Greetings!

Almost $3M were stolen this week across 10 incidents. The largest exploit by far was that of a centralized exchange XT. The Clipper $450K hack is particularly interesting since attacker exploited a vulnerable API making it a hybrid Web2/Web3 exploit.

You can find detailed post-mortems, attacker indicators, and other information on XT, Clipper, Spectral, DeBox, GBK Staking, Pump Science, CLS, SDR, NFTG, and other incidents in the premium section.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

Let’s dive into the news!