✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Investment Management/Hedge Fund/Private Equity
Breach intelligence, attack campaigns, and threat reports targeting the Investment Management/Hedge Fund/Private Equity sector.
Explore Other Sectors
Investment Management/Hedge Fund/Private Equity Threat Reports
JaredFromSubway MEV Bot Hacked: A $15 Million Crypto Heist
In June 2026, the Ethereum-based MEV bot known as JaredFromSubway suffered a $15 million loss after an attacker exploited its opportunity-detection logic. The attacker created fake cryptocurrency trading opportunities by deploying contracts designed to appear as profitable MEV opportunities. The bot, upon analyzing these deceptive routes, granted ERC-20 token approvals to contracts controlled by the attacker, who subsequently withdrew WETH, USDC, and USDT from the bot's contract via the transferFrom function. This incident underscores the vulnerabilities inherent in automated trading systems and highlights the need for robust security measures in the rapidly evolving DeFi landscape. As MEV bots continue to play a significant role in blockchain ecosystems, their susceptibility to sophisticated attacks poses ongoing risks to financial stability and trust in decentralized platforms.
3 days ago
Kill Chain
Global Stock Exchange Email Espionage: A 2025 Cybersecurity Wake-Up Call
In October 2025, an unidentified threat actor infiltrated the Microsoft Outlook mailbox of a senior executive at a global stock exchange, maintaining access for over five months. The attackers utilized legitimate Windows tools to establish persistence, deploying implants disguised as Adobe and OneDrive applications. They exfiltrated sensitive emails containing confidential organizational information via a command-and-control channel set up through Dropbox. The exfiltration occurred bi-weekly until February 2026, with the final observed activity in March 2026. ([darkreading.com](https://www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign?utm_source=openai)) This incident underscores the increasing sophistication of cyber-espionage campaigns targeting high-value financial institutions. The use of legitimate tools for malicious purposes highlights the necessity for enhanced monitoring and response strategies to detect and mitigate such stealthy attacks. ([darkreading.com](https://www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign?utm_source=openai))
3 weeks ago
Kill Chain
Google Engineer Arrested for Insider Trading on Polymarket
In May 2026, Michele Spagnuolo, a 36-year-old Google security engineer, was arrested in New York for allegedly using confidential internal data to profit on the Polymarket prediction platform. Spagnuolo accessed nonpublic 'Year in Search' data to place bets on the most searched individuals of 2025, resulting in over $1.2 million in gains. He faces charges including commodities fraud, wire fraud, and money laundering, with potential sentences totaling up to 50 years in prison. This incident underscores the growing scrutiny of insider trading within emerging financial platforms like prediction markets. It highlights the critical need for robust internal controls and monitoring to prevent the misuse of proprietary information, especially as digital platforms become increasingly integrated into financial activities.
3 weeks ago
Kill Chain
Operation Atlantic 2026: A Landmark in Combating Cryptocurrency Fraud
In March 2026, Operation Atlantic, a collaborative effort led by the UK's National Crime Agency (NCA) alongside the U.S. Secret Service, Ontario Provincial Police, and Ontario Securities Commission, targeted cryptocurrency fraud across the UK, Canada, and the United States. The operation identified over 20,000 victims and froze more than $12 million in suspected criminal proceeds obtained through 'approval phishing' scams, where victims were deceived into granting access to their cryptocurrency wallets. Additionally, the operation uncovered over $45 million in stolen cryptocurrency linked to global fraud schemes. ([nationalcrimeagency.gov.uk](https://www.nationalcrimeagency.gov.uk/news/fraudsters-targeting-cryptocurrency-stopped-and-12-million-frozen-in-nca-led-operation-atlantic?utm_source=openai)) This incident underscores the escalating threat of sophisticated phishing attacks in the cryptocurrency sector, highlighting the necessity for enhanced security measures and international cooperation to protect digital assets. The success of Operation Atlantic demonstrates the effectiveness of public-private partnerships in combating cybercrime and sets a precedent for future collaborative efforts to safeguard investors and maintain trust in the cryptocurrency market.
2 months ago
Kill Chain
INTERPOL's Operation Red Card 2.0: A Major Blow to African Cybercrime Networks
Between December 8, 2025, and January 30, 2026, INTERPOL coordinated Operation Red Card 2.0, a collaborative effort involving law enforcement agencies from 16 African countries. This operation targeted transnational cybercriminal networks engaged in high-yield investment scams, mobile money fraud, and fraudulent mobile loan applications. The concerted efforts led to the arrest of 651 individuals, the recovery of over $4.3 million, and the dismantling of 1,442 malicious infrastructures, including IPs, domains, and servers. Investigations revealed that these scams were responsible for financial losses exceeding $45 million, affecting 1,247 victims across Africa and beyond. ([interpol.int](https://www.interpol.int/News-and-Events/News/2026/Major-operation-in-Africa-targeting-online-scams-nets-651-arrests-recovers-USD-4.3-million?utm_source=openai)) The success of Operation Red Card 2.0 underscores the escalating threat posed by organized cybercrime syndicates and highlights the critical importance of international collaboration in combating these pervasive threats. The operation also emphasizes the need for continuous vigilance and proactive measures to protect individuals and businesses from evolving cyber fraud schemes.
4 months ago
Kill Chain
Betterment's 2026 Data Breach: A Social Engineering Wake-Up Call
In January 2026, Betterment, a prominent fintech firm, experienced a data breach resulting from a social engineering attack targeting third-party platforms used for marketing and operations. Unauthorized access was gained on January 9, allowing attackers to obtain personal information—including names, email addresses, postal addresses, phone numbers, and dates of birth—of approximately 1.4 million customers. The attackers exploited this access to send fraudulent cryptocurrency-related messages, falsely promising to triple users' crypto investments if they transferred funds to attacker-controlled wallets. Betterment detected the breach on the same day, revoked unauthorized access, and initiated a comprehensive investigation with cybersecurity experts. Importantly, no customer accounts, passwords, or login credentials were compromised during the incident. ([techcrunch.com](https://techcrunch.com/2026/01/12/fintech-firm-betterment-confirms-data-breach-after-hackers-send-fake-crypto-scam-notification-to-users/?utm_source=openai)) This incident underscores the escalating threat of social engineering attacks within the fintech sector, particularly those targeting third-party service integrations. The breach highlights the critical need for robust security measures, employee training, and vigilant monitoring of external platforms to prevent unauthorized access and protect sensitive customer information.
4 months ago
Kill Chain
Step Finance's $40M Crypto Theft: A Wake-Up Call for Endpoint Security
In late January 2026, Step Finance, a prominent Solana-based DeFi platform, suffered a significant security breach resulting in the theft of approximately $40 million worth of digital assets. The attackers gained unauthorized access to the company's treasury wallets by compromising devices belonging to its executive team. This breach led to the unauthorized transfer of 261,854 SOL tokens, valued at around $29 million at the time, and caused the platform's native STEP token to plummet over 80% within 24 hours. ([ainvest.com](https://www.ainvest.com/news/step-finance-treasury-theft-27m-sol-outflow-step-token-collapse-2602/?utm_source=openai)) This incident underscores the critical importance of robust endpoint security measures, especially for individuals with access to substantial organizational assets. The breach highlights the growing trend of targeting high-level personnel through device compromises, emphasizing the need for comprehensive security protocols and regular audits to safeguard against such sophisticated attacks.
4 months ago
Kill Chain
CIRO 2023 Data Breach Exposes Sensitive Data of 750,000 Canadian Investors
In late 2023, the Canadian Investment Regulatory Organization (CIRO) disclosed that a cyberattack compromised the personal and financial data of approximately 750,000 Canadian investors. The breach, involving unauthorized access to sensitive investor information, stemmed from an attack on a third-party IT provider responsible for maintaining the data. The breach's detection and subsequent investigation prompted CIRO to initiate notification procedures with impacted individuals and regulatory bodies. The incident highlighted critical weaknesses in third-party vendor security, raising concerns about the protection of confidential financial data within the regulated investment sector. This event is particularly relevant as it underscores a growing trend of attacks targeting regulatory and financial organizations via supply chain vectors. With increasing regulatory scrutiny and heightened risks from third-party service providers, organizations face renewed pressure to modernize data protection strategies and enforce robust vendor risk management frameworks.
5 months ago
Kill Chain
Ledger Customer Data Exposed in 2024 Global-e Third-Party Breach
In June 2024, Ledger, the hardware cryptocurrency wallet provider, disclosed that a third-party service provider, Global-e, suffered a security breach resulting in unauthorized exposure of customer data. Attackers gained access to Global-e’s e-commerce system, compromising customers’ names, addresses, phone numbers, and emails used for Ledger purchases. Financial information and cryptocurrencies remained unaffected, but impacted individuals could be at greater risk for phishing or other targeted attacks leveraging their leaked information. This incident underscores the growing risks organizations face from third-party vendors. As supply chain and partner ecosystems expand, attackers increasingly target less secure partners, leading to significant data exposures even when a primary company’s own systems are uncompromised.
5 months ago
Kill Chain
Crypto Phishing 2026: How Chatbots and Telegra.ph Power Modern Scams
Between October 2025 and early 2026, a persistent cryptocurrency phishing campaign leveraged fake chatbot websites and phishing emails to target users, primarily using minimalist publishing platforms such as telegra.ph and Google Forms. The attackers distributed scam emails promising recipients substantial payouts in Bitcoin, directing them to malicious pages purporting to automate cryptocurrency mining profits. Victims were eventually asked to pay a fraudulent conversion fee to claim their non-existent funds, with payments funneled into wallets controlled by the attackers. The campaign’s simplicity and abuse of free digital services allowed it to evade basic filtering and reach a wide audience repeatedly. This incident highlights an ongoing rise in abuse of cloud-based publishing and forms services for elaborate phishing scams. Attackers are increasingly automating social engineering techniques, combining chatbots and “cash out” lures that have proven cost-effective and resilient even as major platforms improve traditional anti-phishing measures.
- Banking/Mortgage
- Capital Markets/Hedge Fund/Private Equity
- Investment Management/Hedge Fund/Private Equity
5 months ago
Kill Chain
Trust Wallet Breach 2023: How a Shai-Hulud NPM Supply Chain Attack Stole $8.5M
In November 2023, Trust Wallet suffered a significant security breach in which an attacker exploited a malicious NPM supply chain package—most notably associated with the "Shai-Hulud" attack campaign. By leveraging this industry-wide incident, threat actors managed to compromise the Trust Wallet web browser extension, executing a targeted attack to steal approximately $8.5 million from over 2,500 crypto wallets. The threat actors utilized sophisticated techniques to inject malicious code via the open-source software supply chain, highlighting vulnerabilities in component dependencies and the risk of lateral movement within affected environments. This incident is especially relevant as supply chain attacks using compromised open-source packages are on the rise, impacting a broad range of organizations that rely on third-party code. The Trust Wallet breach underscores the urgency for robust supply chain security strategies, better monitoring of dependencies, and solid east-west traffic controls to detect anomalous behaviors and restrict lateral movement.
- Computer Software/Engineering
- Computer/Network Security
- Investment Management/Hedge Fund/Private Equity
5 months ago
Kill Chain
SantaStealer: The 2024 Memory-Based Infostealer Malware Targeting Credentials and Crypto Wallets
In early 2024, a new information-stealing malware known as SantaStealer emerged on cybercriminal Telegram channels and hacker forums, operating as a malware-as-a-service (MaaS). Designed to run primarily in memory, SantaStealer avoids traditional file-based detection and targets sensitive data in browsers, cryptocurrency wallets, and installed application credentials. Attackers typically distribute the malware through phishing campaigns and malicious attachments. Once executed, SantaStealer exfiltrates stolen data to command-and-control servers, enabling threat actors to harvest victims' digital assets and credentials for further exploitation or sale on underground markets. The incident underlines a growing trend of evasive, memory-resident stealer malware leveraging MaaS models. Cybercriminals are accelerating adoption of these techniques, raising the stakes for organizations and individuals who store credentials and assets on personal and enterprise endpoints.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports