Details of the Attack and Preparation

Blockchain analyses show the attacker funded their account stealthily with small 0.1 ETH transfers through Tornado Cash to avoid detection. Coinbase executive Conor Grogan said the attacker stored at least 100 ETH in Tornado Cash smart contracts and that those funds may link to earlier hacks. Grogan stated, “Hacker seems experienced: seeded the account with 100 ETH and operated with 0.1 ETH Tornado Cash transfers. No opsec leaks.” This behavior clearly points to a professional actor who prepared ahead of time. Balancer announced it would offer a 20% white‑hat bounty if the stolen funds were returned in full (minus the reward).

What Makes the Balancer Hack Unique

Deddy Lavid, co‑founder and CEO of blockchain security firm Cyvers, called the Balancer exploit one of the most sophisticated attacks of 2025. The attackers bypassed access control layers to manipulate asset balances directly. This represents a critical failure in operational governance rather than a flaw in core protocol logic.

Lavid also warned that static code audits are no longer enough. He urged platforms to implement continuous, real‑time monitoring to detect suspicious flows before funds are drained.

, co‑founder and CEO of blockchain security firm Cyvers, called the Balancer exploit one of the most sophisticated attacks of 2025. The attackers bypassed access control layers to manipulate asset balances directly. This represents a critical failure in operational governance rather than a flaw in core protocol logic.

Lavid also warned that static code audits are no longer enough. He urged platforms to implement continuous, real‑time monitoring to detect suspicious flows before funds are drained.

Lazarus Group and Long‑Term Preparation Strategies

Similarly, North Korean group Lazarus reportedly paused illicit activity for months before the Bybit hack. Chainalysis data showed a sharp decline in cybercriminal activity after July 1, 2024, which experts interpreted as regrouping to identify new targets and probe infrastructure.

In the Bybit incident, attackers laundered the $1.4 billion through THORChain within 10 days. That operation demonstrates how months‑long stealth and preparation can precede large, professionally executed exploits—parallels that highlight the seriousness of the Balancer incident.

Recommendations for Balancer Users

Store crypto assets only in trusted wallets and avoid moving large sums in single transactions. Be aware that using Tornado Cash and similar mixers can draw attention from professional attackers and investigators, and consider employing multi‑layer security practices to reduce exposure to sophisticated on‑chain exploits.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Was the Balancer DEX Hack Prepared Months in Advance? appeared first on Coin Engineer.

The Bybit hack was executed by Lazarus, a North Korea-linked cybercrime group. The FBI labeled the incident as the “TraderTraitor” operation. The stolen amount surpassed all North Korea-related cyber thefts in 2024. 

Lazarus’s “Flood the Zone” Tactic Exposed 

After the attack, Lazarus rapidly laundered the stolen funds through multidirectional, high-frequency transactions. This method, called “flood the zone” by TRM Labs, aims to overwhelm exchange compliance teams and blockchain analytics firms. 

TRM Labs stated, “This tactic involves intense, simultaneous transfers designed to drown regulators and analysts. The Bybit hack clearly showed an increased use of this method.” This reveals significant security gaps in the digital asset ecosystem. 

Meanwhile, Chainalysis experts traced suspicious wallets linked to a local crypto exchange in Greece. As a result, the assets held by the exchange were frozen. This step underlines the critical role of international cooperation in fighting crypto crimes. 

A New Chapter in Global Crypto Regulation 

Greek Finance Minister Kyriakos Pierrakakis commented on the case: “Thanks to blockchain’s traceability, international cooperation can stop financial crimes.” 

This operation may inspire similar actions in countries like South Korea and the U.S. Centralized exchanges such as Bybit must strengthen security after such attacks. The rise in investments across DeFi and CeFi platforms makes this increasingly important. According to DeFiLlama, the total value locked (TVL) reached $121 billion in July 2025. 

This development highlights cybersecurity as a top priority in crypto markets. Moreover, blockchain’s transparency enables more effective combat against cybercrime. 

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bybit Hack Aftermath: Greece Freezes Crypto Assets! appeared first on Coin Engineer.

The biggest blow came on May 22, when Cetus, a decentralized exchange, was compromised. Hackers exploited a flaw in the “most significant bits” (MSB) check, manipulating liquidity parameters and creating disproportionately large positions, according to cybersecurity firm Dedaub.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

In a partial win for the ecosystem, Cetus and the Sui Network managed to freeze $157 million, representing about 71% of the stolen assets.

DeFi Platforms Remain Under Siege

The second-largest incident in May targeted the Cork Protocol, resulting in a $12 million loss. Attackers stole approximately 3,761 Wrapped Staked Ether (wstETH) and quickly converted it to ETH.

Other major breaches included:

• A suspected North Korea-linked $5.2 million hack
• An MBU token exploit worth $2.2 million
• A MapleStory Universe vulnerability that led to a $1.2 million loss

Amid growing pressure, the crypto industry is boosting its defense posture. On May 31, Cointelegraph reported that BitMEX’s security team identified operational gaps within the Lazarus Group, a state-sponsored North Korean hacker unit. The counter-operation exposed key infrastructure elements like IP addresses, databases, and tracking algorithms.

Despite the dip in May, earlier months were worse. In Q1 2025 alone, hackers stole over $1.63 billion, with Bybit’s February breach accounting for $1.53 billion — one of the most severe crypto thefts in history.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post $244M Lost To Crypto Hacks In May Despite 40% Drop In Attacks appeared first on Coin Engineer.

Why Are North Korea’s Crypto Thefts Significant? 

North Korea has been conducting cyberattacks on crypto exchanges for years. These attacks have now become one of the regime’s main sources of income. Since 2023, hackers have stolen billions of dollars in cryptocurrencies. These funds are supporting nuclear weapons and missile programs. G7 leaders will develop strategies to counter this threat. 

Moreover, North Korea’s hacker groups are targeting vulnerabilities in blockchain technology. Teams like the Lazarus Group are hitting exchanges with sophisticated methods. These attacks are undermining the credibility of the crypto market. The summit will seek solutions to these issues.

What Topics Are on the Table at the G7 Summit? 

The summit in Canada will take place in mid-June 2025. G7 leaders will closely examine North Korea’s cyber activities. Cybersecurity measures and international cooperation are among the key topics. Leaders may propose new regulations to enhance the security of crypto exchanges. According to blockchain analytics firm Chainalysis, North Korea-linked hackers carried out over $1.3 billion in hacks through 47 crypto heists in 2024. However, the summit will not focus solely on North Korea. The regulation of the global crypto market will also be discussed. 

Solutions for Global Security and the Crypto Market 

The G7 Summit could take concrete steps against North Korea’s crypto thefts. International cybersecurity agencies may strengthen their cooperation. The White House has officially claimed that North Korea uses these crypto thefts to fund destructive weapons. Additionally, crypto exchanges security protocols could be tightened. These measures will protect investors and bolster the market’s reputation. 

The G7 Summit is addressing one of the crypto world’s biggest challenges. The summit will be a significant step toward resolving this issue. 

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post G7 Summit to Address North Korea’s Crypto Thefts!  appeared first on Coin Engineer.

In a rule proposal released on May 1, the Treasury’s Financial Crimes Enforcement Network (FinCEN) urged US banks to terminate correspondent and payable-through account services for Huione.

Deputy Treasury Secretary Scott Bessent described Huione as the “marketplace of choice for malicious cyber actors,” accusing it of aiding the theft of billions from ordinary Americans.

$4B Laundered, USDH Highlighted

According to FinCEN, Huione laundered over $4 billion in illicit funds between August 2021 and January 2025, including at least $36 million from crypto “pig butchering scams” and $37 million directly linked to North Korean cyberattacks.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Its online service Haowang Guarantee has turned Huione into a one-stop crypto laundering hub, offering illegal goods and converting crypto to fiat currency.

FinCEN also flagged Huione’s stablecoin, the USDH (US dollar Huione), for its unfreezeable nature, which allegedly supports laundering operations.

Indirect US Bank Access and Regulatory Action

While Huione doesn’t hold direct accounts with US banks, FinCEN revealed it maintains accounts with foreign intermediaries that do, giving it indirect access to the US financial system.

The National Bank of Cambodia revoked Huione’s local banking license in March 2025, citing digital asset violations.

The proposed rule will undergo a 30-day public comment period before potentially being finalized.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post US Treasury Moves to Cut Off Huione Group Over Crypto Crime Ties appeared first on Coin Engineer.

The exploit occurred on April 26 when attackers manipulated Loopscale’s RateX PT token pricing. Approximately $5.7 million worth of USDC and 1,200 Solana (SOL) were drained from the protocol, accounting for about 12% of total funds.

Hope for Settlement With White Hat Hacker

After the attack, Loopscale’s team sent an onchain message to the exploiter on April 27, offering a 10% bounty and full legal immunity in exchange for 90% of the funds. On April 28, the attacker responded, showing willingness to negotiate.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

So far, 10,000 WSOL (~$1.48M) and 4,463 WSOL (~$660K) have been returned, following an earlier 5,000 WSOL (~$740K) recovery.

10% Bounty Offer Yields Results

Recoveries like this are rare in the DeFi world. But Loopscale’s communication strategy appears to have worked. Meanwhile, Term Finance — another Ethereum-based lending protocol — also recently recovered $1M out of $1.6M lost due to an oracle issue.

According to an April report from blockchain security firm PeckShield, more than $1.6 billion in crypto was stolen in Q1 2025. Of that, $1.5 billion came from a massive attack on Bybit, linked to North Korea’s Lazarus Group.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Loopscale Recovers $2.8M After DeFi Exploit and Bounty Talks appeared first on Coin Engineer.

On April 26, a hacker siphoned around $5.7 million USDC and 1,200 SOL by executing a series of undercollateralized loans, co-founder Mary Gooneratne said.

Following the attack, Loopscale announced it had re-enabled loan repayments, balance top-ups, and loop closing. However, “all other app functionalities, including Vault withdrawals, remain temporarily restricted” as investigations continue.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Gooneratne clarified that only the USDC and SOL vaults were impacted, with the losses representing about 12% of the protocol’s total value locked (TVL).

DeFi Sector Continues to Face Cyber Threats!

The Loopscale team emphasized that they are fully mobilized to investigate the incident, recover the stolen funds, and protect users.

In the first quarter of 2025, hackers stole over $1.6 billion in cryptocurrencies from exchanges and on-chain smart contracts. Over 90% of these losses were attributed to the $1.5 billion hack on the centralized exchange ByBit, reportedly orchestrated by North Korea’s Lazarus Group.

Loopscale’s Innovative Lending Model

Loopscale officially launched on April 10 after a six-month closed beta. The platform aims to boost capital efficiency by directly matching lenders and borrowers.

Unlike traditional DeFi platforms like Aave, Loopscale operates on an order book model rather than liquidity pools.

Its main USDC and SOL vaults currently offer annual percentage rates (APRs) exceeding 5% and 10%, respectively. It also supports lending markets for tokens such as JitoSOL, BONK, and looping strategies for over 40 token pairs.

Loopscale holds approximately $40 million in total value locked and has attracted over 7,000 lenders, according to researcher OurNetwork.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Solana’s DeFi Protocol Loopscale Halts Lending After $5.8M Hack appeared first on Coin Engineer.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Two of these companies are even legally registered in the U.S., adding a layer of legitimacy. During the interview, applicants receive a fake error message while trying to record a video, leading them to copy-paste a fix that actually installs malware.

Malware Targets Wallet Keys and Clipboard Data

The campaign utilizes three malware strains: BeaverTail, InvisibleFerret, and Otter Cookie. While BeaverTail is designed for initial compromise and further payload delivery, Otter Cookie and InvisibleFerret focus on extracting crypto wallet keys and clipboard contents.

Silent Push also discovered that hackers are using AI-generated images and stolen real photos to create fake employee profiles for the companies, boosting credibility. Analyst Zach Edwards noted that some images were subtly altered using AI tools to resemble the original person but appear unique.

The campaign has been active since 2024, and at least two developers were directly affected—one of whom had their MetaMask wallet compromised. The FBI has since shut down BlockNovas, but SoftGlide and other parts of the operation remain online.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post North Korean Hackers Target Crypto Devs! appeared first on Coin Engineer.

A major development has shaken the crypto investment world. Well-known on-chain investigator ZachXBT has claimed that the so-called “Hyperliquid whale,” who trades with 50x leverage on the Hyperliquid exchange, is in fact a cybercriminal gambling with stolen funds.

This whale managed to survive liquidation attempts by crypto investors and secured an impressive $9 million in net profit. ZachXBT emphasized that this whale has no connection to the North Korea-backed Lazarus Group. Earlier this year, in February 2025, ZachXBT had linked the $1.5 billion Bybit hack to that hacker collective. Now, he has followed the trail to this Hyperliquid whale.

“Crypto Twitter Is Speculating, But the Truth Is More Sinister”

ZachXBT made the following statement on X (Twitter):

“It’s funny watching CT speculate on the ‘Hyperliquid whale’ when in reality it’s just a cybercriminal gambling with stolen funds.”

Responding to a follower’s question regarding potential ties to the Lazarus Group, ZachXBT replied:

“No, there’s no connection to Lazarus.”

Some users asked ZachXBT to reveal the whale’s identity. However, he responded by saying:

“We’ll see, it’s just not enjoyable posting investigations on X/Twitter anymore.”

Failed Attempts to Liquidate the Whale

For weeks, the crypto market has speculated about who the Hyperliquid whale is and how they could be stopped. The whale had opened 40x and 50x short positions on Bitcoin (BTC) and Ethereum (ETH), drawing massive attention.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The whale notably opened a $450 million short position on BTC, which triggered a major reaction across the market. Traders attempted to counter this by aggressively buying up BTC, trying to force a liquidation. However, they ultimately failed. According to Lookonchain, the whale deposited an additional $5 million USDC to increase margin and avoid liquidation.

Aside from BTC and ETH, the whale also opened a $31 million short position on Chainlink (LINK) with 10x leverage and placed short orders on GMX.

A Major Threat in the Crypto Market: Stolen Funds and High-Leverage Trades

ZachXBT’s comments have reignited concerns about stolen funds re-entering circulation through decentralized finance (DeFi) protocols. The situation also highlights how cybercriminals exploit high-leverage trading to gamble with illicit funds, posing a significant risk to the overall market.

While the true identity of this whale remains undisclosed, the broader question for the crypto ecosystem is how to address these high-risk scenarios and prevent bad actors from destabilizing the markets.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Big Bet from ZachXBT on Whale in Hyperliquid! appeared first on Coin Engineer.

In several now-deleted posts, hackers falsely claimed that Kaito wallets had been compromised and warned users that their funds were no longer safe. However, the Kaito AI team quickly regained control of the accounts and reassured users that Kaito token wallets were unaffected by the breach.

KAITO Token Price Drops!

According to DeFi Warhol, the attackers opened short positions on KAITO tokens before spreading the false information. The goal was to trigger panic selling and cause a price crash, allowing the hackers to profit from their short positions.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The Kaito AI team addressed the incident with the following statement:

“Despite having high-standard security measures in place, we were still compromised. It seems to be similar to other recent X account hacks.”

Rising Cyber Threats in the Crypto Industry!

This incident adds to a growing list of social media hacks, social engineering scams, and cybersecurity concerns within the crypto space. In recent weeks, the Pump.fun and Jupiter DAO accounts were also compromised using similar tactics.

Additionally, Canada’s Alberta Securities Commission issued a warning about the CanCap scam, where malicious actors used fake news and fabricated endorsements from Canadian politicians to promote fraudulent crypto investments. The scammers exploited concerns over a potential trade war between Canada and the United States to lure investors.

Lazarus Group Strikes Again!

State-sponsored hacker group Lazarus has also launched a new scam. They pose as venture capitalists in Zoom meetings and claim to experience audio-visual issues. Victims are then redirected to malicious chatrooms where they are instructed to download a “patch.” This software is designed to steal private crypto keys and other sensitive data from the victim’s device.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Kaito AI and Founder Yu Hu’s X Accounts Hacked! appeared first on Coin Engineer.