hackeralert

The most dangerous place in crypto right now is not a DeFi protocol or a centralized exchange. It is a job interview.
North Korea's Lazarus Group has completely evolved its attack strategy and the new method is genuinely disturbing in how simple and effective it is. Researchers at OpenSourceMalware confirmed on May 6 that Lazarus is now hiding second-stage malware loaders directly inside Git Hooks — specifically in pre-commit scripts of repositories that developers are asked to clone as part of fake job interviews.
Here is exactly how the attack works. A developer gets approached on LinkedIn or a job platform by what looks like a legitimate recruiter from a crypto or DeFi company. The developer is invited to complete a technical assessment. They clone a repository. The moment they run a routine git command — something as standard as a git merge or a git pull — a pre-commit script fires silently in the background. That script fetches BeaverTail, a JavaScript infostealer built by Lazarus. BeaverTail then installs InvisibleFerret, a Python backdoor that gives attackers persistent remote access to the entire machine. No suspicious binary. No install prompt. No warning. The machine is fully compromised before the developer finishes the assessment.
This is not a new group finding its footing. This is a state-sponsored operation that has stolen over five billion dollars in cryptocurrency between 2021 and 2025. In February 2025 they stole 1.5 billion dollars from Bybit in a single attack — the largest single crypto heist in history. In April 2026, just three weeks ago, they were linked to the 290 million dollar KelpDAO exploit. The US, Japan, and South Korea officially confirmed Lazarus stole 660 million dollars in crypto in 2024 alone. North Korea uses every dollar to fund its nuclear weapons program.
The April 2026 Mach-O Man campaign showed they are also targeting executives at crypto and fintech firms through fake online meetings on macOS. The GitHub C2 campaign discovered in April uses GitHub itself as the command and control server — routing malicious traffic through one of the most trusted platforms on the internet so firewalls never flag it.
The researchers have one clear recommendation. Never clone a repository you received through a job offer or recruitment process without running it in a completely isolated environment. Keep your SSH keys, browser credentials, and crypto wallet seed phrases on a machine that never touches unsolicited code. If a recruiter sends you a repo to test, treat it as a loaded weapon until proven otherwise.
The job market in crypto is real. So are the people hunting inside it.
Stay sharp.
$BTC $ETH $BNB #CryptoSecurity #LazarusGroup #HackerAlert #Web3Security #dyor

I need you to stop and read this. Not as a trader looking for the next entry. As someone who has real money sitting in DeFi protocols right now.

When I first saw these numbers I genuinely just stared at the screen for a minute. In just the first 4 months of 2026, North Korean hackers alone took $577 million from this industry. Not all hackers combined. Just one country. And since 2017 they have quietly pulled over $6 billion from crypto. In 2020 they were behind less than 10% of global attacks. Today that number is 76%. These guys did not just grow. They took over.

Now about Drift. You probably saw it pumping 16% today and thought it was just momentum. The real story is much darker.

North Korean operatives spent months building real friendships with Drift employees. Not fake online relationships. Actual real world contact. They were patient, professional, and when the moment was right they used that trust to get inside access and took $285 million. This was not some random hacker trying passwords. This was a state sponsored operation with unlimited time and resources.

And here is the part that actually made me uncomfortable. They used AI to write malicious code and hid it inside open source projects that developers use every single day. Once it ran, it silently stole wallet credentials and private keys. So that random library your favorite protocol is using? Yeah. Think about that.

April 2026 just became the single worst month for crypto losses since March 2022. $651 million gone in 30 days. KelpDAO and Drift together made up most of that number. Two protocols. One month.

I am not saying leave DeFi. I am still here and I am not going anywhere. But before you put serious money into any protocol right now, ask yourself honestly do I actually know anything about their security? Because at this point the question is not if a protocol gets attacked. It is whether they survive it when it happens.

The chart can look perfect. The fundamentals can look great. But if the security is weak, none of that matters.

Stay careful out there. This market does not forgive the ones who stop paying attention.
#NorthKoreaHackers #DeFiProtocol #HackerAlert #SecurityAlert

There has been a lot of noise online about a possible data breach at Polymarket. But according to the platform itself, there was no hack just a misunderstanding of how public blockchain data works.
What Happened?
A person using the name “xorcat” claimed on a dark web forum that they had hacked Polymarket and stolen over 300,000 records, including around 10,000 user profiles. These supposedly included names, profile pictures, and wallet-related data.
The claim quickly spread across social media, raising concerns among users and the wider crypto community.
Polymarket’s Response
Polymarket strongly denied the allegations. The company said the data being shared is not private or stolen, but already publicly accessible.
According to Polymarket, the information comes from:
Public API endpointsOn-chain blockchain data
In simple terms, this means anyone with basic technical knowledge could access the same data — no hacking required.
The platform even responded sarcastically, pointing out that the hacker is trying to sell data that developers can access for free.
Why This Matters
One important thing to understand is that many crypto platforms operate on-chain, meaning transparency is built into the system. This makes data:
OpenVerifiableAccessible to anyone
Polymarket emphasized that this transparency is a feature, not a flaw.
Doubts From Security Experts
Some cybersecurity experts also questioned the hacker’s claims. They believe this looks more like someone collecting public data and presenting it as a breach rather than an actual security failure.
Rising Concerns in Crypto Security
Even though this case may not be a real hack, concerns in the crypto space are valid. According to Hacken, the industry has already lost $482 million in hacks and scams in early 2026.
So while Polymarket users may not be at risk here, the broader environment still requires caution.
Final Thoughts
This situation highlights a common misunderstanding in crypto:
Not all “leaked” data is actually stolen.
Sometimes, it’s just publicly available information being repackaged and sold as something more dramatic. In this case, Polymarket maintains that its systems remain secure and that transparency is simply part of how blockchain works.

#polymarketUSA #CyberSecurity #HackerAlert #educational_post #PolymarketDeniesDataBreach

你可以把BNB想象成 “币安这个商业帝国的‘积分’”。这个帝国包括全球最大的加密货币交易所（像淘宝）、一条自己的公链（像支付宝的蚂蚁链）、以及一堆其他业务。
现在是什么情况？（当前走势）
简单说：BNB这个“积分”的价格，跟“币安帝国”的兴衰牢牢绑在一起。帝国生意好，积分就值钱；帝国遇到麻烦，积分就贬值。它现在在一个很高的位置，但有点“看人脸色”的味道。
为啥它可能继续涨？（利好消息）
“平台利润”烧毁：币安交易所每个季度都会拿一部分利润来回购BNB并销毁，这就像公司拿出真金白银把自己的股票买回来烧掉。总量越来越少，东西自然就更值钱。这是它最核心的上涨动力。“自家地盘”很热闹：币安有自己的区块链（BSC链），上面也有很多项目。这条链越活跃，使用BNB当“燃气费”的需求就越大，BNB就越有用，不像有些币只能干看着。“平台特权”：在币安交易所里，用BNB交手续费能打折；参加新币抢购（打新）也必须用BNB。这就像在腾讯生态里用Q币，有实际用途，不愁没人要。老大带飞：如果比特币大哥和整个市场行情好，来币安交易的人就多，BNB也能跟着涨。
有啥让人担心的地方？（风险警告）
“帝国”的麻烦事：去年币安被美国罚了天价巨款，创始人也被抓了。这就像公司董事长出了事，公司股票肯定暴跌。虽然现在暂时平稳了，但谁也不知道未来还会不会有新的监管大棒砸下来。这是BNB最大的风险，没有之一。“一荣俱荣，一损俱损”：BNB太依赖币安一家公司了。万一币安交易所出了啥问题（比如被黑客攻击、用户大量流失），BNB就会直接“膝盖斩”，不像比特币那样去中心化。价格也不低了：BNB也涨到了600美元左右的历史高位，本身就有回调的压力。竞争激烈：其他交易所（如OKX等）也在发力，会抢走币安的一些生意。
总结：接下来怎么看？
往上冲的标志：币安公司本身平安无事，业务越来越好，并且BNB价格能突破前高（比如650-700美元），那就可能开启新的上涨空间。往下掉的信号：任何关于币安公司的负面新闻，比如又被监管机构调查、罚款，或者交易量大幅下滑，都可能导致BNB暴跌。从技术上看，如果跌破了 550美元 这类关键支撑，就要小心了。
给你的大白话建议：
买BNB，相当于投资“币安公司”：你的信心主要来自于你是否看好币安这家公司未来的发展。你得经常关注币安老板（CZ）和公司的新闻。警惕“黑天鹅”：最大的风险就是突如其来的坏消息，所以仓位别太重，心里要随时准备着它会因为一个新闻而突然大跌。它的实用性是护身符：因为它有实实在在的用途（手续费、打新、链上燃气），只要币安帝国不垮，它就有基本盘在，不像那些纯炒作的空气币。
一句话总结：BNB是“成也币安，败也币安”。它的命脉掌握在币安公司的手里和监管机构的态度里。风平浪静就跟着吃肉，狂风暴雨它第一个挨揍。 #bnb #币安八周年 #HackerAlert $BNB

Crypto hacks surge over 130% in Q1 2025
Raj Gokal, co-founder of the Solana blockchain, has become the target of a serious cyberattack. Hackers published his personal identification documents on the compromised Instagram account of rapper Migos. The leak appears to be tied to an unsuccessful extortion attempt — reportedly demanding over $4.3 million.

🔐 Extortion Message: “You Should Have Paid the 40 BTC”
Circulating online are photos of Gokal and his wife, alongside their IDs and passports — resembling typical KYC (Know Your Customer) data used on regulated crypto platforms.
The sensitive documents were shared on the official Instagram page of rapper Migos, which was apparently hacked as well. A caption under one of the posts read: “You should have paid the 40 BTC” — a statement that led many to speculate the leak followed a failed ransom attempt.
At current Bitcoin prices, that would equate to a ransom demand of over $4.3 million. Instagram has since removed the post.

🧠 Social Engineering Suspected
Renowned Web3 investigator ZachXBT believes the attack was a result of social engineering — where cybercriminals tricked their way into accessing Gokal’s personal accounts and data.
“Raj’s accounts were likely compromised and used in an extortion attempt. Since he didn’t pay, the attackers trolled him by leaking the data through Migos’ Instagram,” said ZachXBT.

Interestingly, a week before the incident, Gokal had already warned his followers on X that someone was trying to access his email and social media accounts.

📈 Crypto Hacks in 2025: A Dangerous Spike
This attack is just one in a wave of escalating crypto hacks in 2025.
🔹 Q1 2025: According to security firm PeckShield, there were over 60 major hacking incidents, resulting in $1.63 billion in losses — a 131% increase from $706 million in Q1 2024.
🔹 The largest breach targeted Bybit, while Q2 saw the Cetus Protocol on the Sui network lose over $223 million.
🔹 Following the Coinbase data breach confirmed on May 15, reported compensation claims could exceed $400 million — further highlighting that DeFi and centralized platforms remain prime targets.

⚠️ A Call for Caution
With the rising number of cyberattacks, the need for increased vigilance is critical — especially when dealing with unknown links or individuals posing as support staff from crypto exchanges.

#solana , #CryptoHack , #HackerAlert , #CyberSecurity , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Hackers Exploited the Account to Promote Fraudulent Tokens
The @TrumpDailyPosts account on the X platform (formerly Twitter) has been hacked and is being misused to spread fake meme coin addresses. The compromised account continues to actively promote several fraudulent tokens, including a fake token named $POWER.
According to Scam Sniffer, a Web3 platform focused on combating scams, the hackers not only post but also quickly delete content related to these fraudulent schemes. Users are advised to verify the credibility of any investment promises, especially those originating from compromised accounts.

Connection to Other Organized Scams
Investigations revealed that the gas source used to create the fake $POWER token address was linked to the same platform involved in a recent hack of the Farcaster account, owned by a MetaMask co-founder.
During that incident, hackers promoted fraudulent meme coins and were accused of generating over 1,000 SOL (Solana). These activities point to a well-organized cybercriminal gang targeting prominent crypto figures and organizations.
Social Media as an Emerging Tool for Fraud
A troubling trend in the crypto space is the increasing use of social media accounts to promote fraudulent tokens. Hackers exploit high-profile accounts to create an illusion of trustworthiness and maximize their financial gains.
The hacking of @TrumpDailyPosts is yet another example of how cybercriminals are adapting their methods. By leveraging fraudulent meme coins and social media, they are creating new ways to deceive investors and extract illicit profits.
How to Protect Yourself From These Scams
Given these trends, it is crucial for both users and platforms to pay closer attention to identifying fraudulent activities. Users should exercise extreme caution when considering any investment opportunities, especially involving meme coins or less-known tokens.
Safety should always take precedence over the promise of profit. Verify sources, thoroughly check addresses, and avoid suspicious projects promising unrealistic returns. The crypto space offers numerous opportunities but also comes with heightened risks that require vigilance and proactive measures.

#CryptoNewss , #blockchain , #CryptoScamAlert , #cryptohacks , #HackerAlert

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“