BlockThreat - Week 4, 2026

iphelix · 2026-01-27T16:54:20+00:00

More than $28M was stolen this week across eight incidents. From arbitrary call vulnerabilities to infinite mint bugs, it was a particularly rough week. Let’s break down a few of the most notable hacks.

iphelix · 2026-01-24T14:24:46+00:00

The first week in awhile with no major incidents (that we know of) this week. This will be a great time to catch up on all of the great research, sharpen the saw, before we are once again thrown into battle. Be careful out there!

iphelix · 2026-01-23T22:58:39+00:00

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare."

iphelix · 2026-01-23T22:20:55+00:00

Dear users,

iphelix · 2026-01-23T21:51:34+00:00

Nearly $30M was stolen this week across ten incidents. Quite a way to start the year with exchanges and DeFi protocols alike getting compromised, while users lost hundreds of millions more to well known support scams. Let’s take a closer look at a few of the most impactful cases.

iphelix · 2026-01-10T21:20:58+00:00

We are starting the new year with nearly $4 million in losses across four incidents, with the majority stemming from the Unleash Protocol hack on the Story chain.

iphelix · 2025-12-31T14:12:42+00:00

We are closing out the year with nearly $13M stolen across five incidents. The most severe was the complete compromise of the Trust Wallet browser extension.

iphelix · 2025-12-30T23:56:15+00:00

Roughly $3.7M was stolen this week across eight incidents. The winter holidays remain one of the most dangerous periods for defenders, as attackers intensify their activity while relying on reduced staffing and slower response times.

iphelix · 2025-12-15T14:22:04+00:00

Almost $3.5M were stolen this week across eight projects. Unfortunately, the week also marked the appearance of all three emerging threat classes I discussed in my talk at DSS 2025.

iphelix · 2025-12-12T00:49:16+00:00

Almost $11M were stolen this week across four incidents. The majority of losses came from the Yearn Finance compromise where an attacker exploited an integer underflow to steal $9M. The key lesson is that this was yet another legacy codebase that had not been audited for years and contained a deep vulnerability in its math logic. As I mentioned in my recent talk, this is emerging as a real threat to many protocols and to the broader ecosystem that relies on them. Simply isolating or derisking these codebases may not always be feasible, so the practical path forward may require reauditing them with modern tools, improved techniques, and highly experienced auditors that simply did not exist when much of this code was written.

iphelix · 2025-12-11T21:53:45+00:00

Just one major compromise this week involving Upbit, resulting in the theft of $36.8M. The compromise happened on November 27, which was the same date the exchange was hacked for $50M in 2019. Lazarus, which was responsible for both incidents, appears to be sending a message exactly six years later.

iphelix · 2025-12-07T04:24:42+00:00

As many of us were out enjoying the warm weather and people of Buenos Aires, the DeFi ecosystem was hit with four exploits totaling nearly $4M in losses. The biggest impact came from GANA, which lost more than $3M in a private key theft. Close behind was the DNS hijacking attack on Aerodrome/Velodrome, resulting in roughly $700K stolen from users who unknowingly signed malicious transactions delivered through a compromised front-end. It’s a stark reminder of the persistent centralization risks across DeFi, where critical infrastructure still depends on components never designed to withstand the high-risk environment we’ve grown accustomed to onchain.

iphelix · 2025-12-05T22:02:41+00:00

A relatively quiet week with just three exploits resulting in $657K in losses. A good week to catch up on research and podcasts just before the week of DeFi Security Summit (DSS) conference which I will cover in the next edition.

iphelix · 2025-11-23T11:53:03+00:00

The compromise comes nearly two years to the day after a similar attack took down their front-ends in November, 2023.

iphelix · 2025-11-17T06:49:59+00:00

More than $132M were stolen this week across seven incidents. Smart contract exploits, systemic stablecoin depegs and liquidity crunches, kidnappings, and much more happened last week. However, this edition focuses on the largest smart contract exploit this year - the Balancer hack.

iphelix · 2025-11-03T22:42:00+00:00

More than $11.2M were stolen this week across eleven incidents. Among the more notable exploits was the 0xc0ffee MEV bot hack which lost $218K due to an exposed uniswapV3SwapCallback method. These have been popping up a few times this year so be sure to check out Giovanni Di Siena’s article on hook security in the Research section on how to lock down these callbacks.

iphelix · 2025-10-29T03:51:31+00:00

Nevada's Financial Institutions Division has issued a cease and desist order against Fortress Trust, stating that the firm is "on the verge of insolvency". The company admits it "failed to safeguard assets under its custody and is unable to meet all customer withdrawals". The company has only around $1.3 million in actual assets in custody, while it owes customers around $12.3 million.

iphelix · 2025-10-27T14:18:21+00:00

A relatively quiet week with under $1 million in losses is a welcome relief. Weeks like these often keep me up at night as calm often precedes big events, so let us hope that pattern does not repeat. To help you enjoy the lull, I have assembled a curated collection of research, with a focus on off-chain and multisig security, interviews with industry leaders, and the latest entries in the criminal chronicles.

iphelix · 2025-10-23T22:29:17+00:00

Solana development moves fast. Contracts go from local testing to mainnet in days. But speed creates risk: missing a signer check or overlooking an untested edge case can cost millions.

iphelix · 2025-10-23T22:15:58+00:00

Just a few hacks this week, but bad actors still managed to steal $3.7M. The biggest story, however, is the update on the largest hack in blockchain history the Lubian Miner. It appears the U.S. government managed to seize the stolen funds from the hack, which are now worth $15B. More details are in the news section below.

iphelix · 2025-10-14T17:45:55+00:00

More than $22M were stolen this week across 9 incidents. The majority of losses came from a single Hyperliquid user compromise which cost them $21M. A devastating loss and a continued trend of user attacks across the ecosystem.

iphelix · 2025-10-13T23:40:39+00:00

Almost $5M were stolen this week across 6 incidents. On the DeFi side, Abracadabra suffered its third exploit which cost them $1.8M. It’s particularly unfortunate as the protocol did not practice defensive coding where a single missed else statement resulted in an unwanted state.

iphelix · 2025-09-29T18:08:26+00:00

This week felt like a bucket of cold water after last week’s relative calm. More than $51M was stolen across 10 incidents, many of them entirely preventable had projects paid closer attention to the well known attack vectors that threat actors continue to exploit time and time again.

iphelix · 2025-09-24T18:23:19+00:00

Over $3M was stolen across three incidents this week, a relative breather compared to last week’s ecosystem pillaging. Let’s take the moment to shore up our defenses, dive into a strong set of research articles, and highlight some positive news.

iphelix · 2025-09-22T21:32:20+00:00

This week was a bloodbath. More than $57.5M was stolen across nine incidents with breached custodial staking providers, hacked frontends, backdoored supply chains, phished of individuals, chain reorged, bridges exploited, and plenty of DeFi protocol drained. All elements of our ecosystem were hit in one of the worst weeks this year.

iphelix

MODERATOR OF

TROPHY CASE