Greetings!

More than $12 million was stolen this week across four incidents, with Resupply and Silo Finance suffering multi-million dollar losses. The Resupply hack is particularly notable where $9.8 million was drained due to a recurring vulnerability in which an empty market is exploited via a rounding error to mint excessive protocol tokens. Since the 2023 Hundred Finance hack, this vulnerability class has now accounted for over $51 million in losses, as developers continue to learn the painful lesson that newly deployed markets demand extra care, especially around math precision and initial liquidity. The incident also triggered the now-familiar cascade of finger-pointing further fueling drama across the ecosystem.

The remaining compromises were just as easily preventable. An MEV bot called printMoney lost $2 million due to insufficient function access control, while Silo Finance lost over $500,000 because of poor function parameter validation. These are well-known and well-documented issues. If you haven’t already, check out the recently released DeFi Top 10 Attack Vectors where these two categories appear on the list year after year, consistently causing millions in damages.

If you’re a developer and don’t feel fully confident in preventing these types of bugs, check out this week’s sponsor - Oak Security, a trusted auditor behind some of the ecosystem’s most unique protocols and a long-time supporter of this newsletter.

Oak Security has operated in Web3 Security since 2017, providing security services throughout a project's lifecycle. audits. This includes audits, penetration testing, operational security training, and advisory services. Our signature blinded process emphasizes redundancy: Every line of code is reviewed by multiple auditors with a multi-disciplinary background in parallel.

Link: https://www.oaksecurity.io/

In other news, be sure to check out a new community-driven project Unphishable from the good folks at DeFi Hack Labs, ScamSniffer, and SlowMist. It’s a series of interactive challenges designed to teach users how to spot and avoid common Web3 phishing attacks. The project simulates real-world scams involving malicious signatures, spoofed dApps, and fake support agents, giving users a low-stakes environment to train their instincts before real money is on the line. Amazing!

And while you are at it be sure to thank this week’s sponsor Coinspect for helping uplevel wallet and user security.

Coinspect’s Wallet Security Ranking is an objective, transparent, and regularly updated evaluation of leading cryptocurrency wallets. It focuses on critical security features like anti-phishing defenses, transaction clarity, and protection against blind signing, helping users choose wallets that prioritize their safety.

Link: https://www.coinspect.com/wallets/

Let’s dive into the news!

News

• Cork hacker sends ETH to Tornado Cash, donates to Roman Storm’s fund causing even more unnecessary drama in the blockchain security industry.

• Spoils of $1.5 Billion Bybit Hack Traced to Greek Crypto Exchange.

• Ledger is discontinuing support for older Ledger Nano S devices.

• Dispute Between Immunefi and Spectra Finance Over Bug Bounty Payments.

• State of Crypto Security 2025 by Areta. High level overview of the blockchain security market including key players and holistic security programs.

Crime

• Monero-only hacker IntelBroker caught after accepting Bitcoin from FBI - dlnews.com. A story of a $250 BTC deposit that unraveled it all.

• An investigation into how the New York based social engineering scammer Daytwo/PawsOnHips (Christian Nieves) stole $4M+ from Coinbase users by impersonating customer support, bought luxury goods, and lost most of the funds gambling at casinos by ZachXBT.

• HyperLiquid: A New Route for Crypto Money Laundering? by Nefture Security.

• On-Chain Analysis of HuionePay: Unveiling the Over $55 Billion USDT in Fund Flows by Lisa (SlowMist).

• What Are Instant Crypto Exchanges, and Why Have They Become the Hotspot for Money Laundering? by BlockSec.

• Russian drug marketplace launches its token on Solana by Officer CIA.

• Bitcoin firm says police shouldn't saw open Bitcoin ATMs to seize cash for scammed customers, will seek damages for destroyed machines — firm claims seizures are criminal and victimize the company.

• Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace by Winnona DeSombre Bernsen. In case you want to learn about traditional infosec 0day supply chains and markets.

Policy

• US Attorney of the Southern District of New York filed a superseding indictment against Samourai Wallet with a number of factual errors including Samourai somehow making transfers on behalf of non-custodial wallets and while also breaking Whirlpool security.

• Ripple Stuck With $125 Million Penalty as Judge Denies XRP Settlement With SEC.

• Bitcoin ATM Giant Hit With $300K Penalty.

Phishing

• Unphishable - a series of educational challenges to help you understand and identify common Web3 phishing attacks.

• Trezor’s support platform abused in crypto theft phishing attacks.

• PhishingHook: Catching Phishing Ethereum Smart Contracts leveraging EVM Opcodes.

Scams

• Pepe meme creator’s NFT projects hit for $1 million as contract hijackers drain collections.

Malware

• Uncovering a Tor-Enabled Docker Exploit by Sunil Bharti, Shubham Singh (TrendMicro). A report on a mass campaign of exposed docker APIs for cryptomining.

• Cryptominers’ Anatomy: Shutting Down Mining Botnets by Maor Dahan (Akamai).

• SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play by Sergey Puzan (Kaspersky). Analysis of the cryptostealer campaign targeting mobile users.

Media

• bountyhunt3rz - Episode 18 - riptide.

• OpenSense - Stop Guessing. Start Proving. Formal Verification with Halmos with Shanzson (Zokyo).

• OpenSense - Starknet Cairo's Security with Talfao (Codespect).

• DPRK Civil Engineer Fake Profile Process. Actual DPRK instructional video on how to create their civil engineering profile(s). And here is a sample session with a DPRK Licensed Civil Engineer.

Research

• Bridge vulnerabilities collection by The Caliber.

• Trust, But Measure: A Friendly Intro to TEEs with Intel TDX by ZKSecurity.

• When Empty Means Valid: Exploiting MPT Proof Verification for an Alternative Truth by ChainSecurity.

• Live EigenLayer Bug Discovered During Sidecar Security Review by Andy Li (Sigma Prime).

• How Much Do Top Smart Contract Auditors Really Make? by Johnny Time.

• Common Circom Pitfalls and How to Dodge Them — Part 1 by Marco Besier (ZKSecurity).

• Maturing your smart contracts beyond private key risk by Benjamin Samuels (Trail of Bits).

• Analyzing Upgradability Patterns Across Blockchains by Shubhi Saran (Immunebytes).

• AI Agents for application security testing by Fuzzing Labs.

• CryptoGotchas - A collection of common (interesting) cryptographic mistakes and learning resources by Greg Rubin (SalusaSecondus).

• ETrace:Event-Driven Vulnerability Detection in Smart Contracts via LLM-Based Trace Analysis.

• Efficient Blockchain-based Steganography via Backcalculating Generative Adversarial Network.

• Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection.

• FORGE: An LLM-driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction.

• SCOOP: CoSt-effective COngestiOn Attacks in Payment Channel Networks.

• Decompiling Smart Contracts with a Large Language Model.

Tools

• Accretion Solana Data Reverser - A browser-based reverse engineering tool for analyzing hex data with deep Solana blockchain integration. Perfect for examining raw binary data, Solana account structures, and discovering patterns in blockchain data. Live tool here.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content