- \n
- Coinbase and Ledger customers targeted by seed\u2011phrase phishing.<\/li>\n
- North Korean hackers posed as HR managers of major crypto exchanges.<\/li>\n
- Members of the group that breached NATO\u2019s portal suggested their leader had been arrested.<\/li>\n<\/ul>\n<\/div>\n
Coinbase and Ledger customers targeted by seed-phrase phishing campaign<\/strong><\/h2>\n
Researchers at SilentPush uncovered<\/a> the PoisonSeed phishing campaign, which sends emails containing seed phrases to steal cryptocurrency.<\/p>\n
First, attackers spin up spoofed pages of well-known mass-mailing platforms, including Mailchimp, SendGrid, HubSpot, Mailgun and Zoho. They use them to compromise corporate email accounts of various marketers and then send spam from those inboxes. The hackers focus on Coinbase customers and Ledger hardware\u2011wallet owners.<\/p>\n
The messages typically mimic an urgent alert such as \u201cCoinbase is moving to self-custody wallets\u201d and include a seed phrase. Recipients are told to enter it when creating a new wallet to \u201csafely transfer assets\u201d as part of an update or migration.<\/p>\n
![\"image-671\"](\"https:\/\/u1f987.com\/wp-content\/uploads\/image-671-651x1024.png\")
Fake email purporting to be from Coinbase. Data: SilentPush.<\/figcaption><\/figure>\n If the target complies, the attacker gains full control of their funds.<\/p>\n
North Korean hackers posed as HR managers from major crypto exchanges<\/strong><\/h2>\n
Experts at Sekoia flagged a new ClickFix tactic<\/a> adopted by the North Korean hacking group Lazarus Group to target jobseekers in AI and crypto.<\/p>\n
Candidates receive invitations from fake interview sites. When they click through and view content, they encounter errors. The page offers to \u201cfix\u201d the issue by running PowerShell commands that fetch malware.<\/p>\n
In this campaign the hackers impersonate well-known crypto projects, including Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood and Bybit.<\/p>\n
![\"image-673\"](\"https:\/\/u1f987.com\/wp-content\/uploads\/image-673-1024x809.png\")
Brands used by the hackers. Data: Sekoia.<\/figcaption><\/figure>\n Beyond stealing crypto, the malware can perform file operations and shell commands, exfiltrate cookies, browsing history and saved passwords, and collect system metadata.<\/p>\n
Members of the group that breached NATO\u2019s portal suggest their leader was arrested<\/strong><\/h2>\n
One member of the SiegedSec hacking group, responsible for breaching NATO\u2019s portal, the Heritage Foundation think-tank and a nuclear laboratory in Idaho, suggested that the FBI searched the home of their leader, known as vio, and arrested her. This was reported by Daily Dot<\/a>, citing a March 26 tweet.<\/p>\n
\n
I regret to inform you that vio’s location was raided earlier today. She is no longer accessible, contactable, or reliable.<\/p>\n
I’m available to address any inquiries you may have.<\/p>\n
\u2014 . (@mewmrrpmeow) March 26, 2025<\/a><\/p><\/blockquote>\n