On February 21, 2025, when copyright employees went to approve and indication a routine transfer, the UI showed what gave the impression to be a authentic transaction with the intended destination. Only after the transfer of resources into the concealed addresses established with the malicious code did copyright employees realize something was ami