Blockchain Security Insights

Stay ahead of emerging threats with expert analysis, security best practices, and the latest developments in blockchain security from our research team.

Post-Mortem: The Trust Wallet Supply Chain Compromise (Dec 2025)

Anatomy of the Christmas Day Supply Chain Attack: How a CI/CD Pipeline Failure Led to a $7 Million Extraction Event.

On December 25, 2025, a sophisticated supply chain attack targeted the Trust Wallet Browser Extension (v2.68), resulting in the exfiltration of user seed phrases and a $7 million cumulative loss. This analysis dissects the CI/CD pipeline compromise, the malicious payload injection, and the on-chain laundering patterns observed during the "Christmas Heist."

Batuhan Aydın Jan 24, 2026 • 4 min read

31 Read More

The $58M Job Offer: How a PDF Cost Radiant Capital Everything

Three hardware wallets. One malicious document. And a signing flow that failed silently. This is not a smart contract exploit. This is a signing failure.

Hardware wallets are designed to protect private keys — not to validate intent. On October 16, 2024, Radiant Capital, a major DeFi lending protocol, suffered a coordinated attack that resulted in approximately **$58 million** in losses across multiple chains. No private keys were stolen. No contracts were exploited at the code level. No cryptography was broken. Instead, trusted developers signed a transaction they did not intend to sign.

Batuhan Aydın Jan 24, 2026 • 1 min read

30 Read More

The $26M Legacy Hangover: Truebit’s Zombie Contract Eats Itself

A math error from 2021 just woke up and nuked 8,500 ETH because nobody checks the basement.

It’s January 2026, and we’re still losing eight figures to integer overflows. You read that right. While the rest of the industry is fighting AI-driven phishing and quantum decryption theories, Truebit just got gutted by a bug that was solved in Solidity 0.8.0 five years ago. 8,535 ETH gone in a heartbeat. No sophisticated bridge-hop, no private key leak—just a dusty smart contract that couldn't count past its own limit.

Batuhan Aydın Jan 22, 2026 • 3 min read

32 Read More

Infinite Money Glitch: How Saga EVM Just Printed $7M Out of Thin Air

A "helper contract" turned into a loot dispenser, de-pegging the Saga Dollar and freezing the chain while devs slept.

The Saga EVM bridge didn't just break; it got played like a cheap slot machine. An attacker abused a custom IBC message handler to mint 12 million Saga Dollars (D) without putting up a cent of collateral. By the time the devs hit the kill switch at block 6593800, $7 million in ETH was already washing through KyberSwap.