Gate News: On March 9, security research organization Ctrl-Alt-Intel disclosed that a group suspected to be linked to North Korea launched attacks against staking platforms, software vendors for exchanges, and cryptocurrency exchanges. The attackers exploited the React2Shell vulnerability (CVE-2025-55182) and accessed AWS credentials to infiltrate cloud environments, enumerating resources such as S3, EC2, RDS, EKS, and ECR, and extracting keys and credentials from Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers. Researchers stated that the attackers downloaded five Docker images and stole source code, including software components related to ChainUp clients. The infrastructure involved Korean servers at 64.176.226.36 and the domain itemnania.com. The report indicates that the activity exhibits characteristics consistent with North Korean attacks, but attribution confidence is medium, and the source of AWS credentials remains unclear.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Wasabi Protocol Attackers Transfer $5.9M in Stolen Funds to Tornado Cash on May 5
According to on-chain analyst Specter, Wasabi protocol attackers transferred approximately $5.9 million in stolen funds to Tornado Cash on May 5, completing a centralized coin-mixing operation. The funds follow a multi-stage complex transfer path involving previous breaches at KelpDAO and
GateNews32m ago
Ripple Reveals $285M Drift Breach Exposed New Social Engineering Pattern in April
According to Ripple, the April Drift protocol breach of $285 million revealed a new pattern of long-cycle social engineering attacks replacing traditional smart contract exploits.
GateNews2h ago
ZachXBT: Tokenlon Facilitated $45M Lazarus Group Funds
On May 4, 2026, on-chain investigator ZachXBT published a detailed report accusing the decentralized exchange aggregator Tokenlon of facilitating the movement of illicit funds tied to the Lazarus Group, the North Korean hacking syndicate linked to major crypto heists. According to ZachXBT's
CryptoFrontier3h ago
Aave Seeks to Block $71 Million ETH Seizure on Arbitrum Following rsETH Exploit
Aave has filed a court challenge to block a New York restraining notice that froze $71 million in ETH on Arbitrum following the rsETH exploit. The lender argues the frozen funds belong to protocol users rather than North Korea-linked judgment creditors, as claimed by authorities. The restraining ord
GateNews3h ago
Aftermath Finance Opens Claims Page for Attack-Affected Users Following Last Week's Incident
According to Sui's official statement on X, Aftermath Finance has opened a claims page for users affected by last week's attack, with all refunds processed. When users reconnect to aftermath.finance, the system will prompt them to withdraw balances from Aftermath Perps. Affected users can contact th
GateNews5h ago
Ripple Shares North Korean Hacker Intelligence with Crypto Industry as Attack Methods Shift to Social Engineering
According to BlockBeats, on May 5, Ripple announced it is sharing internal threat intelligence about North Korean hackers with the crypto industry through Crypto ISAC. The move addresses a fundamental shift in attack methodology: rather than exploiting smart contract code vulnerabilities, threat act
GateNews5h ago
