BlockThreat - Week 46, 2025
Impermax | DRLVault | RWB | DPRK | NPM
Greetings!
A relatively quiet week with just three exploits resulting in $657K in losses. A good week to catch up on research and podcasts just before the week of DeFi Security Summit (DSS) conference which I will cover in the next edition.
Let’s dive into the news!
News
‘Fat-Finger’ Fail? Cardano Whale Torches $6M After Hitting Illiquid USDA Pool.
X Login Outage: Security Key Switch to X.com Locks Out Users as Twitter.com Finally Dies.
Blockchain Freezing Exposed by Bybit. A nice survey of chains with freezing and blacklisting capabilities.
Disrupting the first reported AI-orchestrated cyber espionage campaign by Anthropic.
Crime
Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds by Joel Khalili (Wired).
China Accuses U.S. of Stealing 127,426 Bitcoin Worth $13 Billion.
U.S. DOJ Pursues North Korea’s Illicit Money Machine, Seizes More Crypto.
Dubai Court Freezes $456M Linked to Justin Sun’s Bailout of TrueUSD Issuer Techteryx.
Thai-FBI Operation Recovers $432,000 in Crypto From Alleged European Hacker.
Australia Warns Criminals Are Abusing National Cybercrime Platform to Drain Crypto Wallets.
Scammers posed as Australian police to steal crypto, authorities warn.
“Bitcoin Queen” gets 11 years in prison for $7.3 billion Bitcoin scam.
Phishing
DPRK “Contagious Interview” BestCity Campaign Targets Crypto Developers via Fake Recruitment Test by zeroShadow.
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery by NVISO Labs.
Bad opsec: Collection of links on bad opsec by jermanuts. Many stories of onchain and offchain investigations leading to real identities.
I Checked the Worst OpSec Practices So You Don’t Have To by OfficerCia. More bad opsec stories and consequences.
Malware
“IndonesianFoods” spam campaign publishes more than 86,000 malicious NPM packages by Paul McCarty (SourceCodeRed).
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain.
Scams
Media
Software Engineers to Plumbers: FULL COURSE by Patric Collins (Cyfrin). Epic episode and mix!
Immunefi Show Ep. 2: What It Takes to Secure a Trillion Dollars on Ethereum with Mehdi Zerouali and Zach Obront.
Rekt - Don’t Get Rekt - ep03 with Nethermind Security.
Web3 Vulnerability Research with Glider | Query Mistakes to Avoid by Jason aka thank_you (Remedy).
Understanding The Risky Business of DeFi’s Risk Curators by Ruca and Giel.
Trust X Online - Fuzzing for security research for beginners by Alex the Entreprenerd (Recon).
Research
How to Find Scammers Using OSInt! by Intelligence on Chain.
Blockchain Interoperability Part-1 : Interoperability Problem And Bridges by themj0ln1r.
Web3 Security Open Class: An Introductory Basic Course by OpenBuild for Chinese speakers.
How Multi-Agent AI Is Catching the 80% of Hacks That Audits Miss by Chirag Agrawal (Web3Sec).
Leveraging VSCode internals to escape containers by matta (The Red Guild).
Threat Intelligence: Analysis of the NOFX AI Automated Trading Vulnerability by SlowMist.
Uniswap v4 Hooks Security Deep Dive: Vunerabilities and Analysis by Giovanni Di Siena (Cyfrin).
Most common mistakes when configuring password managers by Pablo Sabbatella (Opsek).
Inside LockBit: Technical, Behavioral, and Financial Anatomy of a Ransomware Empire.
Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities.
Tools
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.