25 articles tagged with #social-engineering. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
April 2026 emerged as the worst month for cryptocurrency exploits with $606M in losses across 12 incidents, representing a 3.7x increase over Q1 totals. Major attacks included Drift Protocol's $285M social engineering breach and Kelp DAO's $293M bridge vulnerability exploit, signaling escalating security risks in DeFi infrastructure.
North Korean hackers executed a sophisticated attack on Zerion using AI-enabled social engineering tactics, marking the second major long-term social engineering campaign this month following the $280 million Drift Protocol exploit. The incident demonstrates how threat actors are leveraging artificial intelligence to enhance the effectiveness and scale of credential compromise attacks against cryptocurrency platforms.
Drift exchange suffered a $270 million exploit orchestrated by North Korean intelligence operatives who conducted a sophisticated six-month social engineering campaign. The attackers posed as a legitimate trading firm, met Drift team members in person across multiple countries, and deposited $1 million of their own funds to establish credibility before executing the massive drain.
Drift Protocol suspended all operations after a sophisticated six-month infiltration by a North Korean state-backed group culminating in an exploit on April 1, 2026. The attackers posed as a legitimate trading firm, conducted in-person meetings across multiple countries, and used three attack vectors including a silent code execution flaw in development tools.
North Korea's state-sponsored cybercrime operations generate approximately $1 billion annually, with tactics increasingly shifting toward social engineering rather than direct technical exploits. This evolution poses significant risks to global financial systems and cryptocurrency exchanges, requiring enhanced security awareness across the industry.
Researchers developed a search-based framework to identify privacy vulnerabilities in LLM-based agents through simulated multi-turn interactions. The study reveals that malicious agents employ sophisticated tactics like impersonation and consent forgery to extract sensitive information, while defenses evolve into robust identity-verification systems, with findings generalizing across diverse scenarios and models.
AI-generated female personas are being used in an organized pig butchering scam targeting XRP Las Vegas 2026 community members through social media direct messages. This represents an evolution in cryptocurrency fraud tactics, combining deepfake technology with classic romance scam methodologies to deceive investors.
Hackers conducted a sophisticated social engineering attack to hijack the eth.limo domain by impersonating members of the project's team. EasyDNS, the domain registrar, confirmed the breach and stated it is investigating how the attackers bypassed security measures to gain unauthorized access.
EasyDNS, a domain registry operating for 28 years, acknowledged a social engineering breach that led to the hijacking of eth.limo, a popular Ethereum frontend. The incident underscores a critical vulnerability in the cryptocurrency infrastructure where attackers compromise DNS providers to redirect users to malicious sites, affecting even decentralized protocols.
Cybercriminals are deploying PHANTOMPULSE malware through compromised Obsidian plugins, targeting cryptocurrency users via social engineering on LinkedIn and Telegram. This attack demonstrates how legitimate developer tools can be weaponized to compromise crypto wallets and assets through sophisticated credential theft campaigns.
Elastic Security Labs has identified an elaborate multi-step social engineering scam targeting cryptocurrency and finance users through a malicious community plugin on a popular note-taking application. The scam distributes device-controlling malware, posing a significant security threat to the crypto community's operational security practices.
Musician G. Love lost 5.9 Bitcoin (approximately $420,000) after downloading a malicious app that deceived him into revealing sensitive wallet credentials. The incident highlights the growing threat of sophisticated social engineering attacks targeting cryptocurrency holders, regardless of their technical sophistication.
UC researchers identified 26 malicious LLM routers designed to steal cryptocurrency credentials from blockchain developers. This discovery reveals a sophisticated attack vector that exploits the growing integration of AI tools in development workflows, posing direct security risks to the crypto ecosystem.
Steakhouse Financial experienced a DNS hijacking attack on March 30, 2026, after attackers socially engineered OVHcloud support staff to disable hardware 2FA on the company's account. A phishing site using an Inferno Drainer kit remained active for approximately four hours, but the company confirmed no user funds were compromised, partly due to ICANN's five-day domain transfer lock preventing the attacker from completing the hijack.
Crypto theft patterns shifted in February as phishing attacks targeting individuals surpassed protocol exploits, with total losses dropping to $50 million compared to January's $385 million. The Step Finance hack alone accounted for $30 million of February's losses, while Bybit prevented over $300 million in unauthorized withdrawals in Q4 2023.
Casa, a Bitcoin security firm, has launched four new security features designed to counter social engineering attacks, which accounted for the majority of crypto thefts in 2025. The release comes as FBI data reveals crypto fraud losses reached $11 billion last year, representing a 22% year-over-year increase.
Cybercriminals are exploiting Grand Theft Auto 6's massive cultural hype by deploying phishing campaigns and malware across the internet, according to NordVPN. This trend highlights how threat actors weaponize popular entertainment events to trick users into compromising their security and credentials.
British Olympic sprinter CJ Ujah faces charges in a cryptocurrency fraud investigation involving wallet seed phrase theft and fraudulent impersonation calls. The case highlights how high-profile individuals can become entangled in crypto scams and underscores persistent security vulnerabilities in the digital asset ecosystem.
Marlon Ferro, known online as 'GothFerrari,' received a 78-month prison sentence for his involvement in a nationwide social engineering conspiracy that stole $250 million in cryptocurrency. The case highlights the persistent threat of organized crime targeting crypto users through manipulation rather than technical exploits.
An XRPL validator has issued a warning to XRP users about sophisticated social engineering scams targeting the cryptocurrency community. The alert emphasizes the need for XRP Ledger builders and users to remain vigilant against these advanced fraudulent schemes.
Cryptocurrency losses dropped 87% to $49 million in February according to Nominis, marking a significant decline in hack-related damages. However, attackers are shifting their strategies away from exploiting code vulnerabilities toward phishing and social engineering tactics that target users directly.
The article discusses ChatGPT's defensive mechanisms against prompt injection attacks and social engineering attempts. It focuses on how the AI system constrains risky actions and protects sensitive data within agent workflows to maintain security and reliability.
Cryptocurrency hacks declined significantly to $49 million in February following a January spike. However, security experts warn that attackers are increasingly shifting tactics toward phishing scams and exploiting wallet permissions rather than direct protocol attacks.
An on-chain developer has issued a warning about a new wave of deceptive NFT scams targeting XRP Ledger wallet holders. The attacks exploit human error through social engineering tactics, prompting heightened security concerns within the XRP community.
The DOJ seized $580 million from sophisticated crypto investment scams that operate like professional call centers, using fake relationships and fabricated trading platforms. These scams begin with wrong-number texts that evolve into friendships before victims are lured into fake investment platforms with false returns.
