North Korea-linked hackers drove a record year for crypto thefts, favoring rare but massive attacks on centralized services, led by Bybit’s $1.4 billion breach.
The crypto industry’s most notorious hackers continue to break records, highlighting the importance of taking every step possible to secure wallets.
North Korean operatives were caught on camera, live, after security researchers lured them into a booby-trapped “developer laptop,” capturing how the Lazarus-linked crew tried to blend into a US crypto job pipeline using legitimate AI hiring tools and cloud services. The evolution in state-sponsored cybercrime was reportedly captured in real time by researchers at BCA […]
The post Secret footage from a rigged laptop exposes how North Korean spies are slipping past your security team appeared first on CryptoSlate.
On Thursday, South Korea's largest digital asset exchange, Upbit, suspended deposits and withdrawals after detecting unusual activity in the Solana network tokens.
World Liberty Financial (WLFI) said it is reallocating funds and confirming user identities after several wallets were compromised ahead of its platform launch. Related Reading: XRP Supply Shock Ahead? ETFs Could Consume It All, Analyst Predicts According to WLFI’s post on X, the company froze the affected addresses in September and has been verifying ownership before moving assets back to users who pass the checks. Wallet Breaches And Response Reports have disclosed that the breaches came from either phishing attacks or exposed seed phrases, not from WLFI’s own platform or smart contracts, the company said. WLFI described the problem as linked to third-party security failures and said only a “small subset” of users were hit — though it did not give exact figures on how many accounts or how much crypto was involved. 1/ Prior to WLFI’s launch, a relatively small subset of user wallets were compromised via phishing attacks or exposed seed phrases. Since then, we’ve tested new smart contract logic to safely reallocate user funds and verified users’ identity via KYC checks. Shortly, users who… — WLFI (@worldlibertyfi) November 19, 2025 On-chain data cited by analyst Emmett Gallic of Arkham shows WLFI executed an emergency action that burned 166.67 million WLFI tokens, a move valued at $22.14 million from a compromised address, and then shifted tokens to a recovery address. That firewall step appears intended to limit further loss while the company sorts ownership questions. World Liberty Fi executed an emergency function burning 166.667M $WLFI ($22.14M) from compromised address, reallocating to a recovery address. Function designed for two scenarios: An investor loses wallet access before vesting OR malicious account acquires WLFI via exploit pic.twitter.com/VSUDWhDPCR — Emmett Gallic (@emmettgallic) November 19, 2025 Regulatory Spotlight Grows The timing of the security disclosure has drawn extra attention. Based on reports, Senators Elizabeth Warren and Jack Reed asked the DOJ and Treasury to review alleged WLFI token sales tied to sanctioned parties. Their letter referenced a watchdog report from Accountable.US that linked transactions to the Lazarus Group — a North Korea-linked actor on sanctions lists — and to an Iranian crypto exchange. It remains unclear whether the wallet compromises are related to the transactions lawmakers flagged. Experts Question On-Chain Findings Security researchers have pushed back on some of the watchdog’s claims. Taylor Moynahan of MetaMask and Nick Bax of Ump.eth said the Accountable.US analysis misread certain on-chain activity. Another day in crypto with wild allegations. Today, it’s that a North Korea-linked address invested in WLFI. I do a some DPRK crypto research myself, so I decided to take a look at their findings. They’re bad and an innocent user is out $100k because of it???? pic.twitter.com/yJKEH04nup — Nick Bax.eth (@bax1337) November 18, 2025 Related Reading: With 42% Of XRP Holders Underwater, Analysts Say The Altcoin Could Crash Even Further Bax argued that the report mistakenly connected a wallet tied to an individual known as “Shryder” with DPRK-linked activity, which led to the freezing of roughly $95,000 in WLFI tokens. WLFI has responded by emphasizing user protection and compliance. The company said it prioritized freezing vulnerable wallets and verifying rightful owners before any transfers. It also announced tests of revised smart contract logic meant to reduce the chance of similar breaches in future rollouts. Featured image from Gemini, chart from TradingView
U.S. authorities secured several criminal convictions and gathered another $15 million in proceeds from North Korean crypto heists, the Justice Department said.
The Treasury Department sanctioned eight individuals and two entities accused of using crypto and shell companies to funnel millions into Pyongyang’s weapons programs.
Mysten Labs’ chief cryptographer warns that artificial intelligence, not quantum computing, poses the real near-term threat to blockchain security.
North Korea’s crypto theft spree has already hit a record $2 billion in 2025, nearly triple last year’s total.
Japanese mining pool operator SBI Crypto has suffered a $21 million theft in a breach that investigators are linking to North Korea attackers. On Oct. 1, blockchain researcher ZachXBT identified unusual outflows from the firm involving Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. According to his findings, the funds moved quickly through five instant exchanges […]
The post Top Bitcoin mining pool SBI Crypto hacked, $21 million stolen appeared first on CryptoSlate.
SBI Crypto, a subsidiary of Japan’s SBI Group, has reportedly suffered a $21 million exploit with blockchain sleuths pointing to possible ties with North Korean hackers.
If the DeFi industry doesn’t adopt the security tools we've already built, then we will watch institutional capital deploy elsewhere while hackers fund their operations with our losses, writes Immunefi’s Mitchell Amador.
Learn how a North Korean group used 31 fake identities to infiltrate crypto firms and steal $680,000 from Favrr. Inside their tools, tactics and deception.
US Representative David Schweikert has introduced legislation granting the President authority to act against crypto criminals operating abroad. The bill, filed as House Resolution (H.R. 4988), invokes the rarely used concept of “letters of marque and reprisal,” which is a legal instrument dating back to maritime warfare. Historically, such letters authorized privateers to attack and […]
The post US proposes revival of 18th century law so Trump can deputize private citizens to fight crypto scammers appeared first on CryptoSlate.
The $44 million exploit targeting India-based crypto exchange CoinDCX has been linked to North Korea’s Lazarus Group, according to blockchain security firm Cyvers. In a July 21 statement shared with CryptoSlate, Cyvers CEO Deddy Lavid said the attackers followed a pattern reminiscent of previous Lazarus operations. The tactics included using cross-chain bridges and Tornado Cash […]
The post CoinDCX offers $11 million bounty after Lazarus Group-linked $44 million heist appeared first on CryptoSlate.
The U.S. Treasury Department added the employee of a North Korean hacking group to its blacklist over his role in getting IT workers jobs in other countries.
An on-chain investigation has revealed that North Korea IT workers posing as foreign developers have earned nearly $17 million from crypto startups and blockchain companies this year. The findings, revealed by prominent blockchain investigator ZachXBT, show that these individuals have successfully integrated into dozens of crypto projects by concealing their identities and locations. According to […]
The post North Korean IT workers earned $17M this year with some funds coming from Circle accounts appeared first on CryptoSlate.
North Korea-linked attacks have resulted in over $1.6 billion in losses, a TRM Labs report released Friday said.
The first half of 2025 exposed deep vulnerabilities in the crypto industry, with hackers stealing over $2.1 billion across 75 separate incidents. This marks a 10% increase from the previous H1 record of $2 billion in 2022 and nearly matches the full-year figure for 2024, which closed at $2.2 billion, according to a report from […]
The post Crypto heists reach $2.1B so far in 2025 as state-backed hackers ramp up attacks appeared first on CryptoSlate.
A DPRK-linked group is using fake job sites and Python malware to infiltrate Windows systems of blockchain professionals — with credential theft and remote access as the endgame.
North Korea’s hackers has reportedly stolen nearly $2 billion from centralized crypto exchanges over the past year. Blockchain security researcher Tay Monahan attributes a significant portion of those funds, around $1.8 billion, to a series of major hacks targeting centralized crypto trading platforms like Bybit, DMM Bitcoin, WazirX, Phemex, and BingX. Despite setbacks such as […]
The post North Korea’s hackers could have laundered as much as $1.5 billion in stolen crypto appeared first on CryptoSlate.
An ex-FBI agent who led landmark crypto investigations is joining TRM Labs’ team.
Kraken started 2025 on a high note, reporting a 19% increase in revenue year-over-year to $472 million for the first quarter. The May 1 earnings statement also highlighted a 1% quarter-over-quarter rise in adjusted EBITDA, reaching $187 million. Meanwhile, the company’s performance indicators showed similar momentum. The firm noted that its total trading volume rose […]
The post Kraken achieves revenue boost in Q1 2025 but faces North Korean hacking scare appeared first on CryptoSlate.
The US Treasury’s Financial Crimes Enforcement Network (FinCEN) has proposed banning Cambodia’s Huione Group from accessing the American financial system, according to a May 1 statement. If approved, the proposed rule would prohibit US financial institutions from opening or maintaining accounts for Huione Group or any of its subsidiaries. US authorities identified Huione Group as […]
The post US targets Huione Group in crackdown on $4 billion crypto laundering network appeared first on CryptoSlate.
An analyst has suggested that Monero (XMR) could repeat its 2021 cycle-high amid its recent price jump. However, a renowned on-chain sleuth has linked the surge to suspicious Bitcoin (BTC) transactions. Related Reading: XRP Price Shoots For 20% Surge To $2.51 Amid Pullback To Breakout Zone Monero Soars After $330 Million BTC Theft Privacy and security-focused token Monero saw its price soar 52% to a four-year high on Monday. The cryptocurrency surged from its recently reclaimed $220-$230 support toward the $340 resistance, hitting $347 in the early hours of Monday. Amid the massive surge, on-chain detective ZachXBT has linked the pump to a “suspicious transfer” from a potential victim of social engineering. The crypto sleuth explained that a suspicious transfer of 3,520 BTC, worth around $330.7 million, was made on Sunday night. According to the post, the funds were laundered via more than 6 instant exchanges shortly after the initial transfer, being swapped for XMR, seemingly based on timing analysis and the Monero price jump. An X user suggested the stolen Bitcoin was “likely from the Bitstamp hack that occurred in 2014.” The internet detective denied the idea, stating that the victim was likely an OG Bitcoiner. Meanwhile, others questioned whether the wallet owner made the transactions or if it was a theft. ZachXBT detailed multiple factors that led him to believe it was likely a theft, including the wallet being a longtime BTC holder and a Gemini, River, and Coinbase user. Additionally, he noted that the $330 million in Bitcoin was suddenly moved and transferred in small increments to instant exchanges, creating hundreds of orders. This would make the owner lose multiple 7-figures to fees, making it inefficient for a normal person. The crypto sleuth also considers that the theft isn’t likely related to North Korea’s Lazarus Group, which recently stole $1.5 billion worth of Ethereum (ETH) from crypto exchange Bybit. Is XMR Near A Breakout? Since the pump, Monero has retraced around 25% from today’s high to trade between the $250-$260 range. Crypto analyst Rekt Capital noted that XMR has successfully retested its $214 range’s low as support amid the market recovery. Notably, the cryptocurrency has been moving within the $112-$214 price range since 2022, surging above the range’s resistance line amid the November post-US elections breakout. After the Q3 2024 rally, Monero entered its key $214-286 range, which has previously worked as a key support and resistance area. After breaking out of the range’s upper boundary, the cryptocurrency rallied to its 2018 all-time high (ATH) of $542 and its 2021 high of $480. During the Q1 2025 retraces, the XMR dropped below the $214 mark, testing the $200 area as support before bouncing. Similarly, the early April pullback sent the cryptocurrency toward this level, finally reclaiming it two weeks ago. Since then, the cryptocurrency has rallied toward the $220-$230 range, fueled by the ongoing market recovery, but was ultimately rejected at the key resistance level. Today’s recent pump has seen Monero break above the $230 mark for the first time since February. Related Reading: Cardano (ADA) Bulls Push for Breakout — Is a Sharp Rally Next? Despite the alleged laundering-driven surge, the analyst affirmed that the cryptocurrency has now “repeated early 2021 history,” where the token reclaimed its current range and retested its lower boundary before breaking out to cycle highs. If history repeats and XMR’s price holds its current range, it could position itself for a surge above the $300 barrier. Featured Image from Unsplash.com, Chart from TradingView.com
A North Korean state-sponsored hacking group, Lazarus, is advancing its tactics with a more polished and deceptive approach. A report by cybersecurity firm Silent Push revealed that the group has set up fake US-based crypto companies to distribute malware disguised as job opportunities. According to the report, a Lazarus subgroup called “Contagious Interview” is behind […]
The post North Korean hackers used fake crypto firms to deliver malware in job scams appeared first on CryptoSlate.
Illicitly downloaded programs can steal data, provide remote access to infected systems, and serve as entry points for additional spyware or ransomware.
Also: Bitcoin L2 SDKs; North Korea's THORChain Use; and Quantum-Resistant BTC
Blockchain intelligence platform SpotOnChain reported that North Korea’s state-backed hacking group, Lazarus, has pocketed over $2.5 million in profit from a recent sale of wrapped Bitcoin (WBTC). On April 3, the group sold 40.78 WBTC for 1,857 ETH, worth roughly $3.51 million. The sale marks a sharp return on their February 2023 investment, when they […]
The post North Korean hackers net $2.5 million profit after WBTC sales appeared first on CryptoSlate.
The report reveals that one such worker juggled 12 fake personas across the U.S. and Europe and sought employment by fabricating references