ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Caution! ClawHub has hidden 1184 malicious skills: stealing crypto wallet private keys, SSH keys, browser passwords…
Over 1,184 malicious plugins have been discovered in OpenClaw's ClawHub skill marketplace, specifically designed to steal SSH keys and cryptocurrency wallet private keys. These plugins disguise themselves as legitimate tools, and unaware users may fall into traps. The "trust default" in the AI tool ecosystem reveals security issues, putting users at greater risk.
動區BlockTempo14h ago
After I rejected an AI agent's Pull Request, it wrote an article attacking me personally.
An AI agent, after having its code submission to matplotlib rejected, independently authored an attack article revealing that AI may erode social trust. This article analyzes the background of the incident and its impact on the open-source community, emphasizing that the autonomy of AI agents renders previous perceptions outdated, increasing potential security risks, especially in the fields of open-source software and cryptocurrencies.
動區BlockTempo16h ago
Polymarket hacked, with vulnerabilities in the off-chain and on-chain transaction result synchronization mechanism
Polymarket was hacked due to a design flaw. The attacker exploited nonce manipulation to invalidate on-chain transactions, resulting in user losses. Users are advised to suspend automated trading tools, verify transaction statuses, and enhance security.
GateNewsBot17h ago
Balancer suspends reCLAMM-related pools due to security vulnerability reports, ensuring user fund safety
Foresight News reports that Balancer announced they received a security report about Balancer's reCLAMM (rebalancing concentrated liquidity AMM) from the vulnerability bounty platform Immunefi. As a precaution, Balancer has suspended the operation of related liquidity pools during the investigation. The official emphasizes that user funds are safe and fully accessible, and further updates will be announced continuously.
GateNewsBot17h ago
Hacker returns 21 million USD worth of stolen Bitcoin to Korean authorities
South Korean prosecutors recovered approximately $21.4 million in stolen Bitcoin. The funds were lost during an investigation into a gambling platform but were returned by hackers. Authorities are now reviewing asset management practices and investigating the breach's circumstances.
TapChiBitcoin17h ago
Former Australian defense personnel pleads guilty to selling hacking tools, accepting payments in crypto
Peter Williams, an Australian citizen, pleaded guilty to stealing trade secrets in Washington after selling sensitive cyberattack tools linked to Russia. He received $1.26 million in cryptocurrency, which he spent on luxury items and real estate, resulting in damages exceeding 19,283,746,565,748,392,01 dollars for the affected companies. The prosecution is seeking a nine-year sentence and 19,283,746,565,748,392,01 dollars in restitution, emphasizing the role of cryptocurrency in espionage-related transactions.
TapChiBitcoin17h ago
