Featured Post
Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield
Looking ahead, targeted freezing events like this $6.76M USDT action will only become more common. On-chain data analysis is improving. Stablecoin issuers are also working closely with regulators. As a result, hidden illicit financial networks will be exposed.
Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield
Looking ahead, targeted freezing events like this $6.76M USDT action will only become more common. On-chain data analysis is improving. Stablecoin issuers are also working closely with regulators. As a result, hidden illicit financial networks will be exposed.
Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026
During the week of March 2 to March 8, 2026, seven blockchain security incidents were reported with total losses of ~$3.25M. The incidents occurred across Base, BNB Chain, and Ethereum, exposing critical vulnerabilities in smart contract business logic, token deflationary mechanics, and asset price manipulation. The primary causes included a double-minting logic flaw during full token deposits that allowed an attacker to exponentially inflate their balances through repeated burn-and-mint cycles, a price manipulation vulnerability in an AMM-based lending market where artificially inflated vault shares created divergent price anchors to incorrectly force healthy positions into liquidation, and a flawed access control implementation relying on trivially spoofed contract interfaces that enabled attackers to bypass authorization to batch-mint and dump arbitrary tokens.
Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026
During the week of February 23 to March 1, 2026, seven blockchain security incidents were reported with total losses of ~$13M. The incidents affected multiple protocols, exposing critical weaknesses in oracle design/configuration, cryptographic verification, and core business logic. The primary drivers included oracle manipulation/misconfiguration that led to the largest loss at YieldBloxDAO (~$10M), a crypto-proof verification flaw that enabled the FOOMCASH (~$2.26M) exploit, and additional token design and logic errors impacting Ploutos, LAXO, STO, HedgePay, and an unknown contract, underscoring the need for rigorous audits and continuous monitoring across all protocol layers.
Newsletter - February 2026
February 2026 saw three major DeFi security incidents: YieldBlox DAO lost ~$10M due to oracle price manipulation, IoTeX’s ioTube bridge suffered ~$4.4M from a private key compromise, and CrossCurve incurred ~$2.8M after a cross-chain validation bypass.
BlockSec Releases the 2025 Crypto Crime Report
This 67-page report, based on data analysis and on-chain evidence, includes breakdowns of common real-world cases, showing the big picture of cryptocurrency crime in 2025. It also covers the main features, structure, and trends in this field.
YieldBlox DAO Incident on Stellar: Oracle Misconfiguration Enabled a $10M+ Drain
In-depth analysis of the YieldBlox DAO pool exploit on Blend V2 (Stellar), showing how USTRY/USDC price manipulation and oracle misconfiguration enabled a $10M+ drain.
Weekly Web3 Security Incident Roundup | Feb 16 – Feb 22, 2026
During the week of February 16 to February 22, 2026, three blockchain security incidents were reported with total losses of ~$6.22M. The incidents occurred across Base, BSC, and Ethereum, exposing critical vulnerabilities in oracle configuration, mathematical logic, and bridge access control. The primary causes included an oracle misconfiguration during a governance upgrade that incorrectly assigned a raw exchange rate feed instead of a composite price oracle to undervalue collateral, an unchecked arithmetic overflow in a bonding curve contract that allowed game tokens to be minted at near-zero cost due to integer wrapping, and a private key compromise of a bridge validator owner that enabled the attacker to transfer contract ownership and drain locked reserve assets.
Weekly Web3 Security Incident Roundup | Feb 9 – Feb 15, 2026
During the week of February 9 to February 15, 2026, three blockchain security incidents were reported with total losses of ~$657K. All incidents occurred on the BNB Smart Chain and involved flawed business logic in DeFi token contracts. The primary causes included an unchecked balance withdrawal from an intermediary contract that allowed donation-based inflation of a liquidity addition targeted by a sandwich attack, a post-swap deflationary clawback that returned sold tokens to the caller while draining pool reserves to create a repeatable price-manipulation primitive, and a token transfer override that burned tokens directly from a Uniswap V2 pair's balance and force-synced reserves within the same transaction to artificially inflate the token price.
Top 10 "Awesome" Security Incidents in 2025
To help the community learn from what happened, BlockSec selected ten incidents that stood out most this year. These cases were chosen not only for the scale of loss, but also for the distinct techniques involved, the unexpected twists in execution, and the new or underexplored attack surfaces they revealed.
#10 Panoptic Incident: XOR Linearity Breaks the Position Fingerprint Scheme
On August 29, 2025, Panoptic disclosed a Cantina bounty finding and confirmed that, with support from Cantina and Seal911, it executed a rescue operation on August 25 to secure roughly $400K in funds. The issue stemmed from a flaw in Panoptic’s position fingerprint calculation algorithm, which could have enabled incorrect position identification and downstream fund risk.
#9 1inch Incident: From Calldata Corruption to Forged Settlement: Binary Exploitation Goes On-Chain
On March 5, 2025, a third-party resolver integrated with 1inch Fusion V1 was exploited for over $5M after an unsafe calldata reconstruction in the settlement flow allowed attacker-controlled interaction lengths to trigger a pointer underflow and inject forged settlement data. The impact was amplified by a broken trust boundary, where resolver contracts treated forwarded calldata as authoritative based only on msg.sender, letting attacker-crafted payloads inherit settlement-level privileges while still passing access control.
#7 Trust Wallet Incident: A Stolen API Key Turns the Official Update Channel into a Backdoor
On December 25, 2025, Trust Wallet's Chrome extension (v2.68) was hit by a supply chain compromise that introduced a malicious backdoor, leading to the theft of about $8.5M in user funds. The injected code exfiltrated seed phrases to an attacker-controlled server, compromising wallets created or imported in that version, after which the attacker drained assets across multiple chains and laundered funds through non-KYC exchanges.