Security News & Insights
Stay updated with the latest developments in blockchain security and smart contract auditing
Critical Vulnerability Found in Major DeFi Protocol Leads to $50M Exploit
A reentrancy vulnerability in a popular decentralized finance protocol allowed attackers to drain over $50 million in various tokens. The protocol has temporarily suspended operations while the team works with security experts to patch the flaw and recover funds.
New Research Reveals 30% of Solidity Smart Contracts Contain Known Vulnerabilities
Academic researchers have analyzed over 10,000 smart contracts and found that approximately 30% contain known security vulnerabilities that could be exploited. The study emphasizes the need for improved automated analysis tools and mandatory security audits.
Cross-Chain Bridge Security Concerns Mount After Three Major Incidents
Security researchers have identified common vulnerabilities in cross-chain bridge implementations that have led to multiple incidents this month. Experts recommend enhanced verification mechanisms and multi-signature requirements for cross-chain transactions.
Ethereum Foundation Announces New Smart Contract Audit Incentive Program
The Ethereum Foundation has launched a program to subsidize security audits for critical infrastructure contracts. The initiative aims to improve the overall security of the Ethereum ecosystem by making professional audits more accessible to smaller development teams.
AI-Powered Smart Contract Analysis Tools Show Promising Results in Bug Detection
New research demonstrates that AI-enhanced tools can detect certain types of smart contract vulnerabilities with higher accuracy than traditional methods. However, experts warn that human oversight remains essential for comprehensive security assessments.
Bittensor Hack Highlights NFT-Based Money Laundering Risks
The Bittensor hack revealed how anime NFTs are exploited for money laundering, prompting urgent regulatory scrutiny and security measures for NFT platforms. The incident acted as a stark reminder for the crypto community, revealing the pressing need for improved security measures and stricter regulatory scrutiny in the NFT space.
CertiK Reports Surge in Crypto Hacks, $173M Lost in August
CertiK reported that crypto hacks shot up by over 13% from July to August 2025, with thieves walking away with around $173 million. Phishing scams alone made up $101 million of that total. The month's worst hits included a massive $91 million phishing attack and a $53 million hack of BTC Turk.
LISA Technical Report: An Agentic Framework for Smart Contract Auditing
The LISA framework combines rule-based and logic-based methods to address a broad spectrum of vulnerabilities in smart contracts, significantly outperforming both LLM-based approaches and traditional static analysis tools.
India Mandates Cybersecurity Audits for Crypto Exchanges
Amid increasing instances of cyber thefts, the Indian government has mandated cybersecurity audits for all cryptocurrency exchanges and custodians. Platforms are required to have a security auditor registered with the Indian Computer Emergency Response Team (CERT-In), the nodal agency that deals with cybersecurity incidents.
Auditor Flagged Issue Before $2.59M Nemo Hack, Team Admits
Sui-based yield trading protocol Nemo lost $2.59 million in a Sept. 7 exploit caused by unaudited code deployed without multisignature controls. Despite an auditor flagging the issue months prior, the team failed to address it in time, leading to the breach.
NPM Supply Chain Attack Puts Crypto Users at Risk
On September 8th, cybersecurity researchers uncovered one of the most serious supply chain attacks in recent history. Hackers successfully compromised NPM (Node Package Manager), the world’s largest library of open-source software components, relied on by developers to build everything from websites to cryptocurrency wallets.
Web3 Security Report Q1 2025: $2B Lost in 90 Days
The first quarter of 2025 marked one of the most alarming periods in Web3 security history — with over $2 billion lost in just three months. A 96% increase compared to Q1 2024, driven by operational failures and access control exploits.
Bybit Hit by Record $1.5B Hack Attributed to Lazarus Group
In February 2025, cryptocurrency exchange Bybit suffered a massive hack, resulting in the theft of $1.5 billion worth of Ether tokens. Cybersecurity researchers and blockchain analysts linked the attack to the Lazarus Group, a hacking group believed to be backed by North Korea. Bybit stated that it was able to recover most of the stolen Ethereum and remained solvent throughout the incident. The company announced new security upgrades and offered a bounty to help track down the hackers and recover the remaining funds.
OWASP SC Top 10 (2025) Breakdown: The Most Critical Smart Contract Risks
The OWASP SC Top 10 for 2025 highlights the most critical smart contract risks, with access control vulnerabilities topping the list. These flaws allow attackers to gain unauthorized control over smart contracts.