A U.S. government contractor has been arrested for allegedly stealing $46M in cryptocurrency tied to the 2016 Bitfinex hack while working with the U.S. Marshals Service.
Investigators say privileged access was used to divert seized crypto assets.
Insider threat or weak custody controls?
#Cybersecurity #CryptoSecurity #Blockchain
A crypto operational mistake allegedly cost South Korea nearly $4.8M.
Authorities shared images celebrating seized assets from tax evaders - but one photo reportedly revealed the recovery phrase of a hardware wallet.
Within hours:
โข Attacker funded gas fees with ETH
โข 4M PRTG tokens transferred
โข ~$4.8M gone
A reminder that OpSec failures can compromise even offline crypto storage.
Source: https://www.generation-nt.com/actualites/crypto-coree-sud-fisc-perte-seed-phrase-2071790
What safeguards should governments implement for seized digital assets?
Join the conversation and follow TechNadu for more cybersecurity and cybercrime coverage.
#CyberSecurity #CryptoSecurity #Blockchain #DigitalAssets #InfoSec #CryptoWallet #CyberCrime #OpSec #ThreatIntel
South Korea's Tax Agency Handed Thieves a $4.8m Crypto Key in a Press Release
#Crypto #SouthKorea #CyberSecurity #DigitalAssets #AusNews #CryptoSecurity
South Korea tax office exposed a wallet seed phrase in press materials.
Impact:
~$4.8M in seized PRTG tokens drained.
Agency now overhauling crypto custody procedures.
Private key exposure = total compromise.
$48M in crypto was stolen after a wallet seed was exposed by a Korean tax agency โ one secret leaked, millions lost. Key management is everything. ๐๐ธ #CryptoSecurity #SecretManagement
South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency.
Seoul's Tax Triumph Turns to Farce After Crypto Key Exposed in Press Photo
#SouthKorea #Cryptocurrency #CyberSecurity #Blockchain #AusNews #CryptoSecurity
Alright team, it's been a pretty active 24 hours in the cyber trenches! We've got a couple of notable breaches, some concerning new malware and AI-related vulnerabilities, and a strong message from the DEF CON community. Let's dive in:
Crypto Heists & Malicious Extensions ๐ธ
- South Korea's National Tax Service made a costly blunder, publicly exposing the mnemonic recovery phrase of a seized crypto wallet in a press release, leading to the theft of $4.8 million in Pre-Retogeum (PRTG) tokens. This highlights a critical lack of basic understanding of virtual asset security by authorities.
- The "QuickLens - Search Screen with Google Lens" Chrome extension, with around 7,000 users, was compromised after a change of ownership. A malicious update introduced ClickFix attacks (fake Google Update prompts) and info-stealing functionality, targeting crypto wallets (MetaMask, Phantom, etc.) and credentials, with macOS users potentially hit by the AMOS infostealer.
- If you've used QuickLens, remove it, scan your device, reset passwords, and move crypto funds to a new wallet immediately.
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
New Malware & AI Agent Vulnerabilities ๐ค
- A new Windows RAT called Steaelite is being sold on cybercrime forums, offering an all-in-one solution for double extortion attacks. It bundles ransomware, data theft, credential/crypto stealers, and live surveillance, with automated data harvesting kicking in the moment a victim connects. An Android module is also reportedly in development.
- The OpenClaw AI agent ecosystem is facing significant security scrutiny. A high-severity "ClawJacked" flaw (fixed in v2026.2.25) allowed malicious websites to hijack local AI agents by brute-forcing gateway passwords via WebSocket and silently registering as trusted devices.
- Beyond "ClawJacked," the OpenClaw ecosystem has seen multiple other vulnerabilities (RCE, command injection, SSRF, auth bypass, path traversal) and a surge in malicious skills on ClawHub, used to distribute infostealers like Atomic Stealer and facilitate crypto scams. Microsoft advises treating OpenClaw as untrusted code and deploying it only in isolated environments.
๐ต๐ผ The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
๐ฐ The Hacker News | https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
Google Cloud API Key Exposure ๐
- Truffle Security found nearly 3,000 Google Cloud API keys, originally intended for billing or benign services like embedded maps, could be abused to authenticate to sensitive Gemini endpoints.
- This occurs when the Gemini API is enabled on a Google Cloud project, silently granting existing API keys (even publicly exposed ones) access to Gemini, allowing attackers to access uploaded files, cached data, and rack up huge LLM-usage bills.
- Google has implemented proactive measures to detect and block leaked keys, but users are strongly advised to audit their Google Cloud projects, check for enabled AI-related APIs, and rotate any publicly accessible keys, especially older ones.
๐ฐ The Hacker News | https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html
Cyber Policy & Community Frustration ๐๏ธ
- The DEF CON community, particularly figures like Jake Braun, is expressing significant frustration with governments' inability to effectively address major societal threats: cybercrime, AI, and authoritarianism. The annual Hacker's Almanack highlights hackers stepping up to secure critical infrastructure and fight back against cybercriminals and oppressive regimes.
- There's a growing concern about the accelerating power of AI for offensive hacking, with calls for industry-wide security controls for AI, similar to CIS Critical Security Controls.
- In a separate but related development, the Pentagon has designated AI firm Anthropic as a "supply chain risk" due to an impasse over the company's refusal to allow its Claude AI model to be used for mass domestic surveillance or fully autonomous weapons. This highlights a growing tension between AI ethics and military applications, with OpenAI reportedly taking a different stance with the DoD.
๐ต๐ผ The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/28/def_con_jake_braun_fed_up_govt/
๐ฐ The Hacker News | https://thehackernews.com/2026/02/pentagon-designates-anthropic-supply.html
#CyberSecurity #ThreatIntelligence #Ransomware #Malware #RAT #AI #Vulnerability #APISecurity #CloudSecurity #CryptoSecurity #ChromeExtension #SupplyChainRisk #DEFCON #InfoSec #CyberAttack #IncidentResponse
South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency.
Incident Overview:
Platform: Step Finance
Loss: ~$40M treasury theft
Vector: Compromised executive devices
Status: Operations terminated
Recovery efforts:
โข ~$3.7M Remora assets recovered
โข ~$1M additional tokens recovered
โข Snapshot-based reimbursement for STEP holders
โข Buyback + redemption process underway
Collateral shutdown:
Remora Markets, SolanaFloor
Strategic insight:
Executive endpoint compromise โ treasury compromise.
Crypto treasury management must incorporate hardened device policies, hardware-backed key storage, enforced MFA, anomaly detection.
Source: https://therecord.media/step-finance-cryptocurrency-theft-shutdown
Follow us for tactical crypto threat briefings.
Share mitigation strategies below.
#Infosec #CryptoSecurity #DeFiRisk #TreasuryManagement #EndpointSecurity #Blockchain #DigitalAssets #ThreatModeling #CyberIncident #SecurityOperations
BOCVIP
TechNadu
The Daily Perspective
Manuel Bissey
IT Insights
SOC Goulash