Tag:

Hack

Instagram security steps
Gaming Gear

Invisible notification hack for Android can launch hidden app actions while showing fake links that look totally safe

by admin



  • Hackers are using invisible Unicode to trick Android into opening dangerous links from notifications
  • The link looks normal, but Android secretly opens something else without warning or consent
  • Even trusted apps like WhatsApp and Instagram are vulnerable to this hidden notification exploit

A security flaw in Android’s notification system could allows malicious actors to deceive users into opening unintended links or triggering hidden app actions, experts have warned.

Research from io-no claims the flaw lies in how Android parses certain Unicode characters within notifications.

This creates a mismatch between what users see and what the system processes when the “Open Link” suggestion appears.


You may like

What you see isn’t always what you get

The problem stems from the use of invisible or special Unicode characters embedded within URLs.

When included in a message, these characters can cause Android to interpret the visible text and the actual actionable link differently.

For instance, a notification might visibly display “amazon.com,” but the underlying code actually opens “zon.com,” with an inserted zero-width space character.

The notification displays as “ama[]zon.com,” including the hidden character. However, the suggestion engine interprets that hidden character as a separator, which results in it launching an entirely different site.

In some cases, attackers can redirect users not just to websites but also to deep links that interact directly with apps.

The report showed how a seemingly harmless shortened URL led to a WhatsApp call.

To make attacks less detectable, malicious actors can use URL shorteners and embed links into trusted-looking text.

The flaw becomes particularly dangerous when combined with app links or “deep links” that can silently trigger behaviors such as initiating messages, calls, or opening internal app views without user intent.

Tests on devices including the Google Pixel 9 Pro XL, Samsung Galaxy S25, and older Android versions revealed that this misbehavior affects major apps like WhatsApp, Telegram, Instagram, Discord, and Slack.

Custom apps were also used to bypass character filtering and validate the attack across multiple scenarios.

Given the nature of this flaw, many standard defenses may fall short. Even the best antivirus solutions may miss these exploits, as they often don’t involve traditional malware downloads.

Instead, attackers manipulate UI behavior and exploit app link configurations. Therefore, there is a need for endpoint protection tools, which offer broader detection based on behavioral anomalies.

For users at risk of credential theft or app abuse, relying on identity theft protection services becomes critical to monitor unauthorized activity and secure exposed personal data.

Until a formal fix is implemented, Android users should remain cautious with notifications and links, especially those from unfamiliar sources or URL shorteners.

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Ex-Animoca exec loses life savings in Zoom hack tied to Lazarus
Crypto Trends

Ex-Animoca exec loses life savings in Zoom hack tied to Lazarus

by admin



Ex-Animoca exec had his crypto wallets drained after downloading a fake Zoom update during a phishing attack linked to North Korean hacking group Lazarus.

Mehdi Farooq, an investment partner at Hypersphere and ex-Animoca Brands exec, revealed in a post on X on Thursday that he lost a large portion of his life savings in a Zoom hack linked to the North Korean hacking group Lazarus.

The scam began when Farooq received a Telegram message from Alex Lin, a professional acquaintance. Lin asked to catch up, and Farooq shared his Calendly link to schedule a call.

The next day, shortly before the meeting, Lin messaged again, asking to switch the call to Zoom Business “for compliance reasons,” explaining that one of his limited partners, Kent — whom Farooq also knew — would be joining.

The Zoom meeting appeared legitimate. Both participants had their cameras on, but there was no audio. In the Zoom chat, they said they were having technical issues and asked Farooq to update his Zoom client. Within minutes of installing the fake update, six of Farooq’s crypto wallets were drained.

It was only afterward that Farooq realized Lin’s account had been hacked. The scheme was later linked to Lazarus, a North Korean state-sponsored hacking group.

“It was surreal and completely violating. But in the darkest moment, whitehat hackers stepped up — complete strangers offering help when I was at my lowest. Turns out I was compromised by DPRK affiliated threat know as dangrouspassword,” wrote Farooq.

This incident echoes a recent phishing attempt targeting Manta Network co-founder Kenny Li, who narrowly avoided a similar fate. Li recounted that the attackers impersonated known contacts during a Zoom call, used fake video feeds, and insisted on a suspicious Zoom update download. Suspecting foul play, Li suggested switching communication platforms, prompting the attackers to block him and erase messages.

Security analysts say that this attack vector — where hackers pose as trusted contacts, fake technical glitches, and push malware disguised as Zoom updates — is a hallmark of Lazarus operations and has been used repeatedly to steal millions in crypto.

Other crypto industry leaders, including founders from Mon Protocol, Stably, and Devdock AI, have reported similar phishing attempts, highlighting how widespread and targeted these attacks have become.

Nick Bax from the Security Alliance broke down this scam in a March 11 X post. 

Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.

Fortunately, this founder realized what was going on.

The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an… pic.twitter.com/ZnW8Mtof4F

— Nick Bax.eth (@bax1337) March 11, 2025





Source link

0 comments
0 FacebookTwitterPinterestEmail
Nobitex Hackers leak Source Code after $100M Crypto Hack
Crypto Trends

Nobitex Hackers leak Source Code after $100M Crypto Hack

by admin



Hackers behind a $100 million exploit of Iranian cryptocurrency exchange Nobitex released the platform’s full source code, placing remaining user assets at risk.

Nobitex exchange was hacked for at least $100 million of cryptocurrencies on Wednesday by a pro-Israel group calling itself “Gonjeshke Darande,” which claimed responsibility for the attack.

In the latest turn of events, the group said it had made good on its earlier threat to leak the code and internal files of the exchange.

“Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,” Gonjeshke Darande wrote in an X post on Thursday.

Source: Gonjeshke Darande

The X thread detailed key security measures of the exchange, including its privacy settings, blockchain cold scripts, list of servers and a zip file containing the full source code to the Nobitex exchange.

The source code was leaked a day after the group took responsibility for the exploit, promising to release the exchange’s source code and internal files within 24 hours.

Source: Gonjeshke Darande

Related: Coinbase data leak could put users in physical danger: TechCrunch founder

The hackers said they targeted the exchange because it has ties to Iran’s government and participates in funding activities that violate international sanctions.

The wallet addresses used for the exploit suggest it was a “political statement rather than a typical financially motivated theft,” Yehor Rudytsia, a security researcher at blockchain security firm Hacken, told Cointelegraph.

“On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins,” he said.

Related: Amazon to invest $13B in Australian AI data center infrastructure

Nobitex said on Thursday that no additional financial losses had occurred and that it expects to begin restoring services within five days. However, the exchange noted that internet disruptions due to the ongoing Iranian crisis were slowing progress.

The hack occurred on the fifth day of renewed conflict between Israel and Iran.

The two countries have been exchanging strategic missile strikes since Friday, when Israel launched multiple strikes on targets in Iran, marking the largest attack on the country since the Iran-Iraq War in the 1980s.

Gonjeshke Darande confirms $90 million asset burn

The hackers confirmed that the majority of the stolen funds were burned or permanently removed from circulation.

Gonjeshke Darande said in an X post: “8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex.”

Source: Gonjeshke Darande

Nobitex users are now awaiting a public video statement from CEO Amir Rad, who is expected to outline the platform’s recovery and next steps.

In response to the hack, the central bank of Iran reportedly imposed a curfew on domestic crypto exchanges, limiting operating hours to between 10 am and 8 pm, according to multiple reports cited by Chainalysis.

Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
Crypto Trends

1inch Foundation Proposes User Compensation Plan Following October Hack

by admin



In brief

  • A DAO proposal is seeking to reimburse $768,026 in USDC to affected users.
  • But victims must submit KYC and law enforcement reports.
  • The vote currently stands at 53.47% in favor, 46.53% against.

The 1inch Foundation has submitted a new proposal to its decentralized autonomous organization to compensate users affected by an October 2024 exploit.

The proposal, dubbed 1IP-80, outlines a reimbursement plan of $768,026 in USDC—the estimated value of the stolen tokens at the time of the attack—to be sourced from the DAO’s treasury.

The DeFi DEX aggregatir Foundation would oversee the verification and distribution process, requiring victims to complete Know Your Customer identity verification, provide evidence of losses, file a report with law enforcement, and sign a compensation agreement.

It did not specify precisely what KYC would be required. 1inch does not require users to complete a KYC process to trade on its platform, making it a popular choice for those who prefer not to use centralized exchanges that have this requirement.

A case is currently under investigation in the Canary Islands, whereby victims would also need to waive their right to any funds recovered in the future.

An exploit occurred on October 30 last year, when attackers compromised the 1inch decentralized application via a supply chain vulnerability in the Lottie Player library, a plugin used for animations on websites.



Unlike the more recent $5 million breach of 1inch in March 2025, which saw the return of most funds through negotiations with the hacker, no restitution was previously made in the October case.

Under the proposal, the DAO would transfer the funds to the Foundation, which would process claims and disburse compensation. Victims would be required to forfeit any rights to recovered assets, which would instead be returned to the DAO treasury.

As of publication, 30 votes have been submitted. The vote currently stands at 53.47% in favor (3.8 million votes) versus 46.53% (3.3 million) against.A single large voter wallet dominates each side. 

One wallet accounts for the entire 3.3 million ‘no’ votes, while another holds 2.2 million of the 3.8 million votes in favor.

The dissenting wallet argues that the DAO should not act as an insurance fund, citing a lack of recurring revenue. The vote remains open until June 22.

Edited by Sebastian Sinclair

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
Crypto Trends

Paraguay Says Presidential X Post Promising Bitcoin Reserve a Hack

by admin



In brief

  • Paraguay’s president on Monday announced on X a Bitcoin reserve.
  • The country’s government said it was likely a hack.
  • This isn’t the first time high-profile X accounts have been hacked.

The Paraguayan government dismissed a post on the X account of President Santiago Pena saying the country had made Bitcoin legal tender as a hack. 

Peña’s account also falsely claimed that the country had started a $5 million reserve. The tweet contained a Bitcoin address and urged would-be investors to “secure your stake” in the project. 

But the Paraguayan government less than one hour later posted: “The president’s official account on social media network X has irregular activity which suggests possible unauthorized use.” 

Decrypt reached out to the government’s press office for additional comment.. 



Cyber criminals sometimes target high-profile social media accounts to disseminate false announcements promising investors huge returns by trying to trick investors into sending their digital coins to a crypto address. 

In other cases, hackers try to con people to buy into a coin that the hackers typically own a significant share of, and then they dump their tokens, crashing the price in the process as they cash out.

Hackers in September took over the Indian Supreme Court’s YouTube channel Friday to broadcast ads shilling the cryptocurrency XRP

Before that, cybercrooks hacked X accounts of film director Oliver Stone, Yahoo News UK, and Brazilian soccer player Neymar Jr., among others, to promote a meme coin. 

One of the biggest such hacks happened in 2020, when hackers took control of X accounts run by former U.S. President Barack Obama, ex-President Joe Biden, Apple, Uber, Kanye West, Elon Musk, and Bill Gates as part of a Bitcoin-related scam. 

El Salvador is the only country in the region to have made Bitcoin legal tender. Its government also buys the cryptocurrency for its coffers, despite the International Monetary Fund telling it to withdraw its Bitcoin law. 

Still, Paraguay has developed a reputation as Bitcoin-friendly: Crypto mining operations have opened there, and President Peña previously said he wants the country to be a tech hub.

Edited by James Rubin

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Alex Protocol Loses $8.37M In Hack Due To Security Flaw
Crypto Trends

ALEX Protocol Loses $8.37M in Hack Due to Security Flaw

by admin



On June 6, 2025, ALEX, the leading Bitcoin DeFi platform on Stacks, was exploited because of a bug in its self-listing verification process. They managed to steal assets worth more than $8.37 million, including 8.4 million STX, 21.85 sBTC, 2.8 WBTC, and several types of stablecoins like USDC/USDT.

According to the official announcement from ALEXLabBTC, the issue stemmed from an on-chain limitation on Stacks, which allowed the exploit to bypass listing rules. Even though there was a breach, ALEX is covering the losses and will pay back all affected users 100% in USDC from the ALEX Lab Foundation’s funds.

On June 6, 2025, ALEX Protocol was exploited via a flaw in the self-listing verification logic (an on-chain limitation on Stacks). As a result, the attacker drained several asset pools, with the breakdown of lost assets as follows:

STX: 8,403,867.57 STX → $ 5,691,255.93
sBTC:…

— ALEX 🟧 No. 1 Bitcoin DeFi (@ALEXLabBTC) June 6, 2025

To calculate reimbursements fairly, ALEX will use the average exchange rates between 10:00 and 14:00 UTC on June 6, right around when the hack occurred. Affected users will receive a private on-chain notification by June 8, 2025, with a link to the claim form. The deadline to complete and confirm the wallet address is June 10, 2025.

Once verified, USDC payouts will be distributed within seven business days. The team emphasized that its priority is to make every user whole as quickly as possible.

The fast and open way ALEX handled this problem shows how much it cares about its users, which may help the DeFi project recover from the incident. Since hacks are becoming more common in the crypto industry, ALEX’s promise to fully reimburse users is very reassuring.

Also Read: Ukraine Police Arrest Hacker for $4.5M Cryptojacking Attack





Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
NFT Gaming

Does Crypto Have a KYC Problem? Coinbase Hack, Solana Founder Doxxing Reopen Debate

by admin



For privacy-minded crypto users, there may be no three letters more dreaded than “KYC.”

The acronym, shorthand for “know your customer,” refers to the process of providing personally identifiable information, such as your name and address, to certain service providers, namely cryptocurrency exchanges. In many jurisdictions, including the U.S., it’s required by law. And while it may be important, perhaps even crucial, in guarding against illegal activity, KYC comes with risks—both for the companies that collect the data and the individuals who provide it.

Earlier this week, Solana co-founder Raj Gokal and his wife were both doxxed by malicious actors demanding he pay 40 BTC (worth $4.3 million). Gokal says that the photos of his documentation came from a know-your-customer process, but didn’t provide details.

Getting doxxed refers to having personal information published online, and in the worst of cases this can include home addresses or bank details. In the world of crypto, with a high number of anonymous and pseudonymous users, the doxxing bar can be as low as just someone’s real name or face. In Gokal’s case, it was photos of his government-issued ID, which included his home address.

This comes two weeks after the biggest centralized crypto exchange in the U.S., Coinbase, revealed it suffered a data breach, resulting in sensitive customer information falling into the hands of hackers. TechCrunch and Arrington Capital founder Michael Arrington predicted this would “lead to people dying,” as a wave of kidnapping attempts sweeps the industry.

Many have speculated that Gokal’s doxxing came as a result of the Coinbase breach, although it hasn’t been confirmed. The incident, nevertheless, has made crypto users wary of being forced to identify themselves to exchanges.

always remember to dress up smart for your KYC photos.

you never know what kind of reach they might get on social media

— raj 🖤 (@rajgokal) May 27, 2025

After all, KYC processes can often involve requiring users to provide photos of their passport, proof of address, and a photo of themselves holding an ID. And with crypto kidnappings on the rise—following a number of high-profile cases in France, the U.S., and elsewhere—users are fearful that hackers could steal their KYC information and lead attackers to their front doors.

“When a platform collects too much KYC , it becomes a target,” Nick Vaiman, co-founder and CEO of Bubblemaps, told Decrypt. “Once attackers get access to that data, they can launch highly targeted phishing attacks, or worse, use your personal info to find you in real life and rob you directly,” he said. “KYC data creates risk. The more data you hold, the bigger the target you become.”

But a future without KYC simply isn’t realistic, said Bubblemaps co-founder and COO Arnaud Droz. As such, it’s like to continue as perhaps a “necessary evil” to prevent on-chain criminal activity.

“KYC is a crucial tool not just for regulatory compliance, but for crime prevention,” Slava Demchuk, CEO of compliance firm AMLBot, told Decrypt. “While sophisticated criminals may still find ways around it, KYC introduces friction that makes their operations harder—and when paired with other [anti-money laundering] measures like transaction monitoring and screening, it becomes a powerful defense.”

Due to this important function, KYC is required by law in most jurisdictions. That includes the U.S., which requires it under the USA Patriot Act of 2001. 

Despite its virtues, there has been an increase of industry leaders vocally pushing back against KYC requirements following the Coinbase hack. Erik Voorhees, founder of cryptocurrency exchange ShapeShift, called state-enforced KYC a crime on social media. Coinbase CEO Brian Armstrong agreed with him.

“The core issue is that if you’re a scammer, it’s not hard to bypass the system,” Vaiman added. “You can simply buy fake KYC or use someone else’s. And with the rise of AI, generating fake identities is becoming even easier, making the entire system weak. KYC doesn’t stop bad actors and creates friction for honest users,” he said.

But if the system, though necessary, is flawed, then what can be done about it?

“We’re seeing innovative solutions like zero-knowledge privacy and theoretical zero-knowledge-KYC implementations,” Jeff Feng, co-founder of layer-1 blockchain developer Sei Labs, told Decrypt. “But we have to be realistic—financial systems need safeguards against illicit activity.”

Zero-knowledge proofs, often called ZK-proofs, are a type of cryptography that allows a user to prove something, such as proving they don’t live within a sanctioned country, without revealing the information directly to the receiver. 

Demchuk of AMLBot believes ZK-KYC is a great privacy-preserving feature but would be very hard to implement, since it would require significant regulatory changes in the E.U., for instance. That’s because GDPR regulations require data controllers, an exchange in this case, to store data related to the KYC process for five years. ZK-KYC would prevent the exchange from ever touching the data, let alone storing it for five years.

Regardless of how the industry evolves on KYC, some users believe that the issue is emblematic of a more existential problem.

“The ability to transact anonymously is bedrock to cryptocurrency as a revolutionary technology resisting the invasive state,” Charlotte Fang, the pseudonymous founder of Remilia Corporation, told Decrypt. “Crypto as an industry has strayed from the basic premises of the cypherpunk movement, not just in KYCs by exchanges in their pursuit for adoption, but as a culture.”

Privacy advocates believe in complete anonymity when transacting on blockchain networks, while regulators continue to fight against this. Then again, with the U.S. Treasury lifting sanctions on the privacy-preserving Ethereum coin mixer Tornado Cash earlier this year, it’s possible that the tides—at least in D.C.—could be turning.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.





Source link

0 comments
0 FacebookTwitterPinterestEmail
Sui Foundation stays neutral; $162m hack plan up for vote
GameFi Guides

Sui community backs vote to recover Cetus hack frozen funds

by admin



The Sui community has voted to unlock over $160 million in frozen assets following a major exploit of Cetus, a leading decentralized finance protocol on the network.

In a May 29 post on X, Sui (SUI) confirmed that validators representing 90.9% of the total stake voted “yes” in an on-chain governance proposal to move the frozen funds into a multi-sig wallet. The vote is a critical step in Cetus’s (CETUS) recovery plan after a $223 million exploit rocked the protocol on May 22.

Update – Validators representing 90.9% of stake have said “Yes” in the onchain community vote, and the vote has concluded early.

With this result, the impacted funds will be moved to a multi-sig wallet and held in trust until they can be returned to users according to the plan… https://t.co/qG8aPAhD8e pic.twitter.com/WjiSbLWt8n

— Sui (@SuiNetwork) May 29, 2025

The community vote was initiated after Cetus requested protocol-wide support to recover and return assets that were frozen on-chain following the hack. The attacker had exploited a vulnerability in third-party code to drain multiple liquidity pools, later bridging a portion of the funds to Ethereum (ETH). Validators managed to freeze $162 million of the stolen assets on Sui before more damage could be done.

As part of the recovery plan, the unlocked funds will be held in a trust account controlled by a multisig until they can be returned to affected users. Cetus has committed to combining the recovered funds with its treasury and a loan from the Sui Foundation to ensure all victims are fully reimbursed.

Although the flaw was in Cetus’ code, not the Sui network itself, Sui is treating the exploit as a critical moment for the ecosystem’s security model. In response, it announced a $10 million initiative to improve protocol-level audits and formal verification tools. Sui is also expanding its bug bounty program to cover major protocols with high total value locked.

Sui’s transparent and community-driven response has been praised by some community members, while others continue to express concerns about freezing wallets in a supposedly decentralized system. The vote was open to both validators and individual stakers, whose choices were reflected through their delegated stake.

With the vote now finalized, Cetus is expected to release a detailed timeline for reimbursements. Compensation efforts are set to begin soon, with full repayment now possible due to the newly recovered funds.





Source link

0 comments
0 FacebookTwitterPinterestEmail
Illustration of a hooked email hovering over a mobile phone
Gaming Gear

This dangerous new phishing scam spoofs a top Google program to try and hack Facebook accounts

by admin



  • KnowBe4 is warning of a new phishing campaign leveraging Google AppSheets’ workflow automation
  • The emails are spoofing Facebook and harvesting login credentials
  • The attackers can grab session tokens, as well

Cybercriminals are abusing a legitimate Google service to bypass email protection mechanisms and deliver phishing emails straight to people’s inboxes.

Cybersecurity researchers KnowBe4, who first spotted the attacks, have warned the crooks are using Google AppSheet, a no-code application development platform for mobile and web apps, and through its workflow automation were able to send emails using the “noreply@appsheet.com” address.

The phishing emails are mimicking Facebook, and are designed to trick people into giving away their login credentials, and 2FA codes, for the social media platform.


You may like

2FA codes and session tokens

The emails, which were sent in-bulk and on a fairly large scale, were coming from a legitimate source, successfully bypassing Microsoft and Secure Email Gateways (SEGs) that rely on domain reputation and authentication checks (SPF, DKIM, DMARC).

Furthermore, since AppSheets can generate unique IDs, each email was slightly different, which also helped bypass traditional detection systems.

The emails themselves spoofed Facebook. The crooks tried to trick victims into thinking they infringed on someone’s intellectual property, and that their accounts were due to be deleted within 24 hours.

Unless, of course, they submit an appeal through a conveniently placed “Submit an Appeal” button in the email.

Clicking on the button leads the victim to a landing page impersonating Facebook, where they can provide their login credentials and 2FA codes, which are then relayed to the attackers.

The page is hosted on Vercel which, KnowBe4 says, is a “reputable platform known for hosting modern web applications”. This further strengthens the entire campaign’s credibility.

The attack has a few additional contingencies. The first attempt at logging in returns a “wrong password” result – not because the victim typed in the wrong credential – but in order to confirm the submission.

Also, the 2FA codes that are provided are immediately submitted to Facebook and in return – the crooks grab a session token which grants them persistence even after a password change.

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Close