Skip to main content

Tag: cryptotheft

6 articles

JavaScript packages Risky: Exclusive Crypto-Theft Alert

JavaScript packages Risky: Exclusive Crypto-Theft Alert

Eighteen popular JavaScript packages — downloaded billions of times a week — were briefly compromised after a maintainer fell for a phishing email, with code added to steal crypto keys before it was quickly removed. The scare is a wake-up call: tighten maintainer access, adopt signing and provenance, and treat dependencies like critical third-party software.

Analyst 207
North Korean hackers: Stunning $2B Crypto Heist — Alarming

North Korean hackers: Stunning $2B Crypto Heist — Alarming

Elliptic reveals North Korean-linked hackers have grabbed a record $2B in crypto this year, using smart hacks and clever laundering to dodge sanctions — a wake-up call about how quickly digital assets can be weaponized. Stronger defenses, better on-ramps and international cooperation are urgently needed to stop the next haul.

Analyst 207
ConnectWise ScreenConnect Risky Exploit: Stunning AsyncRAT

ConnectWise ScreenConnect Risky Exploit: Stunning AsyncRAT

Imagine your trusted remote-admin tool becoming the very doorway attackers use to steal credentials and siphon crypto—researchers found ConnectWise ScreenConnect sessions abused to run a fleshless, in-memory VBScript loader that dropped AsyncRAT to harvest keys, keystrokes, and wallets. Harden RMM access, monitor session scripts, and assume compromise—because when legitimate tooling is weaponized, detection needs to get smarter fast.

Analyst 207
malicious npm package: Risky Crypto-Theft Exclusive Alert

malicious npm package: Risky Crypto-Theft Exclusive Alert

A malicious npm package posing as the popular nodemailer email library slipped into projects with one line of dependency and carried code designed to siphon cryptocurrency—showing how a single careless install can turn a routine dependency into a financial threat. Audit your dependencies, pin versions, and use supply‑chain tools—convenience shouldn’t cost you your wallet.

Analyst 207
developer AI assistants Risky: Stunning Supply-Chain Threat

developer AI assistants Risky: Stunning Supply-Chain Threat

A newly discovered supply‑chain attack on the Nx npm package used AI‑enabled malware to siphon developer secrets and crypto, showing how trusted code helpers can be turned into attack vectors. Treat AI suggestions as untrusted—use package signing, strict dependency pinning, least‑privilege environments, and thorough scans to keep your toolchain safe.

Analyst 207
witness intimidation: Stunning Risky Crime, Harsher Time

witness intimidation: Stunning Risky Crime, Harsher Time

When the alleged leader of a cross-border crypto theft ring assaulted a witness, jurors added decades to the sentence — a stark reminder that violence to silence witnesses not only invites harsher punishment but also makes tracing and prosecuting digital theft far harder.

Analyst 207