Cybersecurity Highlights of the Week
This week’s cybersecurity developments have been significant, with several key incidents making headlines. Below is a detailed overview of the most notable stories.
- ZachXBT linked a $23.6 million crypto seizure to the hack of Ripple’s co-founder’s wallet.
- A malicious package on PyPI was discovered stealing Ethereum.
- Fake DeepSeek sites are spreading stealers and backdoors.
- Telegram Stars and NFTs are driving account theft.
ZachXBT Connects $23.6 Million Crypto Seizure to Ripple Co-Founder’s Wallet Hack
In a significant development, US authorities have seized $23.6 million in cryptocurrencies. This action follows the breach of an online password manager in 2022. The pilfered assets were tracked through platforms including OKX, Kraken, WhiteBIT, and others between June 2024 and February 2025.
On-chain analyst ZachXBT revealed that this seizure is linked to the theft of $150 million (283 million XRP) from Ripple co-founder Chris Larsen in January 2024. The breach allegedly occurred due to the storage of private keys in the compromised password manager, suspected to be LastPass, although the company refutes direct ties to the incident.
Discovery of Malicious PyPI Package Stealing Ethereum
Researchers at Socket have identified a malicious package on the Python Package Index (PyPI) named “set-utils,” which targets Ethereum private keys. Since January 2025, this package has been downloaded over 1,000 times. The attack primarily affects developers using the “eth-account” library for blockchain applications.
The package intercepts private keys during wallet creation and exfiltrates funds via the Polygon blockchain. While the package has been removed, users are advised to secure their assets immediately.
Fake DeepSeek Sites Disseminate Stealers and Backdoors
Kaspersky Lab specialists have identified phishing campaigns cloning the official DeepSeek chatbot website. These fake sites distribute malware by masquerading as DeepSeek software, targeting browser cookies, login credentials, and cryptocurrency wallets.
One campaign, spread via social media, successfully attracted over a million views. Another scheme targets technically savvy users by distributing a backdoor disguised as the Ollama framework.
UK to Investigate TikTok and Reddit on Children’s Data Handling
The UK Information Commissioner’s Office (ICO) has launched an inquiry into TikTok, Imgur, and Reddit’s data handling practices concerning minors. This investigation seeks to ensure compliance with data protection laws, particularly in estimating user age accurately.
Telegram Stars and NFTs Fueling Account Thefts
F6 analysts have noted an increase in Telegram account thefts, with over 1.24 million accounts stolen in the latter half of 2024. The thefts, fueled by Telegram Stars digital currency and NFTs, involve transferring stolen accounts to mule accounts for resale.
Phishing schemes often entice users with various baits, including fake prizes and security alerts, aiming to steal login information.
Apple Warns Users in 117 Countries of Spyware Attacks
Apple has alerted users across 117 countries about targeted spyware attacks, as reported by Amnesty International. The notifications, while not specifying the attackers, indicate a persistent threat landscape.
Weekend Reading Suggestion
Explore the adverse effects of memecoins on the cryptocurrency industry for an insightful weekend read.
For more detailed information, please visit the original source: ForkLog.
Stay informed with ForkLog by subscribing to our updates and following us on social media.
If you find an error in the text, highlight it and press CTRL+ENTER to report it.
