TrapDoor Malware Targets Crypto Developers Through Fake Open-Source Packages
Socket Security researchers uncovered TrapDoor Malware, a supply-chain attack targeting crypto and AI developers through malicious open-source packages. The campaign affected npm, PyPI, and Crates.io ecosystems while attempting to steal credentials, wallet data, and developer access tokens.
Unauthorized eBTC Mint Pressures Echo Token and DeFi Markets
Echo Protocol paused cross-chain transactions after an attacker minted roughly 1,000 unauthorized eBTC on its Monad deployment. While the unauthorized supply was valued near $76.7 million, researchers said the realized extraction appeared far smaller. The incident has renewed scrutiny around DeFi bridge security and privileged access controls.
Lazarus Expands Attack Strategy With Mach-O Man macOS Malware
A new Lazarus-linked campaign is targeting crypto executives and fintech firms with macOS malware. The Mach-O Man toolkit uses fake meeting invites and social engineering to steal credentials and gain system access. The attack highlights growing risks tied to trusted communication channels.
Kelp DAO Exploit Shows How Bridge Failures Spread Across DeFi
Kelp DAO’s $292 million breach quickly became a wider DeFi risk event. After malicious cross-chain activity released rsETH to an attacker-controlled address, Aave froze affected markets and Arbitrum moved to freeze part of the stolen ETH.
Crypto Users Lose $9.5M to Fake Ledger App on Apple Store
A fake Ledger app listed on Apple’s App Store has been linked to a $9.5 million crypto theft affecting more than 50 users. The incident highlights how phishing tactics are evolving beyond fake websites into trusted app distribution channels.
