Hot Topic Ranking

Hot Score

OKX launches DUCK perpetual contracts

Binance Liquidations Exceed $10 Million

TikTok CEO attended Trump's inauguration.

Block was fined $80 million.

Coinbase leads in the U.S., while Binance reigns supreme globally.

Trader splurges 100 SOL on DWAIN.

Trump Endorses Cryptocurrency

Whale Dumps Massive Funds into PEPE

Arkansas Bans Mining

## US Stocks and Gold Give Way, Bitcoin Becomes the Darling

U.S. government demands Bitfinex return Bitcoin

Sony Launches Blockchain

MicroStrategy Issues Preferred Stock

XRP Search Heat Exceeds Bitcoin

Related Currencies

##

Posts

Hot Topic Details

Hot Topic Overview

Ace Hot Topic Analysis

Public Sentiment · Discussion Word Cloud

Classic Views

Hot Topic Details

Hot Topic Overview

Overview

The North Korean hacking group Lazarus Group launched a cyberattack called "Operation 99" targeting Web3 and cryptocurrency developers. The attackers disguised themselves as recruiters and lured developers on platforms like LinkedIn into participating in fake project testing and code reviews. They then tricked developers into cloning a GitLab repository containing malicious code, implanting modular malware into victim systems. These malware can steal sensitive data like passwords, API keys, cryptocurrency wallet information, and maintain a connection through highly obfuscated command and control (C2) servers, minimizing their visibility.

Ace Hot Topic Analysis

Analysis

The Lazarus Group, a North Korean hacking organization, has launched a campaign known as "Operation 99" targeting Web3 and cryptocurrency software developers. The attackers are posing as recruiters, posting fake job listings on platforms like LinkedIn to lure developers into participating in disguised project testing and code review. Once developers fall for the trap, they are directed to clone a GitLab repository containing malicious code that appears harmless but actually implants malware on the victim's system. The malware is cross-platform compatible and capable of stealing high-value data such as passwords, API keys, cryptocurrency wallet information, and maintains a connection through highly obfuscated command and control (C2) servers to maximize stealth. SlowMist CISO 23pds posted a warning on social media, urging developers to stay vigilant and avoid becoming targets of this attack.