{"id":181103,"date":"2026-01-23T23:07:00","date_gmt":"2026-01-24T04:07:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/23\/a-282m-crypto-theft-an-exodus-from-cambodias-scam-camps-and-other-cybersecurity-news\/"},"modified":"2026-01-24T00:00:09","modified_gmt":"2026-01-24T05:00:09","slug":"a-282m-crypto-theft-an-exodus-from-cambodias-scam-camps-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/23\/a-282m-crypto-theft-an-exodus-from-cambodias-scam-camps-and-other-cybersecurity-news\/","title":{"rendered":"A $282m crypto theft, an exodus from Cambodia\u2019s scam camps, and other cybersecurity news"},"content":{"rendered":"

A $282m crypto theft, an exodus from Cambodia\u2019s scam camps, and other cybersecurity news<\/a><\/p>\n

https:\/\/forklog.com\/en\/a-282m-crypto-theft-an-exodus-from-cambodias-scam-camps-and-other-cybersecurity-news\/<\/a><\/p>\n

Publish Date: 2026-01-23 23:07:00<\/a><\/p>\n

Source Domain: forklog.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The week\u2019s key cybersecurity stories.<\/p>\n

\t\t\t Here are the week\u2019s most important cybersecurity stories.<\/p>\n

A user lost $282m in cryptocurrency to a fake support agent.
\nPhishers targeted users of the LastPass password manager.
\nThousands left Cambodia\u2019s scam compounds.
\nAuthorities unmasked the leader of a ransomware gang.<\/p>\n

A user lost $282m in crypto to fake tech support
\nOn 10 January 2026 one of the biggest social-engineering heists was recorded: the victim lost bitcoin and litecoin worth $282m. On-chain sleuth ZachXBT drew attention to the case.<\/p>\n

On January 10, 2026 at around 11 pm UTC a victim lost $282M+ worth of LTC & BTC due to a hardware wallet social engineering scam.
\nThe attacker began converting the stolen LTC & BTC to Monero via multiple instant exchanges causing the XMR price to sharply increase.
\nBTC was also\u2026
\n\u2014 ZachXBT (@zachxbt) January 16, 2026<\/p>\n

The user handed the seed phrase of a hardware wallet to a scammer posing as a Trezor support agent. With access secured, the hacker withdrew 2,050,000 LTC and 1,459 BTC.
\nThe attacker used the decentralised protocol THORChain to convert the assets into Monero, triggering a local spike. ZeroShadow specialists quickly traced the transaction chain and froze about $700,000.
\nPhishers set upon LastPass users
\nOn 20 January the developers of the LastPass password manager warned users about a new phishing campaign masquerading as maintenance notifications.
\nAttackers send emails urging recipients to create a backup of their password vault within 24 hours. The notice includes a link supposedly leading to a page for creating an encrypted backup, but clicking Create Backup Now redirects the user to a phishing site.\u00a0
\nThe aim is to steal victims\u2019 master passwords. Specialists believe the malicious campaign began on 19 January.\u00a0
\nThousands leave Cambodia\u2019s scam camps
\nIn the past week thousands of people \u2014 including victims of human traffickers \u2014 left scam centres in Cambodia as authorities cracked down on crime. This was reported by the BBC.
\nPhnom Penh has launched a fresh effort to bring order to the scam camps \u2014 sprawling complexes where hundreds of people run fraud schemes that steal billions of dollars from victims around the world.
\nExperts say many end up in such places through deception, though some work there voluntarily.
\nOn 15 January Cambodian authorities arrested businessman Kuong Ly on suspicion of illegal recruitment and exploitation, fraud and money laundering. In March 2023 he was the subject of a BBC Eye investigation into scam centres in South-East Asia.
\nThe programme described a compound in the resort city of Sihanoukville owned by Ly. People working there were lured from other countries, forced to work at night and to engage in fraud.
\nAuthorities unmask the leader of a ransomware syndicate
\nLaw-enforcement agencies in Germany and Ukraine have identified the head of the Black Basta ransomware gang as a 35-year-old Russian, Oleg Nefedov. Interpol and Europol have placed the fraudster, known online as tramp and kurva, on their most-wanted lists, reports Ukraine\u2019s Cyber Police.
\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a: Europe\u2019s most wanted.
\nInvestigators linked Nefedov to the now-disbanded Conti syndicate; after a 2022 rebrand, Black Basta emerged as its direct successor.
\nDuring raids in the Ivano-Frankivsk and Lviv regions two members of the group were detained. They specialised in breaching secured systems and stealing passwords, providing initial access to the networks of large corporations and paving the way for data encryption and multimillion-dollar ransom demands.
\nSearches seized digital media and substantial sums in cryptocurrency.
\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a: \u041e\u0444\u0438\u0441 \u0413\u0435\u043d\u043f\u0440\u043e\u043a\u0443\u0440\u043e\u0440\u0430 \u0423\u043a\u0440\u0430\u0438\u043d\u044b.
\nTo date, Black Basta has attacked more than 700 organisations, including critical targets: Germany\u2019s defence group Rheinmetall, Hyundai\u2019s European arm and Britain\u2019s BT Group.
\nHackers target Chrome and Edge users
\nThe KongTuke group has begun mass distribution of a malicious extension, NexShield, for Chrome and Edge, reported cybersecurity researchers at Huntress.\u00a0
\nThe malware poses as an ultra-light ad blocker. The extension intentionally overloads memory and CPU, freezing tabs and crashing the browser, pushing the user to seek a system fix.
\nAfter a forced restart, NexShield displays a fake security window offering to scan the system.
\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a: Huntress.
\nAs a supposed remedy, the software suggests copying a command to the clipboard and executing it in the Windows command prompt. In reality this step runs a script that downloads a new remote-access trojan \u2014 ModeloRAT.
\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a: Huntress.
\nExperts say the main target is the corporate sector. The virus has a 60-minute delay to avoid suspicion and activates primarily on organisations\u2019 domain networks. Once inside, ModeloRAT enables deep reconnaissance, registry changes, installation of third-party software and covert control of the victim\u2019s computer.
\nHuntress researchers noted that simply removing the extension from the browser will not fix the problem, as the trojan sits deep in the system. PC owners are advised to run a full antivirus scan and never execute commands suggested by websites or extensions.
\nZendesk\u2019s helpdesk cloud floods users with spam after breach
\nUsers around the world became targets of a mysterious wave of spam originating from unsecured systems of Zendesk\u2019s cloud support service. On 18 January victims reported receiving hundreds of emails.<\/p>\n

There\u2019s some exploit or mass-scale abuse with @Zendesk right now\u2026 I just got EIGHT HUNDRED emails from them over the course of about an hour.
\nThey\u2019re all scams sent from different Zendesk instances. Many bypassed iCloud\u2019s Junk filters. pic.twitter.com\/nWXr2nFtg3
\n\u2014 Nick Oates (@nickoates_) January 18, 2026<\/p>\n

The messages appear not to contain malicious links or blatant phishing. But the sheer volume and chaotic nature of the mailings alarm recipients.
\nThe emails sport bizarre subjects: some mimic law-enforcement requests or takedown demands; others offer free Discord Nitro or plead \u201cHelp me!\u201d.
\nAccording to BleepingComputer, the messages are generated by support platforms of companies that use Zendesk for customer service. Attackers found a loophole in a feature that allows unauthenticated users to submit requests and receive automatic replies.
\nAmong the affected firms: Discord, Tinder, Riot Games, Dropbox, CD Projekt (2k.com), Maya Mobile, NordVPN, the Tennessee Department of Labor, Lightspeed, CTL, Kahoot, Headspace and Lime.
\nZendesk told the outlet it has introduced new security features to detect and block such spam in future.\u00a0
\nAlso on ForkLog:<\/p>\n

Hackers stole $48m in confiscated bitcoin from South Korea\u2019s prosecutor\u2019s office.
\nTrove Markets\u2019 developers executed a rug pull after the ICO.
\nFormer Alameda Research head Caroline Ellison will be released on 28 January.
\nHackers drained $7m from Saga, crashing its native stablecoins.
\nSlowMist discovered a \u201cfuture attack\u201d in a Linux store.
\nChainalysis introduced a tool to automate threat tracking across blockchains.
\nThe Makina Finance DeFi protocol was hacked for $5m.
\nExperts called a major hack \u201ca death sentence\u201d for 80% of protocols.<\/p>\n

What to read this weekend?
\nElena Vasilyeva invites ForkLog readers to don a tinfoil hat to understand how conspiracy theories became a foundation of the digital economy, why Larry Fink is scarier than reptilians, and what DYOR has in common with religious ecstasy.<\/p>\n

\t\t\t\t\u041f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0439\u0442\u0435\u0441\u044c \u043d\u0430 ForkLog \u0432 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445<\/p>\n

\u041d\u0430\u0448\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0442\u0435\u043a\u0441\u0442\u0435? \u0412\u044b\u0434\u0435\u043b\u0438\u0442\u0435 \u0435\u0435 \u0438 \u043d\u0430\u0436\u043c\u0438\u0442\u0435 CTRL+ENTER<\/p>\n

\t\t\t\t\u0420\u0430\u0441\u0441\u044b\u043b\u043a\u0438 ForkLog: \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0440\u0443\u043a\u0443 \u043d\u0430 \u043f\u0443\u043b\u044c\u0441\u0435 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

A $282m crypto theft, an exodus from Cambodia\u2019s scam camps, and other cybersecurity news https:\/\/forklog.com\/en\/a-282m-crypto-theft-an-exodus-from-cambodias-scam-camps-and-other-cybersecurity-news\/…<\/p>\n","protected":false},"author":1,"featured_media":181104,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/forklog.com\/wp-content\/uploads\/img-162813c4779cb0c2-4082025297322405.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,31,35,32,25],"class_list":["post-181103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-exploit","tag-hacker","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181103"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=181103"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181103\/revisions"}],"predecessor-version":[{"id":181105,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181103\/revisions\/181105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/181104"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=181103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=181103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=181103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}