Greetings!
A relatively quiet week with under $1 million in losses is a welcome relief. Weeks like these often keep me up at night as calm often precedes big events, so let us hope that pattern does not repeat. To help you enjoy the lull, I have assembled a curated collection of research, with a focus on off-chain and multisig security, interviews with industry leaders, and the latest entries in the criminal chronicles.
Paid subscribers will get the deep dives on the price oracle exploit at Sharwa Finance, the key compromise at Doodi Pals, and other incidents. I am also tracking an attacker probing older contracts across multiple chains, which has pulled a handful of five-figure wins here and there.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Let’s dive into the news!
Events
Ultimate Security Games by RareSkills. November 20, 2025. The Ultimate Security Games brings the world of smart contract auditing to the main stage turning web3 security into an esport.
News
We Have a Centralization Issue by Rekt. On the crypto meltdown caused by AWS outage. Coinbase, Metamask, L2s, and other supposedly decentralized projects went dark due to over reliance on centralized infrastructure.
Ledger’s new native multisig rollout sparks criticism over ‘cash cow’ fee model. Interestingly the service was announced as a free and later corrected as a typo in the original post.
Trump Pardons Binance Founder. The pardon will allow CZ to return to his role as CEO of Binance, reenter US market, and lifts a number of other restrictions.
Decentralized Exchange Bunni Pulls the Plug Following $8.4M Flash Loan Exploit. Caught in the cycle of audits with too many finds and incomplete fixes it may be best to start over.
Withdraw your funds from Venus Protocol on BSC thread on a pattern of security lapses, failed bounty payouts, and other concerning behavior from the protocol that was compromised one too many times.
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers by Brave.
Crime
Lazarus Group (APT38) Explained: Timeline, TTPs, and Major Attacks by Picus Labs.
Inside Ethereum’s Shadow Economy: New Research Unmasks the $135M Drainer-as-a-Service Industry by BlockSec.
Europol Takes Down Cybercrime Network in Latvia, Seizes $330,000 in Crypto.
FCA sues Justin Sun-linked HTX in London High Court over alleged illegal crypto promotions.
Crypto has become Kim Jong-Un’s lifeline — and Russia’s secret weapon.
Phishing
X (Twitter) Phishing Account Takeovers by Security Alliance (SEAL).
Understanding Address Poisoning on the TRON Blockchain by TRM.
How I Almost Got Hacked By A ‘Job Interview’ by David Dodda.
How a fake AI recruiter delivers five staged malware disguised as a dream job by Shantanu.
Scams
Sell The News by Rekt. On the demise of Kadena.
Malware
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys by Kirill Boychenko (Socket).
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace by Idan Dardikman (Koi).
Analysis of the Lumma infostealer by Genians.
Media
DC Privacy Summit 2025 - How to Fight the Lazarus Group with Mike Orcutt (Project Glitch), Casey G. (zeroShadow), Michael Mosier (Arktouros), and Samczsun (SEAL).
Reverse Engineering Solana Programs | ulexec + seecoalba by radare.
bountyhunt3rz - Episode 28 - tim.
Edge Podcast - Code Is Law: Inside The New Documentary On DeFi’s Biggest Hacks.
Research
Aave Borrow Rate Tuning: A Practical Guide by Olesia Bilenka (Hacken).
Tracing Zashi and Near Intents shielded transactions by ZachXBT.
State of the Art of Private Key Security in Blockchain Ops series by Mario Rivas (NCC Group).
Thoughts After Auditing Multiple Off-chain Components by Damian Rusinek (Composable Security).
Is the Move Language Secure? The Typus Permission-Validation Vulnerability by SlowMist.
Bonding Curve Mathematics: From Theory to Pump Fun by The Accelerated Curve.
Analysis of Input-Output Mappings in Coinjoin Transactions with Arbitrary Values.
On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation.
RiskTagger: An LLM-based Agent for Automatic Annotation of Web3 Crypto Money Laundering Behaviors.
DeepTx: Real-Time Transaction Risk Analysis via Multi-Modal Features and LLM Reasoning.
TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts.
Tools
Ethereum Context Copilot - a purpose trained LLM on all aspects of Ethereum code, operations, bugs, etc.
Local Safe by Patrick Collins. A completely local version of Safe UI.
Solana VS Code Extension - security-focused development tools by Ackee.
Jetstreamer - a high-throughput Solana backfilling and research toolkit designed to stream historical chain data live over the network from Project Yellowstone’s Old Faithful archive, which is a comprehensive open source archive of all Solana blocks and transactions from genesis to the current tip of the chain.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Premium Content
The content presented below is intended for personal, non-commercial use only and is protected by copyright laws. Any unauthorized distribution, reproduction, or inclusion of this content in public or commercial products, databases, publications, and other mediums is strictly prohibited without the express written permission of the author.
Hacks
Sharwa Finance
Date: October 20, 2025
Attack Vector: Price Oracle Manipulation
Impact: $147,000 (Recovered $40,000)
Chain: Arbitrum