CyberSecurity

🔹 For the first time in history, the U.S. Secret Service has publicly disclosed details of its global effort to fight cryptocurrency scams. According to their findings, the agency has seized nearly $400 million in digital assets over the past decade, mainly from sophisticated fraud rings using fake investment platforms.
🔹 At the center of these operations is the Global Investigative Operations Center, which tracks digital crime using advanced software, domain tracing, and patient analysis – without weapons or badges. Chief analyst Jamie Lam explained at a recent Bermuda meeting:

"They’ll send you a picture of a young investor, but behind it may be an old man in Russia."

How These Crypto Scams Work
The schemes are calculated: they start by offering victims small profits to build trust, only to disappear once larger sums are invested.
“People think they’re safe using Bitcoin, but that’s simply not true,” warned agent Smith during a training session for officials in Bermuda.
He pointed out that victims often see what appears to be a golden opportunity and don’t realize they’re falling into a trap.

Support from Coinbase and Tether – Seniors Lose Billions
Crypto scams have now become a major part of online crime. According to the FBI, $9.3 billion of the $16.6 billion in reported U.S. internet crimes in 2024 involved crypto. The most impacted group were seniors, who lost $2.8 billion – mostly through fake investment websites.
Fortunately, there have been successful recoveries. In one case, the Secret Service worked with Coinbase and Tether to recover $225 million in USDT, marking one of the largest fund recoveries in crypto history.

Strong Technology Requires Strong Investigations
Bermuda Governor Andrew Murdoch stated:

“Technology is a powerful engine of economic growth, but it’s also highly vulnerable to abuse. We need strong investigative tools to match the sophistication of digital criminals.”

#CryptoScams , #CryptoFraud , #CryptoCrime , #CyberSecurity , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

За даними компанії Koi Security, у магазині додатків Mozilla Firefox виявлено понад 40 шкідливих розширень, які маскуються під популярні криптогаманці, такі як MetaMask, Coinbase, Trust Wallet, Phantom, Exodus та OKX. Ці фальшиві додатки, активні з квітня 2025 року, крадуть облікові дані гаманців, зокрема мнемонічні фрази та приватні ключі, передаючи їх на сервери зловмисників. Деякі розширення досі доступні для завантаження, що становить серйозну загрозу для користувачів. Про це повідомляється у звіті Koi Security від 3 липня 2025 року.
Зловмисники використовують клоновані відкриті коди легітимних гаманців, додаючи шкідливий код, який непомітно викрадає дані. Для підвищення довіри вони створюють сотні фальшивих п’ятизіркових відгуків, що вводить в оману користувачів. Koi Security виявила ознаки, що вказують на російськомовну групу хакерів, зокрема коментарі російською у коді та підозрілі метадані. Користувачам рекомендують встановлювати розширення лише з перевірених джерел і використовувати списки дозволених додатків.
Цей інцидент підкреслює зростання кіберзагроз у криптоіндустрії. Слідкуйте за новинами, щоб захистити свої активи! Підписуйтесь на #MiningUpdates

*#CryptoTheft #FirefoxAlert #MaliciousExtensions #CyberSecurity #MetaMask #Coinbase

Brazil’s biggest banking breach ever just went down — over $180 million drained from top institutions like Bradesco and Credsystem using a flaw in C&M’s financial software. 🚨

Hackers hijacked bank accounts linked to BMP and instantly moved the funds out using Pix, Brazil’s instant payment system. From there, it was a crypto highway: USDT and BTC used to clean the stolen cash through local exchanges. 🧼💸

The Central Bank cut off access but didn’t report full losses. Insiders say it's already too late — the funds are gone. 🏴‍☠️

"If they don’t fix the core messaging system, this will happen again." — Rocelo Lopes, Smartpay CEO

Brazil’s banking system just got exposed on a massive scale.

#Bitcoin #CryptoNews #Brazil #HackAlert $BTC
$USDT $BNB
#Pix #Binance #CyberSecurity

🔹 Fake Zoom meeting invites and update links deceive Web3 teams

🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques

🔹 Attackers steal browser data, passwords, and Telegram chats

Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.

The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.

NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.

🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.

Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it

🔹 Creates hidden files and folders that look like legitimate macOS system components

🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic

🔹 Delays execution for 10 minutes to avoid early detection by security software

Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.

Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.

#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Typo in domain name leads to convincing phishing attack targeting US political circles

A Nigerian fraudster is accused of stealing $250,000 in cryptocurrency by impersonating a senior figure associated with Donald Trump's and J.D. Vance’s presidential inaugural committee, according to U.S. federal prosecutors.
The individual reportedly mimicked Steve Witkoff, co-chair of the Trump-Vance inaugural committee, and on December 24, 2024, sent a deceptive email from @t47lnaugural.com — subtly replacing the letter “i” in the real domain @t47inaugural.com with a lowercase “L”, which appears nearly identical in certain fonts.
Believing the email to be legitimate, the victim transferred 250,300 USDT.ETH, a dollar-pegged stablecoin on the Ethereum blockchain, to a crypto wallet controlled by the scammer just two days later. According to the U.S. Attorney’s Office for the District of Columbia, the FBI was able to trace the blockchain activity and recover $40,300 of the stolen funds, which are now subject to civil forfeiture.

AI, politics, and phishing: A new landscape for crypto fraud
Tether, the issuer of the USDT stablecoin, helped authorities freeze the stolen funds — part of a broader trend of cooperation in fighting crypto fraud. Last month, the company also supported a $225 million seizure related to a massive “pig butchering” investment scam involving multiple federal agencies.
Security experts say this scam represents a modern twist on an old tactic: phishing, updated for the crypto age. Criminals now exploit political figures and real-world events to build trust and urgency, making their scams more believable.
“This is pure opportunism — exploiting public trust, political sentiment, and the irreversible nature of crypto transactions,” said one crypto exchange CEO.
Experts warn that as AI and deepfake technologies improve, phishing schemes will become faster, more convincing, and scalable. Preventing these scams will require coordination among regulators, tech companies, financial institutions, and the crypto industry.
Another analyst noted that phishing remains the oldest trick in the book — still fooling victims across crypto, e-commerce, and online banking. Rather than hacking systems, scammers manipulate human emotion, triggering fear, greed, or FOMO.
While many blame cryptocurrencies themselves, security professionals point to traditional tools — like fake URLs and spoofed domains — that remain the backbone of most fraud. In legacy systems like VoIP and domain infrastructure, where KYC is weak, scammers continue to exploit these gaps just as they have for decades.

#Cryptoscam , #CyberSecurity , #PhishingAlert , #CryptoCrime , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

🔹 Over 40 fake extensions impersonating popular crypto wallets discovered

🔹 Attack is ongoing — malicious wallets still active with fake five-star reviews

🔹 Extensions steal seed phrases and track users' IP addresses

Firefox Becomes the Latest Target of Crypto Scams
Security researchers from Koi have uncovered a large-scale campaign targeting Firefox users through fake wallet extensions. These malicious add-ons mimic legitimate crypto wallets but are designed to steal private keys and monitor user activity.
The attack is still active, with several fake wallets remaining available in the official Firefox Add-ons Store. Experts warn that new fake versions continue to appear, often disguised with artificially boosted five-star ratings.

Tricking Casual Users with Familiar Logos
Attackers are targeting casual crypto users who often search for wallets directly through the browser’s extension marketplace. Fake extensions replicate the look and branding of popular wallets and deceive users into entering seed phrases and credentials.
“The attack is simple but highly effective — it preys on users who want quick access to crypto without verifying the source,” warns the SlowMist team.

Top Wallets Faked in the Campaign
Koi identified fake versions of major crypto wallets including:

🔹 MetaMask, Trust Wallet, Coinbase, Phantom, Exodus

🔹 OKX, Keplr, MyMonero, Bitget, Ethereum Wallet, Leap, and more
Over 40 malicious extensions were found, with new ones emerging regularly. Some remain active through unofficial links, and the campaign reportedly began around April 2025.
These extensions send stolen seed phrases and users’ IP addresses to attacker-controlled servers for further use and targeting.

Open-Source Code Reused for Malicious Purposes
Attackers cloned open-source code from legitimate wallets (e.g., MetaMask) and added malicious lines to harvest user data. They mimicked the original UI, logos, and behavior, making the extensions hard to distinguish from the real ones.
While previous scams focused on specific wallets, this campaign targeted multi-asset wallets widely used in DeFi, trading, NFTs, and on-chain tasks.

Russian Origin Suspected
Code analysis revealed Russian language comments, and metadata from one command-and-control server further indicated a Russian threat actor.

How to Stay Safe: Expert Recommendations
🔹 Avoid searching for wallets directly in extension marketplaces

🔹 Only install from official websites or verified sources

🔹 Do not trust five-star reviews — they may be fake

🔹 Use allowlist filters where possible to control installed extensions

Conclusion: Star Ratings Aren’t a Guarantee of Safety
This campaign highlights how attackers can exploit user trust and extension platforms’ verification systems. With fake reviews, authentic-looking design, and legitimate-sounding names, users are more vulnerable than ever.
If you use crypto wallets in Firefox, double-check your installed extensions now and remove anything not verified from an official source.

#CryptoSecurity , #CyberSecurity , #Cryptoscam , #CryptoNews , #CryptoCommunity

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The U.S. Department of the Treasury has intensified its fight against cybercrime, this time targeting the infrastructure itself — specifically Russian hosting provider Aeza Group, which is accused of offering safe haven services to ransomware operators and other criminal actors. Along with the company, cryptocurrency addresses linked to illegal activities have also been sanctioned.

Bulletproof Hosting Services Under Scrutiny
On July 1st, the U.S. Office of Foreign Assets Control (OFAC) sanctioned Aeza Group LLC, a Russian hosting provider known for its "bulletproof" services. These allegedly enabled cybercriminals to carry out large-scale ransomware attacks, data theft, and other malicious operations with high operational security.
⚙️ The sanctions also extend to Aeza International Ltd. in the United Kingdom and other affiliated entities, reflecting the international scope of the firm’s operations.
This action is part of a broader strategic shift: OFAC is targeting the infrastructure behind cybercrime, not just individual hackers. The move follows similar sanctions imposed on ZServers in February.

TRON Wallet Identified, Over $350K in Crypto Tracked
OFAC also named a specific TRON blockchain address tied to Aeza Group’s payment infrastructure. The wallet:

🔹 received funds via intermediaries

🔹 routed money to exchanges

🔹 also collected direct payments for hosting services
According to Chainalysis, over $350,000 in crypto has flowed through the address, with connections to darknet sellers of malware like infostealers — tools that hijack devices and steal user credentials.

Attacking the Supply Chain, Not Just the Hackers
This move signals a strategic evolution: rather than chasing cybercriminals after attacks occur, authorities are now undermining the support networks that keep them operational.
Aeza’s services were resilient to takedowns and law enforcement action, making them ideal for criminals who need persistent, anonymous infrastructure.
🎯 The objective is to disrupt the digital backbone enabling ransomware operations, data breaches, and other cyber threats — and make it harder for criminal networks to stay online.

What's Next in the Fight Against Cybercrime
The U.S. government has made it clear it will go after not only threat actors but also the ecosystem that empowers them. The sanctions on Aeza Group are another major step in a larger campaign to dismantle cybercriminal infrastructure at its root.

#CyberSecurity , #CryptoCrime , #CryptoSecurity , #CryptoNews , #StaySafe

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“