USDHacks, Scams, and Legal Dramas This Week: $2B Crypto Heist Wave Recorded
![Robot dodges spyware trails in mobile malware [malware]](https://prod-coin360-cms.s3.eu-central-1.amazonaws.com/Robot_dodges_spyware_trails_in_mobile_malware_malware_eed256ddd6.webp)
H1 2025 Crypto Theft Surpasses $2.1 Billion, Driven Mainly by Infrastructure Attacks
In H1 2025, hackers stole over $2.1 billion from the cryptocurrency sector, with infrastructure attacks, particularly private-key thefts and front-end exploits, accounting for 80% of the losses. The report from TRM Labs highlighted that the average hack size reached $30 million, significantly influenced by the $1.5 billion Bybit hack, attributed to North Korea, which stole $1.6 billion overall. DeFi vulnerabilities also contributed 12% to losses. TRM emphasized the need for enhanced security measures including multi-factor authentication, better cold storage, and increased industry collaboration to combat these escalating threats and deter state-sponsored cybercrime effectively.
Kaspersky Uncovers SparkKitty Malware Stealing Crypto Wallet Seeds from iOS and Android Users
Kaspersky has identified a new mobile malware called "SparkKitty," which targets crypto wallet seed phrases stored in user photo galleries on iOS and Android devices. Utilizing OCR technology, SparkKitty scans for sensitive information in screenshots without manual review. Active since February 2024, it has primarily affected users in Southeast Asia and China through apps disguising as legitimate software, receiving over 5,000 downloads. It bypasses app store security by exploiting Apple's Enterprise provisioning system and embedding malicious code in Android apps. This malware represents a significant threat, combining theft with potential crypto mining operations for cybercriminals.
Fake IT Workers Steal $1M from Web3 Projects, Exploiting NFT Vulnerabilities
Hackers posing as IT workers have exploited vulnerabilities in Web3 projects, leading to approximately $1 million in crypto losses within a week, as reported by cybersecurity analyst ZackXBT. Affected entities include Favrr, Replicandy, and ChainSaw, where attackers manipulated NFT minting processes, resulting in mass minting and a price floor collapse. Post-exploit, stolen funds were moved through exchanges, with ChainSaw's funds remaining mostly dormant. This infiltration highlights ongoing security issues in the industry. Additionally, Coinbase recently suffered a data breach affecting nearly 69,461 users due to external actors bribing staff for customer account information.
New York Scam: $4 Million Stolen from Coinbase Users by Impersonating Support Staff
A scam orchestrated by Christian Nieves, known as “Daytwo,” has allegedly stolen $4 million from Coinbase users by impersonating support staff. Operating out of a New York-based call center, Nieves and his accomplices coerced victims into creating Coinbase wallets with compromised seed phrases. Notably, Justin, another associate, was implicated in a $240,000 theft from an elderly victim. Much of the stolen money was funneled into gambling, specifically a site called Roobet. Despite the strong on-chain evidence, no charges have been filed against Nieves or his accomplices, leaving the likelihood of recovering the funds bleak.
zkLend Shuts Down After $10M Exploit, Allocates $200K to User Recovery Fund
zkLend, a decentralized lending protocol on Starknet, is shutting down following a February 2025 exploit that resulted in nearly $10 million in losses and the delisting of its ZEND token from major exchanges. The remaining treasury of $200,000 will be allocated to a user recovery fund to support those affected. The protocol will maintain its DeFi Spring and recovery portal, collaborating with zeroShadow to track lost funds. Additionally, zkLend plans to open-source its audited codebase to encourage further development. The team remains committed to recovering stolen assets and supporting its community during this transition.
Israeli Man Arrested for Spying for Iran, Paid in Cryptocurrency
Israeli authorities arrested a 27-year-old man from Tel Aviv for spying for Iran, reportedly receiving thousands in cryptocurrency for tasks such as photographing public officials' homes and documenting military bases. This incident underscores the alarming use of digital assets in espionage, with Iranian agents targeting Israelis via social media. Following the arrest, security officials warned of severe legal consequences for citizens cooperating with enemy states. Amid rising tensions, the case illustrates the intertwining of cryptocurrencies with covert operations and national security, prompting calls for stricter regulations to mitigate risks associated with digital currencies in global conflict scenarios.
FBI Indicts BreachForums Admin "IntelBroker" for $25M Data Theft
Kai West, a British national known as "IntelBroker," has been indicted for selling stolen data on the now-defunct cybercrime forum BreachForums, causing damages exceeding $25 million. The indictment was unveiled by the US Southern District of New York after an undercover agent purchased data for $250 in Bitcoin, which included admin-level credentials. West was reportedly active from January 2023 to February 2025, operating 158 threads that sold data, amassing over $2.4 million in listed prices. He was arrested in France in February, and extradition to the U.S. is sought as part of an ongoing commitment to combat cybercrime.
Hacker Drains $9.6 Million from Resupply DeFi Stablecoin by Exploiting Vulnerability
A hacker exploited a vulnerability in the Resupply decentralized stablecoin protocol, draining nearly $9.6 million by manipulating the cvcrvUSD token's price. By triggering a zero exchange rate bug, the attacker borrowed vast amounts of reUSD against minimal collateral. The stolen funds were quickly laundered through Tornado Cash and split across multiple wallets, with about 1,581 ETH extracted. Security experts advised users to withdraw funds from reUSD vaults, highlighting ongoing vulnerabilities in decentralized finance. This breach is part of a troubling trend in 2025, which has seen over $2.1 billion lost to crypto security breaches.
This article has been refined and enhanced by ChatGPT.
![Robot breaking through old banking walls [crypto regulation]](/_next/image?url=https%3A%2F%2Fprod-coin360-cms.s3.eu-central-1.amazonaws.com%2FRobot_breaking_through_old_banking_walls_crypto_regulation_c81ce52208.webp&w=256&q=75)
![Robot dodges spyware trails in mobile malware [malware]](/_next/image?url=https%3A%2F%2Fprod-coin360-cms.s3.eu-central-1.amazonaws.com%2FRobot_dodges_spyware_trails_in_mobile_malware_malware_eed256ddd6.webp&w=256&q=75)
![Robot runs tightrope between [stablecoins] and banking mountains](/_next/image?url=https%3A%2F%2Fprod-coin360-cms.s3.eu-central-1.amazonaws.com%2FRobot_runs_tightrope_between_stablecoins_and_banking_mountains_2cffbc0e5d.webp&w=256&q=75)
