Greetings!
More than $22M were stolen this week across 9 incidents. The majority of losses came from a single Hyperliquid user compromise which cost them $21M. A devastating loss and a continued trend of user attacks across the ecosystem.
A more concerning event was an ecosystem-wide meltdown sparked by tariff panic. Binance was among the platforms affected when a relatively small $60M USDe sell-off caused its price feed to misreport values, triggering a chain reaction of forced liquidations across collateral assets such as wBETH and BNSOL. The flawed oracle relied too heavily on Binance’s own orderbook without sufficient cross-exchange validation or time weighting, turning a localized price move into a $19B cascade of liquidations. Binance later compensated users for roughly $230M in losses, acknowledging that this was an internal systemic failure rather than user error.
We usually focus on security exploits, but market-wide incidents like these can be just as destructive when circuit breakers fail, prices are misreported, and traders are unfairly liquidated. It is a strong reminder that financial safeguards are just as critical as security controls, since their failure can just as easily destroy a protocol.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Let’s dive into the news!
News
Oracle, Oracle, Oracle: How Price Feed Design Turned $60 Million Into a $19 Billion Catastrophe by YQ. A master class into how a series of depegs triggered a catastrophic oracle failure at Binance. An important reminder to never trust a single price feed especially an internal one whether you are CeFi or DeFi.
‘Bitcoin Jesus’ Roger Ver reaches tentative deal with DOJ over $48 million tax case.
Crime
North Korea’s crypto hackers have stolen over $2 billion in 2025 by Elliptic.
DPRK’s Dangerous Password and How to Avoid Their Tactics by zeroShadow.
When Hackers Get Hacked: Analyzing the Breach of LockBit by SlowMist.
Meet Scattered Spider: The Group Currently Scattering UK Retail Organizations by Adi Bleih (Cyberint). New tactics to recruit agents at high value organizations.
British Duo On Trial for Planning to Steal $23m in Crypto—From Behind Bars.
Brazil’s Federal Police Dismantle $540 Million Crypto Laundering Network in “Operation Lusocoin” by TRM.
Scam Compound Operators: Members of The Four Great Families sentenced to death in China.
Two Indicted in Tel Aviv Over $600,000 ‘Wrench Attack’ on Bitcoin Trader.
Phishing
The State of Drainers Vol. 1 by SEAL.
A victim 0x0cdC...E955 lost ~$21M worth of cryptos on #Hyperliquid due to a private key leak by Peckshield.
Malware
Media
The Network Podcast - Operational Security with Pablo Sabbatella.
Web3 Security Podcast - Safe’s $60B security stack: Formal verification, audits, and $1M bounties with Richard Meissner.
bountyhunt3rz - Episode 26 - alix40.
Chainalysis - Inside the FBI: Crypto, Crime & National Security – Ep. 171.
Research
Preventing Second Preimage Attacks in Merkle Trees: A Complete Guide by Ahmad Khan (Adevar Labs).
AI Bug Hunting: Preventing Fee Accrual in Euler by riptide.
Governance as an Attack Vector in Web3 Protocols by Paul (Cantina).
Stablecoin Security: How Design Choices Create Vulnerabilities and Economic Risk by Olesia Bilenka (Hacken).
Smart Contract Intent Detection with Pre-trained Programming Language Model.
Security Analysis of Ponzi Schemes in Ethereum Smart Contracts.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
The content presented below is intended for personal, non-commercial use only and is protected by copyright laws. Any unauthorized distribution, reproduction, or inclusion of this content in public or commercial products, databases, publications, and other mediums is strictly prohibited without the express written permission of the author.
Hacks
TokenHolder
Date: October 07, 2025
Attack Vector: Insufficient Function Access Control
Impact: $26,000
Chain: BSC