their report, the loss for the company (equity) was about
🔥 Scammers on the Rise: How the Meme Coin Boom on Solana Unlocked New Ways to Steal Millions 💸
🌐 The Crypto Market in Shock!
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.
💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.
🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).
🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲
🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈
🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.
👨💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.
⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.
💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.
🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).
🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲
🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈
🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.
👨💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.
⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana
See original
🍔 McDonald's Memecoin Hack: Cyber Thieves Steal Around $700,000 in Solana
In an unexpected twist, on August 21, scammers hacked McDonald's official Instagram account, using the fast food giant's platform to sell a fake memecoin based on the Grimace mascot. The hackers managed to raise over $700,000 in Solana before the scam was discovered.
💀 The Grimace Memecoin Scam 👾
Taking advantage of McDonald's Instagram page, with 5.1 million followers, the hackers promoted the fake Grimace token as a "McDonald's experiment on Solana." This tactic quickly caught the attention of the crypto community, causing the token's market cap to jump from a few thousand dollars to $25 million in just 30 minutes.
📊 Pump & Dump
The crooks had already secured 75% of the Grimace token supply using the Solana memecoin implementer pump.fun. They then distributed these tokens across 100 different wallets. As the token's value increased, the hackers began selling their holdings, causing the token's price to drop to $650,000 in just 40 minutes.
💸 The Payout
In total, the crooks made off with around $700,000 worth of Solana from this pump and dump scheme. They even edited McDonald's Instagram bio to boast about their success, writing: "Sorry India_X_Kr3w just scammed you, thanks for the $700,000 worth of Solana."
⚠️ Aftermath
The posts and bio were eventually restored, and McDonald's issued a statement acknowledging the hack as an "isolated incident." This incident is a reminder of the dangers in the cryptocurrency world, where even well-known brands can be used to facilitate scams.
#scam #hack #Solana $SOL #RiskManagement
In an unexpected twist, on August 21, scammers hacked McDonald's official Instagram account, using the fast food giant's platform to sell a fake memecoin based on the Grimace mascot. The hackers managed to raise over $700,000 in Solana before the scam was discovered.
💀 The Grimace Memecoin Scam 👾
Taking advantage of McDonald's Instagram page, with 5.1 million followers, the hackers promoted the fake Grimace token as a "McDonald's experiment on Solana." This tactic quickly caught the attention of the crypto community, causing the token's market cap to jump from a few thousand dollars to $25 million in just 30 minutes.
📊 Pump & Dump
The crooks had already secured 75% of the Grimace token supply using the Solana memecoin implementer pump.fun. They then distributed these tokens across 100 different wallets. As the token's value increased, the hackers began selling their holdings, causing the token's price to drop to $650,000 in just 40 minutes.
💸 The Payout
In total, the crooks made off with around $700,000 worth of Solana from this pump and dump scheme. They even edited McDonald's Instagram bio to boast about their success, writing: "Sorry India_X_Kr3w just scammed you, thanks for the $700,000 worth of Solana."
⚠️ Aftermath
The posts and bio were eventually restored, and McDonald's issued a statement acknowledging the hack as an "isolated incident." This incident is a reminder of the dangers in the cryptocurrency world, where even well-known brands can be used to facilitate scams.
#scam #hack #Solana $SOL #RiskManagement
North Korean Hackers Target Crypto with Nim-Based Malware Disguised as Zoom Updates
🔹 Fake Zoom meeting invites and update links deceive Web3 teams
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Breaking News: Orbit Chain Hackers Unveil $81.4 Million Exploit to Ring in the New Year
The cross-chain bridge of Orbit Chain was compromised by an exploit, which led to the loss of Tether, DAI, USDC, wBTC, and ETH with a combined value of around $81.4 million.
The vulnerability was exploited by the exploiter, who then transferred funds to a new wallet.
A weakness in the bridge or a hack in the centralized server was discovered as the primary reason by the blockchain security company SlowMist which was responsible for the investigation.
It has been revealed that a hack occurred on Orbit Bridge, which is a protocol for interchain communication that is utilized for asset conversion. A total of around $81.4 million worth of cryptocurrency were stolen from the system.
The Orbit Bridge was struck by a number of significant discharges.
An vulnerability that was worth $81.4 million was apparently used by hackers to ring in the New Year with Orbit Bridge. A number of significant outflows were discovered by the blockchain security company SlowMist and the on-chain intelligence service LookOnChain. These outflows were encountered via the cross-chain protocol.
According to the latter, the Orbit Bridge was responsible for the transfer of 30 million Tether (USDT), 10 million DAI, 10 million USDCoin (USDC), 231 wBTC (worth over $10 million), and 9,500 ETH (worth around $21.5 million) in five distinct transactions.
After doing a preliminary examination from the outside, SlowMist came to the conclusion that either the centralized server has been compromised or there is a potential vulnerability in the Orbit Chain bridge. A further in-depth investigation is currently being carried out by the company in order to obtain additional information on the attack.
The hacking of Orbit Chain has been confirmed.
Orbit Chain reported the hack on its protocol in a tweet that was published not too long ago on X. The tweet described the breach as a "unidentified access" to the bridge. A comprehensive investigation into the underlying cause of the assault is currently being carried out by the company, which has said that it is actively collaborating with law enforcement authorities in order to identify the perpetrator of the incident.
#hack #OrbitChain
The vulnerability was exploited by the exploiter, who then transferred funds to a new wallet.
A weakness in the bridge or a hack in the centralized server was discovered as the primary reason by the blockchain security company SlowMist which was responsible for the investigation.
It has been revealed that a hack occurred on Orbit Bridge, which is a protocol for interchain communication that is utilized for asset conversion. A total of around $81.4 million worth of cryptocurrency were stolen from the system.
The Orbit Bridge was struck by a number of significant discharges.
An vulnerability that was worth $81.4 million was apparently used by hackers to ring in the New Year with Orbit Bridge. A number of significant outflows were discovered by the blockchain security company SlowMist and the on-chain intelligence service LookOnChain. These outflows were encountered via the cross-chain protocol.
According to the latter, the Orbit Bridge was responsible for the transfer of 30 million Tether (USDT), 10 million DAI, 10 million USDCoin (USDC), 231 wBTC (worth over $10 million), and 9,500 ETH (worth around $21.5 million) in five distinct transactions.
After doing a preliminary examination from the outside, SlowMist came to the conclusion that either the centralized server has been compromised or there is a potential vulnerability in the Orbit Chain bridge. A further in-depth investigation is currently being carried out by the company in order to obtain additional information on the attack.
The hacking of Orbit Chain has been confirmed.
Orbit Chain reported the hack on its protocol in a tweet that was published not too long ago on X. The tweet described the breach as a "unidentified access" to the bridge. A comprehensive investigation into the underlying cause of the assault is currently being carried out by the company, which has said that it is actively collaborating with law enforcement authorities in order to identify the perpetrator of the incident.
#hack #OrbitChain
Stay #SAFU on X and other socials.
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
@JasonYanowitz on X narrates his #hack odeal.
I got hacked yesterday. At the risk of looking foolish, I'll share how it happened so you can avoid this nightmare. For the past few weeks, people have been trying to get into my accounts. #Crypto accounts, email, twitter, etc... every few days I get an email that someone is trying to access one of my accounts. Thankfully I have non-text #2FA set up for everything so nothing got hacked. So when I got back from dinner last night and saw this email, I panicked.
Someone in North Cyprus had finally managed to hack into my account. I guess my security wasn't strong enough and they found a loophole.
I clicked the link to "secure my account". I entered my username and password, updated to a new password, and voila: I'm back in. Crisis averted. Or so I thought. Moments later, I got an email saying my email address had been changed.
This was the real hack.
I was now officially locked out of my account. So how did this happen? It turns out the original email, which looks incredibly real, was not so real. Most email clients hide the actual address.
But when you expand it, you can see that this email was sent from "verify@x-notify.com" Fake address. I got phished. Very foolish mistake. I don't open Google Docs when they're sent to me. I don't click links. I typically check addresses. But Friday 8pm after a long week, they got me. I am aware this thread exposes a pretty dumb mistake but if I can save one person from this same mistake, it's worth it.
Some takeaways:
- Don't click links
- If you do click a link, review the actual email address
- Set up non-text 2FA on everything
- If you've done that, trust your own security process
- If you think you've been hacked, slow down and think about how this could have happened
Big thank you to @KeithGrossman and some folks at X for helping me get my account back so quickly.
If you're still reading, go read the self-audit series from @samczsun.
And this best practices from @bobbyong.
Lot more you can do but start there. #phishing
Login to explore more contents