BlockThreat - Week 7, 2025
Libra | zkLend | Four Meme | MEV | BTC-e | Vinnik
Greetings!
More than $10M were stolen this week across 9 incidents. Most of the losses stemmed from the zkLend hack, the first large hack on the Starknet chain. May be someone should take JohnnyTime’s Cairo hacking class ;-) After the hack, attackers quickly bridged funds to EVM chains and attempted to launder them through Railgun. However, Railgun was quick to flag malicious transactions and returned the funds back to attackers. That’s a great anti-money laundering mechanism which denies bad actors the ability to abuse the platform while enabling the use of the protocol for legitimate privacy reasons.
Insufficient access control bugs accounted for most of the remainders of hacks including a $183K hack of Four Meme and someone slaughtering closed source MEV bots across EVM chains.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
However, it was the Libra memecoin incident that really captured the wild west spirit of the ecosystem. It seems that presidential rugs are all the rage these days. What made this case truly special was the shameless revelation by the team behind the rug of openly sniping coins, manipulating markets, and committing other crimes. You can find these brazen interviews in the Scams section below.
Let’s dive into the news!
News
The Company Man: Binance exec detained in Nigeria breaks his silence. Tigran Gambaryan went through hell. If you are not familiar with Tigran’s work to secure the ecosystem check out a related Wired article by Andy Greenberg. The story reveals a lot of details about corrupt Nigerian politicians demanding bribes, setting a trap to hold Tigran a hostage, and gruesome conditions that almost cost him his life.
US releases Russian cybercriminal as part of exchange for teacher Marc Fogel. The cybercriminal is Alexander Vinnik where as a founder of BTC-e helped launder $4B+ obtained through ransomware and hacking attacks. It took years of work by multiple agencies including Tigran Gambaryan to catch Vinnik.
Brit hunts for lost $768 million bitcoin treasure, seeks to buy garbage dump.
The 2025 Crypto Crime Report by TRM.
Crime
Alabama Man Pleads Guilty in Connection with Securities and Exchange Commission X Account Hack.
California Teenager Sentenced to 48 Months in Prison for Nationwide Swatting Spree.
Kidnapped crypto trader breaks ankles jumping from 30-foot balcony.
Three Arrested in Spain Over Plot to Kidnap and Extort Crypto Broker.
Binance’s Billion-Dollar Settlement Fuels Record DOJ Criminal Recoveries.
BitConnect crypto scam ringleader tracked to India while authorities seize $190M.
Phobos Ransomware Affiliates Arrested in Coordinated International Disruption.
Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence.
CFTC Secures $128 Million Judgment Against Crypto and Forex Fraudsters.
US Customs and Border Patrol expands Bitcoin mining machine seizures to MicroBT and Canaan units.
Teen on Musk’s DOGE Team Graduated from ‘The Com’ by Brian Krebs/
Supreme Court lawyer Tom Goldstein arrested again over crypto transfers - Reuters.com.
Policy
Crypto Expert Brian Quintenz of Andreessen Horowitz Selected to Lead the CFTC.
Congressman Emmer: Gensler’s suppression of the crypto industry was ‘illegal’.
Former SEC Chief Talks Dismantling of Crypto Enforcement: ‘C’est La Vie and to the Moon’.
Phishing
Central African Republic ‘CAR’ memecoin info pages plagued with phishing links.
Scammer is using fake Cloudflare captcha verification pages to trick users into executing malicious code by SlowMist.
Safeguard Scams: Amos Stealer in Sight by Zero Shadow.
X account of World Liberty Financial co-founder hacked, promotes fake Barron Trump memecoin project.
How do scammers use fake transaction simulation sites to steal crypto?.
Scams
The Libra Incident: Examining Argentine President Javier Milei’s Confusing Token Endorsement and Its Destructive Aftermath. It started as yet another Solana memocoin rug, but then the story got stranger, stranger, stranger, and just as you begged for no more it got wild.
Operation Level-Up: How the FBI Is Saving Victims from Cryptocurrency Investment Fraud.
Crypto Scam Revenue 2024: Pig Butchering Grows Nearly 40% YoY as Fraud Industry Leverages AI and Increases in Sophistication by Chainalysis.
State of Deception by Rekt. Central African Republic’s president launched a CAR memetoken which followed a familiar pattern of crashing within a few hours.
Malware
North Korea targets crypto developers via NPM supply chain attack. The campaign targets owners of Exodus and Atomic wallets.
Safeguard Scams: Amos Stealer in Sight by ZeroShadow. Discusses a malicious Safeguard bot campaign on Telegram with more than $1.8M stolen in a single month.
Media
Bountyhunt3rz Podcast - Episode 4 - blockian (ControlZ_1337 & pwnmansh1p).
Deep Dive into Ethereum 7702 Smart Accounts: security risks, footguns and testing by tincho (The Red Guild).
Contests
Your Safe wallet Guard might not be enough by flacko. A solution for the Mini CTF by Antonio Viggiano.
Research
The Right Way To Multisig by Nican0r (Recon).
Deterministic signatures are not your friends by Paul Miller. A new vulnerability in elliptic.js that can lead to key extraction.
ERC-6492 Deployment Vulnerability: Leveraging isValidSignature Bypass via Pre-compiled contract by TK (Verichains).
The call for invariant-driven development by Josselin Feist (Trail of Bits).
Unleashing Medusa: Fast and scalable smart contract fuzzing by Josselin Feist, Anish Naik (Trail of Bits).
Breaching Ethereum’s Privacy and Exploiting DEXs Using a Simple Cloud Vulnerability by Elad Ernst (0d).
From Stage 0 to Stage 1: Security Council Best Practices in Rollup Governance by Bram Hoogenkamp (OpenZeppelin).
What Are The Most Common Types of Blockchain Replay Attack? by Ciara Nightingale (Cyfrin).
AAVE V2 Security Audit Checklist by flush (SlowMist).
Why Is Everyone in Ethereum Talking About TEEs? by Jason Chaskin.
EVM Fuzzing Resources by Perimeter Security.
Roadmap to CosmWasm Security/Auditing by JCSec Security.
Choosing a DeFi Protocol: Risks, Red Flags, and Recommendations by Nipun (Zellic).
The Top Blockchain Education & Tutorials Projects On Solana by Solana Compass.
Solana Smart Contract Security Best Practices by Slowmist.
Hitchhiker's Guide to Aptos Fungible Assets by OtterSec.
The Ultimate Guide to Cross-Chain Bridges in DeFi 2025 by Johnny Time.
SC-Bench: A Large-Scale Dataset for Smart Contract Auditing.
Tools
EIP7702 Goat by The Red Guild. Intentionally flawed code with potential pitfalls in custom contracts for EIP-7702 delegate accounts.
VigilSeek - Crowdsourced Audits Timeline. The project tracks ongoing contests across Cantina, Sherlock, HackenProof, CodeHawks, and code4rena platforms.
Foundry v1.0 released. The release includes plenty of cheatcodes and a very useful —decode-internal flag to call trace deep dives.
Hummingbot is an open-source framework that helps you design and deploy automated trading strategies, or bots, that can run on many centralized or decentralized exchanges.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.