In the ever-evolving landscape of cybersecurity, recent developments have raised significant concerns among users and experts alike. This past week has seen a series of alarming incidents that highlight the vulnerabilities present in the digital realm.
- Crypto address “poisoning” resulting in a loss of .6 million.
- Labubu fans falling victim to cryptocurrency theft.
- Torrents masquerading as films siphoning off cryptocurrency.
- Hackers gaining control of a Norwegian dam’s gates.
Crypto Address “Poisoning” Results in .6 Million Loss
On August 15, a user suffered a staggering loss of 140 ETH (approximately 6,500 at the time) after inadvertently copying an incorrect address from their compromised transaction history, as reported by the fraud prevention team ScamSniffer. This method, known as crypto address “poisoning,” involves the creation of nearly identical addresses. Malicious actors send small transactions from wallets that closely resemble legitimate ones, tricking users into copying the wrong address for future transfers.
🚨💔 1 hour ago, a victim lost 140 ETH (6,559) after copying the wrong address from contaminated transfer history. pic.twitter.com/iFuzpjup98— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) August 15, 2025
Cointelegraph reported that just five days prior, a similar attack resulted in a loss of 0,000. Additional reports indicate two more incidents, with losses of ,000 and ,000, bringing the total to over .6 million in just a week. Furthermore, ScamSniffer noted that at least 0,000 was lost due to malicious phishing requests involving approvals and permissions.
🚨 11 hrs ago, an Aave user lost 3,389 worth of aEthWETH after signing a malicious “permit” phishing signature.💸 pic.twitter.com/Og097nUtrj— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) August 10, 2025
On August 12, another user lost tokens worth 5,000 due to similar phishing tactics.
Labubu Fans Lose Cryptocurrency
On August 11, analysts from F6 uncovered a cryptocurrency theft scheme targeting residents in Russia, as reported by RBC. Using a counterfeit marketplace for the popular toy Labubu, scammers offered free cryptocurrency under the same name. To participate, users were prompted to connect their crypto wallets.
Once activated, the fraudulent site requested access to the user’s balance and transaction history. If any assets were detected, the interface would ask for additional permissions to verify participation in the “airdrop.” This malicious software would then transfer the victim’s funds to the scammers’ wallets.
To conserve their resources, the hackers monitored wallets, denying participation to those that were empty. Previously, scammers had exploited the Labubu brand to steal Telegram accounts by creating bots that promised toys in exchange for feedback, leading victims to share their contact information and verification codes.
Torrents Stealing Cryptocurrency
Researchers from Kaspersky Lab have identified a surge in thefts involving cryptocurrency wallet substitution. The Efimer Trojan is disseminated through compromised WordPress sites, torrents, and email. Additionally, this malware collects credentials from hacked resources for further spam distribution.
Experts report that attackers lure individuals by using torrent files, targeting poorly secured WordPress sites to post offers for downloading newly released films. The malicious file is disguised as a player (xmpeg_player.exe) within a password-protected archive.
In corporate attacks, phishing emails claiming copyright violations are used, with infected files contained in archives. Once executed, the Efimer Trojan infects the computer, displaying only an error message to the user. This malware can replace cryptocurrency addresses in the clipboard with those of the attackers and search for seed phrases, executing fraudulent code through the Tor network for self-recovery.
Kaspersky Lab reported that from October 2024 to July 2025, 5,015 users encountered Efimer attacks, with the most affected countries being India, Spain, Russia, Italy, and Germany.
Hackers Open Gates of Norwegian Dam
Pro-Russian hackers gained control over critical operational systems at a dam in Norway, opening discharge valves, as reported by Bleeping Computer. The hackers infiltrated the digital system managing water flow at the Bremanger dam, leaving operators scrambling for approximately four hours to detect and stop the water flow, during which over 7.2 million liters had already passed through the system.
This incident occurred in April, but details were only made public in August by Beate Gangås, head of Norway’s police security service. She emphasized that the attack was less about causing damage and more about demonstrating the hackers’ capabilities.
Dealer Vulnerability Allows Remote Vehicle Control
On August 10, cybersecurity researcher Eton Zveare from Harness revealed a vulnerability in the online portal of a car dealer from a well-known automotive manufacturer. This flaw allowed the exposure of private customer data, vehicle information, and even remote hacking of the vehicles themselves.
While Zveare refrained from naming the manufacturer, he described it as a widely recognized automotive group with several popular brands. He noted that identifying the vulnerability in the authorization system was challenging, but once discovered, he could bypass the login mechanism by creating a new administrator account.
The vulnerable code would load in the user’s browser upon accessing the login page, enabling modifications that circumvented security checks. With access granted, Zveare could infiltrate over 1,000 dealer centers across the United States.
Using a vehicle’s VIN number from a parked car, he demonstrated how he could identify the owner. He also mentioned that the tool could be used to search by a customer’s name.
With access to the portal, it was possible to link any vehicle to a mobile account, allowing control over certain functions through an app—such as unlocking doors. Although Zveare did not test whether it was possible to drive the vehicle away, he indicated that the vulnerability could facilitate theft of items inside.
In other news, Tajikistan reportedly lost over million due to illegal mining activities, and BtcTurk suspended withdrawals amid suspicious transactions totaling million. Additionally, a user managed to hack a North Korean hacker, and an Ethereum developer fell victim to a malicious AI extension. Experts have noted that the Qubic attack on Monero did not harm the network, while Binance joined the T3+ program to combat crypto crime. Furthermore, hackers extracted million in Bitcoin from the Odin.fun platform, and KYC data leaks have led to increased attacks on crypto investors. Lastly, the ransomware group Embargo has been linked to the “fugitive” BlackCat group.
What to Read This Weekend?
ForkLog delves into the identity behind the Salomon Brothers brand and explores the implications of the company’s desire to access Bitcoin addresses it deems abandoned.
Stay connected with ForkLog on social media for the latest updates.
