Age Verification

This website requires you to be 16 or over, Please confirm you are over 16

I Am Over 16 Leave Website
Informations
Jump to content

Lorem Ipsum...

Click to Dismiss this Notification
Ładowanie danych...

  • Articles

    Show all categories
    Records

    Arcadia Finance Hit by $2.5M Hack on Base Blockchain – Full Breakdown of the Attack

    Please Register !

    Overview of the Incident

    Please Register !


    In a significant security breach, Arcadia Finance, a DeFi platform operating on the Base blockchain, has fallen victim to a cyberattack that resulted in the loss of $2.5 million worth of digital assets.
    The exploit targeted a vulnerability within Arcadia’s Rebalancer contract, allowing the attacker to manipulate swap parameters and drain user funds undetected.
    Blockchain security experts at Hacken identified the issue, confirming that the hackers took advantage of poorly validated swapData parameters, which enabled them to perform unauthorized swaps across multiple assets.

    Please Register !

    Step-by-Step Breakdown: How the Hack Happened

    Please Register !


    July 14th, 10:58 PM UTC:
    The attacker funded their wallet through Tornado Cash on Ethereum and quickly bridged those funds over to the Base blockchain.
    July 15th, 04:03 AM UTC:
    A malicious contract was deployed on Base. The exploit was triggered within one minute of deployment.
    The attacker drained user vaults holding assets such as:
    USDC
    WETH
    USDS
    EURC
    AERO
    WELL
    All stolen assets were quickly swapped into Wrapped Ethereum (WETH) and bridged back to Ethereum Mainnet.

    Please Register !

    Technical Details of the Exploit

    Please Register !


    The vulnerability came from inadequate validation of the swapData parameters in the Rebalancer contract. This loophole allowed malicious swaps without triggering any of Arcadia's standard security measures.
    Here’s what the attackers gained:
    199 WETH
    965.8 million AERO tokens
    Assets were funneled through 12 separate wallets in an effort to obscure the trail.
    All stolen crypto was eventually moved to fresh Ethereum wallets to further complicate tracking.

    Please Register !

    Official Response from Arcadia

    Please Register !


    Arcadia Finance confirmed the incident on X (formerly Twitter), advising users to revoke any active permissions linked to the Rebalancer contracts. They specifically warned users about older Rebalancer contracts which might still hold approvals.

    Please Register !

    Why This Matters: Growing DeFi Security Risks

    Please Register !


    This marks Arcadia’s second security failure, following a $455,000 hack in October 2023, which also stemmed from weak smart contract validation and lack of reentrancy protection.

    Please Register !

    Hacken’s Analysis:
    Despite prior warnings from firms like PeckShield, Arcadia’s infrastructure remained vulnerable.

    Please Register !

    The Bigger Picture in 2025:
    DeFi platforms across the board are facing heightened scrutiny as CertiK reports over $2.47 billion lost in hacks during the first half of 2025 alone.
    Type of Attack Losses in 2025 (H1) Wallet breaches $1.7 billion Phishing scams $410 million
    0 comments
    1.5k views
    Read more...
    Records

    The Fall of Abacus Market: Largest Bitcoin-Powered Darknet Marketplace Disappears in Suspected Exit Scam

    Please Register !

    Key Highlights:
    Abacus Market, the largest Bitcoin-centric darknet marketplace, has suddenly vanished.
    Admins blamed DDoS attacks for withdrawal delays — a classic sign of an exit scam.
    Law enforcement previously cracked down on 145 darknet platforms, possibly influencing this disappearance.

    Please Register !

    Another Darknet Giant Falls
    Abacus Market, once hailed as the largest Western darknet marketplace built on Bitcoin, has abruptly gone offline. The platform’s clearnet mirrors and infrastructure are now inaccessible, igniting strong suspicions across the cybersecurity world of a coordinated exit scam.
    According to blockchain analytics firm TRM Labs, the site vanished without notice. “It appears the operators decided to pull an exit scam, taking user funds and shutting operations overnight,” TRM’s report concluded.
    The timing is suspicious: Abacus’s downfall follows the June 2025 takedown of Archetyp Market — a notorious veteran among darknet platforms. That closure had pushed heavy traffic and transactions toward Abacus, possibly bringing unwanted attention from authorities.

    Please Register !

    'Withdrawal Issues' or the Old Exit Scam Playbook?
    Problems began surfacing in late June when users reported being unable to withdraw their funds. In response, Abacus’s administrator, known by the alias “Vito”, pointed fingers at a sudden spike in users combined with a DDoS attack disrupting services.
    However, TRM Labs quickly recognized this as textbook exit scam behavior commonly observed across darknet markets in the past.
    Despite reassurances from “Vito,” user confidence collapsed. Daily deposits plummeted from roughly $230,000 in June to a mere $13,000 between June 28 and July 10.

    Please Register !

    A Marketplace Built on Bitcoin and Monero
    Abacus Market specialized in the sale of illegal substances, from stimulants to psychedelics, and operated via a central deposit system supporting both Bitcoin (BTC) and Monero (XMR) for transactions.
    Following the Europol-led takedown of Archetyp Market on June 16, many migrated to Abacus, causing the platform to hit a peak $6.3 million in June sales.
    This wasn’t their first growth spike. After the voluntary closure of ASAP Market last year, Abacus claimed over 70% of Bitcoin-based darknet market share in the West.
    TRM Labs noted:

    Please Register !

    Please Register !

    Estimated Financial Damage
    In just four years of activity, Abacus facilitated nearly $100 million in Bitcoin transactions. When factoring in Monero volumes, the total could realistically exceed $300-$400 million.

    Please Register !

    Motivation or Survival?
    TRM Labs speculates the admins either lost interest or prioritized escaping prosecution after the Archetyp bust increased scrutiny.
    There’s also growing speculation that law enforcement could have silently seized the infrastructure, gathering intelligence without announcing it publicly — a tactic used before.
    However, Dread, the darknet forum linked to Abacus, remains skeptical:

    Please Register !

    Please Register !

    US Authorities Strike Hard Again
    In June 2025, US officials shut down BidenCash, a dark web market infamous for selling over 15 million stolen credit cards and sensitive data.
    That international operation also took down around 145 darknet and clearnet domains tied to illegal markets.
    Further, the Department of Justice seized over $24 million in crypto from a Russian national linked to the Qakbot malware operation.

    Please Register !

    Conclusion
    The sudden disappearance of Abacus Market seems to fit the classic darknet exit scam narrative: withdrawal problems, DDoS excuses, vanishing admins, and lost funds. Whether it was voluntary or forced by authorities remains unclear.
    One thing is certain: the golden age of anonymous darknet trading grows increasingly dangerous for participants.
    0 comments
    1.5k views
    Read more...
    Records

    Crypto Gambler’s Collapse: James Wynn Deletes X Account After Losing Millions

    Please Register !

    Summary of the Scandal:
    James Wynn, once notorious in the crypto world for his high-risk, leveraged trading tactics, has vanished from social media after reportedly losing almost all of his crypto fortune. His old X profile,

    Please Register !

    , now simply shows:
    “This account doesn’t exist. Try searching for another.”

    Please Register !

    Key Facts You Should Know:
    James Wynn is believed to have lost hundreds of millions on reckless leveraged bets in crypto markets.
    His wallet now reportedly holds barely $10,000, down from previous nine-digit figures, according to Arkham Intelligence and Hypurrscan.
    His disastrous fall highlights the extreme risks of speculative trading and overconfidence in crypto leverage.

    Please Register !

    From Riches to ‘Broke’ in Public View:
    Before disappearing from X, Wynn left one final message in his bio: “broke.”
    His reputation was built on taking massive leveraged positions — often contradicting market sentiment — which ultimately led to his downfall.
    Wynn’s speculative moves became especially infamous through the Hyperliquid platform, where he regularly made some of the largest trades ever recorded.

    Please Register !

    The $100M Bet That Broke Him:
    In May 2025, Wynn went long on Bitcoin with a $100 million position, only to be wiped out when BTC dipped under $105,000.
    This brutal liquidation cost him 949 BTC, further cementing his reputation as crypto’s most reckless gambler.
    Not long before the crash, Wynn had even admitted that his strategy wasn’t investing — it was gambling disguised as trading. Despite this, he went straight back in with another $100M Bitcoin bet days later.
    At one point, he blamed his losses on market makers deliberately targeting his positions for liquidation.

    Please Register !

    Desperate Plea for Donations:
    In a bizarre twist, Wynn asked the crypto community for donations to keep him afloat. Reports suggest at least 24 wallets sent funds to support his cause.
    But even after liquidating 240 BTC (worth roughly $25M at the time) to reduce his risk, Wynn couldn’t stop the bleeding.
    Eventually, his positions collapsed, with over 99% of value lost.

    Please Register !

    Why It Matters for the Crypto Community:
    James Wynn’s spectacular loss has sparked fierce debate about risk management, trading discipline, and ego within crypto circles.
    While some saw him as a cautionary tale from the start, others treated him as an icon of aggressive speculation. His meteoric rise — turning $7K in PEPE tokens into $25 million — only fueled the myth before his eventual crash.
    Earlier this year, Wynn started dabbling in perpetual futures and swiftly flipped a $3M position into $100M — but this gamble would also mark his ruin.

    Please Register !

    Hyperliquid’s Meteoric Rise Despite Scandal:
    Despite Wynn’s failures, Hyperliquid hit an all-time high trading volume of $248 billion in May 2025 — up 51.5% from April’s $187.5 billion.
    Year-over-year, Hyperliquid’s growth is staggering:
    +843% increase from $26.3B in May 2024 to this year’s high.
    The platform merges the user experience of centralized exchanges (CEX) with on-chain, decentralized infrastructure (DEX) — appealing to traders seeking both speed and transparency.

    Please Register !

    Hyperliquid vs. Binance & the Shift in Power:
    In May 2025, Hyperliquid accounted for 10.54% of Binance’s perpetual futures volume, a noticeable uptick from 9.76% in April.
    Meanwhile, DEX perpetual futures captured 6.84% of global perpetual flow, a dramatic rise from under 2% in 2022.

    Please Register !

    What We Can Learn From This:
    Wynn’s downfall is a brutal reminder:
    Leverage is a double-edged sword.
    While platforms like Hyperliquid thrive on volume, individuals like Wynn can burn fortunes chasing impossible gains.
    If you gamble in crypto — know when to walk away.
    0 comments
    1.5k views
    Read more...
    Records

    GMX Hacker’s Bold $42M Exploit Ends with $5M Bounty — A Risky Game Turns Into $3M Profit

    Please Register !

    Overview of the Incident
    In a dramatic turn of events within the DeFi sector, the attacker behind the $42 million GMX exploit has chosen to return the stolen assets in exchange for a $5 million white-hat bounty, as reported by blockchain analytics platform.
    The decentralized exchange GMX fell victim to this major breach on July 9, becoming yet another target in a growing wave of DeFi hacks. According to tracking from DeBank, the hacker siphoned funds to this suspicious wallet address:
    0xdf3340a436c27655ba62f8281565c9925c3a5221.
    After draining the funds from Arbitrum (Ethereum's Layer 2 network), the stolen assets were swiftly moved to the Ethereum mainnet—a common method used to obscure and later launder funds.

    Please Register !

    White-Hat Bounty: A $5 Million Deal to Return $42 Million
    According to Lookonchain, the hacker agreed to a white-hat resolution, handing back the majority of the stolen assets in exchange for a lucrative $5 million reward. This method of negotiation, while controversial, is sometimes seen as a practical solution in DeFi to minimize damage, avoid lawsuits, and recover user funds quickly.
    Such “white-hat” settlements typically involve the attacker revealing crucial vulnerabilities in exchange for amnesty and compensation. However, they remain a gray area of ethics in crypto security.

    Please Register !

    Partial Returns — And an Unexpected Profit
    So far, the exploiter has already returned approximately $10.49 million in FRAX stablecoins. However, the remaining $32 million wasn’t simply sitting idle. The attacker cleverly converted these assets into 11,700 ETH, which due to recent market movements, appreciated to nearly $35 million—netting the attacker an extra $3 million in unintended profit.
    Whether the hacker intends to return the full 11,700 ETH or only the equivalent $32 million is still unclear. So far, there’s been no public confirmation on their next move.

    Please Register !

    Debate: Is This Ethical?
    The situation is sparking debate in the crypto community:
    Can someone who exploits a protocol and returns most of the funds ethically walk away with millions in side profits? While many argue that recovering the bulk of the funds is a win for users, others believe this outcome undermines the spirit of white-hat hacking.

    Please Register !

    Security Concerns in DeFi Highlighted Again
    This incident exposes ongoing security challenges in DeFi, especially regarding vaults managing large assets and cross-chain transfers.
    So far, GMX has not clarified whether this agreement was formally established before or after the hacker returned some of the assets.
    Regardless, this exploit is likely to influence future white-hat negotiations and ethical standards within decentralized finance.

    Please Register !

    GMX’s Official Response: Root Cause Found in Re-Entrancy Flaw
    In its latest statement, GMX confirmed that the breach stemmed from a re-entrancy vulnerability within its V1 smart contracts. Despite using a nonReentrant modifier for protection, it only applied within a single contract scope, leaving the system exposed when interacting between contracts.
    The hacker exploited this loophole by manipulating BTC short averages through the Vault contract, artificially inflating the GLP token price, and profiting by redeeming these overpriced tokens using a flash loan.
    GMX V2 has since addressed this flaw by ensuring all pricing and executions occur within a single contract to prevent similar vulnerabilities.

    Please Register !

    Current Status: Trading Paused, Reimbursements in Progress
    GLP minting on Avalanche: Paused
    GLP redemptions on Avalanche: Active
    V1 orders: To be canceled and migrated to a reimbursement pool
    Arbitrum trading: Suspended pending further updates
    GMX is working closely with security partners and infrastructure providers and continues direct communication with the attacker on-chain.
    The platform has also urged all forks of GMX V1 to immediately perform audits and apply fixes to prevent similar exploits.

    Please Register !

    Summary for Users Affected:
    Expect positions to be migrated.
    Reimbursements are part of the recovery plan.
    Further updates will clarify timelines for withdrawals and transitions.
    0 comments
    1.5k views
    Read more...
    Records

    Crypto Malware Surge 2025: Scammers Pose as AI & Web3 Startups to Drain Your Wallets!

    Please Register !

    Scammers Exploit AI & Web3 Hype to Spread Sophisticated Crypto Malware
    A fresh wave of highly advanced crypto-stealing malware is sweeping across the web, as cybercriminals increasingly disguise themselves behind fake AI, Web3, and gaming startups. These fraudsters leverage the excitement surrounding future technologies to lure unsuspecting victims into downloading malicious software under the guise of testing “innovative apps.”
    Cybersecurity firm Darktrace has issued a stark warning: these scams are carefully crafted social engineering campaigns, weaponizing the trust people place in startup culture.

    Please Register !

    Fake Companies, Real Losses
    The attackers have gone to extreme lengths to make their phony companies look legitimate. They build fake websites, polished GitHub pages, social profiles, whitepapers, and even detailed fake “About Us” team pages — sometimes hosted on platforms like Notion.
    To boost credibility, they often tie these sites to seemingly authentic or compromised X (formerly Twitter) accounts, regularly posting fake updates, blogs, and announcements to reinforce their lies.

    Please Register !

    Gaming & AI Used as Bait
    One of the fraudulent projects uncovered was a fake blockchain game called Eternal Decay. Its creators fabricated screenshots of alleged conference appearances and made up investor lists. The stolen in-game visuals were traced back to an entirely unrelated game, Zombie Within.
    Other fake brands linked to these schemes include:
    Pollens AI
    Swox
    Buzzu
    All these “startups” share similar branding, design, and backend code, further proving this is a coordinated scam.

    Please Register !

    How the Malware Infects You
    Victims are typically contacted through X, Telegram, or Discord, where scammers pretend to be startup employees offering rewards like crypto in exchange for testing new software. Users receive a registration code and a link to a professional-looking download page — but the apps are loaded with malware.
    Darktrace’s analysis identified malware targeting both Windows and macOS systems:
    Windows: The malware uses Electron-based apps to gather device data, silently download malicious payloads, and execute them.
    macOS: Users download disguised DMG installers containing Atomic Stealer malware, which harvests browser data, wallet credentials, and sensitive files, sending them to hacker-controlled servers.
    These malicious tools use advanced evasion methods: stolen certificates, obfuscation, and stealth background operations to avoid detection.

    Please Register !

    The Threat Group Behind the Scheme
    Darktrace connects these tactics to a previously identified malware gang known as CrazyEvil, which security firm Recorded Future flagged earlier this year. While it’s not confirmed if CrazyEvil runs this exact campaign, the patterns are strikingly similar:
    Fake companies
    Sophisticated social engineering
    Focus on crypto-related targets

    Please Register !

    Crypto Crime in 2025: The Bigger Picture
    The crypto crime surge is only escalating. Malware campaigns and credential theft are pushing 2025 toward record-breaking crypto losses.
    Kaspersky reports:
    83.4% YoY increase in crypto-related phishing attacks
    3.6x spike in mobile banking trojans
    Traditional bank malware? Declining.
    → Attackers are moving away from fiat and zeroing in on crypto wallets.

    Please Register !

    Emerging Threat: “SparkKitty”
    A new mobile malware strain called SparkKitty has been wreaking havoc since early 2024. Masquerading as TikTok mods or crypto apps, it infiltrated even Google Play and Apple’s App Store. It uses OCR technology to scan screenshots of seed phrases stored in photo galleries.
    SparkKitty evolved from the earlier SparkCat campaign and specializes in stealing crypto credentials right from user devices.

    Please Register !

    Unexpected Attack Vectors
    In May, security analysts traced malware back to Procolored, a Chinese printer manufacturer. Their official printer drivers carried a hidden remote access trojan, hijacking copied wallet addresses during transactions — swapping them with hacker-controlled addresses.

    Please Register !

    Result? 9.3 BTC stolen (~$1 million) over six months before discovery.

    Please Register !

    Massive Credential Leaks Raise Stakes
    A data breach exposed by Cybernews revealed over 16 billion stolen credentials, collected largely via infostealer malware. These include access to platforms like Telegram, GitHub, and Apple — further heightening risks for crypto holders managing digital assets online.
    Combined with CertiK’s estimate of $2.2 billion lost in crypto attacks during H1 2025, this paints a bleak but realistic picture of how cybercriminals are evolving.

    Please Register !

    Final Thoughts
    The lesson here is simple: if it looks too good to be true, it is. Whether it's a flashy AI startup or the “next big” blockchain game, always verify sources independently.
    Crypto malware campaigns are no longer amateurish. They’re professional, well-funded, and highly convincing.
    Stay alert. Protect your wallets. Trust, but verify.
    0 comments
    1.5k views
    Read more...
    Records

    Crypto Fraudster Faces Justice: 18 Months Turned Into 12 Years for $20M Scam

    Please Register !

    A Brutal Reminder: Crime in Crypto Doesn’t Pay
    In a sharp escalation of punishment, a convicted cryptocurrency scammer has learned the hard way that dodging court-ordered repayments can lead to years behind bars.
    Nicholas Truglia, aged 27, originally received an 18-month prison sentence after pleading guilty to his role in a notorious crypto fraud valued at $22 million. However, following his blatant refusal to return the stolen funds, a New York federal judge has now sentenced him to a harsh 12 years behind bars.
    Judge Alvin Hellerstein didn’t mince words during the recent hearing. “You paid not a cent — not even a penny,” he stated bluntly, before adding three months of supervised release on top of the prison term. The judge emphasized Truglia’s extravagant lifestyle despite not having legitimate employment. “You lived in luxury without lifting a finger,” Hellerstein said.

    Please Register !

    From SIM Swap to Prison Cell
    Back in 2018, Truglia was arrested in California’s Bay Area after orchestrating a sophisticated SIM-swapping scam. By manipulating a telecom employee, Truglia and his crew gained unauthorized access to the phone number of blockchain investor Michael Terpin, siphoning away $24 million in cryptocurrency.
    Truglia’s specific role? Converting the stolen funds into Bitcoin to further hide the crime’s digital footprints.
    In 2019, Terpin took civil action and was awarded a staggering $75 million in damages. He also sued his mobile provider, AT&T, for $224 million, citing gross negligence in protecting his sensitive account.

    Please Register !

    Where Did the Money Go?
    During his original sentencing, prosecutors highlighted Truglia’s vast portfolio of assets — luxury watches, fine art, cryptocurrency, and more — valued north of $50 million. His defense argued that much of this wealth was trapped in a Bitcoin wallet he could no longer access.
    Truglia insisted he wanted to repay the victim but simply couldn’t unlock his funds. Terpin dismissed this as nothing more than “a giant smokescreen.”

    Please Register !

    U.S. Cracks Down Hard on Crypto Criminals
    America’s law enforcement is steadily increasing its efforts against crypto-based crimes, and sentences are getting tougher:

    Please Register !

    Please Register !

    May 2024: Trung Nguyen of Massachusetts was given six years in federal prison for operating a fake vending machine business as a front for laundering over $1 million in drug money through Bitcoin.

    Please Register !

    Earlier in May: Mohammed Azharuddin Chhipa received a massive 30-year sentence for funneling crypto to ISIS operatives. Between 2019 and 2022, he sent over $185,000 to fund terrorists, escape attempts, and fighters.

    Please Register !

    Upcoming: The DOJ seeks a 20-year sentence for Celsius founder Alex Mashinsky after the platform’s 2022 collapse, which froze $4.7 billion of customer assets. Prosecutors accuse him of defrauding investors out of $550 million through manipulative schemes.
    These landmark rulings reflect a broader trend: U.S. courts are no longer tolerating crypto-related crimes, especially those involving scams, money laundering, or connections to organized crime.
     

    Please Register !

    Key Takeaway
    If you thought crypto fraud was a loophole in the justice system, these cases prove otherwise. From SIM-swappers to terrorist financiers, the law is closing in fast.
    0 comments
    1.5k views
    Read more...
    Records

    Greece Freezes Crypto for the First Time After $1.5 Billion Bybit Hack – How North Korean Hackers Got Caught

    Please Register !

    Major Breakthrough in Crypto Crime: Greece Freezes Digital Assets
    In a landmark moment for crypto security, Greek authorities have successfully frozen cryptocurrency assets tied to the infamous $1.5 billion Bybit hack. This marks the first time ever Greece has carried out such an action, directly targeting the funds linked to North Korea’s notorious Lazarus Group – a name well-known in the world of cybercrime.
    Thanks to advanced forensic tools like Chainalysis Reactor, investigators traced the stolen crypto despite the hackers’ complex laundering strategies designed to obscure their trail.

    Please Register !

    How Did They Do It? A Play-by-Play of the Investigation
    The probe began after Greek anti-money laundering units noticed suspicious transactions months after the Bybit attack took place.
    Using blockchain visualization tools they acquired in 2023, investigators tracked the movements of stolen funds, pinpointing a wallet directly tied to the February 2025 hack.
    By the time Greece stepped in, 32.78% of the $1.4 billion haul remained traceable, 62% had vanished into the dark web’s abyss, and just over 5% was successfully frozen.

    Please Register !

    Chainalysis Exposes Lazarus’ Playbook
    Through meticulous blockchain tracing, investigators discovered that the Lazarus Group laundered the stolen Ethereum (ETH) through a dense web of transactions aimed at confusing law enforcement.
    Chainalysis also confirmed that the initial compromise happened via social engineering attacks, targeting cold wallet signers to manipulate multi-signature protections.
    <foto>
    Bybit’s CEO, Zhou, described the moment as a nightmare — initially believing 30,000 ETH worth $82 million had been stolen before realizing the real loss: 401,000 ETH worth $1.4 billion.
    Within hours of the breach, Bybit processed a staggering 350,000 withdrawal requests, attempting to maintain customer confidence through transparency and swift action.
    Meanwhile, the hackers were moving fast — using mixers, bridges, and decentralized exchanges to hide their tracks.

    Please Register !

    Where Did the Money Go?
    Analysts confirmed 86.29% of the stolen funds had been transformed into over 12,800 Bitcoin, spread across 9,100+ wallets via obfuscation tools like Wasabi, Tornado Cash, CryptoMixer, and Railgun.

    Please Register !

    Germany Follows Suit with €34M Crypto Seizure
    While Greece made headlines, Germany also took action, seizing €34 million ($38M) from the notorious eXch platform as part of its own investigations into laundering proceeds from the Bybit breach.
    This marked Germany’s third-largest crypto seizure ever, effectively shutting down a service notorious for helping criminals hide funds. Authorities discovered eXch had handled over €1.75 billion ($1.9B) in crypto transactions linked to illegal activities.
    Despite officially claiming a shutdown in April, eXch continued operations secretly through backend APIs.
    TRM Labs revealed Lazarus and other criminal groups used signature mixing pools within eXch to continue hiding funds even after regulators flagged the platform.

    Please Register !

    The Bigger Picture: Crypto Crime Isn’t Slowing Down
    These high-profile recoveries are part of a larger international effort to tighten the net around crypto-based laundering.
    However, cybercrime in the blockchain space continues:
    Taiwan’s BitoPro: Lost $11.5M through exposed wallets in system upgrades.
    Brazil’s C&M Software: Victim of a $40M laundering incident.
    Iran’s Nobitex Exchange: Confirmed a $73M hack that escalated to $90M stolen.
    GMX DEX (Decentralized Exchange): Today reported a suspected $42M exploit.

    Please Register !

    Bybit’s Response: Bounties on Stolen Funds
    In response, Bybit has launched a bounty program offering up to 10% rewards on recovered assets, totaling potential payouts of up to $140 million.
    This proactive stance shows how exchanges are learning to protect not just their platforms but also their reputations in an increasingly hostile digital world.

    Please Register !

    Final Thoughts
    The cryptocurrency world is rapidly evolving, and with it, the tools law enforcement uses to fight back.
    This case shows the growing maturity of blockchain analytics and international collaboration in tackling cybercrime.
    However, vigilance remains key — especially as state-sponsored groups like Lazarus adapt to new defenses.
    0 comments
    1.6k views
    Read more...
    Records

    How Crypto Mogul Tim Heath Thwarted a Kidnapping by Biting Off Attacker’s Finger

    Please Register !

    Top Highlights:
    Tim Heath escaped a violent kidnapping attempt by biting his assailant’s finger.
    The attackers had been tracking Heath for weeks, even using disguises and GPS devices.
    Seven suspects stand accused of plotting to kidnap Heath and seize his cryptocurrency.
    In a dramatic event that unfolded last July in Tallinn, Estonia, Australian crypto billionaire and Yolo Group founder Tim Heath narrowly escaped a violent kidnapping attempt by literally biting off a piece of one attacker’s finger, an Estonian court was told this week.
    This alarming case highlights the rising threat of targeted kidnappings aimed at wealthy figures within the cryptocurrency space throughout 2025 — a disturbing trend that has forced many high-profile investors to seriously upgrade their personal security.
    The Attempted Abduction: A Close Call
    Heath was caught off guard in the stairwell of his apartment complex by two men disguised as painters, according to reports by Eesti Ekspress and the Sydney Morning Herald.
    One of the assailants, identified as Azerbaijani national Allahverdi Allahverdiyev — a former boxer and wrestler — tried to silence Heath by forcibly covering his mouth.
    In a fierce act of self-defense, Heath bit through Allahverdiyev’s index finger, managing to break free and rush back into his apartment.
    The entire encounter lasted around 30 seconds. Although Heath lost a tooth during the struggle, his resistance scared off the kidnappers.
    Police later found part of the severed finger about 100 meters from the scene, while the attackers abandoned a rented van nearby.
    Planning and Surveillance
    Court files reveal that the kidnappers had been monitoring Heath for weeks, both physically tailing him and using a GPS tracking device attached to his car.
    Their plan reportedly involved forcing Heath into the van, transporting him to a rented sauna facility, and coercing him into handing over his cryptocurrency assets.
     
     
    Prosecutors allege a hacker was involved to accelerate the theft of digital assets.
    The gang of seven suspects is believed to have entered Estonia using forged Georgian passports.
    Before the assault, the group purchased painters’ uniforms and tools to disguise themselves as legitimate workers.
    Two suspects have been apprehended: Allahverdiyev and Georgian national Ilgar Mamedov, accused of being the getaway driver.
    Mamedov denies any involvement, claiming he arrived in Estonia unintentionally. Meanwhile, three suspects remain unidentified, and two others, including alleged mastermind Najaf Najafli, are actively sought by law enforcement.
    Demanding Ransom in Bitcoin
    Following the botched kidnapping, Heath reportedly received a threatening Telegram message featuring photos of his home along with a ransom demand for 30 Bitcoin — roughly $3.3 million at that time.
    When Heath ignored the message, the kidnappers ceased contact, but prosecutors warn the threat could still be live.
    Since then, Heath has invested over $3.1 million in private security and moved to a safer residence.
    His legal team is currently seeking reimbursement of these expenses from the accused as the trial proceeds in Estonia.
    Broader Context: Rising Crypto Kidnappings
    This incident is part of a worrying pattern in 2025. For example:
    On May 1, masked assailants kidnapped the father of a crypto entrepreneur in Paris, severing one of his fingers before police intervened.
    In New York, a tourist was held captive and tortured for over two weeks as kidnappers tried to force him to hand over Bitcoin credentials.
    The increasing frequency and brutality of these attacks highlight the urgent need for heightened vigilance among the cryptocurrency community.
    If you want, I can help polish or rewrite other crypto-related stories with the same level of detail and clarity!
    0 comments
    1.5k views
    Read more...
    Records

    Crypto Scam Alert: $250K Stolen by Fraudsters Masquerading as Trump-Vance Inaugural Committee

    In a recent investigation, the FBI uncovered a sophisticated cryptocurrency scam in which fraudsters, allegedly operating from Nigeria, impersonated the Trump-Vance Inaugural Committee and managed to siphon off approximately $250,300 in Ethereum-based USDT from an unsuspecting donor.
    How the Scam Unfolded:
    The fraudulent operation was flagged as a Business Email Compromise (BEC) scheme by U.S. prosecutors, who announced the filing of a formal complaint earlier this week.
    Blockchain analysis enabled the FBI to trace a total of 40,353 USDT.ETH involved in the transaction, with authorities actively pursuing the recovery of these assets to return them to the rightful owner.
    The Subtle Trick Behind the Fraud
    The scammer’s approach hinged on exploiting a tiny but crucial typo in the email address.
    Last December, the victim received an email purportedly from Steve Witkoff, co-chair of the Trump-Vance Inaugural Committee. However, the scammer used an email domain differing only by a lowercase letter — replacing the letter ‘I’ with a lowercase ‘L’ in the domain: @t47lnaugural.com instead of the legitimate @t47inaugural.com.
    Because of the font style, the fake email appeared nearly indistinguishable from the authentic one, fooling the victim into trusting the communication.
    The Transfer and Loss
    Following the email instructions, the victim transferred funds to a crypto wallet ending with 58c52 on December 26, 2024, under the false impression that the wallet belonged to the Inaugural Committee.
    The FBI reports that within just two hours, the stolen USDT.ETH worth $250,300 was moved from this wallet to a different crypto address, making recovery more difficult.
     
     
    Official Warnings and Advice
    Steven J. Jensen, FBI Assistant Director in Charge, emphasized:

    Please Register !

    U.S. Attorney Jeanine Ferris Pirro urged donors to:

    Please Register !

    She also highlighted the challenge law enforcement faces in retrieving stolen funds, noting:

    Please Register !

    Key Takeaways:
    Always verify email domains closely, especially in financial transactions.
    Be suspicious of even minor irregularities in sender addresses.
    Confirm payment details through secondary communication channels if possible.
    Understand that blockchain theft recovery is often complicated and time-consuming.
    If you suspect any suspicious emails or requests related to crypto donations, report them immediately to authorities.
    0 comments
    1.5k views
    Read more...
    Records

    Beware! Over 40 Fake Firefox Crypto Wallet Extensions Stealing Your Funds

    Cybersecurity experts from Koi Security uncovered a widespread scam involving over 40 fraudulent Firefox extensions designed to steal cryptocurrency wallet credentials, including seed phrases. These extensions impersonate well-known wallets, tricking users into unknowingly handing over access to their digital assets. Losses connected to this scam have already surpassed $2.2 billion in the first half of 2025 alone.

    Please Register !

    Which Wallets Are Being Imitated?
    Coinbase
    MetaMask
    Trust Wallet
    Phantom
    Exodus
    OKX
    Keplr
    MyMonero
    Bitget
    Leap
    Ethereum Wallet
    Filfox
    Attackers have replicated these trusted brands with near-perfect logos and names to dupe unsuspecting users.

    Please Register !

    Timeline and Scam Techniques
    The campaign has been active since April 2025, with new fake extensions continuously uploaded — some as recent as last week — to the official Firefox Add-ons platform.
    These malicious plugins silently extract wallet credentials from targeted sites and transmit them to attacker-controlled servers.

    Please Register !

    Please Register !

    Tricks to Gain User Trust
    Hundreds of fake 5-star reviews boosted their apparent popularity.
    Branding and logos meticulously cloned real wallet extensions.
    The use of authentic open-source wallet code, with malicious backdoors added, maintained normal functionality while stealing data stealthily.
    This clever tactic reduced detection chances and lengthened the time malicious extensions stayed active on users' systems.

    Please Register !

    Beyond Browser Add-ons: Hardware & Physical Scams
    A Chinese crypto investor lost $7 million after buying a counterfeit cold wallet on Douyin (China’s TikTok), which generated private keys already compromised by attackers.
    The Atomic macOS Stealer malware replaced legitimate Ledger Live apps on over 2,800 compromised sites, harvesting seed phrases via fake pop-ups.
    Physical phishing letters mimicking Ledger, sent via USPS, instruct victims to scan QR codes linking to phishing websites stealing private keys.

    Please Register !

    The Growing Toll on Crypto Security
    $2.2 billion lost to hacks and scams in early 2025, per CertiK’s report.
    Wallet attacks accounted for $1.7 billion across 34 incidents.
    Phishing scams led to $410 million stolen in 132 events.
    Ethereum was the prime target with 175 incidents and losses exceeding $1.6 billion.

    Please Register !

    Rising Code Vulnerabilities and Physical Threats
    May 2025 alone saw $229 million lost due to software vulnerabilities, a huge leap from $5 million in April.
    Physical “wrench attacks” targeting crypto holders surged, with 32 reported incidents so far, set to break the 2021 record of 36.

    Please Register !

    Final Recommendations
    Stay vigilant:
    Only install extensions from verified sources.
    Regularly update wallets and security software.
    Be skeptical of unsolicited communications or offers.
    Protect your crypto with caution — the threats keep evolving.
    0 comments
    1.5k views
    Read more...
    Records

    North Korean Hackers Deploy New macOS Malware Targeting Crypto Industry — What You Need to Know

    A Sophisticated New macOS Malware Threat Targets Web3 and Crypto Firms
    In a troubling development, North Korean hackers have stepped up their cyberoffensive with a brand-new malware strain designed specifically for macOS systems, targeting businesses in the Web3 and cryptocurrency sectors. Dubbed NimDoor, this advanced threat is written in the Nim programming language, a choice that complicates detection and analysis due to its unique code compilation process.
    Why Nim Language? A Game-Changer in Malware Development
    Unlike traditional programming languages, Nim compiles code in a way that blends runtime execution with the malware’s core logic, creating binaries that are harder for security tools to dissect. This technique effectively conceals malicious behavior, making reverse engineering a more difficult task.
    According to a recent report by SentinelLabs, NimDoor was initially detected during an April 2025 attack against a crypto startup. Since then, several cybersecurity companies have confirmed additional infections within the industry.
    How the Attack Unfolds: Social Engineering and Sophisticated Delivery
    SentinelLabs reveals that the attackers rely heavily on tried-and-true social engineering tactics to gain entry:
    Targets are approached via Telegram by impostor contacts.
    Victims are invited to schedule meetings through Calendly.
    Subsequently, they receive emails containing a Zoom meeting link and instructions to install a so-called “Zoom SDK update.”
    This Zoom update link actually leads to an AppleScript file hosted on domains mimicking official Zoom URLs. The script is padded with thousands of lines of whitespace to evade automated scans, ultimately fetching a secondary payload from attacker-controlled servers.
    Inside the Malware: Multi-Stage Payload with Persistence and Data Theft
    Once downloaded, NimDoor installs two Mach-O binaries into the system’s temporary folder:
    The first binary, crafted in C++, performs process injection to launch the trojan.
    The second, written in Nim and labeled as the installer, installs persistence mechanisms ensuring the malware remains active after reboots or termination attempts.
    The installer then drops two additional Nim-based components named GoogIe LLC and CoreKitAgent, which provide ongoing access and system surveillance capabilities.
    The malware also runs two scripts designed to exfiltrate data:
    The upl script collects login details and browsing histories from popular browsers such as Google Chrome and Firefox.
    The tlgrm script targets Telegram data specifically.
    All stolen information is compressed and sent to attacker-controlled servers disguised as secure upload portals.
    North Korea’s Expanding Cyber Toolset
    SentinelLabs points out that this isn’t the first time North Korean threat actors have leveraged less conventional programming languages to evade detection. Past campaigns included malware written in Go, Rust, and more recently, Crystal. Analysts anticipate increasing use of such uncommon languages as attackers seek to outpace conventional security measures.
    Context: Ongoing North Korean Crypto-Related Cybercrime
    This latest attack is part of a growing wave of cyber threats originating from North Korea. Earlier in 2025, hackers linked to a Lazarus Group subgroup targeted U.S. crypto developers with malware spread through fake companies like Blocknovas LLC and Softglide LLC—both shell organizations with fabricated addresses. The campaign used fraudulent job offers to distribute malware aimed at stealing crypto wallets and credentials.
    In response to escalating cyber risks, South Korea and the European Union agreed in May to enhance cooperation focused on combating North Korea’s cryptocurrency crimes. Officials emphasized the urgency of coordinated efforts amid a surge of cyberattacks.
    Alarming Figures: Cryptocurrency Theft Continues Unabated
    According to South Korean lawmaker Ha Tae-keung, North Korean hackers have stolen an additional $310 million in cryptocurrency from South Korean wallets since the infamous $2 billion heists documented by the United Nations in 2019. Meanwhile, blockchain analytics firm Chainalysis reported a staggering $1.3 billion in stolen crypto assets linked to North Korea in 2024 alone.
    Just days ago, the U.S. Department of Justice charged four North Korean nationals with stealing more than $900,000 by masquerading as remote IT workers at blockchain companies. The group exploited fake identities to alter smart contracts, facilitating thefts that allegedly fund North Korea’s weapons development programs.
    What Lies Ahead
    With cyber threats evolving rapidly and attackers adopting novel programming approaches like Nim, defending Web3 and crypto infrastructures demands heightened vigilance and innovation. The international community’s ability to coordinate across borders and sectors remains crucial to curbing these increasingly sophisticated attacks.
    0 comments
    1.6k views
    Read more...
    Records

    $180M Vanishes in Brazil’s Largest Banking Hack — Crypto Used as Escape Route

    Please Register !

    Critical Flaw in Brazil’s Banking System Leads to Record Heist
    In a shocking breach that shook Brazil's financial infrastructure, cybercriminals made off with over R$1 billion (~$180 million USD) by taking advantage of a weakness in the nation's PIX instant payment system. This marks the largest cyberattack in the history of Brazil’s banking sector.
    The attackers infiltrated the system by compromising C&M Software, a third-party provider authorized by the Central Bank of Brazil to handle API connections for several financial institutions.
    Through this access point, hackers gained entry to various bank accounts—including those tied to banking-as-a-service entities like BMP—and quickly initiated a massive transfer of funds.

    Please Register !

    Funds Moved to Bitcoin & USDT Almost Immediately
    Once the money was siphoned, it didn’t sit still. The stolen capital was rapidly funneled into the cryptocurrency ecosystem, with a clear trail showing transfers to crypto exchanges, payment gateways, and OTC (over-the-counter) desks, attempting to convert the cash into Bitcoin and USDT (Tether).
    Brazil’s Federal Police confirmed that this wasn’t just a simple breach—it was a deep and systemic attack on the national payment infrastructure.
    Meanwhile, C&M Software was instantly disconnected from the financial system, as security engineers and Central Bank officials worked through the night to contain the damage and begin the investigation.

    Please Register !

    PIX Network Gateway Became the Breach Point
    C&M Software later released a statement explaining that it fell victim to “unauthorized access using client credentials,” which enabled the attackers to misuse their role as a gateway to PIX, Brazil’s real-time payment system.
    This breach allowed the intruders to abuse transfer protocols that link banks, payment providers, and fintech firms to the core national network.
    Immediately after securing access, they began onboarding stolen funds into digital assets, targeting cryptocurrency platforms that had direct integration with PIX.

    Please Register !

    Crypto Firms Respond Swiftly — Many Transactions Frozen
    One of the first to detect anomalies was SmartPay, whose CEO confirmed the system noticed irregular activities as early as 12:18 AM on June 30. Automated defenses kicked in, blocking large crypto purchases and flagging unusual transaction flows.

    Please Register !

    Blockchain analysis tools also caught sizable amounts of crypto moving across wallets and services, though the precise value successfully laundered remains uncertain as the investigation continues.

    Please Register !

    BMP Issues Clarification: No Clients Affected
    In response to rising public concern, BMP clarified in an official announcement that none of their customers were financially impacted. They emphasized that the hackers only accessed funds stored in BMP’s reserve account at the Central Bank.
    BMP also reassured the public that it holds adequate collateral to fully absorb the financial hit caused by the breach.

    Please Register !

    Crypto Becomes the Go-To Exit for Financial Crime
    This attack once again highlights a dangerous global trend: the growing reliance on cryptocurrencies as an exit channel for traditional financial heists.
    Digital assets offer speed, liquidity, and pseudo-anonymity unmatched by conventional fiat systems—making them increasingly attractive to cybercriminals.
    Global authorities, including the Financial Action Task Force (FATF), have expressed serious concern over the unchecked rise of stablecoin use in illicit finance. Without international regulation, digital currencies may continue to serve as the perfect getaway vehicle for large-scale thefts.

    Please Register !

    Brazil Joins a Growing List of Crypto-Fueled Mega-Heists
    This incident joins a grim 2025 trend of crypto-assisted criminal activity:
    $1.46 billion was siphoned from ByBit in a record-breaking breach linked to North Korean actors
    $136 million was laundered through a crypto-based operation uncovered in China
    OKX recently paid a $505 million fine for lapses in anti-money laundering (AML) protocols

    Please Register !

    Ongoing Efforts to Track and Freeze Stolen Assets
    Brazilian law enforcement agencies are now tracing the flow of funds across blockchain networks and coordinating with international cybercrime units to freeze stolen assets and uncover the attackers’ identities.
    This unprecedented breach may serve as a wake-up call for regulators and financial institutions across the globe. As traditional and digital finance continue to converge, so too do their vulnerabilities.
    0 comments
    1.5k views
    Read more...
    Records

    Against All Odds: Solo Bitcoin Miner Earns $349K by Solving Block with Modest Rig

    Please Register !

    A Solo Miner Hits the Jackpot with Just 2.3 PH/s
    In a striking reminder that sometimes even the underdogs win, a solo Bitcoin miner recently pocketed nearly $350,000 after independently cracking block 903883. What makes this so remarkable? The miner was operating through CKpool, wielding a relatively modest setup pushing 2.3 petahashes per second (PH/s).
    This feat defies steep odds—1 in 2,800 per day, to be precise—making it one of the rarest and most impressive victories in solo mining history.

    Please Register !

    The Odds Were Slim—But Not Impossible
    According to mining statistics from Mempool.space, the chance of solving a block at 2.3 PH/s under current network difficulty is just 0.004% daily—or roughly once every 8 years.
    Despite these odds, this solo miner achieved success and was rewarded with:

    Please Register !

    Please Register !

    Hardware Setup Likely Built from Older ASIC Units
    While specific details of the mining hardware remain under wraps, experts speculate that the rig likely involved a mix of older-generation ASIC miners working in tandem to reach the 2.3 PH/s mark.
    To put it in perspective, consumer-level machines like Bitaxe or USB-based NerdMiner units generate terahashes or even kilohashes per second—far below what's needed to realistically compete for full block rewards.

    Please Register !

    How Big Miners Compare
    To achieve a single block every month in a solo mining scenario, you'd need a monstrous 166,000 TH/s—equivalent to around 500 Antminer S21 Hydro machines. Such an operation would cost millions of dollars in hardware and infrastructure.
    Despite this, the recent solo success proves that even modest setups, with a little luck, can still reap major rewards.

    Please Register !

    Not the First Time—And Probably Not the Last
    This isn’t the only time a solo miner struck it big this year:
    February: Block 883,181 yielded $300,000+ in BTC
    Early June: Block 899,826 netted about $330,000
    These wins showcase the thrill and possibility of solo mining—even in a world dominated by industrial-scale operations.

    Please Register !

    Industrial Giants Struggle as Solo Miner Shines
    Interestingly, June was a downturn month for major players like Riot Platforms, Cipher Mining, and MARA Holdings, who scaled back operations in Texas due to soaring summer energy costs. This contrast highlights how sometimes smaller, more agile players can outperform their heavyweight rivals—especially when electricity costs and regional regulations play a role.

    Please Register !

    China's Imprint on Global Mining Still Lingers
    Despite Beijing's 2021 ban on cryptocurrency mining, China remains deeply embedded in the global mining landscape:
    55%–65% of mining activity still linked to Chinese capital, hardware, or expertise
    Companies like Bitmain, Canaan, and MicroBT—which make 99% of Bitcoin mining hardware—have shifted production to the U.S., aiding in America's growth from 4% of the hashrate in 2019 to 38% today
    Some former Chinese miners have ramped up their capacity by as much as 150% after relocating abroad. Meanwhile, low-level mining activity still persists in remote Chinese regions where enforcement remains minimal.

    Please Register !

    Final Thoughts
    This story is more than just luck—it’s a reminder that the crypto world still holds room for bold individuals willing to challenge the odds. While large mining farms dominate headlines and hashrates, the heart of Bitcoin remains decentralized—and stories like this solo victory prove it.
    0 comments
    1.5k views
    Read more...
    Records

    Crypto Wealth Turns Dangerous: Trio Imprisoned for Kidnapping, but Key Conspirators Still Missing

    A chilling reminder that online fame and fortune can have life-threatening consequences.
    In a disturbing case that rattled the European cryptocurrency community, a court in Brussels handed down 12-year prison terms to three individuals found guilty of kidnapping the wife of a prominent Belgian crypto educator in December 2024. The attack, clearly orchestrated with financial motives, highlights growing concerns over the vulnerability of digital asset holders.
    According to official reports, the crime occurred on the evening of December 20th. The suspects ambushed the victim just outside her home and forcibly placed her in a van with French registration. Their destination? The Belgian coast—likely a failed attempt to escape jurisdiction.
    Fortunately, local police were notified immediately. Law enforcement teams quickly tracked the vehicle, intercepting it near Bruges. A high-speed intervention forced the van off the road and led to the arrest of three adult suspects. A fourth person, a minor, was later directed to juvenile court proceedings.
    Crypto-Linked Kidnapping Sparks Wider Investigation
    Captured moment of police operation near Bruges
    The kidnappers, who were later convicted of hostage-taking and crypto extortion attempts, claimed in court that they were coerced by unnamed “sponsors” who threatened their lives. However, the court rejected this defense, classifying the act as a calculated and professionally executed crime.
    Prosecutors believe this was not an isolated event. Belgian and French authorities suspect ties to a broader criminal network responsible for a growing wave of cryptocurrency-targeted abductions. While the three operatives have been sentenced, the true masterminds remain in the shadows.
    In addition to incarceration, the court has ordered the convicts to pay over €1 million (approximately $1.2 million) in damages to the victim—a symbolic yet significant step toward justice.
    Victim’s Husband Withdraws from Public Life After Trauma
    The husband of the victim—an educator and crypto advocate with nearly 40,000 YouTube followers—chose to temporarily step back from public life following the incident. Known for producing wallet tutorials, market reviews, and interactive giveaways, his content had positioned him as a visible figure in the crypto space.
    In a January message shared online, he expressed a change in priorities:

    Please Register !

    As a result, he made the decision to halt contests and on-camera appearances. Instead, he shifted focus to voice-over content emphasizing safety, market analysis, and privacy strategies.
    By late June, he cautiously returned to content creation—his first video since the incident featured no visuals of himself, only narrated insights.
    Ongoing Threats in the Global Crypto Space
    This incident isn’t unique. Around the globe, crypto holders—particularly those with public profiles—are being increasingly targeted in a new wave of digital wealth crimes.
    In July of the previous year, an attempted abduction in Tallinn, Estonia, involved a well-known Australian crypto entrepreneur. The attackers posed as painters and tracked his movements using a GPS device. The intended plan was to force a transfer of crypto assets at a remote sauna facility. In a surprising act of resistance, the victim fought back—biting off part of one assailant’s finger.
    Meanwhile, France has seen its own spike in such attacks. A TikTok personality was kidnapped in June and assaulted in Essonne, only to be released when the attackers found his wallet nearly empty. Days later, another victim in Paris was held hostage while perpetrators demanded a hardware wallet and cash. His partner was forced to surrender €5,000 before his release.
    Security expert Jameson Lopp has tracked no fewer than 32 violent crypto theft attempts (known as “wrench attacks”) globally in 2025 so far, with France accounting for almost a third of them. This marks a significant rise compared to previous years—both in number and in coordination.
    Conclusion: Justice Served, but the Danger Lingers
    While this recent Belgian sentencing offers a sense of resolution for the immediate victims, the broader picture remains deeply concerning. The masterminds behind these crimes are still unidentified, and the risk for crypto investors—especially those with public exposure—continues to grow.
    Law enforcement agencies across Europe are now investigating a suspected transnational network that targets digital asset holders through surveillance, intimidation, and violence. For anyone in the crypto world, especially public figures, operational security and discretion are no longer optional—they are a necessity.
    0 comments
    1.3k views
    Read more...
    Records

    Velocore DEX Hit by $10 Million Flash‑Loan Exploit on zkSync & Linea

    Please Register !

    Quick Summary
    What occurred: A critical flash‑loan exploit drained about $10 million from Velocore DEX, which runs on zkSync Era and Linea.
    Targeted assets: Volatile liquidity pools, particularly those using the CPMM model.
    Immediate impact: Over 700 ETH (roughly $6.9 million) funneled through Tornado Cash to hide tracks.

    Please Register !

    The Breach: How the Hacker Pulled It Off
    Attack vector: The attacker executed a flash-loan attack—borrowing a large amount briefly—and manipulated the fee-logic in Velocore’s CPMM pools to miscalculate balances, enabling massive unauthorized withdrawals.
    Assets drained: Close to 700 ETH and ~1.5 million USDT, later consolidated into about 1,807 ETH (~$6.9 M), then sent through Across Protocol and Tornado Cash to obfuscate origin.

    Please Register !


    Please Register !

    Immediate Defensive Measures
    Linea responded by pausing block production temporarily to halt the attack and investigate the flaw.
    Velocore clarified that its stablecoin pools remained unaffected and users could still withdraw funds from them.

    Please Register !

    Ongoing Recovery & White‑Hat Bounty Offer
    Coordination efforts: Velocore is working alongside security experts (e.g., Hacken, Zokyo, Scalebit, Hexagate, Hypernative) and has asked CEXs to freeze stolen funds.
    White-hat incentive: An on-chain message offered a 10% bug bounty if the hacker returns the remaining loot by June 3.
    *Investigation: They’ve initiated tracking of exploiter wallets and set up post-mortem reviews to reinforce security.

    Please Register !

    Broader Implications for DeFi
    Smart contract vigilance: Even audited protocols (Velocore had audits from Zokyo, Hacken, Scalebit) can be vulnerable due to complex fee logic and boundary check failures.
    Flash‑loan threat: These attacks are on the rise, exploiting briefly funded but powerful operations—bridging assets and exploiting transient loopholes.
    Cross‑chain laundering: The route through Tornado Cash highlights how stolen funds are quickly disguised across chains.

    Please Register !

    Advice for DeFi Participants
    Exercise caution with new or volatile liquidity pools—use small trial deposits first.
    Monitor dev announcements for contract changes, bounties, or recovery plans.
    Avoid storing large assets in freshly deployed or audited-but-risky environments.
    Stay informed via security forums and on-chain scanning tools for suspicious fund flows.

    Please Register !

    Takeaways & Moving Forward
    Even matured DeFi platforms aren’t immune—comprehensive audits aren't enough without rigorous logic testing.
    Breaches like these erode user trust in zk-rollup ecosystems, prompting calls for more robust security frameworks.
    Community-driven initiatives—bounties, transparent reporting, collaboration with CEXs—can help contain damage and perhaps recover assets.
    0 comments
    1.5k views
    Read more...
    Records

    Critical Flaw in Kraken’s Stellar XLM Integration—$3 Million Withdrawn Pre-Fix

    Please Register !

    Snapshot
    What happened: A serious vulnerability in Kraken’s Stellar (XLM) support allowed users to withdraw funds unexpectedly.
    Impact: Approximately $3 million of XLM exited the exchange before Kraken implemented a repair.
    Who is affected: Primarily XLM users on Kraken—especially those with vaults linked to the flawed integration.

    Please Register !

    Full Story
    Earlier this month, Kraken discovered a significant bug in its Stellar XLM wallet implementation. This glitch permitted some users to extract more tokens than they deposited, effectively enabling unauthorized withdrawals.

    Please Register !

    Estimated losses reached around $3 million worth of XLM before Kraken identified the issue and applied the fix. The exchange has yet to reveal how many accounts were involved or whether insiders partook in the exploitation.

    Please Register !

    Attack Timeline & Kraken’s Response
    Bug detected: Stellar wallet logic within Kraken failed to validate certain transaction parameters.
    Unauthorized
    withdrawals executed over a brief window.
    Kraken patches vulnerability after internal alerts or external reports triggered investigation.
    Partial reimbursements? Kraken signalled that affected wallets might be compensated, but official confirmation is pending.

    Please Register !

    Root Cause & Technical Note
    Stellar operates with distinct transaction structures and multi-signature rules. The flaw seems to have arisen from incomplete checks around memo fields, sequence numbers, or multi-sig thresholds, allowing malformed or repeated messages to process wrongfully. This follows earlier Stellar incidents (e.g., Trust Wallet discovered a related bug)

    Please Register !

    Wider Implications
    Stellar ecosystem risk: XLM’s technology, while efficient, has shown vulnerabilities before—highlighted through chain mishandles and Stellar Foundation’s past inflation bug .
    Exchange due diligence: Even well-established platforms like Kraken can suffer from complex cross-chain logic errors.
    User caution urged: Always use small test transfers when working with new or upgraded wallet infrastructure.

    Please Register !

    What Kraken Has Done
    Patch deployed within 48 hours of detection.
    Internal audit underway to understand exploit origin.
    Communication to users affected via email.
    Reviewing compensation plans, though no official numbers on reimbursement yet.

    Please Register !

    Expert Sentiment

    Please Register !

    They emphasized the need for rigorous cross-chain auditing, especially when integrating assets like XLM whose structure differs subtly from ERC‑20 or UTXO models.

    Please Register !

    Actions for Kraken Users
    Do not send bulk funds to Stellar wallets until Kraken confirms full security.
    Enable multi-factor authentication and maintain minimal on‑exchange balances.
    If you suspect your account was affected, contact support immediately for investigation.

    Please Register !

    Bigger Picture
    This XLM incident is part of a growing trend:
    Earlier this year, North Korean-backed hackers drained billions from major platforms.
    State actor-linked breaches are rising .
    The continuing shift towards bug bounty programs (like Trust Wallet’s recent patch) signals industry-wide recognition of mounting security risks.

    Please Register !

    Conclusion
    The $3 million XLM leak underscores:
    How subtle transaction logic errors can lead to major financial damage.
    That no exchange is immune, regardless of its reputation.
    The importance of layered security—for users and platforms alike.

    Please Register !

    Users should proceed cautiously, while exchanges must tighten auditing and validation processes around cross-network token support.
    0 comments
    1.6k views
    Read more...
    Records

    Nobitex Resumes Operations After Devastating Hack — What Crypto Users in Iran Should Know

    The largest Iranian crypto exchange, Nobitex, is slowly getting back on its feet after falling victim to a politically charged cyberattack. The incident, which caused an estimated $100 million in damage, has triggered a chain of security updates, policy shifts, and a phased return of services — but only for verified users.

    Please Register !

    Major Cyberattack Disrupts Iran’s Leading Crypto Platform
    Earlier this month, Nobitex was compromised by a cyberattack linked to the pro-Israel hacker collective Gonjeshke Darande. The attackers claimed responsibility for the breach and reportedly destroyed $90 million worth of digital assets, while also leaking the platform’s full source code.

    Please Register !

    The attack was not merely financial — it was a politically motivated strike, reflecting escalating tensions between Iran and Israel. Nobitex, known for being deeply integrated into Iran’s digital finance ecosystem, was targeted due to alleged ties to the Iranian government and malicious entities, according to the hackers.

    Please Register !

    Wallet Migration Underway – What Users Need to Know
    Nobitex has since confirmed that it is migrating to a new wallet infrastructure, urging users not to send any funds to old addresses:

    Please Register !

    Please Register !

    Only users who have completed KYC (identity verification) will be allowed to access their wallets initially, with spot market traders prioritized in the recovery process.

    Please Register !

    Gradual Reopening – Withdrawals Start First
    According to a post published on X (formerly Twitter) on June 30, Nobitex announced that:
    Withdrawal services are now being re-enabled.
    Trading and deposits will return in phases, though no clear timeline has been offered yet.

    Please Register !

    Chainalysis Reveals Deeper Ties to Iranian Crypto Network
    A recent report from Chainalysis, a blockchain analytics firm, highlights Nobitex’s crucial role in Iran’s crypto economy:
    The platform processed $11 billion in inflows.
    By comparison, the next 10 largest Iranian exchanges handled only $7.5 billion combined.
    The report also suggested links between Nobitex and blacklisted or sanctioned groups, raising questions about its wider operations.

    Please Register !

    Iran Imposes New Crypto Restrictions Post-Hack
    In the wake of the breach, Iranian regulators have tightened restrictions on local crypto exchanges. All domestic platforms, including Nobitex, are now only permitted to operate during limited business hours: 10 AM to 8 PM.

    Please Register !

    State-Sponsored Cyber Warfare Accelerates in 2025
    The Nobitex incident is just one of many state-linked hacks that have escalated in 2025. According to security reports:
    North Korean groups are responsible for around 70% of global crypto-related losses this year.
    In February, North Korean attackers looted $1.5 billion from Bybit.
    AI-powered tools like ChatGPT are allegedly being used by these cybercriminals to craft sophisticated attacks, according to South Korean intelligence.

    Please Register !

    What This Means for Crypto in High-Risk Zones
    The Nobitex case serves as a sobering reminder of how politics and digital finance are increasingly intertwined. For users in regions with tense geopolitical climates, trust in crypto platforms is no longer just about security protocols — it's about political exposure.
    As the platform slowly comes back online, Iranian crypto users should stay cautious, avoid depositing to outdated addresses, and prioritize verification processes to ensure access to remaining funds.
    0 comments
    1.6k views
    Read more...
    Records

    Barclays Bans Crypto Purchases via Credit Cards Starting Last Friday – What It Means for UK Users

    Please Register !

    In a surprising yet calculated move, Barclays has announced that starting Friday, it will block all cryptocurrency-related transactions made through its Barclaycard credit cards. This decision is making waves across the UK, as discussions heat up on whether buying crypto with credit cards should be allowed at all.

    Please Register !

    Why Is Barclays Blocking Crypto Transactions?
    According to official information from Barclays’ website, the bank is concerned about the extreme price volatility of cryptocurrencies and the lack of regulatory protection for users. In a public statement, Barclays explained:

    Please Register !

    Please Register !

    Additionally, the bank pointed out a significant legal gap:

    Please Register !

    When asked for further comments on the matter, a Barclays representative declined to elaborate.

    Please Register !

    A History of Crypto-Friendly Policies – Now Reversed
    Since 2018, Barclays has permitted crypto transactions through its credit cards, allowing users to buy digital currencies on popular exchanges. As of last year, Barclays was managing over five million credit card accounts in the UK alone.
    But this decision marks a complete reversal, and it aligns with a broader national conversation around the risks of using credit for speculative financial activities.

    Please Register !

    UK Financial Watchdog Steps In
    On May 2nd, the Financial Conduct Authority (FCA) released a discussion paper, asking whether restrictions on crypto purchases using credit should be enforced more broadly:

    Please Register !

    This paper has intensified the ongoing regulatory debate, especially as banks start taking individual action ahead of government mandates.

    Please Register !

    Payments Association Pushes Back Against FCA’s Suggestion
    The Payments Association, a London-based industry group, has voiced strong opposition to these restrictions. In a formal response to the FCA, they argued that such limitations may create unfair comparisons between cryptocurrency investments and gambling:

    Please Register !

    Please Register !

    The Association also emphasized that controls are already in place to limit high-risk purchases using credit, and for some individuals, credit cards may be the only viable payment option if banks block cash-based transactions.

    Please Register !

    Credit Card Crypto Transactions = Higher Fees?
    It’s worth noting that purchasing cryptocurrency with a credit card often involves hidden costs. As reported by Bankrate, many credit card companies classify such transactions as cash advances, resulting in:
    Higher interest rates
    Immediate transaction fees
    No grace period for repayment
    These financial penalties only add to the risk profile Barclays and regulators are concerned about.

    Please Register !

    Final Thoughts
    Barclays’ decision is a major turning point in the UK’s evolving stance on crypto accessibility. While some see it as a necessary step to protect consumers from risky debt, others argue it’s a step backward for financial freedom.
    This development could be a precursor to broader restrictions, especially if the FCA decides to move forward with tighter regulations in the coming months.
    0 comments
    1.6k views
    Read more...
    Records

    Boost Your Crypto Strategy with ChatGPT: Smart Trading, Signals & Sentiment Analysis

    Please Register !

    Key Takeaways:

    Please Register !

    Enhance Your Analysis – ChatGPT helps interpret market data, summarize sentiment, and draft trading strategies.

    Please Register !

    Real-World Applications – Traders use it for bot development, technical analysis, and backtesting.

    Please Register !

    AI + Human Insight – Best used alongside tools like TradingView and LunarCrush, not as a standalone solution.

    Please Register !

    Know the Limits – No real-time data; always verify with external sources.

    Please Register !

    Hybrid Workflow – Combine ChatGPT with crypto platforms for maximum efficiency.

    Please Register !

    Why ChatGPT is a Game-Changer for Crypto Traders
    The crypto market moves fast—prices shift, news breaks, and sentiment changes in seconds. Keeping up manually is nearly impossible. That’s where ChatGPT comes in!
    This AI tool can:
    ✔ Summarize market news in seconds
    ✔ Decode on-chain data for hidden trends
    ✔ Compare token metrics to spot opportunities
    ✔ Analyze sentiment shifts across social media
    Whether you're a beginner or a pro trader, ChatGPT can speed up research and refine your strategy.

    Please Register !

    How ChatGPT Works in Crypto Analysis
    ChatGPT is an AI language model trained on vast datasets. It can:
    Explain technical indicators (RSI, MACD, Bollinger Bands)
    Summarize social sentiment (from Reddit, X, news)
    Generate trading strategies (swing, scalping, hodling)
    Simulate market scenarios ("What if Bitcoin drops 20%?")
    ⚠ Important: ChatGPT does not predict prices—it provides hypothetical insights based on past patterns. Always cross-check with real-time data.

    Please Register !

    Step-by-Step Guide: Using ChatGPT for Crypto Trading

    Please Register !

    Define Your Goal
    Before asking ChatGPT, know what you want:
    Market entry timing?
    Coin research?
    Strategy backtesting?
    Example Prompt:
    "Explain if now is a good time to buy Ethereum based on RSI and MACD."

    Please Register !

    Craft Clear Prompts
    Better prompts = better answers. Be specific!
    Good Prompts:
    "Summarize Bitcoin sentiment from Reddit and X in the last 48 hours."
    *"Create a scalping strategy using RSI and 5-minute charts."*

    Please Register !

    Pro Tip: Ask for step-by-step logic to understand ChatGPT’s reasoning.

    Please Register !

    Analyze Technical Indicators
    ChatGPT can explain:
    RSI (Overbought/Oversold)
    MACD (Trend Strength)
    Fibonacci Levels (Support/Resistance)
    Example:
    "BTC’s RSI is 72, MACD shows bullish crossover—what does this mean?"

    Please Register !

    Gauge Market Sentiment
    Fear & greed drive crypto. Ask ChatGPT to:
    Summarize social media buzz
    Detect FOMO or panic
    Example:
    "What’s the current sentiment around Solana based on recent tweets?"

    Please Register !

    Backtest Strategies (Conceptually)
    While ChatGPT can’t run live backtests, it can simulate past performance.
    Example:
    *"How would a 50/200 MA crossover strategy have worked for ETH in 2021?"*

    Please Register !

    Simulate Market Scenarios
    Test "what-if" situations:
    "How might Bitcoin react if the Fed raises rates?"
    "What could happen to altcoins if BTC drops 15%?"

    Please Register !

    Best ChatGPT Prompts for Crypto Traders
    Use Case Example Prompt Swing Trading "Build an RSI-based swing strategy for XRP with stop-loss rules." Market Summary "Summarize BTC, ETH, SOL price action, volume, and news this week." On-Chain Analysis "Compare Polygon & Avalanche by active wallets and gas fees." Regulatory Impact "How could new stablecoin laws affect DeFi platforms?"

    Please Register !

    Benefits of ChatGPT for Crypto Trading

    Please Register !

    Fast Research – Get summaries in seconds.

    Please Register !

    No Coding Needed – Easy for beginners.

    Please Register !

    Multi-Purpose – Covers technical, fundamental, and sentiment analysis.

    Please Register !

    Custom Strategies – Tailor prompts to your trading style.
    ⚠ Limitations to Watch Out For

    Please Register !

    No Real-Time Data – Always verify with CoinGecko, TradingView, etc.

    Please Register !

    Not Financial Advice – Use AI insights as a guide, not gospel.

    Please Register !

    Prompt Dependency – Better questions = better answers.

    Please Register !

    Supercharge ChatGPT with These Tools
    Live Data: CoinMarketCap, Glassnode
    Charting: TradingView, CoinGlass
    Sentiment: LunarCrush, Santiment
    Automation: Zapier, Python bots

    Please Register !

    Final Thoughts
    ChatGPT is a powerful assistant, not a replacement for due diligence. Pair it with real-time tools and your own analysis for the best results.

    Please Register !

    Start experimenting today and refine your crypto strategy with AI!
    0 comments
    1.3k views
    Read more...
    Records

    Insider Sabotage: Ex-Employee Behind $2M Bedrock UniBTC Breach Uncovered

    Please Register !

    What Happened?
    Fuzzland, a well-known smart contract auditing platform, has revealed that a former team member orchestrated a major breach against Bedrock’s UniBTC protocol — resulting in $2 million in losses. The shocking disclosure came through a detailed transparency report published in June 2025.

    Please Register !

    How the Attack Unfolded
    According to Fuzzland, the breach took place in September 2024 and was made possible due to:
    Insider access — The attacker had access to internal systems.
    Malware implantation — Malicious code was secretly deployed on developer machines.
    Advanced persistent threat tactics — Techniques designed for long-term covert operations.
    Supply chain attacks — The codebase was compromised at a foundational level.
    Social engineering — Human manipulation led to sensitive information leaks.

    Please Register !

    The former employee inserted a backdoor that remained undetected for weeks, allowing them to monitor discussions and act on vulnerabilities mentioned during internal emergency meetings.

    Please Register !

    Missed Opportunity to Prevent the Exploit
    Fuzzland stated that the flaw in the UniBTC protocol was initially detected internally but dismissed due to false positives — a costly mistake. The vulnerability was also flagged in an external

    Please Register !

    , but by then, the attacker had already acted.

    Please Register !

    Compensation and Investigation
    Fuzzland has since fully compensated Bedrock for the $2 million loss. Additionally, they’ve:
    Partnered with ZeroShadow for a joint investigation

    Please Register !


    Involved Chinese authorities and the FBI for criminal investigation

    Please Register !

    Please Register !


    Collaborated with Seal 911 and SlowMist to improve global Web3 security protocols

    Please Register !


    Please Register !

    The firm emphasized that no customer data was compromised, as the breach occurred in an isolated internal environment.

    Please Register !

    Bedrock Stays Strong Despite the Hack
    Bedrock, known for its multi-asset restaking solutions like UniBTC, UniETH, and UniLOTX, saw one of its main products exploited. On September 27, 2024, the platform confirmed that $2 million in liquidity was drained from UniBTC pools on its DEX.
    <foto>

    Please Register !

    Surprisingly, despite the setback, Bedrock’s Total Value Locked (TVL) grew from $240 million in September 2024 to $535 million as of June 2025, according to

    Please Register !

    .

    Please Register !

    Crypto Attacks on the Rise in 2025
    This revelation comes amid a broader trend: a surge in social engineering and phishing-based crypto hacks. According to a

    Please Register !

    :

    Please Register !

    CertiK’s co-founder, Ronghui Gu, noted that hackers are increasingly abandoning direct code exploits in favor of manipulating people — a shift in strategy that’s proving alarmingly effective.

    Please Register !

    What Can We Learn?
    This incident highlights several urgent lessons:
    Internal security is just as crucial as external safeguards.
    False positives in vulnerability reports must be revisited with care.
    Malware detection and employee monitoring tools should be prioritized in security stacks.
    The importance of collaboration between security firms and law enforcement in tackling insider threats cannot be understated.
    0 comments
    1.3k views
    Read more...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

spacer.png

Disable AdBlock
The popup will be closed in 5 seconds...