{"id":25001,"date":"2025-06-28T07:00:00","date_gmt":"2025-06-28T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/pepe-creator-targeted-6m-rouble-trading-scam-and-other-cybersecurity-news\/"},"modified":"2025-06-28T07:00:00","modified_gmt":"2025-06-28T04:00:00","slug":"pepe-creator-targeted-6m-rouble-trading-scam-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/pepe-creator-targeted-6m-rouble-trading-scam-and-other-cybersecurity-news\/","title":{"rendered":"Pepe creator targeted, 6m-rouble trading scam, and other cybersecurity news"},"content":{"rendered":"<p>Here are the week\u2019s key cybersecurity stories.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Projects by Pepe creator Matt Furie were breached by North Korean hackers.<\/li>\n<li>Russia charged organisers of a sham crypto-trading scheme worth 6m roubles.<\/li>\n<li>Crypto wallet seed phrases are the primary target of the SparkKitty trojan.<\/li>\n<li>France arrested the hacker IntelBroker and BreachForums operators.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Projects by the Pepe meme creator were hacked by<\/strong><strong> North Korean hackers<\/strong><\/h2>\n<p>Several crypto projects linked to Pepe frog creator Matt Furie were exploited for more than $1m, on-chain sleuth ZachXBT reported.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ Multiple projects tied to Pepe creator Matt Furie &#038; ChainSaw as well as another project Favrr were exploited in the past week which resulted in ~$1M stolen<\/p>\n<p>My analysis links both attacks to the same cluster of DPRK IT workers who were likely accidentally hired as developers. <a href=\"https:\/\/t.co\/85JRm5kLQO\">pic.twitter.com\/85JRm5kLQO<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1938598925004607629?ref_src=twsrc%5Etfw\">June 27, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Attackers drained about $310,000 from the Replicandy, Peplicator, Hedz and Zogz collections created by Furie\u2019s team on the ChainSaw platform. More than $680,000 was stolen from Favrr.\u00a0<\/p>\n<p>The hackers accessed smart contracts, lifted token-issuance limits and minted NFTs, then sold them, effectively crashing prices to near zero.\u00a0<\/p>\n<p>ZachXBT believes the attacks are tied to North Korean developers hired via freelance platforms. He tracked regular payments to such \u201cemployees\u201d from third-party crypto projects and plans to publish statistics.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russia charges organisers of fake crypto trading worth 6m roubles<\/strong><\/h2>\n<p>The Interior Ministry of Khakassia <a href=\"https:\/\/t.me\/mvd19rh\/8808\">completed<\/a> an investigation into two local residents over serial fraud involving crypto trading.<\/p>\n<p>Investigators say that from 2022 to 2023 the defendants posted fake ads for selling digital assets and received transfers from residents of various regions. The proceeds were laundered through bank accounts.\u00a0<\/p>\n<p>Forty-one people were defrauded, with total losses exceeding 6m roubles.\u00a0<\/p>\n<p>Searches seized more than 50 SIM cards, equipment and bank cards. The case has been sent to court.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Wallet seed phrases are the main target of the <\/strong><strong>SparkKitty<\/strong><\/h2>\n<p>A new trojan, SparkKitty, is being distributed via lookalike app-store websites. It masquerades as crypto apps and trojanised versions of TikTok, Kaspersky Lab reported.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Our researchers uncovered <a href=\"https:\/\/twitter.com\/hashtag\/SparkKitty?src=hash&#038;ref_src=twsrc%5Etfw\">#SparkKitty<\/a>, a stealthy Trojan targeting both <a href=\"https:\/\/twitter.com\/hashtag\/iOS?src=hash&#038;ref_src=twsrc%5Etfw\">#iOS<\/a> and <a href=\"https:\/\/twitter.com\/hashtag\/Android?src=hash&#038;ref_src=twsrc%5Etfw\">#Android<\/a> devices.<\/p>\n<p>It captures images and device data from infected phones and transmits them to the attackers. The Trojan was embedded in apps related to <a href=\"https:\/\/twitter.com\/hashtag\/crypto?src=hash&#038;ref_src=twsrc%5Etfw\">#crypto<\/a>, gambling, and even a trojanized\u2026 <a href=\"https:\/\/t.co\/2CjjSwcpeo\">pic.twitter.com\/2CjjSwcpeo<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/1937529025771008311?ref_src=twsrc%5Etfw\">June 24, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Once installed, the malware requests access to the photo gallery. It tracks changes, creates a local database of stolen images and uploads them to a remote server. The main goal is to find screenshots of crypto wallet seed phrases.\u00a0<\/p>\n<p>For now, the trojan primarily targets users in China and Southeast Asia.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>France arrests IntelBroker hacker and BreachForums operators<\/strong><\/h2>\n<p>The US Department of Justice <a href=\"https:\/\/www.justice.gov\/usao-sdny\/media\/1404616\/dl?inline\">unsealed charges<\/a> against 25-year-old UK citizen Kai West, known by the hacker alias <a href=\"https:\/\/forklog.com\/en\/news\/cybersecurity-highlights-tech-giants-secrets-for-monero-and-a-crypto-thief-disguised-as-a-messenger\">IntelBroker<\/a>, and disclosed his arrest in France in February 2025.<\/p>\n<p>US authorities are seeking his extradition on charges of conspiracy to commit computer intrusions and wire fraud.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXe5qDrwD5fS7ljReuo80UxXxXm6qCm1Uhi40vOHlNmS9z7s0kFdE2GVmGzphIusR2qHeWHXZxeZco4Ejinz2h76PIVR32dltUUUg4fjgEA8M5wcxnE6ij_2TmOdC3tjAXsjETdx5g?key=EuAwsqsagytN7wVMbIQDRA\" alt=\"\u0410\u0442\u0430\u043a\u0430 \u043d\u0430 \u0430\u0432\u0442\u043e\u0440\u0430 Pepe, \u0441\u043a\u0430\u043c-\u0442\u0440\u0435\u0439\u0434\u0438\u043d\u0433 \u043d\u0430 6 \u043c\u043b\u043d \u0440\u0443\u0431\u043b\u0435\u0439 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption class=\"wp-element-caption\">Kai West. Source: US Department of Justice.<\/figcaption><\/figure>\n<p>Using a crypto wallet address, law enforcement identified West\u2019s account on the Ramp platform and a Coinbase account, and found scans of personal documents in the linked email.<\/p>\n<p>Also in France this week, authorities <a href=\"https:\/\/www.leparisien.fr\/high-tech\/la-police-interpelle-cinq-hackers-francais-de-haut-vol-derriere-un-celebre-forum-de-vol-de-donnees-25-06-2025-QJTPFTDPQZAP7B25MF24YLHU6E.php\">arrested<\/a> four BreachForums v2 operators, including <a href=\"https:\/\/forklog.com\/en\/news\/cybersecurity-highlights-europols-takedown-of-malware-network-and-telegrams-new-fact-checking-feature\">ShinyHunters<\/a>, who served as an administrator of the hacker forum after the capture of <a href=\"https:\/\/forklog.com\/en\/news\/cryptocurrency-scams-on-telegram-mass-surveillance-in-switzerland-and-other-cybersecurity-events\">Pompompurin<\/a>. IntelBroker was among those running the platform after its relaunch.<\/p>\n<p>Separately, a Russian court sentenced four members of the REvil group to five years in prison, <a href=\"https:\/\/tass.ru\/proisshectviya\/24328083\">TASS<\/a> reported. With time served in pre-trial detention, they were released after sentencing.<\/p>\n<h2 class=\"wp-block-heading\"><strong>WhatsApp banned in the US Congress<\/strong><\/h2>\n<p>The US Congress Office of Cybersecurity has banned the use of WhatsApp on all devices of the legislature\u2019s staff, <a href=\"https:\/\/www.reuters.com\/world\/us\/whatsapp-banned-us-house-representatives-devices-memo-2025-06-23\/\">Reuters<\/a> reported.\u00a0<\/p>\n<p>The memo called the app \u201chigh risk for users due to the lack of encryption and transparent data protection.\u201d<\/p>\n<p>Staff and Members were advised to switch to Microsoft Teams, Wickr, Signal or FaceTime for messaging.<\/p>\n<p>Meta said it \u201cstrongly disagrees\u201d with the move, arguing the platform provides \u201ca higher level of security than other approved apps.\u201d<\/p>\n<h2 class=\"wp-block-heading\"><strong>Russians warned about an imminent scam tied to a \u2018single messenger<\/strong>\u2019<\/h2>\n<p>From 1 July, fraudsters are preparing a large-scale campaign exploiting the law that bans foreign messengers for government bodies, <a href=\"https:\/\/ria.ru\/20250627\/moshenniki-2025696925.html?ysclid=mces47wc2d871492842\">RIA Novosti<\/a> reported, citing experts at <span data-descr=\"Russian Presidential Academy of National Economy and Public Administration\" class=\"old_tooltip\">RANEPA<\/span>.<\/p>\n<p>They plan to pose as staff of a non-existent \u201cUnified Public Services Aggregator,\u201d offering registration in the new Max messenger from VK. The links they distribute are phishing pages aimed at stealing personal data.\u00a0<\/p>\n<p>Additionally, scammers may intimidate victims on behalf of the FSB, police and other agencies to extort money.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Crypto market losses to hackers over six months <a href=\"https:\/\/forklog.com\/en\/news\/cryptocurrency-market-losses-to-hackers-reach-2-1-billion-in-six-months\">reached $2.1bn<\/a>.<\/li>\n<li>Analysts linked the Nobitex breach to the <a href=\"https:\/\/forklog.com\/en\/news\/analysts-link-nobitex-breach-to-arrest-of-iranian-agents\">arrest of agents<\/a> in Iran.<\/li>\n<li>The <a href=\"https:\/\/forklog.com\/en\/news\/resupply-protocol-hacked-for-9-5-million\">Resupply protocol was hacked<\/a> for $9.5m.<\/li>\n<li>A Buterin-backed project added a <a href=\"https:\/\/forklog.com\/en\/news\/buterin-backed-project-introduces-private-stablecoin-payments\">private payments feature<\/a> in stablecoins.<\/li>\n<li>The <a href=\"https:\/\/forklog.com\/en\/news\/zklend-protocol-shuts-down-following-cyberattack\">zkLend protocol shut down<\/a> after a hack.<\/li>\n<li>A quantum computer <a href=\"https:\/\/forklog.com\/en\/news\/quantum-computer-cracks-22-bit-rsa-encryption\">broke 22-bit RSA encryption<\/a>.<\/li>\n<li>An AI for vulnerability discovery <a href=\"https:\/\/forklog.com\/en\/news\/ai-tool-surpasses-white-hat-hackers-in-vulnerability-detection\">outperformed white-hat hackers<\/a>.<\/li>\n<li>CoinGecko experts explained <a href=\"https:\/\/forklog.com\/en\/news\/coingecko-experts-advise-on-identifying-scam-tokens\">how to spot a scam token<\/a>.<\/li>\n<li>Ledger released a product <a href=\"https:\/\/forklog.com\/en\/news\/ledger-launches-device-for-wallet-access-backup\">to back up access<\/a> to wallets.<\/li>\n<li>More than 30 darknet marketplaces <a href=\"https:\/\/forklog.com\/en\/news\/over-30-darknet-markets-move-to-fill-the-gap-left-by-huione-guarantees-shutdown-on-telegram\">filled the gap<\/a> left by the closure of Huione Guarantee on Telegram.<\/li>\n<li>Self Chain\u2019s founder denied involvement in a <a href=\"https:\/\/forklog.com\/en\/news\/self-chain-founder-denies-involvement-in-50-million-otc-scam\">$50m OTC scam<\/a>, but was <a href=\"https:\/\/forklog.com\/en\/news\/self-chain-ceo-dismissed-amid-50-million-otc-scam-allegations\">dismissed<\/a>.<\/li>\n<li>Hackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-exploit-trezor-support-form-in-phishing-attack\">targeted Trezor customers<\/a> via a support form.<\/li>\n<li>Hackers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-compromise-cointelegraph-frontend\">compromised Cointelegraph\u2019s frontend<\/a>.<\/li>\n<li>The HAI token\u2019s price <a href=\"https:\/\/forklog.com\/en\/news\/hai-token-plummets-98-following-hack-due-to-human-error\">fell 98% after a hack<\/a> blamed on \u201chuman error.\u201d<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>How to avoid self-inflicted damage when reporting stolen crypto to the police. We break it down with an expert from Shard.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are the week\u2019s key cybersecurity stories. Projects by Pepe creator Matt Furie were breached by North Korean hackers. Russia charged organisers of a sham crypto-trading scheme worth 6m roubles. Crypto wallet seed phrases are the primary target of the SparkKitty trojan. France arrested the hacker IntelBroker and BreachForums operators. Projects by the Pepe meme [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":25000,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-25001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"98","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/25001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=25001"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/25001\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/25000"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=25001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=25001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=25001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}