BlockThreat - Week 22, 2025

Cork Protocol | Malda | Dexodus | Kidnappings

Peter Kacherginsky

04 Jun 2025 • 6 min read

Greetings!

More than $12M was stolen this week across six incidents. The largest loss came from the Cork Protocol exploit, which featured a kill chain involving at least three well-known vulnerability classes including insufficient function access control and reward manipulation. The remaining incidents followed a similar pattern of more access control failures and price oracle manipulation.

What’s becoming increasingly clear is that the same attack vectors keep resurfacing. These are not novel bugs. We should know them by now! So this week, I’m stepping back to highlight the Top 10 recurring attack vectors. Understanding these trends is essential to finally break the cycle of repeating the same mistakes.

Stolen private keys continue to top the charts. Addressing these operational security failures requires more than traditional code audits. Unfortunately, a holistic approach—one that includes analysis of both on-chain and off-chain components like endpoint security, cloud infrastructure, and key management—is still far from standard practice.

More concerning, however, is the rise of a deadly triad: Reward Manipulation, Price Oracle Manipulation, and Insufficient Function Access Controls. These three attack classes show up in the majority of high-impact incidents including this week’s $12M Cork Protocol exploit.

Notably, Reward Manipulation has clawed its way back into the #3 spot after a relative decline over the past year. This vector targets flawed incentive mechanisms, allowing attackers to extract protocol rewards such as fees, yield, or emissions without providing corresponding economic value or taking on real risk.

To help catch this vulnerability class consider adopting the following audit/code review practices and study respective case studies.

Verify that reward are proportional to economic contributions or risk (see Abracadabra Incident - $13M).
Simulate accounting logic behavior in various edge cases (see Euler Hack - $197M).
Trace every reward path and ensure that it can’t be manipulated (see Pickle Finance - $19.7M).

As in previous years, there’s always one standout hack that revives an attack vector we thought was mostly behind us. In 2025, it was Cetus on Sui that forced the industry to revisit the classic integer overflow—a bug class we haven't seen dominate in quite some time.

The rest of the Top 10 attack vectors remained largely consistent with prior years, with one notable exception: the appearance of the supply chain attack. This Web2-style operational security vector highlights the growing risks in our build and deployment pipelines. So please lock down your repos, audit your CI/CD workflows, and clean up your dependencies before attackers beat you to it.

Blockchain security demands staying constantly vigilant to emerging threats while prioritizing the most critical risks to address. I hope you will use the list above to build a safer and more resilient ecosystem.