Russian Gotbit founder strikes $23M plea deal with US prosecutors  

Opinion by: Jimmy Su, Binance chief security officerThe threat of InfoStealer malware is on the rise, targeting people and organizations across digital finance and far beyond. InfoStealers are a category of malware designed to extract sensitive data from infected devices without the victim’s knowledge. This includes passwords, session cookies, crypto wallet details and other valuable personal information.According to Kaspersky, these malware campaigns leaked over 2 million bank card details last year. And that number is only growing.Malware-as-a-serviceThese tools are widely available via the malware-as-a-service model. Cybercriminals can access advanced malware platforms that offer dashboards, technical support and automatic data exfiltration to command-and-control servers for a subscription fee. Once stolen, data is sold on dark web forums, Telegram channels or private marketplaces.The damage from an InfoStealer infection can go far beyond a single compromised account. Leaked credentials can lead to identity theft, financial fraud and unauthorized access to other services, especially when credentials are reused across platforms.Recent: Darkweb actors claim to have over 100K of Gemini, Binance user infoBinance’s internal data echoes this trend. In the past few months, we’ve identified a significant uptick in the number of users whose credentials or session data appear to have been compromised by InfoStealer infections. These infections don’t originate from Binance but affect personal devices where credentials are saved in browsers or auto-filled into websites.Distribution vectorsInfoStealer malware is often distributed via phishing campaigns, malicious ads, trojan software or fake browser extensions. Once on a device, it scans for stored credentials and transmits them to the attacker.The common distribution vectors include:Phishing emails with malicious attachments or links.Fake downloads or software from unofficial app stores.Game mods and cracked applications are shared via Discord or Telegram.Malicious browser extensions or add-ons.Compromised websites that silently install malware (drive-by downloads).Once active, InfoStealers can extract browser-stored passwords, autofill entries, clipboard data (including crypto wallet addresses) and even session tokens that allow attackers to impersonate users without knowing their login credentials.What to watch out for Some signs that might suggest an InfoStealer infection on your device:Unusual notifications or extensions appearing in your browser.Unauthorized login alerts or unusual account activity.Unexpected changes to security settings or passwords.Sudden slowdowns in system performance.A breakdown of InfoStealer malwareOver the past 90 days, Binance has observed several prominent InfoStealer malware variants targeting Windows and macOS users. RedLine, LummaC2, Vidar and AsyncRAT have been particularly prevalent for Windows users. RedLine Stealer is known for gathering login credentials and crypto-related information from browsers.LummaC2 is a rapidly evolving threat with integrated techniques to bypass modern browser protections such as app-bound encryption. It can now steal cookies and crypto wallet details in real-time.Vidar Stealer focuses on exfiltrating data from browsers and local applications, with a notable ability to capture crypto wallet credentials.AsyncRAT enables attackers to monitor victims remotely by logging keystrokes, capturing screenshots and deploying additional payloads. Recently, cybercriminals have repurposed AsyncRAT for crypto-related attacks, harvesting credentials and system data from compromised Windows machines.For macOS users, Atomic Stealer has emerged as a significant threat. This stealer can extract infected devices’ credentials, browser data and cryptocurrency wallet information. Distributed via stealer-as-a-service channels, Atomic Stealer exploits native AppleScript for data collection, posing a substantial risk to individual users and organizations using macOS. Other notable variants targeting macOS include Poseidon and Banshee.At Binance, we respond to these threats by monitoring dark web marketplaces and forums for leaked user data, alerting affected users, initiating password resets, revoking compromised sessions and offering clear guidance on device security and malware removal.Our infrastructure remains secure, but credential theft from infected personal devices is an external risk we all face. This makes user education and cyber hygiene more critical than ever.We urge users and the crypto community to be vigilant to prevent these threats by using antivirus and anti-malware tools and running regular scans. Some reputable free tools include Malwarebytes, Bitdefender, Kaspersky, McAfee, Norton, Avast and Windows Defender. For macOS users, consider using the Objective-See suite of anti-malware tools. Lite scans typically don’t work well since most malware self-deletes the first-stage files from the initial infection. Always run a full disk scan to ensure thorough protection.Here are some practical steps you can take to reduce your exposure to this and many other cybersecurity threats:Enable two-factor authentication (2FA) using an authenticator app or hardware key.Avoid saving passwords in your browser. Consider using a dedicated password manager.Download software and apps only from official sources.Keep your operating system, browser and all applications up to date.Periodically review authorized devices in your Binance account and remove unfamiliar entries.Use withdrawal address whitelisting to limit where funds can be sent.Avoid using public or unsecured WiFi networks when accessing sensitive accounts.Use unique credentials for each account and update them regularly.Follow security updates and best practices from Binance and other trusted sources.Immediately change passwords, lock accounts and report through official Binance support channels if malware infection is suspected.The growing prominence of the InfoStealer threat is a reminder of how advanced and widespread cyberattacks have become. While Binance continues to invest heavily in platform security and dark web monitoring, protecting your funds and personal data requires action on both sides.Stay informed, adopt security habits and maintain clean devices to significantly reduce your exposure to threats like InfoStealer malware.Opinion by: Jimmy Su, Binance chief security officer.This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

South Carolina has become the latest US state to dismiss its lawsuit against crypto exchange Coinbase over its staking services, which had accused the crypto exchange of offering unregistered securities.The lawsuit was officially dismissed in a joint stipulation between the crypto exchange and the South Carolina Attorney General’s securities division on March 27.“South Carolina just joined Vermont to dismiss its unfounded staking lawsuit against Coinbase,” the firm’s chief legal officer, Paul Grewal, said in a March 27 X post.“This is not just a victory for us, but for American consumers and we hope it’s a sign of things to come in the few states left that restrict staking.”South Carolina Attorney General and Coinbase’s joint stipulation. Source: South Carolina Attorney GeneralSouth Carolina and Vermont were two of 10 US states that took legal action against Coinbase’s staking services on June 6, 2023 — the same day that the federal securities regulator filed its lawsuit against the crypto exchange.The Securities and Exchange Commission officially dismissed that lawsuit on Feb. 27, 2025.The other eight US states that filed enforcement action similar to South Carolina were Alabama, California, Illinois, Kentucky, Maryland, New Jersey, Washington and Wisconsin. Grewal said he hoped to see other states follow suit, and that South Carolina residents lost an estimated $2 million in staking rewards as a result of the lawsuit.“The 52 million Americans who own crypto deserve commonsense consumer protections and clear rules,” he said. “We applaud South Carolina for standing up for justice and hope the remaining states with bans on staking will take notice.”South Carolina introduces Bitcoin reserve billMeanwhile, a state lawmaker has just introduced the “Strategic Digital Assets Reserve Act of South Carolina” on March 27, which could see the state treasurer allocate up to 10% of certain state funds to cryptocurrencies such as Bitcoin (BTC).Unlike most US state crypto reserve bills, North Carolina’s House Bill 4256, introduced by Rep. Jordan Pace, mentioned Bitcoin on several occasions for the Strategic Digital Assets Reserve that the bill seeks to establish.Source: Jordan PaceThe bill allows South Carolina’s treasurer, currently Curtis Loftis, to establish a Bitcoin reserve that exceeds no more than 1 million Bitcoin — a high ceiling that the US federal government is also looking to reach or exceed with its recently established Strategic Bitcoin Reserve.The treasurer would be able to add Bitcoin to South Carolina’s General Fund, the Budget Stabilization Reserve Fund any other investment fund that they manage.Related: Coinbase files FOIA to see how much the SEC’s ‘war on crypto’ costWhile no mention of stablecoins, non-fungible tokens, Ether (ETH) or any other crypto tokens was made, the House bill said the Strategic Digital Assets Reserve wouldn’t be limited to Bitcoin.According to Bitcoin Law, 42 Bitcoin reserve bills have been introduced at the state level in 19 states, and 36 of those 42 bills remain live.Earlier this month, US President Donald Trump signed an executive order to create a Strategic Bitcoin Reserve and a Digital Asset Stockpile, both of which will initially use cryptocurrency forfeited in government criminal cases.Magazine: Comeback 2025: Is Ethereum poised to catch up with Bitcoin and Solana?

The European Union’s insurance authority has proposed a blanket rule that would mandate insurance firms to maintain capital equal to the value of their crypto holdings as part of a measure to mitigate risks for policyholders.The new proposal — made by the European Insurance and Occupational Pensions Authority in a Technical Advice report to the European Commission on March 27 — would set a far stricter standard than other asset classes, such as stocks and real estate, which don’t even need to be half-backed.“EIOPA considers a 100% haircut in the standard formula prudent and appropriate for these assets in view of their inherent risks and high volatility,” it said in a separate statement.Such a measure would fill a regulatory gap between the Capital Requirements Regulation and Markets in Crypto-Assets Regulation (MiCA), EIOPA said, noting that the European Union’s regulatory framework for insurers currently lacks specific provisions on crypto assets.Circle argued in January that a blanket 100% stress factor on crypto assets didn’t account for lower-risk stablecoins. Source: Circle EIOPA outlined four options for the European Commission to consider — one: make no changes; two: mandate an 80% “stress level” to crypto assets; and three: mandate a 100% stress level to crypto asset. The stress level percentages determine how much capital firms need to hold to stay solvent.The fourth option called on the European Commission to consider the risks of tokenized assets more broadly.EIOPA said option three would be the most appropriate option.“An 80% stress to the value of crypto-asset exposures does not appear sufficiently prudent,” whereas “a 100% stress is more appropriate and aligns with one of the approaches to the transitional treatment of crypto-assets under CRR,” EIOPA said.The 100% stress refers to the assumption that the crypto asset prices could fall by 100% and that diversification — spreading the risk across different assets — wouldn’t not reduce this stress. EIOPA pointed out that Bitcoin (BTC) and Ether (ETH) have fallen 82% and 91%, respectively, in the past.A 100% capital charge for crypto assets would reflect a far stricter approach compared to stocks, which range between 39% and 49%, and real estate, which incurs a 25% capital charge, according to solvency capital requirements laid out in the Commission Delegated Regulation 2015/35.EIOPA said a 100% capital charge for crypto asset-related (re)insurance undertakings shouldn’t be “overly burdensome” and that there would be no material costs for policyholders.“The capital requirements would fully capture the risk of crypto-asset with a positive impact on policyholder protection in case there are material exposures in the future.”Related: Tabit offers USD insurance policies backed by Bitcoin regulatory capitalEIOPA acknowledged that the share of crypto-asset (re)insurance undertakings accounts for just 655 million euros or 0.0068% of all undertakings in Europe — even referring to it as “immaterial.”“At the same time crypto assets are high risk investments which may result in total loss of value,” EIOPA said, explaining why it recommends option three.Luxembourg and Sweden could be hit hardest by the proposed ruleInsurers in Luxembourg and Sweden are likely to be the most affected, according to a Q4 2023 report cited by EIOPA, which found that these two countries accounted for 69% and 21% of all crypto asset-related exposures among (re)insurance undertakings.Ireland, Denmark and Liechtenstein also accounted for 3.4%, 1.4% and 1.2% of the undertakings. Most of these undertakings are structured within funds, such as exchange-traded funds, and held on behalf of unit-linked policyholders, EIOPA noted.Split of crypto-asset exposure proxy per European country in Q4 2023. Source: EIOPAEIOPA, however, acknowledged that a broader adoption of crypto assets in the future may require a more “differentiated approach.”Magazine: Crypto fans are obsessed with longevity and biohacking: Here’s why