Close Menu
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
What's Hot

3 crypto attacks in 24 hours – From fake apps to a $14.2M SOL theft

July 13, 2026

Binance.US CEO says exchange is rebuilding, eyes return to 20% U.S. market share

July 13, 2026

Gondor launches cross margin borrowing for Polymarket portfolios

July 13, 2026
Facebook X (Twitter) Instagram
Recession Profit AlertsRecession Profit Alerts
  • Instructions
  • News
    • DeFi
    • Smart Contract
    • Markets
    • Web3
    • Adoption
    • Memecoins
    • Analysis
    • Mining
    • Scams
    • Security
  • Education
    • Learn
    • Wallets & Exchange
  • Documentaries
  • Videos
    • Alessio Rastani
    • Altcoin Buzz
    • Coin Bureau
    • Dapp University
    • DataDash
    • Digital asset News
    • EllioTrades Crypto
    • MMCrypto
    • Lark Davis
    • Ivan on Tech
    • Benjamin Cowen
  • Market
    • Crypto Market Cap
    • Heat Map
    • Converter
    • Metal Prices
    • Stock prices
  • Bonus Books
  • Tools
Recession Profit AlertsRecession Profit Alerts
Home»Security»3 crypto attacks in 24 hours – From fake apps to a $14.2M SOL theft
Security

3 crypto attacks in 24 hours – From fake apps to a $14.2M SOL theft

July 13, 2026No Comments3 Mins Read

Crypto scams are becoming increasingly prevalent, drawing widespread attention. In fact, more than three breaches occurred in the past 24 hours, with a few notable cases highlighted below.

SecondFi falls victim to a scam

Fraudsters impersonated SecondFi by developing phony browser extensions and applications that were intended to steal cryptocurrency or access users’ wallets.

To address the confusion, SecondFi clarified,

There is no new application or link, it is the same.

The team asserted that it will never ask users to download software, click links, sign transactions, or transfer assets through direct messages or emails.

Therefore, to prevent phishing scams and money theft, the team advised users to only install the official Chrome extension that has the blue verified checkmark and to access SecondFi via its official website.

Source: SecondFi/X

How did a theft result in a loss of 180,900 $SOL?

In the second case, blockchain investigator ZachXBT claims that an early Solana [$SOL] whale wallet was compromised. This resulted in the purported theft of 180,900 $SOL, worth $14.2 million.

According to on-chain data, the wallet initially displayed unusual unstaking activity, indicating that the attacker took over the staked assets before transferring them to newly made Solana addresses to combine and exchange the money.

Later, the stolen assets were bridged from Solana to Ethereum [ETH] to obscure transaction trails and access greater liquidity. Moreover, the investigation asserted that some money had already been transferred using Tornado Cash, making them far harder to trace.

A sophisticated supply chain attack

Finally, jscrambler npm package became the target of a software supply chain attack after an attacker allegedly stole the login credentials needed to release new versions. For context, an information-stealing (infostealer) payload was included in malicious releases 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.

See also  Anthropic’s massive 'Claude Mythos' leak sends software names — and crypto — sharply lower
Source: Socket/X

These releases were made to run malicious code on Linux, macOS, or Windows systems. Initially, a preinstall script that executes automatically during npm install was used to distribute the malware.

But in versions 8.18.0 and 8.20.0, the attacker incorporated the malicious code straight into the package, evading security measures such as npm install –ignore-scripts, which typically stops preinstall scripts from executing.

According to jscrambler, the attack was made possible by compromised npm publishing credentials, which allowed for unapproved releases. Following that, developers were urged to update immediately to version 8.22.0, which contains the fix.


Final Summary

  • Different hacking techniques like phishing scams, wallet compromises, and software supply chains are raising alarms.
  • By avoiding unsolicited links, updating compromised software, and confirming official sources, users, and developers can stay safe.

Source link

14.2M Apps attacks Crypto fake hours SOL theft

Related Posts

Cape Town Expands Crypto Fraud Fight as Police Seize Luxury Cars With Fake Plates

July 13, 2026

Indian senior lost over $2.2M in a crypto investment fraud

July 13, 2026

Users point to BlueMove insider backdoor as liquidity pools on Sui get drained

July 13, 2026

Profit-taking, MidEast hostilities drag crypto lower after bullish week

July 13, 2026
Top Posts

Ransomware Hacker Pleads Guilty After $15M Bitcoin Extortion Scheme

July 11, 2026

Aztec Connect’s abandoned smart contract exploited for $2.1M

June 15, 2026

Trezor stablecoin yield is live in Trezor Suite for USDC and USDT

May 29, 2026

Type above and press Enter to search. Press Esc to cancel.