Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Ondo Finance

Ondo Finance Vendor Cyber Rating & Cyber Score

ondo.finance

Institutional-Grade Finance. Onchain. For Everyone. Ondo Finance will never reach out unsolicited via Telegram, WhatsApp, or any [email protected] email. When in doubt, verify directly at ondo.finance.


Ondo Finance A.I CyberSecurity Scoring

Ondo Finance
Company Information
Website:https://ondo.finance
Employees number:116
Number of followers:33,731
NAICS:52
Industry Type:Financial Services
Homepage:ondo.finance
Ondo Finance Risk Score (AI oriented)
Between 700 and 749
logo
Ondo FinanceFinancial Services
Updated:
08/06/2026
735/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Ondo Finance Global Score (TPRM)
xxxx
logo
Ondo FinanceFinancial Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Ondo Finance
Ondo FinanceModerate
Current Score
735Ba (MODERATE)
01000
1 incidents
-21 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
735Before Incident
JUNE 2026
735Before Incident
MAY 2026
734Before Incident
APRIL 2026
754Before Incident
Cyber Attack
01 Apr 2026Ondo Finance
NXLog, OnePlan, Hypen Connect, Empower Pharmacy, Valon and Ondo Finance: Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

North Korean-Linked Phishing Campaign Targets Developers in Credential and Crypto Theft Scheme (UNK_DeadDrop)

733After Incident
CRITICAL-21
ONENXLHYPINOONDEMP1780957588
North Korean-Linked Phishing Campaign Targets Developers in Credential and Crypto Theft Scheme A newly identified phishing campaign, tracked as UNK_DeadDrop and suspected to be linked to North Korea, has targeted over 250 individuals across nearly 100 organizations primarily in the U.S. between April and May 2024. The operation, uncovered by Proofpoint threat researchers, aims to steal developer credentials and cryptocurrency wallets through deceptive job offers and code review requests. ### Attack Methodology The campaign begins with unsolicited emails spoofing legitimate companies, including Ondo Finance, Empower Pharmacy, NXLog, OnePlan, Hypen Connect, Valon, and Nourish. These messages offer fake roles such as "Full-Stack Engineer" or "Agent Lead Developer" and direct victims to malicious GitHub repositories disguised as coding assignments or cryptocurrency projects. In May, the attackers shifted tactics, sending peer-review requests for open-source projects under the guise of companies like Pulsynk and Trixauvex, or soliciting Ethereum smart contract testing via Foundry. When victims open the repositories in VS Code or Cursor, a pre-configured task executes, deploying cross-platform malware on Windows, macOS, and Linux. ### Malware Execution & Payloads - Linux & macOS: The malware uses a Go-based backdoor derived from the Overlord C2 framework, a legitimate red-team tool repurposed for malicious use. It includes modules for: - Browser credential theft (Chrome, Firefox, and Chromium-based browsers). - Cryptocurrency wallet exfiltration (MetaMask, Phantom, Exodus, Ledger Live, etc.). - Anti-forensic cleanup to remove traces. On macOS, the malware displays a fake system password prompt to escalate privileges, while on Linux, it uses Zenity for credential harvesting. - Windows: The attack runs as JavaScript within VS Code’s Electron process, targeting 35 wallet extensions, 18 standalone wallets, and browser profiles. It installs Python-based stealers to extract credentials, cookies, and encrypted browser data, then exfiltrates them to attacker-controlled servers. ### Infrastructure & Evolution Unlike previous North Korean-linked campaigns (e.g., Contagious Interview), UNK_DeadDrop relies on email-based phishing rather than social media, suggesting a scaled, industrialized approach. The attackers maintain distinct infrastructure, using GitHub repositories themed around cryptocurrency, exploits, AI payments, and Foundry testing to lure victims. ### Impact & Implications The campaign highlights North Korea’s evolving cybercrime tactics, shifting from high-touch social engineering to large-scale phishing for financial gain. The use of legitimate tools (Overlord, Foundry, GitHub) and cross-platform malware underscores the growing sophistication of state-aligned threat actors targeting developers, financial services, and tech firms.
INCIDENT DETAILS -
TYPE
Phishing, Credential Theft, Cryptocurrency Theft
MOTIVATION
Financial GainCredential TheftCryptocurrency Theft
IMPACT
Browser CredentialsCryptocurrency WalletsBrowser CookiesEncrypted Browser DataWindowsmacOSLinuxIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Browser CredentialsCryptocurrency WalletsBrowser CookiesEncrypted Browser DataSensitivity Of Data: HighData Exfiltration: Yes
MARCH 2026
754Before Incident
FEBRUARY 2026
754Before Incident
JANUARY 2026
754Before Incident
DECEMBER 2025
754Before Incident
NOVEMBER 2025
754Before Incident
OCTOBER 2025
754Before Incident
SEPTEMBER 2025
754Before Incident
AUGUST 2025
754Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Ondo Finance ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Ondo Finance's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Ondo Finance's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Ondo Finance ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Ondo Finance's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?