Tag:

Hackers

live crypto presales news
GameFi Guides

Iran Conflict Dumps Crypto, North Korean Hackers Target Crypto Wallets, EU MiCA Rules Make Investors Double Down on Best Wallet, and More…

by admin


Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

Stay Ahead with Our Immediate Analysis of Today’s Crypto Presales

Check out our Live Update Coverage on the Best Crypto Presales for June 23, 2025!

With so many institutions and countries adopting crypto, the presale market is also heating up. The biggest difference is that it offers more diversified, unique early investment chances with potentially much bigger payoffs than regular stablecoins or BTC.

We provide real-time news on new presale projects, whale buys, funding and development milestones, as well as vital alerts. Everything you need to navigate potential opportunities and risks.

This page is updated frequently throughout the day, as we get the latest insider scoops on the hottest presales, so keep refreshing!

Disclaimer: Crypto investments are high-risk and you could lose your entire capital. Our content is informational only, and it does not constitute financial advice. We may earn affiliate commissions at no extra cost to you.

Get Solaxy to Weather the Storm After Trump’s Airstrikes on Iran

June 23, 2025 • 07:28 UTC

The crypto market quaked after Trump’s attack on several Iranian nuclear sites. This sent crypto into a dump dive, with over $595M bullish bets liquidated within 24 hours. Ethereum, XRP, and even Bitcoin slid down.

However, despite the market chaos, traders are looking toward altcoins and crypto presales that might soar this year.

One such project has proven their worth time and time again: Solaxy ($SOLX.

As the first-ever Solana Layer-2, $SOLX aims to enhance the blockchain with better speed and zero failed transactions. By combining Ethereum’s liquidity with Solana’s speed, Solaxy is sure to soar. The presale has raised over $56M, and 1 $SOLX is now $0.001766.

The project might be the best play for investors looking to weather the current storm and make smart investments. Read more.

Read more about Solaxy on the official site.

Best Wallet Token to Soar After Coinbase Secures EU-Wide MiCA License

June 23, 2025 • 07:28 UTC

The crypto industry is at a crossroads as Coinbase’s MiCA license is waiting for approval in Europe. That would make it one of the first crypto companies aligning itself fully with the new regulatory framework.

Coinbase would be able to operate seamlessly across all 27 EU states under one license (an incredible leap forward for crypto accessibility in Europe).

With more regulatory obstacles left in the dust, investors are becoming increasingly bullish. This makes presale tokens with real utility shine through the crowd.

One such coin is Best Wallet Token ($BEST). As the native token of a top non-custodial wallet (Best Wallet), $BEST supercharges the privacy-focused ecosystem. Investors get lower fees, better staking rewards, and early access to presales.

Best Wallet and its token are perfectly positioned to benefit from Europe’s crypto expansion as more investors are coming in. Read more.

Read more about Best Wallet Token on the official site.

North Korean Hackers Keep Targeting the Crypto Industry

June 23, 2025 • 07:28 UTC

The North Korean hacker group known as Famous Chollima is targeting crypto job applicants on a wide scale. They’re using a job application process to deceive those active in the crypto industry with a Python-based malware dubbed PylangGhost.

Victims, mostly India-based at the time of writing, are deceived into downloading the malware on their devices under the guise of “video drivers” being required for the process. The malware is delivered via a zip file with an innocuous name, such as nvidia.py. Once installed, the script harvests sensitive data such as browser sessions, wallet data (MetaMask, Phantom), and login credentials.

Windows and Mac systems are affected, but Linux systems appear to be safe. As attacks on crypto owners increase, crypto presales and wallets, such as Best Wallet, are stepping up their security and verification process, introducing MFA methods that make it difficult to extract funds from victims even if their credentials are leaked.

Read more about Best Wallet on the official site.

$BTC Season Confirmed, $112K Next as Smart Money Seek Double Exposure with $BTCBULL

June 23, 2025 • 07:28 UTC

$BTC breaks past $105K as a massive green candle forms on the three-hour chart. Community sentiment is 82% bullish, while the ASI hits 22 – clear Bitcoin Season.

Now, watch for immediate resistance at $112K where $BTC will retest its record high, with an extended target at $120K if momentum holds.

As meme coin 24-hour trading volume is down 24%, smart money seeks greater $BTC exposure. This is precisely why BTC Bull Token ($BTCBULL) presale raised $7.6M so fast – it gives direct $BTC exposure through airdrops scheduled for $BTC’s $150K and $200K milestones.

The presale won’t last forever, but $BTC’s bull run is just getting started.

Read more about BTC Bull Token on the official site.

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Kali Linux version 2025.2
Gaming Gear

This major Kali Linux update could change how ethical hackers break into networks -new tools, VPN IP visibility, and more!

by admin



  • Kali Linux 2025.2 brings powerful new tools for experienced penetration testers
  • Offensive Security realigns Kali’s interface with MITRE ATT&CK – finally, structure meets hacking function
  • New BloodHound tools hint at deeper Azure and Active Directory targeting than ever before

The newest update to Kali Linux, version 2025.2, introduces over a dozen new tools alongside enhancements to user experience and platform support.

Offensive Security, the developers behind the Debian-based distribution, announced its general availability with a clear focus on aligning the system with the MITRE ATT&CK framework.

The restructured Kali Menu is now tailored to make tool discovery more intuitive, but whether this structural change leads to meaningful workflow improvement remains to be seen.


You may like

Included in the new release are 13 additional tools, many of which are specialized for advanced offensive operations.

Tools like azurehound for Azure directory data collection and bloodhound-ce-python, a Python ingestor for BloodHound CE, appear to target complex enterprise environments.

Meanwhile, binwalk3 expands firmware analysis capabilities, and bopscrk enables custom wordlist creation based on intelligent algorithms.

Some additions, such as crlfuzz, which is “a fast tool to scan CRLF vulnerability written in Go,” and donut-shellcode, which lets users “generate position-independent shellcode from memory and run it,” suggest the release continues to cater to skilled practitioners.

Kali Linux 2025.2 also adds chisel-common-binaries and ligolo-ng-common-binaries, both of which offer prebuilt binaries aimed at tunneling and pivoting, activities common in red teaming.

In terms of enumeration and lateral movement, tools like ldeep, described as “an in-depth LDAP enumeration utility,” and rubeus, focused on “raw Kerberos interaction and abuses,” contribute further.

While these tools may appeal to ethical hackers, the level of expertise required to operate them effectively can act as a limiting factor for beginners.

Among the most visible quality-of-life improvements is the integration of the new GNOME VPN IP extension, which allows direct viewing of the VPN IP address from the panel.

Though this feature is convenient, it is not spectacular, and it best remains a fringe addition.

This new update also supports GNOME 48 and KDE Plasma 6.3 desktop environments.

Raspberry Pi users now have a new update that combines some Raspberry Pi OS images, eliminating the need for a separate image for the Raspberry Pi 5.

This update also introduces Kali NetHunter CARsenal, a dedicated suite for automotive security analysis.

While it remains one of the best Linux distros for ethical hacking, some users may still prefer Linux alternatives that lean more toward security or integrate more seamlessly with network monitoring tools.

Via 9to5linux

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
GameFi Guides

How ‘MapleStory N’ Is Fighting Back Against Thousands of Hackers

by admin



In brief

  • MapleStory N creator Nexpace is banning thousands of accounts tied to hackers, botters, and abusers every day.
  • One player reported seeing a cheater beat the end game boss on their own, despite not having the equipment to do so.
  • Nexpace is enhancing cheat detection, has added a 30-hour cash-out delay, and has a clawback function to reclaim assets stranded by banned exploiters.

Avalanche massively multiplayer online role-playing game (MMORPG) MapleStory N has been inundated with bots and hackers since its massive launch in May.

Keith Kim, head of strategy at developer Nexpace—the blockchain arm of gaming giant Nexon—told Decrypt this week that thousands of accounts are being banned every day to maintain the game’s integrity for legitimate players.

Hackers, glitchers, attackers, and exploiters are common in every kind of video game—we’ve lived through the Call of Duty hacked lobby trenches. However, the stakes are notably higher in crypto games.

Some MapleStory N players have reported lobbies being filled with bots auto-farming, while another user found an abuser who solo-defeated the endgame boss in what one player called “a game-breaking flaw” in a viral X post.

Not only can a player earn real cryptocurrency in MapleStory N—by trading, grinding, and fighting—but thanks to blockchain, the malicious actors now own the items and tokens in their wallet. That means their illicit winnings have real-world value.

“It was a huge, huge issue. Internally, all of our teams were on emergency alert,” Kim said. “The number of attacks that we have been receiving for [MapleStory N] is many folds bigger than [the] entire Nexon game ecosystem combined. We have never seen such a magnitude of attack. I think it’s because there’s much to be earned by doing so.”

MapleStory N is the first entry in the broader MapleStory Universe—a crypto ecosystem utilizing the two-decade-old MapleStory IP, which has a sizable following. On launch, the game prompted a 549% spike in active addresses on Avalanche, according to Nansen data, as it delivered the biggest NFT mint the network had ever seen.

Kim believes a big reason for the game’s massive number of hackers is MapleStory N’s low barrier to entry. If a hacker gets banned, then they can simply create another wallet in seconds and play the game free of charge. So, MapleStory N is looking to find the “right hurdle” that will deter hackers without putting off regular gamers in the process.

As a result, the game has implemented a 30-hour delay in cashing out assets, as this is the average timeframe that it takes for an abuser to get banned. Along with banning thousands of accounts daily, Nexpace has also strengthened its security systems and improved its abnormal play detection system.

On top of this, Nexpace has been restricting the off-ramps from its dedicated Avalanche L1 gaming network, Henesys. This means that any damage instigated by bad actors is isolated to Henesys, with no option for the abuser to fully cash out. Assuming they’re banned from the game too, the assets are rendered effectively useless.

If the hacker issue gets so bad that a large portion of an asset’s supply is held by banned abuser wallets, then Nexspace has a clawback function that allows the developers to take back the assets tied to banned accounts

“These are audited, and these are controlled by different layers of a multi-sig [wallet]. These are very, very hard to trigger,” Kim explained. “But when we, for example, see a volume of macro assets that are tied or frozen within the Henesys L1, we can do some housekeeping and bring this value back to the gamers. That’s an option that we have.”

He added that Nexpace would ask the community first before triggering the clawback function. But for now, he said, it’s not worth considering due to the low value of assets stranded by banned players.

“Overall, when we are looking at the macro level, they’re earnings are way less than [what] they’re spending,” Kim explained. 

“They actually bought XPC because they want to get into certain levels of items, so they can be efficient in being very quick within the 30 hours, and exploit the game.” He added, “But so far, their net inflow is way bigger than—I think twice bigger—than their net outflow. So we don’t really have a lot of damages there.”

Edited by Andrew Hayward

GG Newsletter

Get the latest web3 gaming news, hear directly from gaming studios and influencers covering the space, and receive power-ups from our partners.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Nobitex Hackers leak Source Code after $100M Crypto Hack
Crypto Trends

Nobitex Hackers leak Source Code after $100M Crypto Hack

by admin



Hackers behind a $100 million exploit of Iranian cryptocurrency exchange Nobitex released the platform’s full source code, placing remaining user assets at risk.

Nobitex exchange was hacked for at least $100 million of cryptocurrencies on Wednesday by a pro-Israel group calling itself “Gonjeshke Darande,” which claimed responsibility for the attack.

In the latest turn of events, the group said it had made good on its earlier threat to leak the code and internal files of the exchange.

“Time’s up – full source code linked below. ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN,” Gonjeshke Darande wrote in an X post on Thursday.

Source: Gonjeshke Darande

The X thread detailed key security measures of the exchange, including its privacy settings, blockchain cold scripts, list of servers and a zip file containing the full source code to the Nobitex exchange.

The source code was leaked a day after the group took responsibility for the exploit, promising to release the exchange’s source code and internal files within 24 hours.

Source: Gonjeshke Darande

Related: Coinbase data leak could put users in physical danger: TechCrunch founder

The hackers said they targeted the exchange because it has ties to Iran’s government and participates in funding activities that violate international sanctions.

The wallet addresses used for the exploit suggest it was a “political statement rather than a typical financially motivated theft,” Yehor Rudytsia, a security researcher at blockchain security firm Hacken, told Cointelegraph.

“On EVM, the assets across more than 20 tokens were sent to clean burner addresses. The only potential partial recovery might come if USDT reissues the $55 million worth of stolen stablecoins,” he said.

Related: Amazon to invest $13B in Australian AI data center infrastructure

Nobitex said on Thursday that no additional financial losses had occurred and that it expects to begin restoring services within five days. However, the exchange noted that internet disruptions due to the ongoing Iranian crisis were slowing progress.

The hack occurred on the fifth day of renewed conflict between Israel and Iran.

The two countries have been exchanging strategic missile strikes since Friday, when Israel launched multiple strikes on targets in Iran, marking the largest attack on the country since the Iran-Iraq War in the 1980s.

Gonjeshke Darande confirms $90 million asset burn

The hackers confirmed that the majority of the stolen funds were burned or permanently removed from circulation.

Gonjeshke Darande said in an X post: “8 burn addresses burned $90M from the wallets of the regime’s favorite sanctions violation tool, Nobitex.”

Source: Gonjeshke Darande

Nobitex users are now awaiting a public video statement from CEO Amir Rad, who is expected to outline the platform’s recovery and next steps.

In response to the hack, the central bank of Iran reportedly imposed a curfew on domestic crypto exchanges, limiting operating hours to between 10 am and 8 pm, according to multiple reports cited by Chainalysis.

Magazine: Coinbase hack shows the law probably won’t protect you: Here’s why



Source link

0 comments
0 FacebookTwitterPinterestEmail
Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran's Financial System
Product Reviews

Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran’s Financial System

by admin


The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran’s financial system.

Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violation and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them.

“These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,” the hackers posted to X. “Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.”

The incident follows another Predatory Sparrow attack on Iran’s finance system on Wednesday, in which the same group targeted Iran’s Sepah bank, claiming to have destroyed “all” the bank’s data in retaliation for its associations with Iran’s Islamic Revolutionary Guard Corps, and posting documents that appeared to show agreements between the bank and the Iranian military. “Caution: Associating with the regime’s instruments for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health,” the hackers wrote. “Who’s next?”

Sepah Bank’s website was offline yesterday but appeared to be working again today. The bank didn’t respond to WIRED’s request for comment. Nobitex’s website was offline today and the company couldn’t be reached for comment.

As is often in the case in the fog of an unfolding war and its accompanying cyberattacks, what effects Predatory Sparrow’s cyberattacks have had remain unclear. In the Nobitex attack, however, blockchain analysis reveals some of the details of Predatory Sparrow’s sabotage: According to Elliptic, the eight-figure sum stolen from the exchange was moved to a series of crypto addresses that all started with variations on the phrase “FuckIRGCterrorists.” Those so-called “vanity” addresses typically can’t be created in any way that offers control or recovery of funds held there, so Elliptic concludes that moving funds to those addresses was instead a pointed method of destroying the money. “The hackers clearly have political rather than financial motivations,” says Tom Robinson, Elliptic’s cofounder. “The crypto they stole has effectively been burned.”

Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen’s Houthi rebels, and the Palestinian Islamic Jihad group. “It’s also an act of sabotage, by attacking a financial institution that was pivotal in Iran’s use of cryptocurrency to evade sanctions,” Robinson says.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Nintendo Switch 2 hackers say they’re already getting banned
Game Updates

Nintendo Switch 2 hackers say they’re already getting banned

by admin


The original Nintendo Switch had such a massive piracy problem, hackers were able to play new first-party games weeks before they were available to the public. Since its release in early June, hackers have wondered if the Switch 2 might have similar vulnerabilities, but early reports suggest that Nintendo has anticipated typical methods of meddling with its portable hardware.

Hackers on social media sites are beginning to share photos and anecdotes about their efforts to modify the Switch 2, only to be hit with bans that restrict usage of online connectivity. This means that hackers can’t use things like the eShop or play online multiplayer in games like Mario Kart World.

The user says they used a type of flash cartridge favored by hackers on the original Nintendo Switch, which allowed them to download and load games onto what is essentially an SD card. Since it is literally a cartridge, some hopeful hackers popped it into the Switch 2 to see what would happen. At first, it seemed like the answer was nothing. One user claims that their cartridge wouldn’t load past the title screen after attempting to download an update. That same user now says that their console as a whole appears banned, and that they attempted contacting Nintendo customer support and were told that nothing could be done.

“I don’t pirate games, I back-up my legitimate games I own on cartridges,” they wrote. “Piracy is shit, I work in software development.”

Nintendo did not immediately respond to a request for comment.

News of these bans is unlikely to deter some hackers, though, as creators of the flash carts claim they are still working on ensuring their products can be used on the new console. Elsewhere, Reddit communities specifically dedicated to hacking the Switch 2 are arguing whether or not it’s safe to try and log into accounts that were banned on the Switch on Switch 2, but fear around having their new $450 system restricted in some way is making them cautious.



Source link

0 comments
0 FacebookTwitterPinterestEmail
An AI face in profile against a digital background.
Gaming Gear

This cyberattack lets hackers crack AI models just by changing a single character

by admin



  • Researchers from HiddenLayer devised a new LLM attack called TokenBreaker
  • By adding, or changing, a single character, they are able to bypass certain protections
  • The underlying LLM still understands the intent

Security researchers have found a way to work around the protection mechanisms baked into some Large Language Models (LLM) and get them to respond to malicious prompts.

Kieran Evans, Kasimir Schulz, and Kenneth Yeung from HiddenLayer published an in-depth report on a new attack technique which they dubbed TokenBreak, which targets the way certain LLMs tokenize text, especially those using Byte Pair Encoding (BPE) or WordPiece tokenization strategies.

Tokenization is the process of breaking text into smaller units called tokens, which can be words, subwords, or characters, and which LLMs use to understand and generate language – for example, the word “unhappiness” might be split into “un,” “happi,” and “ness,” with each token then being converted into a numerical ID that the model can process (since LLMs don’t read raw text, but numbers, instead).


You may like

What are the finstructions?

By adding extra characters into key words (like turning “instructions” into “finstructions”), the researchers managed to trick protective models into thinking the prompts were harmless.

The underlying target LLM, on the other hand, still interprets the original intent, allowing the researchers to sneak malicious prompts past defenses, undetected.

This could be used, among other things, to bypass AI-powered spam email filters and land malicious content into people’s inboxes.

For example, if a spam filter was trained to block messages containing the word “lottery”, they might still allow a message saying “You’ve won the slottery!” through, exposing the recipients to potentially malicious landing pages, malware infections, and similar.

“This attack technique manipulates input text in such a way that certain models give an incorrect classification,” the researchers explained.

“Importantly, the end target (LLM or email recipient) can still understand and respond to the manipulated text and therefore be vulnerable to the very attack the protection model was put in place to prevent.”

Models using Unigram tokenizers were found to be resistant to this kind of manipulation, HiddenLayer added. So one mitigation strategy is to choose models with more robust tokenization methods.

Via The Hacker News

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
An abstract image of digital security.
Gaming Gear

A worrying Windows SecureBoot issue could let hackers install malware – here’s what we know, and whether you need to update

by admin



  • Binarly spotted a legitimate utility, trusted on most modern systems utilizing UEFI firmware, carrying a flaw
  • The flaw allowed threat actors to deploy bootkit malware
  • Microsoft patched it the June 2025 Patch Tuesday cumulative update

Microsoft has fixed a Secure Boot vulnerability that allowed threat actors to turn off security solutions and install bootkit malware on most PCs.

Security researchers Binarly recently discovered a legitimate BIOS update utility, signed with Microsoft’s UEFI CA 2011 certificate. This root certificate, used in the Unified Extensible Firmware Interface (UEFI) Secure Boot process, plays a central role in verifying the authenticity and integrity of bootloaders, operating systems, and other low-level software before a system boots.

According to the researchers, the utility is trusted on most modern systems utilizing UEFI firmware – but the problem stems from the fact it reads a user-writable NVRAM variable without proper validation, meaning an attacker with admin access to an operating system can modify the variable and write arbitrary data to memory locations during the UEFI boot process.


You may like

Binarly managed to use this vulnerability to disable Secure Boot and allow any unsigned UEFI modules to run. In other words, they were able to disable security features and install bootkit malware that cannot be removed even if the hard drive is replaced.

The vulnerable module had been circulating in the wild since 2022, and was uploaded to VirusTotal in 2024 before being reported to Microsoft in late February 2025.

Microsoft recently released the June edition of Patch Tuesday, its cumulative update addressing different, recently-discovered, vulnerabilities – among which was the arbitrary write vulnerability in Microsoft signed UEFI firmware, which is now tracked as CVE-2025-3052. It was assigned a severity score of 8.2/10 (high).

The company also determined that the vulnerability affected 14 modules in total, now fixing all of them.

“During the triage process, Microsoft determined that the issue did not affect just a single module as initially believed, but actually 14 different modules,” Binarly said. “For this reason, the updated dbx released during the Patch Tuesday on June 10, 2025 contains 14 new hashes.”

Via BleepingComputer

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Abstract image of cyber security in action.
Gaming Gear

Friendly fire: Hackers target their own with fake malware and gaming cheats

by admin



  • Sophos says it was tipped off to the existence of Sakura RAT
  • An in-depth investigation uncovered more than a hundred backdoored GitHub projects
  • They are all targeting wannabe hackers and game cheaters

It’s a ‘dog eat dog’ world out there, as Sophos’ security researchers uncovered a major hacking operation targeting – other hackers, with people cheating in computer games also targeted.

In an in-depth analysis posted recently, Sophos said a customer asked if its platform protected against a piece of malware found on GitHub, called Sakura RAT. They were apparently interested in the open source project after media claims of “sophisticated anti-detection capabilities.”

Sophos quickly realized that not only is Sakura RAT harmless to other people – it is only a risk to those compiling it and looking to distribute it to other people.


You may like

Down the rabbit hole

“In other words, Sakura RAT was backdoored,” Sophos explained.

The RAT itself wasn’t that peculiar, either. Most of the code was copied from the popular AsyncRAT, and many of the forms inside were left empty, which means it wouldn’t even operate properly on the target device.

But the RAT led the team “down a rabbit hole of obfuscation, convoluted infection chains, identifiers, and multiple backdoor variants.”

Apparently, the person(s) behind the RAT – alias ischhfd83 – actually created more than a hundred backdoored malware variants, all designed to target newbie threat actors and people looking for game cheats.

In total, Sophos found 141 repositories from the same threat actors, 133 being malwared in different ways. 111 contained Sakura.

The majority (58%) were advertised as game cheats, 24% as malware projects, 7% as bots, 5% as crypto tools, and 6% as other miscellaneous tools.

The campaign started in 2024, the researchers added, suggesting that it was targeting newbies because advanced threat actors would run such projects in a sandbox environment. Furthermore, they would analyze the project’s owner and the comments, and quickly realize most of the interaction is done by bots with almost identical names.

The campaign wasn’t attributed to any particular threat actor, but it was stated that it was rather successful.

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
NFT Gaming

DOJ Seeks $7.7 Million Forfeiture in Crypto From North Korean Hackers Masquerading as IT Workers

by admin



In brief

Here are 3 very concise bullet points:

• DOJ seized $7.74 million in crypto laundered by North Korean IT workers who used fake identities to get jobs at U.S. companies.

• Workers were paid in stablecoins, then laundered funds through various methods before sending proceeds to the North Korean government.

• Security experts say this growing threat uses AI-generated personas and deepfake technology, potentially generating hundreds of millions annually for the regime.

The U.S. Department of Justice last week filed a civil forfeiture claim for $7.74 million in crypto laundered by North Korean IT workers who fraudulently gained employment with companies in the U.S. and abroad.

The U.S. government seized the funds as part of an operation against a North Korean scheme to evade sanctions, with authorities indicting a North Korean Foreign Trade Bank representative, Sim Hyon Sop, in connection with the scheme in April 2023.

According to the DOJ, North Korean IT workers gained employment at U.S. crypto companies using fake or fraudulently obtained identities, before laundering their income through Sim for the benefit of the regime in Pyongyang.

The forfeiture complaint also details that the IT workers had been deployed in various locations around the world, including in China, Russia and Laos.

By hiding their true identities and locations, the workers were able to secure employment with blockchain firms, who generally paid them in stablecoins—USDC or Tether.

“For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S. sanctions and bankroll its weapons programs,” said Sue J. Bai, the head of the DOJ’s National Security Division.

The Department of Justice also reports that the IT workers used several methods to launder their fraudulent income, including setting up exchange accounts with fictitious IDs, making multiple small transfers, converting from one token to another, buying NFTs, and mixing their funds.

Once ostensibly laundered, the funds were then sent to the North Korean government via Sim Hyon Sop and Kim Sang Man, the CEO of a company operating under North Korea’s Ministry of Defense.

The DOJ indicted Sim Hyon Sop on two separate charges in April 2023, including conspiring with North Korean workers to earn income via fraudulent employment and, secondly, conspiring with OTC crypto traders to use the fraudulently generated income to purchase goods for North Korea.

The FBI Chicago Field Office and FBI’s Virtual Assets Unit are investigating the cases related to the forfeiture complaint, which the DoJ filed with the U.S. District Court for the District of Columbia.

“The FBI’s investigation has revealed a massive campaign by North Korean IT workers to defraud U.S. businesses by obtaining employment using the stolen identities of American citizens, all so the North Korean government can evade U.S. sanctions and generate revenue for its authoritarian regime,” said Roman Rozhavsky, the Assistant Director of the FBI’s Counterintelligence Division.

While the precise extent of fraudulent North Korean IT work is not fully established, most experts agree that the problem is becoming more significant.


A growing threat in North Korea

“The threat posed by North Korean IT workers posing as legitimate remote employees is growing significantly – and fast,” explains Chainalysis Head of National Security Intelligence Andrew Fierman, speaking to Decrypt.

As evidence of just how “industrialized and sophisticated” the threat has become, Fierman cites the example of the DoJ’s December indictment of 14 North Korean nationals, who had allegedly also operated under false IDs and earned $88 million through a six-year scheme.

“While it’s difficult to pin an exact percentage of North Korea’s illicit cyber revenue to fraudulent IT work, it’s clear from government assessments and cybersecurity research that this method has evolved into a reliable stream of income for the regime – especially when paired with espionage goals and follow-on exploits,” he says.

Other security specialists concur that the threat of illicit North Korean IT employees is becoming more prevalent, with Michael Barnhart – Principal i3 Insider Investigator at DTEX Systems – telling Decrypt that their tactics are becoming more sophisticated.

“These operatives aren’t just a potential threat, they have actively embedded themselves within organizations already, with critical infrastructure and global supply chains already compromised,” he says.

Barnhart also reports that North Korean threat actors have even begun establishing “front companies posing as trusted third parties”, or embedding themselves into legitimate third parties that may not utilize the same rigorous safeguards as other, larger organizations.

Interestingly, Barnhart estimates that North Korea may be generating hundreds of millions in revenue each year from fraudulent IT work, and that any recorded figures or sums are likely to be underestimated.

“The saying of ‘you don’t know what you don’t know’ comes into play, as each day a new scheme to earn money is discovered,” he explains. “Additionally, much of the revenue is obfuscated to look like elements of cyber criminal gangs or completely legitimate seeming efforts, which muddle the overall attribution.”

And while Thursday’s forfeiture claim indicates that the U.S. Government is managing to get more of a handle on North Korea’s operations, the increasing sophistication of the latter suggests that American and international authorities may continue playing catchup for a while yet.

As Andrew Fierman says, “What’s especially concerning is how seamlessly these workers are able to blend in: leveraging generative AI for fake personas, deepfake tools for interviews, and even support systems to pass technical screenings.”

In April, Google’s Threat Intelligence Group revealed that North Korean actors had expanded beyond the U.S. to infiltrate themselves in cryptocurrency projects in the UK, Germany, Portugal and Serbia.

This included projects developing blockchain marketplaces, AI web apps and Solana smart contracts, with accomplices in the UK and U.S. helping operatives to bypass ID checks and receive payments via TransferWise and Payoneer.

Edited by Stacy Elliott.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Close