Greetings!

More than $1.5M were stolen this week across 7 incidents. Let’s dive into some of the more notable hacks, but first a note from our sponsors Audit Wizard! With tools like AI-generated PoCs, rapid Foundry testing, code graphing, function tracing this all-in-one smart-contract security platform can really supercharge your auditing powers. Check it out!

Audit Wizard enables developers and auditors to find bugs in smart contracts. Import a project to scan for vulnerabilities, visualize functions, chat with AI about security concerns, and more.

Built by security engineers, Audit Wizard is an easy, one-click solution for finding bugs in web3 code. Sign up for free here!

Nirvana and Crema Finance hacker was sentenced to 3 years in prison after pleading guilty to stealing combined $12M from the two DeFi projects. This is the first in the series of trials reaffirming that weaknesses in smart contracts do not excuse illegal actions. Law is Law.

Most of the DeFi losses came from the Zest Protocol reward manipulation exploit which marks the first publicly recorded hack on Stacks, a Bitcoin L2 chain.

xBlast compromise is unfortunate since it was caused by bad devops: private key committed to the Github repo. While the total amount stolen was <$100K, the compromise should still be a reminder to watch what you commit and how you store deployment keys.

The premium version of the newsletter includes additional coverage and indicators for the hacks mentioned above as well as Sumer Money, SQUID Game Coin, UPS Token, and others.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!