Greetings!

We are starting the new year with nearly $4 million in losses across four incidents, with the majority stemming from the Unleash Protocol hack on the Story chain.

Thanks to a detailed incident report published by the Unleash Protocol team, we now have visibility into a familiar phishing attack pattern:

• Compromise of a privileged user via Telegram.

• Distribution of a link to a look-alike Safe interface to other multisig signers.

• A specially crafted transaction that reduced the consensus threshold to just 1.

• Profit!

The critical control that could have detected this earlier beyond the initial account compromise was a multisig transaction verification. Such verification may have flagged the malicious proposal before execution. It is a painful lesson, but one the broader DeFi industry will hopefully adopt quickly.

You can find post-mortems, indicators, and other details for Unleash Protocol, PRXVT, Valinity, and other compromises in the premium section below.

Let’s dive into the news!

News

• Ledger confirms customer data leaked in third-party Global-e breach.

• Crypto exploit triage group SEAL sees uptick in tickets in 2025.

Crime

• Bitfinex Hacker Behind $11 Billion Bitcoin Heist Credits Trump for Early Prison Release.

• Crypto Thieves Move Offline to Terrorize Investors at Home by Bloomberg.

• The Grisliest Bitcoin and Crypto Wrench Attacks That Grabbed Headlines in 2025.

Policy

• US Crypto Policy Flips Pro-Growth as SEC Rulemaking Replaces Enforcement Crackdowns.

Phishing

• Hundreds of MetaMask wallets drained: What to check before you ‘update’.

• Scam Sniffer 2025: Crypto Phishing Losses Fall 83% to $84 Million - Scam Sniffer.

Scams

• A user set up a bot that has been front running shitcoin launches and making the rug-deployers lose money and unable to launch.

• A quick look into omnerausd (@ColeJacksonUS) and @Shade_L2 ICO scam by Specter.

Malware

• DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers by Tuval Admoni,Gal Hachamov (Koi).

• New GlassWorm malware wave targets Macs with trojanized crypto wallets.

Media

• Behind the Keyboard with 2025 Watson of the Year, 0xSimao by Sherlock.

• Trust X - Circuit Breakers: The Magic Pill to DeFi’s Security Problem?

Contests

• Capture The Funds - Certora Next-Gen CTF. Congratulations winners!

Research

• An AI security awesome list / learning journey by Bernhard Mueller.

• Mage: Cracking Elliptic Curve Cryptography with Cross-Axis Transformers.

• A Practical Guide to Finding Soundness Bugs in ZK Circuits..

• Returndata Bombing RAI’s Liquidation Engine - A Critical Bug Worth $0 by Trust Security. As always not without a controversy.

• Second-order effects of advances in AI auditors by Trust Security. We are already seeing them with a spike in old code exploitation.

• Let LLM analyse an Etherscan verified contract > LLM has code execution capabilities > LLM listens to the instructions part of the verified source code comments > get rekt. A dangerous exploitation strategy by pcaversaccio.

• What is a Blockchain, Actually? by Kian Paimani. A short online book containing all that I have learned and know about Web3 and blockchain in the last 7 years.

Tools

• Detect Go’s silent arithmetic bugs with go-panikint.

• Onboardme - a highly experimental tool to help you understand smart contracts faster. Repo here. Pretty cool graphics, Hackers meets blockchain.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content