Hackers posing as legitimate information technology (IT) workers who have infiltrated Web3 projects have stolen roughly $1 million in crypto during the past week, according to onchain investigator and cybersecurity analyst ZackXBT.
Several entities were impacted including Favrr, a Web3 fan-token marketplace, non-fungible token (NFT) projects Replicandy and ChainSaw, along with other teams the onchain sleuth did not name in his Friday X post.
The hackers exploited the minting mechanism for the NFT projects, minting mass quantities of NFTs, selling them, and causing the price floor to drop to zero while they extracted profit, ZackXBT said.
Following the exploits, the threat actors transferred the stolen funds through exchanges and multiple wallets. The funds from the ChainSaw hack "mostly remain dormant," while the stolen crypto from Favrr was transferred to nested services, the onchain detective said.
Infiltration of crypto and blockchain projects by malicious software developers continues to be a problem in the industry, causing financial losses to users and undermining the efforts of software development teams worldwide.
Companies worldwide facing security threats from the inside
In November 2024, cybersecurity researchers identified a team of hackers with ties to the North Korean government known as "Ruby Sleet" infiltrating aerospace and defense contractors in the US.
The researchers also found the hackers associated with this cybercrime syndicate began targeting information technology firms as well, infiltrating the organizations, setting up fake recruitment initiatives, and targeting these companies with social engineering scams.
Crypto exchange Coinbase said it was the victim of a data leak and a subsequent extortion attempt in May 2025.
External threat actors bribed several Coinbase customer service contractors to steal account data from a swath of clients and hand it over to be used as leverage in an attempt to extract a ransom from the exchange.
An estimated 69,461 Coinbase users were impacted by the data breach, and had personal details such as addresses, telephone numbers and other identifiers leaked, according to the Latham and Watkins law firm.
Magazine: China threatened by US stablecoins, G7 urged to tackle Lazarus Group: Asia Express