2026-06

Mastra

Mastra was hit by a June 2026 npm supply-chain compromise in which a hijacked or stale maintainer account republished more than 140 Mastra ecosystem packages with a malicious dependency on the typosquatted easy-day-js package. The easy-day-js postinstall …

🇺🇸 United States

2026-06

Humanity Protocol

A June 8, 2026 compromise of Humanity Protocol's $H token infrastructure began with a Bithumb-themed spear-phishing email that infected a director's Windows laptop and exposed MetaMask data plus production signer keys. The attacker used stolen Ethereum an…

🇭🇰 Hong Kong

2026-04

LeenLeeCC

LeenLee Country Club in Gapyeong disclosed a customer-data breach after police found signs of malware infection on its website server and investigated a possible link to a North Korean Reconnaissance General Bureau hacking group. The company assessed that…

🇰🇷 Korea, Republic of

2026-04

KelpDAO / LayerZero

The April 18, 2026 KelpDAO exploit — resulting in approximately $290M in losses — was a sophisticated supply-chain-style RPC poisoning attack attributed to DPRK's TraderTraitor cluster, in which the threat actor compromised two independent RPC nodes used …

🇮🇳 India

2026-04

Endpoint(Midnight) Ransomware

Endpoint, also called Midnight, is a ransomware campaign reported against South Korean small and medium-sized businesses, with manufacturing victims specifically noted by South Korean authorities. The activity uses malicious email lures, supplier or IT se…

🇰🇷 Korea, Republic of

2026-04

Zerion

The Zerion security incident involved a targeted AI-enabled social engineering attack against a team member’s device, which resulted in the compromise of active sessions, credentials, and private keys to internal hot wallets, allowing attackers to steal a…

🇺🇸 United States

2026-04

Drift Protocol

On April 1, 2026, Drift Protocol lost about $285 million in a coordinated Solana DeFi attack with preliminary indicators consistent with DPRK-linked operations. Attackers used durable nonce transactions and social engineering around multisig signing to ga…

🇦🇺 Australia

2026-03

Rook Ransomware

In March 2026, ESET observed Andariel deploy TigerRAT on a host at a South Korean engineering company and attempt to spread Rook ransomware variants across multiple network endpoints — the first Andariel-attributed activity in ESET telemetry in two years.…

🇰🇷 Korea, Republic of

2026-03

Axios

In March 2026, attackers attributed by security researchers to North Korea-linked UNC1069/Sapphire Sleet compromised Axios npm maintainer access and published malicious axios releases 1.14.1 and 0.30.4. The releases added the malicious dependency plain-cr…

Unknown

2026-03

Neutralinojs

On March 2, 2026, DPRK-linked operators compromised four Neutralinojs GitHub repositories using the stolen alphagamer7 contributor account. The attacker force-pushed backdated malicious commits in a 132-second window, hid obfuscated JavaScript payloads in…

🇱🇰 Sri Lanka

2026-03

Bitrefill

Bitrefill experienced a cyberattack beginning around early March 2026, which was traced back to a compromised employee device that exposed internal credentials. Using this access, attackers infiltrated the company’s systems and were able to drain funds fr…

🇸🇪 Sweden

2026-02

Medusa Ransomware

Reporting from Symantec, Carbon Black, and later technical analyses linked Lazarus activity to Medusa ransomware operations, including an unsuccessful intrusion against a U.S. healthcare organization and activity against a Middle East target. The observed…

🇺🇸 United States

2026-01

Step Finance

The Step Finance incident was not caused by a smart contract flaw but by a compromised executive laptop that exposed administrative keys, allowing an attacker to transfer staking authority to a new wallet and unstake 261,854 SOL (approximately $27.3 milli…

🇪🇸 Spain

2025-09

SBICrypto

On September 24, 2025, SBI Crypto, a mining-pool subsidiary of Japan’s SBI Group, suffered suspicious unauthorized outflows totaling roughly $21 million to $24 million across Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash wallets. Funds were rout…

🇯🇵 Japan

2025-09

Seedify

On September 24, 2025, Seedify reported that a DPRK state-affiliated Web3 hacking group gained access to a developer’s private key at about 12:05 UTC and abused minting privileges. The attacker modified OFT contract settings, minted unauthorized SFUND tok…

🇸🇨 Seychelles