Baring the DNS Traces of the Slow Pisces Attack on Cryptocurrency Developers
Slow Pisces gained renown for stealing billions of dollars from the cryptocurrency sector in various countries since 2023. It is up to no good again as it recently trailed its sights on cryptocurrency developers, engaging with them on LinkedIn in their 2025 campaign.1
Palo Alto Unit 42 reported on the attack and identified 54 indicators of compromise (IoCs) in the process. WhoisXML API expanded the current list of IoCs and uncovered other potentially connected artifacts comprising: