BlockThreat - Week 42, 2025

Greetings!

Just a few hacks this week, but bad actors still managed to steal $3.7M. The biggest story, however, is the update on the largest hack in blockchain history the Lubian Miner. It appears the U.S. government managed to seize the stolen funds from the hack, which are now worth $15B. More details are in the news section below.

In other news, the Code is Law documentary is going live. I had the chance to preview it recently, and it’s absolutely outstanding with an in-depth look at The DAO, Indexed Finance, KyberSwap, Mango Markets, and other landmark hacks where the “code is law” argument kept resurfacing. The film feels especially timely as the MEV bot hacking case from 2023 by two MIT brothers heads to trial, with the defendants reportedly planning to use the same defense to justify exploiting a privacy flaw in the Flashbots protocol and deceiving other MEV bots.

Let’s dive into the news!

Events

• Web3 Security Tools Seminar (W3ST) Call for Submissions due by October 24, 2025.

News

• Announcing BlockThreat Today. A project to remind you of exploits, vulnerabilities, research publications and other notable events from the past, because those who do not learn history are doomed to repeat it.
• Code is Law documentary released. A gripping documentary on the origins of DeFi security and the ongoing philosophical war between “code is law” and “law is law”.
• MIT Grad Brothers’ Trial Puts Focus on ‘Wild West’ Crypto Trades.
• Arbitrum triggered a Security Council Emergency Action to address a chain splitting vulnerability on the Arbitrum Sepolia network.
• Paxos $300 Trillion Oopsie by Rekt. A reckless minting action by Paxos who don’t appear to run onchain simulations before broadcasting transactions.
• Hackers can steal 2FA codes and private messages from Android phones. The novel Pixnapping Attack should be yet encouragement to switch to hardware tokens for authentication to the most critical resources.
• Crypto crime research group SEAL Org unveils new way to report potential phishing sites.
• Tornado Cash users can now maintain anonymity without ‘helping the hackers’ by using new 0xbow blacklist.

Crime

• $15 Billion in Bitcoin Sanctioned: U.S. and U.K. Take Largest Action Ever Targeting Cybercriminal Networks in Southeast Asia by Slowmist. What makes this seizure particularly interesting is that it relates to the Lubian Mining Farm compromise back in 2020 as a result of weak private key generation. It appears US government obtained stolen funds from the hacker back in 2024.
• Infrastructure of a scam city by Rekt. A deep dive into the operations of scam compounds related to the government action above.
• ZachXBT cracks Railgun privacy to expose Bittensor hacker.
• Operation SIMCARTEL: Europol Shuts Down GoGetSMS Cybercrime Network.
• Crypto Kidnap and Beatdown in Ukraine: Three Men Detained.

Policy

• KYC All The Things: Is Market Structure Blowing Up?

Phishing

• North Korean Hackers Target Crypto Devs Through Open-Source Software Hub.
• DPRK IT Workers in Open Source and Freelance Platforms by blackbigswan, Heiner (Ketman).
• GoPlus’s Discord was compromised.

Malware

• DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains by Blas Kojusner, Robert Wallace, Joseph Dobson (Mandiant).
• New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware by Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez (Mandiant).
• `1inch-analysis.app` — A DPRK Trojan Horse by pcaversaccio.
• TigerJack’s Extensions Continue to Rob Developers Blind Across Different Marketplaces by Tuval Admoni (Koi).

Media

• Defcon 33

  • DEF CON 33 - Blurred Lines: Evolving Tactics of North Korean Cyber Threat Actors - Seongsu Park.

  • DEF CON 33 - Making a custom Hashcat module to solve a decade-old puzzle challenge - Joseph Gabay.

  • DEF CON 33 - Where’s My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering - Thomas Roccia.

  • DEF CON 33 - The Anatomy of a Crypto Scam - Nick Percoco & Kitboga.

  • DEF CON 33 - Cryptocurrency Opening Keynote - Michael Schloh MsvB, Chad Calease & Param D Pithadia.

• ETHSofia 2025:

  • The Current Landscape of Web3 Security, Krum Pashov

  • Thriving in the Multifaceted World of Web3 Security, Bogomil Tsvetkov

  • How Traditional Security Failures Enable Billion-Dollar Crypto Heists, Simeon Nguen

  • The Next Era of Web3 Security

  • Revolutionizing Security and Transparency in Institutional DeFi, Lukasz Muzyka

• AI’s Blind Spots: Why Blockchain Security Isn’t Solved Yet. Panel discussion featuring Next Encrypt, NEAR, Quranium, & SCRT Labs hosted by Hacken.

• bountyhunt3rz - Episode 27 - Patrick Collins.

• No Text To Speech - The Discord Hacker DMed Me.

Contests

• Wintermute Alpha 2025 - Challenge Writeups by Frodan.

Research

• How We Broke Exchanges: A Deep Dive Into Authentication And Client-Side Bugs by Bruno Halltari and Caue Obici (OtterSec).
• How to preview the results of an OpenSea box by Stragos. Oops.
• A Practical Guide to Fuzzing Solana Smart Contracts with Honggfuzz by Zokyo.
• IDL Guesser: Recovering Instruction Layouts from Closed-Source Solana Programs by Sec3.
• Moving from EVM to Move Part 1 and Part 2 by VulSight.
• EIP 7702 Security Considerations by Halborn.
• Common Cryptographic Risks in Blockchain-Applications by SlowMist.
• Red Flags and Green Flags of Yield Bearing Stablecoins by Paweł Kuryłowicz (Composable Security).
• Cracking Auto-Exchanges: A Guide for Investigators and Lawyers by Intelligence Onchain.
• The AMM Security Deep Dive Part 1 and Part 2 by M3D (Zealynx).
• YieldBasis Rebalancing Risks by Pangea.
• Deep dive into Curve Finance: Core Mechanics, Security, and Integration Insights by M3D (Zealynx).
• Code is law, but the supply chain is the lawmaker by Opsek.
• Web3 OpSec Standard (W3OS) by Audit Wizard.
• Clustering Deposit and Withdrawal Activity in Tornado Cash: A Cross-Chain Analysis.
• The Impact of Sanctions on decentralised Privacy Tools: A Case Study of Tornado Cash.
• Toxic Ink on Immutable Paper: Content Moderation for Ethereum Input Data Messages (IDMs).
• Towards Secure and Explainable Smart Contract Generation with Security-Aware Group Relative Policy Optimization.
• Balancing Security and Liquidity: A Time-Weighted Snapshot Framework for DAO Governance Voting.

Tools

• A Compound Proposal Decoder.

Hacks

Xtradespro

Date: October 13, 2025
Attack Vector: Logic Error
Impact: $130,000
Chain: BSC

References:

https://x.com/TenArmorAlert/status/1977917156260995288

Exploit:

https://bscscan.com/tx/0x63be1c92331c31d6e081afedd3e32eff628e4fe91a82ca307b4f42b6ce01620e
https://bscscan.com/tx/0xbb588773fdd428c4b805c79aa534837bfccf2b00f3ffd73518d6642e5679602e
https://bscscan.com/tx/0xd273e2f8bd31797c363a2ca6483aac1aa554cc2be8d6681f0447635ee173097e

Andrea’s Old Contract

Date: October 15, 2025
Attack Vector: Insufficient Function Access Control
Impact: $130,000
Chain: Ethereum

References:

https://x.com/TikkalaResearch/status/1978229984956223720
https://x.com/TikkalaResearch/status/1978271884966875400
https://x.com/TenArmorAlert/status/1978285910799142992
https://x.com/SlowMist_Team/status/1978291805801071020
https://x.com/SuplabsYi/status/1978369985098420603
https://x.com/Phalcon_xyz/status/1978319079963611192

Exploit:

https://etherscan.io/tx/0x165e4025bfbbeee68adeccb52fb8bd06ff36c68793478c2934620ad5cd6ee984
https://etherscan.io/tx/0xc5e5cde9d036a22eb3eb0a00d3a848c7dfa0c3ace43fbe626eb954a9bcd3948a
https://etherscan.io/tx/0x57463979c56a133b522ac073f81d3c6712372d8ee83a5f6c4a9e5f05916029db

Typus Finance

Date: October 15, 2025
Attack Vector: Insufficient Function Access Control
Impact: $3,440,000
Chain: Sui

References:

https://x.com/TypusFinance/status/1978465485395304778
https://x.com/TypusFinance/status/1978688164278702152
https://x.com/QuillAudits_AI/status/1978497647909711979
https://x.com/TypusFinance/status/1978688164278702152
https://medium.com/@TypusFinance/typus-finance-tlp-oracle-exploit-post-mortem-report-response-plan-ce2d0800808b
https://defimon.xyz/blog/typus-finance-hack-october-2025

Exploit:

https://suivision.xyz/txblock/6KJvWtmrZDi5MxUPkJfDNZTLf2DFGKhQA2WuVAdSRUgH