ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Unitas Protocol: User funds are safe, and the event has not been affected by the Drift Protocol attack
Gate News, April 2, Unitas Protocol, a yield generation protocol, released a statement saying it was not affected by the Drift Protocol attack incident. Unitas Protocol has no exposure on Drift; all collateral is safe; all strategies (including the JLP Delta-neutral strategy) are running normally, and user funds are secure. Collateral can be accessed via Accountable and Primus
GateNews1m ago
The laundering path for stolen funds related to the Drift protocol involves a certain CEX account, and KYC information could become a key lead
On April 2, an on-chain analyst disclosed that the Drift protocol vault was attacked. The attacker obtained funds via NEAR Intents 8 days earlier, remained inactive until receiving a large amount of assets, then moved the funds to multiple KYC-verified money-laundering addresses and transferred them to Ethereum via Wormhole, involving Tornado Cash.
GateNews12m ago
HyperEVM suffers a major outage; the official status page shows it as normal, raising concerns
On April 2, on-chain monitoring firm PeckShield warned that HyperEVM could face a major outage, with blocks and transactions coming to a halt, impacting users’ transaction confirmations and smart contract interactions. The official status page, however, shows “All Systems Operational,” reflecting insufficient monitoring of HyperEVM layer conditions. This outage exposed issues with the new mainnet’s early stability; the specific causes are pending an official announcement.
MarketWhisper12m ago
Gate Daily Report (April 2): The U.S. Department of the Treasury releases a notice of proposed rules for the “GENIUS Act”; the CFTC says it is prepared to regulate the entire crypto market
Bitcoin (BTC) dipped in the short term to $67,600. The U.S. Department of the Treasury launched a small consultation on regulatory guidance for stablecoins under the “GENIUS Act,” and the CFTC Chair said he is ready to regulate the entire crypto market. Amid market developments, spot Bitcoin inflows are slightly higher than outflows, and the CFTC and the SEC have signed an agreement to coordinate digital asset regulation.
MarketWhisper34m ago
Drift Protocol is suspected to have suffered an internal attack, causing the DRIFT token to plummet 18% within an hour.
Drift Protocol was attacked on April 2, and about $220 million to $270 million in assets were transferred, causing its TVL to fall to $255 million. The attacker moved some funds to Ethereum and performed swaps, and a statement from the Jupiter platform said it was not affected. Security organizations warned that after the attack, the native token faced prolonged downward pressure, and the future outlook for the DRIFT token needs to be carefully assessed. The investigation is still ongoing.
MarketWhisper55m ago
