Cryptocurrencies

North Korea-linked hackers deploy fake Zoom malware to steal crypto

North Korean hackers have reportedly used deepfake technology to impersonate executives during a fake Zoom call in an attempt to install malware and steal cryptocurrency from a targeted employee.

Cybersecurity firm Huntress identified the scheme, which involved a convincingly staged meeting and a custom-built AppleScript targeting macOS systems—an unusual move that signals the rising sophistication of state-sponsored cyberattacks.

The incident began with a fraudulent Calendly invitation, which redirected the employee to a fake Zoom link controlled by the attackers. Weeks later, the employee joined what appeared to be a routine video call with company leadership. In reality, the participants were AI-generated deepfakes.

When audio issues arose, the hackers convinced the user to install what was supposedly a Zoom extension but was, in fact, malware designed to hijack cryptocurrency wallets and steal clipboard data.

Huntress traced the attack to TA444, a North Korean group also known by names like BlueNoroff and STARDUST CHOLLIMA. Their malware was built to extract sensitive financial data while disguising its presence and erasing traces once the job was done.

Security experts warn that remote workers and companies have to be especially cautious. Unfamiliar calendar links, sudden platform changes, or requests to install new software should be treated as warning signs.

Verifying suspicious meeting invites through alternative contact methods — like a direct phone call — is a vital but straightforward way to prevent damage.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

New SparkKitty malware targets crypto wallets

A new Trojan dubbed SparkKitty is stealing sensitive data from mobile phones, potentially giving hackers access to cryptocurrency wallets.

Cybersecurity firm Kaspersky says the malware hides in fake crypto apps, gambling platforms, and TikTok clones, spread through deceptive installs.

Once installed, SparkKitty accesses photo galleries and uploads images to a remote server, likely searching for screenshots of wallet seed phrases. Though mainly active in China and Southeast Asia, experts warn it could spread globally.

SparkKitty appears linked to the SparkCat spyware campaign, which also targeted seed phrase images.

The malware is found on iOS and Android platforms, joining other crypto-focused threats like Noodlophile and LummaC2.

TRM Labs recently reported that nearly 70% of last year’s $2.2 billion in stolen crypto came from infrastructure attacks involving seed phrase theft.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US Senator proposes crypto ban for top officials

Senator Adam Schiff has proposed a bill to ban top officials and their families from engaging in crypto ventures while in office. The COIN Act seeks to ban top officials from endorsing, creating, or promoting cryptocurrencies, NFTs, and stablecoins.

The proposal follows growing scrutiny of President Donald Trump’s involvement in digital assets. Schiff pointed directly to Trump’s financial gains, which included $58 million from token sales in 2024 and a projected $390 million in 2025.

He argued that such activities raise ‘ethical, legal and constitutional’ concerns, especially concerning public office.

Under the COIN Act, any sale of digital assets over $1,000 must be disclosed. Violators could face penalties equal to their profits and up to five years in prison.

Despite this push, Schiff previously voted for the GENIUS Act, which exempted the president and vice president from stablecoin restrictions—a move some critics see as contradictory.

The bill has gained support from nine Senate Democrats but is unlikely to pass under a Republican-controlled Congress. Democrat-led measures, such as the MEME Act and the Stop TRUMP in Crypto Act, have similarly struggled to gain traction.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Traders bet on war with meme coins

Amid rising Middle East tensions, crypto traders rushed into World War-themed meme coins, seeking profits from panic. BunkerCoin, a token linked to a supposed German bunker project, surged nearly 2,000% before losing most of its gains.

Other tokens, like Werld Wur Thwee and Sticks and Stones, followed similar boom-and-bust cycles.

Most of these speculative tokens launched via Pump.fun, a Solana-based platform that has created over 11 million meme coins. According to on-chain analysts, these coins are rarely linked to genuine interests.

Instead, traders follow trending topics, from war to celebrity illnesses, to profit quickly—regardless of ethical implications.

Industry observers argue that the meme coin craze reflects deeper issues. Educational and financial nihilism, particularly among younger generations, pushes many away from traditional finance.

Disillusioned by stagnant wages and high living costs, they turn to meme coins not just for money but for identity and cultural belonging.

Some projects have crossed moral boundaries, mocking cancer diagnoses or promoting hate speech. Yet despite the risks, the appeal of instant gains continues to drive participation.

One expert noted, ‘Meme coins thrive on dopamine, not fundamentals.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Solana teams up with Kazakhstan to grow crypto startups

Solana has signed a Memorandum of Understanding with Kazakhstan’s Ministry to support the country’s growing crypto sector. The partnership aims to advance startups and improve developer education using the Solana blockchain.

The collaboration aims to promote the tokenisation of capital markets, enhancing the appeal of Kazakhstan’s Astana International Exchange (AIX) to global investors.

Solana Foundation leaders highlighted how blockchain technology could help AIX compete with major exchanges such as the NYSE and Nasdaq by storing most trading volume on-chain.

The announcement comes shortly after Kazakhstan launched the Solana Economic Zone, the first in Central Asia. Digital minister Zhaslan Madiyev called the initiative a step towards fostering web3 talent and advancing Kazakhstan’s digital economy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Tether CEO unveils offline password manager

Paolo Ardoino, CEO of Tether, has introduced PearPass, an open-source, offline password manager. The launch comes in response to the most significant credential breach on record, which exposed 16 billion passwords.

Ardoino criticised cloud storage, stating the time has come to abandon reliance on it for security.

The leaked data reportedly covers login details from major platforms like Apple, Meta, and Google, leaving billions vulnerable to identity theft and fraud. Experts have not yet identified the perpetrators but point to systemic flaws in cloud-based data protection.

PearPass is designed to operate entirely offline, storing credentials only on users’ devices without syncing to the internet or central servers. It aims to reduce the risks of mass hacking attempts targeting large cloud vaults.

The tool’s open-source nature allows transparency and encourages the adoption of safer, decentralised security methods.

Cybersecurity authorities urge users to change passwords immediately, enable multi-factor authentication, and monitor accounts closely.

As investigations proceed, PearPass’s launch renews the debate on personal data ownership and may set a new standard for password security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Bitcoin holds firm as tensions rise in the Gulf

Oil markets are on edge after US airstrikes hit three of Iran’s nuclear sites, raising fears of disruption to the Strait of Hormuz. The narrow passage is vital for about 20% of the world’s oil supply.

Any obstruction could drive crude prices up to $130 per barrel and intensify global inflation pressures.

Despite the joint strikes by the US and Israel, Brent crude remains stable for now, hovering near $72 per barrel. Traders are closely watching Iran’s next move and whether shipping through the Strait will be affected.

Bitcoin, in contrast, has shown remarkable resilience. Trading above $102,600, the leading cryptocurrency has not reacted to the military escalation, reinforcing its role as a safe-haven asset during geopolitical uncertainty.

With its fixed supply and decentralised structure, Bitcoin is increasingly being seen as a hedge against inflation and instability. Its steady price amid market anxiety highlights the growing confidence in crypto during global crises.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lawsuits pressure Strategy over Bitcoin losses

Michael Saylor’s Strategy, the largest corporate Bitcoin holder, is under pressure after reporting a $5.9 billion unrealised Q1 loss. The loss came after a new FASB rule requiring crypto assets to be valued at market price.

Investors allege the company failed to disclose the impact of the change, resulting in a sharp drop in share price.

The lawsuit, led by investor Abhey Parmar, claims executives breached fiduciary duties by downplaying Bitcoin volatility and misrepresenting the effects of the accounting shift.

CEO Phong Le and CFO Andrew Kang are accused of selling nearly $31.5 million in shares before the changes were made public. The move has raised concerns about insider trading and corporate governance.

A second class-action lawsuit has been filed, intensifying scrutiny of Strategy’s reporting practices. Despite the legal challenges, the company’s stock has gained around 28% year-to-date, reflecting persistent investor interest in its Bitcoin strategy.

Saylor’s cryptic social media activity has sparked speculation about more Bitcoin purchases. With over 592,000 BTC held—worth nearly $60 billion—Strategy’s continued accumulation signals a strong commitment to its crypto-first approach, even as legal risks grow.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Coinbase gains MiCA approval in EU

Coinbase has secured regulatory approval under the EU’s MiCA framework, allowing it to operate across all 27 member states. Luxembourg’s financial regulator, CSSF, licensed the exchange, making it the first US crypto firm fully recognised under MiCA.

After approval, Coinbase announced it would move its European headquarters from Ireland to Luxembourg. The country’s progressive stance on digital finance, including four blockchain laws in recent years, made it a strategic choice for the exchange.

MiCA aims to unify crypto regulations across the EU, offering clear rules and consumer protections while reducing regulatory fragmentation. Coinbase’s endorsement of the CSSF highlights the role Luxembourg is playing in shaping digital policy in Europe.

With this move, Coinbase joins a growing list of global exchanges — including Bybit, Crypto.com, and OKX — positioning themselves for broader European expansion under MiCA’s regulatory framework.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Lazarus Group linked to Taiwan exchange hack

Taiwanese cryptocurrency exchange BitoPro has confirmed that North Korea’s state-sponsored Lazarus Group carried out a cyberattack on 9 May, resulting in the theft of approximately $11.5 million.

The company announced an internal investigation supported by an external cybersecurity firm. BitoPro detected suspicious outflows from its platform in early May, prompting immediate security measures and a comprehensive forensic review.

According to the exchange, the attackers employed tactics, techniques, and procedures (TTPs) consistent with previous operations attributed to Lazarus—an elite cybercrime unit from North Korea linked to numerous high-profile financial and cryptocurrency heists worldwide.

‘The methodology observed during the breach strongly resembles known Lazarus Group activity,’ BitoPro stated. ‘We are working closely with law enforcement and blockchain security experts to recover stolen assets and prevent further incidents.’

The breach adds to a growing list of Lazarus-linked attacks targeting decentralised finance (DeFi) platforms, exchanges, and cross-chain bridges—sectors often lacking the robust security infrastructure of traditional banking systems.

BitoPro’s disclosure highlights the escalating threat that state-affiliated hacking groups pose to the digital asset industry. Experts warn that these attacks are becoming more frequent and sophisticated as bad actors continue to exploit vulnerabilities in emerging financial technologies.

Currently, BitoPro has not confirmed whether any of the stolen funds have been recovered. The company has assured users that affected systems have been secured and that additional security measures are being implemented to protect its infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.