Scams

Cryptocurrency-focused attackers are compromising existing publisher accounts on Canonical's Snap Store to turn previously legitimate Linux packages into crypto-stealing malware. By taking control of expired developer domains and email addresses, they push malicious updates that harvest wallet recovery phrases, exposing users to fund theft before Canonical removes the snaps. Security researcher Alan Pope warns that these incidents highlight weaknesses in Snap's trust model and urges stronger account verification, domain monitoring, and wider use of two-factor authentication.

Blockchain security firm SlowMist warned that attackers re-registered expired domains tied to long-standing Snap Store publishers, enabling fake wallet updates to harvest recovery seed phrases. In a post on X, its CISO 23pds said the scheme impersonates Exodus, Ledger Live and Trust Wallet, and confirmed publisher domains storewise[.]tech and vagueentertainment[.]com were compromised.

Last week, CNBC vice president of news Jason Gewirtz received a phone call from a San Francisco area code by a man claiming to be Coinbase security, who alleged his account was under attack from Germany. The caller used realistic emails, personal data, and pressure tactics to push him into setting up a so-called Coinbase hard wallet and avoid changing passwords, but Gewirtz later confirmed via an AI chatbot and Coinbase that it was a phishing scam. Coinbase and recovery firm ZeroShadow warn that AI-powered impersonation schemes are rising sharply and emphasize that users should be wary of any request to move funds for "protection."

On January 20, 2026, an analysis argued that in 2025 and early 2026 most bridge losses stemmed from overwhelmed operators and validator coordination, not exotic exploits. Nine figure sums vanished within minutes as funds moved through privacy tools and DEXs before alarms fully registered. The piece stresses that design and operations, not just code, defined outcomes.

On Monday, Trove announced a migration to Solana and launched its token, after holding a presale just a week earlier. The market move was followed by sharp declines, including claims of a 95% crash and a fully diluted valuation dropping from $20 million to $1 million. Contributors are calling for a class action as refund disputes and fund-use concerns intensify.

On the night of 10 January, an attacker used social engineering to drain over $282 million in BTC and LTC from a single holder. The haul moved through THORChain, into ETH and XRP, with 1,468.66 ETH (~$4.9 million) mixed via Tornado Cash, while Monero activity briefly spiked.

On Jan. 10, a $282 million cryptocurrency wallet compromise linked to a social engineering scam saw stolen Bitcoin bridged to Ethereum, split across wallets and funneled into Tornado Cash. Blockchain security firm CertiK reported that around $63 million was later deposited into the mixer, complicating efforts to follow the funds and recover assets.

Security experts warn that "Evil Twin" public Wi-Fi clones can intercept credentials and expose crypto accounts. Last year, Australian Federal Police charged a man over fake airport Wi-Fi, and in January an X user reported a wallet drain after hotel Wi-Fi. Experts advise avoiding sensitive actions, using trusted VPNs, and confirming networks with venue staff.

Industry security leaders warn that close to 80% of crypto projects hit by major exploits fail to regain stability, with the outcome hinging on how teams act in the first hours. Immunefi CEO Mitchell Amador and Kerberus' Alex Katz argue that operational breakdowns and trust erosion, not just stolen funds, drive long-term damage. In 2025, reported hack-related losses reached $3.4 billion, and a single Bybit incident accounted for $1.4 billion.

On 10 January 2026, an investor lost more than $282 million in Bitcoin and Litecoin in a social engineering scam tied to a fake Trezor support channel. The attackers allegedly obtained the victim's recovery seed phrase, drained 1,459 BTC and 2.05 million LTC, and then laundered funds via instant exchanges, Thorchain and Monero, while Monero's price jumped 36% in seven days.