ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Shiba Inu Exec Issues Critical Warning as Scammers Appear Again - U.Today
Lucie, a Shiba Inu executive, warned users about scammers exploiting the SHIB community with fake portals related to the new SOU NFT project. She urged users to verify links and only use the official website to prevent wallet theft. The SOU initiative aims to compensate users affected by a previous exploit, offering audited NFTs that document owed tokens.
UToday5h ago
Moonwell releases official statement on oracle mismatch incident; the fix governance proposal is scheduled to go live.
DeFi lending protocol Moonwell incurred approximately $1.78 million in bad debt due to an oracle configuration error, causing the cbETH quote to deviate from the actual market price. Attackers easily liquidated debts, resulting in a large number of borrowers' assets being wiped out. The fix requires a five-day governance vote, and a repair proposal is currently planned to go live.
GateNewsBot7h ago
Moonwell lost $1.78 million due to a contract error caused by AI Claude Opus 4.6, co-authored by
A serious security incident occurred on Moonwell's DeFi lending protocol due to a critical vulnerability in smart contract code allegedly written by AI model Claude Opus 4.6, resulting in a $1.78 million exploit. The issue stemmed from incorrect pricing of cbETH, allowing manipulation of the system.
TapChiBitcoin16h ago
A certain trader suffered a poisoning attack resulting in a loss of approximately $600,000 worth of USDT.
PANews February 17 News, according to Cyvers Alerts monitoring, a trader experienced a poisoning attack about an hour ago, resulting in a loss of approximately $600,000 worth of USDT. When attempting to send funds to 0x77f6ca8E...2E087a346, he mistakenly sent the transaction to a malicious impersonation address 0x77f6A6F6...DFdA8A346, warning users to be vigilant about related risks.
GateNewsBot02-17 07:37
ZeroLend will cease operations. Users are advised to withdraw their remaining funds from the platform.
Decentralized lending protocol Zerolend announces the suspension of all operations due to decreased market support and rising malicious activities making it unsustainable. Users are advised to withdraw their remaining funds, and ZeroLend will update the smart contract to attempt to recover the affected assets.
GateNewsBot02-17 05:44
