Skip to main content

Tag: defi

17 articles

Brightly-lit financial sector setting with computer workstation in background.

Lazarus Group Deploys Memory-Only RAT in Financial Sector Attacks

The notorious Lazarus Group has unleashed a sneaky new attack tool, a memory-only Remote Access Trojan (RAT), targeting the financial sector with cunning precision. This stealthy malware, known as RemotePE, is just the latest weapon in the group's arsenal, and it's being used to infiltrate and manipulate its victims.

Analyst 207
Developer workstation with laptop and monitor displaying code, surrounded by notes and empty coffee cups, in a modern…

TrapDoor Attack Spreads Credential-Stealing Malware Across Software Ecosystems

A massive supply chain attack, dubbed TrapDoor, has been spreading credential-stealing malware across three major language ecosystems, infecting over 34 malicious packages and 384 versions. The coordinated campaign began on May 22, 2026, and continues to target developers with cleverly named packages related to cryptocurrency, DeFi, Solana, and AI.

Analyst 207
Shadowy figure in hoodie surrounded by cryptic symbols and a dead plant, with a laptop glow, set against a dusk cityscape.

Lazarus Hackers Orchestrate $290 Million KelpDAO Heist

In a shocking turn of events, the Lazarus hackers struck again, making off with a staggering $290 million from the KelpDAO decentralized finance project in a single weekend heist. But who benefits from this massive theft, and who's left to deal with the devastating aftermath?

Analyst 207
Drift Protocol Hack Unfolds from Months-Long Insider Operation

Drift Protocol Hack Unfolds from Months-Long Insider Operation

The Drift Protocol hack, which resulted in a staggering $280 million loss, was not a quick exploit, but a meticulously planned six-month operation where attackers built a hidden presence within the ecosystem. This unprecedented breach reveals a shocking level of insider involvement, taking the attack far beyond a simple code vulnerability.

Analyst 207
Drift Protocol Exploited for $280 Million by North Korean Hackers

Drift Protocol Exploited for $280 Million by North Korean Hackers

In a shocking and sophisticated attack, North Korean hackers seized control of the Drift Protocol's Security Council, resulting in a staggering loss of at least $280 million. This brazen exploit raises serious questions about the security of even the most trusted blockchain platforms.

Analyst 207
Drift Protocol Compromised in $280 Million Heist

Drift Protocol Compromised in $280 Million Heist

In a shocking, high-stakes heist, a sophisticated threat actor exploited a vulnerability in Drift Protocol's governance, seizing control of its Security Council and making off with at least $280 million in a single, precision strike. This brazen breach serves as a stark reminder of the devastating consequences of compromised governance controls.

Analyst 207
Uranium Finance Hack Exposed: Maryland Man Charged in $53m Crypto Heist

Uranium Finance Hack Exposed: Maryland Man Charged in $53m Crypto Heist

A Maryland man has been charged with stealing $53 million from Uranium Finance, a decentralized finance protocol, by exploiting weaknesses in smart contracts and then attempting to launder the proceeds through a complex web of cryptocurrency transactions. This brazen heist highlights the vulnerability of DeFi systems and the creative - yet illicit - tactics used by hackers to cash in.

Analyst 207
ThreatsDay Bulletin Exclusive: Essential Cyber Threats

ThreatsDay Bulletin Exclusive: Essential Cyber Threats

Ever wondered what happens when trusted doors are left unlocked? This ThreatsDay Bulletin shows how trusted attack chains—everyday files, SMS, cloud APIs and smart contracts—are being repurposed into stealthy, high‑leverage strikes and what you can do to shut them down.

Analyst 207
DeFi Protocol Balancer Suffers Stunning $120M Heist

DeFi Protocol Balancer Suffers Stunning $120M Heist

Who guards the guards? A sophisticated Balancer exploit drained over $120 million from the protocol’s liquidity pools, jolting the DeFi community and forcing a hard rethink of how permissionless innovation can survive against fast, well‑resourced attackers.

Analyst 207
ThreatsDay Exclusive: Critical Crypto Fine, AI Hijack Alert

ThreatsDay Exclusive: Critical Crypto Fine, AI Hijack Alert

ThreatsDay peels back how criminals are weaponizing trust — not by inventing new tech but by exploiting convenience, stale components and lax controls, from a billion‑dollar crypto collapse to AI‑assisted hijacks and targeted smishing. Find out why ordinary systems and trusted channels are the new attack surface, and who should be closing the door.

Analyst 207
EtherHiding: Exclusive Risky Crypto Heist Warning

EtherHiding: Exclusive Risky Crypto Heist Warning

What if the blockchain meant to protect your funds became a hiding place for thieves? Google warns North Korea-linked hackers are using EtherHiding—embedding malware in Ethereum transactions—to siphon crypto, forcing defenders to rethink how they detect and stop attacks.

Analyst 207
EtherHiding in smart contracts: Exclusive Critical Threat

EtherHiding in smart contracts: Exclusive Critical Threat

Imagine the smart contracts you trust quietly carrying malware — researchers say a North Korean‑linked group used a new EtherHiding trick to embed and trigger malicious payloads in blockchain contracts. Defenders now need to move beyond static code checks and adopt runtime monitoring to stop these covert distribution channels before they steal funds.

Analyst 207
weaponize trust: Stunning, Risky Threats to Tech

weaponize trust: Stunning, Risky Threats to Tech

This week’s ThreatsDay unpacks a staggering $15B crypto fraud, chilling satellite-enabled surveillance, and a rise in smishing — showing how everyday tech is being turned against us and what simple steps you can take to protect your money, data, and trust.

Analyst 207
AkdoorTea backdoor: Exclusive Dangerous Threat to Devs

AkdoorTea backdoor: Exclusive Dangerous Threat to Devs

A new North Korea-linked campaign called DeceptiveDevelopment is planting a stealthy backdoor, AkdoorTea, in developer environments worldwide—threatening repositories, build systems, and crypto projects across Windows, macOS, and Linux. If you build or maintain crypto or open-source tooling, now’s the time to lock down keys, enforce MFA, and monitor developer endpoints before a single compromised laptop turns into a major breach.

Analyst 207
malicious npm packages: Must-Stop Risky Supply-Chain Threat

malicious npm packages: Must-Stop Risky Supply-Chain Threat

Malicious npm packages and cloned GitHub repos are now weaponizing developer tooling to steal wallet keys and hijack Ethereum smart contracts, turning routine dependency installs into a direct route for theft. If you build dApps, treat every package as untrusted—use hardware wallets, isolate signing keys, and audit dependencies before they can cost you millions.

Analyst 207
Lazarus Group Exclusive: Dangerous DeFi RATs Revealed

Lazarus Group Exclusive: Dangerous DeFi RATs Revealed

A North Korea-linked Lazarus campaign used a crafty phishing lure to deploy three cross-platform RATs—PondRAT, ThemeForestRAT and RemotePE—breaching a DeFi organization and highlighting how attackers now tailor stealthy, multi‑OS toolsets to target decentralized finance. It’s a wake-up call: assume breach, tighten access and key protections, and shift to behavior-based detection across heterogeneous environments.

Analyst 207
Web3 cyber threats: Critical Must-Have Defense Guide

Web3 cyber threats: Critical Must-Have Defense Guide

EncryptHub is targeting Web3 developers with convincing fake AI platforms, so learn to spot spoofed sites, verify domains and social profiles, and never share private keys. Use hardware wallets, multisig, and secure development practices to keep your projects and funds safe.

Analyst 207