Trust Wallet's Chrome extension was hacked due to a supply chain attack, resulting in the theft of $8.5 million in assets. An attacker exploited leaked developer secrets to upload a malicious version of the extension, which harvested users' wallet information. Trust Wallet has begun a reimbursement process for affected users and implemented new security measures.

A coordinated effort has released over 67,000 fake npm packages since early 2024, aimed at flooding the registry rather than stealing data. The malicious packages use JavaScript scripts that require manual execution to propagate, creating a self-replicating network that burdens the platform. Researchers link this activity to a monetization scheme involving TEA tokens.

Researchers found a harmful Chrome extension called Crypto Copilot that secretly siphons Solana from users during transactions. It injects hidden fees into swaps on the Raydium exchange, transferring funds to an attacker's wallet without user knowledge. The extension remains available for download, despite its malicious behavior.

Garden, a bitcoin swapping protocol, was hacked shortly after announcing significant growth, losing $11 million. Although no user funds were affected and the protocol remains intact, the company is investigating the breach and has offered a bounty to the hacker for a peaceful resolution.

Researchers found that open source packages on npm and PyPI were infected with malware that stole wallet credentials from dYdX developers and users. The malicious code captured seed phrases and device fingerprints, leading to potential irreversible theft of cryptocurrency. The attack affected multiple versions of the compromised packages.

Ledger customers were notified of a data leak involving personal information after third-party partner Global-e suffered a security incident. The exposed data includes customer names and contact details, but Ledger confirmed that its own systems remain secure and no payment information was compromised.

Balancer's DeFi protocol was exploited, resulting in a loss of $116 million due to a sophisticated code attack that targeted specific stable pools. The hacker manipulated a rounding function in conjunction with BatchSwaps to drain the funds. Balancer has paused affected pools and is working with partners to recover some of the stolen assets.

Researchers have uncovered two new Android malware families, FvncBot and SeedSnatcher. FvncBot targets banking users in Poland, using advanced techniques for data theft, while SeedSnatcher aims to steal cryptocurrency wallet seed phrases and intercept SMS for two-factor authentication.

Business owners must choose between hot and cold wallets for cryptocurrency management, balancing speed and safety for transactions. Hot wallets offer quick access for daily payments, while cold wallets provide enhanced security for long-term storage. A hybrid approach, using both types of wallets, is often the most effective strategy.

A recent hack of the cryptocurrency exchange Coinbase has raised concerns about security in the crypto industry. The breach reportedly involved unauthorized access to user accounts and the potential theft of funds, prompting discussions about the need for stronger security measures in digital asset platforms.

A threat actor known as WhiteCobra has infiltrated the Visual Studio marketplace and Open VSX registry with 24 malicious extensions designed to steal cryptocurrency. The group uses deceptive tactics to make these extensions appear legitimate, leading to significant financial losses, including a recent incident involving a core Ethereum developer. Researchers emphasize the need for improved verification processes to protect users from such sophisticated attacks.

Fireblocks has acquired Dynamic, a company specializing in blockchain security and compliance solutions. This acquisition aims to enhance Fireblocks' offerings in the cryptocurrency space by integrating Dynamic's technology and expertise.

DPRK hackers have successfully stolen approximately $137 million from users of the Tron blockchain. The attack involved sophisticated phishing techniques and targeted the platform's infrastructure, highlighting ongoing security vulnerabilities in cryptocurrency networks.

The article discusses the concept and advantages of smart wallets in the context of digital finance, highlighting their ability to enhance user experience through improved security and convenience. Smart wallets integrate various functionalities, such as cryptocurrency management and seamless transaction processing, making them an appealing option for modern users. Overall, they represent a significant evolution in how individuals manage their financial assets.

Indian crypto exchange CoinDCX has confirmed that approximately $44 million was stolen during a recent hack. The exchange is working to secure its platform and is investigating the breach to prevent future incidents.

Two malicious Rust packages, faster_log and async_println, were downloaded nearly 8,500 times from Crates.io and designed to steal cryptocurrency private keys by scanning developers' systems for sensitive information. Discovered by security researchers at Socket, the packages were removed and their publishers banned, urging affected developers to clean their systems and secure their digital assets.

Malicious apps have been found on the Google Play Store that exploit users' seed phrases, putting their cryptocurrency wallets at risk. Users are advised to be cautious and avoid downloading suspicious applications that may compromise their security.

The Gemini Wallet has been launched as a simple and secure tool for users to manage their on-chain assets. It aims to enhance the user experience in navigating the digital asset space with a focus on security and ease of use. The wallet supports various cryptocurrencies and integrates seamlessly with the Gemini exchange platform, making it a convenient option for both new and experienced users.

Sui validators have successfully frozen the majority of the $220 million in stolen funds from the recent Cetus hack, taking swift action to prevent further losses. This incident highlights the ongoing challenges of security within the cryptocurrency ecosystem and the efforts of validators to safeguard assets.

El Salvador has decided to distribute its Bitcoin holdings across multiple wallets to enhance security and manage risks effectively. This move comes as part of the government's ongoing strategy to integrate cryptocurrency into its national economy while addressing concerns about potential vulnerabilities associated with holding large amounts of Bitcoin in a single wallet.

AI-powered agents like ElizaOS are being developed to autonomously trade cryptocurrency and execute contracts, but recent research reveals vulnerabilities that could allow adversaries to redirect transactions through simple prompt injections. These exploits pose significant risks if such agents are given control over financial instruments. The framework, while experimental, is seen as a potential catalyst for decentralized autonomous organizations (DAOs).

Researchers from Safety have discovered infostealer malware targeting Russian cryptocurrency developers through npm packages designed to appear legitimate. These malicious packages, which aim to extract sensitive information such as cryptocurrency credentials, are linked to servers in the USA, raising suspicions of state-sponsored activity against Russia's ransomware operators. Developers in the Solana ecosystem are advised to secure their software supply chains to mitigate these threats.

The Ripple cryptocurrency library "xrpl.js" was compromised, allowing attackers to steal XRP wallet seeds and private keys through malicious code in several versions. Users are urged to upgrade to the clean version 4.2.5 immediately to mitigate potential theft of funds. The attack resembles previous supply chain threats faced by other cryptocurrency libraries.

Coinbase has introduced CDP Wallets, a developer-focused wallet infrastructure that allows the creation of secure, programmable wallets via API without the need for private key management. Utilizing Trusted Execution Environments, these wallets provide full control and flexibility, making them suitable for various applications including DeFi bots and enterprise systems.

Threat actors have exploited SourceForge to distribute fake Microsoft Office add-ins that install malware, including cryptocurrency miners and clipboard hijackers, on victims' computers. Over 4,600 systems, primarily in Russia, have been affected by this campaign, which involved deceptive project pages mimicking legitimate tools. Users are advised to download software only from trusted sources and verify files before execution.

Fake cryptocurrency exchange advertisements on Facebook have been spreading malware, posing significant risks to unsuspecting users. These malicious ads are designed to deceive individuals into downloading harmful software, leading to potential data breaches and financial losses. Users are urged to remain vigilant and report suspicious ads to protect themselves from such threats.

Circle is exploring the concept of reversible stablecoin transactions to enhance security and user experience. This approach aims to allow users to reverse transactions under certain conditions, addressing concerns regarding fraud and transaction errors in the cryptocurrency space. The initiative is part of a broader trend towards improving the functionality and trustworthiness of digital currencies.