BlockThreat - Week 5, 2025
Geth | Lazarus | USDT0 | Remedy
Greetings!
This week, only a few low-TVL projects were compromised, with total losses around $10K. Quiet weeks like this are rare, so take the opportunity to enjoy a explore the latest research on Web3 exploitation and defense, CTFs, insightful interviews, and plenty of other peacetime content.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
On a less positive note, more reports of cryptocurrency-related physical attacks have surfaced—from the kidnapping of Ledger leadership to a crypto influencer’s parent being held for ransom. It’s a stark reminder to maintain strong OPSEC and keep a low profile.
Let’s dive into the news!
News
Ethereum client Geth releases ‘Schwarzschild’ update to fix vulnerability in previous version. Update your Geth nodes immediately!
Paradigm commits $1.25 million to aid Tornado Cash co-founder in continued legal battle.
Chinese OpenAI rival DeepSeek limits signups after ‘large-scale attack’. Shortly after DeepSeek’s database, prompts, chat history, and other sensitive data were found to be exposed online.
State of Web3 Security 2024: Solving the $2B Hacking Crisis with Next-Gen Innovation by Chirag Agrawal (Web3Sec News).
Crypto Losses in January 2025 by Immunefi.
Bounties
Crime
Cracked and Nulled Marketplaces Disrupted in International Cyber Operation.
How a North Korean dev tricked a Solana trading bot team and stole $1.4m.
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign.
T3 Financial Crime Unit, Spanish Authorities Freeze $26.4M in Crypto Scheme by TRM.
Russian Gang Leader Behind Ukrainian Robbery Arrested at Bali Airport – Shocking Details! Another crypto related physical attack just in one week.
Crypto ‘Godfather’ and LASD Detective Agree to Plead Guilty to Violating Civil Rights of Business Rivals and Tax Crimes by TRM. Corrupt cops making false arrests, planted drugs, intimidation tactics, Meta ads, physical attacks to steal crypto. It’s bad, really bad.
Crypto gang jailed for over 76 years after kidnapping and torture in a $124,000 extortion plot.
Crypto influencer’s father kidnapped in France. Luckily police intercepted the vehicle with the hostage in the trunk. Criminals are still at large.
China convicts BKEX staff for illegal gambling via crypto contracts.
Former Senator Who Called Bitcoin ‘A Choice for Criminals’ Gets 11 Years in Prison for Bribery.
Sam Bankman-Fried’s Parents Seek Pardon From President Trump.
Policy
Why did I quit in 2022 by Andre Cronje. Tactics of intimidation from previous SEC administration.
Former SEC Chair Gary Gensler named Professor of the Practice at the MIT Sloan School Of Management. Crypto firms already vowed not to hire anyone from MIT unless the university drops him.
Phishing
9 Scams Targeting Retail Investors To Look Out For by Zero Shadow.
Wholesome Solana Meme Coin Dev Hacked for $1.2 Million—But Says He Won't Give Up.
UFC Instagram Hack Pummels Buyers of Illegitimate Solana Meme Coin.
Scams
Poetic Justice by Rekt. The ultimate scammer toolkit turned against its masters.
GTA Meme Coins Flood Solana as ‘Grand Theft Auto 6’ Hype Builds.
Malware
North Korean APT Lazarus Targets Developers with Malicious npm Package by Socket.
Hidden crypto miner in pirated software makes cybercriminals rich at the expense of their victims by Dr. Web.
Contests
Remedy CTF writeup by theori (ChainLight).
Remedy CTF: Diamond Heist writeup by tincho (The Red Guild).
Breaking Down the Puzzles in ZK Hack V by Malte Leip (Zellic).
Curta CTF and other solutions by fiveoutofnine.
Ten more puzzles have been added to Yul Puzzles by RareSkills.
Media
Unchained - Crypto Kidnappings and Physical Attacks Are on the Rise—Here’s How to Stay Safe with Jameson Lopp.
Trust X - AI x Crypto x Security with Pablo Misirov.
JohnnyTime Podcast - Web3 Security, AI Taking Over, and Ethereum VS. Solana: Podcast with Hari (ex. Ethereum Foundation).
HackenProof - How Valerio Brussani Finds Critical Bugs: Lessons for Bug Bounty Hunters.
DevHub Live 36 - Timur from @Guvenkaya_sec talking about audits, security, and more.
Maximal Extractable Value Overview by Ciamac Moallemi (CBER Forum).
Solana Developer Bootcamp 2024 by Solana.
Research
Q4 2024: A Deep Dive into Eight Habitual Offenders' Behavior by TenArmor. A great analysis of exploitation and laundering tactics of several prolific attackers.
Decommissioning Prisma Finance - A Turbulent but Ultimately Soft-Landing by Wavey.
Defense in Depth Applied to Multisignature Schemes by Herman Junge.
Where do you run your code? part II - devcontainer security by matta (The Red Guild).
Windows BitLocker -- Screwed without a Screwdriver by Thomas (Neodyme).
DOS - DeFi Liquidity Pools: The Initialization Vulnerability by Fuzzing Labs.
THORChain's Ice Age by Rekt.
From a failing test to calling SEAL911 by Oba (Electisec).
Best practices for key derivation by Marc Ilunga (Trail of Bits).
Noop, Not my Safe by Wavey. Security practices when deploying cross-chain Safe multisig vaults.
MEV frontrunner Yoink managed to build 3 blocks in a row significantly raising a possibility of mass scale price oracle and other attacks.
From BigQuery to Lakehouse: How We Built a Petabyte-Scale Data Analytics Platform – Part 1 by TRM. An interesting looks into the backend infra.
Simulating Cross-Chain Communication for Incident Response Drills by Isaac Patka (SEAL).
Uniswap V4: Hooks Security Considerations by CertiK.
Real-CATS: A Practical Training Ground for Emerging Research on Cryptocurrency Cybercrime Detection.
Pandora's Box: Cross-Chain Arbitrages in the Realm of Blockchain Interoperability.
Experimental relativistic zero-knowledge proofs with unconditional security.
Large Language Models for Cryptocurrency Transaction Analysis: A Bitcoin Case Study.
Exploring AMMs by Infect3d.
How to start making money through auditing? by Dacian.
Auditor 15-minute rule and Enhanced Methodology by Olympix. Don’t let those findings slide.
Tools
Ape Titanoboa plugin. Integrating two powerful development and testing frameworks.
Argus by Jon Becker. A minimal, blazing fast contract storage introspection tool written in rust.
Quorum - A game-changer for DAO governance security by Certora. Repo.
Safe Hash Preview. This tool helps users verify Safe transaction hashes before signing them on hardware wallets. It calculates the domain, message, and Safe transaction hashes by retrieving transaction details from the Safe transaction service API and computing the hashes using the EIP-712 standard. It was created as a quick response to the Radiant exploit. The core script was developed by pcaversaccio, and we added a user-friendly interface to make it more accessible.
QuorumOS - a computation layer for running applications inside TEE enclave at modern cloud scale.
Secudoku by Statemind. A tool for shadow audits with AI-powered feedback.
Linkook by JackJuly. An OSINT tool for discovering linked/connected social accounts and associated emails across multiple platforms using a single username.
Moccasin Project algorithmic trading by s3bc40.
Online ABI Encoder by HashEx.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.