Cybercrime Group GreedyBear Ramps Up $1M in Crypto Heist

TheCryptoTimes2025-08-04 tarihinde yayınlandı2025-08-08 tarihinde güncellendi

A cybercrime group known as “GreedyBear,” has stolen over $1 million in cryptocurrency during a multi-faceted, large-scale attack, cybersecurity firm Koi Security discovered.

Unlike most cybercriminals, who focus on one tactic, GreedyBear attacks using three different vectors in tandem, making it an extremely coordinated crime.  These methods are fake browser wallet extensions, crypto-targeting malware, and scam websites.

According to Koi Security researcher Tuval Admoni, “Most groups pick a lane — maybe they do browser extensions, or ransomware, or phishing sites. GreedyBear said, ‘Why not all three?’ And it worked. Spectacularly.” Admoni said the group has used over 650 malicious tools aimed at crypto wallet users, stealing more than $1 million in the process.

Fake Wallet Extensions, Malware, and Scam Sites

The group has published over 150 fake crypto wallet browser extensions on the Firefox marketplace. These copy popular wallets like MetaMask, TronLink, Exodus, and Rabby Wallet. 

At first, the extensions are harmless to pass Firefox’s review process. Once approved and trusted by users, the criminals update them with malicious code to steal wallet passwords and private keys directly from the wallet interface.

GreedyBear has also distributed nearly 500 malware programs aimed at stealing cryptocurrency. They include password stealers such as LummaStealer that steal wallet information, and ransomware such as Luca Stealer that encrypts devices until victims make payments in crypto. Many of these malicious files are spread through Russian websites offering pirated or cracked software.

Their third part is a system of imitation crypto product websites. They are not only imitating login pages, but they are meant to resemble authentic landing pages for digital wallets, hardware devices, or wallet repair services. In actuality, they are decoys to capture sensitive data from unsuspecting visitors.

A Single Control Hub

All of these attacks are traced to a single server and IP address. It controls stolen information, facilitates ransomware requests, and carries scam websites. Experts also think that GreedyBear is employing AI-generated code to facilitate the production of new attacks at a faster rate, making them more difficult to block.

Cybersecurity experts warn this may be the “new normal” in crypto theft, urging stricter extension store security checks, more transparency from developers, and extra caution from users before installing extensions or downloading software.

Also Read: Aave Users Targeted by Scam Ads After $60B Record in Deposits



İlgili Okumalar

77 Bloody Codes: When the '$5 Wrench' Shatters the Privacy Myth of France's Crypto Elite

**Summary** In the first half of 2026, France recorded 77 violent crimes—including kidnappings, illegal confinement, and extortion—targeting cryptocurrency holders, a 71% increase over the 45 cases in all of 2025. This equates to an attack every 2.3 days, making France a global hotspot for so-called "wrench attacks," where criminals use physical violence to coerce victims into surrendering crypto assets. High-profile cases include the 2025 kidnapping of Ledger co-founder David Balland, who was shown with a severed finger in a ransom video, and an attempted kidnapping of the family of Paymium's CEO in Paris. Prosecutors note these are not isolated incidents but part of structured criminal networks, sometimes involving minors. Several factors contribute to France's vulnerability: a large holder base (approx. 7.3 million people), the presence of major crypto firms and executives, a culture of public disclosure among enthusiasts, and potential data leaks. The trend is spreading across Europe, which now accounts for over 40% of such global attacks. Research indicates a correlation between Bitcoin price surges and increased wrench attacks. In response, French Interior Minister Laurent Nuñez announced a three-pillar action plan focusing on enhanced intelligence sharing, deeper cooperation with the industry association Adan, and improved operational and cross-border coordination. Authorities have made over 200 arrests in the past year. Security experts warn that digital asset safety now extends to the physical world. They advise holders to use hardware wallets, avoid disclosing holdings on social media, enable multi-factor authentication, and report suspicious activity. The situation underscores the urgent need for the crypto community to shift from a "show-off" culture to one of discretion as physical security becomes paramount.

marsbit6 dk önce

77 Bloody Codes: When the '$5 Wrench' Shatters the Privacy Myth of France's Crypto Elite

marsbit6 dk önce

Both OpenAI and Anthropic are 'Developing Their Own Chips' — Beyond Cost, the Control Over Computing Power is Paramount

OpenAI and Anthropic are both advancing plans to develop custom AI chips, driven by the need to control computing power and reduce costs. According to reports, Anthropic is in early-stage development of its own chips and in talks with Samsung for manufacturing, while OpenAI is collaborating with Broadcom and TSMC, aiming to deploy its first inference chip by late 2026. The primary motivation extends beyond just lowering expenses. For these large model companies, chips are core production assets. By designing specialized hardware (ASICs) tailored to their specific model architectures—OpenAI's being more sparse and Anthropic's more dense—they aim to achieve deeper software-hardware co-design. This synergy can significantly improve inference speed, energy efficiency, and overall unit economics, offering advantages that off-the-shelf GPUs cannot. This move does not signify an immediate replacement for suppliers like Nvidia. The process from design to deployment takes 18-24 months, and Nvidia's GPU ecosystem remains deeply entrenched. Instead, custom chips provide a strategic alternative and negotiating leverage, allowing companies to use them for specific, high-volume workloads like inference while still relying on external GPUs and TPUs for other tasks. The trend reflects a broader industry shift where AI competition is evolving from pure algorithmic prowess to integrated control over the entire software-hardware stack. Companies like Google, Amazon, Meta, and Microsoft are already on this path. For foundries like Samsung, securing orders from AI leaders like Anthropic represents a significant opportunity to expand its footprint in the advanced semiconductor market for AI. Ultimately, the race for "computing sovereignty" is now a central battleground for major AI players.

marsbit12 dk önce

Both OpenAI and Anthropic are 'Developing Their Own Chips' — Beyond Cost, the Control Over Computing Power is Paramount

marsbit12 dk önce

İşlemler

Spot
活动图片