Tag: Web3
-
The 8-Year Sleeper: How IoliteLabs’ Solidity Extensions Became a Web3 Nightmare
The clandestine update of an antiquated Visual Studio Code extension has precipitously metamorphosed into a targeted siege upon blockchain architects. A triad of IoliteLabs extensions, engineered for Solidity, were abruptly infected with venomous architecture, stealthily initiating the unauthorized download of extraneous payloads across Windows and macOS environments. To a multitude of patrons, this snare appeared…
-
Rust Crates.io Hack: ‘evm-units’ Package Infected 7K Web3 Developer Workstations
A new case of software supply-chain compromise has been uncovered on the crates.io platform: a malicious Rust package was silently infecting the workstations of Web3 developers, disguising itself as an auxiliary tool for the Ethereum Virtual Machine and adapting its behavior to three major desktop operating systems. The package, titled “evm-units,” appeared in the repository…
-
AI Deception: BlueNoroff APT Uses Fake Zoom Calls to Hack Web3 Executives
The BlueNoroff group — long linked to Lazarus — has begun incorporating generative AI into operations targeting executives and developers of blockchain projects, Kaspersky GReAT researchers reported at the Security Analyst Summit 2025 in Thailand. Since April 2025 they have observed two active campaigns, GhostCall and GhostHire, aimed at cryptocurrency and Web3 organisations across India,…
-
Typus Finance Suspends All Contracts After $3.44M DeFi Oracle Exploit
A major security breach has struck the Typus Finance platform, resulting in the theft of approximately $3.44 million worth of digital assets. The incident targeted the TLP liquidity pool and stemmed from a vulnerability in the oracle module, which allowed the attacker to manipulate pricing data. The company has since released a detailed postmortem outlining…
-
Web3 Crisis: Sub-$1k Hardware Attack Fully Extracts Intel SGX Attestation Key, Compromising Encrypted Blockchains
Researchers from Johns Hopkins University and several other institutions have demonstrated a novel, server-side attack against Intel SGX that achieves full extraction of the DCAP attestation key — notably using hardware costing under $1,000. This exploit imperils not merely individual instances but entire Web3 ecosystems that treat SGX as their sole root of trust. Affected…
-
The Web3 Heist: How a Crypto Hacker Was Robbed of Their Own Loot
On the morning of September 23, reports emerged of a large-scale attack on the Web3 platform UXLINK. The company confirmed that attackers had siphoned off substantial amounts of cryptocurrency before moving on to the uncontrolled issuance of its native tokens, causing their value to plummet by 70% within a single day. On the evening of…
-
Google’s Secret Weapon: A New Layer 1 Blockchain for Finance
Google is officially preparing to enter the blockchain market — not with an experimental service, but with its very own Layer 1 network. The new project, named Google Cloud Universal Ledger (GCUL), is positioned as a fully fledged Layer 1 blockchain, on par with Bitcoin and Ethereum. The plans were revealed by Rich Widmann, Head…
-
EncryptHub’s New Web3 Attack: Fake AI Platforms Deploy Fickle Stealer to Rob Crypto Devs
The hacking collective known as EncryptHub—also tracked as LARVA-208 and Water Gamayun—has launched a new wave of attacks specifically targeting developers within the Web3 ecosystem. Their aim: to infect victims with data-stealing malware capable of exfiltrating cryptocurrency wallets and accessing sensitive project environments. According to researchers from the Swiss cybersecurity firm PRODAFT, the attackers have…
-
NimDoor: North Korean APT Uses Nim-Based Malware for Stealthy Web3 & Crypto Attacks on macOS
A threat group linked to the Democratic People’s Republic of Korea (DPRK) is intensifying its attacks on companies operating in the Web3 and cryptocurrency sectors, deploying malware crafted in the Nim programming language. These operations underscore the group’s continual refinement of tactics and technical sophistication. According to researchers at SentinelOne, the malware exhibits a rare…
-
CoinMarketCap Hacked: “Doodle” Graphic Delivers Wallet Drainer, $43K+ Stolen
One of the world’s leading cryptocurrency tracking platforms, CoinMarketCap, has fallen victim to a sophisticated cyberattack. Visitors to the site were unexpectedly confronted with intrusive Web3 pop-ups, seemingly inviting them to connect their wallets. However, by consenting, users unknowingly granted attackers the ability to siphon off their digital assets. The company confirmed that threat actors…
-
Matildapp: A framework for Web3 environments in the field of cybersecurity and pentesting
Matildapp In our modern, interconnected world, the concept of Web3, also known as the decentralized web, represents the next significant shift in Internet technology. Web3, underpinned by blockchain technology and smart contracts, offers unprecedented decentralization, transparency, and user sovereignty possibilities. However, with these new possibilities come new challenges – one of the most crucial is…