Greetings!

Just a few hacks this week, but bad actors still managed to steal $3.7M. The biggest story, however, is the update on the largest hack in blockchain history the Lubian Miner. It appears the U.S. government managed to seize the stolen funds from the hack, which are now worth $15B. More details are in the news section below.

In other news, the Code is Law documentary is going live. I had the chance to preview it recently, and it’s absolutely outstanding with an in-depth look at The DAO, Indexed Finance, KyberSwap, Mango Markets, and other landmark hacks where the “code is law” argument kept resurfacing. The film feels especially timely as the MEV bot hacking case from 2023 by two MIT brothers heads to trial, with the defendants reportedly planning to use the same defense to justify exploiting a privacy flaw in the Flashbots protocol and deceiving other MEV bots.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Let’s dive into the news!

Events

• Web3 Security Tools Seminar (W3ST) Call for Submissions due by October 24, 2025.

News

• Announcing BlockThreat Today. A project to remind you of exploits, vulnerabilities, research publications and other notable events from the past, because those who do not learn history are doomed to repeat it.

• Code is Law documentary released. A gripping documentary on the origins of DeFi security and the ongoing philosophical war between “code is law” and “law is law”.

• MIT Grad Brothers’ Trial Puts Focus on ‘Wild West’ Crypto Trades.

• Arbitrum triggered a Security Council Emergency Action to address a chain splitting vulnerability on the Arbitrum Sepolia network.

• Paxos $300 Trillion Oopsie by Rekt. A reckless minting action by Paxos who don’t appear to run onchain simulations before broadcasting transactions.

• Hackers can steal 2FA codes and private messages from Android phones. The novel Pixnapping Attack should be yet encouragement to switch to hardware tokens for authentication to the most critical resources.

• Crypto crime research group SEAL Org unveils new way to report potential phishing sites.

• Tornado Cash users can now maintain anonymity without ‘helping the hackers’ by using new 0xbow blacklist.

Crime

• $15 Billion in Bitcoin Sanctioned: U.S. and U.K. Take Largest Action Ever Targeting Cybercriminal Networks in Southeast Asia by Slowmist. What makes this seizure particularly interesting is that it relates to the Lubian Mining Farm compromise back in 2020 as a result of weak private key generation. It appears US government obtained stolen funds from the hacker back in 2024.

• Infrastructure of a scam city by Rekt. A deep dive into the operations of scam compounds related to the government action above.

• ZachXBT cracks Railgun privacy to expose Bittensor hacker.

• Operation SIMCARTEL: Europol Shuts Down GoGetSMS Cybercrime Network.

• Crypto Kidnap and Beatdown in Ukraine: Three Men Detained.

Policy

• KYC All The Things: Is Market Structure Blowing Up?

Phishing

• North Korean Hackers Target Crypto Devs Through Open-Source Software Hub.

• DPRK IT Workers in Open Source and Freelance Platforms by blackbigswan, Heiner (Ketman).

• GoPlus’s Discord was compromised.

Malware

• DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains by Blas Kojusner, Robert Wallace, Joseph Dobson (Mandiant).

• New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware by Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez (Mandiant).

• `1inch-analysis.app` — A DPRK Trojan Horse by pcaversaccio.

• TigerJack’s Extensions Continue to Rob Developers Blind Across Different Marketplaces by Tuval Admoni (Koi).

Media

• Defcon 33

  • DEF CON 33 - Blurred Lines: Evolving Tactics of North Korean Cyber Threat Actors - Seongsu Park.

  • DEF CON 33 - Making a custom Hashcat module to solve a decade-old puzzle challenge - Joseph Gabay.

  • DEF CON 33 - Where’s My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering - Thomas Roccia.

  • DEF CON 33 - The Anatomy of a Crypto Scam - Nick Percoco & Kitboga.

  • DEF CON 33 - Cryptocurrency Opening Keynote - Michael Schloh MsvB, Chad Calease & Param D Pithadia.

• ETHSofia 2025:

  • The Current Landscape of Web3 Security, Krum Pashov

  • Thriving in the Multifaceted World of Web3 Security, Bogomil Tsvetkov

  • How Traditional Security Failures Enable Billion-Dollar Crypto Heists, Simeon Nguen

  • The Next Era of Web3 Security

  • Revolutionizing Security and Transparency in Institutional DeFi, Lukasz Muzyka

• AI’s Blind Spots: Why Blockchain Security Isn’t Solved Yet. Panel discussion featuring Next Encrypt, NEAR, Quranium, & SCRT Labs hosted by Hacken.

• bountyhunt3rz - Episode 27 - Patrick Collins.

• No Text To Speech - The Discord Hacker DMed Me.

Contests

• Wintermute Alpha 2025 - Challenge Writeups by Frodan.

Research

• How We Broke Exchanges: A Deep Dive Into Authentication And Client-Side Bugs by Bruno Halltari and Caue Obici (OtterSec).

• How to preview the results of an OpenSea box by Stragos. Oops.

• A Practical Guide to Fuzzing Solana Smart Contracts with Honggfuzz by Zokyo.

• IDL Guesser: Recovering Instruction Layouts from Closed-Source Solana Programs by Sec3.

• Moving from EVM to Move Part 1 and Part 2 by VulSight.

• EIP 7702 Security Considerations by Halborn.

• Common Cryptographic Risks in Blockchain-Applications by SlowMist.

• Red Flags and Green Flags of Yield Bearing Stablecoins by Paweł Kuryłowicz (Composable Security).

• Cracking Auto-Exchanges: A Guide for Investigators and Lawyers by Intelligence Onchain.

• The AMM Security Deep Dive Part 1 and Part 2 by M3D (Zealynx).

• YieldBasis Rebalancing Risks by Pangea.

• Deep dive into Curve Finance: Core Mechanics, Security, and Integration Insights by M3D (Zealynx).

• Code is law, but the supply chain is the lawmaker by Opsek.

• Web3 OpSec Standard (W3OS) by Audit Wizard.

• Clustering Deposit and Withdrawal Activity in Tornado Cash: A Cross-Chain Analysis.

• The Impact of Sanctions on decentralised Privacy Tools: A Case Study of Tornado Cash.

• Toxic Ink on Immutable Paper: Content Moderation for Ethereum Input Data Messages (IDMs).

• Towards Secure and Explainable Smart Contract Generation with Security-Aware Group Relative Policy Optimization.

• Balancing Security and Liquidity: A Time-Weighted Snapshot Framework for DAO Governance Voting.

Tools

• A Compound Proposal Decoder.

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.

Premium Content

The content presented below is intended for personal, non-commercial use only and is protected by copyright laws. Any unauthorized distribution, reproduction, or inclusion of this content in public or commercial products, databases, publications, and other mediums is strictly prohibited without the express written permission of the author.

Hacks

Xtradespro

Date: October 13, 2025
Attack Vector: Logic Error
Impact: $130,000
Chain: BSC