BlockThreat - Week 24, 2025

Greetings!

A rare week with no major incidents which means we finally get a chance to catch up on long-queued articles, tools, and competitions. My favorites this week include a few solid supply chain security guides, a personal security guide from SEAL, and of course an awesome use of AI to waste scammers’ time. And don’t forget to brush up on the latest phishing incidents to keep those attack vectors fresh.

Before jumping into all of the excellent research papers below be sure check out the excellent work by our sponsor, Coinspect.

Coinspect’s Wallet Security Ranking is an objective, transparent, and regularly updated evaluation of leading cryptocurrency wallets. It focuses on critical security features like anti-phishing defenses, transaction clarity, and protection against blind signing, helping users choose wallets that prioritize their safety.

Link: https://www.coinspect.com/wallets/

Let’s dive into the news!

News

• Bitrue exploiter sends more ETH to Tornado Cash.
• $647M Stolen — The May 2025 Crypto Crime Report by Nefture Security.
• The 2024 Crypto Crime Report by Nefture Security.

Crime

• Russia recruited a teenage spy. His arrest led to a crypto money trail.
• 20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown.
• Thai Police Arrest Chinese Suspect in $6.1 Million Bitcoin Fraud Case.
• How a YouTuber hacked an $800K crypto scam hub in Cebu, Philippines.

Phishing

• If you suspect your computer has been hacked do the following immediately. A guide by Tay / SEAL.
• Another Elusive Comet incident report by Nick Bax. Fake journalists attempting to install malware using a Zoom call.
• Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets.
• 2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain by Socket.
• The Need for Robust Web3 Pentesting and Supply Chain Security by Chirag Agrawal.
• Social Recovery Wallets are Broken by Design by Rekt.
• Web3 Wallet Security Career Track by Cyfrin Updraft.
• What is a supply chain attack in crypto and how to prevent it?

Scams

• SIPSentinel - AI-powered scam detection and response system that automatically deploys conversational agents to waste scammers' time. You can find a sample scammer call here and a sample panel here. Rad!

Malware

• DanaBot Malware C2 server Vulnerability Exposes Threat Actor Usernames & Crypto Keys.
• LockBit’s Admin Panel Leak Exposes It’s Affiliates & Millions in Crypto.
• Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases by Cyble.
• Hundreds of Russian devices hit by Rare Werewolf crypto-mining attacks.

Media

• HoshoCon 2018 - Andreas Antonopolous keynote. A historical talk by the one and only Andreas from the first blockchain security conference with advise on risk, failure, and security that hold true seven years later!

Research

• Personal security travel guide by matta (Red Guild and SEAL)
• Custom Fuzzing for Smart Contract Security by Paul (Cantina).
• Cosmos Security: An Otter's Guide.
• Solodit Checklist Explained (9): Replay Attack by Hans (Cyfrin).
• Deep Mental Models for Solidity ABI Encoding: Part 0 and Part 1 (Free subscription required) by Zaryab Afser.
• Under the Hood of Solana Program Execution From Rust Code to SBF Bytecode by Farouk Elalem.
• 6 Questions To Ask Before Writing a Uniswap v4 Hook by Xaler & Bartosz Wodziński (OpenZeppelin).
• Combating Reentrancy Bugs on Sharded Blockchains.
• Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts.
• Exposing Hidden Backdoors in NFT Smart Contracts: A Static Security Analysis of Rug Pull Patterns.
• Ai-Driven Vulnerability Analysis in Smart Contracts: Trends, Challenges and Future Directions.
• First-Spammed, First-Served: MEV Extraction on Fast-Finality Blockchains.
• MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain.

Tools

• Foundry MCP Server by PraneshASP. Sample runs here.

Hacks

AAVE

Date: June 11, 2025
Attack Vector: Function Parameter Validation
Impact: $15,000
Chain: Ethereum

References:

https://x.com/CertikAIAgent/status/1932995535574847955

Exploit:

https://etherscan.io/tx/0xc4ef3b5e39d862ffcb8ff591fbb587f89d9d4ab56aec70cfb15831782239c0ce