Typosquatting in crypto, explained: How hackers exploit small mistakes
What is typosquatting in crypto? Typosquatting in crypto involves registering domain names that mimic popular platforms with slight misspellings to deceive users into revealing sensitive information.In the rapidly evolving digital landscape, cryptocurrencies have become a significant form of currency, enabling decentralized and borderless financial transactions.Along with its growing popularity, however, new cyber threats have emerged. One such threat is typosquatting, a deceptive practice where cybercriminals register domain names that closely resemble those of legitimate cryptocurrency platforms. By exploiting common typing errors, attackers aim to mislead users into visiting fraudulent sites, leading to potential financial losses and security breaches.For instance, a user intending to visit “coinbase.com” might accidentally type “coinbsae.com,” landing on a malicious site designed to mimic the original. These counterfeit platforms often prompt users to input sensitive information, such as private keys or recovery phrases, or to download malware disguised as legitimate software. Consequently, unsuspecting users may inadvertently expose their digital assets to theft or compromise their personal data.The “typo” in typosquatting highlights its reliance on common keyboard mistakes. This deceptive practice is also referred to as domain mimicry, URL hijacking or the creation of sting sites.The pseudonymous nature of blockchain transactions further complicates the recovery of stolen funds, making typosquatting a particularly insidious threat in the crypto industry. In June 2019, six individuals were arrested in the United Kingdom and Netherlands after a 14-month investigation into a 24-million-euro cryptocurrency theft. The theft, which targeted Bitcoin wallets, involved typosquatting, where cybercriminals created fake cryptocurrency exchange sites to steal login details. Over 4,000 victims across 12 countries were affected. Europol and national authorities coordinated the operation, leading to arrests in both countries.To safeguard against such schemes, it is imperative for users to exercise caution, double-check URLs, and utilize security features like bookmarks for frequently visited sites. Developers and service providers should also proactively monitor for and address potential typosquatting domains to protect their user base. Mechanics of typosquatting in crypto Attackers exploit typosquatting in crypto by registering deceptive domains, creating fake websites and using phishing tactics to steal credentials, redirect funds or install malware.Let’s understand these tactics in a bit more detail:Domain registration: Cybercriminals meticulously register domains that are slight variations of popular cryptocurrency platforms or services. For instance, they might replace a letter or add a character to a well-known domain name, such as registering “bitcoiin.com” instead of “bitcoin.com.” This subtle alteration preys on users who make typographical errors when entering web addresses. A study uncovered a scam where attackers exploited Blockchain Naming Systems (BNS) domain names similar to well-known entities, resulting in significant financial losses. Phishing and malware distribution: Scammers have found ways to exploit tiny typos to trick people into redirecting crypto payments to wallets held by bad actors. Attackers can deploy phishing tactics to steal credentials, install malware on users’ devices, or trick users into approving fraudulent transactions. Malware can further compromise the user’s device, leading to additional security breaches.Deceptive websites: These domains host websites that closely mimic the original platforms, often replicating the user interface and design. Unsuspecting users who land on these fake sites may be prompted to input sensitive information like private keys, recovery phrases or login credentials. This information can then be exploited by attackers to gain unauthorized access to user accounts or wallets.Did you know? Researchers analyzing 4.9 million BNS names and 200 million transactions discovered that typosquatters are actively exploiting these systems, with user funds being sent to fraudulent addresses due to simple typos. Common typosquatting targets in crypto Typosquatting primarily targets wallets, tokens, and websites within the cryptocurrency ecosystem.Wallets: Attackers create wallet addresses or domains that closely resemble those of legitimate wallets. Users intending to send funds may inadvertently transfer assets to these fraudulent addresses, resulting in financial loss. For example, a legitimate Ethereum wallet address might be “0xAbCdEf1234567890…” and a fraudulent address might be “0xAbCdEf1234567891…” with only a single digit changed. Tokens: Fake token names are registered to mislead users into sending funds to fraudulent addresses. Scammers develop counterfeit tokens with names or symbols nearly identical to legitimate ones. Unsuspecting investors might purchase these fake tokens, believing them to be genuine, leading to potential financial losses. For example, a legitimate token might be Uniswap (UNI), whereas a fraudulent token might be “Unisswap” or “UniSwap Classic.”Websites: Users are vulnerable to phishing attacks through websites that closely mimic legitimate cryptocurrency platforms. These fraudulent sites, with near-identical domain names, are used to steal credentials and distribute malware, resulting in significant security risks. For example, a phishing domain might be “myetherwallett.com” (two “t”s in “wallet”) instead of the correct “myetherwallet.com.” How typosquatting affects crypto developers and users Typosquatting in crypto leads to reputational and financial damage for developers, as well as financial loss, data theft and malware infection for users.Impact on cryptocurrency developersDevelopers of cryptocurrency projects face several challenges due to typosquatting:Reputational damage: Malicious actors registering domains similar to legitimate cryptocurrency services can mislead users, causing them to interact with fraudulent platforms. This misdirection can result in users associating negative experiences with the original service, thereby damaging its reputation.Financial harm: Attackers may exploit typosquatting to siphon funds intended for legitimate services. This diversion not only impacts users but can also disrupt the developer’s revenue streams, hindering project development and growth. The scale of these financial losses can be substantial, as demonstrated by instances where typosquatting scams have resulted in millions of dollars in stolen funds.Did you know? The SEC alleges that operators of fake crypto exchanges NanoBit and CoinW6 stole $3.2 million after building trust with investors on social media, resulting in legal action against eight parties.Impact on cryptocurrency usersUsers are particularly vulnerable to the tactics employed by typosquatters:Financial losses: Users who inadvertently interact with fraudulent sites due to typographical errors may suffer direct financial losses. Attackers exploiting typos in BNS have deceived users into sending cryptocurrency to attackers instead of intended recipients, resulting in significant financial harm. Theft of sensitive information: Fake websites designed to resemble legitimate cryptocurrency platforms can trick users into divulging sensitive information, such as private keys. This information can then be used by attackers to access and steal funds from users’ wallets. The loss of such information compromises user security and can lead to significant financial repercussions.Malware infections: In addition to phishing, typosquatting sites can serve as vectors for malware distribution. Users who visit these sites risk infecting their devices with malicious software, which can lead to a range of security breaches. This can include unauthorized access to personal data, further financial losses and the potential for the malware to propagate to other systems. Consequently, users may inadvertently become participants in broader cyberattacks. Cybersquatting vs. typosquatting in crypto Both cybersquatting and typosquatting involve deceptive domain registrations, but they differ in intent and execution.Cybercriminals register domains resembling well-known crypto projects or exchanges, often demanding a ransom for the domain or using it to mislead users. This practice is called cybersquatting.For example, someone registers EthereumExchange.com before Ethereum launches its official exchange, hoping to sell it later for profit.In the case of typosquatting, attackers create domains with minor spelling variations of legitimate crypto platforms to trick users into visiting fake sites, stealing credentials or deploying malware.For example, a scammer registers Binannce.com (double “n”) to mimic Binance and steal user logins.Below is a quick summary of how cybersquatting is different from typosquatting: Legal implications of typosquatting in the crypto industry Typosquatting in the cryptocurrency sector not only poses security risks but also presents significant legal challenges.These include:Intellectual infringements vs. intent: It’s not always a clear-cut case of trademark infringement. Courts often grapple with proving “intent to deceive.” Did the typosquatter deliberately try to mislead users, or was it a “harmless” mistake? In crypto, where anonymity is prized, proving malicious intent can be like chasing ghosts.Jurisdictional headaches: Crypto’s borderless nature clashes spectacularly with traditional legal frameworks. When a scammer in one country typosquats a domain targeting users in a dozen others, where do you even start? What laws apply? This creates a complex web of international legal challenges, making enforcement a real nightmare.The evolving definition of “consumer harm”: Traditional consumer protection laws are struggling to keep up with the unique risks of crypto. Losing your private keys due to a typosquatting scam isn’t quite the same as buying a faulty product. Courts are having to redefine what constitutes “consumer harm” in this digital age, which opens up new legal gray areas.Domain name disputes and UDRP: The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is often used to resolve domain name disputes. However, its effectiveness in the crypto world is debatable. Crypto projects might not always have formal trademarks, which are often required for a successful UDRP claim. This leaves some projects particularly vulnerable.Smart contract exploits: In some cases, typosquatting could be used to direct people to smart contracts that have been designed to steal funds. This adds another layer of complexity, as the code itself could be considered a tool for fraud. This raises the question of whether smart contracts can be considered legal documents and if they can be used in court as evidence.Criminal liability and money laundering: Beyond civil suits, typosquatting can also lead to criminal charges, especially when coupled with money laundering. If scammers use these fake sites to funnel stolen crypto, they’re stepping into serious legal territory. Law enforcement is increasingly tracking these digital trails, and the penalties can be severe. How to detect and prevent typosquatting in cryptocurrency markets To combat typosquatting in cryptocurrency, developers and users must proactively monitor domains, secure similar names, educate users, implement security features, and collaborate with authorities.To mitigate the risks associated with typosquatting, cryptocurrency developers and users can adopt the following measures:Domain monitoring: Regularly monitor domain registrations that resemble your brand or service to identify potential typosquatting attempts. This proactive approach allows for timely action to address unauthorized domains. Secure similar domains: Register common misspellings or variations of your domain name to prevent malicious actors from exploiting them. Owning these variations can redirect legitimate traffic to your official site and prevent fraudulent sites from gaining traction. User education: Empower users to become “digital detectives.” Inform them about the risks of typosquatting and encourage vigilance when entering URLs or interacting with cryptocurrency platforms. Providing clear guidelines on recognizing official websites and avoiding phishing attempts can empower users to protect themselves. Implement security features: Boost user trust and deter typosquatting by utilizing Secure Sockets Layer (SSL) certificates, showcasing trust seals, and ensuring URL accuracy. A secure site protected by SSL minimizes the risk of attacks and encourages user interaction.Collaborate with authorities: Work with domain registrars, law enforcement and regulatory bodies to address and prevent typosquatting incidents. Collaboration can lead to the removal of fraudulent domains and the prosecution of offenders, enhancing the overall security of the cryptocurrency ecosystem. How to report typosquatting-related crypto crime To report typosquatting-related crypto crime globally, start by reporting to the domain registrar, seek legal counsel for complex cases, inform crypto platforms of fraudulent transfers, and document transactions via blockchain explorers. In the US, UK and Australia, report to specific national cybercrime and intellectual property agencies.Regardless of the specific country, certain steps should be taken when reporting typosquatting in the cryptocurrency space. First, it is crucial to report the fraudulent domain to the registrar where it was registered. Most registrars have clear procedures for handling abuse reports. Second, for complex or international cases, seeking legal counsel specializing in cybercrime and intellectual property law is advisable. Third, if the typosquatting resulted in funds being sent to a fraudulent wallet, the relevant cryptocurrency exchange or wallet provider should be informed. Finally, utilizing blockchain explorers to document transactions to fraudulent addresses can provide valuable evidence.Here’s a breakdown of how to report typosquatting-related crypto crime in US, UK and Australia:United States: Report general cybercrime to the Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. For trademark issues, contact the United States Patent and Trademark Office (USPTO). Domain name disputes can be addressed through ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP).United Kingdom: Report general fraud to Action Fraud, the national reporting center. For trademark infringements, report to the UK Intellectual Property Office (IPO). Domain name disputes are handled through ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP).Australia: Report cyber incidents to the Australian Cyber Security Centre (ACSC) and cybercrimes via ReportCyber. Domain name disputes can be addressed through ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP).Typosquatting remains a pervasive threat in the cryptocurrency industry, necessitating vigilance from both developers and users. By understanding its mechanics and implementing preventive strategies, stakeholders can mitigate risks and foster a securer digital currency ecosystem.
Stop pretending technical and human vulnerabilities are separate things
Opinion by: Andrey Sergeenkov, researcher, analyst and writerCrypto founders love big promises: decentralized finance, banking the unbanked and freedom from intermediaries. Then hacks happen. In some cases, billions vanish overnight. On Feb. 21, 2025, the North Korean Lazarus Group stole $1.46 billion from Bybit. They sent phishing emails to staff with cold wallet access. After compromising these accounts, they accessed Bybit’s interface and replaced the multisignature wallet contract with their malicious version. When Bybit attempted a routine transfer, the hackers redirected 499,000 Ether (ETH) to addresses they controlled.This wasn’t just a human error. This was a design failure. A system that allows human factors to enable a billion-dollar theft isn’t innovative — it’s irresponsible.People are not protectedIn just 10 days, the hackers converted all 499,000 ETH into untraceable funds, using THORChain as their primary channel. The decentralized exchange processed a record $4.66 billion in swaps in a week but implemented no safeguards against suspicious activity.The crypto industry has created a system that cannot protect users even after they discover a theft. Some services actually profited from this crime, collecting millions in fees while processing the laundering of stolen funds.Recent: SafeWallet releases Bybit hack post-mortem reportIn February 2025, investigators ZachXBT and Tanuki42 revealed that Coinbase users lost over $300 million annually to social engineering attacks. Their report showed $65 million stolen through phishing and other social manipulation techniques in December 2024 and January 2025. According to the investigators, Coinbase failed to address known security vulnerabilities in their API keys and verification systems that make these human-targeted attacks successful. ZachXBT directly criticized the exchange for having “useless customer support agents” and failing to properly report theft addresses to blockchain monitoring tools, making stolen funds harder to track. One scammer even admitted to targeting wealthy users, claiming they make at least five figures a week.These aren’t isolated cases. The US Federal Bureau of Investigation reported that ordinary crypto users lost over $5.6 billion to fraud in 2023, and social engineering drove at least half of these schemes. Americans alone lose approximately $2 billion–$3 billion annually to human vulnerability attacks. With over 600 million crypto users worldwide, conservative estimates put individual losses from social engineering at $6 billion–$15 billion in 2024. Barrier to adoptionSecurity concerns are now recognized as the main barrier to adoption by 37% of crypto users worldwide. Meanwhile, the industry continues to promote high-risk speculative assets like memecoins, where average users typically lose money while insiders profit.While founders pitch financial freedom, millions of real people lose their savings through vulnerabilities the industry refuses to address. They’re symptoms of a fundamental problem: Crypto builders choose marketing over security.When disasters happen, and they face pressure about security failures, crypto leaders hide behind blockchain’s “code is law” principle and offer philosophical arguments about self-sovereignty and personal responsibility. The crypto industry loves to blame ordinary users: “Don’t store keys online,” “Check addresses before sending,” “Never open suspicious files.”Nobody is safeEven industry leaders themselves fall victim to the same basic attacks. In January 2024, Ripple co-founder Chris Larsen lost 283 million XRP (XRP) due to storing private keys in an online password manager. DeFiance Capital founder Arthur_0x lost $1.6 million in non-fungible tokens (NFTs) and cryptocurrency simply by opening a phishing PDF file. These people aren’t naive beginners — they’re creators and experts of the very system that could not protect even them. They know all the security rules, but the human factor is inevitable. If even the system architects lose millions, what chance do ordinary users have?Knowledge of security rules doesn’t provide complete protection because fever, stress, sleep deprivation or emotional distress severely affect our decision-making abilities. Attackers continuously test different approaches, waiting for moments when users become vulnerable. They evolve their tactics constantly, creating increasingly convincing scenarios, impersonations and urgent situations. The unchangeable nature of blockchain transactions demands extraordinary safeguards — not fewer. If users can’t reverse mistakes or thefts, the system must prevent them in the first place. True innovation means building systems that work for real humans, not theoretically perfect users. Banks learned this lesson over centuries. Crypto builders must learn it faster.Instead, industry leaders seem to have lost touch with reality due to the extreme wealth dumped on them quickly. They’ve bought into their PR narrative, portraying them as geniuses, and started viewing themselves as visionaries.A call to actionVitalik Buterin lectures his audience on voting in elections and polishes his manifesto, while Justin Sun spends $6.2 million on a banana for a “unique artistic experience” — all while building an environment that makes dangerous mistakes easy to make. This approach is fundamentally dishonest. You can’t claim to revolutionize finance while providing less security than the systems you’re replacing.What technical brilliance exists in systems that permit billion-dollar thefts and systematic fraud of ordinary users with such ease? As a core function, true technical excellence would include protecting users from permanent financial loss. A financial system that cannot secure its users’ assets is not technically advanced — it’s fundamentally incomplete.It’s time to stop writing manifestos and promoting questionable PR stunts designed to attract a broader and more vulnerable audience. Start building genuine protections that match the level of risk your users face. No amount of blockchain innovation matters if ordinary people cannot use these systems without fear of instant, permanent financial loss.Anything less is just reckless experimentation at users’ expense disguised as a revolution — a scheme that enriches founders and insiders while ordinary people bear all the risks.If the industry doesn’t solve this problem, regulators will — and you won’t like their solutions. Your philosophical arguments about self-sovereignty won’t matter when licenses are revoked and operations shut down.This is the choice crypto builders face: Either create truly secure systems that justify your claims about financial innovation or watch as regulators transform your “revolutionary technology” into another heavily regulated financial service. The clock is ticking.Opinion by: Andrey Sergeenkov, researcher, analyst and writer.This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Japan to classify cryptocurrencies as financial products: Report
Japan is making moves to classify cryptocurrencies as financial products, according to a report by Nikkei. The country’s finance regulator, the Financial Services Agency (FSA), is planning to submit a bill to parliament to revise the Financial Instruments and Exchange Act as early as next year.
This change would see cryptocurrencies fall under the same laws as other financial products, such as stocks, which prohibit insider trading. However, cryptocurrencies would likely be put in a separate category from securities like stocks and bonds.
If the changes are implemented, companies offering crypto would have to register with the FSA. The regulator plans to enforce these rules regardless of whether a company operates in Japan, but it is unclear how they would be enforced against overseas entities.
There are still details to be finalized, such as which cryptocurrencies would be regulated and how distinctions would be made between widely traded assets like Bitcoin and Ether, and more speculative and high-risk tokens like memecoins.
This move comes as Japan’s regulators and government have been making pro-crypto moves. Earlier this month, the country issued its first license allowing a company to deal with stablecoins, and the ruling Liberal Democracy Party is working on reforms to slash the capital gains tax on crypto and categorize digital assets as a distinct asset class.
In February, reports surfaced that the FSA was considering lifting a ban on crypto-based exchange-traded funds (ETFs) to align with the policy position of Hong Kong, which approved crypto ETFs for trading in April 2024.
Japan’s finance laws are likely to see significant changes in the coming years as the country continues to embrace and regulate the crypto industry. This could have a major impact on the global crypto market, as Japan is one of the world’s largest economies and a major player in the financial sector.
Stay updated on the latest developments in the crypto industry by subscribing to our Crypto Biz Newsletter. Don’t miss out on important news and insights from Asia and beyond.
South Korean crypto exchange users hit 16M in ‘saturation point’
Crypto exchange users in South Korea have crossed over 16 million after receiving a boost following US President Donald Trump’s election win last November. Data submitted to representative Cha Gyu-geun of the minor opposition Rebuilding Korea Party found over 16 million people had crypto exchange accounts out of a total population of 51.7 million, according to a March 30 report from local news agency Yonhap. This would be equivalent to over 30% of the population. All the data was taken from the top five domestic virtual exchanges in South Korea: Upbit, Bithumb, Coinone, Korbit and Gopax. Individuals with multiple accounts were only counted once.Industry officials are reportedly speculating the number of crypto users could hit 20 million by the end of the year, with one unnamed official being cited by Yonhap saying: “Some believe the crypto market has reached a saturation point, but there is still an endless possibility for growth compared with the matured stock market.” Following Trump’s election win last November, the number of crypto users spiked by over 600,000 to 15.6 million, collectively holding 102.6 trillion South Korean won ($70.3 billion) in crypto assets.Investors in South Korea’s crypto market had 102.6 trillion South Korean Won ($70.3 billion) in crypto assets as of last December. Source: Yonhap NewsThe number of crypto investors exceeded 14 million in March 2024, according to Yonhap.Meanwhile, Korea’s Securities Depository shows only 14.1 million listed individual investors in the stock market as of December last year, according to the South Korean financial publication the Maeil Business Newspaper. Related: South Korea inches closer to Bitcoin ETF decision, looks to Japan as exampleSouth Korean public officials have also reported holding and investing in crypto. The country’s Ethics Commission for Government Officials disclosed on March 27 that 20% of surveyed public officials hold 14.4 billion won ($9.8 million) in crypto, representing 411 of the 2,047 officials subjected to the country’s disclosure requirements to hold crypto assets. The highest amount disclosed was 1.76 billion won ($1.2 million) belonging to Seoul City Councilor Kim Hye-young. Meanwhile, on March 26, the Financial Intelligence Unit of the South Korean Financial Services Commission published a list of 22 unregistered platforms and 17 that were blocked from the Google Play store. Magazine: Crypto fans are obsessed with longevity and biohacking: Here’s why
California introduces ’Bitcoin rights’ in amended digital assets bill
A Californian lawmaker has just added Bitcoin and crypto investor protections to a February-introduced money transmission bill aimed at securing crypto self-custody rights for the US state’s nearly 40 million residents.California’s Assembly Bill 1052 was introduced as the Money Transmission Act on Feb. 20, 2025, but was amended by Democrat and Banking and Finance Committee chair Avelino Valencia on March 28 to include several Bitcoin (BTC) and crypto-related investor protections. The amendments cross out “Money Transmission Act,” with the legislation now called “Digital assets.”“California often sets the national blueprint for policy, and if Bitcoin Rights passes here, it can pass anywhere,” Satoshi Action Fund CEO Dennis Porter said in a March 30 statement.“Once passed, this legislation will guarantee nearly 40 million Californians the right to self-custody their digital assets without fear of discrimination.”Source: Satoshi Action FundThe bill would also deem the use of a digital financial asset as a valid and legal form of payment in private transactions and would prohibit public entities from restricting or taxing digital assets solely based on their use as payment.The bill would also expand the scope of California’s Political Reform Act of 1974 to prohibit a public official from issuing, sponsoring or promoting a digital asset, security or commodity.“A public official shall not engage in any transaction or conduct related to a digital asset that creates a conflict of interest with their public duties,” one section of the AB 1052 states.AB 1052 is now in the “desk process” — meaning the bill has been formally introduced and is awaiting its first reading.A total of 99 merchants currently accept Bitcoin payments in California, BTC Maps data shows.Ripple Labs, Solana Labs and Kraken are among the largest crypto firms based in California.Related: New BITCOIN Act would allow US reserve to exceed 1MA stablecoin-related bill was also introduced in California on Feb. 2, 2025, which aims to provide more clarity over stablecoin collateral requirements, liquidation processes, redemption and settlement mechanisms requirements and security audits.Bitcoin-related bills and measures near 100 at the US state levelAccording to Bitcoin Law, 95 Bitcoin-related bills or measures have been introduced at the state level in 35 states, including 36 Bitcoin reserve bills that are still live.The Texas Senate passed a Bitcoin strategic reserve bill in a 25-5 vote on March 6, while Kentucky Governor Andy Beshear signed a Bitcoin Rights bill into law on March 24.Earlier this month, US President Donald Trump signed an executive order to create a Strategic Bitcoin Reserve and a Digital Asset Stockpile, both of which will initially use cryptocurrency forfeited in government criminal cases.Magazine: Bitcoin payments are being undermined by centralized stablecoins
Android malware ‘Crocodilus’ can take over phones to steal crypto
Cybersecurity firm Threat Fabric says it has found a new family of mobile-device malware that can launch a fake overlay for certain apps to trick Android users into providing their crypto seed phrases as it takes over the device. Threat Fabric analysts said in a March 28 report that the Crocodilus malware uses a screen overlay warning users to back up their crypto wallet key by a specific deadline or risk losing access.“Once a victim provides a password from the application, the overlay will display a message: Back up your wallet key in the settings within 12 hours. Otherwise, the app will be reset, and you may lose access to your wallet,” Threat Fabric said. “This social engineering trick guides the victim to navigate to their seed phrase wallet key, allowing Crocodilus to harvest the text using its accessibility logger.” Source: Threat FabricOnce the threat actors have the seed phrase, they can seize complete control of the wallet and “drain it completely.” Threat Fabric says despite it being a new malware, Crocodilus has all the features of modern banking malware, with overlay attacks, advanced data harvesting through screen capture of sensitive information such as passwords and remote access to take control of the infected device. Initial infection occurs by inadvertently downloading the malware in other software that bypasses Android 13 and security protections, according to Threat Fabric. Once installed, Crocodilus requests accessibility service to be enabled, which enables the hackers to gain access to the device. “Once granted, the malware connects to the command-and-control (C2) server to receive instructions, including the list of target applications and the overlays to be used,” Threat Fabric said. Once installed, Crocodilus requests accessibility service to be enabled, granting hackers access to the device. Source: Threat FabricIt runs continuously, monitoring app launches and displaying overlays to intercept credentials. When a targeted banking or cryptocurrency app is opened, the fake overlay launches over the top and mutes the sound while the hackers take control of the device. “With stolen PII and credentials, threat actors can take full control of a victim’s device using built-in remote access, completing fraudulent transactions without detection,” Threat Fabric said. Threat Fabrix’s Mobile Threat Intelligence team has found the malware targets users in Turkey and Spain but said the scope of use will likely broaden over time. Related: Beware of ‘cracked’ TradingView — it’s a crypto-stealing trojanThey also speculate the developers could speak Turkish, based on the notes in the code, and added that a threat actor known as Sybra or another hacker testing out new software could be behind the malware. “The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware.” “With its advanced Device-Takeover capabilities, remote control features, and the deployment of black overlay attacks from its earliest iterations, Crocodilus demonstrates a level of maturity uncommon in newly discovered threats,” Threat Fabric added. Magazine: Ridiculous ‘Chinese Mint’ crypto scam, Japan dives into stablecoins: Asia Express
MARA Holdings plans huge $2B stock offering to buy more Bitcoin
Bitcoin miner MARA Holdings Inc (MARA) is looking to sell up to $2 billion in stock to buy more Bitcoin as part of a plan that bears a resemblance to Michael Saylor’s Strategy.MARA Holdings, formerly Marathon Digital, said in a March 28 Form 8-K and prospectus filed with the Securities and Exchange Commission that it entered into an at-the-market agreement with investment giants, including Cantor Fitzgerald and Barclays, for them to sell up to $2 billion worth of its stock “from time to time.”“We currently intend to use the net proceeds from this offering for general corporate purposes, including the acquisition of bitcoin and for working capital,” MARA added.MARA’s move copies a tactic made famous by Bitcoin (BTC) bull Saylor, the executive chair of the largest corporate Bitcoin holder Strategy, formerly MicroStrategy, which has used a variety of market offerings, including stock sales, to amass 506,137 BTC worth $42.4 billion.MARA Holdings falls just behind Strategy with the second largest holdings by a public company, with 46,374 BTC worth around $3.9 billion in its coffers, according to Bitbo data.In July, the company’s CEO, Fred Thiel, said it was going “full HODL” and wouldn’t sell any of the Bitcoin it mined to fund its operations, as is typical for crypto miners, and would purchase more of the cryptocurrency to keep in reserve.Related: Crusoe to sell Bitcoin mining business to NYDIG to focus on AI The Bitcoin (BTC) miner’s planned stock sale follows a similar offering it made early last year that offered up to $1.5 billion worth of its shares. It also issued $1 billion of zero-coupon convertible senior notes in November with plans to use most of the proceeds to buy Bitcoin.Google Finance shows that MARA closed the March 28 trading day down 8.58% at $12.47, following on from crypto mining stocks being rattled a day earlier with reports that Microsoft abandoned plans to invest in new data centers in the US and Europe.MARA shares have fallen another 4.6% to $11.89 in overnight trading on March 30, according to Robinhood.Bitcoin is trading just above $82,000, down 1.2% over the past 24 hours after falling from a local high of around $83,500, according to CoinGecko.Magazine: Bitcoin vs. the quantum computer threat — Timeline and solutions (2025–2035)
DeFi protocol SIR.trading loses entire $355K TVL in ‘worst news’ possible
Ethereum-based DeFi protocol SIR.trading, also known as Synthetics Implemented Right, has been hacked, resulting in the loss of its entire total value locked (TVL) — $355,000 at the time of the attack. The hack, which occurred March 30, was initially detected by blockchain security firms TenArmorAlert and Decurity, both of which posted warnings on X to alert users of the protocol.The protocol’s founder, known only as Xatarrer, described the hack as “the worst news a protocol could received [sic],” but suggested they intend to try to keep the protocol going despite the setback.Source: SIR.trading on X “Clever attack” targeted contract vaultDecurity described the hack as a “clever attack” that targeted a callback function used in the protocol’s “vulnerable contract Vault” which leverages Ethereum’s transient storage feature. According to Decurity the attacker was able to replace the real Uniswap pool address used in this callback function with an address under the hacker’s control, allowing them to redirect the funds in the vault to their address. TenArmorAlert further explained that by repeatedly calling this callback function, the attacker was able to fully drain the protocol’s TVL.Source: Decurity SupLabsYi, from blockchain security firm Supremacy, went into more detail on the attack in an X post, stating it may demonstrate a security flaw in Ethereum’s transient storage. Transient storage was added to Ethereum with last year’s Dencun upgrade. The new feature allows for temporary storage of data leading to lower gas fees than regular storage. According to SupLabsYi, it’s still a “nascent feature,” and the attack may be one of the first to exploit its vulnerabilities. “This isn’t merely a threat aimed at a single instance of uniswapV3SwapCallback,” SupLabsYi said.TenArmorSecurity said the stolen funds have now been deposited into an address funded through the Ethereum privacy solution, Railgun. Xatarrer has since reached out to Railgun for assistance. Related: DeFi hacks drop 40% in 2024, CeFi breaches surge to $694M — HackenSIR.trading’s documentation shows that it was billed as “a new DeFi protocol for safer leverage.” The stated purpose of the protocol was to address some of the challenges of leveraged trading, “such as volatility decay and liquidation risks, making it safer for long-term investing.”While it aimed for safer leveraged trading, the protocol’s documentation did warn users that despite being audited, its smart contracts could still contain bugs that could lead to financial losses — highlighting the platform’s vaults as a particular area of vulnerability.“Undiscovered bugs or exploits in SIR’s smart contracts could lead to fund losses. These might stem from complex logic in vault mechanics or leverage calculations that audits failed to catch, exposing users to rare but critical failures,” the project’s documentation states.Magazine: What are native rollups? Full guide to Ethereum’s latest innovation