If in the past, losing a digital wallet was often due to users accidentally revealing their private key, now hackers have created tools to "help" users donate their assets without knowing it.
Two recent high-profile incidents that illustrate this trend are the emergence of malicious extensions and APT campaigns targeting Blockchain industry personnel.
TheHackerNews reported that in mid-November 2025, the security community was shocked by the discovery of a Chrome browser extension called "Safery: Ethereum Wallet". Disguised as a secure and flexible Ethereum wallet, this extension is actually a sophisticatedly designed "blood-sucking machine".
According to security researchers, "Safery", cyber attackers use Blockchain technology to hide their crimes. Specifically, when users enter the recovery phrase (seed phrase) into this fake wallet, the malware will encrypt that phrase into wallet addresses on the Sui network (Sui blockchain).
The attacker only needs to track and decrypt the receiving addresses to recover the original seed phrase and silently drain the victim's digital wallet. The danger lies in the fact that the entire data theft process looks exactly like normal Blockchain transactions, making security monitoring systems almost "blind".
Discovery from Kaspersky shows that they are not only attacking ordinary users, the notorious cybercrime group BlueNoroff (also known as Sapphire Sleet or APT38) has deployed two new targeted attack campaigns, GhostCall and GhostHire, aimed directly at programmers and executives in the Web3 field.
In the GhostCall campaign, hackers approached targets via Telegram, impersonating venture capitalists (VCs). The scary part was the elaborate social engineering: they invited victims to join video meetings on fake websites like Zoom or Microsoft Teams.
When participating, victims will see videos of other participants. In fact, these are not Deepfakes as many people mistakenly believe, but real audio/video recordings of previous victims that were stolen by hackers.
This "authenticity" makes victims let their guard down and easily download fake "updates" containing malicious AppleScript (for macOS) or malicious executable files (for Windows).
According to the latest report from Kaspersky on phishing techniques in 2025, hackers have "revived" the Calendar phishing trick but at the business level (B2B).
Instead of sending mass “spam” emails, they send fake meeting invitations that contain a malicious link in the event description. Even if users don’t open the email, a reminder from their phone’s calendar app can still entice them to click on the link out of curiosity.
Additionally, the use of QR codes has taken a new form, embedding QR codes in PDF attachments. These PDFs are sometimes password protected (the password is sent in an email or a separate email) to bypass automated virus scanning tools.
Scanning QR codes forces users to use their personal mobile devices – which often lack the same robust security protections as corporate computers – to access fake, phishing sites.
Security researchers at Kaspersky showed a notable technique where hackers create fake login pages (e.g., impersonating the pCloud storage service) that are capable of real-time interaction with the real service via API.
When a user enters their login information and OTP code into the fake site, the site immediately forwards that data to the real service. If the information is correct, the hacker will take over the login session before the user even realizes it.
In addition, to avoid being detected and analyzed by security filters for phishing websites, hackers have set up "verification chains". When users click on the link, they will have to pass through many layers of CAPTCHA authentication codes or fake verification pages before reaching the destination page (fake Google/Microsoft login page). This both filters out automated verification bots and creates a false sense of trust for users that the website is thoroughly secure.
The dangers of phishing are amplified by the “Phishing-as-a-Service” model, as evidenced by Google’s recent lawsuit against the hackers behind the Lighthouse platform.
In 2025, the line between safety and danger in the cryptocurrency world is thinner than ever.
Cybercriminals are no longer just shadowy malware writers, they are "psychologists" who understand user behavior and "engineers" who know how to take advantage of security technology (like blockchain, 2-factor authentication) to attack their victims.
For investors, the advice of “don’t share your private keys” is no longer enough. Kaspersky experts say that carefully checking the origin of extensions, being wary of any online meeting invitations or unexpected job offers, and being cautious of login requests from emails (even with PDF or CAPTCHA protection) are mandatory survival skills in this digital age full of traps.
According to Kaspersky experts, always use security tools with firewalls on important devices, from Windows laptops to MacBooks, and don't even forget that smartphones, which are considered miniature computers, also need protection applications.
A digital wallet containing investment assets really needs a "worthy" protection application to entrust your trust.
Source: https://www.sggp.org.vn/vi-tien-so-khong-con-la-noi-an-toan-post826686.html
![[Photo] Cat Ba - Green island paradise](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F04%2F1764821844074_ndo_br_1-dcbthienduongxanh638-jpg.webp&w=3840&q=75)
![[VIMC 40 days of lightning speed] Da Nang Port: Unity - Lightning speed - Breakthrough to the finish line](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/04/1764833540882_cdn_4-12-25.jpeg)
Comment (0)