Greetings!
Almost $5M were stolen this week across 6 incidents. On the DeFi side, Abracadabra suffered its third exploit which cost them $1.8M. It’s particularly unfortunate as the protocol did not practice defensive coding where a single missed else statement resulted in an unwanted state.
Yet another mining pool exploitation surfaced and was discovered weeks after it happened. The centralized nature of pools, combined with their large routine transfers, often obscures signs of compromise. This time $24M vanished from SBI Crypto were only noticed a week later when stolen funds began flowing to the usual laundering targets. As a reminder, the massive $3.5B Lubian miner hack went undetected for nearly five years, raising the question of how many other CeFi breaches remain unknown.
One of the more interesting exploits this week was a vulnerable 7702 wallet where attackers were able to drain more than $300K. The contract had a an unprotected pancakeV3SwapCallback function which allowed anyone to ask for a “repayment” which is exactly what the attacker for a USDT.C token:
pancakeV3SwapCallback(366,671,873,699, -1, 0x96fb784986284cb6d4a8da6dd50dd7e85ef38f5d)The exploit was simple and the damage limited, but it’s a warning shot. A single vulnerable smart wallet could one day trigger multimillion losses across the ecosystem. Be careful which 3rd party smart wallet contracts you trust.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Let’s dive into the news!
News
Intel and AMD trusted enclaves, a foundation for network security, fall to physical attacks. The new Wiretap Fail attack requires physical access but can completely break Intel SGX, Intel TDX, and AMD SEV-SNP. Don’t panic but consider specific provider set up where physical access could be abused.
Hackers claim Discord breach exposed data of 5.5 million users. Another case of bribery involving outsourced support staff. Did we not learn from the Coinbase incident?
NIRS fire destroys government’s cloud storage system, no backups available. Web2 security can be wild and a reminder to have a backup strategy.
Kim.Fun an interesting approach to catching DPRK IT workers.
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines by Mandiant.
Crime
Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin. Zhimin Qian held a massive 61,000 BTC obtained from 128K victims.
Scattered Lapsus$ Hunters offering $10 in Bitcoin to ‘endlessly harass’ execs. Another heinous tactic by the infamous threat actor while not busy bribing outsourced support staff.
‘You’ll never need to work again’: Criminals offer reporter money to hack BBC.
Leaked Documents Expose $8 Billion Crypto Web Behind Russia’s Sanctions Evasion.
Kazakhstan Tightens Crypto Rules After Seizing $16.7M From Unlicensed Exchanges.
Thief Snaps Photo of Victim’s Seed Phrase in Apartment, Steals $1.7M in Crypto.
Thai Authorities Arrest Portuguese National Linked to $580M Cryptocurrency Fraud.
Lazarus Group: A criminal syndicate with a flag by Christine Barry (Barracuda).
Policy
Phishing
Top 5 Crypto & Web3 Hacks That Started With Phishing by Rhythm Jain (Resonance Security).
0G_labs and 0G_Foundation X accounts have been compromised. The hack was apparently perpetrated by one of the airdrop farmers.
ZachXBT Flags $400K Exploit: Hypurr NFTs Drained From Compromised HyperEVM Wallets.
Scams
HyperVault - Rugged by Rekt.
Research
Cross-Function Reentrancy: When Functions Betray Each Other by Shashank Mudgal (0x00auditor).
Proper nonce implementation thread by Sigma Prime.
MEV Spam: The Hidden Blockchain Scalability Crisis by Nefture Security.
Tracing a $3.4M Crypto Ransom: How Investigators Follow the Blockchain Trail.
How to npm and avoid getting rekt by The Red Guild Security.
Awesome Wallet Security by Valkyri Security.
RISC Zero Security Disclosure: Arbitrary code execution in guest.
LISA Technical Report: An Agentic Framework for Smart Contract Auditing.
The Dark Art of Financial Disguise in Web3: Money Laundering Schemes and Countermeasures.
BugMagnifier: TON Transaction Simulator for Revealing Smart Contract Vulnerabilities.
Smart Contract Intent Detection with Pre-trained Programming Language Model.
Tools
Wise Signer MetaMask snap to help decode calldata from Patrick Collins.
rrelayer - an opensource powerful, high-performance blockchain transaction relay service built in Rust, designed for seamless integration with any EVM-compatible network.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
The content presented below is intended for personal, non-commercial use only and is protected by copyright laws. Any unauthorized distribution, reproduction, or inclusion of this content in public or commercial products, databases, publications, and other mediums is strictly prohibited without the express written permission of the author.
Hacks
Unkn_dc8275
Date: September 29, 2025
Attack Vector: Bad Randomness
Impact: $143,000
Chain: Ethereum