cybersecurity

According to Coinpost, the Financial Services Agency of Japan has released the "Cybersecurity Enhancement Guidelines (Draft) for Cryptocurrency Exchanges" and has begun a public consultation, with a deadline of March 11. The draft indicates that the methods of cyber attacks targeting cryptocurrency exchanges are becoming increasingly complex, with a rise in indirect attack methods such as social engineering and breaches through outsourced service providers. Relying solely on cold wallets is no longer sufficient to ensure security, and there is a need to strengthen overall supply chain security management.The draft also mentions suspected state-sponsored attacks and emphasizes the importance of asset protection from the perspective of national wealth preservation. The plan is based on three pillars: self-help, mutual assistance, and public assistance. In terms of self-help, it proposes to impose cybersecurity self-assessments on the cryptocurrency exchange industry starting from the fiscal year 2026 and to enhance security standards; for mutual assistance, it will strengthen the functions of industry self-regulatory associations and promote corporate participation in information-sharing organizations; for public assistance, it will continue to conduct international joint research, aiming for full industry participation in cybersecurity exercises within three years and conducting real environment penetration tests on some operators in 2026.

glassnode stated that the Bitcoin "Yardstick" indicator has reached an all-time low, significantly below previous bottoms, indicating that Bitcoin's price is severely undervalued relative to network security (hash rate).Historical data shows that such extreme lows often mark the convergence of exhausted downside potential and long-term opportunities, and in similar past situations, Bitcoin's price typically experiences a significant rebound. Note: The Bitcoin "Yardstick" indicator was developed by Capriole Investments and is defined as Bitcoin's market capitalization divided by hash rate, normalized over 2 years of data, similar to a stock's price-to-earnings ratio, used to assess Bitcoin's valuation.

According to market news, Strategy's Executive Chairman Michael Saylor announced during the earnings call that a Bitcoin security initiative is planned to address quantum computing and other future security threats. This initiative will collaborate with global cybersecurity, cryptographic security, and Bitcoin security councils to coordinate relevant research and risk responses.Saylor stated that the current consensus is that quantum threats are not expected to materialize for at least another 10 years or longer, and many global teams are already developing quantum-resistant protocols. He emphasized that Bitcoin is scalable, and if a quantum upgrade is needed in the future, its network will become more resilient as a result. He also reminded that it is crucial to seize the opportunity to address such risks; acting too early may lead to immature technology, while acting too late could result in unnecessary risks.

According to Hong Kong 01, the Hong Kong police disclosed that over the past three weeks, they have launched a citywide law enforcement operation against fraud, cybercrime, and money laundering, codenamed "Operation Conquer," resulting in the arrest of 682 individuals for conspiracy to commit fraud, obtaining property by deception, and money laundering. This operation involved 580 fraud and technology crime cases, with a total amount of up to HKD 620 million.Among them, in the law enforcement action codenamed "Cyber Web" by the Hong Kong Police Cyber Security and Technology Crime Bureau, a local online romance scam group was dismantled, along with a gang that used virtual currency for money laundering. This gang defrauded 314 victims of a total of HKD 44 million over the past 16 months, with an average amount of about HKD 150,000 per case.

The Shanghai Municipal Justice Bureau has issued a reminder that recently, many places across the country have seen a new tactic in telecom network fraud involving counterfeit supermarket "tasting cards" as bait. Related groups are luring individuals by distributing fake "tasting cards" offline, enticing them to scan a code to join so-called "benefit groups," and then carrying out scams such as transferring money for rebates.Police reports indicate that multiple cases have been solved in Shandong and other areas, with several suspects arrested. Investigations show that criminals use overseas communication software to contact their superiors and settle criminal proceeds through virtual currencies, making their activities highly concealed. The Shanghai Municipal Justice Bureau urges the public to enhance their awareness of prevention, not to scan unknown QR codes, and not to disclose personal information to unfamiliar platforms to avoid financial losses.

The head of global policy and government affairs at the crypto analytics firm TRM Labs, Ari Redbord, pointed out: "2025 is a record year for wrench attacks," with approximately 60 reported incidents of physical attacks against crypto asset holders throughout the year. This number is significantly higher than the second-highest known number of wrench attacks in 2024 (about 41) and 2021 (36). Although the true number of wrench attacks is difficult to accurately quantify, the risk to victims is indeed increasing, or at least public awareness of such threats is rising."The real number could be much higher," Redbord added, "many cases are only recorded as ordinary robberies or burglaries, with the crypto asset element overlooked; others are never reported due to victims' hesitation or doubts about law enforcement's ability to handle crypto-related crimes."The term "wrench attack" for this type of cybersecurity risk derives from the idea that even the most sophisticated encryption and data security measures can be undermined by physical coercion—much like a scenario threatened by a "five-dollar wrench."

Slow Mist released the analysis of stolen funds from MistTrack for the fourth quarter of 2025. In the fourth quarter of 2025, there were 300 reports of stolen funds received (excluding cases reported through other channels), with approximately $1 million successfully frozen or recovered in 9 cases.The three main causes of theft incidents are: phishing attacks, scams, and private key leaks. Phishing remains the primary cause of losses, evolving from fake domains to autocomplete hijacking redirects; phishing is no longer limited to "clicking the wrong link." One victim mistakenly sent 50 million USDT to a forged similar address—where the first 3 and last 4 characters were exactly the same.

According to financefeeds, global cybersecurity company Kaspersky has issued an urgent alert regarding a new sophisticated information-stealing tool named "Stealka," which has begun launching large-scale attacks against Windows users.This malware was discovered at the end of 2025 and is specifically designed to collect sensitive financial data, browser credentials, and cryptocurrency wallet information. Stealka is primarily distributed through deceptive platforms like GitHub and SourceForge, disguised as "cracks" for pirated software or high-demand applications.The malware is particularly dangerous because it employs advanced obfuscation techniques to bypass traditional signature-based security solutions, often remaining undetected during comprehensive scans of the victim's device. This threat emerges at a time when password theft detection has surged nearly 60% throughout the year, marking a more aggressive phase in the evolution of digital financial crime.

The nonprofit organization Security Alliance warns that they are currently discovering multiple scam attempts initiated by North Korean hackers every day, with these attacks luring victims through fake Zoom meetings.The scam technique involves inducing victims to download malware during a "fake Zoom call," thereby stealing sensitive information, including passwords and private keys. Security researcher Taylor Monahan warns that this tactic has siphoned off over $300 million in assets from users.The scam typically begins with a message from a Telegram account, which often belongs to someone the victim "knows." Due to the familiar identity, the victim lets their guard down. The conversation then naturally transitions to an invitation to "catch up over Zoom." Once the call starts, the hacker pretends to encounter audio issues and sends a so-called "patch file." When the victim opens this file, malware is implanted on their device. The hacker then ends the fake call under the pretext of "rescheduling for another day."

According to Hackread.com, cybersecurity company Hudson Rock discovered an infected device while analyzing a LummaC2 information-stealing malware log, with the operator suspected to be a malware developer from a North Korean state-sponsored hacking group.The device was used to build the infrastructure supporting the $1.4 billion theft from the cryptocurrency exchange Bybit in February 2025. Analysis indicated that the credentials found on the device were linked to domains registered prior to the attack, which were used to impersonate Bybit. The device itself was high-end, equipped with development tools such as Visual Studio and Enigma Protector, as well as communication and data storage applications like Astrill VPN, Slack, and Telegram. Its activity traces also showed that the attackers purchased relevant domain names and prepared fake Zoom installers to carry out phishing attacks. This finding rarely reveals the internal operational details of asset sharing in North Korean-supported hacking activities.

Pepe's official website was attacked on the front end, and the cybersecurity company Blockaid discovered that the site was implanted with Inferno Drainer malicious toolkit code. This toolkit is specifically designed for phishing and wallet asset theft, which may lead to the theft of user wallet credentials, unauthorized transactions, and asset loss.

According to market news, the official website of the Pepe memecoin has suffered a front-end attack, and the attackers are currently redirecting users to malicious links. Blockaid stated that the site contains code for the "Inferno Drainer." The Inferno Drainer is a set of scam tools used by threat actors, including phishing website templates, wallet draining tools, and social engineering tools.Currently, the price of the Pepe token has not reacted immediately to this incident, having risen about 4% in the past 24 hours. Cybersecurity company Blockaid encourages users to avoid the site until the issue is resolved to remain vigilant.

The report "2025 Cyber Threat Trends and 2026 Security Outlook" released by AhnLab shows that the North Korean-backed hacker group Lazarus has been named the most frequently in the past 12 months, primarily using "spear phishing" to carry out attacks, often disguising themselves as seminar invitations, interview requests, and other emails to lure targets into opening attachments. The report states that Lazarus is considered the main suspect in several major attacks, including the Bybit hacking incident on February 21 this year (resulting in a loss of $1.4 billion) and the recent $30 million vulnerability attack on the South Korean exchange Upbit.AhnLab indicates that to enhance security, companies need to establish a multi-layered defense system, including regular security audits, timely patch updates, and strengthening employee education. The company also recommends that individual users employ multi-factor authentication, handle unknown links and attachments with caution, avoid excessive exposure of personal information, and only download content from official channels. AhnLab points out that with the widespread use of AI applications, attackers will find it easier to generate indistinguishable phishing emails, spoofed pages, and deepfake content, and related threats may further complicate in the future. (Cointelegraph)

Recent cybersecurity incidents have severely impacted the South Korean financial sector, as the Qilin ransomware group successfully infiltrated the systems of 28 financial institutions by attacking a managed service provider (MSP), stealing over 1 million documents and 2 TB of data. The attackers have named this incident "Korean Leaks," which was carried out in three waves, primarily targeting South Korean asset management companies.Security experts suspect that this attack may be linked to the North Korean hacker group Moonstone Sleet. When the attackers posted information on the data leak website, they not only demanded a ransom but also claimed to expose "systemic corruption" and "evidence of stock market manipulation," attempting to create panic in the South Korean financial market.

According to Cointelegraph, Trustwave's cybersecurity research team SpiderLabs reported that a banking Trojan named "Eternidade Stealer" is spreading widely in Brazil through WhatsApp.Attackers use social engineering tactics such as fake government program notifications, courier messages, and investment groups to lure users into clicking malicious links. Once clicked, the malware simultaneously infects the device and hijacks the WhatsApp account, automatically spreading to the victim's contact list. The Trojan is capable of scanning and stealing login credentials from multiple Brazilian banks, fintech companies, and cryptocurrency exchanges. To avoid detection, the malware uses a preset Gmail account to receive commands instead of a fixed server address. Security experts advise users to remain vigilant about any links, even those from trusted contacts, and to keep software updated to prevent such attacks.

According to Caixin, the fight against and governance of cybercrime has become a global challenge.The eighth national criminal trial work conference emphasized the importance of maintaining cybersecurity and proposed specific requirements from three aspects: focusing on new issues such as the disposal of virtual currencies involved in cases, obscene performances in online live broadcasts, jurisdiction over cybercrime cases, and the certification of electronic data collection, further improving judicial rules, standardizing judgment criteria, and promoting lawful and civilized internet usage; severely cracking down on cross-border online gambling crimes in accordance with the law, holding criminally liable the online platforms that provide services for overseas gambling and disseminate harmful information related to gambling, and cooperating with relevant departments to rectify the online gambling promotion chain; increasing efforts to combat upstream illegal activities in the black and gray industries that infringe on citizens' personal information, strictly punishing "insiders" in the industry, applying employment bans according to the law, and promoting the enforcement of regulatory responsibilities on internet platforms.

According to Decrypt, the Australian Federal Police have warned that scammers are exploiting the Australian national cybercrime reporting system ReportCyber by submitting false reports using stolen personal information, and then impersonating Australian Federal Police officers to call victims and steal their digital assets.The scam is highly deceptive, as criminals verify information in a plausible manner and act quickly to create a sense of urgency. They illegally obtain email addresses, phone numbers, and other information, using the system's rules that allow third parties to report on behalf of others to gain trust. Some victims received calls from "police" informing them that they were involved in a cryptocurrency data breach, and were given what appeared to be an official reference number. After seeing a report that matched the one submitted by the scammers, they almost fell for it.Subsequently, a second caller impersonated a platform, using the same reference number to induce a transfer. Fortunately, the victim realized in time and hung up the phone. Police stated that in similar cases, scammers often spoof numbers and remind the public to remain vigilant, recognize scams, and protect their assets.

ChainCatcher news, according to SlowMist's Yu Xian news, the North Korean hacker-related Trojan SilentSiphon is capable of extracting data from Apple Notes, Telegram, and browser extensions, as well as obtaining credentials from browsers and password managers, and extracting confidential information from configuration files related to various services.Users should enhance their security awareness, regularly update software versions, avoid downloading applications from unknown sources, and use reliable security software for protection.

ChainCatcher news, according to Hong Kong Radio, the Hong Kong Police Force announced the establishment of a "Virtual Asset Intelligence Working Group" in collaboration with Customs, financial regulatory agencies, and licensed virtual asset service providers. The aim is to strengthen the public-private collaboration network through intelligence sharing and cooperation mechanisms, enhancing the ability to respond to virtual asset crimes and related cybersecurity threats.Police Commissioner Chow Man-kong revealed at the inauguration ceremony that a total of 1,463 virtual asset-related cases were recorded in the first eight months of this year. Although the number of cases decreased by 16% year-on-year, the amount of losses involved reached HKD 2.27 billion, an increase of 5% compared to the same period last year.