Skip to content
Active Currencies: 17,465
Market Cap: $2.276T
Bitcoin Dominance: 56.39%
24h Market Cap Change: $1.26

3 crypto attacks in 24 hours – From fake apps to a $14.2M SOL theft

Here's how increasing security risks are affecting crypto developers and users in 2026.

Three breaches

Crypto scams are becoming increasingly prevalent, drawing widespread attention. In fact, more than three breaches occurred in the past 24 hours, with a few notable cases highlighted below. 

SecondFi falls victim to a scam

Fraudsters impersonated SecondFi by developing phony browser extensions and applications that were intended to steal cryptocurrency or access users’ wallets. 

To address the confusion, SecondFi clarified,

There is no new application or link, it is the same.

The team asserted that it will never ask users to download software, click links, sign transactions, or transfer assets through direct messages or emails.

Therefore, to prevent phishing scams and money theft, the team advised users to only install the official Chrome extension that has the blue verified checkmark and to access SecondFi via its official website.

SecondFi official page
Source: SecondFi/X

How did a theft result in a loss of 180,900 SOL?

In the second case, blockchain investigator ZachXBT claims that an early Solana [SOL] whale wallet was compromised. This resulted in the purported theft of 180,900 SOL, worth $14.2 million.

According to on-chain data, the wallet initially displayed unusual unstaking activity, indicating that the attacker took over the staked assets before transferring them to newly made Solana addresses to combine and exchange the money.

Later, the stolen assets were bridged from Solana to Ethereum [ETH] to obscure transaction trails and access greater liquidity. Moreover, the investigation asserted that some money had already been transferred using Tornado Cash, making them far harder to trace. 

A sophisticated supply chain attack

Finally,  jscrambler npm package became the target of a software supply chain attack after an attacker allegedly stole the login credentials needed to release new versions. For context, an information-stealing (infostealer) payload was included in malicious releases 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.

compromised jscrambler@8.14.0 release
Source: Socket/X

These releases were made to run malicious code on Linux, macOS, or Windows systems. Initially, a preinstall script that executes automatically during npm install was used to distribute the malware.

But in versions 8.18.0 and 8.20.0, the attacker incorporated the malicious code straight into the package, evading security measures such as npm install –ignore-scripts, which typically stops preinstall scripts from executing.

According to jscrambler, the attack was made possible by compromised npm publishing credentials, which allowed for unapproved releases. Following that, developers were urged to update immediately to version 8.22.0, which contains the fix. 


Final Summary

  • Different  hacking techniques like phishing scams, wallet compromises, and software supply chains are raising alarms.
  • By avoiding unsolicited links, updating compromised software, and confirming official sources, users, and developers can stay safe.
Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Ishika Kumari

Journalist

Ishika Kumari is a Crypto Analyst at AMBCrypto, specializing in regulatory developments, market dynamics, and blockchain’s real-world impact. She breaks down complex protocols and legislation into practical, easy-to-understand insights.

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.