Defendor — DeFi Security

🛡 BlockThreat Launches Community Access Program for Security Researchers Following support from 115 contributors and The DAO Security Fund during a recent quadratic funding round, BlockThreat announced BlockThreat Community, a free annual sponsored subscription program for students, early-career researchers, solo defenders, and public goods teams. The initiative will provide access to blockchain threat intelligence, attack trend analysis, DeFi attack vector coverage, security tooling, post-mortems, research, and ecosystem security updates to help strengthen the next generation of defenders. 🔗 Details

🛡️ OpenZeppelin Outlines Three Security Layers for Institutions Building Onchain OpenZeppelin argues that institutional blockchain security extends beyond smart contract audits and should be evaluated across three layers: code security, operational security, and compliance posture. The framework emphasizes audited standards, secure key management, continuous monitoring, operational controls, and ongoing risk assessments as core requirements for financial institutions deploying onchain products. 🔗 Details

🛡 DLT Auditor Targets Blockchain Infrastructure Instead of Smart Contracts DLT Auditor v1 is a free AI-assisted auditing system focused on blockchain infrastructure components such as clients, consensus, execution layers, bridges, mempools, state synchronization, and protocol logic rather than smart contracts alone. The system uses multiple specialized audit designs and a corpus derived from security-relevant fixes across more than 30 DLT codebases to guide analysis toward historical failure patterns and improve coverage during isolated audit runs. 🔗 Details

🚨 Update on the Raydium Incident Raydium confirmed that a deprecated Legacy AMM V3 program was exploited for approximately $1.34M after an attacker created a malicious LP token mint and bypassed proportion checks due to insufficient LP mint validation. The exploit affected five legacy pools and resulted in the theft of approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC. Raydium stated that current programs and users were unaffected and that losses will be covered by the treasury. 🔗 Details

🚨 Raydium Exploit Results in $1.3M Loss According to Specter, Raydium was reportedly exploited for approximately $1.3M, with the attacker draining funds before bridging the stolen assets from Solana to Ethereum. The attacker later deposited approximately 810 ETH into Tornado Cash and 7 ETH into FixedFloat after initially funding the attack from KuCoin. 🔗 Details

🚨 TesseraDAO Got Drained After Compromised Admin Key Mints 99M TSR An attacker gained control of TesseraDAO's privileged admin functions, reassigned critical roles, minted 99M TSR tokens, and dumped them for approximately $2.49M, causing the token to collapse by roughly 99%. The stolen funds were bridged to Ethereum and laundered through Tornado Cash, while the incident exposed the risks of centralized admin control despite the project's public claims of audits, revoked permissions, and multisig governance. 🔗 Details

🚨 MILC Bridge Admin Key Compromise Leads to $161K Loss A compromised historical admin wallet was used to seize control of MILC Platform's bridge contracts on BNB Chain and Ethereum, granting privileged roles to attacker-controlled addresses and enabling unauthorized withdrawals. The attacker extracted approximately 97,003 USDT on BNB Chain and 39.21 ETH on Ethereum, for total losses of roughly $161K. 🔗 Details

🚨 NovaBox Exploited Through Dividend Accounting Flaw NovaBox lost approximately 56 ETH after an attacker exploited the order of operations in its ETH deposit and reward distribution logic, allowing a newly added address to receive dividends it had not legitimately earned. By combining the flaw with a flash loan and immediately withdrawing after the reward misallocation was recorded, the attacker extracted approximately 56.73 ETH in profit. 🔗 Details

🚨 TOP Governance Takeover Drains $1.59M From Liquidity Pool An attacker acquired majority voting power in TOP governance, passed a proposal to mint tokens to themselves, and executed it after surpassing the protocol's governance thresholds. The newly minted TOP was swapped for WETH through a Balancer pool, draining approximately $1.59M from existing liquidity. 🔗 Details

🚨 Humanity Protocol Bridge Compromise Leads to $36M+ Loss Humanity Protocol disclosed that a compromised employee laptop led to the theft of multiple Gnosis Safe keys, allowing an attacker to seize bridge ProxyAdmin control on both Ethereum and BSC. The attacker upgraded bridge contracts to malicious implementations, stealing and minting hundreds of millions of H tokens, resulting in losses exceeding $36M. 🔗 Details

🚨 Asterix Exploited Through NFT ID Collision Vulnerability Asterix reportedly lost approximately $40K in an exploit linked to the same high-bit NFT ID collision issue that recently impacted Flooring, where total losses exceeded $900K. The flaw allows crafted NFT IDs to collide with packed ownership data, breaking accounting and enabling attackers to inflate token balances before selling into liquidity pools to extract WETH. 🔗 Details

🚨 Humanity Protocol-Linked Wallet Drainer Mints and Dumps 100M Tokens An ongoing compromise affecting wallets linked to or interacting with Humanity Protocol has resulted in losses exceeding $30M, with the number of drained addresses growing from dozens to hundreds. The attacker recently minted and sold an additional 100M $H tokens, intensifying sell pressure that has contributed to an approximately 87% decline in the token's price. 🔗 Details

🚨 Tether Freezes Wallet Holding 16.65M USDT Tether froze a wallet holding approximately 16.65M USDT immediately after it received two large transfers totaling around 16.6M USDT. The wallet is linked to major fund flows involving multiple exchanges and addresses that previously received roughly $100M in withdrawals from BingX. 🔗 Details

🔐 Cygent Adds Dependency Re-Scanning Directly From Chat Platforms Cygent now allows teams to trigger dependency re-scans from Slack, Discord, and Telegram, returning vulnerability status, affected packages, severity information, and remediation guidance directly within the same conversation thread. The feature verifies fixes against a project's actual dependency graph, helping teams quickly determine whether vulnerable direct or transitive dependencies remain reachable after an update. 🔗 Details

🚨 Ambient Finance Exploited Through Surplus Collateral Accounting Bug An attacker used a Balancer flash loan to repeatedly cycle swap and LP operations on Ambient Finance's USDC/ETH pool, exploiting a surplus-collateral accounting flaw to inflate withdrawable balances. The attack culminated in a "disburseSurplus" call that extracted approximately 83.72 ETH, contributing to total losses of around $110K. 🔗 Details

🚨 Syscoin Bridge Validation Flaw Creates 5B Unauthorized SYS A validation flaw in Syscoin's bridge relay path allowed an attacker to submit a transaction proof that was incorrectly accepted, resulting in the creation of approximately 5B unauthorized SYS on the UTXO side of the bridge. The bridge has been paused while the team deploys a fix, traces the tainted funds, and coordinates with exchanges and ecosystem partners to block deposits linked to the affected outputs. 🔗 Details

🔍 Inside Gravity Bridge's $5.4M Registry Poisoning Exploit The attacker poisoned Gravity Bridge's asset registry by registering fake Cosmos assets with crafted denom strings that referenced real Ethereum custody tokens, causing the bridge to associate attacker-controlled assets with legitimate funds. A missing registry collision check during claim processing allowed the corrupted mappings to be accepted, leading validators to unknowingly authorize withdrawals of approximately $5.4M in real assets. 🔗 Details

🛡️ What Separates 100x Hackers From Everyone Else? According to Immunefi founder Mitchell Amador, a small group of elite researchers disproportionately drives blockchain security by discovering critical vulnerabilities that prevent losses ranging from millions to billions of dollars. He attributes their impact to deep technical fundamentals, extensive vulnerability knowledge, creativity, persistence, and years of focused research that enable them to uncover exploits others miss. 🔗 Details

🚨 ZachXBT Links Seized $18.9M to Alleged Crypto Fraud Ring ZachXBT disputed claims that several detained individuals were simply crypto entrepreneurs, alleging their involvement in social engineering fraud, data extortion, and the $243M Genesis creditor theft, among other incidents. According to the post, $18.9M in stolen funds was seized by law enforcement in December 2025, with the group allegedly connected to breaches, SIM swaps, and crypto-related fraud targeting victims globally. 🔗 Details

🚨 Storage Slot Collision Drains 14.41 ETH A storage slot collision between ATOHook's rewards mapping and Solady's ReentrancyGuard allowed an attacker to inflate reward balances and repeatedly claim funds, resulting in a loss of approximately 14.41 ETH. The vulnerability caused the "nonReentrant" modifier to overwrite reward accounting data, enabling roughly 200 fraudulent reward claims from the victim contract. 🔗 Details