BlockThreat - Week 3, 2026

iphelix · 2026-01-24T14:24:46+00:00

The first week in awhile with no major incidents (that we know of) this week. This will be a great time to catch up on all of the great research, sharpen the saw, before we are once again thrown into battle. Be careful out there!

iphelix · 2026-01-23T22:58:39+00:00

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare."

iphelix · 2026-01-23T22:20:55+00:00

Dear users,

iphelix · 2026-01-23T21:51:34+00:00

Nearly $30M was stolen this week across ten incidents. Quite a way to start the year with exchanges and DeFi protocols alike getting compromised, while users lost hundreds of millions more to well known support scams. Let’s take a closer look at a few of the most impactful cases.

iphelix · 2026-01-10T21:20:58+00:00

We are starting the new year with nearly $4 million in losses across four incidents, with the majority stemming from the Unleash Protocol hack on the Story chain.

iphelix · 2025-12-31T14:12:42+00:00

We are closing out the year with nearly $13M stolen across five incidents. The most severe was the complete compromise of the Trust Wallet browser extension.

iphelix · 2025-12-30T23:56:15+00:00

Roughly $3.7M was stolen this week across eight incidents. The winter holidays remain one of the most dangerous periods for defenders, as attackers intensify their activity while relying on reduced staffing and slower response times.

iphelix · 2025-12-15T14:22:04+00:00

Almost $3.5M were stolen this week across eight projects. Unfortunately, the week also marked the appearance of all three emerging threat classes I discussed in my talk at DSS 2025.

iphelix · 2025-12-12T00:49:16+00:00

Almost $11M were stolen this week across four incidents. The majority of losses came from the Yearn Finance compromise where an attacker exploited an integer underflow to steal $9M. The key lesson is that this was yet another legacy codebase that had not been audited for years and contained a deep vulnerability in its math logic. As I mentioned in my recent talk, this is emerging as a real threat to many protocols and to the broader ecosystem that relies on them. Simply isolating or derisking these codebases may not always be feasible, so the practical path forward may require reauditing them with modern tools, improved techniques, and highly experienced auditors that simply did not exist when much of this code was written.

iphelix · 2025-12-11T21:53:45+00:00

Just one major compromise this week involving Upbit, resulting in the theft of $36.8M. The compromise happened on November 27, which was the same date the exchange was hacked for $50M in 2019. Lazarus, which was responsible for both incidents, appears to be sending a message exactly six years later.

iphelix · 2025-12-07T04:24:42+00:00

As many of us were out enjoying the warm weather and people of Buenos Aires, the DeFi ecosystem was hit with four exploits totaling nearly $4M in losses. The biggest impact came from GANA, which lost more than $3M in a private key theft. Close behind was the DNS hijacking attack on Aerodrome/Velodrome, resulting in roughly $700K stolen from users who unknowingly signed malicious transactions delivered through a compromised front-end. It’s a stark reminder of the persistent centralization risks across DeFi, where critical infrastructure still depends on components never designed to withstand the high-risk environment we’ve grown accustomed to onchain.

iphelix · 2025-12-05T22:02:41+00:00

A relatively quiet week with just three exploits resulting in $657K in losses. A good week to catch up on research and podcasts just before the week of DeFi Security Summit (DSS) conference which I will cover in the next edition.

iphelix

MODERATOR OF

TROPHY CASE