Security analysts from SilentPush have identified a phishing campaign dubbed PoisonSeed, which is targeting Coinbase users and Ledger hardware wallet owners.
The operation begins with attackers creating fake landing pages that impersonate major email marketing platforms such as Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. These spoofed sites are used to hijack the email accounts of marketing professionals, which are then leveraged to send out phishing messages.
The emails typically issue urgent warnings like “Coinbase is transitioning to self-custody wallets” and contain a seed phrase. Recipients are instructed to use the phrase when setting up a new crypto wallet to “safely migrate assets” — but following these instructions gives hackers full access to their funds.
North Korean Hackers Impersonate Crypto Exchange Recruiters
Cybersecurity firm Sekoia reported a new tactic used by the Lazarus Group, a state-sponsored North Korean hacking outfit. Dubbed ClickFix, the strategy involves impersonating HR staff from major crypto companies to target job seekers in the AI and crypto industries.
Victims receive fake interview invitations via fraudulent websites. When trying to access the site, they encounter a fake error message prompting them to run PowerShell commands — which, in fact, download malware.
The Lazarus Group has been spoofing companies such as Coinbase, KuCoin, Kraken, Circle, Securitize, BlockFi, Tether, Robinhood, and Bybit. The deployed malware is capable of stealing cryptocurrency, executing shell commands, accessing local files, stealing cookies and saved passwords, browsing history, and gathering system metadata.
Possible Arrest of SiegedSec Leader Following NATO Hack
A member of the hacking collective SiegedSec, which previously claimed responsibility for breaches of NATO’s portal, The Heritage Foundation, and the Idaho National Laboratory, said their leader — known online as vio — may have been arrested by the FBI. The claim was reported by Daily Dot, citing a March 26 post by user mewmrrpmeow on X (formerly Twitter).
I regret to inform you that vio's location was raided earlier today. She is no longer accessible, contactable, or reliable.
— . (@mewmrrpmeow) March 26, 2025
I'm available to address any inquiries you may have.
“I regret to inform you that vio’s location was raided this morning. She is no longer reachable, and [her contact] is now considered compromised,” the user wrote.
A follow-up post the next day expressed concern about the silence surrounding the incident.
SiegedSec announced its disbandment in July 2024 after The Heritage Foundation warned that hacker information had been handed to the FBI. The agency, however, has not publicly acknowledged any investigation or charges to date.
Europol Shuts Down KidFlix CSAM Platform
German and Dutch authorities, with support from Europol, have dismantled one of the largest darknet platforms for distributing child sexual abuse material (CSAM), named KidFlix. The operation began in 2022 and concluded on March 11, 2025, though the results were only recently disclosed.
In total, 79 people were arrested, 1,393 suspects were identified, and over 3,000 electronic devices were seized. Authorities also confiscated the site’s server.
Since launching in 2021, KidFlix had hosted more than 91,000 unique videos with a combined duration of 6,288 hours. The platform boasted over 1.8 million users, who paid for access using cryptocurrencies and could earn internal tokens by engaging with the content.
The case materials have been forwarded to law enforcement agencies in 35 countries for further investigation.
Paradigm Releases Report on North Korean Crypto Hacking Groups
Crypto investment firm Paradigm has published an in-depth report examining North Korean cybercrime operations targeting both organizations and individuals worldwide.
In addition to the well-known Lazarus Group, the report highlights Contagious Interview and Wagemole — threat actors employing fake hiring campaigns to gather sensitive information and steal digital assets.
Other notable actors include AppleJeus, which distributes malware disguised as trading tools and crypto applications, and Dangerous Password, which uses social engineering to target crypto holders.
Paradigm identified TraderTraitor as the most sophisticated group, executing advanced phishing attacks against cryptocurrency exchanges and major crypto firms using highly tailored and technical methods.
TikTok Ban in the U.S. Delayed by 75 Days
On April 4, U.S. President Donald Trump extended the deadline for ByteDance — the Chinese parent company of TikTok — to divest its American assets by an additional 75 days. The extension is aimed at avoiding a ban on the platform in the United States.
Trump expressed hope for continued “good-faith cooperation with China.”
Reuters, citing insider sources, reported that the divestiture deal was stalled by the Chinese government in response to the U.S. imposing a 54% tariff on imports of Chinese goods.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.