Wallet Breached via Social Engineering

The attack occurred on April 28, 2025, when a suspicious transaction involving 3,520 BTC was flagged by blockchain monitoring tools. Investigators later confirmed that the funds were drained from the victim’s wallet using sophisticated social engineering techniques.

Blockchain data revealed the victim had been holding more than 3,000 BTC since 2017, with no significant movements, indicating that the attacker likely spent months or even years preparing for the breach.

Funds Obscured Using Privacy Coins

Immediately after gaining control of the assets, the attacker began laundering the funds through over six instant exchange platforms, quickly fragmenting the BTC using a method known as a peel chain — where large sums are broken into smaller transfers to evade detection.

A significant portion of the stolen BTC was converted into Monero (XMR), a privacy-focused cryptocurrency known for its untraceable transactions. Following the conversion, Monero’s price surged by over 50%, briefly reaching $339.

Over 300 Wallets and 20+ Exchanges Involved

Security researchers tracking the stolen funds estimate that the laundering process involved more than 300 different wallets and over 20 exchanges or payment services. A majority of the assets were funneled through low-trust platforms and mixing services, making traceability extremely difficult.

In some cases, portions of the BTC were even bridged to Ethereum and moved into various DeFi platforms, further complicating the forensic trail. Exchanges have been alerted, and requests to freeze suspect accounts are underway.

No Links to Known Threat Actors

Despite the scale and complexity of the operation, cybersecurity experts say the laundering techniques do not match the typical signatures of well-known hacking collectives like Lazarus Group. The identity of the perpetrators remains unknown, though the use of pre-established exchange accounts and OTC desks suggests a well-orchestrated and premeditated plan.

Security Best Practices for Crypto Holders

In response to the attack, security professionals are urging crypto holders — especially those managing large Bitcoin reserves — to adopt strict protective measures. These include the use of multisignature wallets, minimizing exposure to internet-connected hot wallets, storing assets in cold hardware wallets, and regularly rotating private keys.

During the first quarter of 2025, cyberattacks on crypto platforms have led to losses exceeding $1.6 billion, with a significant portion tied to previous large-scale incidents. This case serves as yet another reminder of the critical importance of personal wallet security in the evolving threat landscape of digital finance.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post American Investor Falls Victim to $330M Bitcoin Heist appeared first on Coin Engineer.

The crypto industry was shaken on February 21 by the largest hack in history, as Bybit lost more than $1.4 billion in liquid-staked Ether (stETH), Mantle Staked ETH (mETH), and other digital assets.

According to a report by crypto analytics firm Block Scholes on April 9, Bybit has steadily recovered its share in the market:

“Since this initial decline, Bybit has steadily regained market share as it works to repair sentiment and as volumes return to the exchange,” the report noted.

Bybit’s proportional market share climbed from a post-hack low of 4% to approximately 7%, signaling a strong and stable recovery in both spot trading volume and market activity.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The report also emphasizes that the decline in volume was not solely due to the hack but was part of a larger macroeconomic de-risking trend that began even earlier.

$1.4 Billion Laundered Through THORChain

The Bybit hackers took 10 days to launder the stolen funds through the decentralized cross-chain protocol THORChain, as reported.

Despite these efforts, 89% of the hacked amount remains traceable via blockchain analytics.

North Korea’s Lazarus Group Suspected

Blockchain security firms such as Arkham Intelligence have linked the attack to North Korea’s Lazarus Group, citing ongoing fund movement patterns designed to obscure origins.

According to Chainalysis, North Korean cyber activity declined sharply after July 1, 2024, even though the first half of the year saw a surge in such exploits.

Eric Jardine, Chainalysis’ Cybercrime Research Lead, commented:

“The slowdown began after the Russia–North Korea summit, which likely shifted DPRK resources toward military involvement in Ukraine. We speculated in our report that this could also include cyber resources. Fast forward to early February—and you have the Bybit hack.”

Industry Analysts Raise Alarm on Exchange Vulnerabilities

The Bybit breach highlights the ongoing vulnerability of centralized exchanges, even those with high security standards.

Meir Dolev, CTO of Cyvers, compared the exploit to other recent attacks such as the $230 million WazirX hack and the $58 million Radiant Capital hack, underlining recurring attack vectors.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bybit Recovers 7% Market Share After $1.4B Hack appeared first on Coin Engineer.

500,000 ETH Traced and Funds Frozen

In a March 4 statement, Zhou provided an update on the movement of 500,000 ETH stolen in February’s attack and the cybercriminals’ efforts to cover their tracks.

The total funds stolen totaled $1.4 billion, about 500,000 ETH. 77% of these funds are still traceable, 20% have disappeared, and 3% have been frozen.

Zhou’s “disappeared ” means that the hackers laundered the funds, used obfuscation services and transferred them to platforms that concealed transactions. North Korea-linked hacker groups in particular are known to use these methods frequently.

So far, 42 million dollars (3% of the stolen funds) have been frozen.

Hackers Transfer Funds in Pieces

The hackers sold the stolen 417,348 ETH (about $1 billion), converted it into Bitcoin and distributed it to 6,954 different wallets. On average, each wallet holds 1.71 BTC. This fragmentation makes it difficult to track and recover assets.

Zhou emphasized that the next one to two weeks are critical. Additional funds must be frozen during this period, otherwise hackers will be able to cash out the funds via crypto exchanges, OTC platforms and P2P transactions.

Bybit Hackers Try to Retain Stolen Funds

Hackers particularly preferred decentralized exchanges such as THORChain to use the stolen funds. In addition, platforms such as ExCH and OKX Web3 Proxy were also used to move funds.

Zhou stated that $65 million worth of ETH can be recovered, but the support of the OKX Wallet team is required.

On the other hand, 11 white hat hackers were awarded a total of $2.1 million. These rewards were distributed to security researchers who helped freeze the stolen funds.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bybit CEO: 20 Percent of Stolen Fund Lost appeared first on Coin Engineer.

Infini Lost $50 Million in Exploit

Stablecoin payment firm Infini is facing allegations of losing $50 million due to an exploit carried out by a developer who retained admin rights after project delivery.

According to security firm Cyvers, the perpetrator, who worked on the Infini project for contract development, allegedly kept their admin privileges after the project was completed.

The attacker funded the wallet used in the exploit with 1 Ether from the Tornado Cash crypto mixer. They then transferred $49.52 million worth of USD Coin from Infini through a contract created in November 2024.

The USD Coin was immediately swapped for Dai, a stablecoin with no freeze function. The funds were then converted to 17,696 ETH and moved to a secondary address at the time of writing.

Infini did not halt withdrawals, and founder Christian Li stated in an X post that full compensation would be provided in a worst-case scenario. Li also mentioned that the platform had observed $500,000 in withdrawals since the theft.

In a now-deleted tweet, Infini team member “Christine” claimed that the engineer responsible for the theft had been identified and reported to the authorities.

Infini Exploit Follows the Largest Hack in History

The attack on Infini follows a record-breaking hack on cryptocurrency exchange Bybit on February 21, where $1.4 billion worth of Ether and related tokens were lost.

The large-scale attack sparked fears of potential insolvency. However, Bybit chose to keep withdrawals open and pledged to cover the loss if the funds couldn’t be recovered.

Bybit relied on loans from rival exchanges and partners to meet the immediate liquidity demands of customer withdrawals, which totaled over $5 billion, according to DefiLlama data.

On February 24, Bybit CEO Ben Zhou announced that the exchange had fully closed its Ether gap.

Onchain detective ZachXBT identified North Korea’s state-sponsored hacking group Lazarus as the prime suspect in the attack on Bybit. ZachXBT linked the Bybit hacker’s wallet to an attack on Phemex in January and to a BingX attack, both attributed to North Korea.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Infini Suffers $50 Million Attack appeared first on Coin Engineer.

According to SlowMist’s chief information security officer, a hacker from Lazarus Group created a fake LinkedIn profile under the name “Nevil Bolson” claiming to be the co-founder of Fenbushi Capital. It was determined that the profile picture used by the fraudster belonged to the real Fenbushi Capital partner Remington Ong.

It has been confirmed that the fake LinkedIn page remains active and the fraudster is soliciting discussions from software developers. Lazarus Group often conducts private conversations on LinkedIn pretending to be an investor and then tries to schedule meetings with its targets.

SlowMist warns that Lazarus Group’s strategy involves gaining the victim’s trust before adding malicious links disguised as meeting invitations or event pages that, when clicked, will lead to phishing attacks.

By comparing IP addresses and observing similarities in attack methods, the security firm determined that “Nevil Bolson” was part of the Lazarus Group.

As reported by the UN Security Council, North Korea’s state-sponsored crypto hacker groups allegedly generate significant revenue for the country, a large portion of which is allocated to the development of weapons of mass destruction.

According to Chainalytics, approximately $1.7 billion worth of funds have been stolen from the cryptocurrency space through 231 hacks.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Lazarus Group Targets DeFi via Fake Fenbushi Capital Profile on LinkedIn, Says SlowMist appeared first on Coin Engineer.

The post Atomic Wallet Offers $1 Million Reward for Bug Reports appeared first on Coin Engineer.