cybersecurity

A new study by the Anthropic Fellows and MATS programs shows that frontier AI models can already find and exploit real-world vulnerabilities in smart contracts, raising the stakes for DeFi security.

Using SCONE-bench, a dataset of 405 exploited contracts, models including GPT-5, Claude Opus 4.5, and Sonnet 4.5 collectively generated $4.6 million in simulated exploits. Importantly, these were attacks on contracts hacked after the models' knowledge cutoffs, showing that the exploits weren't simply regurgitated training data.

Agents didn't merely identify bugs; they generated complete exploit scripts, sequenced transactions, and drained simulated liquidity in ways almost indistinguishable from real attacks on Ethereum and BNB Chain.

Researchers pushed further: could these models find vulnerabilities before anyone exploited them?

Scanning 2,849 fresh BNB Chain contracts, GPT-5 and Sonnet 4.5 uncovered two true zero-days worth $3,694 in simulated profit. One was an exploit through a missing view modifier that enabled the agent to inflate its token balance, while another allowed arbitrary redirection of fee withdrawals. In each case, the AI created executable scripts to monetize the flaws.

Although the nominal dollar amounts are small, the implications are huge: profitable, autonomous exploitation is now possible — and it's affordable. The total cost of the scanning was just $3,476, or about $1.22 per run.

As models become increasingly powerful and less expensive, researchers expect the gap between contract deployment and exploitation to shrink dramatically, especially in DeFi, where pools of capital are public and instantly targetable.

Crucially, the authors warn these capabilities are not limited to crypto: the same reasoning that lets an AI inflate a token balance can apply to traditional software, back-end infrastructure, and any system guarding valuable assets.
The research is less a prediction than a warning: AI models can already carry out operations that only the most elite human attackers could previously perform. For crypto builders, the race is now on for defenses to catch up.
#AI #Cybersecurity #SmartContracts #DeFi #BlockchainSecurity

As a result of a coordinated international special operation, law enforcement agencies in Germany (BKA) and Switzerland dealt a devastating blow to the shadow economy of the darknet. They managed to block the infrastructure and seize the servers of the infamous Cryptomixer service.
This platform has long been a key tool for cybercriminals around the world. The mixer allowed for "laundering" digital assets obtained illegally — for example, as a result of ransomware attacks, phishing, or drug trafficking. The transaction mixing technology complicated the tracking of the final beneficiaries of dirty money.

Interpol has officially recognized cryptocurrency fraud as a global criminal threat, highlighting the critical scale of the problem in the modern digital age. This decision underscores the fact that crimes involving virtual assets have long transcended national borders, creating unprecedented challenges for law enforcement systems worldwide.

📅 November 28 | Seoul, South Korea
The crypto ecosystem is shaking strongly again. Upbit, one of the largest and highest volume exchanges in all of Asia, confirmed after an emergency audit that the recent $30 million hack revealed a much more dangerous flaw than previously thought: a technical error within its infrastructure that may have inadvertently exposed private keys.

📖Upbit confirmed that a malicious actor had managed to drain approximately $30 million in assets after breaching a specific set of hot wallets. The company publicly assured that losses would be fully covered and that its operating infrastructure remained stable, but internal investigators insisted that something was not right.
The attack pattern did not match common phishing techniques or direct system compromises, which led to the activation of an emergency technical audit executed by multiple firms specialized in cybersecurity and on-chain analysis.
According to The Block, it was that audit that uncovered the most alarming point: an internal flaw in the key rotation system that, under certain extremely specific circumstances, could have leaked sensitive elements of the private key generation and storage process.
Although there is no evidence that the attackers have fully exploited this flaw, the mere possibility completely redefines the severity of the incident. The audit describes the flaw as “potentially critical” and “highly dangerous” if combined with unauthorized access or internal compromises.
The researchers also concluded that the bug was present for a limited period, but long enough for a sophisticated attacker to detect anomalies within the signature stream. The $30 million exploit could have just been a side effect of a much deeper vulnerability.
Furthermore, it warns that this flaw, if not discovered in time, could have allowed access to multiple institutional and user wallets, which would have caused multimillion-dollar losses that were impossible to cover. This discovery set off all the alarms within the exchange and it is now in the process of total repair.
Upbit reported that it has already isolated all affected systems, activated a complete key regeneration protocol, redesigned internal custody processes and is working with Korean authorities to document every detail of the attack.
It was also announced that a full technical report will be published in the coming days so that the community, third-party auditors, and other exchanges can assess the vulnerability and harden their own systems. The priority now is to avoid any residual risk and restore market confidence at an especially sensitive time, considering the increase in hacks in Asia in recent months.
Users, analysts and cybersecurity experts agree that this incident sets a disturbing precedent: if an exchange as large as Upbit had a flaw capable of compromising private keys, how many systems could still be exposed without knowing it?

Topic Opinion:
I think the fact that an exchange the size of Upbit faced a vulnerability of this caliber shows how critical it is to strengthen custody systems even on high-end platforms. While Upbit acted quickly and responsibly, the industry as a whole must take this case as a precedent that calls for greater transparency, constant audits, and much stricter standards.
💬 Do you think this incident will forever change the perception of security in exchanges?

Leave your comment...
#Upbit #cryptohacks #CryptoSecurity #CyberSecurity #CryptoNews $ETH

Interpol has adopted a new resolution at its General Assembly in Marrakesh, declaring so-called fraud compounds—large criminal networks built on human trafficking and forced labor—as a major transnational threat. These organizations operate across multiple countries and rely on coerced workers to run online scams, including cryptocurrency-related fraud.

A New Criminal Model: Fraud Compounds Function as a Global Industry
Member states of the International Criminal Police Organization approved the resolution, noting that fraud compounds have evolved into a highly organized, cross-border criminal industry targeting victims in more than 60 countries.
According to Interpol, criminal groups lure people with fake job offers abroad. Once the victims arrive, their documents are confiscated, they are taken to guarded compounds, and forced to work on illegal operations ranging from online investment scams to crypto fraud schemes.
Evidence shows that many victims suffer:
physical abusepsychological coercionsexual violencerestrictions on movement
These networks use advanced tools, including voice-phishing, romance scams, fake investment platforms and cryptocurrency fraud, to exploit victims worldwide.

Southeast Asia as the Epicenter — with Expansion to Other Regions
Interpol reports that fraud compounds have expanded rapidly across Southeast Asia.

Major hubs have emerged in Myanmar, Cambodia and Laos, where large volumes of human trafficking and online fraud have been uncovered.
Criminal activity has also been detected in:
parts of RussiaColombiaEast African coastal nationsthe United Kingdom
U.S. authorities have recently imposed sanctions on several entities in Myanmar and Cambodia for operating scam platforms that targeted citizens across multiple countries.
Losses linked to these operations are estimated at around $10 billion, according to the U.S. Treasury.

Interpol Warns: Crypto Networks Used to Mask Illegal Financial Flows
Fraud networks increasingly rely on cryptocurrencies to hide their financial transactions.
One of the largest documented cases involved an online marketplace operated by the Cambodian conglomerate Huione Group, which processed crypto transactions exceeding $11 billion tied to scam operations.

The group later faced sanctions for allegedly laundering more than $4 billion in illicit funds.
Such networks also intersect with other criminal markets, including drugs, weapons, illegal gambling and wildlife trafficking, making them extremely difficult to dismantle.

South Korea Proposes Strategy: Real-Time Intelligence Sharing and Joint Operations
South Korea submitted a detailed proposal urging Interpol members to adopt a unified international strategy based on:
real-time intelligence sharingmapping the main operational hubs and methodscoordinated crackdowns on criminal financingstandardized procedures for locating and rescuing victimsexpanded support for survivorsglobal awareness campaigns targeting at-risk groups, including youth and job seekers
The goal is to create a coordinated framework that enables direct action against these networks and breaks their financial infrastructure.

Interpol Expands Global Operations: Significant Outcomes in 2024
In 2024, Interpol expanded its international operations to 116 countries, resulting in 2,500 arrests and several major actions in Africa and Europe.
These efforts build on previous alerts:
2022: Purple Notice on emerging forms of human trafficking2023: Orange Notice outlining methods used to coerce and exploit victims
Secretary General Valdecy Urquiza emphasized that effective action requires stronger cooperation, better information sharing and coordinated, decisive enforcement efforts worldwide.

Conclusion
Fraud compounds built on forced labor have become a global phenomenon transcending borders and continents.

Interpol’s newly adopted resolution formally designates these operations as a form of international organized crime, urging governments worldwide to respond collectively.
Security experts warn that without coordinated global action, these networks will continue to expand, putting millions of people at risk.

#interpol , #CryptoCrime , #CyberSecurity , #CryptoNews , #fraud

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

South Korea’s financial sector has been hit by one of the most damaging cyberattacks in recent years. According to cybersecurity firm Bitdefender, the country became the target of a coordinated supply-chain attack involving threat actors linked to Russia and North Korea, resulting in the deployment of the Qilin ransomware and the theft of more than 2 terabytes of data across 28 victims, most of them within the financial services industry.
Investigators uncovered that the attack was not an isolated incident but part of a broad, multi-phase campaign known as Korean Leaks, which merged advanced ransomware techniques with political propaganda and targeted exploitation of supply-chain vulnerabilities.

A Sudden Spike: From 2 Incidents Per Month to 25 in September
Bitdefender began investigating after detecting an unusual surge in ransomware activity in September:

25 ransomware cases were reported that month, compared to the usual two monthly incidents recorded between September 2024 and August of this year.
Of these attacks, 24 targeted financial organizations, highlighting a high degree of planning and coordination.
According to the latest data, South Korea is now the second most targeted country in the world for ransomware attacks — trailing only the United States.

Qilin: One of 2024’s Most Aggressive Ransomware Groups
The ransomware group Qilin, operating under the Ransomware-as-a-Service model, is one of the most active threat actors of the year. In October alone, Qilin was responsible for more than 180 victims, and according to NCC Group, is behind 29% of all global ransomware attacks.
Bitdefender’s analysis indicates that Qilin has Russian roots:
founding member BianLian communicates in Russian and English,is active on Russian-language cybercrime forums,and the group avoids attacking organizations in CIS countries — a common rule among Russian cybercrime syndicates.
Qilin’s internal structure is highly organized:
it recruits external hackers to carry out attacks,core operators take a percentage of ransom payments,and the group even maintains an “internal journalist team” that drafts extortion messages and propaganda for its leak platform.
Propaganda and Psychological Warfare: Hackers Posed as “Activists”
Bitdefender’s Korean Leaks report reveals that the campaign was not a standard ransomware operation. The attackers blended cybercrime with political messaging, using:
activist-style language,patriotic and nationalistic rhetoric,and repeated references to sharing the stolen data with North Korean leadership.
One leaked communication stated:
“A report on the discovered documents is already being prepared for Comrade Kim Jong-un.”
This fusion of propaganda with ransomware tactics indicates a hybrid operation that goes beyond conventional criminal motives.

Three Attack Waves: Over 1 Million Files and 2 TB of Data Stolen
The Korean Leaks campaign unfolded in three distinct waves:
September 14 – first wave targeting 10 financial management firmsSeptember 17–19 – second wave adding another 9 victimsSeptember 28 – October 4 – third wave targeting 9 additional organizations
In total, the attackers stole over 1 million files and 2 TB of sensitive data.

Four additional company names were later removed from Qilin’s leak site, likely due to ransom payments or internal decisions by operators.
During the second wave, hackers issued a chilling threat:
“We have data that will deal a severe blow to the entire Korean market. If payment is not made, we will release it.”

Supply-Chain Breach: The Core Entry Point
According to reporting from JoongAng Daily, more than 20 asset-management companies were compromised after hackers breached GJTec, a managed service provider.

This highlights yet again how supply-chain attacks can amplify damage across an entire sector.

Conclusion: A Hybrid Operation Blending Russian Techniques and North Korean Messaging
The Korean Leaks attack ranks among the most significant ransomware operations of the year — not only due to the volume of stolen data, but also due to the hybrid nature of the campaign, which fused ransomware, political influence tactics, and systemic exploitation of supply-chain weaknesses.
Experts warn that this incident is a stark reminder of a growing global trend:

state-linked cyber groups are increasingly prioritizing supply-chain infiltration as a primary attack vector.

#cyberattack , #CyberSecurity , #russia , #GlobalSecurity , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Cardano founder and IOG CEO Charles Hoskinson addressed the community following the recent chain split with a clear message:

Every blockchain — even the most rigorously engineered ones — will eventually face a zero-day vulnerability.
Speaking on his podcast Code Is Law, Hoskinson explained that outages, bugs, and unexpected failures are not signs of incompetence but fundamental realities of software-based systems, including Cardano.

“This is software.” Zero-day bugs are unavoidable, says Hoskinson
Hoskinson reminded the community that Cardano, despite its reputation for formal verification and conservative development, is still subject to the same software limitations as any other system.

A blockchain is only as secure as the code it runs, and no codebase is immune to hidden flaws.
Cardano’s mainnet launched in 2017.

It took more than eight years before the network experienced a truly critical vulnerability. Hoskinson described this track record as evidence that:
“Cardano is extremely good at what it does.”
He added that some zero-day exploits are discovered and abused within minutes, while others remain dormant for years — and that this is precisely why intentional exploitation cannot be tolerated.

“You cannot allow anyone to disrupt the entire system at will”
Hoskinson strongly criticized the stake pool operator (SPO) whose actions unintentionally triggered the long-standing bug.

He emphasized that Cardano supports an entire ecosystem of:
stake pool operators,delegators,investors,developers,
all of whom rely on the network’s stable operation.
Allowing individuals to destabilize the system “arbitrarily or whimsically,” he said, would jeopardize the livelihoods of thousands of people.

Hoskinson also confirmed that the incident is being investigated with the involvement of the FBI, a revelation that stirred controversy among parts of the community.
The SPO responsible for activating the bug has since issued a public apology.

The chain split: no network outage, but real consequences
The vulnerability discovered on November 21 caused the network to temporarily diverge into two parallel chains:
a “poisoned” branch, disrupted by the bug,and a “healthy” branch, which continued functioning normally.
Despite the split, block production never stopped.

The network kept operating, but major crypto exchanges suspended ADA deposits and withdrawals as a precaution until the issue was fully resolved.

Cardano demonstrates strong system integrity
In a separate podcast episode, Hoskinson praised the swift and coordinated response of the technical teams.

According to him, the incident highlights two key strengths of Cardano:
High systemic integrity, even under stress.Exceptional engineering discipline, enabling fast mitigation of unforeseen failures.
The market reaction was brief. ADA’s price recovered quickly from the initial shock and, at the time of writing, had risen 2.4% to $0.43.

#Cardano , #ADA , #CharlesHoskinson , #CyberSecurity , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“