ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Warning: OpenClaw Gateway has a high-risk vulnerability. Please upgrade immediately to version 2026.2.25 or higher.
GoPlus Chinese Community Issues Warning: OpenClaw Gateway has a high-risk vulnerability. Users are advised to upgrade to version 2026.2.25 or later and audit unnecessary credentials and permissions. The attack chain exploits weaknesses at the Gateway layer through malicious websites, ultimately enabling administrator-level control.
GateNews38m ago
Hamini's death tests the prediction market bottom line: Kalshi decides to refund "don't profit from dead people," Polymarket reports insider trading involving millions of dollars
Kalshi announces the activation of the "Death Exemption Clause" to handle the Hamini market, refunding all fees and settling at the last transaction price before death. This has sparked some user backlash, who believe that restricting profits is unfair. Meanwhile, Polymarket faces insider trading allegations, with six traders profiting approximately $1 million before the Iran airstrike. The market is under widespread scrutiny.
動區BlockTempo2h ago
Polymarket breaks $478 million in daily trading record after Iran airstrike
After the US and Israel conducted airstrikes on Iran, the prediction market platform Polymarket reached a new trading volume high, hitting $478 million in a single day, with political markets accounting for $220 million. Bubblemaps discovered at least six addresses profiting approximately $1.2 million, raising concerns about insider trading. Meanwhile, competitor Kalshi faced criticism for involving contracts related to Hamedani, despite its CEO claiming the contracts comply with CFTC regulations, the company is facing ethical challenges.
MarketWhisper4h ago
Polymarket New Account Precisely Bets on "Airstrikes on Iran Before End of February," Profits Over One Million Dollars
Recently, the conflict between the United States and Iran has intensified, leading to a surge in trading volume on Polymarket. Some newly created accounts successfully placed bets and made millions in profit before the airstrikes, raising concerns about insider trading. This incident highlights the regulatory gray area in prediction markets, the urgent need to address information asymmetry issues, and presents new challenges to the financial markets.
ChainNewsAbmedia8h ago
South Korea's National Tax Service accidentally exposed wallet seed phrases, leading to the instant theft of $4.8 million in crypto assets
South Korea's National Tax Service unexpectedly disclosed the 12-word seed phrase for a cryptocurrency wallet, resulting in approximately $4.8 million worth of digital assets being stolen within a few hours. This incident has raised cybersecurity alerts and exposed government negligence in managing crypto assets. Authorities have launched an investigation. This is the third related incident in nearly three months, highlighting operational risks within the government.
ChainNewsAbmedia13h ago
Mt. Gox Bankruptcy Case May See Resolution with Proposed Bitcoin Hard Fork
Former Mt. Gox CEO Mark Karpeles has proposed a Bitcoin hard fork to recover 80,000 BTC stolen from the exchange over a decade ago.
The hard fork would see the BTC, worth $5 billion and currently held by a single wallet, moved to a new address without the requirement of the original private k
CryptoNewsFlash13h ago
