• Coinbase stock fell 7% following news of a customer data breach and ongoing SEC investigation
• Hackers bribed overseas support agents to steal user data, demanding a $20 million ransom
• Coinbase expects to spend $180-400 million on customer reimbursements and remediation
• The SEC is investigating Coinbase’s 2021 claim of “100+ million verified users”
• These challenges come as Coinbase prepares to join the S&P 500 index

Coinbase shares tumbled 7% to $244 after the cryptocurrency exchange was hit with a double dose of bad news.

The company revealed that hackers had bribed overseas customer support agents to steal user data while simultaneously confirming an ongoing SEC investigation into potentially inflated user metrics from 2021.

The data breach affected less than 1% of Coinbase’s daily active users. Hackers managed to recruit several overseas support staff who then leaked private customer information.

The attackers demanded a $20 million ransom to prevent public disclosure of the hack.

“These attackers have been contacting our overseas customer support agents, looking for a weak leak, someone who would accept a bribe in exchange for sharing some customer information with them,” explained Coinbase CEO Brian Armstrong in a video message.

“Sadly, they came upon a few bad apples,” he added.

Rather than pay the ransom, Coinbase has committed to fully reimbursing customers who lost funds after being tricked into transferring cryptocurrency to fraudulent accounts.

The company estimates these reimbursements and related remediation expenses could cost between $180 million and $400 million.

In response to the breach, Coinbase has fired the compromised staff members and reported them to law enforcement. The company has also established a $20 million reward fund for information leading to the arrest and conviction of the hackers.

Security Issues Mounting

The data breach comes at a time when the broader cryptocurrency sector faces growing security challenges. According to research firm Chainalysis, cryptocurrency-related hacks are projected to cost about $2.2 billion in 2024 alone.

“Unfortunately as our fledgling sector grows rapidly, it attracts the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks and harnessing new AI tools and techniques to bypass fraud prevention measures,” said Nick Jones, founder and CEO of crypto platform Zumo.

Compounding Coinbase’s security troubles is confirmation of an ongoing SEC investigation. The regulator is examining whether Coinbase exaggerated its user counts in past disclosures.

The probe focuses specifically on Coinbase’s claim of having “100+ million verified users” that appeared in its marketing materials and IPO documentation in 2021.

Paul Grewal, Coinbase’s Chief Legal Officer, described the investigation as “a hold-over inquiry from the previous administration about a metric we stopped reporting two and a half years ago, which was fully disclosed to the public.”

Grewal noted that Coinbase now focuses on “the more pertinent statistic of monthly transacting users” instead.

The company discontinued reporting the “verified users” metric in 2022, stating in financial filings that it no longer believed the figure provided meaningful information about business performance.

To address the SEC inquiry, Coinbase has engaged the law firm Davis Polk & Wardwell.

Critical Timing

These challenges couldn’t come at a more pivotal moment for Coinbase, which is preparing to join the S&P 500 index next week.

The inclusion in this prestigious index represents a major milestone for cryptocurrency acceptance in mainstream finance. It will result in Coinbase stock being added to many index-tracking funds.

Despite dropping the “verified users” metric in 2022, the SEC probe has continued even after the regulator dropped its 2023 enforcement lawsuit against Coinbase under the Trump administration.

The combined news of the data breach and ongoing SEC investigation sent Coinbase stock sliding 7% in morning trading on Friday, May 16, 2025.

Coinbase has confirmed it will implement additional consumer protections to prevent similar security breaches in the future.

The latest security incident follows a pattern of challenges facing cryptocurrency companies as they grow and attract more attention from both investors and malicious actors.

The company’s planned entry into the S&P 500 next week remains on track despite these recent setbacks.

The post Coinbase (COIN) Stock: Drops 7% Following Customer Data Breach & SEC User Count Investigation appeared first on CoinCentral.

• Tether’s freeze delay let $78M move from blacklisted wallets on Ethereum and Tron.
• Tron’s 60-minute freeze lag enabled $49.6M in illicit withdrawals.
• Bots alerted wallets on Ethereum, allowing $28.5M to escape freezes.
• Vulnerability is in freeze timing, not the contract, experts say.
• Tether is improving freeze speed after freezing $2.7B in suspicious funds.

A recent report has exposed a critical vulnerability in Tether’s freeze mechanism, allowing illicit actors to bypass enforcement. Blockchain analytics firm AMLBot revealed that 170 wallets exploited the time lag in freezing actions. This gap enabled the movement of nearly $78 million across Ethereum and Tron networks before blocks took effect.

Tron Network Enables $49.6M in Illicit Withdrawals

AMLBot’s analysis showed that Tether’s freeze mechanism on Tron suffers from an operational lag due to its multi-signature governance. This structure requires multiple approvals before a freeze is enforced, creating a delay window of up to 60 minutes. During this window, wallet owners move funds out before the enforcement locks the assets.

Researchers confirmed that 170 out of 3,480 blacklisted wallets took advantage of the time gap, each making up to three transactions. The average withdrawn amount reached $291,970 per wallet, while the median was $65,370. Most exploiters used real-time monitoring to detect freeze requests and acted before completion.

The report noted that $49.6 million was successfully withdrawn from the Tron network by accounts flagged for suspicious activity. While Tether’s contract design secures against unilateral actions, it introduced the vulnerability. AMLBot stated that criminals used automated tools to monitor Tether’s contract interactions to avoid the freeze.

Ethereum Network Hit as Freeze Timing Fails to Prevent $28.5M Exit

Tether’s delay in enforcing blacklists affected Ethereum as well, with bad actors withdrawing $28.5 million during freeze windows. Tron wallets received early alerts on freeze transactions and responded swiftly before enforcement. The lag again stemmed from the multi-signature system required sign-offs from different parties.

AMLBot’s report suggested that bots monitored Tether’s smart contracts and alerted wallet holders when initiating freeze attempts. This tactic gave bad actors a crucial advantage on Ethereum’s fast-moving network. On-chain behavior indicated that automation was in play, even if the bots were not directly observed.

Security firm PeckShield reviewed the findings and confirmed the structural vulnerability in the freeze delay process. The firm clarified that the issue lies in the process, not the contract itself. They recommended that Tether explore technical enhancements to reduce this vulnerability window.

Tether Defends Governance but Confirms System Refinement in Progress

In response, Tether emphasized its governance model which prevents abuse but causes brief enforcement delays. The company has frozen $2.7 billion in suspicious funds since its inception. Despite operational lags, Tether stated that this track record proves its ability to act against illegal activity.

The company collaborates with 255 law enforcement agencies across 55 countries and claims to act faster than many industry peers. It cited a recent case involving North Korea-linked hackers in which Tether responded more quickly than exchanges. Tether pointed to its transparent blockchain operations as a compliance advantage.

Tether confirmed that it is refining its current process to close the freeze lag window exploited by malicious actors. The company dismissed the term “loophole” as misleading, emphasizing its consistent cooperation with law enforcement.

The post Tether Loophole Enables Swift $78 Milllion USDT Escape: Report appeared first on CoinCentral.

• Coinbase confirmed a cyberattack that targeted the personal data of select users.
• The hackers gained access by bribing overseas customer support agents.
• The attackers stole users’ names, addresses, and partial identity details.
• Coinbase stated that no passwords, funds, or private keys were accessed.
• The hackers made a ransom demand, but Coinbase refused to pay.

Coinbase has confirmed a targeted cyberattack that exposed user data and triggered a major investigation. The attackers accessed personal information and demanded a ransom, but Coinbase refused to pay. The company now pledges full reimbursement for affected users while enforcing stricter internal security measures.

Targeted Cyberattack Breaches Coinbase User Data

Hackers infiltrated Coinbase systems by bribing overseas support agents and accessing limited customer data. They retrieved users’ names, addresses, contact details, and partial identity information but failed to access sensitive login credentials or funds. Coinbase reported that this breach impacted less than 1% of its users.

The attackers attempted to ransom the stolen data by directly emailing exchange users, but the company refused all ransom demands. The platform clarified that no Prime accounts were affected, and no private keys or funds were accessed. The exchange stated that hot and cold wallets remained fully secure throughout the incident.

https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0

— Brian Armstrong (@brian_armstrong) May 15, 2025

Coinbase flagged compromised accounts to mitigate further risk and introduced enhanced withdrawal verification protocols. These include additional ID checks and scam-awareness prompts on all large transactions. The company also immediately restricted accounts showing suspicious activity linked to the breach.

Coinbase Launches Countermeasures and Reimbursement Plans

Coinbase established a $20 million reward fund to identify and capture the perpetrators in response to the breach. This bounty aims to encourage information sharing that could lead to arrests and the recovery of stolen data. Investigators are now working with international authorities to trace the cybercriminals’ activities.

The exchange opened a new U.S.-based support hub to centralize and tighten customer service operations. The hub applies improved security protocols and limits access to sensitive user information. All customer support teams now operate under stricter monitoring to prevent further infiltration.

Users affected by social engineering attacks linked to the breach can now file claims for reimbursement. Coinbase pledged to compensate customers who were deceived into sending funds under pretenses. The company continues to update users as its investigation progresses.

Global Context and Ongoing Threats to Crypto Security

The exchange breach comes shortly after Telegram cracked down on the darknet marketplace Haowang Guarantee, highlighting a broader cybersecurity threat. As hacking techniques evolve, exchanges like Coinbase face increasing pressure to upgrade defenses and protect customer data. The crypto sector remains a key target for organized cybercrime.

Coinbase emphasized that despite the breach, no user funds were stolen and no private account access was compromised. The company maintained full control over financial assets and prevented attackers from accessing wallets. All account activity logs are being reviewed for further anomalies.

In 2024, WazirX, another major exchange, suffered a larger breach involving a $230 million theft, forcing operations to halt. That incident remains unresolved, drawing comparisons with the exchange breach. However, the exchange retained operational continuity and has committed to full transparency and customer protection.

Also Read: Coinbase Makes History as First Crypto Company to Join S&P 500

The post Coinbase Hit by Insider Breach as Hackers Demand Ransom for Data appeared first on CoinCentral.

• Scammers are sending physical letters to Ledger hardware wallet owners asking for seed phrases
• The letters claim to be from Ledger requiring a “critical security update”
• Victims are asked to scan QR codes and enter their wallet recovery phrases
• This scam may be connected to a 2020 Ledger database leak of 270,000 users’ information
• Ledger confirms these are scams and reminds users they never request recovery phrases

Scammers have begun mailing physical letters to owners of Ledger hardware wallets in an attempt to steal their private seed phrases and gain access to their funds.

The fraudulent letters, disguised as official communications from Ledger, request users to validate their private recovery phrases under the false premise of performing a “critical security update.”

Tech commentator Jacob Canfield brought attention to this scam on April 29, 2025, when he shared on X (formerly Twitter) a letter he received that appeared to be from Ledger. The letter used Ledger’s logo and business address to create a facade of legitimacy.

The fraudulent mail urges recipients to scan a QR code and enter their wallet’s private recovery phrase. It even includes a threat that “failure to complete this mandatory validation process may result in restricted access to your wallet and funds.”

Breaking: New scam meta launched. Now they’re sending physical letters to the @Ledger addresses database leak requesting an ‘upgrade’ due to a security risk.

Be very cautious and warn any friends or family that you know is in crypto and is not that savvy. pic.twitter.com/XoUAGQBJXt

— Jacob Canfield (@JacobCanfield) April 28, 2025

For the uninitiated, a seed phrase or recovery phrase is a string of up to 24 words that provides full access to a cryptocurrency wallet. Anyone who obtains this phrase can control the wallet and transfer all funds out of it.

Connection to Previous Data Breach

This latest scam may be linked to a major security breach Ledger experienced in 2020. During that incident, a hacker accessed Ledger’s database and leaked the personal information of more than 270,000 customers online. The exposed data included names, phone numbers, and home addresses.

Canfield suggested that the scammers are targeting users whose information was compromised in that data breach. This would explain how scammers obtained the physical addresses needed to send these fraudulent letters.

This isn’t the first time Ledger users have been targeted through physical mail. In 2021, following the data leak, some Ledger users reported receiving counterfeit Ledger devices in the mail that had been tampered with to install malware when connected to a computer.

Ledger’s Response

In response to Canfield’s post about the letter, Ledger confirmed it was a scam and warned users to remain vigilant against such phishing attempts. The company emphasized that it would “never call, DM [direct message], or ask for your 24-word recovery phrase. If someone does, it’s a scam.”

Ledger also advised users not to engage with accounts claiming to be Ledger employees or anyone offering to help recover funds. The company acknowledged that “scammers impersonating Ledger and Ledger representatives are unfortunately common.”

The crypto wallet provider has faced various security challenges over the years, including supply chain attacks and numerous phishing campaigns targeting its users. As Canfield pointed out, Ledger might need to update their security warnings to specifically include letters alongside direct messages and phone calls.

For Ledger users and cryptocurrency holders in general, this incident serves as a reminder of the importance of protecting seed phrases. Security experts consistently advise that recovery phrases should never be shared with anyone under any circumstances.

Users who receive such letters should report them to Ledger and local authorities. The company continues to advise customers to stay cautious and keep their crypto safe by guarding their recovery phrases.

The most recent reports indicate that multiple Ledger users have received these fraudulent letters, suggesting this is not an isolated incident but rather a coordinated campaign targeting cryptocurrency holders.

The post Scammers Send Physical Letters to Ledger Wallet Owners in New Phishing Attack appeared first on CoinCentral.

• Malicious versions of the xrpl SDK on NPM leaked private keys. Update to v4.2.5 immediately.
• Fake SDKs (v4.2.1–v4.2.4, v2.14.2) were uploaded with a backdoor. Private keys may be compromised.
• The XRP Ledger core is safe. Only the NPM JavaScript SDK was affected by the breach.
• Developers should update, rotate keys, and use lockfiles to prevent future supply chain attacks.
• A hacker snuck harmful code into the XRP SDK. New safe version released—upgrade now.

A significant security vulnerability has been identified in the XRP Ledger’s JavaScript Software Development Kit (SDK), specifically within several recently published versions of the xrpl package on the Node Package Manager (NPM). The breach, disclosed by Aikido Security on, has prompted an immediate response from the XRP Ledger Foundation and developers across the XRP ecosystem.

The malicious code, described as a backdoor, was embedded in versions v4.2.1 through v4.2.4 and v2.14.2 of the SDK. These versions were uploaded to NPM by a user identified as “mukulljangid” and did not match any legitimate releases from the official GitHub repository. The vulnerability could enable attackers to extract private keys from users and developers utilizing the affected SDK versions, posing a serious threat to wallet security and user funds.

Supply Chain Attack Identified in xrpl.js

Aikido Security’s automated monitoring system detected the issue shortly after the compromised packages were published. The firm noted that these SDK versions were distributed through NPM and were inconsistent with the XRP Ledger’s official release history on GitHub, raising immediate concerns about a supply chain compromise.

The vulnerability was discovered within a function called checkValidityOfSeed, which was covertly integrated into the wallet instantiation logic. This function triggered a remote call to an unverified domain—0x9c[.]xyz—during wallet creation, silently transmitting private key information. According to Aikido Security, early compromised versions (v4.2.1 and v4.2.2) contained the malicious code in built JavaScript files. Later versions (v4.2.3 and v4.2.4) embedded the backdoor deeper into the TypeScript source files.

In addition to the backdoor, the compromised packages showed signs of deliberate tampering, including the removal of development tools and scripts from the package.json file. These modifications are consistent with attempts to obfuscate unauthorized changes and reduce detection during audits or development.

Ecosystem Response and Mitigation Measures

The XRP Ledger Foundation responded quickly to the disclosure, confirming the vulnerability via social media on April 22. The foundation clarified that the core XRP Ledger codebase and its GitHub repository were not affected. Instead, the issue was isolated to the xrpl.js JavaScript SDK distributed through NPM.

Earlier today, a security researcher from @AikidoSecurity identified a serious vulnerability in the xrpl npm package (v4.2.1-4.2.4 and v2.14.2).

We are aware of the issue and are actively working on a fix.

A detailed post-mortem will follow.

— XRP Ledger Foundation (Official) (@XRPLF) April 22, 2025

Engineers have since published a new version, v4.2.5, which replaces the affected versions and eliminates the backdoor. Developers and projects that relied on versions v4.2.1 through v4.2.4 and v2.14.2 have been strongly advised to upgrade immediately . As a precaution, users are encouraged to transfer assets to new wallets generated with uncompromised software.

Several projects using the XRP Ledger SDK, including Xaman Wallet and XRPScan, confirmed they were not impacted, having not integrated the affected versions. Meanwhile, Gen3 Games CTO Mark Ibanez stated that his team narrowly avoided exposure by maintaining a version lock in their pnpm-lock.yaml file.

Ibanez recommended standard security practices such as committing lockfiles to version control and avoiding the caret symbol (^) in package.json dependencies. These measures, while routine, proved effective in shielding some projects from the compromised SDK.

The post XRPL JavaScript SDK Breach Triggers Urgent Security Update appeared first on CoinCentral.

• Phantom Technologies faces lawsuit for alleged security flaws that led to $500,000 theft of Wiener Doge tokens
• Plaintiffs claim Phantom stored private keys in “unencrypted browser memory,” making them vulnerable to malware
• The theft and subsequent liquidation allegedly crashed Wiener Doge from $3.1 per token to under $0.01
• Lawsuit seeks $3.1 million in damages, citing violations of Commodity Exchange Act
• OKX exchange is also named in the lawsuit for enabling unauthorized transactions

A group of investors led by attorney Thomas Liam Murphy has filed a lawsuit against Phantom Technologies, alleging that security flaws in its popular Solana blockchain wallet led to the theft of over $500,000 worth of Wiener Doge (WIENER) tokens.

The lawsuit, filed on April 14 in the Southern District of New York, claims that Phantom’s wallet stored users’ private keys in “unencrypted browser memory,” making them vulnerable to theft despite the company’s claims of “best-in-class” security.

A cybercriminal allegedly “hacked into Liam’s personal computer and exported Liam’s private key to his Phantom wallets from his web browser’s working memory.” The attacker gained “unrestricted access to all of the funds in Liam’s three co-linked Phantom wallets” without needing to bypass multi-factor authentication.

The breach allowed hackers to steal and liquidate approximately $500,000 worth of Wiener Doge tokens for just $37,537 in Solana (SOL). This massive sell-off reportedly caused the value of the entire Wiener Doge project to collapse, destroying a market capitalization that had reached $3.1 million at its peak.

Security Vulnerabilities Exposed

The lawsuit alleges that Phantom knew about these security risks but failed to address them or warn users. “Phantom did not merely fail to anticipate cyberattacks—it knew exactly how users were being compromised and made a calculated decision to remain silent,” according to the filing.

Court documents state that “Phantom’s leaders knew that the browser wallet stored users’ decrypted keys in active memory. They knew that novice users were routinely targeted by malware, phishing scripts, and rogue extensions. They knew that many victims were losing funds.”

The plaintiffs claim Phantom “lacked any system for transaction velocity checks, geolocation anomalies, or withdrawal limits,” comparing the Solana wallet unfavorably to how Coinbase wallets operate.

Murphy claims he reported the theft to Phantom immediately. The company allegedly responded that it operated “a noncustodial wallet,” which meant that Murphy bore “sole responsibility” for any loss of his crypto.

OKX Connection Under Scrutiny

The lawsuit also names OKX, a cryptocurrency exchange that partnered with Phantom in November 2024. The complaint cites OKX’s guilty plea to federal money laundering charges for facilitating $5 billion in illicit transactions.

Phantom’s “failure to disclose its direct integration with OKX” was “deceptive,” the suit argues. The filing states that “OKX’s integration was the direct enabler of the unauthorized liquidation of Liam’s assets. Without OKX’s routing, pricing, and execution services, the cybercriminal would not have been able to convert Liam’s $500,000 in Wiener Doge tokens to SOL using Phantom’s app.”

The lawsuit alleges that “OKX knew that Phantom had not registered its Swapper as an SEF with the CFTC.”

Regulatory and Damages Claims

The plaintiffs accuse Phantom of violating the Commodity Exchange Act by operating as an unregistered trading platform while evading regulatory oversight through “superficial claims of decentralization.”

Phantom, valued at over $3 billion and widely regarded as the primary wallet for Solana blockchain users, hosts assets worth approximately $25 billion across 10 million active users, according to the lawsuit.

Thirteen additional plaintiffs, consisting of Murphy’s friends and family, joined the lawsuit after losing investments in Wiener Doge. The group is seeking damages of at least $3.1 million, or $3.1 per lost token.

“We are aware of the lawsuit that has been filed against Phantom, strongly deny any allegations of wrongdoing, and look forward to demonstrating why this lawsuit should be dismissed. The claims in this lawsuit are entirely without merit.”

The spokesperson added that Phantom gives users full control of their funds and cannot prevent scams from malicious links, but works with law enforcement when criminal activity is reported. They also stated that Phantom offers in-app security education and safety resources.

Neither Murphy nor OKX immediately responded to Decrypt’s request for comments regarding the lawsuit.

The case raises questions about the security practices of non-custodial wallets and the responsibility of wallet providers to implement safeguards against sophisticated attacks.

The Solana-based meme coin Wiener Doge, which once traded at $3.1 per token, plummeted to less than $0.01 following the attack and subsequent liquidation.

The lawsuit makes seven major claims against Phantom, including operating as an unregistered trading platform, negligence in cybersecurity protection, false advertising, and aiding money laundering through OKX.

The post Phantom Wallet Hit With Lawsuit After $500K Meme Coin Theft Exposes Security Concerns appeared first on CoinCentral.

• KiloEx decentralized exchange suffered a $7.5 million exploit across multiple blockchains
• The attack likely stemmed from a price oracle vulnerability that allowed price manipulation
• Platform usage has been suspended while KiloEx works with security partners to trace funds
• Stolen funds are being routed through zkBridge and Meson
• The hack sent KiloEx’s native token plunging by 27% to $0.03596

KiloEx, a decentralized perpetuals trading platform, has confirmed it suffered a $7.5 million exploit due to a price oracle vulnerability. The attack, which occurred on April 14, has prompted the exchange to suspend all platform operations while investigations continue.

The exploit was first detected by blockchain security platform Cyvers Alerts on April 14 at 7:30 PM UTC. Security experts quickly identified the attack as targeting multiple blockchains, including Base, opBNB, and BNB Chain (BSC).

KiloEx immediately took action to contain the breach. “The team has immediately suspended platform usage and is working with security partners to trace the flow of funds,” the company stated in an April 14 announcement on X (formerly Twitter).

🚨 Security Incident Announcement: KiloEx Vault Exploit

Dear KiloEx Community,
We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is:
0x00fac92881556a90fdb19eae9f23640b95b4bcbd
We urge all partner protocols and platforms to…

— KiloEx (@KiloEx_perp) April 14, 2025

Cross-Chain Attack Details

The attack targeted multiple blockchain networks. According to cybersecurity firm PeckShield, the exploiter stole approximately $3.3 million from Base, $3.1 million from opBNB, and $1 million from the BNB Chain.

Security experts have determined that the root cause was likely a price oracle issue. Price oracles provide external data to smart contracts, and in this case, the attacker managed to manipulate these price feeds.

PeckShield explained the exploit method: “The hacker exploits it to create a new position with initial given ETH/USD price of 100 and then immediately close the position with inflated ETH/USD price of 10000, netting the $3.12m profit in one single transaction.”

Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, described it as a “very simple vulnerability.” According to Shou, “Anyone can change the Kilo’s price oracle. They did verify that the caller shall be a trusted forwarder, though, but didn’t verify the forwarded caller.”

The @KiloEx_perp protocol was hacked today with a loss of ~7.5m ($3.3m in base, $3.1m in opBNB, $1m in BSC).

The protocol is now paused! Our initial analysis on one exploit tx indicates a price oracle issue. And the hacker exploits it to create a new position with initial given…

— PeckShield Inc. (@peckshield) April 14, 2025

Recovery Efforts Underway

KiloEx is not facing this crisis alone. The team has enlisted the help of several security partners and blockchain networks in its recovery efforts.

“We are collaborating with ecosystem partners to trace and recover funds where possible,” KiloEx stated. This collaboration includes working with BNB Chain, Manta Network, and cybersecurity firms Seal-911, SlowMist, and Sherlock.

The team has identified that the stolen assets are currently moving through cross-chain bridges. “Our investigation has confirmed that the stolen assets are currently being routed through zkBridge and Meson,” KiloEx announced. “We are urgently attempting to engage with both protocols to halt ongoing transactions and prevent additional losses.”

A bounty program to incentivize the return of stolen funds is in development. The exchange has also promised to release a comprehensive postmortem report detailing how the exploit occurred.

Market Impact

The news of the exploit has had a harsh impact on KiloEx’s native token, Kilo. Following the announcement, the token price dropped by over 27% to $0.03596, according to data from CoinGecko.

Despite this recent drop, the token remains well below its all-time high. Kilo reached $0.1648 on March 27 but has since fallen by over 78% from that peak value.

The timing of the exploit is unfortunate for KiloEx, which had recently announced a strategic partnership. Just one day before the attack, on April 13, the exchange had revealed a new partnership with Dubai-based Web3 venture capital firm DWF Labs.

This partnership was intended to expand KiloEx’s market presence and accelerate its growth. DWF Labs has been active in the blockchain space, having launched a $250 million Liquid Fund on March 25 to support mid- and large-cap blockchain projects.

KiloEx was established in 2023 and counts Binance Labs among its major backers. Binance Labs serves as both a lead investor and strategic partner for the exchange.

The post KiloEx DEX Loses $7.5 Million in Cross-Chain Price Oracle Exploit appeared first on CoinCentral.

• Australian authorities identified over 130 victims of Binance cryptocurrency exchange impersonation scams
• Scammers contacted victims via SMS and encrypted messaging with fake verification codes appearing in legitimate message threads
• Victims were instructed to transfer funds to “trust wallets” controlled by scammers
• Once transferred, funds were quickly moved through networks of wallets making recovery nearly impossible
• Australian Federal Police launched Operation Firestorm in 2024 to disrupt offshore crime networks targeting Australians

The Australian Federal Police (AFP) has issued an urgent warning to cryptocurrency users after identifying more than 130 potential victims of a sophisticated impersonation scam targeting customers of the Binance cryptocurrency exchange.

On March 20, 2025, authorities sent a text and email blitz to alert victims about the scam. The victims were identified through messages found on an end-to-end encryption platform as part of Operation Firestorm.

The scammers contacted victims through SMS and encrypted messaging platforms. They claimed to be Binance representatives warning that the victims’ cryptocurrency accounts had been breached.

These messages contained fake verification codes and often appeared in legitimate existing message threads from Binance. This spoofing technique made the messages seem more believable to customers.

The fraudulent messages included a support phone number for victims to call. When targets called this number, they were told their accounts were at risk.

The scammers then instructed victims to protect their funds by transferring cryptocurrency to a “trust wallet.” These wallets were actually controlled by the scammers, allowing them to steal the assets.

AFP Commander Cybercrime Operations Graeme Marshall explained the challenge of recovering stolen funds. Once transferred to scammer-controlled accounts, the funds were quickly moved through a network of wallets and money laundering accounts.

“The AFP has worked closely with our partners at the NASC to ensure any victims in Australia targeted by these scammers were identified swiftly,” Commander Marshall said.

The NASC refers to the National Anti-Scam Centre, which partnered with the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) in this operation.

Warning to Anyone Receiving SMS

Authorities are urging anyone who received the warning SMS or email from the NASC to take it very seriously. Victims who have already transferred cryptocurrency to a trust wallet should immediately report it to their bank or digital currency exchange.

They should then report the incident to police via ReportCyber, quoting reference number AFP-068. Quick action may help limit further damage, though recovery of funds remains difficult.

Australian Competition and Consumer Commission Deputy Chair Catriona Lowe highlighted how impersonation scams have become increasingly common. “Impersonation scams rely on people trusting that the text, email or phone call they get is legitimate,” Ms. Lowe said.

Scammers go to great lengths to create the appearance of legitimacy. This makes it harder for even cautious users to identify fraudulent communications.

The ACCC advises all Australians to verify any communication they receive. This can be done by contacting organizations directly using official contact details from their website or app.

Binance Chief Security Officer Jimmy Su emphasized that protecting users is the company’s top priority. “Scammers often impersonate trusted platforms by exploiting telecom loopholes to manipulate sender names and phone numbers,” Mr. Su explained.

Binance Verify

He recommended that users verify communications using Binance Verify, the company’s tool for confirming official channels. Users should never share sensitive information like seed phrases or transfer funds under pressure.

The cryptocurrency scam was identified as part of Operation Firestorm. This global operation was launched in 2024 to address and disrupt offshore crime networks targeting Australians through various scams.

The AFP worked with international law enforcement partners to identify the Australian victims. This collaboration is part of ongoing efforts to combat cybercrime across borders.

Authorities have shared several warning signs to help people identify similar scams. These include unsolicited contact about account breaches, pressure to act quickly, and requests to provide sensitive information or transfer money.

To protect themselves, cryptocurrency users should verify requests through official channels. They should not click on links or download attachments from unsolicited messages.

Users should be wary of urgent requests and keep their devices secure. They should never share personal information, especially seed phrases which provide access to cryptocurrency wallets.

This coordinated response comes amid rising concerns about cryptocurrency scams in Australia. Last month, the Australian Competition and Consumer Commission warned about the potential impact of relaxed crypto regulations in the United States under President Donald Trump’s administration.

The ACCC’s annual scam report revealed Australians lost over $1.3 billion to investment scams in 2023. Cryptocurrency scams were a major contributor to these losses.

The post Australian Federal Police Identify 130 Victims of Binance Impersonation Scam appeared first on CoinCentral.

• Cybersecurity firm Malwarebytes warns of malware hidden in “cracked” versions of TradingView Premium targeting crypto holders
• Scammers post links on Reddit claiming to offer free premium features but distribute AMOS (Mac) and Lumma (Windows) malware
• The malware can steal credentials, drain cryptocurrency wallets, and capture sensitive data like passwords and 2FA information
• Scammers actively engage with potential victims in Reddit threads to help them download the malicious software
• Red flags include instructions to disable security software and password-protected zip files

Cybersecurity experts have issued an alert about a new scam targeting cryptocurrency holders through fake “cracked” versions of TradingView Premium. The popular trading platform’s name is being used to distribute dangerous malware that can steal crypto assets.

Malwarebytes recently discovered several strains of info-stealer malware being spread through Reddit posts. These posts specifically target crypto users on both Mac and Windows operating systems.

The scammers advertise “TradingView Premium Cracked” programs. They claim these versions offer access to premium features for free.

Users who click on the download links are directed to websites unrelated to TradingView’s official site. These fake downloads contain harmful software.

Mac users who fall for the scam receive AMOS malware. This software can steal personal credentials from their devices.

Windows users face an even more dangerous threat called Lumma Stealer. This malware has been active since 2022.

Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication browser extensions. It can effectively bypass security measures that many crypto holders use to protect their assets.

Another malware variant called Atomic Stealer was first discovered in April 2023. It is known for capturing sensitive data like administrator and keychain passwords.

A New Approach

Jerome Segura, a senior security researcher at Malwarebytes, highlighted an interesting aspect of this scheme. The scammers don’t just post links and disappear.

“What’s interesting with this particular scheme is how involved the original poster is,” Segura noted in a March 18 blog post. The scammers actively engage with potential victims in the comment threads.

They offer “help” to users who have questions or report issues with downloads. This approach adds credibility to their scam and increases the likelihood of successful infections.

Malwarebytes found some clues about the origin of the malware. The website hosting the files belonged to a Dubai cleaning company.

The command and control server for the malware had been registered by someone in Russia. This registration occurred approximately one week before the discovery.

Segura points out that there are clear warning signs users should watch for. The malicious files are “double zipped,” with the final zip being password-protected.

Legitimate software would not be distributed this way. Another red flag is instructions to disable security software so the program can run.

Some victims have already suffered losses from this scam. Malwarebytes reports cases where crypto wallets were emptied completely.

In some instances, hackers then impersonated the victims. They sent phishing links to the victims’ contacts to spread the infection further.

This scheme is part of a growing trend in crypto crime. Blockchain analytics firm Chainalysis estimates there was $51 billion in illicit transaction volume in the past year.

The firm’s 2025 Crypto Crime Report indicates that crypto crime has entered a more sophisticated era. This includes AI-driven scams, stablecoin laundering, and efficient cyber crime operations.

Crypto users are advised to download software only from official sources. Any offer promising premium features for free should be treated with extreme caution.

The post Warning: Malware-Infected TradingView “Cracked” Versions Target Crypto Wallets appeared first on CoinCentral.

• AiXBT AI crypto agent was hacked, losing 55.50 ETH (approximately $104,000-$106,200)
• Attacker accessed dashboard, queued malicious replies via a now-deleted “FungusMan” X account
• The hack targeted AiXBT’s “Simulacrum wallet” which facilitates on-chain actions via social media
• Following the hack, AIXBT token fell approximately 20% to $0.0938
• Developer rxbt implemented security measures including server migration and new access keys

An AI-powered cryptocurrency market commentator known as AiXBT fell victim to a security breach on March 18, resulting in the theft of 55.50 ETH (Ethereum), worth approximately $105,000. The hack caused the platform’s token to drop by about 20% in value within 24 hours.

The attack took place at 2 AM UTC when an unknown hacker gained access to a secure dashboard for AiXBT Agent’s autonomous system. The perpetrator, operating under a now-deleted X (formerly Twitter) account called “FungusMan,” queued two malicious replies.

simu wallet was cooked but core systems unaffected. if you're trading aixbt this doesn't change fundamentals. expect improved security after server migration.

— aixbt (@aixbt_agent) March 18, 2025

These malicious commands prompted the AI system to transfer funds from its Simulacrum wallet. This specialized wallet allows the platform to perform on-chain actions based on social media posts.

AiXBT’s developer, who goes by the pseudonym rxbt, confirmed the attack. The developer emphasized that the exploit did not compromise AiXBT’s core systems.

The team stressed that the breach was not due to any failure of the AI itself. They pointed out that safeguards had been in place to protect against agent manipulation.

In its own post about the incident, AiXBT acknowledged the exploit. “Simu wallet was cooked, but core systems unaffected,” the bot stated on X.

The AI agent attempted to reassure users and investors. “If you’re trading AIXBT, this doesn’t change fundamentals. Expect improved security after server migration,” the post continued.

The development team acted quickly following the breach. They reported the hacker’s wallet address to centralized exchanges to try to track the funds.

Additional security measures included switching access keys and migrating servers. The team also paused dashboard access while they implemented security upgrades.

AIXBT Token Falls

Despite these assurances from the team, the AIXBT token saw a sharp decline. The token, which trades on the Ethereum layer-2 network Base, fell by almost 20% to approximately $0.0938.

This latest drop continues a downward trend for the token. AIXBT is now trading nearly 90% below its all-time high of $0.94, which it reached on January 16 this year.

According to CoinGecko data, AiXBT’s market capitalization stands at $82.4 million at press time. This represents a substantial decline from its peak of $755 million in mid-January.

AiXBT is built on the Virtuals Protocol and functions as a market commentator driven by an AI agent. The platform provides real-time insights on cryptocurrency trends.

Since its launch late last year, AiXBT has gained popularity in the crypto community. It has attracted a following of almost half a million people on X.

The incident has raised questions about the security of AI agents in crypto. Decentralized AI researcher known as “S4mmy” commented that AI agents managing crypto funds need more thorough testing.

Catching up from the past week and stumbled across AI agents being tricked into sending > $100k

Previously, @freysa_ai created an intentional challenge to trick it into releasing funds using a prompts with a prize increasing with more attempts

This time AIXBT, unintentionally.… https://t.co/GVhbTsAr10 pic.twitter.com/8bvv3V0okg

— s4mmy (@S4mmyEth) March 18, 2025

The market for AI agent tokens has seen a broader decline in recent months. According to CoinGecko, the total market capitalization for AI agent tokens has fallen from nearly $17 billion in early January to below $5 billion currently.

Spencer Farrar, a partner at AI and crypto-focused venture capital firm Theory Ventures, described the current state of AI applications in crypto as “a bit frothy.” However, he suggested that more utility could develop over time.

The post AiXBT AI Agent Loses 55.5 ETH in Security Breach: Token Falls 20% appeared first on CoinCentral.