hack

🌐 The Crypto Market in Shock!
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.

💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.

🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).

🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲

🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈

🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.

👨‍💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.

⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana

🔹 Fake Zoom meeting invites and update links deceive Web3 teams

🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques

🔹 Attackers steal browser data, passwords, and Telegram chats

Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.

The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.

NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.

🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.

Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it

🔹 Creates hidden files and folders that look like legitimate macOS system components

🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic

🔹 Delays execution for 10 minutes to avoid early detection by security software

Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.

Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.

#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“