ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ledger Security Team Discovers MediaTek Processor Vulnerability That Could Lead to Wallet Mnemonic Theft
The team behind the crypto wallet Ledger has discovered a vulnerability in the secure boot chain of MediaTek processors. Attackers can extract encryption keys through physical access, affecting approximately 25% of Android phones. The vulnerability can be fixed with a patch, but it highlights the risks of storing keys on insecure devices. Users are advised to update promptly.
GateNews7h ago
AI code failure: Stop idolizing AI; Claude's coding caused a DeFi platform to lose $1.78 million
Moonwell Lending Protocol experienced a security incident on-chain due to an oracle configuration error, leading to a severe underestimation of cbETH asset prices. This event was caused by a logic error in AI-generated code, which was exploited by liquidation bots for profit. Although no traditional hacking was involved, users suffered a loss of $1.78 million. The incident highlights the oversight in AI programming review processes and emphasizes the importance of human oversight in the context of technological automation.
PANews8h ago
The Ministry of Industry and Information Technology releases OpenClaw intelligent agent security risk prevention recommendations, proposing four response strategies for financial transaction scenarios.
On March 11, the Ministry of Industry and Information Technology issued recommendations on preventing security risks associated with the open-source intelligent agent OpenClaw, emphasizing its potential risks in financial transactions. The "Six Musts and Six Don'ts" response strategy was proposed, such as implementing network isolation, secondary confirmation, and strengthening supply chain audits to prevent erroneous transactions and account hijacking.
GateNews8h ago
Aave experiences $27 million in abnormal liquidations, with 34 accounts being liquidated; the official promises full compensation
Aave experienced an abnormal liquidation on March 11th, with approximately $27 million in lending positions liquidated due to an internal security module CAPO parameter misconfiguration, resulting in a 2.85% underestimation of wstETH valuation. The liquidation affected 34 accounts, with about 10,938 wstETH forcibly closed. Chaos Labs has committed to fully compensate affected users and emphasized the need to improve risk management mechanisms. This incident highlights the risks posed by internal configuration errors within decentralized finance systems.
動區BlockTempo10h ago
Lido responds to liquidation event: a DeFi lending protocol oracle error caused the liquidation, unrelated to the Lido protocol
Lido responded to the liquidation event on March 10 caused by the CAPO oracle price error, stating that there will be no bad debt and that affected users will be fully compensated. The Lido Earn product was unaffected, and user funds are safe.
GateNews10h ago
BWA Chairman Dilip Chenoy Advocates Investor Education and Responsible Crypto Ecosystem
BWA Chairman Dilip Chenoy participated in the Q & A.
He called for thorough independent verification before crypto investment.
The immediate step for victims is to register a complaint with the authorities.
Dilip Chenoy, Chairman of Bharat Web3 Association (BWA), interacted with the media and pa
TheNewsCrypto13h ago
