Autor Cointelegraph by Zoltan Vardai

Security researchers have linked a new macOS malware campaign to the Lazarus Group, the North Korea-linked hacking operation behind some of the crypto industry’s biggest thefts.Flagged on Tuesday, the new “Mach-O Man” malware kit is distributed via “ClickFix” social engineering schemes across traditional businesses and crypto companies, according to Mauro Eldritch, offensive security expert and founder of threat intelligence company BCA Ltd.Victims are lured into a fake Zoom or Google Meet call where they are prompted to execute commands that download the malware in the background, allowing attackers to bypass traditional controls without detection to gain access to credentials and corporate systems, the security researcher said in a Tuesday report.Researchers said the campaign can lead to account takeovers, unauthorized infrastructure access, financial losses and the exposure of critical data, underscoring how Lazarus continues to expand its targeting beyond crypto-native companies.The Lazarus Group is the main suspect in some of the largest-ever cryptocurrency hacks, including the $1.4 billion hack of Bybit exchange in 2025, the industry’s largest so far. Fake Mach-O Man Kit apps. Source: ANY.RUN“Mach-o Man” kit seeks to implement hidden stealer malwareThe final stage of the campaign is a stealer designed to extract browser extension data, stored browser credentials, cookies, macOS Keychain entries and other sensitive information from infected devices.Final staging director for Stealer malware. Source: Any.runAfter collection, the data is archived into a zip file and exfiltrated through Telegram to the attackers. Finally, the malware’s self-deletion script removes the entire kit using the system’s rm command, which bypasses user confirmation and permissions when removing files.The novel malware kit was reconstructed by the security expert through cloud-based malware sandbox Any.run’s macOS analysis capabilities.Related: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North KoreaEarlier in April, North Korean hackers used AI-enabled social engineering schemes to steal about $100,000 worth of funds from crypto wallet Zerion, after gaining access to some team members’ logged-in sessions, credentials and the company’s private keys, Cointelegraph reported on April 15. [embedded content]Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia ExpressCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy

Aave, the largest decentralized lending protocol, has seen around $15 billion in deposits withdrawn since the Kelp Dao exploit on Saturday. Total value supplied to Aave fell from $45.8 billion on Saturday to $30.8 billion on Wednesday, according to Aavescan data.The decline followed an attack that drained about 116,500 restaked Ether (rsETH), worth roughly $293 million, from Kelp DAO’s LayerZero-powered rsETH bridge. The exploiter then used part of the stolen funds to borrow on Aave. Aave’s incident report said 89,567 rsETH were deposited on the protocol and that the resulting shortfall could range from about $123 million to $230 million, depending on how losses are ultimately allocated.The outflows reflect fears of contagion from Aave’s bad debt and broader capital flight from decentralized finance (DeFi), according to institutional digital asset trading platform Talos.The bad debt created by the Kelp exploiter resulted in Aave’s v3 Wrapped Ether (WETH) market temporarily reaching 100% utilization and leaving no liquidity available for immediate withdrawals, Talos said in a Tuesday report.Total amount supplied in Aave, 3-month chart. Source: AavescanSparkLend’s total value locked (TVL) rose by $1.3 billion since the Kelp DAO exploit, signaling that the fourth-largest lending protocol was absorbing some of the funds withdrawn from Aave, blockchain analyst EmberCN said in a Wednesday post on X.Related: Crypto hackers stole $17B over past 10 years: DefiLlamaKelp exploit spreads through DeFi lendingThe episode highlights how DeFi’s interconnectedness is a double-edged sword, as the Kelp DAO exploit spread across lending markets and escalated into a “broader liquidity crunch,” Tanay Ved, senior research associate at Talos, told Cointelegraph.She said the asset bundled risks across restaking, bridging and lending layers, allowing the impact to spread far beyond the initial exploit, adding that the incident reinforces the need for a more robust collateral framework and a more holistic security approach to address the systemic vulnerabilities of yield-bearing assets.Aave v3 Market Utilization Rate percentage across USDC, USDT, WETH, USDe. Source: TalosAave said it had unfrozen WETH reserves on the Ethereum Core V3 market on Tuesday, enabling users to supply WETH to the V3 lending protocol, but WETH reserves across Ethereum Prime, Arbitrum, Base, Mantle and Linea remain frozen.Related: Kelp DAO attacker moves $175M in Ether after exploit: ArkhamTraders bet Kelp DAO won’t socialize lossesOn Monday, Aave’s risk manager outlined two potential scenarios for addressing the bad debt. The first scenario involves spreading the losses across all rsETH token holders on Ethereum mainnet and layer-2s, leaving about $123 million in bad debt on Aave.The alternative would shift the shortfall entirely to layer-2 networks, resulting in about $230 million in bad debt on Aave.Traders took to prediction markets to bet on the outcome, with 20% of traders wagering on Kelp DAO socializing the losses across rsETH holders on mainnet, rather than L2 holders bearing the shortfall, Polymarket data shows.Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia ExpressCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy

Coinbase’s chief legal officer, Paul Grewal, said Wednesday that the company had removed New York Attorney General Letitia James’ prediction markets lawsuit from state court to federal court, arguing that the case turns on disputed questions of federal law over how event contracts are regulated.The move escalates a legal fight that could help define whether prediction markets fall under federal commodities regulation and the scope of the US Commodities and Futures Trading Commission’s (CFTC) or state gambling laws, with broader implications for the oversight of platforms like Coinbase and Gemini.“We have removed this action to federal court,” wrote Grewal in a Wednesday X post, adding that New York’s claims raise “disputed and substantial questions of federal law” and are subject to “complete preemption.”It comes in response to a Tuesday lawsuit filed by New York’s Attorney General Letitia James against Coinbase Financial Markets and Gemini Titan, alleging their prediction market offerings violate New York gambling law by allowing users to bet on sports, entertainment and elections without a state gaming license, including users between 18 and 20 years old.Related: Kalshi, Polymarket face trading halt in Nevada after court rulingsThe lawsuit seeks fines, forfeiture of alleged illegal profits and restitution for customers, while also asking the court to stop the companies from offering similar products in New York without complying with state law.Cointelegraph has approached Coinbase for comment on the matter and a copy of the court filing.Notice of Removal. Source: Paul GrewalState regulators battle for prediction markets jurisdictionState regulators have stepped up pressure on prediction market platforms in recent months, with 11 states having pursued legal action against them, seeking to assert control over federal regulators.Coinbase’s Grewal said in a Tuesday X post that prediction markets are “federally regulated national exchanges” under the CFTC and the company will continue to “fight for the federal oversight of these markets that Congress intended.”Coinbase launched prediction markets across 50 US states, including New York, on Jan. 28, offering trades on “any real-world outcomes” across sports, politics, culture and more.The New York Attorney General’s lawsuit is the latest sign that state regulators are seeking to assert their jurisdiction over emerging prediction markets, contradicting the CFTC’s stance, which said it has exclusive jurisdiction over prediction markets registered as designated contract markets, such as Polymarket and Kalshi. On April 2, the CFTC filed three separate lawsuits against the gaming regulators of Illinois, Connecticut and Arizona, arguing that those states could not apply their gambling laws and licensing requirements to event contracts listed on CFTC-regulated platforms.On April 8, the CFTC and US Department of Justice (DoJ) asked a federal court to block Arizona from enforcing state gambling law against Kalshi’s event contracts, arguing that they fall under the CFTC’s exclusive authority.Magazine: Will the CLARITY Act be good — or bad — for DeFi?Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy

Cryptocurrency offerings are starting to influence how European investors are choosing their bank providers, but regulatory uncertainty continues to hinder mainstream adoption, according to a new survey.A Börse Stuttgart Digital survey released Tuesday found that 35% of European investors would consider switching banks if another institution offered better cryptocurrency investment options, suggesting crypto is starting to influence how some customers choose financial providers.Nearly one in five respondents said they expect their main bank to offer crypto access within the next three years, according to the survey, which covered about 6,000 investors in Germany, Italy, Spain and France. The findings suggest crypto is moving closer to the mainstream banking relationship, at least among investors already open to digital assets.Still, regulations and a lack of education remain the biggest hurdles to adoption, with 76% seeing crypto assets as insufficiently regulated, while over 60% feel poorly informed about digital assets.MiCA increased trust in digital assets for nearly half of European investorsEuropean Union regulation appears to be helping on that front. The EU’s Markets in Crypto-Assets Regulation (MiCA) went into full effect for crypto asset service providers on Dec. 30, 2024.Nearly half of the surveyed investors said that the MiCA framework increased their trust in digital assets, making them “safer and more attractive.”“Trust and clear regulation are essential for the next phase of crypto adoption in Europe. With MiCAR bringing transparency and legal certainty, investors gain the clarity they expect,” said Matthias Voelkel, the CEO of Börse Stuttgart Group.The results land as traditional financial institutions across Europe keep inching deeper into crypto. Börse Stuttgart Digital said in January 2025 that it had become the first German provider of crypto asset services to receive an EU-wide MiCA license through its custody subsidiary, positioning itself as a regulated infrastructure provider for banks, brokers and asset managers.Related: Deutsche Börse invests $200 million in Kraken parent PaywardSpain leads European crypto adoptionAmong the surveyed countries, Spain showed the highest crypto adoption rate with nearly 28% of investors already owning digital assets. Germany was second with 25%, Italy followed with 24% and France with 23%.Of the respondents, 25% said they had already invested in crypto, and 36% said they are likely to invest again within the next five years, showing “sustained interest despite market volatility,” according to the report.Top countries within the wider European region by total value received, July 2024 – June 2025. Source: ChainalysisAccording to a Chainalysis report published in October 2025, Russia had the largest crypto market in Europe with $376 billion of value received between July 2024 and June 2025, trailed by the United Kingdom with $273 billion and Germany with $219 billion.Magazine: Will the CLARITY Act be good — or bad — for DeFi?Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy

Private key compromises are emerging as one of crypto’s costliest attack vectors, with hackers stealing more than $17 billion across 518 recorded incidents over the past decade, according to data platform DefiLlama.In data shared Tuesday, DefiLlama’s dashboard shows a large share of those incidents stemmed from compromised private keys, alongside phishing and other credential-based attacks.Total hacked by the technique. Source: DefiLlama Around 22.3% of the incidents were attributed to private key compromises through “brute force,” 18.2% to private key compromises via “unknown methods,” and 10% occurred due to phishing attacks on multi-signature wallets. The figures add to evidence that some of the industry’s biggest losses are increasingly coming from weaknesses in wallet security, signing infrastructure and user behavior, rather than from flaws in protocol code alone.The findings come days after the crypto industry suffered its largest hack so far in 2026 on Saturday, when an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.Source: DefiLlamaDeFi protocols lost $600 million in two months: GSR ResearchThe recent wave of losses has also hit decentralized finance hard. More than $600 million was stolen from DeFi protocols over the past 60 days, according to a Monday report from crypto trading company GSR, with the Kelp exploit and the April 1 exploit involving Solana-based decentralized exchange Drift Protocol accounting for most of the total.The attacks are raising new questions about whether improving smart contract audits alone is enough to protect users. In its report, GSR said attackers appear to be shifting toward “operational security, signing infrastructure, developer tooling, and the humans behind them” as smart contract security continues to improve.That shift is pressuring a sector already facing narrower returns. “DeFi yields have compressed toward TradFi rates, raising the question of whether depositing onchain is still worth the risk,” GSR wrote.Major DeFi exploits. Source: GSR Research“Lazy” hacks are spreading due to AI and malwareCybersecurity companies say advances in malware and artificial intelligence are making social engineering and wallet-targeting attacks easier to scale, which involve scammers tricking victims into sending crypto to illicit addresses by first sending them small transactions, hoping that investors copy and paste the attacker’s address from the transaction history.Related: ZachXBT asks MemeCore to explain valuation and token supplyThe rise of hacking-as-a-service tools is also lowering the barrier to entry for would-be attackers, according to Dyma Budorin, co-founder and CEO of cybersecurity firm Hacken.“If people are getting these links, their wallets can be completely drained,” Budorin told Cointelegraph in an interview at EthCC 2026. “The platform on the darknet will take the commission for their tools and [scammers] get the bigger portion of the drained wallets.”Budorin added that hackers are usually seeking out the easiest targets that require the least effort to scam.Dyma Budorin, co-founder and CEO at Hacken, interview at EthCC 2026. Source: CointelegraphWeb3 projects lost $482 million in the first quarter of 2026, as phishing and social engineering scams drove $306 million of those losses as the largest attack vector, according to a report by Hacken.Even so, some parts of the threat picture have improved. Scam Sniffer said in a January report that losses tied to crypto phishing attacks fell sharply in 2025, suggesting users were becoming more aware of the threat, even as wallet-drainer scripts and new malware strains continued to circulate.Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia ExpressCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy