Microsoft reports a new type of attack on crypto companies
An attacker gains the trust of industry participants to further send an Excel file with malicious code
07.12.2022 - 11:30
495
2 min
0
What’s new? US technology company Microsoft has warned users about a new type of attack targeting crypto companies. According to a blog post, an attacker is sending an Excel file called “OKX Binance & Huobi VIP fee comparison” to Telegram groups that contains malicious code to gain remote access to victims’ systems.
How is the attack being carried out? The last attack detected was carried out by DEV-0139 (code assigned by Microsoft for easy identification), which joined Telegram groups used to communicate between VIP clients and cryptocurrency exchange platforms. DEV-0139 posed as a representative of a crypto investment company and initiated a discussion about the fees of various exchanges. After gaining the trust of other participants, DEV-0139 sent them an Excel file comparing fees for VIP on OKX, Binance, and Huobi exchanges that contained malicious code.
Microsoft stressed that the cryptocurrency market has expanded significantly over the past few years. Digital assets are used by cybercriminals for ransomware attacks, in addition, there are attacks against crypto companies for financial gain. Attacks on this market take many forms, including fraud, vulnerability exploits, and fake apps. The company is also seeing more sophisticated types of attacks, which require expert industry knowledge and serious training to gain the trust of victims before an attack is carried out.
Microsoft was founded in 1975 and is headquartered in Redmond, Washington. It develops, manufactures, licenses, supports, and sells computer software, consumer electronics, personal computers, and related services.
In May, Microsoft warned of new malware targeting cryptocurrency wallets. The company introduced the term cryware, which refers to the theft of information from non-custodial hot cryptocurrency wallets.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$63 305
BTC
-3.17%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.16
XRP
-4.03%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.087642
DOGE
-4.83%
-
Zcash
$491.16
ZEC
-21.31%
-
Stellar XLM
$0.201795
XLM
-5.24%
-
Cardano
$0.181015
ADA
-10.98%
-
Polkadot
$3.32
DOT
+5.27%