October 1, 2025 | 21:47
CoinDCX, an Indian crypto exchange, was exploited for $44 million in an attack attributed to North Korea’s Lazarus Group. Blockchain security firm Cyvers identified the hackers’ use of cross-chain bridges and Tornado Cash to obscure transactions, a signature tactic of the group. The breach involved unauthorized access to internal liquidity accounts, likely via exposed API keys or misconfigurations. Despite segregated user funds, the attackers leveraged operational privileges to move assets between Solana and Ethereum. In response, CoinDCX launched a 25% bounty (up to $11M) for recovery assistance, while assuring users their assets remain safe. Lazarus Group has stolen over $1.6B in 2023 alone, including the Bybit hack.
read moreLazarus Group
1 posts last week
Tornado Cash Trial Begins: Storm Denies Ties to Hackers
The trial of Tornado Cash co-founder Roman Storm commenced with jury selection concluding in the US District Court for the Southern District of New York. Prosecutors accused Storm of enabling money laundering through the crypto mixer, specifically linking him to North Korea’s Lazarus Group, which allegedly laundered $600 million from the 2022 Ronin Bridge hack. Assistant US Attorney Kevin Mosley framed Tornado Cash as a ‘washing machine for dirty money,’ claiming Storm knowingly facilitated criminal activity. The defense countered that Storm had no direct involvement with hackers using the service. The case could set a precedent for liability in decentralized finance (DeFi) and crypto privacy tools.
read moreCrypto Hack Thwarted: $10M Saved from Lazarus Group Attack
Security researchers from Venn Network uncovered and mitigated a critical backdoor exploit affecting thousands of smart contracts, potentially saving over $10 million in crypto. The attack, suspected to be orchestrated by the North Korean Lazarus Group, targeted uninitialized ERC-1967 proxy contracts, allowing hijacking before proper setup. A rapid 36-hour rescue operation involved top developers like Pcaversaccio, Dedaub, and Seal 911 to secure vulnerable funds. The discovery highlights ongoing risks in DeFi and the importance of proactive security measures.
read moreGreece Seizes Crypto in $1.4B Bybit Hack Case
Greek authorities executed the country’s first crypto seizure after tracing funds linked to the $1.4 billion Bybit hack earlier this year. The Hellenic Anti-Money Laundering Authority froze a suspect wallet following a months-long investigation supported by Chainalysis. The breach, attributed to North Korea’s Lazarus Group, exploited vulnerabilities in Bybit’s private key management, leading to one of the largest crypto exchange thefts in history. The stolen Ethereum (ETH) was laundered through complex blockchain transactions, complicating recovery efforts. Greece’s success was enabled by its 2023 investment in Chainalysis Reactor, a blockchain tracing tool, along with training from local partner Performance Technologies. Officials tracked and froze the illicit assets, marking a milestone in digital crime prevention. The case highlights how blockchain transparency and international cooperation can counter sophisticated laundering tactics, reinforcing trust in crypto markets.
read moreJudge Blocks Key Crypto Ruling in Tornado Cash Trial
Judge Katherine Polk Failla ruled that the Van Loon v. Treasury decision, which found immutable smart contracts are not property, cannot be mentioned in Tornado Cash developer Roman Storm’s upcoming trial. Storm faces charges of money laundering, sanctions evasion, and operating an unlicensed money transmitter. The judge deemed the Van Loon case irrelevant and potentially confusing for jurors, despite its significance in limiting OFAC’s authority. The trial, beginning July 14, will test whether developers can be held criminally liable for how their code is used. Prosecutors argue Storm’s post-sanctions actions, including a $12 million token sale, demonstrate intent. If convicted, Storm could face up to 45 years in prison.
read moreJudge Limits Tornado Cash Sanctions Mention in Storm Trial
In a pivotal decision for Roman Storm’s criminal trial, Judge Katherine Failla suggested she would likely prohibit mentions of the 2022 US Treasury sanctions against Tornado Cash, since they were withdrawn in March 2024. While prosecutors may still reference North Korea’s Lazarus Group hackers, the exclusion of the sanctions could impact how the jury perceives the case. The sanctions, originally imposed by OFAC in August 2022, designated Tornado Cash addresses but were later repealed following a federal judge’s order in a separate civil case. This legal nuance highlights the ongoing tension between cryptocurrency privacy tools and regulatory enforcement.
read moreZachXBT Criticizes Ripple’s RLUSD and Circle’s USDC Compliance
Prominent blockchain investigator ZachXBT has criticized Ripple’s RLUSD and Circle’s USDC stablecoins, questioning their compliance and adoption strategies. ZachXBT accused RLUSD of relying on paid partnerships to simulate organic growth, though an XRP supporter defended its use within Ripple’s payment network. Meanwhile, ZachXBT alleged that North Korean operatives used USDC for illicit transactions, criticizing Circle’s compliance failures. RLUSD, launched in December 2024, has grown to a $455M market cap, while USDC remains the second-largest stablecoin. This isn’t the first time ZachXBT has targeted Circle, having previously accused it of delaying blacklists tied to North Korean hackers.
read moreFake ENA Token Exploit on Binance Launchpool Costs $290K
A fake ENA token was exploited on Binance Launchpool, leading to a loss of 480 BNB (~$290,000) shortly after the legitimate Ethena (ENA) token’s debut. The counterfeit token shared the same name, causing confusion and highlighting vulnerabilities in crypto offerings. Security firm PeckShield confirmed the token was fraudulent and unrelated to Ethena Labs. This incident follows broader concerns about DeFi security, including a recent $10M exploit on Prisma Finance and 2023’s $1.8B in crypto hacks. Ethena Labs, known for its USDe synthetic dollar protocol, had marked a milestone as Binance Launchpool’s 50th project before the exploit.
read moreHuione Guarantee Shutdown Shakes Digital Fraud Market
Huione Guarantee, a Cambodia-based Telegram platform facilitating cyber scams and money laundering, was dismantled in May 2025 after processing over $27 billion in USDT transactions. Authorities acted following an Elliptic investigation, leading to the freezing of Huione-linked wallets and Telegram channel removals. Vendors have since shifted to Tudou Guarantee, which now absorbs much of the illicit activity. The platform, originally intended for legitimate transactions, became a hub for fraud tools and stolen data. Despite Huione’s shutdown, similar darknet marketplaces remain active, highlighting the persistent challenge of crypto-enabled financial crime.
read moreFATF Report: Crypto Funds Sanctioned States’ Illicit Arms
The Financial Action Task Force (FATF) warns in its June 2025 report that cryptocurrencies are enabling sanctioned states such as North Korea and Iran to finance weapons programs through stolen digital assets. North Korea alone stole $1.4 billion from crypto exchange ByBit, using mixing services and unregulated platforms to launder funds. The report identifies groups like Lazarus as key players in these operations, while experts highlight emerging geopolitical coordination—such as Iran-Russia drone collaborations—fueled by crypto. Blockchain analytics firm Chainalysis provided critical evidence linking crypto transactions to illicit networks, including Chinese fentanyl suppliers tied to Mexican cartels. The FATF underscores crypto’s global accessibility and weak enforcement as major vulnerabilities exploited by bad actors.
read more