Greetings!

Over $15M was stolen across three incidents this week, with the majority of losses stemming from the compromise of the Woo X exchange. This marks the third CeFi platform breached in the past two weeks, bringing total losses to $85.2 million. As with the previous two incidents, private keys were not exposed. Attackers instead gained control of the exchange’s infrastructure, allowing them to drain funds from nine whale accounts.

The Tornado Cash trial against Roman Storm is unraveling into a circus, built on flawed blockchain tracing and a fundamental misunderstanding of how decentralized immutable smart contracts work. Prosecutors have misrepresented asset flows, ignored the fact that Storm had no control over the protocol once it was deployed, and continue to manipulate charges in an apparent effort to secure a conviction regardless of the facts or broader consequences. Storm has also been financially deplatformed without a conviction, effectively punished before trial. Hopefully the court sees through the charade and brings this misguided prosecution to an end.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Let’s dive into the news!

News

• Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit. When you rely on 3rd parties for internal or external support for your infrastructure, don’t be surprised when they don’t have the same security bar as you do.

• FBI drops probe of Kraken founder, returns dozens of seized devices.

• Roman Storm trial rocked by tracing errors and mistrial calls.

• The Hacken 2025 Half-Year Web3 Security Report.

• Gone Fast: Laundering Timing Report - H1 2025 by Global Ledger.

Crime

• Hacker Com: Cyber Criminal Subset of The Community (Com) is a Rising Threat to Youth Online by FBI.

• US woman helping DPRK infiltration nets 8.5 years in prison.

• Gang kidnapped barber they mistook for crypto billionaire.

• Bitcoin torture suspects granted bail in Manhattan court.

• NFTs qualify for trademark protection, Ninth Circuit rules, sending Yuga Labs case back for trial.

• Russia turns to Kyrgyzstan’s booming crypto sector to evade sanctions, researchers say.

Phishing

• Zombie dApps: Abandoned Web3 Sites Revived as Wallet Drainers by Coinspect.

• The Signature Trap: Why Wallet UX Is Failing Users in Web3 by Immune Bytes.

• Stop using Google search for crypto sites unless you enjoy playing Russian roulette with your wallet! by Scam Sniffer.

• Beware of Google Forms bearing crypto gifts by Kaspersky.

• PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts by Expel.

Scams

• CASPER: Contrastive Approach for Smart Ponzi Scheme Detecter with More Negative Samples.

• An investigation into how @cryptobeastreal scammed followers by lying they were not behind the $ALT market cap crash by ZachXBT.

Malware

• Threat Intelligence: An Analysis of a Malicious Solana Open-source Trading Bot by Joker & Thinking (SlowMist).

• Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks.

Media

• Decoding 2025’s Biggest Web3 Hacks: Lessons & Trends hosted by QuillAudits.

• ETH Belgrade 2025

  • Securing Ethereum Pectra before mainnet - Zigtur | Spearbit & Cantina

  • Promises and Limitations of Passkey-Based Smart Accounts - Sergey Potekhin | Pimlico.

  • How We Built a Local Cross-Chain Simulator - Andrej Rakic | Chainlink.

  • A Law Enforcement Approach to Digital Assets - Michael Halepas | BlockAML.

  • Fuzzing Liquity — Alex The Entreprenerd | Recon.

  • Killing with Keyboards – How Your Digital Footprint Can Be Weaponized — Noah Jelich.

  • How to be secure by design and not pay millions? — Damian Rusinek | Composable Security.

  • Don't get rekt: detecting phishing threats in crypto - tincho | The Red Guild.

  • Inflation Attacks: A deep dive on ERC-4626 - Cupojoseph | Nerite.org.

  • State of Python Tooling for Solidity Development - Michal Převrátil | Ackee Blockchain Security.

  • Solidity Internals - Raoul Schaffranek | Runtime Verification,

Research

• Blockchain Forensics: A Practical Guide to Tracing Stolen Funds by SomaXBT.

• Upgradeable Smart Contracts Explained (2025): Part 1 - Proxy & UUPS Patterns in Solidity by Three Sigma.

• Upgradable Smart Contracts Series: Part 2 - Top Smart Contract Vulnerabilities & Real-World Hacks by Three Sigma.

• Upgradable Smart Contracts Series: Part 3 - Secure UUPS & Transparent Proxies in Solidity by Three Sigma.

• Benchmarking LLMs agents for vulnerability research​ by Yacine Souam (Fuzzing Labs).

• Why Maintaining Privacy on Chain Matters in Bug Bounty Hunting by Thomas EDET.

• Under-Constrained Bug in BinaryMerkleRoot Circuit (Fixed in v2.0.0) by ZK-Kit team.

• Sui Move for EVM and SVM Developers: Part 1 - Mental Models by Ahmad Khan (Nirlin) from Adevar Labs.

• Cantina × Ethereum: $2M Pectra Security Competition. A collection of reports including details of a chain-splitting critical in EIP-2537.

• Attackers using EIP-7702 smart wallets to obfuscate exploits from block explorers thread by Tikkala Security.

• DePIN Security Best Practices by Paul (Spearbit).

• How to track your progress as a security researcher by Kris Renzo.

• LLMs at home: Become a self hosting nerd by Daniel Luca.

• Google Spoofed Via DKIM Replay Attack: A Technical Breakdown update with full replication by Gerasim Hovhannisyan (EasyDMARC).

• The CryptoNeo Threat Modelling Framework (CNTMF): Securing Neobanks and Fintech in Integrated Blockchain Ecosystems.

• Large Language Models in Cybersecurity: Applications, Vulnerabilities, and Defense Techniques.

• Airdrops: Giving Money Away Is Harder Than It Seems.

• ACFIX: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts.

• Hedge Funds on a Swamp: Analyzing Patterns, Vulnerabilities, and Defense Measures in Blockchain Bridges.

• Understanding Blockchain Governance: Analyzing Decentralized Voting to Amend DeFi Smart Contracts.

• Measuring CEX-DEX Extracted Value and Searcher Profitability: The Darkest of the MEV Dark Forest.

• Static Analysis for Detecting Transaction Conflicts in Ethereum Smart Contracts.

• Non-Solidity Audit Contests by Meowing.

Tools

• Oracle Drift by Recon. Given the price of two oracles and their deviation threshold, this tool will compute the maximum theoretical values that price feed can reach before it will trigger an update.

• Wise Signer Snap by Patrick Collins. A MetaMask Snap that uses Claude AI to explain blockchain transactions in plain English, helping users understand what they're signing before they sign it.

• Recent Smart Contracts by gegul. A helpful tool to hunt for vulnerabilities in recently deployed smart contracts on EVM chains.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content