Crypto news

Another week brought a whole spectrum of incidents, from the bizarre to the truly alarming. My analysis shows that attackers are increasingly targeting not only financial assets but also critical infrastructure, using the most unexpected vectors.

Brazilian Farce: Hackers Exploited Panic

On the night of June 19-20, 2026, residents of several Brazilian states experienced a real shock. The national emergency alert system, Defesa Civil Alerta, was hacked. Instead of warnings about floods or landslides, smartphones, ignoring silent mode, were hit with sirens and messages about... an "alien attack." The notification text was chaotic, with typos and the repeated word "misanthropy." To stop this digital psychosis, authorities had to forcibly shut down servers at 1:30 AM. It is suspected that attackers gained access to Civil Defense employee accounts, allowing them to initiate a highest-priority broadcast. This is a dangerous precedent, demonstrating the vulnerability of state communication systems.

Canada: First Warrant for "Digital Cleanup"

The Canadian intelligence service obtained a court warrant for remote intervention in the operation of infected citizen devices — servers, routers, and IoT gadgets. The goal was to neutralize botnets that used compromised equipment to scan energy and government infrastructure. The fact that the warrant was declassified two years later underscores the sensitivity of the issue. Notably, outdated equipment remains a key problem. XLab specialists discovered the AryStinger botnet, which exploits older D-Link router models (DIR-850L and DIR-818LW). Over 4,000 devices were turned into proxies for attacks and traffic theft, with 48% of infections occurring in Asia and Sweden.

macOS in the Crosshairs: Gaslight Deceives AI

A new infostealer for macOS, named Gaslight, demonstrates the evolution of defense evasion methods. The malware, linked to North Korean hackers, contains 38 fabricated system messages. These "false errors," formatted in Markdown, work as prompt injections for LLM models used in code analysis tools. The goal is to force the AI agent to abort analysis or produce a false report about a "corrupted" file. This is an elegant and dangerous move that calls into question the reliability of automated malware scanning.

Europol Strikes: $47 Million and 27 Million Credentials

A coordinated Europol operation involving Microsoft and law enforcement from a dozen countries led to the dismantling of a network distributing the SocGholish, Amadey, and StealC malware. The results are impressive: 326 servers and 142 domains were seized, crypto assets worth over $47 million were frozen, and a database containing 27 million stolen passwords and data was confiscated. I particularly note the cleanup of 15,000 compromised WordPress sites, which were used to stealthily install malware disguised as system updates. This is a serious blow to the cybercrime ecosystem.

ZachXBT and the Polish Trail in SIM Swapping

Polish police, with FBI support, arrested four hackers suspected of SIM swapping and stealing crypto assets from exchanges. They cloned phone numbers to bypass 2FA and funneled funds through a complex network of shell accounts. The total amount laundered is tens of millions of zlotys. Notably, the identity of one of the detainees, Wojtek Kulish (known as Merry), was uncovered by on-chain researcher ZachXBT, who matched his clothing to footage from the police operation.

My Expert Opinion: This week clearly demonstrates that cybersecurity is no longer just a matter of data protection. It is now a matter of national security and societal psychological resilience. The attack on the alert system in Brazil is not just vandalism, but a test of destabilization capabilities. At the same time, successful Europol operations and the unmasking of hackers show that law enforcement is adapting to new challenges. The main takeaway for investors and cryptocurrency users: hardware wallets and complex, non-standard passwords remain your only real defense against SIM swapping and attacks on outdated software.