BlockThreat - Week 27, 2025
Future Protocol | Neemo | Rant | Bitcoin | EthCC
Greetings!
Over $5.5 million was stolen this week across three protocols, using familiar attack vectors like price oracle manipulation and private key theft. But it was the controversy surrounding the massive 80,000 BTC transfer that truly stole the spotlight.
A mysterious on-chain campaign was spotted targeting dormant 2011-era Bitcoin wallets. It uses OP_RETURN transactions to send legal notices along with links to an online form that collects sensitive wallet data. One of the recipients moved 80,000 BTC ($8.6B) which triggered a wave of speculative frenzy. Theories emerged, ranging from a hack or ECDSA nonce reuse exploit to a coordinated legal seizure. A questionable legal entity calling itself Salomon Brothers shared a statement that their client “seeks to mitigate global security issues presented by the abandoned wallets.” Despite all the noise, there is still no concrete evidence of what would have been the largest hack in Bitcoin’s history.
Oak Security has operated in Web3 Security since 2017, providing security services throughout a project's lifecycle. This includes audits, penetration testing, operational security training, and advisory services. Our signature blinded process emphasises redundancy: Every line of code is reviewed by multiple auditors with a multi-disciplinary background in parallel.
Link: https://www.oaksecurity.io/
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Let’s dive into the news!
News
CVE-2025-32462 , CVE-2025-32463 Sudo chroot, host Option Elevation of Privilege Vulnerabilities by Rich Mirch (Stratascale). A 12 year old vulnerabilities found in the most audited security utility. Leaving this here in case you feel like all of the bugs have already been found ;-)
AT&T now lets you lock down your account to prevent SIM swapping attacks.
How a Hacker Spent Only $2.7K to Steal $140 Million From Brazilian Banks.
OpenZeppelin is sunsetting Defender security dashboard.
2025 Q2 MistTrack Stolen Funds Analysis by Lisa (SlowMist).
2025 Mid-year Blockchain Security and AML Report by SlowMist.
Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025 by CertiK.
Crime
$2,800 bribe led to $148m hack of Brazilian finance firms; $40m laundered via crypto.
Bitcoin dev Jon Atack got arrested in El Salvador this weekend.
Crypto investment fraud ring dismantled in Spain after defrauding 5000 victims worldwide by Europol.
Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft.
Four North Koreans Charged in Nearly $1 Million Cryptocurrency Theft Scheme.
He Thought an Employee Stole Crypto. The FBI Says It Was a North Korean Scammer.
Online hacks to offline heists: crypto leaders on edge amid increasing attacks.
Phishing
A Popular Solana Tool on GitHub Conceals a Crypto-Stealing Trap by Thinking (SlowMist).
Comprehensive On-Chain Phishing Analysis and User Anti-Fraud Guide by SafePal and GoPlus.
The Synthetix main X(Twitter) account has been hacked.
Inside a malicious job interview repo by pcaversaccio.
Scammer Posed as Trump-Vance Official to Steal $250K in Crypto.
AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers.
Scams
The Eco-Friendly Rug Pull by Rekt.
Malware
macOS NimDoor - DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware by Phil Stokes & Raffaele Sabato (Sentinel One).
FoxyWallet: 40+ Malicious Firefox Extensions Exposed by Yuval Ronen (Koi Security).
Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open by Yaara Shriki, Gili Tikochinski (Wiz).
Media
Crypto In America - Roman Storm Breaks Silence on Tornado Cash & DOJ Court Case.
EthCC[8] 2025 - Security and related talks:
Tincho (The Red Guild), Matta (The Red Guild) - Practical phishing detection with The Phishing Dojo.
Maxim Andreev - Reconstructing Control Flow Graphs from EVM Bytecode: Faster, Better, Stronger.
Jack Sanford (Sherlock) - Zero to Smart Contract Auditor in 1 Month.
nisedo (Trail of Bits) - How to Become a Smart Contract Auditor.
Robin Guerchon(Ministry of interior - Cyberspace)-Cryptoassets security: protecting people and funds.
Matthias Egli (Chainsecurity), Julien Bouteloup (Rekt)-Top Hacks since ETHCC 2024.
noid (Kraken)-Troll, but Verify: Security Lessons from North Korean Job Candidates.
Karolina GORNA (Ledger) - Hunting Blockchain Clients' Bugs with Concolic Execution.
Bartek Kiepuszewski (L2BEAT) - State of L2s after recategorization.
Michael Zaikin (StarkWare)-On the security challenges of L2 and L3 AppChains.
Ellie (Espresso Systems) - Are sequencer confirmations good enough?
Ábel Nagy (Budapest, Eötvös Loránd University) - Forking RANDAO Manipulations.
Ray Orlev (Certora) - Restaking Protocols: Exposing the Achilles' Heels.
Noah Jelich - Killing with Keyboards – How Your Digital Footprint Can Be Weaponized.
Charles Guillemet (ledger) From Chaos to confidence: Simulate and clear sign your transactions.
Ryan McPeck (MetaMask) - Next-Gen Permissions: How MetaMask is Empowering Users.
Mooly Sagiv (Certora) Securing AI-Assisted DeFi Development with Formal Verification.
Pamina Georgiou (Certora) - Securing your protocol with the Certora Prover.
Uri Kirstein (certora) - Best of both fuzzing and formal verification.
Kostas Ferles (Veridise) - ZKVM Determinism That Lasts: From Audits to Continuous Verification.
Agustincito (SCI) - SCI: Enhancing Web3 Security Through Smart Contract Verification.
Benjamin Samuels (Trail of Bits)-The $1.5B Problem: How Exchanges Can Build Safer Cold Storage.
btchip, Julien Ready, Seb - Self-custody: for hippies VS for heroes.
EMRAH SARIBOZ (Coinbase), Tom Ryan (Coinbase)-You Deployed Your Project, Now What?
Jonathan Levin - Shut the windows and lock the front door, preventing fund losses in 2025.
Remi Gai (Inco) - Confidential ERC20 Framework: A New Primitive for Onchain Confidentiality Propose.
btchip (ZKNox), Christina Frankopan (Lazard), Anya Nova (GK8 ) - Personal opsec: Bling vs bland.
Ouriel ohayon (Zengo) - Physical and Digital protection for crypto entrepreneurs.
Offbeat (@offbeatblog_eth) on X.
🚨 PSA - The F*ck Kim Jong family test is compromised 🚨 The entire family is onto us. Stay safu!
Research
Pwning Solana for Fun and Profit - Exploiting a Subtle Rust Bug for Validator RCE and Money-Printing by Anatomist.
Rekt - After the Post-Mortem. The story with the Cork Protocol hack continues.
Access Control Flaw in Hyperlane's Rate-Limited ISM and Hook by Sujith Somraaj.
Supply Chain Attacks in The Solana Ecosystem by Catalin Neagu (Adevar Labs).
Bug Hunt: Zero-Knowledge, Full-Paranoia, and the AI That Stares Back by ZKSecurity.
Using Claude To Evolve Specialist AI Smart Contract Auditors by Dacian.
Inside the Nobitex Breach: What the Leaked Source Code Reveals About Iran’s Crypto Infrastructure by TRM.
Magic Animal Carousel: Full Exploit and Vulnerabilities by Cyphertux.
The Need for Robust Web3 Pentesting and Supply Chain Security by Chirag Agrawal (Guardrail).
Rational Censorship Attack: Breaking Blockchain with a Blackboard.
Tools
LISA - An LLM-powered Intelligent Security Analyzer.
Quimera - feedback-driven exploit generation for Ethereum smart contracts using LLMs.
AI Auditor Primers by Dacian. This repository contains open-source Primer documents to be ingested by AI prior to conducting smart contract audits.
Audit Contests Rewards Calculator by valuevalk.
deployment_validation - Simplified Deployment Validation of EVM-Based Smart Contracts by ChainSecurity.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.