Lazarus Expands Attack Strategy With Mach-O Man macOS Malware
A new Lazarus-linked campaign is targeting crypto executives and fintech firms with macOS malware. The Mach-O Man toolkit uses fake meeting invites and social engineering to steal credentials and gain system access. The attack highlights growing risks tied to trusted communication channels.
Kelp DAO Exploit Shows How Bridge Failures Spread Across DeFi
Kelp DAO’s $292 million breach quickly became a wider DeFi risk event. After malicious cross-chain activity released rsETH to an attacker-controlled address, Aave froze affected markets and Arbitrum moved to freeze part of the stolen ETH.
Crypto Users Lose $9.5M to Fake Ledger App on Apple Store
A fake Ledger app listed on Apple’s App Store has been linked to a $9.5 million crypto theft affecting more than 50 users. The incident highlights how phishing tactics are evolving beyond fake websites into trusted app distribution channels.
Drift exploit shifts focus to cause and attribution
Investigators are analyzing the cause behind the Drift Protocol exploit, with early signals pointing to North Korean-linked actors and structural similarities to the Bybit breach. The incident highlights potential weaknesses in privileged access and crypto security design.
Drift Protocol Says ‘Active Attack’ as Suspicious Outflows Top $270M
Drift Protocol halted deposits and withdrawals after detecting an active attack that led to hundreds of millions in suspicious outflows. With losses still unconfirmed, the incident has shaken confidence in Solana DeFi and triggered sharp market reactions.
