Crypto user loses $27 million to hackers in a malware attack

Multiple reports have revealed that an individual lost approximately $27 million in crypto assets across multiple blockchain networks in an attack that employed the use of sophisticated malware that automated the compromise of private keys, targeting wallets and backups. 

According to an X post from the founder of the SlowMist Blockchain security firm, the user who was exploited was named “Babur,” and they had their wallets drained of about $27 million in total.

Crypto holder loses funds to malware attack

The blockchain security expert was able to trace some of the biggest transactions and surmised that the exploit was the result of scammers poisoning Babur’s computer after he clicked a malicious website link, which triggered an automatic download of an executable file.

Of course, this wasn’t a typical phishing email. It was more insidious and likely disguised, but once executed, the malware scanned for critical crypto-related information, used keyloggers to glean passwords and private keys. After that, it automated the transfer of the data to the hacker.

According to popular claims, such poisoning scams are currently mostly effective on computers on which private keys and sensitive data are stored, rather than iPhones. But since the investigation is still ongoing, everything remains speculation at this point.

The founder, who goes by @evilcosuser on X, claims that real poisoning attacks are not as complex or advanced, reassuring everyone that there is no need to panic.

Upbit hack headlined exploits in November

The attack on Babur is one of the most recent attacks on the cryptocurrency industry. Last month on the 27th, South Korean cryptocurrency exchange Upbit reportedly had $30 million worth of assets stolen from its Solana wallet due to a security weakness, which led to the theft of Official Trump, USD Coin, BONK, and other tokens. And as in Babur’s case, the weakness enabled private key inference.

All digital asset transactions were halted following the incident, which many suspect may have been conducted by the North Korean hacking collective Lazarus Group.

“This breach is a direct result of Upbit’s inadequate security management, and there is no room for excuses. Upbit, which prioritizes member protection, promises that no damage will occur to member assets,” said Dunamu CEO Oh Kyung-seok, who reassured users that the private key vulnerability has since been fixed.

Upbit intends to leverage its assets to convert customer losses due to the breach and has already commenced an extensive security system review and wallet system restructuring that has seen the exchange tear down its entire deposit address system and rebuild from scratch.

According to the exchange, the purge is part of a broader hardening of its wallet infrastructure after the hack revealed lingering vulnerabilities. Now, all users — across every asset and every network — are required to generate new addresses before depositing again.

The company said the decision was meant to eliminate any compromised keys or undiscovered vulnerabilities that remain in circulation. South Korea’s Financial Supervisory Service (FSS) is monitoring the process as part of its ongoing inspection.

Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program