CyberSecurity

The crypto world has been shaken by another massive theft. An investor lost 783 BTC worth nearly $91 million in a single transaction after falling victim to fraudsters posing as customer support from a major crypto exchange and a hardware wallet provider.

A Perfectly Planned Scam
The incident occurred on August 19, 2025, at 11:06 UTC, according to blockchain investigator ZachXBT. The attackers tricked the investor into sharing access credentials, allowing them to drain the wallet within minutes.
Remarkably, the first address to which the stolen funds were sent appeared “clean,” with no prior ties to hacks or illicit activity. This suggests the attackers carefully planned the operation to avoid immediate detection.

Laundering Through Wasabi Wallet
A day after the theft, the stolen bitcoins began flowing into Wasabi Wallet, a privacy tool that uses CoinJoin. This technique mixes the funds with transactions from other users, obscuring the link between the victim and the thief.
According to analysts, the goal is clear: launder the coins until they appear “clean” enough to be sold on exchanges or through OTC brokers without raising suspicion. For now, small test amounts are being withdrawn, likely to check whether exchanges will freeze them before larger transfers occur.

Lazarus Group Ruled Out
While North Korea’s Lazarus Group has been behind some of the largest crypto heists in history, ZachXBT ruled them out in this case. Instead, he attributed the theft to independent scammers skilled in impersonation and social engineering, rather than state-sponsored hackers.
The timing has fueled speculation — the theft took place exactly one year after the $243 million hack targeting Genesis creditors in 2024. While there’s no evidence linking the two incidents, the anniversary sparked debate, with some seeing symbolic intent and others dismissing it as coincidence.

A Growing Wave of Social Engineering Attacks
This case underscores a disturbing reality: while Bitcoin runs on a transparent public ledger, privacy tools still give criminals powerful means to erase their digital fingerprints.
Social engineering scams have surged in 2025. Instead of exploiting technical vulnerabilities, attackers deceive victims into handing over passwords, seed phrases, or private keys.
In April 2025, U.S. crypto holders even received fake physical letters warning them that their wallets would be deactivated unless they immediately provided recovery phrases.Earlier this year, an elderly American lost over $330 million in BTC to a similar scam.
According to CertiK, over $3.1 billion was stolen in hacks and scams during just the first five months of 2025. If this pace continues, the total for the year could exceed $4 billion — significantly higher than in 2022.
Individual victims are increasingly targeted: these cases now account for 23.35% of all stolen funds. Whereas earlier attacks focused on exchanges, today hackers are going after private users. Currently, around $8.5 billion in crypto is being laundered on-chain.

✅ Summary: The $91 million bitcoin theft shows how easily scammers can exploit trust. Social engineering is emerging as one of the biggest threats to the crypto industry in 2025 — and stolen funds are on track to hit record levels this year.

#bitcoin , #Cryptoscam , #CyberSecurity , #blockchain , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Financial and risk advisory firm Kroll is facing a major lawsuit in the U.S. after a data breach allegedly exposed creditors of FTX, BlockFi, and Genesis to daily waves of phishing emails.

Class Action Over Data Breach
The lawsuit was filed in U.S. District Court by Hall Attorneys on behalf of FTX customer Jacob Repek and other creditors affected by the leak of sensitive information. Kroll suffered a cyberattack in August 2023, during which hackers gained access to personal data of crypto creditors.
According to the complaint, attackers have since exploited this data to target creditors with phishing attacks – fraudulent emails designed to steal login credentials and other sensitive information.
The lawsuit further highlights that Kroll relied solely on email communication, which disrupted the claims verification process, causing delays and even financial losses.

Creditors Report Daily Scams
Prominent FTX creditor Sunil Kavuri stated that he receives phishing emails almost daily. He shared screenshots showing that between August 14 and 17 he received several such emails, with some even containing his name.
Other users confirmed similar experiences.
According to Nicholas Hall of Hall Attorneys, eligible participants in the lawsuit may receive financial compensation, and the court could force Kroll to implement major operational changes.

Repeated Data Leaks at Kroll
This is not the first incident. In March, another breach exposed details such as client billing, payables, and email addresses.
Kroll, appointed to handle creditor claims in the FTX bankruptcy, is now facing mounting criticism for its failure to protect sensitive data.

Third Round of FTX Payouts
The controversy comes as the third round of FTX creditor payouts is set to begin on September 30, with a distribution totaling $1.9 billion.
As in previous rounds, foreign creditors – including those in China and Russia – will likely be excluded.
🔹 In the second round, over $5 billion was distributed in May.

🔹 In February, FTX announced a plan to distribute $1.2 billion to users with claims up to $50,000.

👉 The lawsuit against Kroll marks yet another twist in the chaotic FTX bankruptcy, which continues to affect hundreds of thousands of investors worldwide.

#FTX , #CryptoNews , #CyberSecurity , #phishing , #Cryptoscam

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

#CyberSecurity
A Rising Threat in 2025
A new wave of phone impersonation scams is sweeping through the crypto space. Posing as customer support, attackers are tricking users into changing their API settings under the guise of “urgent security updates.” Once permissions are expanded, scammers gain near-total access to accounts and can drain funds directly into their own wallets.
How the Scam Works
The Fake Call

Victims receive a convincing phone call from someone claiming to be support staff. The caller insists that immediate changes to API settings are required to “protect” the account.The API Trap

Users unknowingly expand permissions—such as enabling withdrawals—giving attackers full control. Because the changes appear to originate from the victim’s device, they bypass standard security checks.Real-World Fallout

Early cases show losses ranging from hundreds to several thousand USDT per victim. Many report shock and betrayal, believing they were protecting their funds when, in reality, they were being deceived.
Security Response
Crypto platforms are actively monitoring suspicious call patterns and unusual API activity to block attacker networks. Importantly, no legitimate platform ever initiates unsolicited phone calls to request security updates. Authentic updates are always communicated through official apps, verified emails, or websites.
How to Protect Your Account
Enable Strong 2FA

Always use two-factor authentication through an app or a hardware key. This ensures withdrawals require a second verification, even if an API is compromised.Use Passkey Authentication

A phishing-resistant method that strengthens account security and reduces the risk of API-based attacks.
Verify Communications

Never follow instructions from unsolicited calls, texts, or emails. If in doubt, confirm through official channels only.Secure Your API SettingsNever enable withdrawal permissions unless absolutely necessary
Rotate API keys regularlyReview permissions and activity frequentlySet Alerts & Monitor Daily

Turn on withdrawal alerts and monitor account activity to catch suspicious transactions early.Stay Educated

Familiarize yourself with emerging scams, fraud prevention guides, and security best practices. Report any suspicious calls immediately.
Why Awareness Matters
Timing & Urgency: Scammers strike when trading activity is high, exploiting users’ distraction.
API as the Weak Point: Expanded permissions give attackers the keys to the vault.Emotional Pressure: Calls are designed to create panic, urgency, and misplaced trust.
The rise of phone-based impersonation scams highlights one truth: vigilance is your strongest defense. By relying only on official communications, refusing to change API settings on someone else’s instructions, and strengthening account protections with tools like 2FA and passkeys, you can keep your assets safe.
Crypto platforms continue to enhance their security frameworks, but the most powerful shield is a well-informed and cautious user.

Why This Matters
Most narratives around Binance’s challenges focus on regulation, volumes, or token performance. But there's a quieter—and more insidious—issue surfacing: phishing via fraudulent SMS targeting Binance users. Awareness and prevention of such scams often lag behind bigger headlines. Now is the time to shift the conversation toward this “silent war.”

The Emerging Threat: SMS Scam Alert

Binance has recently issued a security alert in response to a growing wave of phishing schemes leveraging deceptive SMS messages to steal user credentials and compromise accounts .

Despite being less flashy than price surges or regulatory showdowns, phishing attacks are potent. They exploit users’ trust in SMS and official-looking content—breaching defenses that many believe are reserved for email or fake websites.

Why It’s Been Overlooked

Invisible until it’s too late: Unlike token prices or regulatory headlines, phishing doesn’t draw attention until damage is done.

Often seen as personal user error: Victims may feel ashamed or blamed, stifling discussion and education.

Low-key response: Binance’s alerts, while valuable, don’t always cut through the noise compared to bigger stories like trading volumes or token all-time highs.

The Stakes Are High

With phishing infiltrators finding ever more sophisticated methods—impersonating support teams, embedding malicious links, or mimicking Binance’s branding—the consequences are severe:

Financial loss: Users risk losing funds, sometimes irreversibly.

Erosion of trust: Even one successful scam can damage Binance’s reputation among cautious customers.

Regulatory risk: Incidents can attract scrutiny from regulators demanding stronger user protection measures.

What Binance Could Do—and Why It Should

Rather than reacting, Binance can lead the charge in combatting SMS phishing by considering approaches such as:

Proactive educational campaigns: Highlight common scam patterns, share real examples across platforms (social media, app notifications).

Multi-factor authentication enforcement: Make MFA mandatory or incentivize its use broadly.

Clarified official communication channels: Emphasize that Binance will never request passwords via SMS or links—promoting verification through the app only.

Tech safeguards: Collaborate with telecom providers or adopt SMS filtering to block known fraudulent content.

Incident transparency: Share anonymized data on phishing trends to raise global awareness.

---

Broader Context: Binance's Turbulent Week

To situate this focus in the bigger picture, here are recent, high-impact Binance developments:

Regulatory pressure in Australia: AUSTRAC has ordered an audit of Binance’s Australian arm over AML and governance concerns .

Surge in trading volume: Binance’s 2025 trading activity has skyrocketed, reinforcing its dominance—but also drawing more attention from regulators and rivals .

BNB on a tear: The BNB token is hitting record highs, driven by institutional interest .

But amidst all this, the SMS attack narrative is the kind that can quietly devastate user confidence—unless addressed head-on.

---

Final Thoughts

While headlines about volumes, regulation, and token highs are essential, the hidden menace of phishing via SMS is a story that should be amplified—both as a warning to users and as a call to action for industry leaders like Binance. Mitigating such threats can preserve security, trust, and long-term growth.
#BinanceAlerts #CryptoNews #UserProtection #CyberSecurity #ScamAwareness

#CyberSecurity

Apple has deployed iOS 18.6.2, an urgent security update designed to mitigate a zero-day vulnerability actively exploited in the wild. The company strongly recommends that all iPhone and iPad users install this update promptly to protect their devices from potential cyber threats.
Details of the Security Patch
The iOS 18.6.2 update targets a zero-day exploit, a critical type of vulnerability discovered and exploited by attackers before developers can address it. Cybersecurity expert Ryan Naraine has confirmed that this flaw posed a significant risk, enabling unauthorized access to affected devices. While Apple has withheld specific technical details to prevent further exploitation, the update effectively closes the identified security gap.
Significance of the Vulnerability
Zero-day exploits are among the most severe cybersecurity threats, as they allow attackers to compromise systems without detection. This particular vulnerability could have facilitated data theft, unauthorized access, or the deployment of malicious software, endangering sensitive user information. Given the global prevalence of iOS devices, such exploits pose substantial risks to both individual users and organizations.
Apple’s rapid release of iOS 18.6.2 underscores its commitment to safeguarding user security and responding swiftly to emerging threats.
Recommended Actions for Users
To ensure device security, users are advised to take the following steps:
Install the Update Promptly: Apply iOS 18.6.2 immediately to mitigate the risk of exploitation.
Enable Automatic Updates: Configure devices to automatically install security updates for timely protection.
Monitor Security Advisories: Stay informed about Apple’s official security updates and recommendations.
Expert Perspective
Cybersecurity expert Ryan Naraine emphasized the growing sophistication of attacks targeting mobile platforms. “As smartphones become integral to digital ecosystems, they are increasingly attractive targets for cybercriminals,” he stated. “Apple’s swift response is commendable, but zero-day vulnerabilities will continue to challenge the cybersecurity landscape.”
The iOS 18.6.2 update is a critical measure to counter an actively exploited zero-day vulnerability. Apple users are urged to install the update immediately to protect their devices and personal data from potential cyberattacks.

🚨 Pakistan Bans 46 Illegal Apps 🚨
The Pakistan Telecommunication Authority (PTA) has blocked 46 unauthorized apps to protect users from fraud, scams, gambling, and data theft.
🎰 Gambling & Betting Apps Removed
1xBet, Aviator, Dafabet, 22Bet, Casumo, Rabona, 10Cric, Plinko, Bet365, Chicken Road
📉 Forex & Binary Trading Apps Blocked
Binomo, IQ Option, Pocket Option, Deriv, Olymp Trade, OctaFX, Quotex
🔐 SIM & Data-Harvesting Apps Banned
Sim Owner Details, Pak Sim Data, Sky Sim Data, Sim Tracker
⚠️ Why It Matters:
These apps are now illegal in Pakistan. Using them puts your money, privacy, and personal data at serious risk.
✅ Stay Safe:
Delete these apps immediately and use only licensed and regulated platforms.
#pakistannews #PTA #CyberSecurity #AppsBan #OnlineSafety

Uganda has been rocked by scandal after revelations that an employee of the National Identification and Registration Authority (NIRA) collaborated with corrupt soldiers in the kidnapping of Festo Ivaibi, founder of a blockchain education initiative. The criminal network exploited access to sensitive data and forced Ivaibi to surrender hundreds of thousands of dollars in cryptocurrencies.

How the Kidnapping Happened
Investigations revealed that NIRA employee Alex Mwogeza abused his privileged access to databases to obtain personal and family information about Ivaibi. These details were passed on to accomplices, allowing them to track his movements before carrying out the abduction on May 17.
The plot also involved Batambuze Isaac, a well-known crypto broker, who, together with Mwogeza, recruited seven soldiers from the Uganda People’s Defence Forces (UPDF) to carry out the kidnapping. The victim was coerced into transferring significant amounts of crypto.

$135,000 in Crypto Extorted
According to official investigations, the perpetrators extracted around $117,000 in crypto plus $18,000 in Afro tokens. Some of the funds were traced to accounts on Binance, Bybit, and Hotbit. However, only Binance responded to official requests for information, providing KYC data linked to the suspects.
During interrogation, Batambuze admitted that the gang only targeted wallets without multi-signature verification. He added that part of the stolen funds might still be stored in mobile devices that were discarded into a latrine after the crime. Authorities are working to recover the devices in hopes of retrieving the remaining assets.

A Blow to Trust in the Army and Institutions
Officials revealed that this kidnapping was part of a wider pattern of attacks on wealthy crypto entrepreneurs in Uganda, sometimes involving violence and torture. The case has sparked concerns about the security and credibility of state institutions, particularly the military.
On the other hand, the swift response of the Chieftaincy of Military Intelligence (CMI), the police, the tax authority, and counterterrorism units was praised for successfully dismantling the network and arresting those involved.

Call for Crypto Regulation in Africa
Mitroplus Labs, which monitored the case, said the incident underscores the urgent need for Uganda to introduce a regulatory framework for digital assets.
“This case highlights the urgent need for stakeholder engagement and clear policy frameworks for blockchain and cryptocurrencies on the African continent. While the technology is here to stay, the risks of unregulated or misunderstood usage are too high to ignore. We call on policymakers, regulators, innovators, and law enforcement to collaborate on building a safe and progressive environment that fosters innovation while deterring abuse,” the company stated.

✅ Summary: The kidnapping of Festo Ivaibi exposed links between government employees, crypto brokers, and corrupt soldiers. It also highlighted the urgent need for Africa to establish a solid regulatory framework for digital assets, or similar crimes will continue.

#CryptoCrime , #bitcoin , #blockchain , #CyberSecurity , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“