DCN and Cyber Security Institute have joined hands yet again to craft a weekly review on cyber security in the crypto industry.

Here is what has happened and how you can stay safe:

Hacks

Entangle Finance Exploit: 13 Billion NGL Tokens Illegally Minted

On March 9, 2025, Entangle Finance experienced a significant security breach where an attacker exploited their bridge protocol to mint approximately 13 billion NGL tokens illicitly. This unauthorized minting led to a sharp decline in the token’s value, with NGL’s price plummeting by 90% within six hours. In response, Entangle Finance promptly paused all NGL token transfers to prevent further exploitation and is actively investigating the incident.

Key Details:

• Exploit Mechanism: The attacker targeted vulnerabilities within Entangle’s bridge protocol, allowing the unauthorized creation of a massive number of tokens.

• Immediate Actions: Entangle Finance implemented an emergency pause on all NGL token transfers to contain the situation and is conducting a thorough investigation.

• Market Impact: The sudden influx of illegitimately minted tokens caused NGL’s market value to drop by 90% in a short period.

Etherscan: https://etherscan.io/token/0x12652C6d93FDB6F4f37d48A8687783C782BB0d10?a=0x87f574f6e00ed89d8c5bf6b110466aff508906a6

1inch Market Makers Lose $5M — One Victim Lost $4.5M

On March 5, 2025, decentralized exchange aggregator 1inch suffered a security breach resulting in a $5 million loss. The attacker exploited a vulnerability in the outdated Fusion v1 smart contract, specifically targeting resolvers — entities responsible for filling orders within the network. Notably, end-user funds remained secure, as the exploit affected only the resolvers utilizing the deprecated contract version.

Key Details:

• Exploit Mechanism: The vulnerability resided in the Fusion v1 resolver smart contract, which had been deprecated but was still in use by some resolvers.

• Funds Compromised: The attacker successfully extracted approximately 2.4 million USDC and 1,276 WETH, totaling over $5 million.

• Response and Recovery: After negotiations, the hacker agreed to return most of the stolen funds, retaining a portion as a bug bounty. This outcome underscores the importance of ethical considerations in the DeFi space.

• Preventive Measures: 1inch has urged all resolvers to update their contracts to the latest versions and has launched a bug bounty program to enhance security and prevent future exploits.

Ripple Co-Founder’s $150 Million XRP Theft Linked to LastPass Breach

In January 2024, Chris Larsen, co-founder of Ripple, suffered a significant loss when 283 million XRP tokens, valued at approximately $150 million at the time, were stolen from his personal wallet. Recent investigations have revealed that the breach resulted from compromised private keys stored in LastPass, a password manager that experienced a security incident in 2022.

Malware

DeFi CEOs Targeted with Malware — Who’s Next?

Cybercriminals are increasingly focusing on leaders within the Decentralized Finance (DeFi) sector, deploying sophisticated malware to compromise their systems. These malicious programs are designed to extract sensitive credentials, siphon funds, and access confidential information, underscoring that even top industry figures are vulnerable.

Key Takeaways:

• Attack Vectors: Tactics such as spear-phishing emails, malicious software downloads, and exploits within platforms like Telegram are commonly employed to infiltrate systems.

• Preventative Measures: High-profile individuals in the DeFi space should utilize hardware wallets, implement robust endpoint security solutions, and adopt operational compartmentalization to mitigate risks.

• Future Outlook: As cybercriminals continue to refine their methods, an increase in targeted attacks is anticipated.

elegram Malware on Android — Your Messages Could Be Spying on You

Recent discoveries have unveiled that certain malicious actors are distributing Android malware through counterfeit versions of the Telegram app. These fake applications, often found outside official app stores, are crafted to deceive users into installing them, subsequently compromising their devices.

Key Takeaways:

• Risks of Third-Party Downloads: Downloading applications from unofficial sources significantly heightens the risk of malware infections.

• Targeted Data: Such malware strains are capable of accessing crypto wallets, capturing passwords, and stealing authentication tokens.

• Safety Recommendations: Users should verify the authenticity of links and refrain from downloading files from unknown Telegram sources

Bybit Stock Simulator Infected macOS — Hidden Malware Inside

A fraudulent stock simulation application, masquerading as an affiliate of Bybit, has been identified containing malicious code targeting macOS users. This incident reflects a broader trend of crypto-related applications concealing malware to exploit unsuspecting users.

Key Takeaways:

• Misplaced Trust in macOS Security: Mac users often perceive their systems as impervious to malware, a misconception that can lead to vulnerabilities.

• Immediate Actions: Individuals who have downloaded Bybit-related stock simulators should promptly scan their devices for potential threats.

• Emerging Threats: An uptick in malware targeting financial and cryptocurrency applications is expected.

OnlyFans Risks — More Than Just Content

Cybercriminals are exploiting platforms like OnlyFans to disseminate malware, embedding malicious payloads within messages, images, and redirects. Given OnlyFans’ substantial user base, this method poses significant risks.

Key Takeaways:

• Vigilance Required: Users should exercise caution regarding unsolicited direct messages and file downloads on such platforms.

• Concealed Threats: Malware may be hidden within explicit content, fake support communications, or enticing ‘exclusive offers.’

• Potential Consequences: Infection could jeopardize crypto wallets and compromise personal data.

Antivirus Software Corrupting Crypto Wallets — A New Threat

Reports have emerged indicating that certain antivirus programs are inadvertently corrupting cryptocurrency wallets, potentially rendering them unusable or exposing them to exploits. This development raises concerns about the interaction between security software and blockchain applications.

Key Takeaways:

• Immediate Response: Users experiencing wallet issues following antivirus updates should act swiftly to secure their assets.

• Misidentification Risks: Some security software may mistakenly flag wallet files as threats, leading to data loss.

• Recommended Practices: Employing hardware wallets and offline storage solutions can help minimize such risks.

https://x.com/SlowMist_Team/status/1897226073085231511

Phishing

Two Phishing Victims Lose $37K and $80K — How It Happened

Two separate phishing incidents resulted in losses of $37,000 and $80,000, respectively. Attackers utilized malicious links and counterfeit airdrop offers to deceive victims into authorizing transactions that emptied their wallets.

Key Takeaways:

• Skepticism Advised: Unsolicited messages promising free tokens are likely scams and should be ignored.

• Transaction Vigilance: Users must meticulously review wallet approvals before consenting to any transaction.

• Exploiting FOMO: Attackers leverage the fear of missing out (FOMO) to enhance the effectiveness of social engineering tactics.

You Can Be Targeted — Phishing DMs from ‘Friends’

A new phishing tactic involves hijacking accounts to send malicious links through direct messages (DMs) from trusted contacts, making it more challenging for victims to identify scams.

Key Takeaways:

• Verification Necessity: Even if a link originates from a known contact, it should be verified before clicking.

• Compromised Accounts: Attackers exploit compromised accounts to disseminate malicious messages.

• Awaress of Anomalies: If a message from a friend seems unusual, it should be treated with suspicion.

Phishing Stats for February 2025 — The Numbers Are Growing

In February 2025, Web3 phishing scams led to $5.32M in losses across 7,442 victims, marking a 48% drop from January and continuing a three-month decline. The largest individual scams included $771K lost to address poisoning, $611K to permit scams, and $610K due to unrevoked phishing approvals. Despite the downturn, users are urged to stay vigilant by verifying all signatures, revoking unused approvals, and using anti-scam tools like the ScamSniffer extension.

Key Takeaways:

• Surge in Attacks: February witnessed a significant rise in phishing attacks targeting Web3 users.

• Refined Methods: More users are falling victim to wallet-draining scams as attackers enhance their techniques.

• Proactive Defense: Utilizing security tools like wallet-draining protection and transaction simulators is crucial to mitigate risks.

Total Losses: $5.32M (7,442 victims) — 48% decrease from January ($10.25M).

Biggest Scams:

• $771K (ETH) — Address poisoning

• $611K (ETH) — Permit scam

• $610K (BSC) — Unrevoked phishing approvals

• $326K (ETH) — IncreaseApproval exploit

Trend: Phishing losses have declined for the third consecutive month (Dec: $23.58M → Jan: $10.25M → Feb: $5.32M).

Scammers

The Playbook: Market Manipulation Tactics

A recent discussion by @beast_ico highlights the strategies employed by certain market participants to manipulate cryptocurrency prices. These tactics include coordinated buying or selling to create artificial price movements, spreading misinformation to influence market sentiment, and exploiting low-liquidity environments to execute pump-and-dump schemes. Such activities can lead to significant losses for unsuspecting investors who are unaware of these manipulative practices.

Key Takeaways:

• Crypto markets are manipulated through coordinated buying/selling, misinformation, and exploiting low liquidity.

• Pump-and-dump schemes remain a significant risk for traders.

• Awareness of these tactics can help investors avoid falling victim.

Liquidations on PYTH: Unforeseen Consequences

@CatfishFishy raises concerns about unexpected liquidations occurring on the PYTH network. These liquidations appear to result from sudden and significant price discrepancies reported by PYTH’s oracles, leading to cascading sell-offs and substantial losses for traders. The incident underscores the importance of reliable price feeds and the potential risks associated with decentralized finance platforms relying on external data sources.

Key Takeaways:

• PYTH oracles reported price discrepancies, causing unexpected liquidations.

• These liquidations led to cascading sell-offs and major losses for traders.

• Highlights the risks of DeFi platforms relying on external price feeds.

Read the full version: https://cyberstrategy1.medium.com/the-crypto-war-zone-weekly-crypto-security-truths-issue-36-afe6386e1cb8