VulnHub

Real-time Cybersecurity News

Crypto theft in 2025: North Korean hackers continue to dominate

Help Net Security
Actively Exploited
Vulnerability

Overview

In 2025, North Korean hacking groups have intensified their focus on cryptocurrency platforms, reportedly stealing $2.02 billion, which marks a 51% increase from the previous year. According to a Chainalysis report, these hackers have now amassed a total of $6.75 billion over time, despite launching fewer attacks. The strategy employed by these groups involves targeting larger services where a single breach can yield significant financial gains. This trend raises concerns for the cryptocurrency community, as it highlights the ongoing vulnerability of major platforms to sophisticated cybercriminal operations. The implications of these thefts extend beyond financial loss, potentially undermining user trust and the overall stability of the cryptocurrency market.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Cryptocurrency platforms, large services handling significant transactions
  • Action Required: Enhanced security measures for cryptocurrency platforms, user education on security best practices, increased monitoring for unusual activity.
  • Timeline: Ongoing since 2025

Original Article Summary

When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase, pushing their all-time total to $6.75 billion despite fewer attacks,” the company says. How are they achieveing this? For years, a big part of their playbook involved placing … More → The post Crypto theft in 2025: North Korean hackers continue to dominate appeared first on Help Net Security.

Impact

Cryptocurrency platforms, large services handling significant transactions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2025

Remediation

Enhanced security measures for cryptocurrency platforms, user education on security best practices, increased monitoring for unusual activity

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

Data Privacy Teams Face Staffing Shortages and Budget Constraints, ISACA Warns

Infosecurity Magazine

ISACA's State of Privacy 2026 report reveals a worrying trend in data privacy teams across various organizations. Despite increasing regulatory demands and technical challenges surrounding data privacy, these teams are struggling with staffing shortages and limited budgets. This situation puts many companies at risk, as they may not have sufficient resources to address privacy concerns effectively. As regulations become stricter and data breaches more common, the lack of adequate support for privacy teams could lead to severe compliance issues and potential fines. The report emphasizes the urgent need for organizations to invest in their data privacy capabilities to safeguard sensitive information and maintain trust with customers.

Jan 15, 2026

Trio of Critical Bugs Spotted in Delta Industrial PLCs

darkreading

Researchers have identified three significant vulnerabilities in programmable logic controllers (PLCs) from Delta, a manufacturer known for industrial automation solutions. The debate among experts centers on the severity of these flaws; some view them as critical threats that could lead to serious disruptions in industrial operations, while others believe the risks are manageable. The vulnerabilities could potentially allow unauthorized access or manipulation of the PLCs, which are essential for controlling machinery and processes in various industries. Companies using Delta's PLCs should assess their systems and consider implementing security measures to mitigate any potential risks. As the discussion continues, it’s crucial for users to stay informed and proactive about their cybersecurity posture.

Jan 15, 2026

FTC bans GM from selling drivers' location data for five years

BleepingComputer

The Federal Trade Commission (FTC) has reached an agreement with General Motors (GM) after charging the company with improperly collecting and selling the location and driving data of millions of drivers without their consent. This order prohibits GM from selling this data for five years, ensuring that drivers' privacy is better protected moving forward. The FTC's action underscores the importance of consumer consent in the collection of personal data, especially in an era where location tracking is prevalent in vehicles. The settlement aims to hold GM accountable for its practices and serves as a warning to other companies about the need to respect consumer privacy rights. Millions of drivers who use GM vehicles are affected by this decision, which seeks to restore trust in how their data is handled.

Jan 15, 2026

Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers

Security Affairs

Lumen's Black Lotus Labs has successfully disrupted a significant portion of the AISURU and Kimwolf botnet by blocking over 550 command-and-control (C2) servers. This botnet is notorious for facilitating DDoS attacks and proxy abuse, acting as a DDoS-for-hire service that has been used to target various organizations. By taking these C2 servers offline, Lumen aims to reduce the operational capabilities of this botnet, which has been a persistent problem for cybersecurity professionals. The disruption not only impacts the botnet operators but also helps protect potential victims from being targeted in future attacks. This action underscores the ongoing battle against cybercrime and highlights the importance of proactive measures in cybersecurity.

Jan 15, 2026

Palo Alto Networks warns of DoS bug letting hackers disable firewalls

BleepingComputer

Palo Alto Networks has released a patch for a serious vulnerability that could enable attackers to conduct denial-of-service (DoS) attacks, effectively disabling firewall protections. This flaw allows unauthenticated individuals to exploit the vulnerability, raising concerns for organizations relying on Palo Alto's security products. The ability to disable firewalls poses significant risks, as it could lead to unauthorized access and data breaches. Companies using affected products are urged to apply the patch immediately to safeguard their networks. This incident serves as a reminder of the ongoing challenges in maintaining cybersecurity defenses against evolving threats.

Jan 15, 2026

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login

The Hacker News

Palo Alto Networks has addressed a serious vulnerability in its GlobalProtect Gateway and Portal software, identified as CVE-2026-0227, which carries a CVSS score of 7.7. This flaw allows for a denial-of-service (DoS) condition that can crash firewalls without requiring user authentication. A proof-of-concept exploit for this vulnerability is already available, raising concerns about its potential impact on organizations using these systems. Companies utilizing GlobalProtect PAN-OS software should promptly apply the security updates released by Palo Alto to safeguard their networks. Failure to address this vulnerability could leave systems open to disruptions, affecting overall network availability.

Jan 15, 2026