Authorities have successfully taken down multiple domains associated with LUMMAc2, a sophisticated malware designed to steal cryptocurrency seed phrases from victims’ devices.
This crackdown marks a significant step in combating cybercrime targeting the crypto community.
This week, the FBI disrupted LummaC2, a popular infostealer service, which conducted millions of attacks against victims. With help from partners like Microsoft, the FBI is fulfilling its mission to disrupt key services in the cybercriminal ecosystem: https://t.co/y5arOMpqrz pic.twitter.com/27ZxdRAcmC
— FBI (@FBI) May 21, 2025
LUMMAc2 infects users’ computers and mobile devices, silently capturing their private seed phrases—the critical keys that grant access to their crypto wallets. Once compromised, attackers can drain victims’ funds without any chance of recovery. The malware has been linked to numerous thefts across various blockchain networks, causing substantial financial losses.
The coordinated law enforcement action involved international cybercrime units working together to identify and seize the domains used to distribute LUMMAc2 malware. By shutting down these domains, authorities aim to disrupt the malware’s spread and protect potential victims from further harm.
Experts warn that seed phrase-stealing malware like LUMMAc2 thrives on user negligence, such as clicking suspicious links or downloading unverified software. To stay safe, crypto users should never share their seed phrases, avoid downloading apps from unofficial sources, and use hardware wallets where possible.
This operation highlights the ongoing battle between cybersecurity forces and cybercriminals in the rapidly evolving crypto space. While law enforcement successes provide temporary relief, users must remain vigilant as malicious actors continuously develop new tactics to exploit vulnerabilities.
The crypto market remains resilient despite such threats, with major tokens like Bitcoin and Ethereum maintaining strong prices. However, the incident serves as a reminder of the importance of personal security in managing digital assets.
Meanwhile, Google reports that the Russian-backed cyber-espionage group COLDRIVER is using a new malware called LOSTKEYS to target Western entities. Previously known for credential phishing, the group employs advanced methods, starting with fake CAPTCHA websites, to steal sensitive documents via a multi-stage infection. Google says it has blocked malicious domains via its Safe Browsing system to limit potential fallout.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
