hack
945,029 visningar
577 diskuterar
Rekommenderas
Senaste
#Hack #ResolvLabs
⏳ Ultimatum: Resolv gives hacker 72 hours to return $25 million
The situation surrounding the Resolv Labs hack on Sunday has been resolved in a “bounty or war” format. The Abu Dhabi-based stablecoin issuer has made an official demand to the attacker.
📜 Terms of the deal:
• Offer: The hacker can keep 10% ($2.5 million) as a reward for “white hat” activity.
• Demand: Return 90% of the funds (~$22.5 million in $ETH ) and all remaining USR tokens to the specified address.
• Deadline: Thursday, March 26.
🚨 What will happen in case of refusal?
Resolv is determined. If the funds are not returned, the company will involve:
1. Law enforcement and legal prosecution.
2. Blockchain analysts to publicly track each transaction.
3. Exchanges and bridges to completely freeze the hacker's assets.
🔍 How did the hack happen?
Experts have identified a critical vulnerability: the privileged role of minting (token creation) was controlled by only one wallet without multisigs, limits, or oracle checks. The hacker deposited $200k and “drawn” 80 million USR for himself, which he promptly converted into 11,409 $ETH .
🛡 What about users?
Resolv Digital Assets has already opened the possibility of redemptions for verified users who held USR at the time of the incident. Others are promised an update later.
⏳ Ultimatum: Resolv gives hacker 72 hours to return $25 million
The situation surrounding the Resolv Labs hack on Sunday has been resolved in a “bounty or war” format. The Abu Dhabi-based stablecoin issuer has made an official demand to the attacker.
📜 Terms of the deal:
• Offer: The hacker can keep 10% ($2.5 million) as a reward for “white hat” activity.
• Demand: Return 90% of the funds (~$22.5 million in $ETH ) and all remaining USR tokens to the specified address.
• Deadline: Thursday, March 26.
🚨 What will happen in case of refusal?
Resolv is determined. If the funds are not returned, the company will involve:
1. Law enforcement and legal prosecution.
2. Blockchain analysts to publicly track each transaction.
3. Exchanges and bridges to completely freeze the hacker's assets.
🔍 How did the hack happen?
Experts have identified a critical vulnerability: the privileged role of minting (token creation) was controlled by only one wallet without multisigs, limits, or oracle checks. The hacker deposited $200k and “drawn” 80 million USR for himself, which he promptly converted into 11,409 $ETH .
🛡 What about users?
Resolv Digital Assets has already opened the possibility of redemptions for verified users who held USR at the time of the incident. Others are promised an update later.
🚨 STABLECOIN NIGHTMARE JUST UNFOLDED 🚨
Resolv Labs stablecoin collapses 80% after a $23M exploit. This wasn’t volatility. This was a failure of trust.
1. Attackers used compromised private keys. Result? They minted 80M unbacked $USR with almost no collateral. That’s instant dilution.
2. Once confidence breaks… Liquidity vanishes. Price collapses. Death spiral begins.
3. $23M drained. But the real damage? Contagion across DeFi vaults.
4. This is the dark side of crypto: Smart contracts + key risk = catastrophic failure. No bailout. No safety net.
5. Stablecoin ≠ always stable. If backing fails… it becomes just another token.
6. Lessons: → Security is EVERYTHING
→ Trust is fragile
→ Risk management matters more than hype Survival in crypto isn’t about chasing gains… It’s about avoiding blow-ups.
#Crypto #DeFi #Stablecoins #Hack #Blockchain
Resolv Labs stablecoin collapses 80% after a $23M exploit. This wasn’t volatility. This was a failure of trust.
1. Attackers used compromised private keys. Result? They minted 80M unbacked $USR with almost no collateral. That’s instant dilution.
2. Once confidence breaks… Liquidity vanishes. Price collapses. Death spiral begins.
3. $23M drained. But the real damage? Contagion across DeFi vaults.
4. This is the dark side of crypto: Smart contracts + key risk = catastrophic failure. No bailout. No safety net.
5. Stablecoin ≠ always stable. If backing fails… it becomes just another token.
6. Lessons: → Security is EVERYTHING
→ Trust is fragile
→ Risk management matters more than hype Survival in crypto isn’t about chasing gains… It’s about avoiding blow-ups.
#Crypto #DeFi #Stablecoins #Hack #Blockchain
$🚨 DEFI NIGHTMARE JUST UNFOLDED… 🚨
Resolv Labs has officially paused its protocol after a massive exploit shook the ecosystem 💀
An attacker minted 50–80 MILLION unbacked $USR out of thin air…
Then swapped it into USDC, USDT & ETH like a pro exit scam 🐍
💸 Estimated damage: ~$25 MILLION drained
📉 Result: $USR completely de pegged
This wasn’t just a hack…
This was a liquidity execution ⚔️
👉 Lessons for investors:
• “Stable” doesn’t mean safe ❌
• Always check protocol backing & audits 🔍
• If minting isn’t controlled… it’s a ticking bomb 💣
Whales don’t warn you…
They just take your liquidity silently 🐋
Stay sharp. Stay skeptical.
#defi #hack
#Injective🔥
Resolv Labs has officially paused its protocol after a massive exploit shook the ecosystem 💀
An attacker minted 50–80 MILLION unbacked $USR out of thin air…
Then swapped it into USDC, USDT & ETH like a pro exit scam 🐍
💸 Estimated damage: ~$25 MILLION drained
📉 Result: $USR completely de pegged
This wasn’t just a hack…
This was a liquidity execution ⚔️
👉 Lessons for investors:
• “Stable” doesn’t mean safe ❌
• Always check protocol backing & audits 🔍
• If minting isn’t controlled… it’s a ticking bomb 💣
Whales don’t warn you…
They just take your liquidity silently 🐋
Stay sharp. Stay skeptical.
#defi #hack
#Injective🔥
🚨 USR Collapse: $80M Mint Exploit Hits Resolv
Resolv Protocol suffered a critical smart contract exploit, allowing an attacker to mint over $80M USR with zero collateral 💥
With just $200K, the attacker cashed out ~$23.8M in under 3 hours
USR lost its peg hard, crashing to ~$0.14 and shaking DeFi markets ⚠️
Root cause: broken mint logic with no validation + a single privileged wallet
This proves one thing — protocols don’t need a bear market to collapse… just flawed logic 👀
💭 What do you think — bug or insider job? Drop your thoughts below! 👇
$RESOLV #DeFi #Stablecoin #Hack #Security
Resolv Protocol suffered a critical smart contract exploit, allowing an attacker to mint over $80M USR with zero collateral 💥
With just $200K, the attacker cashed out ~$23.8M in under 3 hours
USR lost its peg hard, crashing to ~$0.14 and shaking DeFi markets ⚠️
Root cause: broken mint logic with no validation + a single privileged wallet
This proves one thing — protocols don’t need a bear market to collapse… just flawed logic 👀
💭 What do you think — bug or insider job? Drop your thoughts below! 👇
$RESOLV #DeFi #Stablecoin #Hack #Security
RESOLV LABS HIT BY MASSIVE HACK $USR 🚨
News Bulletin: Resolv Labs has confirmed a critical security breach, halting all protocol functions. The exploit resulted in the illegal minting of $80 million in USR stablecoin, with approximately $4.55 million already converted to ETH. The protocol is locked down, preventing further trading or liquidation, as the team undertakes a lengthy audit and fix process.
WHALES ARE BRUTALLY LIQUIDATING POSITIONS. DUMP EVERYTHING. ABSOLUTE PANIC SELLING MODE ACTIVATED. SELL NOW BEFORE IT GOES TO ZERO. DO NOT HESITATE.
Not financial advice. Manage your risk.
#DeFi #Crypto #Hack #Security #Stablecoin
💥
News Bulletin: Resolv Labs has confirmed a critical security breach, halting all protocol functions. The exploit resulted in the illegal minting of $80 million in USR stablecoin, with approximately $4.55 million already converted to ETH. The protocol is locked down, preventing further trading or liquidation, as the team undertakes a lengthy audit and fix process.
WHALES ARE BRUTALLY LIQUIDATING POSITIONS. DUMP EVERYTHING. ABSOLUTE PANIC SELLING MODE ACTIVATED. SELL NOW BEFORE IT GOES TO ZERO. DO NOT HESITATE.
Not financial advice. Manage your risk.
#DeFi #Crypto #Hack #Security #Stablecoin
💥
🚨 $23,660,000 اختفت في دقائق… و”عملة مستقرة” انهارت -69%!
💀 ما حدث اليوم مرعب:
اختراق Resolv Protocol
سرقة 11,422 $ETH
انهيار USR stablecoin
من $1.00 → $0.29 خلال دقائق!
➡️ “Stablecoin” لم تعد مستقرة…
🧠 كيف حدث هذا؟ (باختصار مرعب)
المهاجم:
استغل ثغرة في الـsmart contract
سحب الضمان (ETH)
بدون حرق USR
= فجأة … العملة أصبحت “بدون قيمة”
📉 النتيجة الكارثية:
حاملو USR: -70% في دقائق
مزوّدو السيولة: خسائر مضاعفة
البروتوكول؟ انتهى عملياً
➡️ ضربة واحدة = مسح ثروة
⚠️ هذا ليس أول مرة…
تذكّر:
Terra ($LUNA ) → $40B اختفت
واليوم USR
➡️ نفس القصة… تتكرر
💡 الحقيقة القاسية:
ليس كل Stablecoin آمن
USDT / USDC → “أكثر أمان نسبياً”
Algorithmic → قنابل موقوتة 💣
😨 الرسالة للسوق:
إذا كان $1 يمكن أن يصبح $0.29…
فأنت لا تملك “استقرار”
أنت تملك مخاطرة مخفية
💬 السؤال:
بعد هذا…
هل ما زلت تثق في DeFi Stablecoins؟
🟢 نعم (لكن الكبار فقط)
🟡 بحذر شديد
🔴 انتهى … لن ألمسها
👇 رأيك
#crypto #DeFi #Stablecoin #Hack #Ethereum
⚠️ Not your keys ≠ Not your risk
💀 ما حدث اليوم مرعب:
اختراق Resolv Protocol
سرقة 11,422 $ETH
انهيار USR stablecoin
من $1.00 → $0.29 خلال دقائق!
➡️ “Stablecoin” لم تعد مستقرة…
🧠 كيف حدث هذا؟ (باختصار مرعب)
المهاجم:
استغل ثغرة في الـsmart contract
سحب الضمان (ETH)
بدون حرق USR
= فجأة … العملة أصبحت “بدون قيمة”
📉 النتيجة الكارثية:
حاملو USR: -70% في دقائق
مزوّدو السيولة: خسائر مضاعفة
البروتوكول؟ انتهى عملياً
➡️ ضربة واحدة = مسح ثروة
⚠️ هذا ليس أول مرة…
تذكّر:
Terra ($LUNA ) → $40B اختفت
واليوم USR
➡️ نفس القصة… تتكرر
💡 الحقيقة القاسية:
ليس كل Stablecoin آمن
USDT / USDC → “أكثر أمان نسبياً”
Algorithmic → قنابل موقوتة 💣
😨 الرسالة للسوق:
إذا كان $1 يمكن أن يصبح $0.29…
فأنت لا تملك “استقرار”
أنت تملك مخاطرة مخفية
💬 السؤال:
بعد هذا…
هل ما زلت تثق في DeFi Stablecoins؟
🟢 نعم (لكن الكبار فقط)
🟡 بحذر شديد
🔴 انتهى … لن ألمسها
👇 رأيك
#crypto #DeFi #Stablecoin #Hack #Ethereum
⚠️ Not your keys ≠ Not your risk
🤦♂️🤯 ¡ERROR DE NOVATOS nivel Gobierno! Exponen por accidente claves de $4.8M en Cripto. 🚨
¡No es broma! 💀 En Corea del Sur, una oficina fiscal regional cometió el error máximo de seguridad cripto: filtraron accidentalmente la frase semilla (seed phrase) de una wallet que contenía $4.8 millones en activos incautados. 🔥💸
¿El resultado? Los fondos se "perdieron" (o mejor dicho, un "buen Samaritano" los movió a otra wallet antes de que los robaran).
Reflexiones clave:
'Not Your Keys, Not Your Coins' es LEY: Aplica para ti, para mí, ¡y para los gobiernos! No hay excepciones. 🔐
Necesidad de Custodia Profesional: Los estados NO están preparados para custodiar activos digitales ellos mismos. Corea del Sur ahora busca urgentemente custodios privados. 🏗️
Seguridad > Prisa: Un solo descuido puede costar millones. La educación en seguridad es lo más importante.
👇 Menciona a ese amigo que todavía guarda su frase semilla en una foto de WhatsApp 👇 ¡Enséñale este post!
#SeguridadCrypto #NotYourKeysNotYourCrypto #Hack #cripto #BinanceSquare
¡No es broma! 💀 En Corea del Sur, una oficina fiscal regional cometió el error máximo de seguridad cripto: filtraron accidentalmente la frase semilla (seed phrase) de una wallet que contenía $4.8 millones en activos incautados. 🔥💸
¿El resultado? Los fondos se "perdieron" (o mejor dicho, un "buen Samaritano" los movió a otra wallet antes de que los robaran).
Reflexiones clave:
'Not Your Keys, Not Your Coins' es LEY: Aplica para ti, para mí, ¡y para los gobiernos! No hay excepciones. 🔐
Necesidad de Custodia Profesional: Los estados NO están preparados para custodiar activos digitales ellos mismos. Corea del Sur ahora busca urgentemente custodios privados. 🏗️
Seguridad > Prisa: Un solo descuido puede costar millones. La educación en seguridad es lo más importante.
👇 Menciona a ese amigo que todavía guarda su frase semilla en una foto de WhatsApp 👇 ¡Enséñale este post!
#SeguridadCrypto #NotYourKeysNotYourCrypto #Hack #cripto #BinanceSquare
The details of the recent hack on Bybit are continuing to emerge. Hackers successfully stole around 135,000 Ethereum, worth approximately $335 million, from the platform's hot wallets. Investigations show that the hackers managed to launder 45,900 ETH (around $113 million) within a very short period. At this rate, it’s estimated that the remaining stolen Ethereum could be fully laundered in just 8 to 10 days.
In response, Bybit assured users that their funds are safe and that investigations into the attack are ongoing. The hackers have been using decentralized platforms to quickly launder the stolen Ethereum, highlighting the need for cryptocurrency exchanges and the broader crypto community to reassess their security measures.
#bybit #Hack
In response, Bybit assured users that their funds are safe and that investigations into the attack are ongoing. The hackers have been using decentralized platforms to quickly launder the stolen Ethereum, highlighting the need for cryptocurrency exchanges and the broader crypto community to reassess their security measures.
#bybit #Hack
⚠️ Beware of the new malware RatOn. It targets Android devices, hacks wallets (MetaMask, Trust, Phantom) and banking apps, and can even lock your screen for ransom. Active since July, spreading through fake TikTok apps.
When your whole life is on your phone, device security must come first. Get proper antivirus and run regular checks.
#scam #Android #Hack #tiktok #fake
When your whole life is on your phone, device security must come first. Get proper antivirus and run regular checks.
#scam #Android #Hack #tiktok #fake
#SBIGroup Crypto Loses $21M in Suspected North Korean #Hack
Blockchain investigator ZachXBT reported Wednesday that addresses linked to SBI Group Crypto lost approximately $21 million on September 24. The stolen funds included $BTC , $ETH , $LTC , $DOGE, and Bitcoin Cash, which were subsequently laundered through Tornado Cash.
SBI Crypto operates as a subsidiary of Japanese financial conglomerate SBI Group. The company did not immediately respond to requests for comment regarding the incident. Blockchain security firm Cyvers assisted #ZachXBT with the investigation.
The attack exhibits characteristics similar to other exploits connected to North Korean #hackers. Stolen funds were routed through instant exchanges before being deposited into Tornado Cash, a decentralized mixing protocol designed to obscure transaction origins.
ZachXBT has established a reputation as one of the most prolific cryptocurrency investigators, identifying numerous instances of illicit fund movements. In June, the sleuth reported that Iranian cryptocurrency exchange Nobitex appeared compromised for over $80 million across Tron and EVM-compatible chains.
Earlier this year, Arkham Intelligence attributed the Bybit hack involving over $1.5 billion to Lazarus Group, widely believed to operate under North Korean state sponsorship. The attribution cited information provided by ZachXBT.
#TornadoCash has faced sustained scrutiny as a platform enabling hackers to launder stolen funds. The Treasury Department's Office of Foreign Assets Control sanctioned the protocol in August 2022. Roman Storm faced charges in 2023 for conspiracy to commit money laundering and sanctions violations related to operating Tornado Cash.
Blockchain investigator ZachXBT reported Wednesday that addresses linked to SBI Group Crypto lost approximately $21 million on September 24. The stolen funds included $BTC , $ETH , $LTC , $DOGE, and Bitcoin Cash, which were subsequently laundered through Tornado Cash.
SBI Crypto operates as a subsidiary of Japanese financial conglomerate SBI Group. The company did not immediately respond to requests for comment regarding the incident. Blockchain security firm Cyvers assisted #ZachXBT with the investigation.
The attack exhibits characteristics similar to other exploits connected to North Korean #hackers. Stolen funds were routed through instant exchanges before being deposited into Tornado Cash, a decentralized mixing protocol designed to obscure transaction origins.
ZachXBT has established a reputation as one of the most prolific cryptocurrency investigators, identifying numerous instances of illicit fund movements. In June, the sleuth reported that Iranian cryptocurrency exchange Nobitex appeared compromised for over $80 million across Tron and EVM-compatible chains.
Earlier this year, Arkham Intelligence attributed the Bybit hack involving over $1.5 billion to Lazarus Group, widely believed to operate under North Korean state sponsorship. The attribution cited information provided by ZachXBT.
#TornadoCash has faced sustained scrutiny as a platform enabling hackers to launder stolen funds. The Treasury Department's Office of Foreign Assets Control sanctioned the protocol in August 2022. Roman Storm faced charges in 2023 for conspiracy to commit money laundering and sanctions violations related to operating Tornado Cash.
30.1K #BTC ($2.1B) of #Silk Road #hack funds controlled by US government is on the move right now.
0.001 BTC ($69) transferred to a Coinbase deposit address so it’s a test transfer possibly.
txn hash
9c3af4b48e66565f1da1da8278036fa1dbb09f2beaaca99c3504475390ba4590
Coinbase deposit address
3KrZVU9Jz4UKHpKUtuvkEMX1tY8zeiTvX2
0.001 BTC ($69) transferred to a Coinbase deposit address so it’s a test transfer possibly.
txn hash
9c3af4b48e66565f1da1da8278036fa1dbb09f2beaaca99c3504475390ba4590
Coinbase deposit address
3KrZVU9Jz4UKHpKUtuvkEMX1tY8zeiTvX2
MAKINA WIPED OUT. HUGE LOSS.
5,107,871 USDC GONE.
The multi-chain DeFi execution engine Makina was just hit hard on Ethereum. Attackers exploited a vulnerability. They manipulated pool prices. They inflated LP assets. Arbitrage attack executed. This is a massive blow. Don't get caught in the crossfire. Stay sharp.
Disclaimer: This is not financial advice.
#DeFi #Hack #CryptoNews 🚨
5,107,871 USDC GONE.
The multi-chain DeFi execution engine Makina was just hit hard on Ethereum. Attackers exploited a vulnerability. They manipulated pool prices. They inflated LP assets. Arbitrage attack executed. This is a massive blow. Don't get caught in the crossfire. Stay sharp.
Disclaimer: This is not financial advice.
#DeFi #Hack #CryptoNews 🚨
#ScrollCoFounderXAccountHacked
Bigger Lesson for Web3 Founders
🔐 #ScrollCoFounderXAccountHacked
This incident is another wake-up call for Web3 founders and teams. As public-facing figures, their accounts carry massive influence and are prime targets for hackers. A single compromised post can lead to financial losses for followers and reputational damage for projects. Best practices like hardware-based 2FA, limited access permissions, and rapid response protocols are no longer optional. For users, the key takeaway is simple: never trust announcements blindly—even from well-known founders—without cross-checking official project channels
#Hack #HackerAlert #Hacked
Bigger Lesson for Web3 Founders
🔐 #ScrollCoFounderXAccountHacked
This incident is another wake-up call for Web3 founders and teams. As public-facing figures, their accounts carry massive influence and are prime targets for hackers. A single compromised post can lead to financial losses for followers and reputational damage for projects. Best practices like hardware-based 2FA, limited access permissions, and rapid response protocols are no longer optional. For users, the key takeaway is simple: never trust announcements blindly—even from well-known founders—without cross-checking official project channels
#Hack #HackerAlert #Hacked
🔥 Scammers on the Rise: How the Meme Coin Boom on Solana Unlocked New Ways to Steal Millions 💸
🌐 The Crypto Market in Shock!
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.
💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.
🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).
🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲
🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈
🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.
👨💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.
⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.
💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.
🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).
🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲
🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈
🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.
👨💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.
⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana
North Korean Hackers Target Crypto with Nim-Based Malware Disguised as Zoom Updates
🔹 Fake Zoom meeting invites and update links deceive Web3 teams
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Gala Games CEO Attributes $23M Exploit to Internal Control Failures
Gala Games CEO Eric Schiermeyer has confirmed that a "security incident" led to the unauthorized sale of 600 million GALA tokens, worth approximately $23 million. The breach, which Schiermeyer attributed to "messed up" internal controls, has raised significant concerns within the blockchain gaming community.
Incident Overview
On May 20, at 7:32 pm UTC, blockchain observers reported the minting of 5 billion GALA tokens, valued at around $200 million at the time. The compromised wallet was selling the tokens in batches, leading to a sharp drop in GALA's price. The token hit a 24-hour low of $0.038, a 20% decrease from its daily high, before recovering slightly to $0.041, according to CoinGecko.
“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens,” Schiermeyer wrote in a May 20 post on X (formerly Twitter). He admitted, “We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again.”
Response and Mitigation
Gala Games quickly identified the compromise and revoked unauthorized access to the GALA contract. Schiermeyer assured users that the Ethereum contract was secure and had not been compromised. The company believes it has identified the person responsible and is collaborating with the FBI, the U.S. Justice Department, and international authorities to address the incident.
In a follow-up post on X, Gala Games announced that the security breach had been contained and the affected wallet frozen. However, details about the perpetrator and the method of access to the GALA contract remain undisclosed.
Ongoing Legal Disputes
This security incident occurs amid ongoing legal battles between Schiermeyer and Gala Games co-founder Wright Thurston. Both have filed lawsuits against each other, with Thurston accusing Schiermeyer of squandering millions in company assets, while Schiermeyer alleges that Thurston stole $130 million worth of GALA tokens.
Gala Games did not respond to requests for additional comments.
The incident underscores the critical need for robust internal controls and security measures in the cryptocurrency and blockchain industries, as companies continue to navigate complex technological and legal landscapes.
$GALA #GALA #GalaGames #hack
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Incident Overview
On May 20, at 7:32 pm UTC, blockchain observers reported the minting of 5 billion GALA tokens, valued at around $200 million at the time. The compromised wallet was selling the tokens in batches, leading to a sharp drop in GALA's price. The token hit a 24-hour low of $0.038, a 20% decrease from its daily high, before recovering slightly to $0.041, according to CoinGecko.
“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens,” Schiermeyer wrote in a May 20 post on X (formerly Twitter). He admitted, “We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again.”
Response and Mitigation
Gala Games quickly identified the compromise and revoked unauthorized access to the GALA contract. Schiermeyer assured users that the Ethereum contract was secure and had not been compromised. The company believes it has identified the person responsible and is collaborating with the FBI, the U.S. Justice Department, and international authorities to address the incident.
In a follow-up post on X, Gala Games announced that the security breach had been contained and the affected wallet frozen. However, details about the perpetrator and the method of access to the GALA contract remain undisclosed.
Ongoing Legal Disputes
This security incident occurs amid ongoing legal battles between Schiermeyer and Gala Games co-founder Wright Thurston. Both have filed lawsuits against each other, with Thurston accusing Schiermeyer of squandering millions in company assets, while Schiermeyer alleges that Thurston stole $130 million worth of GALA tokens.
Gala Games did not respond to requests for additional comments.
The incident underscores the critical need for robust internal controls and security measures in the cryptocurrency and blockchain industries, as companies continue to navigate complex technological and legal landscapes.
$GALA #GALA #GalaGames #hack
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Logga in för att utforska mer innehåll