ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Million-Dollar Trading Influencer Exposed for Profiting from Selling Courses: Where's the Line Between Trading Experts and Content Influencers?
U.S. trading influencer ImanTrading recently accused fellow trading influencer TJR (Tyler Riches) in a video of profiting from courses and signal groups rather than actual trading. The video revealed that TJR previously borrowed money from friends to trade and incurred losses, and pointed out that his trading performance shows signs of falsification. Additionally, TJR's paid courses have been questioned for having more participants than claimed, with the actual teaching quality difficult to verify. The incident has sparked discussions about the boundary between influencers and legitimate traders.
ChainNewsAbmedia44m ago
Venus Protocol Hacked for $3.7 Million Loss: $THE Low-Liquidity Tokens Became Attack Vector, BNB Chain DeFi Sounds Alarm Again
Decentralized lending protocol Venus Protocol was attacked for approximately $3.7 million on March 15, 2026, resulting in $2.18 million in bad debt. The attacker conducted a sophisticated attack by manipulating the price of low-liquidity token $THE, combining on-chain lending with off-chain derivatives, exposing systemic risks. The incident prompted the industry to re-examine collateral eligibility standards and risk parameter design.
ChainNewsAbmedia2h ago
Venus Protocol Hit by "Liquidation Bomb" Attack: Hacker Disguised as Normal Operations for 9 Months, Created $2.15 Million Bad Debt
BNB Chain's lending protocol Venus Protocol fell victim to a hacker attack on March 16 that had been planned for 9 months, ultimately resulting in the extraction of approximately $5.07 million in assets and causing $2.15 million in bad debt. The attacker manipulated the price of THE token to trigger liquidations, and Venus responded by reducing collateral factors across multiple markets, highlighting the risks DeFi protocols face with low-liquidity tokens.
動區BlockTempo3h ago
China's Digital Yuan Operations Management Center Announces Three Types of Fraud Schemes
The China Digital Renminbi Operation and Management Center has announced three types of scams: pyramid schemes disguised as promotional activities, scams that lure transfers through rebate schemes for fake orders, and schemes that trick users into downloading counterfeit apps to steal information and funds.
GateNews4h ago
White Hat Hacker Discloses Critical Vulnerability in Injective Protocol Involving 500 Million Dollars in Assets, Bug Bounty Dispute Remains Unresolved
White hat hacker f4lc0n discovered a serious vulnerability in the Injective protocol that could have led to the theft of $500 million in assets. Although the fix was rewarded with only a $50,000 bounty, which is below the maximum standard of $500,000, f4lc0n disputes this and plans to continue exposing the issue.
GateNews4h ago
Venus Protocol Suffers Supply Cap Attack, Loses $3.7 Million
Decentralized lending platform Venus Protocol recently suffered a supply cap manipulation attack targeting the Thena token, resulting in losses exceeding $3.7 million. The attacker accumulated tokens over 9 months through gradual methods, ultimately bypassing the supply cap and manipulating the price to cause massive asset borrowing. The platform has suspended related lending and withdrawal functions to mitigate risks, exposing systemic vulnerabilities in DeFi protocols regarding long-term monitoring and low-liquidity tokens.
MarketWhisper5h ago
