hackeralert

During the holiday season, a large-scale attack targeted hundreds of cryptocurrency wallets across Ethereum Virtual Machine (EVM) compatible networks such as Ethereum, BNB Chain, Polygon, Avalanche, and Arbitrum. Blockchain security investigator ZachXBT reported a series of thefts in which small amounts of funds — typically under $2,000 per wallet — were stolen, but the total loss has already surpassed $107,000.

Gradual, Yet Sophisticated Exploit
Instead of massive single hits, the attacker used a low-key method by draining small amounts from many wallets. According to on-chain data, these coordinated thefts began in late December, but the exact method remains unclear. All funds were funneled to the address starting with 0xAc2e…ad8Bf9bFB.

Where the Funds Ended Up
Blockchain tracking tools reveal the attacker has accumulated assets across more than 20 different blockchains. Most of the funds were stolen from Ethereum — approximately $54,655, making up 51% of the total. BNB Chain followed with $25,545, then Base ($8,688), Arbitrum ($6,273), Polygon ($3,498), Optimism ($1,480), Zora ($994), Linea ($909), and Avalanche ($386).

Suspected Phishing via Fake MetaMask Emails & Trust Wallet Exploit
Some crypto users speculated that phishing emails mimicking MetaMask were used to trick investors into handing over their seed phrases.
However, an in-depth analysis by Nansen pointed to a supply chain attack targeting Trust Wallet’s Chrome extension (v2.68). This incident began on December 24, when a malicious update was released, allowing attackers to steal wallet recovery phrases.

Compromised GitHub Access and Backdoored Extension
Trust Wallet later confirmed that the attacker gained access to its source code and Chrome Web Store API keys via leaked developer data on GitHub. This allowed them to upload a malicious version of the extension without going through the company’s approval process. A fake domain, metrics-trustwallet[.]com, was also registered to distribute the backdoored extension capable of exfiltrating mnemonic phrases.
About 1 million users of the Trust Wallet Chrome extension were later prompted to update to version 2.69 after the compromised update went live.

Shai-Hulud 3.0: A More Sophisticated Malware Version
Researchers at Upwind described the malware as a stealthier evolution called “Shai-Hulud 3.0,” featuring enhanced string obfuscation, improved error handling, and Windows compatibility. Its goal wasn’t new attack techniques, but rather to prolong the campaign's lifespan undetected.

Expected Token Movements: Tornado Cash, THORChain & Others
Stolen tokens are expected to be laundered via platforms such as Tornado Cash, Railgun, THORChain, Debridge, eXch, and other OTC/mixing services to hide the origin of the assets.

Christmas 2025: A Record Season for Crypto Scams
This holiday season marked an all-time high in cybercrime targeting crypto users. In early December, the FBI’s Internet Crime Complaint Center warned Americans about scam and phishing emails, estimating more than $785 million in losses due to holiday-related non-payment and non-delivery scams — with another $199 million lost to credit card fraud.

A Year of Record-Breaking Crypto Heists
2025 is now the worst year on record for crypto theft. According to Chainalysis and TRM Labs, cybercriminals stole $2.7 billion worth of crypto — the highest annual total to date. The biggest heist was the $1.4 billion exploit on Dubai-based exchange Bybit.
That incident surpassed previous notorious hacks like the $624 million Ronin bridge breach and $611 million Poly Network hack in 2022.

North Korea Behind Most of the Thefts
Analysts say state-sponsored North Korean groups were behind the majority of 2025’s thefts, allegedly stealing over $2 billion this year alone. Since 2017, these groups are estimated to have stolen nearly $6 billion in crypto, reportedly used to fund North Korea’s sanctioned nuclear weapons program.

#Cryptoscam , #CryptoSecurity , #HackerAlert , #CryptoNews , #Ethereum

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Hackers Exploited the Account to Promote Fraudulent Tokens
The @TrumpDailyPosts account on the X platform (formerly Twitter) has been hacked and is being misused to spread fake meme coin addresses. The compromised account continues to actively promote several fraudulent tokens, including a fake token named $POWER.
According to Scam Sniffer, a Web3 platform focused on combating scams, the hackers not only post but also quickly delete content related to these fraudulent schemes. Users are advised to verify the credibility of any investment promises, especially those originating from compromised accounts.

Connection to Other Organized Scams
Investigations revealed that the gas source used to create the fake $POWER token address was linked to the same platform involved in a recent hack of the Farcaster account, owned by a MetaMask co-founder.
During that incident, hackers promoted fraudulent meme coins and were accused of generating over 1,000 SOL (Solana). These activities point to a well-organized cybercriminal gang targeting prominent crypto figures and organizations.
Social Media as an Emerging Tool for Fraud
A troubling trend in the crypto space is the increasing use of social media accounts to promote fraudulent tokens. Hackers exploit high-profile accounts to create an illusion of trustworthiness and maximize their financial gains.
The hacking of @TrumpDailyPosts is yet another example of how cybercriminals are adapting their methods. By leveraging fraudulent meme coins and social media, they are creating new ways to deceive investors and extract illicit profits.
How to Protect Yourself From These Scams
Given these trends, it is crucial for both users and platforms to pay closer attention to identifying fraudulent activities. Users should exercise extreme caution when considering any investment opportunities, especially involving meme coins or less-known tokens.
Safety should always take precedence over the promise of profit. Verify sources, thoroughly check addresses, and avoid suspicious projects promising unrealistic returns. The crypto space offers numerous opportunities but also comes with heightened risks that require vigilance and proactive measures.

#CryptoNewss , #blockchain , #CryptoScamAlert , #cryptohacks , #HackerAlert

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

On Wednesday night, a mysterious message appeared on the Ethereum blockchain — a direct mockery aimed at one of the most prominent crypto investigators. The sender? A hacker linked to the recent massive data breach at Coinbase, which compromised the accounts of over 69,000 users and may cost the exchange hundreds of millions of dollars.
The taunt, simply reading "L bozo", was embedded in a transaction and meant to ridicule the investigator. The hacker even included a link to a viral meme video featuring NBA Hall of Famer James Worthy smoking a cigar, escalating the provocation.

💰 $44.9 Million Laundered Through THORChain
But the trolling wasn’t all. On Tuesday, the attacker began liquidating stolen assets, converting 17,800 ETH into DAI stablecoins — worth roughly $44.9 million — using THORChain, a decentralized cross-chain trading protocol.
📉 The swaps occurred at an average ETH price of $2,528.

💼 One major swap involved 9,080 ETH for $22.8 million in DAI.
Using THORChain allowed the hacker to bypass centralized exchanges, complicating tracking efforts and signaling a new level of sophistication in crypto laundering tactics.

🔓 What Happened at Coinbase?
Coinbase confirmed that the breach took place in December 2024, but it wasn’t disclosed publicly until May 2025. The hackers gained access to sensitive personal data of around 69,000 users.
Soon after, they allegedly demanded $20 million in Bitcoin as ransom, threatening to leak the stolen data on the dark web. Coinbase refused to pay and instead offered the same amount as a reward for information leading to the attackers.

📉 Financial Fallout: Coinbase in Crisis
The breach has severely damaged Coinbase’s reputation. On Wednesday, its stock (COIN) closed down 0.92% at $258.97, continuing a 36% monthly decline.
Security experts claim the exchange ignored prior warnings of suspicious activity as early as December, a failure that now haunts its image and user trust.

🛡️ Binance and Kraken Also Targeted
Coinbase wasn’t the only target. Binance and Kraken also faced recent social engineering attempts, where attackers posed as users and tried to bribe support agents.
Binance’s AI systems successfully flagged and blocked the suspicious messages. Kraken reported no customer data losses either, thanks to strong internal protocols.

🔚 A Glimpse Into the Future of Crypto Crime?
This case is more than a breach — it's a bold show of power by a cybercriminal who’s fluent in DeFi and unafraid to mock those chasing him. With advanced laundering tactics and an open taunt of blockchain sleuths, we may be witnessing the next evolution in crypto-based crime.
Coinbase may recover financially — but the reputational scars will be harder to erase.

#HackerAlert , #CryptoSecurity , #CryptoCrime , #CyberSecurity , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“