hackeralert

DeFi News Cybersecurity firms and blockchain security groups are warning of an active threat campaign in which hackers are exploiting a vulnerability in React-based web applications to inject crypto wallet drainers, putting DeFi users at risk of losing funds.

What’s Happening: Attackers are compromising websites built with React and injecting malicious JavaScript
The malicious code triggers wallet-draining scripts when users connect wallets like MetaMask or WalletConnect
Victims unknowingly sign transactions that empty their wallets
DeFi platforms, NFT sites, and crypto dashboards are among the primary targets...

#HackerAlert #CPIWatch #TrumpTariffs #BinanceAlphaAlert #crypto

Israeli Hackers Burn Over $90 Million in BTC, ETH and DOGE Stolen in Nobitex Hack The exchange assures that the funds are safe.
In a shocking development within the recent Nobitex hack, Israeli hackers burned over $90 million in stolen digital assets.


The hack, attributed to pro-Israel hacker group Gunjeshke Darande, has left funds unrecoverable after being destroyed in multiple blockchains.
$90M in BTC, ETH, DOGE Burned in Nobitex Hack
After the high-profile Nobitex hack, Gonjeshke Darande, an Israeli hacker, has revealed a $90 million hoax in stolen cryptocurrencies. Among these assets are Bitcoin (BTC), Ethereum (ETH), Dogecoin (DOGE) and more.



In an X post, the hacker said, "8 burn addresses burned $90M from the wallet of Nobitex, the government's favorite sanctions-busting tool."
The group claimed to have destroyed the funds by transferring them to custom-made ‘vanity addresses’ on multiple blockchains. These addresses were designed with irretrievable private keys, making assets irrevocably and permanently locked.
Yesterday, Nobitex suffered a massive crypto hack Gonjeshke Darande, also known as Predatory Sparrow, claimed responsibility for the hack, saying it was retaliation for Nobitex's alleged involvement in evading Iranian government sanctions and financing terrorism.
Crypto Exchange Hack Raises Iran-Israel War Tensions
In particular, the Nobitex hack can be seen as an escalation of the ongoing Iran-Israel conflict, spilling over into the digital realm.
Adding further fuel to these geopolitical tensions, hackers are threatening to release Nobitex's source code to the public within 12 hours, potentially exposing vulnerabilities and compromising the platform's security.
They are pointing out that customers' assets will be at risk if they stay on Nobitex, suggesting they would be wise to withdraw.
While the Israeli hacker group mentions irreversible addresses, some of them contain inflammatory phrases, such as "FuckIRGCTerroristsNoBiTEX". This suggests that the group is directly targeting Iran’s Islamic Revolutionary Guard Corps.

Additionally, they used specific techniques to ensure the permanent loss of funds, including sending Ethereum tokens to a "0x…dead" burn address and creating a Bitcoin wallet with an incorrect checksum, rendering it unspendable.
Nobitex Responds to Security Breach
In response to the Nobitex hack, the Iranian crypto exchange has released an updated statement.
The firm announced that the situation is now under control. They asserted that all external access to their servers had been cut off.
The technical team of the Iranian crypto exchange proactively emptied the hot wallet to protect the user's assets. This resulted in a significant reduction in visible holdings on blockchain networks.

Additionally, he added that the hackers transferred the stolen funds, estimated at around $100 million, to non-standard wallets.
According to Nobitex, Israeli hackers announced the destruction of tokens under false pretenses with the intention of harming users. Despite the move, the exchange stressed that user assets are safe, citing,
We once again emphasize that user assets are covered by the Nobitex Reserve Fund, and no user funds will be lost. We remain committed to ensuring the safety of your holdings and maintaining your trust.

#BTC #ETH #DOGE #HackerAlert #Market_Update

Hackers from Lazarus Group Target Crypto Developers
The notorious North Korean hacking syndicate, Lazarus Group, has intensified its cyber warfare against the cryptocurrency sector, now setting its sights on developers.
According to the latest security investigation, Lazarus Group has infiltrated npm, one of the most widely used software package repositories for JavaScript developers. By leveraging typosquatting tactics (deliberately mimicking legitimate package names), they have uploaded malicious versions of popular npm packages.
These infected packages deploy a stealthy malware called BeaverTail, which can:

🔹 Steal developer login credentials.

🔹 Extract saved browser passwords.

🔹 Access sensitive wallet data, including Solana and Exodus wallets.
Security researchers discovered that all stolen data is transmitted to a hardcoded command-and-control (C2) server, a known Lazarus Group tactic for discreetly exfiltrating sensitive information.
According to Kirill Boychenko, a cybersecurity threat analyst, this method poses a severe risk to developers working on financial and blockchain applications.
Lazarus Group Behind the $1.46 Billion Bybit Hack
Beyond attacking the developer ecosystem, Lazarus Group has been linked to one of the largest crypto exchange hacks in history.
On February 21, 2025, hackers associated with the group successfully infiltrated Bybit, one of the world’s leading crypto exchanges, making off with an estimated $1.46 billion in digital assets.
How Did the Hackers Pull It Off?
🔹 They exploited a security flaw within Bybit’s infrastructure.

🔹 Manipulated Ethereum smart contract logic.

🔹 Redirected funds to their controlled wallets.

Bybit’s CEO, Ben Zhou, confirmed that despite immediate intervention, 20% of the stolen funds had already been laundered through mixing services, making them nearly impossible to trace.
North Korea Funds Its Nuclear Program with Stolen Crypto
A 2024 UN report revealed that North Korean cybercriminals were responsible for over 35% of all global crypto thefts in the past year, accumulating over $1 billion in stolen digital assets.
Lazarus Group is not just a cybercrime syndicate but also a geopolitical threat, as the stolen funds are reportedly being directly funneled into national military and defense programs.
Developers Are Under Attack – How to Stay Safe
With rising cyber threats, security experts are urging developers and crypto users to adopt stricter security measures to protect themselves from Lazarus Group’s attacks. Key recommendations include:

🔹 Verifying the authenticity of software packages before installation.

🔹 Using AI-powered tools like Socket AI Scanner to detect anomalies.

🔹 Enabling multi-factor authentication (MFA) for wallets, exchanges, and developer accounts.

🔹 Monitoring network activity and blocking suspicious traffic.

Bybit Launches Bounty for Stolen Funds Recovery
Following the Bybit hack, the exchange has introduced a Recovery Bounty Program, offering up to 10% of recovered funds as a reward for anyone who helps track the stolen assets.
The Cyber War on Crypto Is Just Beginning
As Lazarus Group continues evolving its attack methods, it is clear that the war between hackers and the crypto industry is far from over.
Developers, exchanges, and investors must remain vigilant, strengthening security defenses to prevent becoming the next victims of these sophisticated cyberattacks.

#CryptoSecurity , #HackerAlert , #BybitHack , #CyberSecurity , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Tensions are rising again on the crypto scene. The U.S. Department of Justice (DOJ) has launched a new legal battle—this time against North Korean IT workers who allegedly infiltrated American companies using fake identities and obtained millions in cryptocurrencies. These funds were reportedly funneled back to North Korea to finance its weapons programs.
🔹 On Thursday, the DOJ announced it had filed a civil forfeiture complaint for $7.74 million in cryptocurrency. The funds have already been "frozen and seized" by U.S. authorities. The crypto assets are allegedly tied to Sim Hyon Sop, a representative of North Korea’s Foreign Trade Bank.

🎭 Fraudulent IT Workers and Digital Money Laundering
According to the DOJ, North Korea has long exploited the international remote IT workforce and cryptocurrency ecosystem to evade U.S. sanctions. The FBI investigation reportedly uncovered a large-scale operation where North Korean workers, using fake or stolen American identities, were hired by unsuspecting U.S. companies. Their salaries were often paid in stablecoins like USDC and USDT.
To disguise the origin of the funds and send them back to North Korea, the workers allegedly used tactics such as:
🔹 Fake accounts and identities

🔹 Microtransactions

🔹 Chain-hopping (switching between blockchains)

🔹 Hiding value in NFTs

🔹 Using U.S.-based accounts to appear legitimate

🔹 Crypto mixing services

💬 DOJ Claims vs. Geopolitical Reality
“North Korea has for years exploited global remote IT contract work and cryptocurrency to evade U.S. sanctions and fund its weapons programs,” stated Sue J. Bai, DOJ’s head of national security. U.S. Attorney Jeanine Ferris Pirro added:
“In other countries, crime may pay—but not here. We’ll stop your scheme, hit back, and seize everything you illegally earned.”
💥 Critics, however, point to a double standard. While the U.S. cracks down on so-called “enemies,” it has itself directed hundreds of millions in crypto to Ukraine in recent years—including for lethal weaponry. Billions in fiat have also been funneled to the Israeli military, while civilians in Gaza face displacement and destruction.

🧨 Ethics vs. Geopolitical Power
The case once again raises uncomfortable questions. Who has the “right” to use crypto, and for what purpose? Is legality determined by ethics—or by geopolitical allegiance? The DOJ concludes:
“This forfeiture follows two federal indictments against Sim, accusing him of conspiring (1) with North Korean IT workers to generate revenue through illegal employment in companies across the U.S. and abroad, and (2) with OTC crypto traders to use stolen funds to purchase goods for North Korea.”
This situation reveals a complex game of digital masks, economic sanctions, and geopolitical theater—where ethics often vanish in the shadow of state power.

#HackerAlert , #northkorea , #CryptoCrime , #CyberSecurity , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

North Korean hacking groups have once again demonstrated how dangerously sophisticated they can be. This time, they’ve set their sights on crypto developers — posing as legitimate U.S.-based companies with one goal: to infect victims’ systems with malware.

🎭 Two Fake Companies. One Malicious Scheme.
Cybersecurity firm Silent Push has revealed that North Korean hackers created two LLCs — Blocknovas LLC in New Mexico and Softglide LLC in New York — pretending to be recruiters in the crypto industry. These companies sent “job offers” that contained malicious code. The notorious Lazarus Group, linked to North Korea’s intelligence services, is believed to be behind the operation.
A third entity, Angeloper Agency, showed the same digital fingerprint, though it wasn’t officially registered.

🧠 Malware That Steals Crypto Wallets
Once unsuspecting developers opened the infected files, the malware began harvesting login credentials, wallet keys, and other sensitive data. According to Silent Push’s report, multiple victims have already been identified — most linked to the Blocknovas domain, which was by far the most active.
The FBI has seized the domain and issued a warning that similar aliases may reappear soon.

💸 Covert Funding for North Korea’s Missile Program
According to U.S. officials, the ultimate goal of the scheme is simple: generate hard currency to fund North Korea’s nuclear weapons program. Intelligence sources say Pyongyang has been deploying thousands of IT operatives abroad to illegally raise funds through fraudulent schemes.
This case is especially troubling because it shows that North Korean hackers managed to set up legal companies inside the United States, a rare and alarming development.

🔐 Three Malware Families, One Lazarus Signature
Analysts found that the job files contained at least three known malware families, capable of opening backdoors, downloading additional malicious payloads, and stealing sensitive information. These tactics align closely with past attacks by the Lazarus Group.

⚠️ FBI Warning: Be Cautious of "Too Good to Be True" Job Offers
Federal agents emphasize that this case is a chilling reminder of how North Korea continues to evolve its cyber threats. Tech and cybersecurity professionals should thoroughly vet unsolicited job offers, especially those from unfamiliar companies. Developers infected by these schemes could lose cryptocurrency or unknowingly grant hackers access to larger systems and exchanges.

#HackerAlert , #CyberSecurity , #NorthKoreaHackers , #CryptoSecurity , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

🔍 Attack Details
$
$BTC The embedded message claims:“This digital wallet appears to be lost or abandoned…our client…seeks to determine if there is a bona fide owner.” protos.com
The spoofed site, salomonbros [.]com/owner_notice, pretends to be affiliated with Salomon Brothers but includes grammatical errors—an obvious red flag Binance+3protos.com+3AInvest+3.
#HackerAlert #HackersExposed
💡 Why It Matters
A dormant address tied to one of the largest BTC thefts in history is now being actively targeted Decrypt+8AInvest+8Eblock Media+8.Embedding links via blockchain transactions is a novel phishing method—and it demonstrates attackers’ evolving tactics .
The scam underscores the importance of vigilance among early crypto holders and Mt. Gox creditors: dense history ≠ safety.
🛡️ What You Should Do

If you control old, high-value addresses, never follow unsolicited blockchain embedded links.

Use cold storage, hardware wallets, and verified recovery channels only.
Mt. Gox creditors should follow official trustee communications, not strange OP_RETURN messages.
🧭 Bottom Line
This phishing attack highlights how attackers exploit legacy assets and trust in blockchain to craft new scam vectors. It’s a reminder: no vault is too old or too secure once publicized on-chain.

🔔 MARKET MOVING NEWS! (25/12/24)

1️⃣ Russia Imposes 6-Year Ban on Crypto Mining in 10 Regions, Citing Energy Use ⛏
#RussiaCrypto
According to local media reports, the Russian government has imposed a six-year ban on crypto mining in 10 regions due to the industry's high power consumption. The ban takes effect on Jan. 1 2025 and ends on March 15, 2031. It includes seasonal restrictions in key cryptocurrency mining regions to prevent energy blackouts. The restrictions align with Russia’s cryptocurrency mining laws signed by the president in August and October 2024.

2️⃣ Hacker Breaches 15 X Accounts, Nets $500K Boosting Bogus Memecoins: ZachXBT ❓
#HackerAlert
According to the onchain sleuth ZachXBT, over $500,000 in funds stolen via memecoin phishing scams were connected to one threat actor. He reported that the perpetrator tricked X users into handing them control over their accounts by impersonating the X team and issuing fake copyright infringement notices. ZachXBT claims that over 15 X accounts were compromised this way, including those belonging to Kick, Cursor, The Arena, Brett and Alex Blania. Many of these X accounts have large audiences, with well over 200,000 followers who are mainly memecoin enthusiasts looking to catch the next hot tip.

3️⃣ Montenegro Court Rejects Do Kwon’s Extradition Appeal ▶️
#Montenegro
Montenegro’s Constitutional Court has reportedly dismissed Terraform Labs co-founder Do Kwon’s extradition appeal. The court cited legal inconsistencies in Kwon’s appeal, effectively upholding an earlier ruling favouring his extradition. This decision is significant as the international extradition case will potentially set a precedent for cross-border accountability in crypto.

4️⃣ Over 30% Of South Koreans Invest In Crypto Assets 🔍
#SouthKoreaCrypto
According to the South Korean media outlet Yonhap News, the number of crypto users in the country increased by 610,000 in November after Donald Trump won the United States presidential election. Representative Lim Kwang-Hyun of the Democratic Party of Korea shared data showing that digital asset investors in the country at the end of November totalled 15.6 million. Notably, with a population of 51.7 million, this means that over 30% of its citizens are crypto holders. Yonhap said the data was collected and released following the country’s new regulations on crypto exchanges. This is also the first time statistical data related to crypto has been released in the country.

5️⃣ Little-Known Canadian Crypto Firm Matador Adds Bitcoin To Its Books 💸
#MatadorTechnologies
Canadian real-world asset tokenisation firm Matador Technologies has reportedly become the latest company to incorporate BTC in its treasury. The firm's board of directors unanimously approved adding Bitcoin and “USD-denominated assets” to its balance sheet as part of its “long-term capital preservation strategy.” The firm is also planning to convert the majority of its cash balance sheet from Canadian dollars to US dollars.

Sunny Ray, president of Matador, stated,

Matador’s Board and management believe in using Bitcoin to future-proof our treasury. This step also supports our mission to explore using Bitcoin as a platform for our gold-based products.