North Korean hackers have recorded the largest cryptocurrency theft, stealing approximately $1.5bn from the Dubai-based exchange ByBit. According to the FBI, the stolen funds have already been converted into Bitcoin and spread across thousands of blockchain addresses. The attack highlights North Korea’s growing expertise in cybercrime, with proceeds believed to be funding its nuclear weapons programme.
The notorious Lazarus Group, linked to the regime, has been responsible for several high-profile hacks, including the theft of over $1.3bn in cryptocurrency last year. Experts say the group employs advanced malware and social engineering tactics to breach exchanges and launder stolen assets into fiat currency. These funds are critical for bypassing international sanctions and financing North Korea’s military ambitions.
Beyond cybercrime, Pyongyang has deepened its ties with Russia, allegedly supplying troops and weapons in exchange for financial backing and technological expertise. Meanwhile, the regime has recently reopened its borders to a limited number of international tourists, aiming to generate much-needed foreign income. As global scrutiny intensifies, concerns are growing over North Korea’s increasing reliance on illicit activities to prop up its economy and expand its military power.
For more information on these topics, visit diplomacy.edu.
The UK government has introduced the Crime and Policing Bill, aiming to enhance its ability to recover proceeds from cryptocurrency-related crime. The bill sets out provisions for valuing cryptocurrency, establishes procedures for courts to recover illicit funds, and expands powers for the Crown Court to issue seizure orders. It addresses various criminal issues, including anti-social behaviour, sexual offences, and terrorism, with a specific focus on confiscating criminal assets tied to cryptocurrencies.
The legislation will grant the Crown Court additional authority to manage and confiscate money, cryptocurrency, and personal property in criminal cases. Provisions within the bill also introduce measures for the destruction of seized cryptocurrency, ensuring that the market value at the time of destruction is taken into account, with adjustments made for any changes in value.
The bill further amends existing laws, replacing magistrates’ courts with the Crown Court in handling cryptocurrency assets. These updates aim to streamline the management of confiscation orders, ensuring that cryptocurrencies can be more effectively seized, valued, and recovered in cases involving criminal activity.
For more information on these topics, visit diplomacy.edu.
Blockchain security experts have uncovered a fake mobile app that stole over $1.8 million in cryptocurrency. The app, called BOM, targeted users by gaining access to their private wallet data, including mnemonic phrases and private keys. Once installed, BOM deceptively requested unnecessary permissions, such as access to photos and media, which raised suspicion among security experts. When granted, the app scanned the device’s storage, stole wallet data, and sent it to a remote server.
The first signs of unauthorised transactions were detected on 14 February, with further investigation revealing the scale of the theft. Over 13,000 victims had their funds stolen, with the hacker address traced across several blockchains, including Ethereum, BNB Chain, and Polygon. The stolen assets included Tether, Ethereum, Wrapped Bitcoin, and Dogecoin.
Though the identity of the attackers remains unclear, analysts from SlowMist noted that the app’s backend services had gone offline, indicating the perpetrators may already be attempting to cover their tracks. Some of the stolen funds were exchanged through decentralised platforms like PancakeSwap and OKX-DEX, making it harder to trace the movement of the assets.
For more information on these topics, visit diplomacy.edu.
Cybersecurity firm Kaspersky has issued a warning about a large-scale malware campaign targeting GitHub users. Hackers have created hundreds of fake repositories to deceive users into downloading malware designed to steal cryptocurrency, login credentials, and browsing data. The campaign, known as ‘GitVenom,’ uses fraudulent projects that appear legitimate, offering tools like a Telegram bot for managing Bitcoin wallets or an Instagram automation tool. However, these projects run malicious software in the background, including remote access trojans (RATs), info-stealers, and clipboard hijackers.
The fake repositories were made to look convincing by including detailed documentation and manipulated version histories, which were designed to mimic active development. Despite appearing professional, these projects fail to deliver their promised functions while quietly extracting sensitive information from users. Kaspersky’s investigation revealed that some of these malicious repositories have been active for at least two years, suggesting the attackers have successfully lured victims over an extended period.
Once users have downloaded the malware, it targets saved login details, cryptocurrency wallet information, and browsing history, sending the stolen data to the attackers via Telegram. Some malware even hijacks clipboard contents, replacing cryptocurrency wallet addresses with those controlled by the hackers, potentially redirecting funds. The campaign has caused considerable impact, with one documented case involving the theft of five Bitcoins, worth around $442,000.
Although the GitVenom campaign has been detected worldwide, it has particularly affected users in Russia, Brazil, and Turkey. Kaspersky warns that, given GitHub’s popularity among developers, hackers are likely to continue using fake software projects as a method of infection.
For more information on these topics, visit diplomacy.edu.
Following the recent security breach at Bybit, major cryptocurrency firms have joined forces to combat the attack and mitigate its impact. Bybit’s CEO, Ben Zhou, confirmed that both centralised and decentralised finance leaders, such as Orbiter and SynFutures, quickly moved to blacklist the attacker’s addresses. Chainalysis also tracked and published wallet addresses linked to the exploit.
Blockchain security companies, including SIS and Zero Shadows, intensified efforts to block malicious transactions and trace the perpetrators, while institutional traders such as TMSI and Cumberland provided support to stabilise the market. Several DeFi protocols, including Lido Finance and Solana Foundation, also extended their assistance.
Zhou praised the swift collaboration from industry players, calling it a testament to the cryptocurrency sector’s resilience. The exchange has since launched a recovery bounty programme, offering up to 10% of recovered funds. Bybit is working hard to enhance its security infrastructure following the breach.
Investigations have pointed to North Korea’s Lazarus Group as the likely culprit behind the attack, which exploited Bybit’s Ethereum multisig cold wallet. This group is also connected to other high-profile crypto hacks, including the 2022 DMM Bitcoin exchange breach.
For more information on these topics, visit diplomacy.edu.
Hackers have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit in what is believed to be the largest digital heist in history. The attacker gained access to an Ethereum wallet during a routine transfer and moved the funds to an unknown address, sparking concerns across the cryptocurrency sector.
Bybit quickly reassured users that their funds remained secure, with chief executive Ben Zhou pledging to fully compensate affected customers. Despite this, the platform saw a surge of over 350,000 withdrawal requests, leading to potential delays. The company remains solvent, holding $20 billion in customer assets and is prepared to cover losses if necessary.
The price of Ethereum briefly dipped by nearly 4% following the breach but has since stabilised. Bybit has called upon leading cybersecurity experts to assist in recovering the stolen assets, offering a reward of up to $140 million. Speculation has emerged regarding the hackers’ identity, with reports suggesting possible links to the North Korean state-sponsored Lazarus group known for previous large-scale cryptocurrency thefts.
For more information on these topics, visit diplomacy.edu.
OpenAI has removed accounts linked to users in China and North Korea over concerns they were using ChatGPT for malicious activities.
The company cited cases of AI-generated content being used for surveillance, influence campaigns, and fraudulent schemes. AI tools were employed to detect the operations.
Some accounts produced news articles in Spanish that criticised the US and were later published under a Chinese company’s byline. Others, potentially connected to North Korea, created fake resumes and online profiles in an attempt to secure jobs at Western firms.
A separate operation, believed to be tied to financial fraud in Cambodia, used ChatGPT to generate and translate comments on social media.
The US government has raised concerns over China’s use of AI to spread misinformation and suppress its population. Security risks associated with AI-driven disinformation and fraudulent activities have led to increased scrutiny of how such tools are being used globally.
OpenAI’s ChatGPT remains the most widely used AI chatbot, with over 400 million weekly active users. The company is also in discussions to secure up to $40 billion in funding, which could set a record for a private firm.
For more information on these topics, visit diplomacy.edu.
Australia’s eSafety Commission has fined messaging platform Telegram A$1 million ($640,000) for failing to respond promptly to questions regarding measures it took to prevent child abuse and extremist content. The Commission had asked social media platforms, including Telegram, to provide details on their efforts to combat harmful content. Telegram missed the May 2024 deadline, submitting its response in October, which led to the fine.
eSafety Commissioner Julie Inman Grant emphasised the importance of timely transparency and adherence to Australian law. Telegram, however, disagreed with the penalty, stating that it had fully responded to the questions, and plans to appeal the fine, which it claims was solely due to the delay in response time.
The fine comes amid increasing global scrutiny of Telegram, with growing concerns over its use by extremists. Australia’s spy agency recently noted that a significant portion of counter-terrorism cases involved youth, highlighting the increasing risk posed by online extremist content. If Telegram does not comply with the penalty, the eSafety Commission could pursue further legal action.
For more information on these topics, visit diplomacy.edu.
Two men have been charged in connection with a cryptocurrency fraud that saw a 75-year-old man from Aberdeenshire lose more than £100,000. The case, reported to police in July, led to an extensive investigation by officers from the north east division CID.
Following inquiries, officers travelled to Coventry and Mexborough on Tuesday, working alongside colleagues from West Midlands Police and South Yorkshire Police.
The coordinated operation resulted in the arrests of two men, aged 36 and 54, who have now been charged in relation to the fraud allegations.
Police have not yet disclosed details of how the scam was carried out, but cryptocurrency frauds often involve fake investment schemes, phishing scams, or fraudulent trading platforms that lure victims into handing over money with promises of high returns.
Many scams also exploit a lack of regulation in the digital currency sector, making it difficult for victims to recover lost funds.
Authorities have urged the public to remain vigilant and report any suspicious financial activity, particularly scams involving cryptocurrencies.
For more information on these topics, visit diplomacy.edu.
Norwegian prosecutors have charged four individuals for their role in a massive fraud and money laundering operation that deceived thousands of victims worldwide. Authorities say the scheme collected over 900 million kroner ($86–87 million), with more than 700 million kroner laundered through a Norwegian law firm before being transferred to accounts in Asia.
The scam operated as a multi-level marketing structure, with victims recruited to buy “product packages” containing cryptocurrency and company shares. Investors were promised profits from gas fields, mining, and real estate, but investigators say no real investments were made. Instead, new deposits funded payouts to earlier investors, fitting the classic Ponzi scheme model.
Officials revealed that financial professionals, including lawyers and accountants, helped to conceal the money flow, making the fraud harder to detect. Europol has warned that financial crimes like these are a growing global threat, with fraud and money laundering acting as the driving force behind organised crime.
Despite the cross-border nature of the operation, Norwegian authorities stress that those responsible will be prosecuted, no matter where their victims are located. The case highlights the increasing use of professional services to facilitate fraud, a challenge that law enforcement agencies worldwide are struggling to tackle.
For more information on these topics, visit diplomacy.edu.
