BlockThreat - Week 41, 2025
Hyperliquid | Wolf | Astera | Squid | VeloraDEX | Binance
Greetings!
More than $22M were stolen this week across 9 incidents. The majority of losses came from a single Hyperliquid user compromise which cost them $21M. A devastating loss and a continued trend of user attacks across the ecosystem.
A more concerning event was an ecosystem-wide meltdown sparked by tariff panic. Binance was among the platforms affected when a relatively small $60M USDe sell-off caused its price feed to misreport values, triggering a chain reaction of forced liquidations across collateral assets such as wBETH and BNSOL. The flawed oracle relied too heavily on Binance’s own orderbook without sufficient cross-exchange validation or time weighting, turning a localized price move into a $19B cascade of liquidations. Binance later compensated users for roughly $230M in losses, acknowledging that this was an internal systemic failure rather than user error.
We usually focus on security exploits, but market-wide incidents like these can be just as destructive when circuit breakers fail, prices are misreported, and traders are unfairly liquidated. It is a strong reminder that financial safeguards are just as critical as security controls, since their failure can just as easily destroy a protocol.
Let’s dive into the news!
News
- Oracle, Oracle, Oracle: How Price Feed Design Turned $60 Million Into a $19 Billion Catastrophe by YQ. A master class into how a series of depegs triggered a catastrophic oracle failure at Binance. An important reminder to never trust a single price feed especially an internal one whether you are CeFi or DeFi.
- ‘Bitcoin Jesus’ Roger Ver reaches tentative deal with DOJ over $48 million tax case.
Crime
- North Korea’s crypto hackers have stolen over $2 billion in 2025 by Elliptic.
- DPRK’s Dangerous Password and How to Avoid Their Tactics by zeroShadow.
- When Hackers Get Hacked: Analyzing the Breach of LockBit by SlowMist.
- Meet Scattered Spider: The Group Currently Scattering UK Retail Organizations by Adi Bleih (Cyberint). New tactics to recruit agents at high value organizations.
- British Duo On Trial for Planning to Steal $23m in Crypto—From Behind Bars.
- Brazil’s Federal Police Dismantle $540 Million Crypto Laundering Network in “Operation Lusocoin” by TRM.
- Scam Compound Operators: Members of The Four Great Families sentenced to death in China.
- Two Indicted in Tel Aviv Over $600,000 ‘Wrench Attack’ on Bitcoin Trader.
Phishing
- The State of Drainers Vol. 1 by SEAL.
- A victim 0x0cdC...E955 lost ~$21M worth of cryptos on #Hyperliquid due to a private key leak by Peckshield.
Malware
Media
- The Network Podcast - Operational Security with Pablo Sabbatella.
- Web3 Security Podcast - Safe’s $60B security stack: Formal verification, audits, and $1M bounties with Richard Meissner.
- bountyhunt3rz - Episode 26 - alix40.
- Chainalysis - Inside the FBI: Crypto, Crime & National Security – Ep. 171.
Research
- Preventing Second Preimage Attacks in Merkle Trees: A Complete Guide by Ahmad Khan (Adevar Labs).
- AI Bug Hunting: Preventing Fee Accrual in Euler by riptide.
- Governance as an Attack Vector in Web3 Protocols by Paul (Cantina).
- Stablecoin Security: How Design Choices Create Vulnerabilities and Economic Risk by Olesia Bilenka (Hacken).
- Smart Contract Intent Detection with Pre-trained Programming Language Model.
- Security Analysis of Ponzi Schemes in Ethereum Smart Contracts.
Hacks
TokenHolder
Date: October 07, 2025
Attack Vector: Insufficient Function Access Control
Impact: $26,000
Chain: BSC
Squid Router
Date: October 07, 2025
Attack Vector: Function Parameter Injection
Impact: $94,000
Chain: BSC, Ethereum, Arbitrum, Optimism, Base
References:
https://x.com/TikkalaResearch/status/1975586031975211116
VeloraDEX (ParaSwap)
Date: October 07, 2025
Attack Vector: Arbitrary External Calls
Impact: $20,000
Chain: Ethereum
References:
https://x.com/TikkalaResearch/status/1975313727009530370
https://x.com/VeloraDEX/status/1770313086072742263
https://paraswap.notion.site/Exploit-cases-ede9067c72dc4326896151ffe29394ad
Peapods
Date: October 09, 2025
Attack Vector:
Impact: Assets Stolen
References:
https://x.com/hklst4r/status/1976339933091484142
Astera
Date: October 09, 2025
Attack Vector: Price Oracle Manipulation
Impact: $573,000
Chain: Linea
References:
https://x.com/asterafinance/status/1976214111332749531
https://x.com/hklst4r/status/1976296543872233508
https://x.com/Phalcon_xyz/status/1977031656663081148
Binance Exchange
Date: October 10, 2025
Attack Vector: Incorrect Price Oracle
Impact: Assets Stolen
References:
https://x.com/diogenes/status/1976947177520808270
https://x.com/yq_acc/status/1977433963728867630
https://x.com/yq_acc/status/1977838432169938955
https://x.com/yq_acc/status/1977057301673787716
https://x.com/yq_acc/status/1977275614873768355
https://www.binance.com/en/support/announcement/detail/d9cb0d52d7c142a5be4f49732bd8760c
https://www.binance.com/en/support/announcement/detail/0989d6c7f32545bfb019e3249eaabc3f
https://www.binance.com/en/support/announcement/detail/d6deec042d784b6ba5d8710a8c69d79d
Hyperliquid User
Date: October 10, 2025
Attack Vector: Key/Signer Compromise
Impact: $21,000,000
Chain: Hyperliquid
References:
https://x.com/PeckShieldAlert/status/1976577386469839269
Shuffle
Date: October 10, 2025
Attack Vector: Supply Chain
Impact: PII Stolen
References:
https://x.com/noahdummett/status/1976558783229985080
Wolf
Date: October 10, 2025
Attack Vector: Malicious Insider
Impact: $600,000
Chain: Ethereum
References: