Digital wallets and exchange platforms have become increasingly frequent targets of attackers, who develop sophisticated malware to steal private keys, transactions and authentications, the National Directorate of Cyber Security (DNSC) warns.
"In recent months, cybersecurity researchers have observed a significant increase in cyber threats targeting digital wallets and crypto exchange platforms. Cybercrime groups, especially APTs (advanced persistent threats), develop customized malware to compromise private keys, transactions and authentications," DNSC reports on its Facebook account.
According to cybersecurity specialists, among the tactics used are: Clipper Malware - Automatically replaces the address of a crypto wallet in the clipboard with one controlled by attackers; Browser-based infections - Exploit crypto wallet extensions to steal seed phrases and private keys; Crypto-adapted banking Trojans - Traditional malware such as RedLine, Agent Tesla, and Raccoon Stealer have been modified to steal MetaMask, Trust Wallet, and Exodus credentials; Backdoors and exploits on hardware wallets - APT groups are investigating ways to compromise Ledger, Trezor, and other hardware devices.
The most recent example is the attack on the ByBit platform (February 2025), where the Lazarus group (TraderTraitor) managed to steal a fairly significant amount by exploiting internal transaction signing mechanisms.
This incident highlights the escalating risks for cryptocurrency users and exchanges, demonstrating that attacks are becoming increasingly targeted and sophisticated, experts say.
In this context, DNSC recommends several mitigation and protection measures. "Block and monitor wallets involved in the attack using anti-fraud and SIEM systems; Implement anti-clipping protection to prevent the replacement of crypto addresses in the clipboard; Monitor traffic to identify suspicious network requests to the infrastructure controlled by attackers; Use multifactor authentication (MFA) and hardware security keys for access to crypto accounts; Analyze application behavior and monitor suspicious JavaScript files; Use threat intelligence solutions to detect and prevent attacks based on crypto malware," the DNSC post states.
Experts say that the attack on ByBit indicates that APT groups are turning their attention to the crypto sector, developing sophisticated malware to steal funds, and in this context the industry must implement advanced security measures to prevent such attacks in the future.
"Organizations and users must become proactive in securing blockchain wallets and infrastructure to counter these emerging threats," DNSC said on its social media page.
Comentează