Skip to main content
North Korean Malware Targets Ethereum & Binance Wallets: Details
Cybersecurity • Crypto • Threat Intel

North Korean Malware Targets Ethereum & Binance Wallets: Details

Published · ~4 min read
Cyber illustration showing malware streams targeting Ethereum and Binance wallets
Analysts flag a campaign abusing public blockchains to deliver wallet-stealing malware.

Security researchers report a North Korean–linked campaign embedding malicious code in public smart contracts to target Ethereum and BNB Chain wallets. The method reduces takedowns and evades traditional web filters.

How the attack works

The actors use “on-chain hosting”: payloads are stored in transactions or smart contracts. When victims connect a wallet, run injected scripts, or load a compromised dApp component, the malware pulls instructions from the chain and attempts to exfiltrate secrets (keys, seed phrases) or sign unauthorized transactions.

Who is behind it

The activity resembles prior North Korean operations targeting crypto firms and developers. Tactics include fake job offers, poisoned libraries, and supply-chain compromises aimed at wallets and build systems.

Why it matters

  • Persistence: Data stored on-chain is hard to remove, enabling long-lived campaigns.
  • Trust abuse: Legit-looking contracts/dApps can deliver hidden code paths.
  • Broader impact: Risks extend to users, exchanges, and CI/CD pipelines in crypto projects.

How to protect your funds

  • Prefer hardware wallets and require confirmation for every transaction.
  • Only interact with verified contracts/dApps; read permissions before signing.
  • Lock down browsers: remove unknown extensions; use script-blocking where possible.
  • For devs: pin dependencies, verify checksums, and isolate build environments.
  • Enable wallet alerts and withdraw large balances to cold storage.

Related reading

Labels:

Comments

Post a Comment

Popular posts from this blog

Create a Payza Account in Minutes: Step-by-Step Guide (Availability May Vary) Create a Payza Account in Minutes: Step-by-Step Guide Follow these quick steps to create, verify, and secure your Payza e-wallet. Note: Service availability and features can change—verify on the official site first. Signing up takes a few minutes—verification and security settings keep your wallet safer. Key takeaways Fast signup: Create an account with a valid email, then confirm and complete your profile. Verify early: Prepare ID + proof of address to unlock higher limits and withdrawals. Secure it: Enable 2FA, set strong passwords, and review notification settings. Contents Create Your Account Complete KYC Verification Harden Security (Highly R...
48 comments
Read more
FTX/Alameda Wrapped Tokens on Solana Are No Longer Redeemable: What It Means for soBTC & soETH FTX/Alameda Wrapped Tokens on Solana Are No Longer Redeemable: What It Means for soBTC & soETH A quick, clear explainer on how wrapped-token redemption works, what changed after FTX/Alameda’s collapse, and practical steps to reduce risk. When backing fails, wrapped tokens can lose redemption and deviate from their peg. Key takeaways Wrapped tokens like soBTC and soETH relied on redemption backing tied to FTX/Alameda. After bankruptcy, redemption mechanisms ceased , causing price dislocations on Solana. Holders should evaluate liquidity, contract risk, and official notices before acting. Contents What Happened Wrapped ...
Post a Comment
Read more
Huobi Group Launches New Investment & Incubation Division: What It Means for Web3 Builders Huobi Group Launches New Investment & Incubation Division: What It Means for Web3 Builders A practical overview for founders and developers—focus areas, how to pitch, and what diligence to expect. Huobi’s new initiative aims to accelerate promising Web3 startups with capital and ecosystem support. Key takeaways Founder-focused: Backing teams in DeFi, infrastructure, wallets, payments, NFTs, gaming, and security. Beyond funding: Access to Huobi’s network, GTM playbooks, and technical/security guidance. Be diligence-ready: Show traction, audits, token economics, and a clear execution plan. Contents Focus Areas & Eligibility Applicatio...
Post a Comment
Read more