The newest weapon in crypto’s long-running security war is not a novel exploit, but a familiar face - or rather, a synthetic one.

According to researchers at Google’s Mandiant, a North Korea-linked group known as UNC1069 has refined its tactics by combining old-fashioned social engineering with AI-enabled deception. The target was a FinTech firm operating in digital assets. The opening gambit was mundane: a compromised Telegram account belonging to a crypto executive. Messages were exchanged, trust was cultivated and a Calendly invitation duly sent.

The link led not to Zoom, but to a convincing facsimile hosted on infrastructure controlled by the attackers. During the call, the victim reportedly encountered what appeared to be a senior crypto executive on screen - likely a deepfake. When audio problems conveniently arose, the target was instructed to run “troubleshooting” commands. These instead triggered a multi-stage malware infection.

Seven distinct malware families were subsequently deployed, harvesting Keychain credentials, browser cookies, Telegram session data and other sensitive files. The aim was not merely theft, but persistence: to siphon cryptocurrency and gather intelligence for future incursions. The breadth of tooling suggests a highly targeted effort.

The episode forms part of a broader pattern. North Korean-linked actors are estimated to have stolen more than $2bn in digital assets in 2025, a sharp increase on the previous year. On-chain analysis indicates that scam operations incorporating AI tools operate with greater efficiency than those without.

Crypto was born of code, but its vulnerabilities remain human. As deepfakes become cheaper and more persuasive, the line between genuine and fabricated authority blurs. The industry’s defences must now contend not only with malicious software, but with counterfeit trust itself.

Brussels is preparing its most sweeping move yet against Russia’s digital financial lifelines. The European Commission has proposed banning all cryptocurrency transactions with entities established in Russia, arguing that piecemeal sanctions have merely encouraged evasion through successor platforms.

The logic is blunt. Rather than blacklist individual exchanges - only for new ones to emerge - the EU would prohibit engagement with any Russian crypto-asset service provider or platform facilitating digital-asset transfers. Officials contend that crypto infrastructure has become an auxiliary channel for trade in dual-use goods supporting Moscow’s war in Ukraine.

The proposal forms part of the bloc’s 20th sanctions package since the invasion began. It also marks the first planned use of new anti-circumvention powers. Kyrgyzstan has been drawn into the net: Brussels wants to restrict exports of certain sensitive goods to the country, citing an 800% rise in EU shipments of high-priority items there and a 1,200% surge in Kyrgyz exports to Russia since 2022. The inference is clear - diversion.

The measures would extend beyond crypto exchanges. Twenty additional banks could be sanctioned, transactions using Russia’s central bank-backed digital rouble curtailed, and services to ships carrying Russian crude fully banned, replacing the G7’s oil price-cap regime.

Yet unanimity is required among the EU’s 27 member states, and several harbour doubts. Some worry that tighter oil-service restrictions would simply cede business to non-European firms. Others seek more evidence before escalating further.

The proposal reflects a broader shift in sanctions strategy: from targeting named entities to closing entire financial channels. Whether that proves more effective - or merely prompts new workarounds - will test the EU’s resolve and regulatory ingenuity.

As Britain sharpens its approach to digital-asset regulation, Stand With Crypto has turned its attention firmly to Westminster.

The campaign, originally incubated in America with backing from Coinbase, is now lobbying UK policymakers as the government prepares a full regulatory regime under the Financial Services and Markets Act. Its pitch is straightforward: if Britain wants to be a global crypto hub, it must match ambition with clarity.

In recent months the group has encouraged British crypto holders to contact their MPs, respond to Treasury consultations and press ministers to prioritise proportionate rules for exchanges, custody and stablecoins. Supporters are urged to frame digital assets not as speculative novelties but as financial infrastructure in waiting. The implicit warning is that talent and capital are mobile; heavy-handed policy would send both elsewhere.

The timing is deliberate. The HM Treasury is finalising secondary legislation, while the Financial Conduct Authority is expanding its oversight from anti-money-laundering registration to a broader conduct regime. Questions around market abuse, custody safeguards and retail access remain politically sensitive. Stand With Crypto argues that excessive restriction would undermine the government’s growth agenda.

Unlike traditional City lobbying, the group leans heavily on retail mobilisation. Britain’s millions of crypto holders are portrayed as a constituency in their own right - younger, digitally native and politically attentive.

Whether ministers bend remains to be seen. But as the UK moves from consultation to enforcement, crypto’s advocates are determined that regulation should shape the industry, not stifle it.

Always protect yourself from forced selling.