Gate News message, April 22 — North Korean-linked hacking group Lazarus has launched attacks targeting cryptocurrency wallets using a newly discovered malware called Mach-O Man, according to a malware analysis report released on April 21 by security firm ANY.RUN. The malicious code is designed to steal keychain data, browser credentials, and login sessions from macOS systems to gain unauthorized access to digital asset wallets and exchange accounts.
Unlike previous Lazarus campaigns, this attack specifically targets Apple macOS users. The malware collects login sessions and authentication credentials from a victim’s Mac device, which are then used to compromise wallet access and exchange account credentials. The primary targets include employees at digital asset companies, developers, and executives. ANY.RUN warned that compromising a single account could expose both wallet access rights and internal corporate systems, potentially leading to large-scale asset theft.
The malware is distributed via ClickFix, a social engineering technique that uses fake error messages and pop-ups to trick users into copying and executing malicious commands. Attacks are primarily conducted through Telegram using compromised personal accounts, with victims directed to fake meeting links resembling Zoom, Microsoft Teams, or Google Meet. Users are then prompted to execute commands under the guise of resolving connection issues. This user-initiated execution method can easily bypass traditional security systems.
The disclosure comes following the Kelp DAO hack on April 20, which resulted in the theft of 116,500 rsETH (restaked Ethereum). LayerZero identified TraderTraitor, a Lazarus-affiliated organization, as responsible for the attack. rsETH is distributed across multiple blockchains, with cross-chain transfers handled by LayerZero’s omnichain fungible token (OFT) standard.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
The UK Financial Conduct Authority launches its first crackdown on illegal peer-to-peer cryptocurrency trading
The FCA’s first wave of enforcement actions, working together with HMRC and the South West Regional Organised Crime Unit, raided multiple London locations suspected of running unregistered P2P cryptocurrency trading venues, issuing stop orders and bringing the matters into a criminal investigation. Experts say such unregistered platforms are illegal and carry high risk, and regulators will strengthen oversight gaps with regulations such as those on anti-money laundering. The UK is gradually building a cryptocurrency regulatory framework, with full implementation expected by 2027; in 2026, a registration application channel will be opened, and investors should carefully assess risks.
ChainNewsAbmedia24m ago
DOJ Launches Compensation Process for OneCoin Fraud Victims, $40M+ in Recovered Assets Available
Gate News message, April 22 — The U.S. Department of Justice has announced the launch of a compensation process for victims of the OneCoin cryptocurrency fraud scheme, with more than $40 million in recovered assets now available for distribution.
The scheme, operated between 2014 and 2019 by Ruja
GateNews4h ago
UK FCA Conducts Coordinated Raids on Illegal P2P Crypto Trading Sites in London
FCA raids eight London sites tied to unregistered P2P crypto trading, issuing cease-and-desist notices. Evidence points to money-laundering and terror-financing probes; no P2P platform is FCA-registered; enforcement signals a tougher AML crackdown.
Abstract: The FCA, with tax authorities and police, conducted surprise raids at eight London sites linked to unregistered peer-to-peer crypto trading, issuing cease-and-desist notices. The operation underpins ongoing money-laundering and terrorist-financing probes. No P2P platform is FCA-registered in the UK. Analysts view the action as a shift from statements to enforcement, signaling potential broader crackdowns under AML and financial-promotion rules for crypto assets, which remain high-risk investments.
GateNews4h ago
AI16Z, ELIZAOS Creators Sued Over $2.6B Fraud Allegations; Token Crashes 99.9% From Peak
Federal class action accuses AI16Z/ELIZAOS of a $2.6B crypto fraud via fake AI claims and deceptive marketing, alleging insider favoritism and a staged autonomous system; seeks damages under consumer protection laws.
Abstract: This report covers a SDNY federal class-action filed April 21 accusing AI16Z and its rebrand ELIZAOS of a $2.6 billion crypto fraud involving fake AI claims and deceptive marketing. The suit alleges a manufactured link with Andreessen Horowitz and a non-autonomous system. It details a peak valuation in early 2025, a 99.9% crash, and about 4,000 losing wallets, with insiders receiving ~40% of new tokens. Plaintiffs seek damages and equitable relief under New York and California consumer-protection laws. Regulators in Korea and major exchanges have warned or suspended related trading.
GateNews5h ago
Ripple CEO Garlinghouse Signals 75% Confidence in Legal Resolution by End of April
Ripple CEO Garlinghouse says there is about a 75% chance of a final resolution by end of April, signaling progress in the long-running case and its broader implications for digital asset regulation.
GateNews7h ago
Privacy Protocol Umbra Shuts Down Frontend to Block Attackers from Laundering Stolen Kelp Funds
Gate News message, April 22 — Privacy protocol Umbra has shut down its frontend website to prevent attackers from using the protocol to transfer stolen funds following recent attacks, including the Kelp protocol breach that resulted in losses exceeding $280 million. Approximately $800,000 in stolen
GateNews10h ago
