✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Investment Banking/Venture
Breach intelligence, attack campaigns, and threat reports targeting the Investment Banking/Venture sector.
Explore Other Sectors
Investment Banking/Venture Threat Reports
JaredFromSubway MEV Bot Hacked: A $15 Million Crypto Heist
In June 2026, the Ethereum-based MEV bot known as JaredFromSubway suffered a $15 million loss after an attacker exploited its opportunity-detection logic. The attacker created fake cryptocurrency trading opportunities by deploying contracts designed to appear as profitable MEV opportunities. The bot, upon analyzing these deceptive routes, granted ERC-20 token approvals to contracts controlled by the attacker, who subsequently withdrew WETH, USDC, and USDT from the bot's contract via the transferFrom function. This incident underscores the vulnerabilities inherent in automated trading systems and highlights the need for robust security measures in the rapidly evolving DeFi landscape. As MEV bots continue to play a significant role in blockchain ecosystems, their susceptibility to sophisticated attacks poses ongoing risks to financial stability and trust in decentralized platforms.
3 days ago
Kill Chain
Crypto Heist Leveraging Fake Reputation Networks to Distribute Malware
In June 2026, cybercriminals orchestrated a sophisticated campaign to distribute a Rust-based clipboard hijacking malware targeting both Windows and macOS users. The attackers created a comprehensive fake reputation network, utilizing GitHub repositories, SourceForge projects, AI-generated YouTube videos, and manipulated VirusTotal comments to lend credibility to their malicious tools. These tools, masquerading as crypto trading and gambling aids, were designed to steal cryptocurrency by intercepting wallet addresses copied to the clipboard, affecting assets like Bitcoin, Ethereum, Monero, Binance Chain, and Solana. This incident underscores a significant evolution in cybercriminal tactics, highlighting their ability to exploit multiple trusted platforms to build false credibility and deceive users. The campaign's success demonstrates the urgent need for enhanced vigilance and skepticism towards online reputation signals, especially in the cryptocurrency domain, where the allure of quick profits can cloud judgment.
3 days ago
Kill Chain
USB Worm Targets Cryptocurrency Wallets via Windows Shortcut Files
In June 2026, a sophisticated USB worm emerged, targeting cryptocurrency wallets by distributing clipboard-stealing malware through Windows shortcut (LNK) files on USB drives. Upon execution, the malware scans the system for document files, hides the originals, and replaces them with malicious shortcuts. It monitors clipboard activity to detect and replace cryptocurrency wallet addresses with those controlled by the attacker, captures screenshots, and exfiltrates data via the Tor network. The worm also propagates by copying itself to newly connected USB devices, facilitating further spread. This incident underscores the evolving tactics of threat actors leveraging removable media to infiltrate systems, emphasizing the need for heightened vigilance and robust security measures to protect sensitive financial information.
1 week ago
Kill Chain
FBI Issues Warning on New Cryptocurrency Scam Involving In-Person Couriers
In June 2026, the FBI issued a warning about a new tactic in cryptocurrency investment scams, commonly referred to as 'pig butchering' or 'romance baiting.' Fraudsters initiate contact through social media, dating sites, and messaging apps, building trust with victims before introducing them to fake investment schemes. When traditional financial institutions block suspicious transactions, these scammers dispatch couriers to collect cash directly from victims, often using agreed-upon passwords or specific dollar bill serial numbers for identification. Victims are led to believe their investments are growing, but when they attempt to withdraw funds, they are prompted to provide additional cash for fraudulent taxes and penalties, perpetuating the cycle. This incident underscores the evolving nature of cryptocurrency scams, highlighting the shift towards in-person interactions to circumvent financial safeguards. The FBI's alert serves as a critical reminder for individuals to exercise caution when approached with unsolicited investment opportunities, especially those involving direct cash transactions facilitated by couriers.
1 week ago
Kill Chain
Zcash's Orchard Privacy Pool Vulnerability: Discovery and Resolution
In May 2026, security researcher Taylor Hornby discovered a critical vulnerability in Zcash's Orchard privacy pool, which had been present since its activation in May 2022. This flaw could have allowed attackers to create unlimited, undetectable counterfeit ZEC tokens by exploiting a validation check failure in the zero-knowledge proof system. The Zcash team promptly addressed the issue by implementing a two-phase network upgrade, including a hard fork named NU6.2, to rectify the vulnerability. Despite the fix, the incident led to a significant decline in ZEC's market value, with prices dropping approximately 30% following the disclosure. The discovery underscores the potential for advanced AI models to uncover previously unknown vulnerabilities in cryptographic systems, raising concerns about the security of systems not yet tested against such tools.
2 weeks ago
Kill Chain
SoFi Hong Kong Data Breach: Lessons in Third-Party Risk Management
In April 2026, SoFi Hong Kong, a subsidiary of the U.S.-based financial technology company SoFi Technologies, detected unauthorized access to a customer database managed by a third-party vendor. The breach, discovered on April 30, 2026, prompted SoFi to engage a cybersecurity firm to investigate. While the full scope of the incident remains under investigation, the company has advised customers to monitor their accounts for suspicious activity and has implemented additional security measures to protect affected accounts. This incident underscores the critical importance of robust third-party risk management in the financial sector. As financial institutions increasingly rely on external vendors for data management, ensuring these partners adhere to stringent security protocols is essential to prevent unauthorized access and protect sensitive customer information.
2 weeks ago
Kill Chain
DoJ's 'Disruption Week' Targets Southeast Asia Crypto Fraud Networks
In May 2026, the U.S. Department of Justice (DoJ), in collaboration with major tech companies and international law enforcement agencies, launched 'Disruption Week' to combat cyber-enabled and cryptocurrency fraud targeting Americans. This operation led to the takedown of over 1.4 million fraudulent accounts across platforms like Facebook and Instagram, the suspension of approximately 20,000 Microsoft accounts, and the freezing of over $3.8 million in cryptocurrency assets. Additionally, seven individuals were arrested in Thailand, and multiple scam centers in Southeast Asia were disrupted. ([justice.gov](https://www.justice.gov/opa/pr/scam-center-strike-force-announces-results-us-private-industry-disruption-week?utm_source=openai)) This incident underscores the escalating threat of transnational cyber fraud, particularly involving cryptocurrencies. The significant financial losses reported in recent years highlight the urgent need for coordinated international efforts to dismantle these sophisticated scam networks and protect vulnerable individuals from financial exploitation. ([justice.gov](https://www.justice.gov/opa/pr/scam-center-strike-force-announces-results-us-private-industry-disruption-week?utm_source=openai))
3 weeks ago
Kill Chain
Global Stock Exchange Email Espionage: A 2025 Cybersecurity Wake-Up Call
In October 2025, an unidentified threat actor infiltrated the Microsoft Outlook mailbox of a senior executive at a global stock exchange, maintaining access for over five months. The attackers utilized legitimate Windows tools to establish persistence, deploying implants disguised as Adobe and OneDrive applications. They exfiltrated sensitive emails containing confidential organizational information via a command-and-control channel set up through Dropbox. The exfiltration occurred bi-weekly until February 2026, with the final observed activity in March 2026. ([darkreading.com](https://www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign?utm_source=openai)) This incident underscores the increasing sophistication of cyber-espionage campaigns targeting high-value financial institutions. The use of legitimate tools for malicious purposes highlights the necessity for enhanced monitoring and response strategies to detect and mitigate such stealthy attacks. ([darkreading.com](https://www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign?utm_source=openai))
3 weeks ago
Kill Chain
Lucifer Drainer: The Rise of Drainer-as-a-Service in Cryptocurrency Theft
In early 2026, cybersecurity researchers uncovered the 'Lucifer Drainer,' a sophisticated Drainer-as-a-Service (DaaS) platform that facilitated large-scale cryptocurrency theft. Operating from January 2025 to early 2026, Lucifer Drainer enabled affiliates to deploy phishing websites that tricked users into connecting their crypto wallets. Once connected, malicious transactions were executed, swiftly transferring assets to attacker-controlled wallets. This operation exemplifies the industrialization of crypto theft, with the DaaS model allowing even low-skilled actors to participate in complex scams. The emergence of platforms like Lucifer Drainer underscores a significant shift in cybercriminal tactics, highlighting the need for enhanced vigilance among cryptocurrency users and platforms. The professionalization of such services indicates a growing threat landscape, necessitating robust security measures and user education to mitigate risks associated with these evolving schemes.
1 month ago
Kill Chain
Crypto Gang Member Sentenced for $250M Heist Involving Physical Burglaries
Between late 2023 and early 2025, a criminal network orchestrated a sophisticated scheme combining social engineering, hacking, and physical burglaries to steal over $250 million in cryptocurrency from victims across the United States. When digital methods failed, the group relied on Marlon Ferro, known online as 'GothFerrari,' to physically break into victims' homes and steal hardware wallets containing substantial digital assets. Ferro's actions included a February 2024 burglary in Texas, where he stole a wallet with approximately 100 Bitcoins, then valued at over $5 million. In May 2026, Ferro was sentenced to 78 months in federal prison, ordered to pay $2.5 million in restitution, and serve three years of supervised release. This case underscores the evolving tactics of cybercriminals who blend online fraud with traditional burglary to exploit vulnerabilities in digital asset security. It highlights the critical need for robust security measures, including physical safeguards for hardware wallets, to protect against such multifaceted threats.
1 month ago
Kill Chain
North Korean Cyberattacks on DeFi Platforms Result in $577 Million Theft
In April 2026, North Korean state-sponsored hackers executed two significant cyberattacks on decentralized finance (DeFi) platforms, resulting in the theft of approximately $577 million. The first attack targeted Drift Protocol on April 1, exploiting social engineering tactics to compromise multisig governance and utilizing Solana's durable nonces to pre-sign administrative transactions, leading to a loss of $285 million. The second attack occurred on April 18 against KelpDAO, where attackers compromised internal RPC nodes and launched a denial-of-service attack on external nodes, facilitating the theft of $292 million. These incidents underscore the increasing sophistication and financial impact of North Korean cyber operations in the cryptocurrency sector. ([coinmarketcap.com](https://coinmarketcap.com/academy/article/north-korea-crypto-theft-76-percent-2026?utm_source=openai)) The prevalence of such high-value attacks highlights the urgent need for enhanced security measures within the DeFi ecosystem. The integration of artificial intelligence by threat actors to refine reconnaissance and social engineering tactics poses a growing challenge, necessitating proactive defense strategies to safeguard digital assets. ([coinmarketcap.com](https://coinmarketcap.com/academy/article/north-korea-crypto-theft-76-percent-2026?utm_source=openai))
1 month ago
Kill Chain
Global Crackdown on Cryptocurrency Fraud Leads to 276 Arrests
In April 2026, a coordinated international operation led by Dubai Police, in collaboration with U.S. and Chinese authorities, resulted in the arrest of at least 276 individuals and the dismantling of nine cryptocurrency investment fraud centers. These centers orchestrated 'pig-butchering' schemes, where scammers built trust with victims through fabricated relationships, ultimately luring them into fake cryptocurrency investment platforms that drained their funds. The operation targeted crime networks running these schemes, leading to significant arrests and the disruption of fraudulent activities. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/police-dismantles-9-crypto-investment-scam-centers-arrests-276-suspects/?utm_source=openai)) This incident underscores the escalating threat of sophisticated financial fraud schemes exploiting the cryptocurrency market. The substantial losses incurred highlight the urgent need for enhanced regulatory measures and public awareness to combat such deceptive practices effectively.
1 month ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports