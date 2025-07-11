2025-07-17 Thursday

MicroCloud Hologram, a listed company, has purchased $200 million in Bitcoin and cryptocurrency-related securities derivatives

PANews reported on July 11 that according to an official announcement, Nasdaq-listed company MicroCloud Hologram announced that it has purchased up to $200 million in Bitcoin and cryptocurrency-related securities derivatives.
PANews2025/07/11 20:23
Publicly listed company SharpLink Gaming purchases 10,000 ETH from the Ethereum Foundation via OTC

PANews reported on July 11 that the Ethereum Foundation tweeted that earlier this week, the Ethereum Foundation finalized the sales terms of 10,000 ETH through OTC at an average price
PANews2025/07/11 20:11
Data: $2.42 billion of short positions were liquidated on July 10, the largest single-day loss in four years

PANews reported on July 11 that according to Cointelegraph citing Coinglass data, on July 10, $2.42 billion in short positions were liquidated, which was the largest single-day loss in four
PANews2025/07/11 19:55
Bank of America Research Report: Bitcoin is the best performing currency this year

PANews reported on July 11 that according to Bitcoin Magazine, a research report from Bank of America showed that Bitcoin is the best performing currency this year.
PANews2025/07/11 19:52
XRP, BTC rise together; Investors flock to APT Miner to seek stable returns

As Bitcoin surges past $111,000 and XRP climbs to $2.64, investors are shifting from holding to earning, flocking to APT Miner for daily passive income through cloud mining. #sponsored
Crypto.news2025/07/11 19:36
Crypto-Stealing Malware Surges as Scammers Impersonate AI, Web3 Startups — Here’s the Catch

A new wave of sophisticated crypto-stealing malware is spreading across the internet as scammers create fake AI, gaming, and Web3 startups to lure victims into downloading malicious software. Cybersecurity firm Darktrace has raised the alarm, detailing how these campaigns operate through elaborate social engineering tactics that exploit trust in digital startups. Attackers are setting up fake companies with convincing websites, social media profiles, GitHub repositories, white papers, and even fake team pages on platforms like Notion. Many of the sites also appear to be linked to verified or compromised X (formerly Twitter) accounts to appear more legitimate. The fake accounts often post software updates, blog content, and product announcements to maintain the illusion of authenticity. “Threat actors are going to great lengths to make these fake startups look real,” the firm stated, adding that the scam has already impacted users globally. Victims are often contacted directly on platforms like X, Telegram, or Discord, with the impersonators presenting themselves as employees of the fake firms, offering cryptocurrency in exchange for testing their software. Users are then given a registration code and directed to download malware-infected applications from professional-looking websites. Source: Darktrace Darktrace Warns of Advanced Malware Campaign Targeting Crypto Users One of the identified schemes involved a fake blockchain game called “Eternal Decay,” which used altered images to claim conference participation and listed fake investors. Gameplay images were also lifted from another game called “Zombie Within.” Other noted fake startups include names like Pollens AI, Swox, and Buzzu, with nearly identical branding and codebases. MY WALLET GOT DRAINED LAST NIGHT 💔 This is not a stunt or a click bait but legit, I got scammed yesterday of 0.4Sol (130,000naira) and here is how it happened. It cost me 0.4 sol in loss to learn this and I don’t want anyone to fall victim to this so please repost for more… pic.twitter.com/x5h7yGjlan — Prymex.eth (@EmekaOghali) May 30, 2025 According to Darktrace, the malware, targeting both Windows and macOS users, is capable of stealing crypto wallet credentials and personal information, using tools like the Realst and Atomic Stealer malware families. Darktrace technical analysis shows that on Windows, the attackers use Electron-based apps to perform system profiling, download malicious files, and execute them quietly. Source: Darktrace On macOS, a disguised DMG file installs the Atomic Stealer , which collects browser data, wallet credentials, and other sensitive files before sending them to attacker-controlled servers. Source: Darktrace Darktrace noted that the malware includes advanced evasion techniques, such as stolen software signing certificates, obfuscation, and persistent background execution to avoid detection. “This is one of the more elaborate and persistent social engineering campaigns we’ve seen targeting the crypto space,” said a Darktrace researcher familiar with the investigation. “They’re building out fake companies with all the digital trimmings — even fake merchandise stores and doctored company registrations — just to get users to download malware,” they added. Notably, Darktrace believes the tactics resemble those previously linked to a malware group known as “CrazyEvil,” identified by Recorded Future earlier this year. That group was known for targeting crypto users and developers through fake projects and social engineering techniques. While it’s unclear whether CrazyEvil is directly responsible for this campaign, the tactics appear consistent. Darktrace warned that the threat actors are using newer variants of malware and more elaborate deception methods to lure victims. Malware Campaigns and Credential Breaches Fuel 2025 Crypto Crime Surge The rise in crypto-targeted scams hasn’t slowed down, and now, a wave of highly coordinated malware and credential breaches is pushing 2025 toward record-breaking crypto losses. According to Kaspersky’s Financial Cyberthreats report , crypto phishing detections have surged 83.4% year-over-year, while mobile banking Trojan attacks have increased 3.6x. In contrast, traditional banking malware has declined, indicating a shift in attacker priorities from fiat systems to crypto wallets. One of the most alarming developments is “SparkKitty,” a sophisticated mobile malware strain active since February 2024. Notably, the tool, which was disguised as TikTok mods or crypto apps, has infiltrated Google Play and the App Store, bypassing security checks to steal seed phrases stored in user photo galleries . 🕸️ @kaspersky discovers SparkKitty malware stealing crypto seed phrase screenshots from iOS and Android using OCR technology after successfully infiltrating official app stores. #Malware #Crypto https://t.co/2oMOhyN1g3 — Cryptonews.com (@cryptonews) June 24, 2025 SparkKitty, an evolution of the earlier SparkCat campaign, uses OCR technology to scan screenshots of wallet credentials from infected devices. Meanwhile, in May, cybersecurity analysts traced malware back to Procolored , a Chinese printer manufacturer. The printer’s official drivers carried a crypto-stealing remote access trojan, replacing copied wallet addresses with those of attackers. ‼️ ALERT: Chinese printer firm Procolored shipped malware in official drivers. Over 9.3 BTC stolen. Company blames USB error. #CyberSecurity #Bitcoin #Procolored https://t.co/Wb9q7DXL4X — Cryptonews.com (@cryptonews) May 19, 2025 The scheme went undetected for six months, resulting in the theft of 9.3 BTC, worth nearly $1 million. Adding to the threat, a massive data breach uncovered by Cybernews revealed over 16 billion login credentials , many collected via infostealer malware. The breach included sensitive access data from platforms like Telegram, GitHub, and Apple, escalating risks for crypto users managing assets online. Combined with CertiK’s estimate of $2.2 billion lost to crypto attacks in H1 2025 , these incidents indicate the growing sophistication of cybercrime targeting digital assets.
CryptoNews2025/07/11 19:27
Eastmoney: Hafu Securities has been approved by the Hong Kong Securities Regulatory Commission to provide virtual asset trading services

PANews reported on July 11 that according to Cailianshe, Dongfang Fortune stated on the interactive platform that its subsidiary Hafu Securities holds business licenses for Category 1 (securities trading), Category
PANews2025/07/11 19:25
Shanghai officials warm to stablecoins despite China crypto ban: Report

Local authorities and state-owned publications in mainland China are increasingly calling on the government not to dismiss the rising global adoption of stablecoins.
PANews2025/07/11 19:21
QCP: Bitcoin hits a new all-time high, tariff preemption and fiscal dominance jointly drive asset gains

PANews reported on July 11 that QCP Capital pointed out that Bitcoin hit a record high of $118,000 today, which was mainly driven by two macro factors: First, pre-tariff preemption.
PANews2025/07/11 19:14
GMX Hacker Strikes White-Hat Deal: $42M Heist Turns $3M Profit After $5M Bounty Offer

On July 9, decentralized exchange GMX became the latest DeFi protocol to suffer a major exploit, with over $42 million in digital assets reportedly siphoned from its vaults. According to data from DeBank, the breach involved a suspicious outflow of funds to a single wallet address: 0xdf3340a436c27655ba62f8281565c9925c3a5221. The stolen funds were then bridged from Arbitrum—a Layer 2 Ethereum scaling network—back to the Ethereum mainnet, a tactic often used by exploiters to hide or launder assets. In a surprising turn, blockchain analytics platform Lookonchain reported that the attacker agreed to a white-hat deal, opting to return the funds in exchange for a $5 million bounty. The #GMX hacker chose to return the stolen $42M assets for a $5M white-hat bug bounty. Currently, $10.49M $FRAX has been returned. Another $32M assets had been swapped into 11,700 $ETH , which is now worth $35M—netting a ~$3M gain. 🤔Will the hacker return all 11,700… pic.twitter.com/XjBlAK81Mf — Lookonchain (@lookonchain) July 11, 2025 White-hat deals are occasionally used in DeFi when exploiters are willing to return funds in good faith, often after revealing critical vulnerabilities. This approach seeks to avoid prolonged investigations and reputational damage while recovering assets for affected users. Partial Returns and a Profitable Arbitrage According to Lookonchain’s analysis, the hacker has already returned $10.49 million worth of FRAX stablecoins. However, the remaining $32 million was not simply held—it was swapped into 11,700 ETH and is now worth $35 million, resulting in an unexpected $3 million profit due to ETH price appreciation. The move is sparking debate over whether the attacker will return the full 11,700 ETH or simply send back $32 million and keep the additional gain. As of now, the hacker has yet to confirm their intentions publicly. The incident is raising questions about how white-hat agreements are enforced and whether attackers can ethically retain profits earned post-exploit. While some see the return of most funds as a net positive, others argue that walking away with millions in profit—even with partial compliance—undermines the very spirit of the white-hat model. DeFi Security and the Ethics of Exploitation The incident highlights ongoing security challenges within decentralized finance, particularly in relation to large asset vaults and cross-chain functionality. As of now, GMX has not confirmed whether a formal white-hat agreement was established prior to the partial return of funds. The situation remains under observation, with the outcome likely to influence broader discussions around the role of white-hat arrangements and ethical boundaries in DeFi. GMX Confirms $42M Exploit Rooted in Re-Entrancy Bug In its lastest post GMX confirms that the $42 million exploit was caused by a re-entrancy vulnerability within its V1 contracts. Although the affected function was protected by a nonReentrant modifier, it only applied within the same contract, allowing the attacker to bypass this safeguard and manipulate the BTC average short price through the Vault contract. https://t.co/1rfDbjDQ0r — GMX 🫐 (@GMX_IO) July 10, 2025 By exploiting this loophole, the attacker artificially drove the GLP price up and profited by redeeming inflated GLP tokens after opening a large position using a flash loan. The vulnerability was tied to how GMX V1 handled pricing calculations across separate contracts, a structure that has been revised in GMX V2, where calculations and executions now occur within the same contract to avoid such risks. In response, GMX paused trading on Avalanche, engaged with security partners and major infrastructure providers, and initiated direct on-chain communication with the exploiter. Minting and redemption of GLP on Arbitrum has been temporarily disabled pending the protocol’s transition plan and user reimbursement process. GMX confirmed that GLP minting on Avalanche is also paused, though redemptions remain active. V1 positions will be wound down and migrated to a reimbursement pool for affected users, and all remaining V1 orders should be cancelled. GMX has also issued a warning to all V1 forks, urging them to immediately implement fixes and security audits to avoid similar vulnerabilities.
CryptoNews2025/07/11 19:05

