BlockThreat - Week 43, 2025

Doodi Pals | Sharwa Finance | LuckyCode | ETH Strategy | Zap

Peter Kacherginsky

27 Oct 2025 • 4 min read

Greetings!

A relatively quiet week with under $1 million in losses is a welcome relief. Weeks like these often keep me up at night as calm often precedes big events, so let us hope that pattern does not repeat. To help you enjoy the lull, I have assembled a curated collection of research, with a focus on off-chain and multisig security, interviews with industry leaders, and the latest entries in the criminal chronicles.

Paid subscribers will get the deep dives on the price oracle exploit at Sharwa Finance, the key compromise at Doodi Pals, and other incidents. I am also tracking an attacker probing older contracts across multiple chains, which has pulled a handful of five-figure wins here and there.

Let’s dive into the news!

Events

Ultimate Security Games by RareSkills. November 20, 2025. The Ultimate Security Games brings the world of smart contract auditing to the main stage turning web3 security into an esport.

News

SEAL Launches Global Real-Time Phishing Defense Network.
We Have a Centralization Issue by Rekt. On the crypto meltdown caused by AWS outage. Coinbase, Metamask, L2s, and other supposedly decentralized projects went dark due to over reliance on centralized infrastructure.
Ledger’s new native multisig rollout sparks criticism over ‘cash cow’ fee model. Interestingly the service was announced as a free and later corrected as a typo in the original post.
Trump Pardons Binance Founder. The pardon will allow CZ to return to his role as CEO of Binance, reenter US market, and lifts a number of other restrictions.
Decentralized Exchange Bunni Pulls the Plug Following $8.4M Flash Loan Exploit. Caught in the cycle of audits with too many finds and incomplete fixes it may be best to start over.
Withdraw your funds from Venus Protocol on BSC thread on a pattern of security lapses, failed bounty payouts, and other concerning behavior from the protocol that was compromised one too many times.
Unseeable prompt injections in screenshots: more vulnerabilities in Comet and other AI browsers by Brave.

Crime

Phishing

X (Twitter) Phishing Account Takeovers by Security Alliance (SEAL).
Understanding Address Poisoning on the TRON Blockchain by TRM.
Hackers siphon $3 million in XRP from US user’s wallet.
How I Almost Got Hacked By A ‘Job Interview’ by David Dodda.
How a fake AI recruiter delivers five staged malware disguised as a dream job by Shantanu.

Scams

Sell The News by Rekt. On the demise of Kadena.

Malware

Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys by Kirill Boychenko (Socket).
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace by Idan Dardikman (Koi).
Analysis of the Lumma infostealer by Genians.

Media

DC Privacy Summit 2025 - How to Fight the Lazarus Group with Mike Orcutt (Project Glitch), Casey G. (zeroShadow), Michael Mosier (Arktouros), and Samczsun (SEAL).
Reverse Engineering Solana Programs | ulexec + seecoalba by radare.
bountyhunt3rz - Episode 28 - tim.
Edge Podcast - Code Is Law: Inside The New Documentary On DeFi’s Biggest Hacks.

Research

Aave Borrow Rate Tuning: A Practical Guide by Olesia Bilenka (Hacken).
Tracing Zashi and Near Intents shielded transactions by ZachXBT.
State of the Art of Private Key Security in Blockchain Ops series by Mario Rivas (NCC Group).
Thoughts After Auditing Multiple Off-chain Components by Damian Rusinek (Composable Security).
Is the Move Language Secure? The Typus Permission-Validation Vulnerability by SlowMist.
Bonding Curve Mathematics: From Theory to Pump Fun by The Accelerated Curve.
Analysis of Input-Output Mappings in Coinjoin Transactions with Arbitrary Values.
On-Chain Decentralized Learning and Cost-Effective Inference for DeFi Attack Mitigation.
RiskTagger: An LLM-based Agent for Automatic Annotation of Web3 Crypto Money Laundering Behaviors.
DeepTx: Real-Time Transaction Risk Analysis via Multi-Modal Features and LLM Reasoning.
BlockScan: Detecting Anomalies in Blockchain Transactions.
TaintSentinel: Path-Level Randomness Vulnerability Detection for Ethereum Smart Contracts.
ParaVul: A Parallel Large Language Model and Retrieval-Augmented Framework for Smart Contract Vulnerability Detection.

Tools

Ethereum Context Copilot - a purpose trained LLM on all aspects of Ethereum code, operations, bugs, etc.
Local Safe by Patrick Collins. A completely local version of Safe UI.
Solana VS Code Extension - security-focused development tools by Ackee.
Jetstreamer - a high-throughput Solana backfilling and research toolkit designed to stream historical chain data live over the network from Project Yellowstone’s Old Faithful archive, which is a comprehensive open source archive of all Solana blocks and transactions from genesis to the current tip of the chain.