A U.S. government contractor has been arrested for allegedly stealing $46M in cryptocurrency tied to the 2016 Bitfinex hack while working with the U.S. Marshals Service.
Investigators say privileged access was used to divert seized crypto assets.
Insider threat or weak custody controls?
#Cybersecurity #CryptoSecurity #Blockchain
A crypto operational mistake allegedly cost South Korea nearly $4.8M.
Authorities shared images celebrating seized assets from tax evaders - but one photo reportedly revealed the recovery phrase of a hardware wallet.
Within hours:
• Attacker funded gas fees with ETH
• 4M PRTG tokens transferred
• ~$4.8M gone
A reminder that OpSec failures can compromise even offline crypto storage.
Source: https://www.generation-nt.com/actualites/crypto-coree-sud-fisc-perte-seed-phrase-2071790
What safeguards should governments implement for seized digital assets?
Join the conversation and follow TechNadu for more cybersecurity and cybercrime coverage.
#CyberSecurity #CryptoSecurity #Blockchain #DigitalAssets #InfoSec #CryptoWallet #CyberCrime #OpSec #ThreatIntel
South Korea's Tax Agency Handed Thieves a $4.8m Crypto Key in a Press Release
#Crypto #SouthKorea #CyberSecurity #DigitalAssets #AusNews #CryptoSecurity
South Korea tax office exposed a wallet seed phrase in press materials.
Impact:
~$4.8M in seized PRTG tokens drained.
Agency now overhauling crypto custody procedures.
Private key exposure = total compromise.
$48M in crypto was stolen after a wallet seed was exposed by a Korean tax agency — one secret leaked, millions lost. Key management is everything. 🔑💸 #CryptoSecurity #SecretManagement
Seoul's Tax Triumph Turns to Farce After Crypto Key Exposed in Press Photo
#SouthKorea #Cryptocurrency #CyberSecurity #Blockchain #AusNews #CryptoSecurity
Belastingdienst blundert met miljoenen: een harde les in crypto beveiliging. Leer ervan! #CryptoSecurity 🚀
https://itinsights.nl/cybersecurity/miljoenenfout-belastingdienst-de-ultieme-les-in-crypto-beveiliging/
Alright team, it's been a pretty active 24 hours in the cyber trenches! We've got a couple of notable breaches, some concerning new malware and AI-related vulnerabilities, and a strong message from the DEF CON community. Let's dive in:
Crypto Heists & Malicious Extensions 💸
- South Korea's National Tax Service made a costly blunder, publicly exposing the mnemonic recovery phrase of a seized crypto wallet in a press release, leading to the theft of $4.8 million in Pre-Retogeum (PRTG) tokens. This highlights a critical lack of basic understanding of virtual asset security by authorities.
- The "QuickLens - Search Screen with Google Lens" Chrome extension, with around 7,000 users, was compromised after a change of ownership. A malicious update introduced ClickFix attacks (fake Google Update prompts) and info-stealing functionality, targeting crypto wallets (MetaMask, Phantom, etc.) and credentials, with macOS users potentially hit by the AMOS infostealer.
- If you've used QuickLens, remove it, scan your device, reset passwords, and move crypto funds to a new wallet immediately.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
New Malware & AI Agent Vulnerabilities 🤖
- A new Windows RAT called Steaelite is being sold on cybercrime forums, offering an all-in-one solution for double extortion attacks. It bundles ransomware, data theft, credential/crypto stealers, and live surveillance, with automated data harvesting kicking in the moment a victim connects. An Android module is also reportedly in development.
- The OpenClaw AI agent ecosystem is facing significant security scrutiny. A high-severity "ClawJacked" flaw (fixed in v2026.2.25) allowed malicious websites to hijack local AI agents by brute-forcing gateway passwords via WebSocket and silently registering as trusted devices.
- Beyond "ClawJacked," the OpenClaw ecosystem has seen multiple other vulnerabilities (RCE, command injection, SSRF, auth bypass, path traversal) and a surge in malicious skills on ClawHub, used to distribute infostealers like Atomic Stealer and facilitate crypto scams. Microsoft advises treating OpenClaw as untrusted code and deploying it only in isolated environments.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
📰 The Hacker News | https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
Google Cloud API Key Exposure 🔒
- Truffle Security found nearly 3,000 Google Cloud API keys, originally intended for billing or benign services like embedded maps, could be abused to authenticate to sensitive Gemini endpoints.
- This occurs when the Gemini API is enabled on a Google Cloud project, silently granting existing API keys (even publicly exposed ones) access to Gemini, allowing attackers to access uploaded files, cached data, and rack up huge LLM-usage bills.
- Google has implemented proactive measures to detect and block leaked keys, but users are strongly advised to audit their Google Cloud projects, check for enabled AI-related APIs, and rotate any publicly accessible keys, especially older ones.
📰 The Hacker News | https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html
Cyber Policy & Community Frustration 🏛️
- The DEF CON community, particularly figures like Jake Braun, is expressing significant frustration with governments' inability to effectively address major societal threats: cybercrime, AI, and authoritarianism. The annual Hacker's Almanack highlights hackers stepping up to secure critical infrastructure and fight back against cybercriminals and oppressive regimes.
- There's a growing concern about the accelerating power of AI for offensive hacking, with calls for industry-wide security controls for AI, similar to CIS Critical Security Controls.
- In a separate but related development, the Pentagon has designated AI firm Anthropic as a "supply chain risk" due to an impasse over the company's refusal to allow its Claude AI model to be used for mass domestic surveillance or fully autonomous weapons. This highlights a growing tension between AI ethics and military applications, with OpenAI reportedly taking a different stance with the DoD.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/28/def_con_jake_braun_fed_up_govt/
📰 The Hacker News | https://thehackernews.com/2026/02/pentagon-designates-anthropic-supply.html
#CyberSecurity #ThreatIntelligence #Ransomware #Malware #RAT #AI #Vulnerability #APISecurity #CloudSecurity #CryptoSecurity #ChromeExtension #SupplyChainRisk #DEFCON #InfoSec #CyberAttack #IncidentResponse
Incident Overview:
Platform: Step Finance
Loss: ~$40M treasury theft
Vector: Compromised executive devices
Status: Operations terminated
Recovery efforts:
• ~$3.7M Remora assets recovered
• ~$1M additional tokens recovered
• Snapshot-based reimbursement for STEP holders
• Buyback + redemption process underway
Collateral shutdown:
Remora Markets, SolanaFloor
Strategic insight:
Executive endpoint compromise → treasury compromise.
Crypto treasury management must incorporate hardened device policies, hardware-backed key storage, enforced MFA, anomaly detection.
Source: https://therecord.media/step-finance-cryptocurrency-theft-shutdown
Follow us for tactical crypto threat briefings.
Share mitigation strategies below.
#Infosec #CryptoSecurity #DeFiRisk #TreasuryManagement #EndpointSecurity #Blockchain #DigitalAssets #ThreatModeling #CyberIncident #SecurityOperations
Cartografía de la seguridad de activos: Visualización de vectores de riesgo en exchanges vs. billeteras de hardware según el reporte 2026. 🧠👾 🔗 https://www.glitchmental.com/p/insights-visuales.html #DataVisualization #CryptoSecurity #BlockchainAnalysis #GlitchMentalMX
Criptografía aplicada 2026: Análisis comparativo de soluciones de custodia personal para nuevos usuarios de activos digitales. Protocolos de seguridad y recuperación. 🧠👾 🔗 https://www.glitchmental.com/2026/02/guia-wallets-cripto-principiantes-2026.html #CryptoSecurity #BlockchainTech #DigitalAssets #GlitchMentalMX
Morning, cyber pros! ☕ It's been a slightly quieter 24 hours, but we've still got some critical updates to chew on, from a dominant threat actor exploiting Ivanti RCEs to North Korean fake recruiters and a low-tech crypto phishing scam. Let's dive in:
Ivanti RCE Exploitation Dominance ⚠️
- A single threat actor, using bulletproof infrastructure from IP 193.24.123.42, is behind 83% of recent active exploitation attempts targeting two critical Ivanti EPMM RCE vulnerabilities (CVE-2026-21962 and CVE-2026-24061).
- This IP address is not widely published in IOC lists, meaning many defenders might be missing the primary source of these automated attacks, which also target Oracle WebLogic and GNU Inetutils Telnetd.
- Ivanti has released hotfixes and recommends using specific RPM packages or, for the most conservative approach, rebuilding EPMM instances and migrating data until full patches are available in Q1.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/one-threat-actor-responsible-for-83-percent-of-recent-ivanti-rce-attacks/
Lazarus Group's Fake Job Scams 🕵️
- North Korean threat actors, likely the Lazarus Group, are targeting JavaScript and Python developers with fake job offers that include malicious coding challenges.
- These challenges trick developers into installing compromised packages from npm and PyPi (dubbed 'Graphalgo'), which then deploy a sophisticated Remote Access Trojan (RAT) capable of exfiltrating files and checking for MetaMask installations.
- Developers who may have installed packages like 'bigmathutils' or those with 'graph' or 'big' in their name from suspicious sources should immediately rotate all credentials, tokens, and consider a full OS reinstall.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
Crypto Wallet Phishing via Snail Mail ✉️
- Threat actors are employing a rare physical phishing tactic, sending fake letters impersonating Trezor and Ledger to trick hardware wallet users into revealing their recovery phrases.
- The letters create urgency, claiming mandatory "Authentication Checks" or "Transaction Checks" and directing users to scan QR codes that lead to sophisticated phishing websites designed to steal 12-, 20-, or 24-word seed phrases.
- Remember: reputable hardware wallet manufacturers will NEVER ask you to enter your recovery phrase on a website or computer; it should only be entered directly on the device itself during restoration.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/
#CyberSecurity #ThreatIntelligence #Vulnerability #RCE #Ivanti #LazarusGroup #APT #Malware #RAT #Phishing #SocialEngineering #CryptoSecurity #InfoSec #IncidentResponse
Threat actors tied to LABYRINTH CHOLLIMA now map to three coordinated groups mixing espionage and cryptocurrency theft while sharing malware and infrastructure.
🔗 https://www.technadu.com/researchers-tracks-three-groups-emerging-from-labyrinth-chollima/619330/
Protect your project with a secure and sleek theme built to give your users total peace of mind. https://tinyurl.com/crytor #WordPress #CryptoSecurity #Trust
An international report outlines how cyber-enabled financial theft and identity misuse linked to North Korea have affected entities in over 40 countries.
The findings emphasize challenges in:
• Remote workforce identity verification
• Cryptocurrency laundering detection
• Cross-border cybercrime enforcement
Regardless of attribution, the technical and operational risks are highly relevant to defenders.
How are security teams adapting controls for these blended cyber–financial threats?
Source: https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations
Follow TechNadu for objective InfoSec reporting and analysis.
#InfoSec #ThreatIntelligence #CryptoSecurity #CyberCrime #RiskManagement #TechNadu
🔐 "Crypto sotto attacco: la minaccia GoBruteforcer è più reale che mai! La sicurezza online non è un gioco. #CryptoSecurity #GoBruteforcer"
🔗 https://www.tomshw.it/altro/gobruteforcer-attacca-crypto-e-blockchain-2026-01-08
Ledger has disclosed a customer data exposure related to a third-party payment processor, Global-e, involving personal contact information.
The incident underscores persistent third-party risk challenges, particularly where external services process or store customer data. Vendor security posture and contractual controls remain critical components of overall risk management.
From an infosec standpoint, what controls best reduce downstream exposure from partners?
Share insights and follow @technadu for objective infosec coverage.
#ThirdPartyRisk #DataProtection #CryptoSecurity #Infosec #PrivacyEngineering #VendorManagement
A previously concluded cybercrime case related to the 2016 Bitfinex incident is seeing renewed attention after an early release under U.S. prison reform provisions.
The development underscores ongoing challenges in aligning cybercrime sentencing, rehabilitation, and policy consistency in an evolving threat landscape.
From an infosec perspective, how should accountability evolve for financially motivated cybercrime?
Share your insights and follow @technadu for objective infosec reporting.
#Infosec #CyberLaw #CyberCrimeAnalysis #CryptoSecurity #ThreatLandscape
A cybercrime forum listing claims the sale of read-only access to a cryptocurrency exchange panel, including visibility into user profiles, transaction histories, and KYC-related documentation.
If substantiated, this reinforces ongoing concerns around internal access governance, support system abuse, and identity data exposure within financial platforms.
What security controls should be non-negotiable for protecting KYC workflows?
Source: https://x.com/DarkWebInformer/status/2006853492871188940?s=20
Follow @technadu for objective cybersecurity reporting.
Join the discussion.
#InfoSec #CyberThreats #CryptoSecurity #KYC #AccessManagement #ThreatIntelligence #TechNadu
Insider threat case update.
A former Coinbase support agent was arrested in India for allegedly enabling unauthorized access that exposed PII & KYC data of ~69,500 users.
