Undisclosed cryptocurrency organization
March 9, 2026
•[ cryptocurrency, social engineering, cloud compromise ]
The Hacker News reported (citing Google Cloud) that North Korea-linked UNC4899 conducted a sophisticated 2025 cloud compromise targeting an unnamed cryptocurrency organization, stealing millions in cryptocurrency. The intrusion began with social engineering that tricked a developer into downloading a malicious archive for a supposed open-source collaboration; the developer then transferred the file to a work device via AirDrop. After malicious Python code executed and a binary masquerading as kubectl ran, the attackers pivoted into the cloud environment and abused legitimate DevOps workflows to harvest credentials, escape container confines, and tamper with Cloud SQL databases to modify financial logic enabling theft. This is coded as a confirmed successful intrusion with financial theft.
National Tax Service Korea
February 26, 2026
•[ data leak, cryptocurrency, seed phrase exposure ]
South Koreas National Tax Service accidentally published a hardware wallet recovery phrase in a press photo announcing seized assets. An unknown attacker used the exposed seed phrase to transfer roughly $4.8 million in cryptocurrency from the wallet.
Undisclosed financial institutions (ATM network)
July 30, 2025
•[ backdoor, financial theft, atm hacking ]
Infosecurity reports cybercriminals used Raspberry Pi devices to install a backdoor in ATM networks to steal funds.
C&M Software (service provider to Banco Central ecosystem)
July 2, 2025
•[ insider threat, compromised credentials, financial theft ]
Attackers allegedly bought an employee's credentials for ~$2,700 to access C&M systems and steal BRL 800M from connected institutions; part converted to crypto and laundered.
AlcaldÃÂa de Cáchira
May 2, 2025
•[ malware, financial theft, unauthorized access ]
Authorities arrested suspects accused of using malware to access municipal accounts and steal $1.935 million COP from the Cchira mayors office.
Infini (Infini Earn)
February 24, 2025
•[ insider threat, financial theft, cryptocurrency ]
A former developer or compromised admin key was used to withdraw $49.5 million from Infinis smart-contract vault on February 24 2025. The attacker converted USDC to ETH and moved the funds off-chain. Infini, a Hong Kong-based stablecoin bank, offered a 20% bounty for fund return and filed legal action against a former developer in Hong Kong.
