First seen in Turkey in March 2025, Crocodilus is now active in countries like Poland, Spain, Brazil, Argentina, India, Indonesia, and the U.S., signaling a global expansion that concerns both banks and crypto holders alike.

Fake Apps, Real Intrusions

In Poland, attackers used Facebook ads to lure users with bogus loyalty app promotions. These ads—targeted at users over 35—redirected victims to malware-hosting sites. Once installed, the Trojan bypassed Android 13 restrictions and deployed its attack mechanisms.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

In Spain, Crocodilus disguised itself as a browser update. Once on a device, it overlays fake login pages on top of real banking and crypto apps, harvesting sensitive credentials. It even inserts fake “Bank Support” contacts into user phonebooks to aid social engineering efforts.

Crypto Wallets Under Direct Attack

The most alarming upgrade is Crocodilus’ new ability to automatically extract seed phrases and private keys from infected devices. Equipped with advanced parsing modules, the malware can quickly hijack wallet access with remarkable precision.

To avoid detection, the latest variant uses deep obfuscation techniques like XOR encryption and intentionally complex logic, making reverse engineering a challenge for security teams.

Smaller campaigns have also been seen targeting crypto mining apps and digital banks in Europe—highlighting the malware’s growing focus on crypto users.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Crocodilus Malware Expands to Crypto Wallets appeared first on Coin Engineer.

The initial transaction used a “default or conservative” fee setting. The user’s first RBF attempt doubled the fee and altered the output address. But instead of confirming either of these transactions, a final RBF with a dramatically higher fee overrode them, causing the entire amount of the change — 0.75 BTC — to be included as miner reward.

Satoshi Error or Bug in Wallet Script?

According to Anmol Jain, VP of Investigations at AMLBot, the user may have made a simple yet costly mistake in fee calculation. Jain suggested the user likely meant to enter 30.5692 sat, but accidentally typed 305,692 sat — or confused sat/vB with total satoshis.

Another theory is that an automated wallet script contained a miscalculation. Some wallets allow fee settings in sats/vB, and such confusion can arise if the system interprets a small value as too low and prompts the user to increase it. Jain explains:

“User types 305000 thinking it’s 30.5 sat/vB, but the wallet applies 305,000 sat/vB — which is insane.”

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The mistake caused the wallet to treat a full UTXO of nearly 0.75 BTC as a transaction fee, likely due to not properly updating the change address or misreading the transaction structure. Both earlier transactions remained unconfirmed while the highest-fee version went through.

RBF: Flexible Feature or Dangerous Tool?

Replace-by-fee is a controversial but core feature in Bitcoin. It allows users to replace unconfirmed transactions with higher-fee versions. Miners, motivated by profit, are expected to confirm the version that offers a higher reward.

This mechanism has sparked debate. In 2019, Bitcoin Cash advocate Hayden Otto claimed RBF enabled double-spending. Bitcoin Cash removed RBF support and claimed unconfirmed transactions on its network were final and trustworthy.

Despite this, RBF-like behaviors have occurred on Bitcoin Cash as well, showing that this feature is more a result of blockchain dynamics than a standalone switch.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Panicked Bitcoiner Loses Over $70K in RBF Fee Error! appeared first on Coin Engineer.