ChainCatcher message, researchers from the security company ThreatFabric stated that a new type of malware, Crocodilus, can steal Android users' wallet recovery phrases. This malware spreads through proprietary drivers and bypasses the security protections of Android 13 (and higher), and installing the malware does not trigger Play Protect.The malware overlays a fake warning on the screen, urging users to "back up the wallet recovery phrase in settings within 12 hours," or they may risk losing access to their wallet.

ChainCatcher news, MIM Spell posted on platform X stating that a vulnerability previously allowed hackers to steal 13 million dollars, and within 36 hours, Abracadabra has repurchased 6.5 million dollars of MIM and covered 50% of the hacker attack losses, with zero loss of user funds.Abracadabra will not back down and is currently expanding through platforms like Berachain to rebuild the system.

ChainCatcher message, according to reports from Wu, monitored by Etherscan, the Infini Team sent an on-chain message to Infini Exploiter 2: 0xfc...6e49, attaching court litigation documents via a link. The specific content is as follows:The plaintiff is Chou Christian-Long, the CEO of BP SG Investment Holding Limited, a Hong Kong registered company wholly owned by Infini Labs. The first defendant is Chen Shanxuan, who works remotely in Foshan, Guangdong, and the identities of the second to fourth defendants are temporarily unconfirmed.The plaintiff, along with BP Singapore, developed a smart contract for managing company and client funds, led by the first defendant. The contract was originally set up with multi-signature permissions to strictly control any fund transfers.When the contract went live on the mainnet, the first defendant allegedly retained "super admin" privileges but falsely claimed to other team members that he had "transferred" or "removed" that privilege.In late February 2025, the plaintiff discovered that approximately 49,516,662.977 USDC worth of crypto assets had been transferred to several unknown wallet addresses (controlled by the second to fourth defendants) without multi-signature approval.Fearing that the defendants or unidentified individuals would further transfer or launder the assets, the plaintiff applied to the court for:A "restraining order" against the first defendant and related unidentified individuals to restrict their transfer or disposal of the stolen assets;An order for the defendants or those actually controlling the relevant wallets to self-disclose their identities;Issuance of various mandatory orders prohibiting the disposal of assets to the first defendant and other unknown wallet holders;A request for the other party to disclose transaction and asset information;Permission for the plaintiff to "serve extraterritorially" (i.e., serve legal documents to foreign defendants) and alternative methods of service.In the body of one affidavit, the plaintiff stated: I recently learned that the first defendant has a serious gambling habit, which may have led him to incur substantial debts. I believe this prompted him to steal the assets involved in the case to alleviate his debts. The plaintiff also submitted screenshots of relevant message records to prove that the first defendant "may be in substantial debt."According to the affidavit, the first defendant borrowed funds from various sources in a relatively short period, even allegedly contacting "underground banks" or so-called "loan sharks," leading to pressure from high interest rates and debt collection calls.Exhibit "CCL-17" mentions that he sought help from others in a chat, stating that he was burdened with "interest from several lenders" and continuously asked if he could borrow more money to get through the difficulties or requested the other party to help introduce new funding sources.Shortly before the incident, the first defendant had revealed in work groups or private conversations with colleagues/friends that his financial situation was "very tight," even expressing anxiety that "if I can't get money again, something will happen."These statements almost coincide with the timing of the unauthorized transfer of the company's crypto assets, thereby reinforcing the plaintiff's judgment regarding the first defendant's "motive": possibly taking risks due to pressure from substantial debt.According to the plaintiff's statement, the first defendant repeatedly avoided or only gave vague answers when asked about personal finances or gambling issues, being unclear about how much debt he actually had or whether he was still gambling.The affidavit states that the first defendant pretended that "there was no big problem" from the end of October until the incident occurred, but the content he discussed in chat software with others was clearly contradictory to this.

According to ChainCatcher news, SlowMist monitored that the Four.meme token was exploited by attackers who took advantage of a vulnerability before the token's release to steal liquidity.The attackers purchased a small amount of tokens before the release using the 0x7f79f6df function of Four.meme and utilized this feature to send the tokens to a PancakeSwap trading pair address that had not yet been created.This allowed the attackers to create a trading pair and add liquidity without needing to transfer the unreleased tokens, bypassing the transfer restrictions (MODE_TRANSFER_RESTRICTED) that were in place before the Four.meme token's release.Ultimately, the attackers added liquidity at an unexpected price, successfully stealing the liquidity from the pool.

ChainCatcher news, according to Cointelegraph, CyberArk has discovered a new type of cryptocurrency hijacking malware called MassJacker that targets users of pirated software by hijacking cryptocurrency transactions through replacing addresses stored in the clipboard. Users may unknowingly infect their devices when downloading pirated software.CyberArk found that there are 778,531 unique wallets associated with this theft, with 423 wallets having previously held cryptocurrency assets.

ChainCatcher news, according to British media Sky News, British police and prosecutors have stated that an official from the National Crime Agency (NCA) has been charged with stealing nearly £60,000 worth of Bitcoin during an investigation into organized cybercrime.A spokesperson for Merseyside Police stated that 42-year-old Paul Chowles has been charged with 15 offenses related to the alleged theft of 50 Bitcoins in 2017. Eight years ago, the value of these cryptocurrencies was nearly £60,000, while their current value exceeds £3 million. Chowles is scheduled to appear at Liverpool Magistrates' Court next month.

ChainCatcher news, according to Decrypt, the Socket research team has discovered in a new attack that the North Korean hacker group Lazarus is associated with six new malicious npm packages that attempt to deploy backdoors to steal user credentials.Additionally, this malware can extract cryptocurrency data and steal sensitive information from Solana and Exodus crypto wallets. The attacks primarily target files from Google Chrome, Brave, and Firefox browsers, as well as keychain data on macOS, specifically tricking developers into inadvertently installing these malicious packages.The six discovered malicious packages include: is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator. They lure developers into installation through "typosquatting" (exploiting misspelled names). The APT group has created and maintained GitHub repositories for five of these packages, disguising them as legitimate open-source projects, increasing the risk of developers using the malicious code. These packages have been downloaded over 330 times. Currently, the Socket team has requested the removal of these packages and reported the related GitHub repositories and user accounts.Lazarus is a notorious North Korean hacker group, linked to the recent $1.4 billion Bybit hack, the $41 million Stake hack, the $27 million CoinEx hack, and countless other attacks in the crypto industry.

ChainCatcher news, according to the Singapore Business Times, a 20-year-old Singaporean, Malone Lam, has been arrested for allegedly participating in one of the largest cryptocurrency thefts in U.S. history. He reportedly spent up to $500,000 (approximately 665,000 SGD) in a nightclub in one night and was seen gifting Hermes Birkin bags to models and influencers at a lavish party. The U.S. Department of Justice stated that Lam was arrested in September 2024 along with his 21-year-old American accomplice, Jeandiel Serrano, and they are charged with "conspiring to steal and launder over $230 million (approximately 306 million SGD) in cryptocurrency." At current prices, the stolen 4,100 bitcoins are worth over $450 million.As of October last year, approximately $70 million has been recovered or frozen at various exchanges. Court documents reveal that "even considering the millions spent by Serrano and accomplices on cars and jewelry, over $100 million remains unaccounted for." If convicted of stealing over 4,100 bitcoins, Lam faces a maximum of 20 years in prison and a fine of up to $250,000 or twice the amount he profited from the fraud. Lam's trial date is set for October 6.

ChainCatcher news, according to CoinDesk, Kaspersky has discovered that hackers are using GitHub for "GitVenom" attacks, which have been active for at least two years and are on the rise. Hackers create GitHub repositories disguised as legitimate projects, such as Telegram bots for managing Bitcoin wallets or computer game tools, but they hide malicious code within them.Attackers use Python and JavaScript code to implant Trojan viruses, which steal passwords, encrypted wallet information, and hijack Bitcoin transaction addresses after infecting victims' devices. In November 2024, a developer lost over $400,000 in Bitcoin due to this attack. GitVenom primarily affects countries such as Russia, Brazil, and Turkey, and continues to spread globally.Kaspersky advises developers to carefully review the authenticity of projects before running code, and to be wary of overly optimized README files and suspicious code commit histories.

ChainCatcher news, according to Cointelegraph, cybersecurity company Kaspersky recently released research showing that hackers are creating hundreds of fake projects on the GitHub platform to lure users into downloading malware that steals cryptocurrency and credentials. Kaspersky has named this malware activity "GitVenom."Kaspersky analyst Georgy Kucherin pointed out in a report on February 24 that these fake projects include Telegram bots for managing Bitcoin wallets and tools for automating Instagram account interactions. Hackers carefully design project documentation, possibly using AI tools to generate content, and artificially increase the number of project "commits" to make the projects appear to be actively developed.According to Kaspersky's investigation, these malicious projects can be traced back at least two years. Regardless of how the projects are presented, they contain malicious components, such as information-stealing tools that upload saved credentials, cryptocurrency wallet data, and browsing history through Telegram, as well as clipboard hijackers that replace cryptocurrency wallet addresses. In November 2023, a user lost 5 Bitcoins (approximately $442,000) as a result. Kaspersky advises users to carefully check the behavior of third-party code before downloading.

ChainCatcher message, Binance responded to "hackers stealing coins through red envelopes" stating: "Based on the current investigation results and the information at hand, we initially suspect that the user's device may have had malicious plugins/software installed, which led to the user's email, Google Authenticator, Binance account, and other account information being sequentially stolen by hackers. The hackers simulated the user's common device and IP environment based on this, successfully passing the verification steps during the red envelope initiation process, ultimately resulting in the theft of funds.It should be noted that when users send red envelopes for payment on the Binance platform, they need to verify their payment PIN/fingerprint or Face ID/authenticator app/email. Therefore, the reason for the theft of the user's account assets through the red envelope function is due to the aforementioned personal information being stolen. It is strongly recommended that the user report this incident to the police. The Binance security risk control team will assist in providing all the information we have and, with the user's cooperation, further investigate their device to jointly identify the final cause. We also remind all users to remain vigilant, enhance their security awareness, and ensure they use secure and clean devices. Be cautious of the security risks to accounts and devices to protect personal asset safety.

ChainCatcher news, in response to the community's claim that some Binance user accounts were hacked and that hackers stole coins through red envelopes, Binance co-founder He Yi responded on the X platform, stating that the user's email, Binance account, and Google verification were all compromised, and the user was aware that their account had been hacked.

ChainCatcher news, according to Protos, developer "Calle" warned of vulnerabilities in the Lightning Network, indicating that nodes running versions lower than LND 0.18.5 or LITD 0.14.1 have security risks. This vulnerability allows hackers to remotely manipulate the payment status of Lightning invoices, thereby stealing funds.Pavol Rusnak, co-founder of Satoshi Labs, also issued a similar warning, urging Lightning Network users to update their node software as soon as possible. The vulnerabilities have been fixed in LND 0.18.5 and LITD 0.14.1, but since LND 0.18.5 was only released last week, many nodes have yet to update and remain at risk.

ChainCatcher message, Slow Mist founder Yu Xian posted on the X platform stating that someone is impersonating Slow Mist employees to scam, poison, and steal coins, reminding users to be cautious.Yu Xian added that he has gathered enough information about the relevant individuals, including another active X account, and advised them to return the stolen funds.

ChainCatcher news, according to a report by tokenpost citing CryptoPotato, the U.S. Department of Justice has charged 22-year-old Canadian hacker Andean Medjedovic with five counts on February 3 local time, including telecommunications fraud, unauthorized damage to protected computers, extortion, and money laundering.Prosecutors claim that Medjedovic hacked into two DeFi protocols, Indexed Finance and KyberSwap, between 2021 and 2023, stealing approximately $65 million in cryptocurrency by manipulating smart contracts.The suspect argued that exploiting vulnerabilities in smart contracts was legal under the principle of "code is law," but this was dismissed by U.S. prosecutors. If convicted, he faces a maximum sentence of 20 years in prison.