BlockThreat - Week 12, 2026
Web2 threats are spilling into Web3 once again. Secondary effects are often worse than the hack itself, single points of failure, hard coded values, and other design mistakes turn one hack into many.
Almost $51M was stolen across 11 incidents. This week had the usual DNS hijacks, price oracle and reward manipulation, insufficient function access control, and other attack vectors that regularly appear on BlockThreat’s Top 10 Attack Vectors lists. However, let's focus on two more indirect attack vectors that may not be top of mind for you and yet already produced two notable incidents in just a few days.