AI and crypto crime: new schemes, high-profile investigations, and billions in laundered funds
Date: 2025-07-21 Author: Oliver Abernathy Categories: BUSINESS
Recently, Kaspersky Lab specialists found out that a Russian blockchain developer lost $500,000 in cryptocurrency after installing an infected extension for Cursor AI IDE. This is a popular environment based on Microsoft Visual Studio Code, where third-party modules can be easily added via Open VSX. The malicious extension, disguised as Solidity Language, allegedly helped work with Ethereum smart contracts, but in fact infected the system with an infostealer and remote access. It is noteworthy that the victim had just reinstalled the operating system and installed a minimum of applications.
In Ukraine, the local cyber police and Czech law enforcement officers jointly managed to stop the activities of call centers that were deceiving residents of EU countries. Fraudsters sent links to fake payment pages to sellers in the Czech Republic and Poland, gaining access to bank data. Part of the stolen 1.5 million hryvnia was transferred into cryptocurrency. The investigation lasted a year and a half and ended with searches in six regions and charges against 14 network participants.
Meanwhile, experts have identified a vulnerability in Google Gemini. According to researcher Marco Figueroa, malicious commands can be embedded directly into emails through invisible prompts. If a user asks the AI to compose a summary of the email, Gemini will automatically execute the hidden instruction - for example, it will offer to call a fake "support service" number and lure out confidential data. This method is especially dangerous, since it does not include suspicious attachments and links.
Elliptic analysts also reported that $21.8 billion in crypto assets were laundered through DEX, cross-chain bridges, and exchangers in 2025. A significant portion of the funds is linked to North Korean hackers and Iranian services that have fallen under sanctions. Fraudsters are actively using cross-chain technologies to hide their tracks and bypass blocking by issuers such as Tether and Circle. Experts note the growing interest of criminals in new technologies and urge caution, especially during periods of market excitement.
The security issue also affected familiar passwords. A study by Specops Software showed that only 1.5% of 10 million passwords tested can be called truly reliable. Most combinations are too short and predictable, which makes it easier for cybercriminals to work.
In addition, one of the largest data leaks in healthcare occurred in the United States: Episource reported that the information of more than 5.4 million people was compromised. The hack lasted a week and resulted in the theft of personal, medical and insurance data. According to Sharp Healthcare, the cause was ransomware.
Additionally, a long-standing vulnerability in the US railway sector has come to light. Twelve years after its discovery, railway companies have stopped using a radio protocol that allowed the brakes of the last car of a multi-kilometer train to be remotely activated for $500 and using a simple radio station.
These cases highlight that as technology advances, cyber threats are becoming more sophisticated, and user vigilance is becoming more important.
