You Can Find It In This Article
- ZachXBT attributed the theft of 23.6 million dollars worth of cryptocurrency to the hacking a Ripple founder’s wallet.
- PyPI’s library contains a program that steals Ethereum.
- Sites with fake DeepSeek stylers, backdoors and spreads.
- The account theft was caused by Telegram Stars NFT.
ZachXBT claims that the theft of $23.6m in cryptocurrency was due to the hacking into a Ripple founder’s wallet
In 2022, U.S. officials seized $23.6m in cryptocurrency stolen from an online password manager. Court documents show that between June 2024 to February 2025, the law enforcement agencies traced stolen assets back to OKX, Payward Interactive, Inc., AscendEX Technology SRL, Ftrader Ltd, FixedFloat, SwapSpace LLC, Rabbit Finance LLC, SwapSpace LLC, Rabbit Finance LLC, operated by CoinRabbit.
Investigators have not named a particular online password manager. However, in the complaint it is stated that “two significant data breaches” occurred on the platform between August 2022 and November 2022. This timeline corresponds to the LastPass incidents.
ZachXBT’s onchain investigator wrote that this seizure was related to theft of 150 million dollars (283 million Ripple XRP), from Ripple founder Chris Larsen, in January 2024.
LastPass, which stores private keys, is the reason why Larsen’s wallet has been hacked. The researcher said that Larsen hasn’t publicly revealed the cause of the theft until then.
Reps of LastPass responded to Bleeping Computer’s comment by saying that, at this time, the law enforcement authorities “haven’t provided conclusive proof linking any cryptocurrency thefts with our incident.”
PyPI has been found to contain software that steals Ethereum.
Researchers at Socket have found a Python Package Index package (PyPI), “set-utils”, that steals Ethereum private keys. The malicious Python Package Index (PyPI) “set-utils” package has been downloaded over 1,000 times since Jan 2025. However, the potential number of victims is much greater.
This package is masked as a Python tool, and mimics the “python” utility with over 712,000,000 downloads. It also emulates “utils”, which has 23.5,000,000 installations. These attacks are aimed at blockchain developers who use the “ethaccounts” library for managing wallets. They also target DeFi Python projects, and Web3 Ethereum enabled applications.
Attackers use the standard Ethereum wallet to create private keys on the compromised devices. The Polygon blockchain is used to withdraw funds.
The malicious package was removed as of the time this article is being written from PyPI. It is advised that users who have downloaded the malicious package to their project take immediate action to move assets from a vulnerable address to a more secure one.
Stylers, backdoors and stylers are spread by FakeDeepSeek websites
Kaspersky Lab has detected several groups of fake pages that copy the DeepSeek official website.
The fake resources installed a DeepSeek Windows client that was not real, which distributed a Python-styler. This malware can steal cookies, sessions, passwords for accounts with various services and files that have specific extensions.
Social network X was the primary vector used to distribute links leading to the fraudulent websites in the second scam. The attacker’s tweet on behalf of a company in Australia received 1.2 millions views, and was reposted more than 100 times.
Third campaign is targeted at technically advanced users. The malicious payload is downloaded and masquerades itself as Ollama, a language model framework that runs large models of languages on a local computer. In a last step, the malware installs an altered Farfli Backdoor onto the victim’s computer.
Britain will investigate Reddit and TikTok for the handling of children’s data
UK Information Commissioner’s Office has opened an investigation regarding TikTok and Imgur in relation to the privacy of users underage;
The agency has not yet completed its investigation into whether or not there were any data protection violations, and what kind of information is used by the services to determine the user’s age.
The ICO will seek to clarify any breaches before deciding on the final measures against the company.
Account theft was caused by Telegram Stars, NFT and other apps.
Analysts at F6 have recorded a rise in account thefts on Telegram messenger. Just one group stole over 1.24 million account in the second half 2024. This is a 25.5% increase compared with the same period of 2023.
The attackers are primarily interested in the collectible digital gifts and Telegram Stars, which include NFT. Usually, the attackers transfer them to fake accounts before selling them.
This amount can vary depending on whether you have a subscription to a channel with administrative rights, or how many dialogs there are.
To create phishing materials, attackers use Telegram bots or web panels. Cash prizes, subscriptions to premium services, voting, and access to private channels are used as lures.
As part of an elaborate combo scam, the stolen account may automatically begin spreading fake links. These links lead to fake resume-creation pages. It is necessary to obtain authorization via Telegram to “send” it to an employee.
Apple users in 117 different countries were notified about spyware attacks
Apple has informed users in 117 different countries about targeted mobile spyware attacks. Amnesty International’s experts reported this.
In the past, these mailings did not identify the perpetrators of the attacks or reveal which countries were affected.
Apple sent notifications similar to this twice by 2024.
What should I read over the weekend?
Understand the impact that meme-coins have on the cryptocurrency industry.
This site is for entertainment only. Click here to read more
