Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 3, 2025
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 3, 2025

Sony | UniLend | The Idols NFT | PIKA | BIGO | GraFun

Jan 22, 2025
∙ Paid
5

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 3, 2025
Copy link
Facebook
Email
Notes
More
Share

Greetings!

This week saw a handful of hacks totaling just under $700K in losses. A notable trend is emerging in on-chain exploitation: the BSC chain has essentially become a hunting ground for bad actors targeting small TVL projects. These attackers even send messages congratulating one another for being the first to discover and exploit vulnerabilities.

Despite this trend, the majority of losses still originate from the Ethereum mainnet, which continues to attract serial exploiters. For example, the $200K UniLend hack not only caused significant damage but also inspired several copycat attacks.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

In other news, Sony experienced a hard lesson in decentralization. Their attempt to censor tokens and transactions on their sequencer backfired when it became evident that transactions could still be submitted directly through L1.

Oh and be sure to check out a great new podcast for bug hunters in the Media section below. Let’s dive into the news!

News

  • Sony's Soneium blockchain faces backlash over alleged blacklisting of memecoins on launch day. Interestingly, folks were still able to include transactions into the L2 thanks to OP Stack’s censorship resistance feature.

  • US, Japan and S. Korea urge crypto industry to take action against North Korean hackers.

Crime

  • Illicit Volumes Portend Record Year as On-Chain Crime Becomes Increasingly Diverse and Professionalized by Chainalysis.

  • Chat Log Investigation: Actor Wang Xing’s Kidnapping Incident by SlowMist.

  • Crypto Investment Firm Founder Pleads Guilty to Defrauding Thousands of Investors of Over $9M in Ponzi Scheme by TRM.

  • Marko Polo Traffer Team Blockchain Analysis by Zero Shadow.

  • $1.1M Penalty Slammed on Mosaic Exchange in Crypto Fraud Scandal.

  • FBI Foils 'Goons' Who Plotted to Kidnap Jeweler and Steal $2 Million in Crypto.

  • ‘A thief and a crooked cop’: L.A. deputy committed crimes for crypto mogul, feds say.

Policy

  • Helium founder says company will defend itself 'vigorously' against SEC lawsuit. The last SEC lawsuit of the outgoing administration.

  • SEC Imposes $38 Million Penalty on Digital Currency Group for Negligence.

  • South Korea’s Upbit exchange hit with business suspension penalty.

Phishing

  • Crypto industry alarmed as 7 million OpenSea email users’ leak resurfaces.

  • Reports of malware in Google sponsored links when searchign for Homebrew packages.

Malware

  • Telegram malware scams spike 2,000% as crypto investors face new threat.

Research

  • Scam Detection for Ethereum Smart Contracts: Leveraging Graph Representation Learning for Secure Blockchain.

  • Logic Meets Magic: LLMs Cracking Smart Contract Vulnerabilities.

  • SoK: Design, Vulnerabilities, and Security Measures of Cryptocurrency Wallets.

  • Smart Contract Fuzzing Towards Profitable Vulnerabilities.

  • Cybersecurity Best Practices for Hedge Funds Dealing with Crypto Assets.

  • How To Define Invariants by Nican0r (Recon).

  • Sampled Public Audit Reports by OtterSec. Unlike other repos this one has coverage for Cosmos, Solana, and other chains.

  • How to: Get to Know iPhone Privacy and Security Settings by EFF.

  • The Fuzzing Book by Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, and Christian Holler. This book addresses this problem by automating software testing, specifically by generating tests automatically

Media

  • Bountyhunt3rz Podcast - Episode 2 - 100proof. riptide & 100proof discuss bounty negotiation tactics, human behavior, incentives, acting in good faith, and why bounty hunters must be paid. 100proof treats listeners to a detailed walkthrough of a juicy bug he found in Morpho.

  • Bountyhunt3rz Podcast - Episode 1 - deadrosesxyz. riptide & deadrosesxyz discuss hunting for bugs on the blockchain including techniques, secrets and tools of the trade, integrating LLMs into your workflow, getting paid, traits of a bounty hunter, and how bulgarian teenagers are taking over the space

Tools

  • Weird ERC721 Tokens by abarbatei.

  • BlockSec Anti-MEV RPC | BlockSec Documents.

  • RugCheck - Solana token checker.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More