North Korean Hackers Target Crypto Firms with PylangGhost Malware, Fueling Record $2.1B in Thefts

According to Fox News, North Korean hackers are deploying a new Python-based malware, PylangGhost, by disguising it within fake job applications for major crypto firms like Coinbase, Robinhood, and Uniswap. Researchers at Cisco Talos report this social engineering campaign aims to steal private keys and wallet data from over 80 browser extensions, including MetaMask and Phantom, giving attackers full remote control of infected Windows and Mac systems. This threat comes as a TRM Labs report reveals a record $2.1 billion was stolen in the first half of 2025, with North Korean groups allegedly responsible for $1.6 billion. The data indicates a significant strategic shift in attack vectors, with over 80% of stolen funds now coming from infrastructure-level breaches like private key theft, which are ten times more lucrative than the once-prevalent DeFi smart contract exploits. For traders, this highlights a critical and evolving security risk to personal and exchange-held assets, contributing to negative market sentiment as seen in the recent downturns of major assets like Ethereum (ETH) and Chainlink (LINK).
SourceAnalysis
The cryptocurrency market is grappling with a significant wave of negative sentiment driven by escalating cybersecurity threats, as a new report highlights sophisticated hacking campaigns targeting the industry. Researchers at Cisco Talos recently uncovered a targeted malware operation by a North Korean-affiliated group known as Famous Chollima. This campaign uses a new Python-based remote access trojan (RAT) called PylangGhost, cleverly disguised within fake job applications for major crypto firms like Coinbase, Robinhood, and Uniswap. The attackers lure developers and other professionals through polished fake career sites, tricking them into installing the malware during a staged “skill test.” This method allows hackers to gain full remote control, siphoning credentials, session cookies, and wallet data from over 80 browser extensions, including popular ones like MetaMask and Phantom. The direct targeting of individuals with access to crypto infrastructure injects a deep-seated fear into the market, as a single breach could lead to catastrophic losses for a major protocol or exchange.
Heightened Security Risks Rattle Crypto Markets as ETH and LINK Tumble
This targeted threat is unfolding against a backdrop of record-breaking theft. According to a recent report from TRM Labs, the first half of 2025 has been the worst six-month period in crypto history for security, with over $2.1 billion lost to hacks and exploits across 75 incidents. Alarmingly, North Korean-linked groups are allegedly responsible for approximately $1.6 billion, or 70%, of these stolen funds. The colossal $1.5 billion Bybit hack in February, now attributed to North Korea, has single-handedly skewed the average hack size to $30 million this year. This sustained and successful campaign by nation-state actors shifts the risk landscape for traders and investors. The focus of these attacks has moved from smart contract vulnerabilities to more lucrative infrastructure-level breaches, such as private key theft and front-end hijacks, which accounted for over 80% of stolen funds. This systemic risk weighs heavily on investor confidence, contributing to the bearish pressure seen across major digital assets.
Ethereum (ETH) Price Action Under Pressure
The market’s reaction to this climate of fear is evident in the price action of Ethereum (ETH). Across major trading pairs, ETH has displayed notable weakness. The ETH/USDT pair is currently trading around $2,541, marking a 24-hour decline of 1.72%. The intraday price action shows a struggle to maintain bullish momentum, with the 24-hour high at $2,633.47 acting as a firm resistance level. Sellers pushed the price down to a low of $2,530.84, a critical support level that traders are now watching closely. A break below this level could signal further downside potential, potentially opening the door to test the $2,500 psychological support. The trading volume on this pair remains moderate at around 181.5 ETH, but the negative price change indicates that selling pressure is dominant. Further compounding the bearish outlook is the ETH/BTC pair, which has fallen 2.51% to 0.0233 BTC. This shows that Ethereum is underperforming Bitcoin, a classic sign of risk-off sentiment where capital flows from altcoins to the relative safety of BTC.
Chainlink (LINK) Faces Steeper Losses
Chainlink (LINK), a critical piece of DeFi infrastructure, has experienced even sharper declines amidst the security concerns. The LINK/USDT pair has plunged 3.9% to trade at $13.32. The asset touched a 24-hour high of $14.08 before sellers took firm control, driving it down to a low of $13.25. This low now serves as the immediate support level, and a failure to hold it could see LINK re-test lower supports from previous weeks. The trading volume for LINK/USDT is notably high at over 2,680 LINK, suggesting that the downward move is backed by significant selling activity. Unlike Ethereum, however, Chainlink is showing a sliver of relative strength against Bitcoin. The LINK/BTC pair is up 1.017% to 0.000149 BTC. This divergence could suggest that while LINK is being sold off against the dollar in a market-wide deleveraging, some traders may be rotating from other altcoins or even ETH into LINK, viewing it as a comparatively better hold versus Bitcoin. Nonetheless, the overwhelming pressure on its USD pair indicates that the broader market sentiment is the primary driver, and traders should remain cautious of potential further volatility fueled by ongoing security fears.
Fox News
@FoxNewsFollow America's #1 cable news network, delivering you breaking news, insightful analysis, and must-see videos.