Hack

🔹 Fake Zoom meeting invites and update links deceive Web3 teams

🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques

🔹 Attackers steal browser data, passwords, and Telegram chats

Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.

The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.

NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.

🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.

Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it

🔹 Creates hidden files and folders that look like legitimate macOS system components

🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic

🔹 Delays execution for 10 minutes to avoid early detection by security software

Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.

Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.

#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Crypto hacks in 2025 are on track to break records, with $2.1 billion stolen in just six months. According to a recent report by blockchain intelligence firm TRM Labs, seed phrases and front-ends are in hackers’ crosshairs.
Crypto Hacks Hit $2.1B in 2025 H1: Details
The TRM Labs report paints a concerning picture: crypto thefts have skyrocketed 50% year-over-year. Across 75 incidents, the year has seen a massive loss of $2.1 billion in the first half. This figure almost eclipses all the crypto theft losses in 2024.
Notably, the bulk of losses came from infrastructure attacks, which compromised the technical foundations of crypto systems through private key thefts, seed phrase breaches, and front-end hijacks. This accounts for over 80% of stolen funds, yielding 10 times more than other attack types on average. The statement read,
Infrastructure attacks — such as private key and seed phrase thefts, and front-end compromises — accounted for over 80% of stolen funds in H1 2025 and were, on average, ten times larger than other attack types… Often enabled by social engineering or insider access, these breaches expose critical weaknesses at the foundation of cryptosecurity.
Over the past week, three notable crypto news outlets have fallen victim to security breaches. As we noted, CoinMarketCap and Cointelgraph have faced front-end breaches, where users received a malicious pop-up.
In the latest event of crypto hacks, attackers targeted the official X account of the crypto news outlet, PANews. On June 27, hackers compromised the X account to spread misinformation about an airdrop. Following the incident, PANews warned users to avoid clicking on any links associated with this crypto hack.
North Korea’s Role in Rising Crypto Hacks
According to the TRM Labs report, the largest hack of 2025 to date is the $1.4 billion breach of Bybit, a Dubai-based crypto exchange, which occurred in February. Linked to the North Korean hackers, this crypto hack represents about 70% of total losses this year. This incident pushed the average hack size to nearly $30 million, doubling the $15 million average seen in the first half of 2024.
Interestingly, the report attributes $1.6 billion of stolen funds in H1 2025 crypto hacks to the North Korean group. The fund accumulated by them accounts for 70% of the total losses. The Bybit theft significantly contributed to this staggering amount, highlighting the Democratic People’s Republic of Korea’s ongoing efforts to exploit crypto for sanctions evasion, nuclear program funding, and statecraft.
Another major crypto hack that shook the global crypto space is the Nobitex breach. Earlier this month, the Iranian crypto exchange Nobitex faced a massive hack, losing over $100 million in crypto assets. Reportedly, the Israeli hackers, Gonjeshke Darande, have led the attack.
To combat these threats, TRM Labs recommends that the crypto industry implement robust security measures. This includes multi-factor authentication, cold storage for funds, regular security audits, and targeted countermeasures against insider threats and social engineering attacks.

#IsraelIranConflict #hacks #HackerAlert #Hack #crypto

Watch out for our new channels/handles for more videos on how to remain untouchable, UnHackable, unscammable, and FRUSTRATE HACKERS even WITH exposed seedphrases:
U - T V B E ( @HackersFrustrator )
T ! |< t 0 |< ( @HackersFrustrator )
X ( @HACKERFRUSTRATE )

When the crypto market takes a downturn, some people might attribute it to various factors, including external forces beyond our control. One claim that often surfaces is that "God is annoyed." While beliefs and spirituality are personal and valid, let's take a closer look at this idea.

The Market Moves on Its Own
The crypto market operates based on supply and demand, driven by human actions, market sentiment, and economic principles. Prices rise and fall due to factors like:
- Market Sentiment: How investors feel about the market can greatly influence price movements.
- Economic Indicators: Factors like inflation, interest rates, and global economic health play a role.
- Technological Developments: Advances in blockchain technology and adoption rates can impact prices.
- Regulatory News: Government policies and regulations can cause significant market shifts.
The Role of Human Decision-Making
The crypto market is shaped by the collective actions of millions of individuals making decisions based on their own research, risk tolerance, and investment strategies. It's a system driven by human behavior, not divine intervention.
A Rational Perspective
When the market experiences volatility, it's essential to rely on data and logical analysis rather than attributing market movements to supernatural forces. By understanding the real factors at play, investors can make more informed decisions.
In summary, the crypto market is a complex system influenced by human actions and economic principles. While personal beliefs are important, it's crucial to separate them from market analysis. By focusing on the factors that truly drive the market, investors can navigate the ups and downs with greater clarity and confidence.
Stay ahead of the game and protect your digital assets from SCAMMERS & HACKERS. Remember, God doesn't give a fvck about your crypto portfolio – it's up to you to stay informed and secure.

Watch out for our new channels/handles for more videos on how to remain untouchable, UnHackable, and FRUSTRATE HACKERS:
U - T V B E ( @HackersFrustrator )
T ! |< t 0 |< ( @HackersFrustrator )
X ( @HACKERFRUSTRATE )
#BinanceAlphaAlert #MarketRebound #SaylorBTCPurchase #hackers #Hack

#Hack
The conflict between Israel and Iran is becoming increasingly bloody and could soon involve other nations, such as the USA.
The White House spokeswoman said today that the United States could intervene in 14 days if Iran continues to attack the Jewish state.
Meanwhile, the Middle Eastern conflict is becoming increasingly hi-tech. After the explosive drones, all eyes are on the new ballistic missiles coming from Iran, increasingly precise and dangerous, despite the formidable Israeli anti-missile shield.
The latest frontier of this absurd war, but then again all wars are, are the cyber attacks that in these hours have hit Iran and, in particular, its most important exchange: Nobitex.
Yesterday we brought you the news of the 90 million hack , today we focus on the architects of this unprecedented cyber “heist”: the Gonjeshke Darande, also known as the Predatory Sparrow.
Who is Gonjeshke Darande?
Gonjeshke Darande is a Farsi name meaning Predatory Sparrows, and is the nom de guerre of a hacker group known for its high-profile and almost always politically motivated actions. It is believed to be linked to Israeli intelligence, although Israel has not confirmed any association.
“Gonjeshke Darande” (گنجشک درنده) is a Persian (Farsi) expression that can be translated into English as:
“Fierce Sparrow”
(where gonjeshk = sparrow, darande = predator / ferocious / devourer)
The group is known for designing cyberattacks to target Iranian infrastructure such as gas stations, the steel industry, and the government system. These are usually targeted attacks that do not involve civilians.
The group is very active on social media, with nearly 10,000 followers on X where they alert users to their activities, and the group's actions.
On June 18, they targeted Iran’s largest cryptocurrency exchange, Nobitex , and managed to steal more than $90 million. Previously, in May, they had attacked Iran’s largest state-owned banks.
Why did Gonjeshke Darande hack Nobitex Exchange?
According to the group’s official post on X: “The Nobitex exchange is at the center of the Iranian regime’s efforts to finance terrorism around the world.” Hackers claim it doesn’t even pretend to comply with sanctions.

For this reason they hacked the exchange and “burned” all the stolen BTC and ETH, just to highlight that the intent is political and not economic.
The latest update on the Nobitex hack via X also brings with it the public release of the exchange's source code and other sensitive information.

Experts believe that this could be just the beginning and that further cyber attacks could hit Iran's cryptographic infrastructure in the coming days.

FOLLOW BeMaster BuySmart 🚀 TO FIND OUT MORE $$$$$ 🤩 BE MASTER BUY SMART 🤩

On Thursday, Ronin gaming platform wallets were compromised, resulting in the theft of approximately $9.5 million worth of Ethereum. The perpetrators utilized Tornado Cash service to launder the stolen funds, mixing transactions from multiple users to obscure the cryptocurrency's origin. Among the affected individuals is one of the founders of Ronin and Axie Infinity, who disclosed the incident on Twitter.
Theft Details: 3,250 ETH Moved by Unknown Perpetrators
A precise sum of 3,250 ETH was siphoned from gaming wallets on the Ronin network, amounting to $9.5 million. The attackers subsequently transferred these funds to three distinct Ethereum wallets via a network bridge. The ETH was then laundered through the Tornado Cash service, complicating its traceability.
Personal Accounts of Jeff 'Jiho' Zirlin Compromised
Jeff "Jiho" Zirlin, co-founder of Ronin and Axie Infinity, announced on Thursday evening that his personal wallets had been compromised in the attack. He stated that the attack solely targeted his personal accounts and did not impact the security or operations of the Ronin network or the activities of Sky Mavis, the company behind it.

Security of Ronin and Sky Mavis Unaffected
In response to the incident, Aleksander "Psycheout" Larsen, another founder of Sky Mavis, emphasized that the attack has no bearing on the security measures of the Ronin network bridge or the company's financial assets. Larsen highlighted that the bridge itself has undergone several security audits and is equipped with mechanisms to prevent excessive fund withdrawals.
Impact on Ronin's Market Value
As a consequence of the attack and fund depletion, the value of Ronin cryptocurrency (RON) experienced a decline, with its price plummeting from approximately $3.17 to $2.74, marking a decrease of over 13% within minutes. At the time of writing, the price partially recovered to $2.97.
Historical Context: Ronin Bridge Attack
The incident occurs two years after the attack on the Ethereum Ronin bridge, during which cryptocurrency worth $622 million was stolen. The attack was attributed to the Lazarus hacking group from North Korea, exploiting the insufficient decentralization at that time. Subsequently, a portion of the stolen funds was recovered, and Sky Mavis reimbursed users for all losses from the February 2022 attack.

$ETH
#Ronin #hack

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The cross-chain bridge of Orbit Chain was compromised by an exploit, which led to the loss of Tether, DAI, USDC, wBTC, and ETH with a combined value of around $81.4 million.
The vulnerability was exploited by the exploiter, who then transferred funds to a new wallet.
A weakness in the bridge or a hack in the centralized server was discovered as the primary reason by the blockchain security company SlowMist which was responsible for the investigation.
It has been revealed that a hack occurred on Orbit Bridge, which is a protocol for interchain communication that is utilized for asset conversion. A total of around $81.4 million worth of cryptocurrency were stolen from the system.
The Orbit Bridge was struck by a number of significant discharges.
An vulnerability that was worth $81.4 million was apparently used by hackers to ring in the New Year with Orbit Bridge. A number of significant outflows were discovered by the blockchain security company SlowMist and the on-chain intelligence service LookOnChain. These outflows were encountered via the cross-chain protocol.
According to the latter, the Orbit Bridge was responsible for the transfer of 30 million Tether (USDT), 10 million DAI, 10 million USDCoin (USDC), 231 wBTC (worth over $10 million), and 9,500 ETH (worth around $21.5 million) in five distinct transactions.

After doing a preliminary examination from the outside, SlowMist came to the conclusion that either the centralized server has been compromised or there is a potential vulnerability in the Orbit Chain bridge. A further in-depth investigation is currently being carried out by the company in order to obtain additional information on the attack.
The hacking of Orbit Chain has been confirmed.
Orbit Chain reported the hack on its protocol in a tweet that was published not too long ago on X. The tweet described the breach as a "unidentified access" to the bridge. A comprehensive investigation into the underlying cause of the assault is currently being carried out by the company, which has said that it is actively collaborating with law enforcement authorities in order to identify the perpetrator of the incident.
#hack #OrbitChain

Gala Games CEO Eric Schiermeyer has confirmed that a "security incident" led to the unauthorized sale of 600 million GALA tokens, worth approximately $23 million. The breach, which Schiermeyer attributed to "messed up" internal controls, has raised significant concerns within the blockchain gaming community.
Incident Overview
On May 20, at 7:32 pm UTC, blockchain observers reported the minting of 5 billion GALA tokens, valued at around $200 million at the time. The compromised wallet was selling the tokens in batches, leading to a sharp drop in GALA's price. The token hit a 24-hour low of $0.038, a 20% decrease from its daily high, before recovering slightly to $0.041, according to CoinGecko.
“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens,” Schiermeyer wrote in a May 20 post on X (formerly Twitter). He admitted, “We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again.”
Response and Mitigation
Gala Games quickly identified the compromise and revoked unauthorized access to the GALA contract. Schiermeyer assured users that the Ethereum contract was secure and had not been compromised. The company believes it has identified the person responsible and is collaborating with the FBI, the U.S. Justice Department, and international authorities to address the incident.
In a follow-up post on X, Gala Games announced that the security breach had been contained and the affected wallet frozen. However, details about the perpetrator and the method of access to the GALA contract remain undisclosed.
Ongoing Legal Disputes
This security incident occurs amid ongoing legal battles between Schiermeyer and Gala Games co-founder Wright Thurston. Both have filed lawsuits against each other, with Thurston accusing Schiermeyer of squandering millions in company assets, while Schiermeyer alleges that Thurston stole $130 million worth of GALA tokens.
Gala Games did not respond to requests for additional comments.
The incident underscores the critical need for robust internal controls and security measures in the cryptocurrency and blockchain industries, as companies continue to navigate complex technological and legal landscapes.
$GALA #GALA #GalaGames #hack

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

One crypto user got hit twice in a single night, losing $2.6 million in $USDT. The tool? A sneaky zero-value transfer scam.
#Bitcoin2025 #Hack
🧠 Here’s how it works:
🔹 Attackers send $0 transfers to fake but similar addresses

🔹 These show up in your wallet history

🔹 Victims mistake them for trusted contacts

🔹 They later send real funds — straight to the scammer

🔹 No private key needed for the scam to appear onchain
The victim first lost $843K, then sent another $1.75M just hours later. This is not a new tactic — one scammer pulled off $20M using this trick last year.
It’s an advanced form of address poisoning — and it works. Always double-check full wallet addresses. Don’t rely on history or “familiar” characters.
This scam is getting smarter. Are you?