ChainCatcher news, according to on-chain analyst Onchain Lens (@OnchainLens), the Bitrue hacker bought 5,917.82 ETH in the past two hours, worth about 16.34 million dollars, at an average price of 2,762 dollars. Subsequently, the hacker transferred a total of 11,029 ETH through TornadoCash, worth 30.29 million dollars.

According to ChainCatcher's message, on-chain data analyst Yu Jin has monitored that the Bitrue hacker has currently used 8.304 million DAI to purchase 3,000 ETH and has laundered 4,600 ETH (approximately 12.65 million USD) through Tornado Cash. The address still holds 8.04 million DAI and 3,510 ETH.

ChainCatcher news, according to on-chain data analyst Yu Jin's monitoring, the Bitrue hacker is currently using 16.345 million DAI to purchase ETH, and then washing the ETH through Tornado Cash. This DAI was obtained by selling ETH at a price of $3,885 in March last year.The hacker stole various tokens worth $23 million from the Bitrue trading platform in April 2023, and then exchanged these assets for ETH; in March 2024, he sold 4,207 ETH for 16.345 DAI at a price of $3,885; one hour ago, he transferred the DAI and ETH to a new address, and is currently buying ETH with DAI, then washing the ETH through Tornado Cash.

ChainCatcher news, the hacker group Librarian Ghouls (also known as Rare Werewolf) has infiltrated hundreds of Russian devices and is using them for cryptocurrency mining.The group spreads malware through phishing emails disguised as legitimate organizations, establishing remote connections after infecting devices and disabling security systems such as Windows Defender. The hackers collect information on the devices' RAM, CPU cores, and GPU to optimize the configuration of cryptocurrency mining programs. This hacking incident began in December 2023, with the attack primarily affecting industrial enterprises and engineering schools in Russia, while there are also victims in Belarus and Kazakhstan.Kaspersky speculates that Librarian Ghouls may be hacktivists, as they rely on legitimate third-party tools rather than developing their own malware, which is a common tactic used by similar organizations.

ChainCatcher message, security company Wiz has discovered that a hacker organization codenamed JINX-0132 is massively exploiting configuration vulnerabilities in DevOps tools for cryptocurrency mining attacks. The attack primarily targets tools such as HashiCorp Nomad/Consul, Docker API, and Gitea, with approximately 25% of cloud environments at risk. The attack methods include: deploying XMRig mining software using Nomad's default configuration, executing malicious scripts through Consul's unauthorized API, and controlling exposed Docker API to create mining containers.

ChainCatcher message, on-chain detective ZachXBT posted that whenever certain cross-chain bridges announce "record usage" data, it is often the case that North Korean hacker groups are laundering money through that bridge. He pointed out that recent incidents are mostly related to stolen funds from Bybit, and they use multiple on-chain hops to obscure the flow of funds and evade address scrutiny, thereby exaggerating the actual usage data.

ChainCatcher news, the SUI-based DEX Cetus, which suffered a $223 million hack, announced through platform X that it has safely transferred the frozen funds related to the hack to a multi-signature trust wallet jointly managed by CETUS, SUI, and OtterSec. These funds will be held in the wallet until they are returned to users.In response, Cetus explained: "We have entered the next phase of recovering the funds lost to the hack by ensuring their safety. We are working day and night to fulfill the roadmap promised to the community, including contract upgrades, liquidity restoration, and preparations for the relaunch."Previous report indicates that the Sui community recently approved an on-chain proposal that will release approximately $162 million that was seized during the Cetus vulnerability last week, allowing the DEX to repay users and restore full operations.

ChainCatcher message, Slow Mist's Yu Xian posted on platform X stating that the Cetus hacker has not yet returned the funds, holding over 60 million USD worth of ETH and has not continued to transfer it. The community has submitted suspected clues related to the Cetus hacker, and more details may be disclosed later.

ChainCatcher news, according to Finance Feeds, the North Korean hacker group Lazarus Group has recently shifted its attack targets to individual investors, stealing over $5.2 million from a merchant through malware on May 24. The stolen funds involve multiple wallet types, including exchange wallets, multi-signature wallets, and external accounts.Blockchain analyst ZackXBT tracked that the hackers have transferred about 1,000 ETH through the mixer Tornado Cash.Security experts recommend that individual investors take protective measures: use hardware wallets to store large assets, enable two-factor authentication, regularly update software patches, be wary of suspicious links, and regularly check transaction records. This attack marks a strategic shift for the organization from targeting institutions to individual investors.

ChainCatcher news, according to Lookonchain monitoring, Cork Protocol was hacked and 3762 wstETH was stolen. Currently, the hacker has exchanged 3762 wstETH for 4530 ETH.

ChainCatcher news, blockchain security company BlockSec posted on social media that its system detected a hacker attack targeting the decentralized stablecoin protocol Usual (USUAL), which has currently been suspended.

ChainCatcher news, on-chain detective ZachXBT stated that a victim was allegedly attacked by North Korean hackers due to malware on May 24, resulting in a loss of over $5.2 million.Previously, the victim's wallet showed outflows from various multisig, EOA, and exchange accounts, with assets being sold on the market. 1,000 ETH was deposited into Tornado Cash yesterday.

ChainCatcher news, the official X account of Fred Wilson, partner at the American venture capital firm USV (Union Square Ventures), has been hacked. The hacker had posted a fake MEME coin contract, which has now been deleted.

ChainCatcher message, Cetus stated on platform X that no communication has been received from the hacker and encourages the hacker to seriously consider Cetus's offer terms.At the same time, with the support of Inca Digital and funding from the Sui Foundation, a reward of 5 million dollars has been announced to incentivize individuals who provide relevant information, successfully identify, and apprehend the hacker. If the hacker is willing to cooperate and accepts the offer, no further legal actions or claims will be taken, including the 5 million dollar bounty, which will be determined by the Sui Foundation.

ChainCatcher news, cybersecurity company Moonlock has issued a warning that hackers are attacking by distributing a malicious clone disguised as Ledger Live. Ledger Live is an application widely used for managing Ledger cold wallets.Initially, the attackers could only steal passwords, notes, and wallet information through this clone app, thus gaining a rough understanding of the user's wallet assets, but they could not directly extract funds. However, within just a year, they have learned to steal recovery phrases and are able to hijack victims' wallets.

ChainCatcher message, Cetus announced that it has fixed the vulnerabilities from the earlier attack incident, and has collaborated with multiple parties to track the funds, label the hacker's wallet, and communicate with law enforcement agencies. It has proposed a "white hat settlement plan" to the hacker: returning the assets within a limited time can earn a bounty of 2324 ETH (approximately 6 million USD), and no legal action will be taken. The community's current primary goal remains to recover the assets.

ChainCatcher message, Sui announced on platform X: "A large number of validators have identified the addresses from which Cetus funds were stolen and will ignore transactions on these addresses until further notice. The Cetus team is exploring ways to recover these funds and return them to the community. The incident report for Cetus will be released soon. The Sui Foundation and other members of the ecosystem will be committed to supporting Cetus in addressing this incident."