Cybercriminals have found a new attack vector, targeting users of Atomic and Exodus wallets through open-source software repositories.
The latest wave of exploits involves distributing malware-laced packages to compromise private keys and drain digital assets.
How Hackers are Targeting Atomic and Exodus Wallets
ReversingLabs, a cybersecurity firm, has uncovered a malicious campaign where attackers compromised Node Package Manager (NPM) libraries.
These libraries, often disguised as legitimate tools like PDF-to-Office converters, carry hidden malware. Once installed, the malicious code executes a multi-phase attack.
First, the software scans the infected device for crypto wallets. Then, it injects harmful code into the system. This includes a clipboard hijacker that silently alters wallet addresses during transactions, rerouting funds to wallets controlled by the attackers.
Malicious Code Targeting Atomic and Exodus Wallets. Source: ReversingLabs
Moreover, the malware also collects system details and monitors how successfully it infiltrated each target. This intelligence allows threat actors to improve their methods and scale future attacks more effectively.
Meanwhile, ReversingLabs also noted that the malware maintains persistence. Even if the deceptive package, such as pdf-to-office, is deleted, remnants of the malicious code remain active.
To fully cleanse a system, users must uninstall affected crypto wallet software and reinstall from verified sources.
Indeed, security experts noted that the scope of the threat highlights the growing software supply chain risks threatening the industry.
“The frequency and sophistication of software supply chain attacks that target the cryptocurrency industry are also a warning sign of what’s to come in other industries. And they’re more evidence of the need for organizations to improve their ability to monitor for software supply chain threats and attacks,” ReversingLabs stated.
These infected files included clipboard hijackers and crypto miners, posing as legitimate software but operating silently in the background to compromise wallets.
The incidents highlight a surge in open-source abuse and present a disturbing trend of attackers increasingly hiding malware inside software packages developers trust.
Considering the prominence of these attacks, crypto users and developers are urged to remain vigilant, verify software sources, and implement strong security practices to mitigate growing threats.
Cardano (ADA) price is now trading around $0.85 after a sharp 13% daily rally and a 37%+ month-on-month rally.
While it’s facing resistance at $0.86, bullish indicators across on-chain and chart metrics suggest this may just be a breather before ADA breaks toward $1 and beyond.
Age Consumed Shows Strong Hands Holding
Despite the ADA’s rapid price surge, the Age Consumed metric shows no signs of old tokens being moved. The last major spike came in mid-June when over 130 billion ADA aged tokens were moved. Since then, activity has remained muted, with the latest value hovering near 250 million ADA.
For token TA and market updates: Want more token insights like this? Sign up for Editor Harsh Notariya’s Daily Crypto Newsletter here.
In simpler terms, Age Consumed tells us how many older tokens are suddenly moving again. When it’s low during a rally, like it is now, it signals confidence: long-term holders aren’t rushing to sell.
MVRV Ratio Signals More Upside
While the old coins are sitting tight, even the new holders might not be looking to sell anytime soon. The 60-day MVRV ratio for Cardano sits at 22.91%, far below its previous danger zone. Back in mid-May, the same ratio crossed 131%, right before a steep selloff began. Historically, ADA has room to run until the MVRV reaches much higher profit zones.
For example, in mid-April, the MVRV ratio hovered around 20–25%, and Cardano still managed to rally over 35%, climbing from $0.62 to $0.85. With the current ratio showing there’s no extreme profit pressure, ADA could follow a similar trajectory.
The 60-day MVRV measures the average profit or loss of holders who bought ADA over the past two months. A low positive value suggests holders aren’t sitting on big gains, and are less likely to sell.
Exponential Moving Averages Point to Momentum
Cardano’s 20-day EMA (exponential moving average) just completed a rare triple golden crossover:
Crossed above the 50-day on July 14
Crossed above the 100-day mark on July 17
Now crossed above the 200-day just hours ago (showing strength in mid-term)
This kind of cascading EMA breakout shows growing momentum and confirms the strength of the ongoing trend.
Key ADA Price Resistance Needs to Break
Cardano is currently testing resistance at $0.86, which also lines up with the 1.0 Fibonacci retracement from its May highs. A successful breakout would open the doors to the next major target at $1.07, the 1.618 Fibonacci extension level.
However, RSI (relative strength index) divergence could slow things a bit. On the 4-hour chart, however, a bearish divergence has emerged. Since July 11, Cardano’s price has been pushing higher highs, but the RSI is printing lower highs. This mismatch suggests buyers may be slowing down.
Bearish divergence doesn’t always mean a reversal, but it often triggers short-term consolidation. So, ADA might pause before charging past resistance.
If RSI divergence drags prices down, short-term invalidation could come if ADA dips below $0.78, a previous support level. But unless long-term holders start dumping (which Age Consumed and MVRV say they aren’t), the rally likely still has legs.
Bitget exchange, in collaboration with blockchain security firms SlowMist and Elliptic, has exposed the terrifying anatomy of the most advanced crypto scams in recent times.
These findings come amid rising security incidents, ranging from high-profile attacks to government involvement in crypto laundering attacks.
AI Deepfakes, Social Tactics Behind 2025 Crypto Scam Rise: Bitget Report
The report cites AI deepfakes, weaponized psychology, and social engineering. It lays bare how bad actors use synthetic videos, virtual identities, and fake crypto meetings to deceive users and dismantle trust in the Web3 ecosystem.
A key finding in the report is that in 2025, scams will go beyond stealing user keys to hijack victims’ realities. From celebrity deepfakes to Trojan job offers and fake Zoom meetings, the latest scams blend high-tech deception with low-tech manipulation.
Bitget’s report categorizes the most dangerous threats under three pillars: deepfake impersonation, social engineering scams, and advanced Ponzi schemes. The most insidious are deepfakes.
AI Deepfakes Blur the Line Between Real and Fake
In early 2025, Hong Kong police arrested 31 individuals in a deepfake scam syndicate. Perpetrators stole $34 million by impersonating crypto executives during fake investment calls. This was just one of 87 similar operations dismantled across Asia in Q1 alone.
“…attackers using AI synthesis tools to fabricate audio and video likenesses of well-known project founders, exchange executives, or community KOLs in order to mislead users. These fabricated materials are often highly realistic,” read an excerpt in the report shared with BeInCrypto.
With tools like Synthesia, ElevenLabs, and HeyGen, attackers fabricate dynamic likenesses of public figures. Named victims include Elon Musk and Singapore’s Prime Minister. Bad actors create convincing videos to promote fraudulent platforms.
These videos are often distributed on social channels like Telegram, X (Twitter), and YouTube Shorts. Based on the report, they turn off comments to maintain a façade of legitimacy.
One case involved deepfake clips of Singapore Minister Lee Hsien Loong endorsing a “government-backed crypto initiative.” The campaign reportedly ensnared thousands before it was flagged.
Zoom, but Make It a Scam
Another disturbing tactic involves impersonating Zoom. Victims receive fake meeting invites from “crypto executives,” prompting them to download Trojan-laced software.
During the meeting, scammers use deepfake avatars and fabricated credentials to trick users into sharing wallet access or approving malicious transactions.
“The people luring you to download fake Zoom for meetings are extremely persuasive, making you feel it’s unlikely to be fake. A key point is that the participants you see during the meeting are actually displayed using deepfake videos… Don’t doubt it, in the AI era, video and voice forgery can be extremely realistic…,” SlowMist founder Cos shared on X.
Once inside the system, attackers can access browser data, cloud storage, or private keys, exposing users to total account compromise. These multi-layered attacks represent a new “identity hijack” category combining technical infiltration and social trust manipulation.
Social Engineering to Exploit Human Vulnerability
Bitget’s report stresses that modern scams rely as much on psychology as code. One notable trend is the rise of “AI arbitrage bot” scams, where scammers promise effortless gains using ChatGPT-branded smart contracts.
Bad actors trick users into deploying malicious code via fake Remix IDE pages, and their funds are instantly rerouted to scammer wallets.
What’s worse? These schemes are often small-scale, targeting victims for $50–$200 at a time. While the losses are minor enough to deter pursuit, they are frequent enough to generate large cumulative profits for attackers.
Ponzi Schemes Behind Promised Yields
Beyond AI-generated scams, Bitget also warns that traditional Ponzi and pyramid schemes have not disappeared, but have mutated. Specifically, these scams have undergone a “digital evolution,” leveraging on-chain tools, rapid viral marketing, and the illusion of legitimacy through smart contracts.
Instead of opaque offshore bank accounts, modern-day fraudsters attract victims through Telegram groups, Twitter hype, and tokens with built-in referral mechanics.
Smart contracts give these scams a thin veneer of decentralization and transparency. Meanwhile, carefully obfuscated tokenomics mimic legitimate yield structures until the inevitable collapse.
A potent mix of social engineering and digital virality is fueling this transformation. Influencers and anonymous promoters often seed these scams through memes, testimonials, or even AI-generated videos posing as reputable figures.
Projects disguised as “community-driven” DAOs or staking protocols rope users in with unsustainable returns, creating a frenzy of buy-ins that mask the exit liquidity strategy.
As regulation struggles to catch up, the speed and scale at which these digital Ponzi schemes propagate make them harder to track.
A Call for Skepticism and Collective Defense
Against this backdrop, Bitget has launched a dedicated Anti-Scam Hub, integrating real-time behavioral analytics to flag suspicious activity.
It has partnered with Elliptic and SlowMist to trace illicit fund flows and dismantle phishing infrastructures across multiple chains.
The report urges users to verify all asset-related instructions across multiple channels, noting that visual and auditory credibility is no longer enough. It also encourages projects to adopt on-chain signature broadcasts and maintain a single verified communication channel.
Scam Red Flags and Protection Measures. Source: Bitget report
With scams advancing, so must user and ecosystem defenses. The crypto industry now faces a dual challenge: safeguarding assets and rebuilding user trust in a digital world where anyone can be anyone.