Crypto news

The week in the world of cybersecurity was eventful — from unprecedented actions by intelligence agencies to outright bizarre attacks. Let's break down the key incidents that deserve close attention.

Canada Applies 'Digital Surgery' to Botnets for the First Time

The Canadian Security Intelligence Service obtained a court order to remotely clean infected devices of citizens. This is the first time in the country's history that intelligence agencies have been allowed to interfere with the operation of equipment on national territory. The targets were botnets using compromised home routers and IoT devices to relay traffic. Hackers masqueraded as ordinary users to scan networks of critical infrastructure, government, and military agencies.

The Federal Court declassified the order only two years after it was issued. The document emphasizes that personal data was not intercepted, and accidentally collected information was destroyed. However, the key issue is outdated equipment. XLab specialists discovered the AryStinger botnet, which attacks D-Link DIR-850L and DIR-818LW models. During the campaign, over 4,000 routers were compromised and turned into proxy servers. 48% of infections occurred in South Korea, China, Sweden, Malaysia, and Singapore.

Gaslight Infostealer: AI Analysis Fooled by Fake Errors

Researchers from SentinelOne discovered macOS malware named Gaslight. This infostealer specifically targets AI-based automated code analysis tools. Hidden inside the file is a 3.5 KB loader containing 38 fabricated system messages. They mimic developer logs, crash reports, and memory overflow errors. The goal is to force the LLM model to abort analysis, truncate the report, or refuse to work, citing non-existent technical errors. Analysts link Gaslight to North Korean hackers.

Europol Dismantles Amadey and StealC Network

A joint operation by Europol, law enforcement from a dozen countries, and Microsoft led to the dismantling of a network distributing the SocGholish, Amadey, and StealC malware. The results are impressive: 326 servers and 142 domains were seized, crypto assets worth over $47 million were frozen, and a database with more than 27 million stolen credentials was confiscated. Approximately 15,000 WordPress sites, which hackers used to covertly distribute the virus disguised as system updates, were cleaned. The Amadey trojan served as a loader for system access, after which the StealC infostealer was deployed, specializing in stealing passwords, credit card data, and cryptocurrency wallet seed phrases.

Brazil: Hackers 'Attack' Emergency Alert System

On the night of June 19-20, 2026, Brazil's national emergency alert system, Defesa Civil Alerta, was hacked. Residents of several states received 'emergency warnings' with sirens that activated even on silent devices. Instead of natural disaster notifications, hackers sent 10 messages with strange text, including the word 'misanthropy' and warnings of an 'alien attack.' The attackers compromised Civil Defense employee accounts and initiated a highest-priority broadcast. To stop the attack, authorities shut down the system's servers at 1:30 AM. The platform was partially restored, but the right to send alerts was reserved only for the National Center for Risk Management.

ZachXBT Reveals Identity of Hacker Arrested in Poland

Polish law enforcement, with support from the FBI, arrested four members of a hacker group suspected of SIM-swapping attacks, stealing digital assets from crypto exchanges, and money laundering. They used social engineering to compromise the IT infrastructure of telecommunications companies, cloned victims' phone numbers, and bypassed two-factor authentication. Stolen funds were laundered through bank accounts, international payment platforms, and crypto wallets. The total amount laundered is tens of millions of Polish zlotys. The suspects face up to 25 years in prison. On-chain investigator ZachXBT identified one of the detainees as Wojtek Kulish, known by the alias Merry, by matching his clothing and jewelry with police operational video.

My Expert Opinion: These events highlight a troubling trend: cybercriminals are increasingly using outdated equipment and social engineering, while also adapting to new defense methods. The Gaslight case is particularly telling — hackers are not just bypassing AI analysis, they are actively manipulating it. For the crypto industry, this is a direct signal: the security of your assets depends not only on the reliability of smart contracts but also on user and infrastructure cyber hygiene. Investment in training and equipment upgrades is not a luxury, but a necessity.