ChainCatcher news, Slow Mist founder Yu Xian released a response guide regarding computer infection issues and made additions to the Chinese version of the Black Book.He pointed out that hacker organizations often use social engineering to induce users to install malware or run malicious code, such as pretending to be investors, journalists, or HR to lure users into meeting software, or disguising as Telegram and Cloudflare verification requests to get users to run malicious code.Yu Xian suggested that infected users take the following measures promptly: transfer wallet funds, change important account passwords and check for unknown device logins, use reputable antivirus software to scan for viruses, and if necessary, reset the computer and scan backup files for viruses.He emphasized that these attacks target not only Windows but also Mac and some Linux systems.

ChainCatcher news reports that on-chain detective ZachXBT revealed that during his assistance in freezing Bybit hacker funds, he became acutely aware of the serious issues regarding security vulnerabilities and hacker attacks in the crypto industry. He stated that multiple "decentralized" protocols have recently derived almost 100% of their monthly trading volume and fees from the North Korean hacker group DPRK, yet these projects refuse to take any responsibility.Moreover, centralized exchanges (CEX) are slow to respond, allowing hackers to launder money in just a few minutes, while some CEXs take hours to take action. ZachXBT also criticized the KYT (Know Your Transaction) system for its serious flaws, which are easy to circumvent, and noted that the KYC (Know Your Customer) mechanism poses more of a data leak risk for ordinary users due to account leaks and insider issues, while being nearly ineffective in preventing the flow of illegal funds.He pointed out that North Korean hackers DPRK recently successfully laundered $1.4 billion, fully exposing the compliance and security system vulnerabilities within the industry, and expressed concern that only government-mandated regulations could lead to improvements in the industry.

ChainCatcher news, according to @PeckShieldAlert monitoring, the Four.Meme hacker has stolen approximately 200 BNB (worth about $130,000) and transferred the funds to FixedFloat.

According to ChainCatcher news, SlowMist monitored that the Four.meme token was exploited by attackers who took advantage of a vulnerability before the token's release to steal liquidity.The attackers purchased a small amount of tokens before the release using the 0x7f79f6df function of Four.meme and utilized this feature to send the tokens to a PancakeSwap trading pair address that had not yet been created.This allowed the attackers to create a trading pair and add liquidity without needing to transfer the unreleased tokens, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that were in place before the Four.meme token's release.Ultimately, the attackers added liquidity at an unexpected price, successfully stealing the liquidity from the pool.

ChainCatcher news, according to on-chain detective ZachXBT's post on his personal channel, a highly credible investigation into Tornado Cash asset theft shows that on March 11, 2025, after using Tornado Cash for mixing, North Korean hackers used part of the ETH funds to purchase 437.6 billion PEPE, worth 3.1 million dollars. A more detailed analysis reveals that the North Korean hackers encountered asset theft using a compromised Tornado Cash user interface.Previous news, according to Lookonchain monitoring, three wallets made large purchases of 689.79 billion PEPE (total value of approximately 4.3 million dollars), and their funds all came from Tornado Cash.

ChainCatcher news, according to TechCrunch, Aleksej Besciokov, co-founder of the Russian cryptocurrency exchange Garantex, was arrested by local police in Varkala, Kerala, India on March 12. The exchange had previously been sanctioned by the EU and the US government.Indian police confirmed that the arrest was based on a warrant issued by the Patiala House Court in New Delhi, executed at the request of the US government. A spokesperson for the US Department of Justice, Nicole Oxman, confirmed this news to TechCrunch but declined to comment further.Last week, the US Department of Justice charged Besciokov with personally approving transactions on Garantex related to North Korean government hackers and other cybercriminals, and filed criminal charges against him for assisting in money laundering through the cryptocurrency exchange. US authorities have frozen over $26 million in cryptocurrency assets and seized Garantex's website.

ChainCatcher news, according to Decrypt, cybersecurity company Kaspersky has discovered that hackers are using copyright complaints to threaten YouTube content creators, forcing them to add the cryptocurrency mining Trojan SilentCryptoMiner in their video descriptions. This malware is based on XMRig and is used to mine cryptocurrencies such as Ethereum, Ethereum Classic, Monero, and Ravencoin, and it controls a botnet via the Bitcoin blockchain.The primary targets of the hackers are YouTubers who provide installation tutorials for the Windows Packet Divert driver. They first launch false copyright complaints against the videos, then contact the creators claiming to be the developers of the driver, demanding that they add malicious links. Currently, it is known that one YouTuber with 60,000 followers has fallen victim, leading to over 40,000 downloads of the infected files. Kaspersky estimates that at least 2,000 devices have been infected.Kaspersky security researcher Leonid Bezvershenko warned that hackers are exploiting the trust between YouTubers and their audiences, and such threats may spread to platforms like Telegram. He advises users not to trust tutorials that request disabling antivirus software and to verify the source before downloading any files to prevent infection by cryptocurrency mining Trojans.

ChainCatcher news, blockchain security company CertiK issued a warning, as its security team detected multiple suspicious transactions on the Arbitrum network. An attacker with the address 0x97d8170e04771826a31c4c9b81e9f9191a1c8613 may have exploited a vulnerability in arbitrary calls to bypass signature verification, stealing approximately $140,000 from multiple unverified exchange adapter contracts.

According to ChainCatcher's message, Bybit CEO Ben Zhou disclosed that the total amount of funds stolen by hackers is $1.4 billion (approximately 500,000 ETH), of which 77% is still traceable, 20% is untraceable, and 3% has been frozen.Specific analysis shows that 83% (417,348 ETH, approximately $1 billion) has been converted to Bitcoin, distributed across 6,954 wallets. The hackers primarily converted ETH to BTC through THORChain, accounting for about 72% (361,255 ETH). Additionally, 16% of the funds (79,655 ETH) were lost through the ExCH platform, and 8% of the funds (40,233 ETH) were transferred via OKX Web3 proxy, of which about 5% is untraceable.Currently, 11 parties have assisted in freezing the funds, with Mantle, Paraswap, and ZachXBT contributing the most, collectively paying out a bounty of 2.179 million USDT.

ChainCatcher news, according to on-chain analyst Yu Jin's monitoring, the Bybit hacker has suspended the transfer and laundering of ETH since 3 PM yesterday, so only 14,300 ETH (worth about 32.2 million USD) has been laundered in the past 24 hours. Now there are still 218,000 ETH (worth about 486.6 million USD) in the hacker's address.

ChainCatcher news, according to Cointelegraph, blockchain analysis company Elliptic has discovered that North Korean hackers involved in the Bybit hack control over 11,000 cryptocurrency wallets for money laundering.

ChainCatcher news, according to Beosin tracking, the Bybit hacker has begun transferring assets through the new cross-chain bridge platform Maya Protocol. The hacker address 0xb72334cb9d0b614d30c4c60e2bd12ff5ed03c305 completed the transfer of all assets today at 15:33, and the new address 0x2290937a4498c96effb87b8371a33d108f8d433f started transferring assets at 15:34.

ChainCatcher news, according to CoinDesk, Kaspersky has discovered that hackers are using GitHub for "GitVenom" attacks, which have been active for at least two years and are on the rise. Hackers create GitHub repositories disguised as legitimate projects, such as Telegram bots for managing Bitcoin wallets or computer game tools, but they hide malicious code within them.Attackers use Python and JavaScript code to implant Trojan viruses, which steal passwords, encrypted wallet information, and hijack Bitcoin transaction addresses after infecting victims' devices. In November 2024, a developer lost over $400,000 in Bitcoin due to this attack. GitVenom primarily affects countries such as Russia, Brazil, and Turkey, and continues to spread globally.Kaspersky advises developers to carefully review the authenticity of projects before running code, and to be wary of overly optimized README files and suspicious code commit histories.

ChainCatcher news, according to Cointelegraph, cybersecurity company Kaspersky recently released research showing that hackers are creating hundreds of fake projects on the GitHub platform to lure users into downloading malware that steals cryptocurrency and credentials. Kaspersky has named this malware activity "GitVenom."Kaspersky analyst Georgy Kucherin pointed out in a report on February 24 that these fake projects include Telegram bots for managing Bitcoin wallets and tools for automating Instagram account interactions. Hackers carefully design project documentation, possibly using AI tools to generate content, and artificially increase the number of project "commits" to make the projects appear to be actively developed.According to Kaspersky's investigation, these malicious projects can be traced back at least two years. Regardless of how the projects are presented, they contain malicious components, such as information-stealing tools that upload saved credentials, cryptocurrency wallet data, and browsing history through Telegram, as well as clipboard hijackers that replace cryptocurrency wallet addresses. In November 2023, a user lost 5 Bitcoins (approximately $442,000) as a result. Kaspersky advises users to carefully check the behavior of third-party code before downloading.

According to ChainCatcher news, monitoring by Ember has revealed that the Bybit hacker has laundered 45,900 ETH (approximately $113 million) in the past 24 hours. The hacker has now laundered a total of 135,000 ETH (approximately $335 million), accounting for nearly one-third of the total stolen funds.The hacker's address still holds 363,900 ETH (approximately $900 million), and at the current rate, it is expected to be fully laundered in the next 8 to 10 days.

ChainCatcher message, Binance responded to "hackers stealing coins through red envelopes" stating: "Based on the current investigation results and the information at hand, we initially suspect that the user's device may have had malicious plugins/software installed, which led to the user's email, Google Authenticator, Binance account, and other account information being sequentially stolen by hackers. The hackers simulated the user's common device and IP environment based on this, successfully passing the verification steps during the red envelope initiation process, ultimately resulting in the theft of funds.It should be noted that when users send red envelopes for payment on the Binance platform, they need to verify their payment PIN/fingerprint or Face ID/authenticator app/email. Therefore, the reason for the theft of the user's account assets through the red envelope function is due to the aforementioned personal information being stolen. It is strongly recommended that the user report this incident to the police. The Binance security risk control team will assist in providing all the information we have and, with the user's cooperation, further investigate their device to jointly identify the final cause. We also remind all users to remain vigilant, enhance their security awareness, and ensure they use secure and clean devices. Be cautious of the security risks to accounts and devices to protect personal asset safety.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media that the theft of 12,000 ETH last year was carried out by the Eastern European hacker group Inferno Drainer, not North Korean hackers. The money laundering methods have some overlap with North Korean hackers, making it very difficult to recover the funds.

ChainCatcher news, in response to the community's claim that some Binance user accounts were hacked and that hackers stole coins through red envelopes, Binance co-founder He Yi responded on the X platform, stating that the user's email, Binance account, and Google verification were all compromised, and the user was aware that their account had been hacked.