North Korean Hackers Target Crypto Projects With MacOS Exploit

Bitget App

Trade smarter

Bitget

News

Cryptotimes2025/07/03 14:30

By:Gopal Solanky

Cybersecurity researchers have uncovered a new malware campaign by North Korean state-backed hackers aimed at cryptocurrency companies. This marks an alarming shift toward targeting Apple’s memory protection on macOS systems.

The malware, which hides in what looks like a Zoom update, is designed to infect computers used by developers and project staff. Once active, it can collect passwords, wallet data and internal files, raising the risk for teams building in Web3 and decentralized finance.

SentinelOne published a detailed technical analysis of the threat on 2 July, naming the exploit NimDoor after the obscure Nim programming language it uses. Because Nim is rarely seen on macOS, its use may help the malware evade detection by standard antivirus tools.

In the report, SentinelOne said, “DPRK threat actors are utilizing Nim-compiled binaries and multiple attack chains in a campaign targeting Web3 and crypto-related businesses.” This approach builds on a 2023 operation the firm called Hidden Risk , where similar groups used PDF lures and a clever persistence trick involving macOS’s zshenv file.

Meanwhile, blockchain data firm Chainalysis reported that North Korea-linked attackers stole more than $1 billion worth of crypto last year. The hacks were spread across 20 separate incidents, with stolen funds suspected to support weapons and missile programmes.

Cybersecurity experts urge Web3 companies to strengthen security on Mac devices. This includes blocking suspicious Zoom or Meet scripts, monitoring unsigned files, and reviewing user-level settings for hidden malware.

Follow The Crypto Times on Google News to Stay Updated!

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!

1. **Challenges in the Creator Economy**: Web2 content platforms suffer from issues such as opaque algorithms, non-transparent distribution, unclear commission rates, and high costs for fan migration, making it difficult for creators to control their own data and earnings. 2. **Integration of AI and Web3**: The development of AI technology, especially AI Avatar technology, combined with Web3's exploration of the creator economy, offers new solutions aimed at breaking the control of centralized platforms and reconstructing content production and value distribution. 3. **Positioning of the TwinX Platform**: TwinX is an AI-driven Web3 short video social platform that aims to reconstruct content, interaction, and value distribution through AI avatars, immersive interactions, and a decentralized value system, enabling creators to own their data and income. 4. **Core Features of TwinX**: These include AI avatar technology, which allows creators to generate a learnable, configurable, and sustainably operable "second persona", as well as a closed-loop commercialization pathway that integrates content creation, interaction, and monetization. 5. **Web3 Characteristics**: TwinX embodies the assetization and co-governance features of Web3. It utilizes blockchain to confirm and record interactive behaviors, turning user activities into traceable assets, and enables participants to engage in platform governance through tokens, thus integrating the creator economy with community governance.

BlockBeats•2025/11/22 11:23

Empowered by AI Avatars, How Does TwinX Create Immersive Interaction and a Value Closed Loop?

Aster CEO explains in detail the vision of Aster privacy L1 chain, reshaping the decentralized trading experience

Aster is set to launch a privacy-focused Layer 1 (L1) public chain, along with detailed plans for token empowerment, global market expansion, and liquidity strategies.

BlockBeats•2025/11/22 11:22