October 1, 2025 | 21:47Japanese crypto mining firm SBI Crypto has suffered a major security breach with approximately $21 million in digital assets stolen from its addresses. Blockchain investigator ZachXBT revealed the funds were laundered through the controversial mixing service Tornado Cash, with indicators pointing to North Korean involvement, marking the latest in a series of devastating crypto thefts that have plagued the industry in early 2024.
read moreLazarus Group
1 posts last week
North Korean Hackers Drain $1.2M from Seedify Gaming Bridge
North Korean state-affiliated hackers have struck again in the DeFi sector, compromising Web3 gaming incubator Seedify’s cross-chain bridge infrastructure to steal $1.2 million. The attack exploited a developer’s private key to mint unauthorized SFUND tokens, causing the platform’s native token to plummet 35% and revealing critical vulnerabilities in audited smart contracts. Blockchain investigators have confirmed links to the ongoing ‘Contagious Interview’ campaign, highlighting an increasingly aggressive DPRK offensive that has already claimed over 230 victims in 2024 alone.
read moreEthereum Smart Contracts Used in Malware Attack on Code Libraries
Software security firm ReversingLabs has identified malicious NPM packages using Ethereum smart contracts to download malware, marking a new evolution in cyber attacks targeting the crypto industry. The packages colortoolsv2 and mimelib2 contained scripts that retrieved second-stage malware via smart contract URLs, a technique previously unseen by researchers. The campaign is linked to a broader network of GitHub repositories posing as crypto trading tools, with fake commits and stars creating false legitimacy. Binance’s chief security officer confirmed that North Korean hackers, particularly the Lazarus group, are behind such attacks, which represent one of the top threats to crypto companies. These state-sponsored actors are believed responsible for 61% of all crypto stolen in 2024, totaling $1.3 billion. Major exchanges now share intelligence through secure channels to identify and mitigate these threats collectively.
read moreVenus Protocol Recovers $13.5M from Lazarus Phishing Attack
In a significant win against cybercrime, Venus Protocol assisted user Kuan Sun in recovering $13.5 million worth of cryptocurrency stolen through a phishing attack attributed to North Korea’s Lazarus Group. The platform immediately paused all operations upon detecting the incident on Tuesday, which effectively halted further unauthorized fund movements. Subsequent audits confirmed that Venus Protocol’s smart contracts and front-end systems remained uncompromised throughout the attack. The successful recovery, completed by Thursday, demonstrates how proactive security measures and rapid response protocols in DeFi can effectively combat even state-sponsored hacking attempts. This incident sets a precedent for decentralized platforms’ ability to protect users against sophisticated threats.
read moreUS Bill Revives 18th-Century Law to Fight Crypto Crime
House Resolution 4988, introduced by Representative David Schweikert, proposes using the constitutional mechanism of ‘letters of marque and reprisal’—historically used to authorize privateers during maritime warfare—to combat foreign crypto criminals. The legislation would allow private individuals or companies to act on behalf of the US government to recover stolen assets or disrupt cybercriminal operations targeting American interests. These authorized actors could use ‘all means reasonably necessary’ to seize assets or detain foreign actors, including those linked to state-sponsored networks like North Korea’s Lazarus Group. The bill comes amid a surge in high-profile crypto hacks, with over $1.5 billion stolen in 2025 alone, and current enforcement mechanisms proving inadequate. If enacted, this would create a new framework for cross-border crypto crime enforcement, shifting from intelligence gathering to active intervention by private actors.
read moreNorth Korean IT Workers Infiltrate Crypto Job Market
Blockchain investigator ZachXBT has uncovered a North Korean operation infiltrating the cryptocurrency job market using fake identities on platforms like Upwork and LinkedIn. A compromised device revealed how a small team of five IT workers managed over 30 fake profiles, using Google Drive for organization and Payoneer to convert earnings into crypto. The group is linked to a $680,000 exploit at Favrr and other high-profile hacks, including the $1.5 billion Bybit breach. Despite their lack of sophistication, their persistence and poor industry collaboration make them a persistent threat. The FBI has attributed major attacks like ‘TraderTraitor’ and the $44 million CoinDCX heist to North Korean operatives.
read moreNorth Korean Hackers Steal $1.6B in Crypto via Fake IT Jobs
North Korean hacking groups, including UNC4899 and TraderTraitor, have stolen $1.6 billion in cryptocurrency in 2025 by exploiting cloud systems through fake IT job offers. These groups use AI-generated lures and malware to infiltrate companies, often posing as recruiters or experts to build trust with targets. Google and Wiz report that the hackers have evolved their tactics since 2020, now focusing on cloud vulnerabilities in crypto firms. Notable breaches include the $620 million Axie Infinity hack and the $1.5 billion Bybit theft. Experts warn that North Korea’s investment in these capabilities ensures their continued dominance in crypto hacking.
read moreDeFi Lending Platform CrediX Loses $4.5M in Exploit
CrediX, a recently launched DeFi lending platform, was exploited for $4.5 million after an attacker gained control of an admin wallet with multiple critical roles, including BRIDGE and RISK_ADMIN. The stolen funds, including wrapped USDC tokens, were moved through protocols like deBridge Finance and Shadow Exchange. CrediX has pledged to reimburse users within 24-48 hours. This hack contributes to the alarming $3 billion lost to crypto exploits in 2025, with access-control vulnerabilities accounting for 59% of the losses. The rise in DeFi adoption and emerging technologies like AI underscores the urgent need for robust security measures to combat threats from hackers, insider risks, and human error.
read moreCoinDCX Denies Coinbase Buyout Rumors After Cyber Heist
Indian crypto exchange CoinDCX has dismissed reports of acquisition talks with US-based Coinbase, with CEO Sumit Gupta calling the claims ‘false rumors.’ The speculation followed a $44 million security breach allegedly orchestrated by North Korea’s Lazarus Group, which exploited API keys or backend misconfigurations. Despite the attack, CoinDCX remains a major player in India’s crypto market, managing over $161 million in assets. The exchange has launched an $11 million bounty program to recover stolen funds. Meanwhile, Coinbase, which re-entered India in March 2024, has not commented on expansion plans.
read moreCoinDCX Offers $11M Bounty After $44M Hack
CoinDCX disclosed a $44 million breach on July 19, targeting an operational liquidity account but sparing customer wallets. The exchange launched a 25% bounty (up to $11M) for recovery assistance, with blockchain analysts tracing funds to Ethereum and Solana addresses. The attack, potentially linked to North Korea’s Lazarus Group via Tornado Cash, mirrors past exploits like WazirX’s $235M hack in 2022. CoinDCX has engaged cybersecurity firms and regulators, emphasizing the need for stronger safeguards in centralized exchanges. Industry experts call for decentralized custody solutions and regulatory collaboration to mitigate future risks.
read more