A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers describe as the largest supply chain attack in history. BleepingComputer reported that hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto. The attack targeted JavaScript developers with fraudulent emails appearing to originate […]
The post Largest supply chain attack in history targets crypto users through compromised JavaScript packages appeared first on CryptoSlate.
SOCRadar Dark Web Team detected threat actors distributing phishing tools that impersonate Ledger hardware wallet interfaces to allegedly steal crypto from unsuspecting users. According to a Sept. 1 report, the cybercriminals advertise a “Ledger Wallet 2025 Smart Scampage Inferno Multichain” kit that replicates the official Ledger interface with professional design elements. The malicious package features […]
The post Dark web vendors distribute fake Ledger wallet pages targeting crypto users appeared first on CryptoSlate.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that turns the blockchain into a resilient command channel and complicates takedowns. ReversingLabs detailed two npm packages, colortoolsv2 and mimelib2, that read a contract on Ethereum to fetch a URL for a second-stage downloader rather than hardcoding infrastructure […]
The post Ethereum smart contracts quietly push javascript malware targeting developers appeared first on CryptoSlate.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
Venus Protocol temporarily suspended its platform on Sept. 2 after a user lost tens of millions of dollars in a targeted phishing incident. The pause followed reports from blockchain security firm Cyvers, which flagged a suspicious transaction draining nearly $27 million from a single wallet. According to reports, the stolen assets included $19.8 million in […]
The post Venus Protocol suspends platform after phishing scam drains $27 million, XVS falls 6% appeared first on CryptoSlate.
A single phishing attack drained nearly $1 million worth of tokens from a crypto investor who unknowingly signed a batch of malicious transactions disguised as Uniswap swaps, according to blockchain security firm Scam Sniffer. In an Aug. 22 post on X, Yu Xiang, founder of blockchain security firm SlowMist, noted that the incident involved five […]
The post Crypto investor loses $1M in Uniswap scam exploiting Ethereum’s EIP-7702 appeared first on CryptoSlate.
Binance, Bitfinex, Coinbase, Crypto.com, HTX, Kraken, PayPal, Poloniex, Ripple, and Zodia Custody, among others, have all signed on.
Crypto exchange Kraken has announced the suspension of Monero (XMR) deposits following a confirmed 51% attack on the network on August 12. The attack was linked to the Qubic mining pool, which managed to control over half of Monero’s hashrate, peaking at 2.6GH/s. This dominance allowed Qubic to conduct a six-block deep reorganization of Monero’s […]
The post Kraken suspends Monero deposits after 51% attack appeared first on CryptoSlate.
Turkish crypto exchange BtcTurk has been targeted by a major cyberattack, which resulted in the theft of roughly $48 million in digital assets. On Aug. 14, blockchain security firm Cyvers reported that the stolen funds were moved across multiple networks, including Ethereum, Avalanche, Arbitrum, Base, Optimism, Mantle, and Polygon. Most of the assets were transferred […]
The post BtcTurk hack sees $48 million in crypto vanish from hot wallets appeared first on CryptoSlate.
Coinbase, the largest US-based exchange, has reportedly lost $300,000 to MEV bots following a misconfiguration involving 0xProject’s token swap platform. On Aug. 13, pseudonymous security researcher Deebeez revealed that Coinbase mistakenly used the 0x swapper to approve tokens, a function it was never designed for. He noted: “0x has a swapper which is never meant […]
The post Coinbase loses $300k to rogue MEV bots after token swap misconfiguration blunder appeared first on CryptoSlate.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
Cybersecurity firm SentinelLABS has uncovered a sophisticated scam campaign that has siphoned over $900,000 from unsuspecting crypto users. According to the report, the attackers use malicious Ethereum-based smart contracts disguised as trading bots to target individuals who follow seemingly educational content on YouTube. The report added that these scams have been active since early 2024 […]
The post Fake Ethereum trading bots on YouTube help scammers steal over $900K appeared first on CryptoSlate.
The alleged heist would mark the second-largest Bitcoin theft in history in BTC terms, and the highest in dollar value at the time.
PeckShield estimates that losses from crypto hacks reached $142 million in July, marking a 27.2% increase from the previous month.
Sumit Gupta, CEO of Indian crypto exchange CoinDCX, has linked the platform’s recent $44 million security breach to a targeted social engineering attack. In a July 31 statement shared via X (formerly Twitter), Gupta said early findings indicate that the exploit may have stemmed from manipulation tactics to gain unauthorized internal access. He explained that […]
The post Indian crypto exchange CoinDCX’s $44M breach linked to employee manipulation, social engineering appeared first on CryptoSlate.
WOO X suffered an authorized breach on July 24, resulting in the theft of roughly $14 million in crypto. The exchange said it is investigating the “contained incident” and revealed that the breach resulted in unauthorized withdrawals from nine user accounts. The exchange has paused withdrawals as a precaution. It added in its statement that it […]
The post WOO X suffers $14 million breach affecting 9 users, halts withdrawals appeared first on CryptoSlate.
The centralized exchange said it is tracking the funds alongside external security firms and will make customers whole.
A wave of multisig-related hacks and operational misconfiguration led to catastrophic losses in the first half of 2025.
The $44 million exploit targeting India-based crypto exchange CoinDCX has been linked to North Korea’s Lazarus Group, according to blockchain security firm Cyvers. In a July 21 statement shared with CryptoSlate, Cyvers CEO Deddy Lavid said the attackers followed a pattern reminiscent of previous Lazarus operations. The tactics included using cross-chain bridges and Tornado Cash […]
The post CoinDCX offers $11 million bounty after Lazarus Group-linked $44 million heist appeared first on CryptoSlate.
Chainalysis says rising wallet attacks and costly laundering fees could push losses past $4 billion this year.
BigONE has lost $27 million in a third-party security attack earlier today targeting its hot wallet.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
The hacker exploited GMX's V1 GLP liquidity pool on Arbitrum this Wednesday, draining over $40 million in various cryptocurrencies.
Greek authorities carried out the country’s first-ever crypto seizure after tracing funds linked to the record-breaking $1.4 billion hack of crypto exchange Bybit earlier this year. The Hellenic Anti-Money Laundering Authority issued a freezing order on a suspect wallet following a months-long investigation aided by blockchain analytics firm Chainalysis. The operation targeted funds allegedly stolen […]
The post Greece recovers part of funds stolen in Bybit hack as its first crypto asset seizure appeared first on CryptoSlate.
A major security incident struck the decentralized exchange GMX, siphoning approximately $42 million from its Arbitrum-based v1 perpetual platform. In response, GMX has sent an on-chain message to the hacker offering a 10% white-hat bounty. The platform stated that no legal action will be pursued if the remaining funds are returned within 48 hours. This […]
The post GMX suffers $42M hack, issues 10% bounty offer to hacker appeared first on CryptoSlate.
The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.
Around $80 million has been frozen or recovered from the attack, the largest in history to affect Brazil's financial infrastructure.
Hackers siphoned about R$800 million ($140 million) from six reserve accounts connected to Brazil’s central bank after breaching São Paulo-based software vendor C&M Software on June 30, according to blockchain investigator ZachXBT and reports from local news outlets. Police said C&M employee João Nazareno Roque sold his corporate login for R$15,000 ($2,770) and later developed […]
The post Hackers steal $140M from Brazilian central bank reserve accounts via partner breach appeared first on CryptoSlate.