Tag:

North

Decrypt logo
GameFi Guides

North Korean Hackers Drain $1.2M From Seedify Bridge

by admin



In brief

  • North Korean hackers compromised Web3 gaming incubator Seedify’s cross-chain bridge, draining $1.2 million across BNB Chain networks.
  • The attack exploited a developer’s private key to mint unauthorized SFUND tokens through an audited bridge contract that should have prevented such minting.
  • Blockchain sleuth ZachXbt linked the theft addresses to past North Korean “Contagious Interview” incidents through on-chain analysis

North Korean state-affiliated hacker groups have claimed another victim in the DeFi sector, exploiting Web3 gaming incubator Seedify Fund’s token bridge infrastructure to steal $1.2 million while devastating the platform’s native token SFUND across multiple exchanges.

The attack on Tuesday targeted Seedify’s cross-chain bridge on BNB Chain, allowing hackers to mint unauthorized tokens and systematically drain liquidity pools across Ethereum, Arbitrum, and Base networks before converting proceeds on BNB Chain, the platform said in its official statement.

Today at approximately 12:05 UTC, a DPRK state-affiliated group known for many hacks in Web3 gained access to one of our developer’s private keys. Using these, they were able to mint a large amount of SFUND tokens through a bridge contract that had previously passed audit.

The…

— Seedify (@SeedifyFund) September 23, 2025

“The Seedify theft addresses are tied onchain to past Contagious Interview incidents (DPRK),” blockchain sleuth ZachXBT tweeted following the breach, linking the the attack to an ongoing campaign that has claimed over 230 victims between January and March alone, per a recent SentinelLABS intelligence report.

The SFUND token has plunged nearly 35% in the last 24 hours, now trading at $0.28, according to CoinGecko data. It was trading at $0.42 before the hack was reported.

“DPRK/Lazarus decided to take everything we built over 4.5 years in one hack,” Seedify founder Meta Alchemist tweeted in response to the breach.

“The Seedify hack stemmed from a compromised developer key that let DPRK-linked actors mint unauthorized $SFUND tokens via a bridge contract,” Hakan Unal, Senior Security Operations Center Lead at Cyvers, told Decrypt.



“This contract should not have been able to mint these tokens without any token being bridged,” Seedify explained in its official statement, revealing the fundamental vulnerability that allowed unauthorized token creation.

“The hacker wallets connect on-chain to prior DPRK operations, highlighting how aggressive their ongoing rampage across Web3 has become,” Unal explained, recommending platforms monitor on-chain activity and enforce multi-signature approvals.

The crypto industry mobilized quickly in response, with Binance founder Changpeng Zhao (CZ) saying security experts helped freeze $200,000 at HTX exchange, and “the rest seem to remain on-chain.”

Talked to a few security guys in the industry. I believe they were able to help track it and froze $200k at HTX, the rest seem to remain on-chain. Looks like North Korea DPRK.

Major CEXs probably have these addresses on blacklists now. Good luck!

— CZ 🔶 BNB (@cz_binance) September 24, 2025

‘Contagious Interview’ campaign threat actors operate in “coordinated teams with real-time collaboration, likely using Slack and multiple intelligence sources such as Validin, VirusTotal, and Maltrail” to monitor their infrastructure exposure, SentinelLABS said.

The report also found that despite DPRK hackers “thoroughly examining threat intelligence and identifying artifacts that can be used to discover their infrastructure,” they “did not implement systematic, large-scale changes to make it harder to detect,” instead quickly deploying new infrastructure when disrupted.

“The competitive pressures stemming from North Korea’s annual revenue quotas” drive operatives to protect individual assets and ‘outperform colleagues’ rather than coordinate security improvements,” the cybersecurity firm said.

A recent Cisco Talos intelligence report showed that North Korean groups are continuing to refine their attacks with new malware like “PylangGhost,” targeting crypto professionals through fake Coinbase and Uniswap job postings.

With known DPRK-related losses in 2024 totaling $1.3 billion, the ByBit hack’s $1.5 billion alone has already made 2025 “by far their most successful year to date,” according to Chainalysis’ 2025 Crypto Crime Mid-year Update.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.





Source link

0 comments
0 FacebookTwitterPinterestEmail
North Korean Hackers Hit Crypto Sector With BeaverTail Malware
Crypto Trends

North Korean Hackers Hit Crypto Sector With BeaverTail Malware

by admin


  • How it works 
  • Growing threat 

According to a recent report by The Hacker News, North Korean hackers are attempting to trick non-developer job applicants within the cryptocurrency sector with the BeaverTail malware, which steals logins and crypto wallets, and InvisibleFerret. 

Both macOS and Windows users should avoid strange downloads from GitHub or Vercel as well as suspicious scripts.  

How it works 

Unfortunate applicants who fall for the sham run “fix” commands that disguise bogus microphone or camera errors when recording a short video on a fake website created by the attackers. This is a common trick used by North Koreans, which should be automatically treated as a red flag. 

With the help of the aforementioned commands, the attackers then run a payload that installs BeaverTail and InvisibleFerret as a bundle. 

What is notable is that North Korean attackers used to target primarily tech-savvy developers with BeaverTail, but they have now changed their targets. The new version is a ready-to-run program, meaning that it is no longer necessary for JavaScript or Python to be installed on the victim’s machines.  

You Might Also Like

The usage of harmless-looking decoy files also makes it more challenging for security tools to actually detect them. Some parts of the malware are also hidden in password-protected files. 

Growing threat 

The recent malware has been linked to North Korean attackers since BeaverTail was previously used by them. Moreover, some IPs are associated with the hermit kingdom. 

As reported by U.Today, Binance CEO Changpeng Zhao recently took to X (formerly Twitter) to warn about North Korean hackers posing as job candidates, potential employers, and users. 



Source link

0 comments
0 FacebookTwitterPinterestEmail
Trump
GameFi Guides

Watchdog Accuses Trump’s Crypto Venture Of Selling Tokens To North Korea, Iran

by admin


Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

United States President Donald Trump’s crypto venture is facing fresh scrutiny after a government watchdog said the project sold tokens to buyers linked to hostile or sanctioned actors, including entities tied to North Korea and Iran.

The watchdog’s findings have added a political and regulatory sting to a token that has already drawn heavy public attention and big holdings by the Trump family.

Watchdog Accuses WLFl Of Questionable Sales

According to a new report from Accountable.US, World Liberty Financial Inc. — the firm behind the WLFI token — sold units to wallets that appear connected to groups or platforms of concern, such as addresses tied to North Korean actors and users who have interacted with Tornado Cash, the crypto-mixing service that regulators have flagged for money-laundering risks.

Image: Accountable.US

The watchdog released wallet examples and transaction links to support its claims. The label used by the watchdog — “American Sell-Out” — has been echoed by multiple news outlets and social posts that highlighted the report’s blunt language.

“Trump’s crypto empire is a vehicle for foreign actors to buy influence anonymously and without disclosure.”

Our executive director Tony Carrk reveals how Trump’s crypto venture puts U.S. workers and investors at risk. pic.twitter.com/8phS0blq41

— Accountable.US (@accountable_us) September 19, 2025

Reports have disclosed that at least some token buyers used foreign exchanges and services restricted to US users, which raises questions about whether some holders are based overseas or are using tools to mask their origin.

Foreign Links Raise National Security Concerns

The report’s authors argue the pattern merits national security attention because tokens tied to a high-profile US political family could become an avenue for influence or sanctions circumvention.

Based on Accountable.US’s analysis of WLFI’s top holders, at least 14 of the largest addresses — together holding over 6.7 billion tokens valued in the hundreds of millions at recent prices — have used platforms that are restricted for US customers, suggesting a strong possibility some are foreign.

WLFIUSD trading at $0.24 on the 24-hour chart: TradingView

The watchdog stopped short of asserting deliberate lawbreaking by World Liberty, but it urged official review.

US President Donald Trump’s family disclosures show the family controls a substantial stake in the project. Reports have noted that the family holds 22.5 billion WLFI tokens; that stake has been valued at about $5 billion at certain market levels, though prices have swung since the token’s debut.

Those figures have intensified calls for transparency about who bought the coin and how sales were screened.

Markets Notice And Regulators Watch

Market moves have already followed the headlines. WLFI’s price fell sharply on its opening day of public trading, a sign that investor appetite was mixed even before the watchdog’s report.

Trading volatility and public debate over token freezes and unlocks have kept WLFI in the headlines as exchanges and token holders react.

Featured image from Meta, chart from TradingView

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.





Source link

0 comments
0 FacebookTwitterPinterestEmail
Binance's CZ Issues Crucial North Korea Hackers Security Warning
GameFi Guides

Binance’s CZ Issues Crucial North Korea Hackers Security Warning

by admin


  • CZ’s warning about NK hackers
  • Their methods

Changpeng Zhao, also known as CZ, has taken to his X account to publish a vital security warning for the crypto community.

CZ revealed in detail how these seasoned hackers work, warning the community to stay secure and avoid falling for their digital traps.

CZ’s warning about NK hackers

In his tweet, CZ reminded the crypto audience on X that North Korean hackers are difficult to deal with since they are “advanced, creative, and patient.” Zhao says that what he says in his tweet comes from both his personal experience and what he has heard about those cyber criminals, as he revealed the methods those hackers use to gain access to users’ personal data and crypto on exchanges and personal wallets.

Their methods

The first method they used is posing as job candidates seeking a position in a victim’s company. They thereby get their foot in the door. They usually prefer to apply for roles as developers or in positions related to the finance or cybersecurity spheres.

These North Korean hackers are advanced, creative and patient. I have seen/heard:

1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.

2. They pose as employers and try to… https://t.co/axo5FF9YMV

— CZ 🔶 BNB (@cz_binance) September 18, 2025

The second method is that they pretend to be employers who are trying to interview victims or make an offer to employees. While conducting an “interview,” they pretend they have a problem with Zoom and offer to click on a link to download an “update.” This link usually contains a virus that helps them to gain control over the future victim’s device. Another option here is that they give a person a coding question and then send some “sample code” to them.

Another trick NK hackers love to use is posing as users having problems and sending malicious links in a letter to customer support. Those links also contain a virus.

Finally, CZ says, cyber cons can pay one’s employees or bribe them or outsource vendors to let hackers access certain crucial data. CZ mentioned that, just a short while ago, a major Indian outsourcing service suffered a hacker attack. As a result, the user data of a major U.S. exchange was leaked, and users lost more than $400 million worth of their personal crypto.

CZ concluded his tweet with a warning to all crypto exchanges and wallets: “Train your employees to not download files, and screen your candidates carefully.”





Source link

0 comments
0 FacebookTwitterPinterestEmail
Tanglewood Games calls for more support to develop game hubs in the North and across the UK
Esports

Tanglewood Games calls for more support to develop game hubs in the North and across the UK

by admin


Tanglewood Games is calling for greater government support to strengthen and expand game development hubs in the UK.

Last week, Tanglewood — an Unreal Engine consultancy and development studio — partnered with Into Games for a Waypoint summit to explore social mobility for games businesses in the North East, and also met with Ukie and MP for Hartlepool, Jonathan Brash, to discuss how areas like Hartlepool can be developed into hubs.

“Video game hubs across the UK are a vital part of local economies, providing jobs and globally recognised innovation,” Tanglewood states in a press release. “Yet, access to the industry is hindered by a lack of investment and skills challenges often made worse by socio-economic inequality.”

“I come from a working-class background, and I know talent in the UK isn’t limited just to the big cities,” said Chris Wood, CEO of Tanglewood Games. “I and Tanglewood Games are calling for clear pathways into the industry from schools and universities. Funding, including mentorships, bursaries and infrastructure, and collaboration with government and regional authorities to invest in local talent.

“We want to make sure everyone, no matter their background, feels like they have a route into the industry, and are supported when they get there.”

Ukie said it is actively working with the Government’s Social Mobility Commission to explore how the games industry “can help break down these socio-economic barriers” for British developers and their businesses, whilst Jonathan Brash said: “My role as MP is to back [Tanglewood Games’] work with sustainable investment across a range of areas that will be crucial in developing this growing industry.”

Earlier today, we reported that trade body TIGA is calling for stronger tax credits to support the UK games industry.



Source link

0 comments
0 FacebookTwitterPinterestEmail
DAAPrivacyRightIcon
Product Reviews

Porsche and Audi’s EVs can now recharge on any Tesla Supercharger in North America

by admin


Starting September 9, Porsche and Audi will be the latest non-Tesla brands to utilize the Supercharger network. The two automakers announced that some of their owners will get adapters that allow them to charge via the NACS port, which Tesla developed and opened up to other automakers. The rollout comes after the Volkswagen Group, which owns both Porsche and Audi, announced that it would implement NACS compatibility for Volkswagen, Audi, Porsche and Scout Motors in December 2023.

Porsche is kicking off its NACS adoption with a “soft launch,” where existing owners of Taycan and Macan Electric models have to reserve a free NACS to DC adapter with the My Porsche app to connect to the Tesla Supercharger network. During this initial phase, drivers of compatible Porsche EVs have to use the Tesla app at Superchargers, but will eventually be able to charge with the My Porsche app in “the coming months,” according to Porsche. Like Porsche, Audi is getting its own branded adapter that will arrive with newer 2025 model year options, including its Q6 e-tron, A6 Sportback e-tron and e-tron GT. Notably, Audi said its Q4 e-tron won’t currently have access to Tesla Superchargers.

For Porsche, any Taycan and Macan Electric from model year 2026 onward will include a free NACS adapter. However, Porsche EVs from model year 2024 or older will have to buy the adapter from Porsche’s online shop or dealerships, which will go for $185. Porsche and Audi are also working on software updates to show Tesla Superchargers on their navigation systems. Despite Porsche and Audi now gaining access to the Supercharger network, Volkswagen Group’s other subsidiaries, including Lamborghini and Bentley, still haven’t committed to adopting NACS.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Mamoru Hosoda's 'Scarlet' Gets Bumped to 2026 in North America
Product Reviews

Mamoru Hosoda’s ‘Scarlet’ Gets Bumped to 2026 in North America

by admin


Mortal Kombat II isn’t the only movie leaving 2025. Scarlet, the next film from Studio Chizu and anime director Mamoru Hosoda, is now arriving in early 2026 for North American audiences.

Sony’s opted to push the film out of its initial December 12 slot. It’s still expected to release on November 21 in Japan and screen at film festivals in Venice, Toronto, and New York through their respective film festivals in early September and early October. The press release calls these festival screenings “qualifying runs,” which may help explain the delay: previous Hosoda films have won local and international awards and get well-received by critics, making it look more enticing to audiences.

First announced this past April, Scarlet centers on the titular young princess who escapes across time and space after witnessing her father’s murder. After her first go at revenge ends in failure, she winds up in the Land of the Dead, a limbo for those who fail in their quests for payback. But Scarlet’s not giving up just yet, and she crosses paths with a modern-day man named Hijiri.

For those living outside North America and Japan, Sony’s international subsidiary will handle the film’s release in other territories. But like with North America, there’s no hard date for the film in those territories quite yet—expect to wait a while before we hear or see more from the film.

Want more io9 news? Check out when to expect the latest Marvel, Star Wars, and Star Trek releases, what’s next for the DC Universe on film and TV, and everything you need to know about the future of Doctor Who.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Nearly half of stolen $1.4b from Bybit now untraceable 
GameFi Guides

How Coinbase Protects Data from North Korean Hackers

by admin



In an interview with Stripe’s John Collison, Coinbase CEO Brian Armstrong shared details on tactics North Korean hackers use to infiltrate Coinbase. Attempts by deceptive agents to bribe the exchange’s support team or get jobs at Coinbase resulted in stricter security standards. What did we learn about hackers from the DPRK?

Summary

  • In a new interview, Brian Armstrong emphasized that North Korea is trying to infiltrate tech companies with a large number of its agents disguised as remote IT workers.
  • Armstrong said it feels like around 500 new agents graduate from special schools every quarter.
  • According to Armstrong, threat actors are trying to bribe the Coinbase support team with hundreds of thousands of dollars to get private info.
  • Coinbase had to tighten up its security standards while hiring new people. Only the fingerprinted employees with U.S. citizenship and family in-country can access sensitive info.
  • Previously, investigators found out that the DPRK is constantly trying to get its agents hired in tech companies so they can steal cryptocurrency there. Stolen crypto is thought to be used as funding for the North Korean nuclear program.

North Korea takeaways from Armstrong’s interview

On Aug. 20, 2025, the Stripe YouTube channel released a new video. In it, Collison and Armstrong, who are the heads of Stripe and Coinbase, have a conversation about notable trends in the cryptocurrency space.

Collison asked Armstrong what the general tech public does not appreciate about the cybercrime landscape, and Armstrong’s nearly immediate response was “a lot of North Korean agents are trying to work at these companies,” most of the time remotely.

Armstrong said that while companies are working with law enforcement and get notified about some candidates as “known actors,” it feels like 500 more agents graduate from “some kind of school” in the DPRK each quarter, and infiltrating tech companies is their “whole job.”

He emphasized that he does not blame individuals for becoming agents:

“In many of these cases, it’s not the individual person’s fault. Their families will be coerced or detained if they don’t cooperate. So actually, they’re the victim as well in many cases.”

During online job interviews, the DPRK agents usually have some kind of a coach around who assists them, so Coinbase employees have to demand that candidates turn on the camera to make sure they are talking with a real person and no one is nearby to give instructions.

If an employee needs to access any sensitive system, they are required to come to the U.S. in person for orientation. Coinbase limits access to sensitive data by allowing only fingerprinted employees with U.S. citizenship and family in-country. Such a strict approach is dictated by increased security concerns associated with the DPRK infiltration attempts. 

Another concern voiced by Armstrong during the interview is the cases when threat actors were trying to bribe Coinbase support team agents, offering hundreds of thousands of dollars in exchange for smuggling in personal phones, taking screen photos, and sharing other types of data. To address the risk of leaks resulting from bribery, Coinbase had to increase control over the support team and move customer support offices to the U.S. and Europe. Armstrong said:

“[We] really started to make a deterrent in the sense of, when we catch people doing this – and we red‑team it consistently — we don’t walk them out the door — they go to jail. We try to make it very clear that you’re destroying the rest of your life by taking this, even if you think it’s some life‑changing amount of money, it’s not worth going to jail.”

Another measure is putting out a $20 million bounty for information that could help arrest or convict attackers. Armstrong emphasized that Coinbase is not only going after insiders but targets the threat actors themselves.

What is known about hackers from the DPRK?

During the same interview, Armstrong said that “DPRK is very interested in stealing crypto,” and this statement cannot be underestimated. According to a blockchain analyst company, Elliptic, the hacking of a crypto exchange, ByBit, by North Korean hackers was the biggest heist in history. Hackers from the infamous Lazarus Group associated with the DPRK managed to steal $1.46 billion in crypto assets. Since 2017, the DPRK has stolen over $5 billion in crypto.  Allegedly, 40% of the North Korean military’s nuclear program is funded via stolen cryptocurrencies. Over $300 million of money stolen from ByBit was probably used to fund nuclear weapons.

The North Korean hackers use diverse tactics to steal crypto and launder money. On Aug. 13, 2025, a prominent anonymous crypto sleuth using the ZachXBT handle on X shared documents leaked from the North Korean hackers who pretended to be IT workers in Western companies. 

The leak revealed that five agents have been operating 30 fake identities and had bogus LinkedIn and Upwork IT worker accounts. They were communicating mostly in English and using various Google services to conduct their operations, buying accounts on job platforms, serial security numbers, etc. Some of the screenshots of the browser history of these agents reveal low levels of tech competency. According to ZachXBT, hiring a North Korean agent is “100% negligence.” In his opinion, figuring out that the candidate is a DPRK agent is not that hard.

However, despite the fact that the DPRK agents are bad at work and get fired quickly, they find new jobs; usually, several agents are taking positions at the same company simultaneously, and eventually manage to steal crypto.

6/ I am closely monitoring five other larger clusters of DPRK ITWs but will not share those addresses publicly since they are active.

One thing to note is the number does not include exploits conducted by them on projects (LND, ChainSaw, Favrr, Munchables, Dream, etc)

They… pic.twitter.com/kIbFewIM8b

— ZachXBT (@zachxbt) July 2, 2025

North Korean hackers used to launder stolen assets via Binance and Coinbase, but had to find other ways as these exchanges increased KYC/AML scrutiny. They developed a chain of over-the-counter brokers. Also, Korean hackers use crypto mixer platforms that obfuscate transaction data. In relation to the Lazarus Group activity, the U.S. Treasury named such mixer platforms as Sinbad, Tornado Cash, and Blender.

According to ZachXBT, public company Circle, which is a prime competitor of Tether, is neglecting the use of its stablecoin USDC in the DPRK-related money laundering operations, being the only company that didn’t freeze flagged wallets when ZachXBT brought up the connection. The company eventually froze the addresses involved in hacking months later. The Circle CEO, Jeremy Allaire, responded to ZachXBT’s criticism by saying that the company would not freeze addresses solely based on ZachXBT’s investigation. The request from the law enforcement was necessary.

5/ USDC was sent directly from Circle accounts to three addresses in this cluster.

It’s 1 hop from an address blacklisted by Tether in April 2023 tied to Hyon Sop Sim.

Other DPRK ITW clusters currently have decent sized quantities of USDC sitting.

I think it’s misleading… pic.twitter.com/vGCcMZX6wL

— ZachXBT (@zachxbt) July 2, 2025

ZachXBT accuses Circle of allowing Korean hackers to use USDC so that the company will earn via transaction fees. Similar claims were made against the MetaMask wallet, which was allegedly involved in the DPRK money laundering operations.

While ZachXBT dismisses the sophistication of the DPRK agents when they try to infiltrate tech companies, Coinbase has its reasons to be cautious. Given that Coinbase is responsible for the custody of over 2.2 million bitcoins, which is more than 10% of the total supply, extensive control over the works may not seem unnecessary. 





Source link

0 comments
0 FacebookTwitterPinterestEmail
Close