Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

North American cryptocurrency company hit by network compromise

Incident
First reported
Last updated
Happening score
H score 7
1 unique sources, 1 articles

Summary

Hide ▲

A North American cryptocurrency company suffered a multi-stage intrusion that began on January 23, 2026, and the attackers kept access for 66 days. The foothold came through a typosquatted Zoom meeting link delivered in a manipulated Calendly invite. The attack moved from the initial click to full system compromise in under five minutes and used clipboard injection plus credential extraction aimed at wallet extensions. The incident shows a long-lived compromise of a single crypto firm within a wider phishing theft operation.

Related Happenings

KelpDAO hit by cyberattack

Incident
First: 21.04.2026 01:23 Last: 21.04.2026 01:23 Sources 1

About this happening: KelpDAO suffered a cross-chain theft involving rsETH, prompting it to pause rsETH contracts after detecting suspicious activity on April 18, 2026. Reports estimate that about 116,...

Latest development: 21.04.2026 11:30

North Korea’s Lazarus Group targeted LayerZero Labs on April 18, 2026 by poisoning downstream RPC infrastructure, compromising two independent RPC nodes, swapping binaries on op-geth nodes, and forcing a DDoS-driven failover that let a forged cross-chain message pass and enable an unauthorized rsETH transfer.

Open Happening

Drift Protocol hit by cyberattack

Incident
First: 02.04.2026 22:03 Last: 02.04.2026 22:03 Sources 1

About this happening: **Drift Protocol** disclosed a **security-council takeover** that drained **at least $280 million** and left its protocol functions essentially frozen. The attacker used **durable...

Latest development: 06.04.2026 19:35

Elliptic and TRM Labs attributed the $280+ million theft from Drift Protocol to North Korean hackers, and Drift said its findings point with medium-high confidence to UNC4736 (AppleJeus/Labyrinth Chollima). The investigation also said the attackers spent at least six months building a functioning operational presence inside the Drift ecosystem, posing as a quantitative firm, meeting Drift contributors at crypto conferences in multiple countries, and continuing discussions over Telegram.

Open Happening

Silver Fox South Asia phishing campaign

Campaign
First: 24.03.2026 18:00 Last: 24.03.2026 18:00 Sources 1

About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...

Open Happening

Bitrefill hit by network compromise

Incident
First: 19.03.2026 19:08 Last: 19.03.2026 19:08 Sources 1

About this happening: **Bitrefill** suffered a **cyberattack** that forced its website and app offline and left restoration still in progress, making it the platform’s most serious security event to da...

Open Happening

BlueNoroff spear-phishing campaign uses typosquatted Zoom, Teams, and Calendly lures against crypto firms

Campaign
First: 11.02.2026 00:17 Last: 11.02.2026 00:17 Sources 1

How related: The spear-phishing campaign involved multiple social engineering techniques, including impersonating prominent figures of the fintech industry, typosquatted Zoom and Microsoft Teams meeting links, fake Calendly calendar invites and ClickFix-style clipboard injection attacks.

About this happening: **BlueNoroff**, a **North Korea-linked Lazarus Group** subgroup, ran a **large-scale spear-phishing campaign** against **100+ cryptocurrency organizations** in **20+ countries** b...

Open Happening

Timeline

  1. 28.04.2026 11:00 2 articles · 29d ago

    North American cryptocurrency company intrusion begins

    Exploitation Observed

    A North American cryptocurrency company experienced a multi-stage intrusion that began with a typosquatted Zoom meeting link delivered through a manipulated Calendly invite; the victim saw a fake Zoom meeting interface, a ClickFix-style clipboard injection attack, and a credential extraction pipeline focused on browser data and cryptocurrency wallet extensions, with the execution chain reaching full system compromise in under five minutes and access persisting for 66 days.

    Show sources
    Open in new tab
  2. 27.04.2026 03:00 1 articles · 1mo ago

    Arctic Wolf discloses BlueNoroff crypto theft campaign

    Initial Disclosure

    Arctic Wolf Labs disclosed a large-scale cyber theft campaign attributed with high confidence to BlueNoroff, a Lazarus Group subgroup, targeting over 100 cryptocurrency organizations across more than 20 countries; the operation used typosquatted Zoom and Microsoft Teams links, fake Calendly invites, ClickFix-style clipboard injection, over 80 typosquatted meeting domains, a PowerShell-based C2 implant, an AES-encrypted browser injection payload, Telegram Bot API screenshot exfiltration, and a media server holding more than 950 files that supported deepfake meeting lures.

    Show sources
    Open in new tab