#NSBCS.094 - TOKEN2049 Singapore 2025: Safeguarding the Digital Economy in a Time of Rapid Change

TOKEN2049 Singapore 2025: Safeguarding the Digital Economy in a Time of Rapid Change

TOKEN2049 Singapore 2025 was a real eye-opener. With over 25,000 attendees from 160+ countries, 500 exhibitors, and 300 speakers, the event was buzzing. From ziplining across the expo floor to hackathons and startup pitches, it felt like a lively hub for blockchain ideas and the Digital Asset ecosystem.

What stood out were the trends shaping the digital economy. Discussions highlighted how crypto is gaining political traction, especially in the US, where policy shifts could unlock massive investment. The focus is moving from speculation to real-world uses, with blockchain blending into AI, robotics, and automated payment systems to create self-running networks. Stablecoin ecosystems are growing, aiming for fairer financial structures, while hackathons showcased rapid problem-solving for better infrastructure. Forecasts suggest huge growth—some even predict Bitcoin soaring to seven figures as adoption expands through interconnected networks.

But with this growth come challenges: cyber attacks, regulatory uncertainty, and identity management. Security became a major focus for me. Sessions on digital asset protection revealed tools for safer transactions and storage, critical when hacks cost billions annually. Building in multi-signature wallets and zero-knowledge proofs is essential to maintain trust. Strong identity systems are vital to prevent network breakdowns, especially as AI takes on bigger roles in payments and data. Robust protections ensure these systems stay secure and inclusive.

TOKEN2049 showed me the digital economy’s potential, but security is the foundation for lasting progress.

What we read this week

• Clop Extortion Emails Claim Theft of Oracle E-Business Suite Data - Mandiant and Google are investigating a new extortion campaign where executives are receiving emails claiming stolen data from Oracle E-Business Suite systems. The campaign began on or around 29 September 2025, using hundreds of compromised email accounts, with one linked to FIN11, a financially motivated group tied to ransomware and extortion. While the emails reference contact details linked to the Clop ransomware gang, investigators have not confirmed whether any data was actually stolen. Clop, also tracked as TA505 and FIN11, has a history of exploiting zero-day vulnerabilities in file transfer platforms, including the MOVEit Transfer attack that impacted thousands of organisations worldwide.

• Attackers Use Phishing to Harvest PyPI Maintainers’ Login Credentials - A recent phishing campaign has been targeting PyPI package maintainers with fake emails that mimic the Python Packaging Authority (PyPA), threatening account suspension to trick victims into verifying their accounts. The emails direct users to pypi-mirror[.]org and other look similar domains with valid HTTPS certificates, where a replica login page steals credentials via hidden JavaScript code. Attackers have made the scheme convincing by copying PyPI’s branding, using obfuscated URLs, and hosting infrastructure on popular CDNs, complicating detection and takedown. In response, PyPI is collaborating with registrars, CDN providers, and other open-source repositories to block domains and strengthen defences.

• Gemini Security Flaws Exposed Millions to Silent Data Breaches - Tenable uncovered three major vulnerabilities in Google’s Gemini suite, exposing millions of users to stealthy data theft risks before being patched. The flaws affected Cloud Assist, Search Personalisation, and the Browsing Tool, allowing attackers to plant malicious log entries, inject hidden queries into browser histories, and trigger outbound requests carrying private data to attacker controlled servers. These weaknesses enabled silent manipulation of Gemini’s behaviour, effectively turning the artificial intelligence (AI) platform itself into an attack vector without relying on malware or phishing. While Google has remediated the vulnerabilities, Tenable emphasised that AI platforms must be treated as attack surfaces, urging continuous audits, monitoring, and resilience testing to prevent future prompt injection and data poisoning attacks.

• Chinese APT ‘Phantom Taurus’ Targeting Organisations With Net-Star Malware - Phantom Taurus, a Chinese state-sponsored hacking group, has been carrying out espionage against government and telecommunications organisations for over two years, according to Palo Alto Networks. First detected in 2023, the group was only recently attributed to Chinese APTs due to overlapping infrastructure, despite using distinct tactics and custom malware families such as Specter and Net-Star. Their operations have focused on ministries, embassies, and high-value targets in Africa, the Middle East, and Asia, exfiltrating emails and compromising databases. In 2025, they began deploying Net-Star, a .NET malware suite for IIS servers that includes IIServerCore, a fileless backdoor and two AssemblyExecuter loaders designed to execute code in memory and evade defences like Window’s Antimalware Scan Interface (AMSI).

• Hackers Trick Users into Download Weaponised Microsoft Teams to Gain Remote Access - A new cyber campaign is exploiting trust in Microsoft Teams by using search engine optimisation (SEO) poisoning and malicious ads to redirect users to fake download sites that deliver weaponized installers. One spoofed domain, teams[-]install[.]top, offers a fraudulent MSTeamsSetup[.]exe signed with dubious digital certificates to bypass security warnings. Once executed, the installer deploys a persistent backdoor known as Oyster, which installs a malicious DLL, establishes persistence via a scheduled task, and enables remote access, communicating with attacker-controlled servers. To defend against this threat, experts recommend downloading software only from official vendor sites, using bookmarks instead of search engines, and prioritising user awareness of malvertising risks.

References

• https://www.bleepingcomputer.com/news/security/clop-extortion-emails-claim-theft-of-oracle-e-business-suite-data/

• https://cyberpress.org/pypi-phishing-attack/

• https://securitybrief.com.au/story/gemini-security-flaws-exposed-millions-to-silent-data-breaches

• https://www.securityweek.com/chinese-apt-phantom-taurus-targeting-organizations-with-net-star-malware/

• https://cybersecuritynews.com/weaponized-microsoft-teams/