In This Article
Key Highlights:
- Over $1.6 million lost in five days from crypto address poisoning and scams.
- Malware like Efimer Trojan targets users via torrents and hacked websites.
- Hackers disrupted a Norwegian dam, while car dealer portals exposed data.
$1.6 Million Crypto Address "Poisoned"
According to a post by anti-fraud team ScamSniffer, on August 15 one user lost 140 ETH (approximately $636,500 at the time of writing) by copying the wrong address from their “infected” crypto transfer history.
Crypto address poisoning is based on the creation of virtually identical addresses. Attackers send small transactions from wallets that closely resemble those of real users to trick victims into copying the wrong address for future transfers.
According to Cointelegraph, on August 10 a victim of a similar attack lost $880,000. Other reports indicate two more cases: one involving a loss of $80,000 and another of $62,000. In five days, scammers managed to steal more than $1.6 million using this method.
In addition to losses from "address poisoning," ScamSniffer reported that at least $600,000 was lost this week due to users signing malicious phishing requests such as approve, increaseAllowance, and permit.
On August 12, as a result of such actions, one user lost BLOCK and DOLO tokens worth $165,000.
Labubu Fans Lost Cryptocurrency
On August 11, F6 analysts discovered a scheme targeting Russian residents.
Using a fake marketplace for the popular toy Labubu, scammers offered free cryptocurrency of the same name. To participate in the fraudulent promotion, users were asked to connect a crypto wallet.
Once activated, the attackers' website requested access to balance information and crypto transaction history. If assets were present, the interface requested additional permissions to verify participation in the airdrop. The malware then transferred the victim's funds to fraudsters' addresses.
Hackers monitored wallets; if they were empty, users were denied participation.
Previously, scammers used the Labubu brand to steal Telegram accounts. Attackers created bots where victims could allegedly win a toy or receive it for a review. Victims shared their contact information and entered codes received via the messenger, resulting in lost account access.
Movie Torrents Steal Cryptocurrency
Kaspersky Lab employees have recorded a wave of thefts involving the substitution of crypto wallet addresses. The Efimer Trojan is distributed via hacked WordPress sites, torrents, and email. The malware also collects credentials from compromised resources for further spam distribution.
Experts note that attackers use torrent files as bait to attack individuals. They find poorly protected WordPress sites and post messages offering to download newly released films. The link leads to a password-protected archive containing a malicious file disguised as xmpeg_player.exe.
In cases targeting organizations, phishing emails cite copyright infringement. The infected archive contains details alongside the malicious file which, when launched, infects the computer with Efimer and displays only an error notification.
The Trojan then replaces crypto addresses in the clipboard with the attacker's wallets and searches for strings resembling seed phrases. It is also capable of executing fraudulent code via the Tor network for self-recovery.
According to Kaspersky Lab, 5,015 users faced Efimer attacks from October 2024 to July 2025. The most affected countries were India, Spain, Russia, Italy, and Germany.
Hackers Open Gates of Norwegian Dam
Pro-Russian hackers took control of critical operating systems at a dam in Norway and opened the release valves, Bleeping Computer reports.
Hackers broke into the digital system controlling water flow at the Bremanger dam, setting the release valves to the open position. Operators took about four hours to detect and shut off the water. By then, more than 7.2 million liters had passed through the system.
The attack occurred in April but was made public in August by Beate Gangos, head of the Norwegian police security service. She stated that it was not so much an attempt to cause damage as a demonstration of the hackers' capabilities.
Dealer Vulnerability Allows Remote Control of Cars
On August 10, cybersecurity researcher Harness Eaton Zveare told TechCrunch about a vulnerability in one auto manufacturer's online dealer portal. It allowed disclosure of private customer data, information about cars, and remote hacking of vehicles.
Zveare declined to name the manufacturer but confirmed it was a well-known automaker with several popular brands. The vulnerability in the portal's authorization system was hard to discover, but once found, Zveare bypassed the login mechanism entirely by creating a new administrator account.
The vulnerable code loaded into the user's browser on the login page, allowing modification and bypass of security checks for authorization. With access, Zveare could reach more than 1,000 dealerships across the United States.
He demonstrated the exploit by taking a VIN number from a car in a parking lot to identify the owner. The tool could also search by first and last name.
With access to the portal, it was possible to link any car to a mobile account, enabling control of certain features—such as opening doors—from the app. Zveare did not test driving away in a car but noted that the vulnerability made such a hack and potential theft possible.
