BlockThreat - Week 5, 2025

Geth | Lazarus | USDT0 | Remedy

Peter Kacherginsky

02 Feb 2025 • 5 min read

Greetings!

This week, only a few low-TVL projects were compromised, with total losses around $10K. Quiet weeks like this are rare, so take the opportunity to enjoy a explore the latest research on Web3 exploitation and defense, CTFs, insightful interviews, and plenty of other peacetime content.

On a less positive note, more reports of cryptocurrency-related physical attacks have surfaced—from the kidnapping of Ledger leadership to a crypto influencer’s parent being held for ransom. It’s a stark reminder to maintain strong OPSEC and keep a low profile.

Let’s dive into the news!

Phishing

Scams

Poetic Justice by Rekt. The ultimate scammer toolkit turned against its masters.
GTA Meme Coins Flood Solana as ‘Grand Theft Auto 6’ Hype Builds.
Ross Ulbricht lost $12M on PumpFun.

Malware

Contests

Remedy CTF writeup by theori (ChainLight).
Remedy CTF: Diamond Heist writeup by tincho (The Red Guild).
Breaking Down the Puzzles in ZK Hack V by Malte Leip (Zellic).
Curta CTF and other solutions by fiveoutofnine.
Ten more puzzles have been added to Yul Puzzles by RareSkills.

Media

Unchained - Crypto Kidnappings and Physical Attacks Are on the Rise—Here’s How to Stay Safe with Jameson Lopp.
Trust X - AI x Crypto x Security with Pablo Misirov.
JohnnyTime Podcast - Web3 Security, AI Taking Over, and Ethereum VS. Solana: Podcast with Hari (ex. Ethereum Foundation).
HackenProof - How Valerio Brussani Finds Critical Bugs: Lessons for Bug Bounty Hunters.
DevHub Live 36 - Timur from @Guvenkaya_sec talking about audits, security, and more.
Maximal Extractable Value Overview by Ciamac Moallemi (CBER Forum).
Solana Developer Bootcamp 2024 by Solana.

Research

Q4 2024: A Deep Dive into Eight Habitual Offenders' Behavior by TenArmor. A great analysis of exploitation and laundering tactics of several prolific attackers.
Decommissioning Prisma Finance - A Turbulent but Ultimately Soft-Landing by Wavey.
Defense in Depth Applied to Multisignature Schemes by Herman Junge.
Where do you run your code? part II - devcontainer security by matta (The Red Guild).
Windows BitLocker -- Screwed without a Screwdriver by Thomas (Neodyme).
DOS - DeFi Liquidity Pools: The Initialization Vulnerability by Fuzzing Labs.
THORChain's Ice Age by Rekt.
From a failing test to calling SEAL911 by Oba (Electisec).
Best practices for key derivation by Marc Ilunga (Trail of Bits).
Noop, Not my Safe by Wavey. Security practices when deploying cross-chain Safe multisig vaults.
MEV frontrunner Yoink managed to build 3 blocks in a row significantly raising a possibility of mass scale price oracle and other attacks.
From BigQuery to Lakehouse: How We Built a Petabyte-Scale Data Analytics Platform – Part 1 by TRM. An interesting looks into the backend infra.
Simulating Cross-Chain Communication for Incident Response Drills by Isaac Patka (SEAL).
Uniswap V4: Hooks Security Considerations by CertiK.
Send Message to the Future? Blockchain-based Time Machines for Decentralized Reveal of Locked Information.
Real-CATS: A Practical Training Ground for Emerging Research on Cryptocurrency Cybercrime Detection.
A theoretical basis for MEV.
Blockchain Address Poisoning.
Pandora's Box: Cross-Chain Arbitrages in the Realm of Blockchain Interoperability.
Experimental relativistic zero-knowledge proofs with unconditional security.
Large Language Models for Cryptocurrency Transaction Analysis: A Bitcoin Case Study.
SoK: Measuring Blockchain Decentralization.
Exploring AMMs by Infect3d.
How to start making money through auditing? by Dacian.
Auditor 15-minute rule and Enhanced Methodology by Olympix. Don’t let those findings slide.

Tools

Ape Titanoboa plugin. Integrating two powerful development and testing frameworks.
Argus by Jon Becker. A minimal, blazing fast contract storage introspection tool written in rust.
Quorum - A game-changer for DAO governance security by Certora. Repo.
Safe Hash Preview. This tool helps users verify Safe transaction hashes before signing them on hardware wallets. It calculates the domain, message, and Safe transaction hashes by retrieving transaction details from the Safe transaction service API and computing the hashes using the EIP-712 standard. It was created as a quick response to the Radiant exploit. The core script was developed by pcaversaccio, and we added a user-friendly interface to make it more accessible.
QuorumOS - a computation layer for running applications inside TEE enclave at modern cloud scale.
Secudoku by Statemind. A tool for shadow audits with AI-powered feedback.
Linkook by JackJuly. An OSINT tool for discovering linked/connected social accounts and associated emails across multiple platforms using a single username.
Moccasin Project algorithmic trading by s3bc40.
Online ABI Encoder by HashEx.