Pepe creator targeted, 6m-rouble trading scam, and other cybersecurity news

Here are the week’s key cybersecurity stories.

Projects by the Pepe meme creator were hacked by North Korean hackers

Several crypto projects linked to Pepe frog creator Matt Furie were exploited for more than $1m, on-chain sleuth ZachXBT reported. 

1/ Multiple projects tied to Pepe creator Matt Furie & ChainSaw as well as another project Favrr were exploited in the past week which resulted in ~$1M stolen

My analysis links both attacks to the same cluster of DPRK IT workers who were likely accidentally hired as developers. pic.twitter.com/85JRm5kLQO

— ZachXBT (@zachxbt) June 27, 2025

Attackers drained about $310,000 from the Replicandy, Peplicator, Hedz and Zogz collections created by Furie’s team on the ChainSaw platform. More than $680,000 was stolen from Favrr. 

The hackers accessed smart contracts, lifted token-issuance limits and minted NFTs, then sold them, effectively crashing prices to near zero. 

ZachXBT believes the attacks are tied to North Korean developers hired via freelance platforms. He tracked regular payments to such “employees” from third-party crypto projects and plans to publish statistics. 

Russia charges organisers of fake crypto trading worth 6m roubles

The Interior Ministry of Khakassia completed an investigation into two local residents over serial fraud involving crypto trading.

Investigators say that from 2022 to 2023 the defendants posted fake ads for selling digital assets and received transfers from residents of various regions. The proceeds were laundered through bank accounts. 

Forty-one people were defrauded, with total losses exceeding 6m roubles. 

Searches seized more than 50 SIM cards, equipment and bank cards. The case has been sent to court.

Wallet seed phrases are the main target of the SparkKitty

A new trojan, SparkKitty, is being distributed via lookalike app-store websites. It masquerades as crypto apps and trojanised versions of TikTok, Kaspersky Lab reported.

Our researchers uncovered #SparkKitty, a stealthy Trojan targeting both #iOS and #Android devices.

It captures images and device data from infected phones and transmits them to the attackers. The Trojan was embedded in apps related to #crypto, gambling, and even a trojanized… pic.twitter.com/2CjjSwcpeo

— Kaspersky (@kaspersky) June 24, 2025

Once installed, the malware requests access to the photo gallery. It tracks changes, creates a local database of stolen images and uploads them to a remote server. The main goal is to find screenshots of crypto wallet seed phrases. 

For now, the trojan primarily targets users in China and Southeast Asia. 

France arrests IntelBroker hacker and BreachForums operators

The US Department of Justice unsealed charges against 25-year-old UK citizen Kai West, known by the hacker alias IntelBroker, and disclosed his arrest in France in February 2025.

US authorities are seeking his extradition on charges of conspiracy to commit computer intrusions and wire fraud.

Using a crypto wallet address, law enforcement identified West’s account on the Ramp platform and a Coinbase account, and found scans of personal documents in the linked email.

Also in France this week, authorities arrested four BreachForums v2 operators, including ShinyHunters, who served as an administrator of the hacker forum after the capture of Pompompurin. IntelBroker was among those running the platform after its relaunch.

Separately, a Russian court sentenced four members of the REvil group to five years in prison, TASS reported. With time served in pre-trial detention, they were released after sentencing.

WhatsApp banned in the US Congress

The US Congress Office of Cybersecurity has banned the use of WhatsApp on all devices of the legislature’s staff, Reuters reported. 

The memo called the app “high risk for users due to the lack of encryption and transparent data protection.”

Staff and Members were advised to switch to Microsoft Teams, Wickr, Signal or FaceTime for messaging.

Meta said it “strongly disagrees” with the move, arguing the platform provides “a higher level of security than other approved apps.”

Russians warned about an imminent scam tied to a ‘single messenger’

From 1 July, fraudsters are preparing a large-scale campaign exploiting the law that bans foreign messengers for government bodies, RIA Novosti reported, citing experts at RANEPA.

They plan to pose as staff of a non-existent “Unified Public Services Aggregator,” offering registration in the new Max messenger from VK. The links they distribute are phishing pages aimed at stealing personal data. 

Additionally, scammers may intimidate victims on behalf of the FSB, police and other agencies to extort money.

Also on ForkLog:

• Crypto market losses to hackers over six months reached $2.1bn.
• Analysts linked the Nobitex breach to the arrest of agents in Iran.
• The Resupply protocol was hacked for $9.5m.
• A Buterin-backed project added a private payments feature in stablecoins.
• The zkLend protocol shut down after a hack.
• A quantum computer broke 22-bit RSA encryption.
• An AI for vulnerability discovery outperformed white-hat hackers.
• CoinGecko experts explained how to spot a scam token.
• Ledger released a product to back up access to wallets.
• More than 30 darknet marketplaces filled the gap left by the closure of Huione Guarantee on Telegram.
• Self Chain’s founder denied involvement in a $50m OTC scam, but was dismissed.
• Hackers targeted Trezor customers via a support form.
• Hackers compromised Cointelegraph’s frontend.
• The HAI token’s price fell 98% after a hack blamed on “human error.”

What to read this weekend?

How to avoid self-inflicted damage when reporting stolen crypto to the police. We break it down with an expert from Shard.