VulnHub

Real-time Cybersecurity News

76% of All Crypto Stolen in 2026 Is Now in North Korea

darkreading
Actively Exploited

Overview

North Korean hackers are increasingly targeting cryptocurrency, with reports indicating that 76% of all stolen crypto in 2026 has ties to the country. These attacks have become so frequent that they are occurring on a weekly basis, raising concerns among security experts. Researchers suggest that artificial intelligence may be playing a role in these sophisticated heists, potentially enhancing the attackers' capabilities. This trend poses significant risks not only to individual investors but also to the broader cryptocurrency market, which is already vulnerable to theft and fraud. As these incidents escalate, it becomes crucial for users and companies to strengthen their security measures to protect against such attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Cryptocurrency platforms, wallets, exchanges
  • Action Required: Users and companies should enhance security protocols, including multi-factor authentication and regular security audits.
  • Timeline: Ongoing since 2026

Original Article Summary

North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.

Impact

Cryptocurrency platforms, wallets, exchanges

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2026

Remediation

Users and companies should enhance security protocols, including multi-factor authentication and regular security audits.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Edu tech firm Instructure discloses cyber incident, probes impact

BleepingComputer

Instructure, the developer of the Canvas learning platform, has reported a cybersecurity incident that has prompted an investigation into its potential impact. While details about the nature of the incident are still emerging, the company is assessing how it may affect users and systems. This incident is particularly concerning given Canvas's widespread use in educational institutions, where sensitive student and faculty data could be at risk. As the investigation continues, users are advised to stay alert for any updates and potential security measures that may be necessary to protect their information. The situation underscores the ongoing challenges that educational technology companies face in safeguarding their platforms against cyber threats.

May 1, 2026

New software supply chain attack uses sleeper packages for credential theft and CI tampering

SCM feed for Latest

A new software supply chain attack has been linked to a GitHub account named 'BufferZoneCorp.' This campaign involved malicious Ruby gems and Go modules that were disguised as legitimate libraries. Attackers used these sleeper packages to steal user credentials and tamper with continuous integration (CI) systems. Developers and organizations using Ruby and Go programming languages should be particularly vigilant, as this could compromise their software development processes. It's crucial for teams to verify the sources of their libraries and monitor for any unusual activity to prevent potential breaches.

May 1, 2026

Ubuntu and Canonical services disrupted by DDoS attack claimed by hacktivists

SCM feed for Latest

A DDoS attack has disrupted services for Ubuntu and Canonical, with the hacktivist group known as The Islamic Cyber Resistance in Iraq 313 Team claiming responsibility. They reportedly employed a DDoS-for-hire service named Beamed to carry out the attack. This incident highlights the vulnerabilities of major tech platforms to such attacks, which can lead to significant service outages and impact users relying on these systems. The ongoing nature of the attack suggests that it could continue to affect services for an indefinite period, raising concerns about the security and resilience of online infrastructure. Users and organizations relying on Ubuntu and Canonical services should be aware of potential disruptions and consider contingency plans.

May 1, 2026

Medicare directory exposes Social Security numbers of US healthcare providers

SCM feed for Latest

A database intended to support a new Medicare directory was accidentally left open to the public, exposing sensitive information, including Social Security numbers, of numerous healthcare providers. This database was part of the Centers for Medicare & Medicaid Services' (CMS) efforts to modernize Medicare. The exposure raises significant concerns about privacy and the potential for identity theft among the affected providers. With healthcare data being a prime target for cybercriminals, this incident underscores the need for stricter security measures when handling sensitive information. Providers are now at risk of fraud and misuse of their personal information due to this oversight.

May 1, 2026

Anthropic opens Claude Security public beta for code audits

SCM feed for Latest

Anthropic has introduced Claude Security in public beta, a new tool designed to help developers identify vulnerabilities within their code. Unlike traditional methods that rely on known attack patterns, Claude Security uses the Opus 4.7 model to scan entire codebases, generate verified patches, and trace data flows between components. This approach could significantly improve the security of software by providing deeper insights into potential weaknesses. As software development continues to grow, tools like this are increasingly important for companies looking to safeguard their applications against emerging threats. The introduction of such tools may encourage more developers to prioritize security in their coding practices.

May 1, 2026

Federal zero trust guidelines for OT environments unveiled

SCM feed for Latest

In response to increasing cybersecurity threats targeting operational technology (OT) networks, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies have released new guidelines recommending a zero trust approach for these systems. As industrial systems become more interconnected, the risks of cyberattacks grow, prompting the need for stronger security measures. The guidance aims to help organizations better protect their OT environments by adopting zero trust principles, which focus on verifying all users and devices before granting access to sensitive systems. This is particularly important as the reliance on digital technologies in industrial sectors continues to expand. Implementing these practices is crucial for safeguarding critical infrastructure against evolving cyber threats.

May 1, 2026