Scams

On April 23, 2026, blockchain investigator ZachXBT said a Discord call in which Dritan Kapllani Jr. displayed an Exodus wallet helped link him to a broader social-engineering theft network exceeding $19 million. The investigator connected the shown Ethereum address to a March 14, 2026 Bitcoin theft of 185 BTC (about $13 million at the time) and alleged the wallet later received roughly $5.3 million, with nearly $1.6 million spent or laundered within six weeks.

PeckShield says the attacker behind the TrustedVolumes incident has begun laundering part of the approximately $6.7 million taken from the liquidity provider. The firm reports $278,000 has been laundered so far, including 10.2 ETH ($23,600) sent to TornadoCash and 110 ETH ($250,000) swapped via THORChain into BTC, after the May 7 exploit.

Elastic Security Labs identified TCLBANKER, a Brazilian banking trojan that monitors 59 bank, fintech, and crypto domains and triggers remote control when targets are visited. The malware spreads by taking over victims’ WhatsApp Web sessions and Outlook accounts to message their contacts with phishing lures and the trojanized installer.

Kris Sampson said a call that appeared to come from her adult daughter used an audio clip that sounded like her crying, followed by a man demanding money via PayPal, and her daughter was found safe about 15 to 20 minutes after the first call. Imposter scams were the most reported fraud complaint last year, with cases up about 19% to roughly 1 million in 2025 and losses topping $3.5 billion. Experts say voice-cloning can work from very short samples—sometimes as little as three seconds—making even familiar numbers and voices less reliable.

MetaMask developer and security researcher Taylor Monahan said North Korean IT workers have been embedded in crypto companies and DeFi projects for at least seven years, alleging involvement across 40+ DeFi platforms. Her comments followed Drift Protocol's statement of "medium-high confidence" that its recent $280 million exploit was conducted by a North Korea state-affiliated group.

A crypto attorney said Drift Protocol's $280 million exploit could be viewed as civil negligence if basic operational security was not followed. Drift's post-mortem said the attackers spent months building trust after first contacting the team at a major crypto conference in October 2025 and planned the operation for six months before executing it.

X plans to automatically lock any account the first time it mentions cryptocurrency, forcing additional verification before it can post again. X Head of Product Nikita Bier said the change removes "99%" of incentives for phishing-driven account takeovers, though it could add friction for legitimate first-time crypto posters.

X will begin automatically locking any account that mentions cryptocurrency for the first time, requiring extra verification before it can post again. X Head of Product Nikita Bier said the change would remove "99%" of phishing incentives, but critics argue it could also force legitimate first-time crypto posters to verify their identity.

Cambodia's Senate unanimously approved the Law on Anti-Technology Fraud on April 3, 2026, passing it 58–0. The framework allows 15–30-year prison terms for leaders of online scam operations, upgraded to life imprisonment if a victim dies, and includes fines of up to about $500,000 (2 billion Cambodian Riel). Authorities say they aim to dismantle all illegal scam compounds in the country by an April 2026 deadline.

Drift Protocol said the exploit discovered on Wednesday caused losses of about $280 million, based on external estimates, and described it as a coordinated operation that unfolded over roughly six months. The team said it has “medium-high confidence” the same actors were behind Radiant Capital’s $58 million October 2024 hack, and it is working with law enforcement to reconstruct what happened during the April 1 attack.