Step Finance reports that compromised executive endpoints led to unauthorized access to multiple treasury wallets, with losses later estimated at approximately $40M.
The incident underscores persistent risks around endpoint compromise, privileged access, and operational security in DeFi environments. Partial recovery was achieved through token protections and partner coordination, while some platform operations were paused for reinforcement.
As DeFi platforms mature, incidents like this reinforce the importance of strict device hardening, segmented access, and treasury-level defense-in-depth.
π¬ What controls meaningfully reduce exec-level compromise risk in Web3?
β Follow TechNadu for calm, technically grounded infosec coverage
#Infosec #DeFiSecurity #EndpointSecurity #CryptoRisk #Web3Security #StepFinance
π Step Finance, a Solana-native instrument panel, just discovered the gauges were lying. 261,854 SOL gone, roughly $28.7M, siphoned from treasury and fee wallets. Entry point unspecified, labeled familiar, which is never comforting. Incident response is now outsourced to forensics and badges. The system noticed itself breaking.
https://www.web3isgoinggreat.com/single/step-finance-theft #DeFiSecurity
Unleash Protocol has paused operations following an incident involving multisig governance abuse and an unauthorized contract upgrade, resulting in approximately $3.9M in asset losses.
The case underscores risks associated with administrative privilege concentration, upgrade paths, and post-exploitation fund movement across bridges and mixers.
From an InfoSec standpoint, this reinforces the need for layered controls, continuous governance monitoring, and clear incident response playbooks in DeFi environments.
What controls have you found effective for securing contract upgrades?
Follow TechNadu for practical, unbiased security reporting.
#InfoSec #DeFiSecurity #SmartContractRisk #GovernanceControls #TechNadu
π°οΈ HACKTIVATE LABS // Current Ops
Actively building:
πΉ AI ReconX β adversarial AI + prompt security scanner
πΉ NetMapper β network discovery & visual intel
πΉ RedOrch β automated red team ops & reporting
πΉ LoRaMonitor β secure LoRaWAN mesh analytics
Testing fusion models: AI + Offensive Security.
If youβre building in #AIsec, #redteam, #DeFiSecurity, @mention me β letβs align signals.
More drops coming. Stay operational. βοΈ
RE: https://infosec.exchange/@Hacktivate/115581912020238418
π°οΈ HACKTIVATE LABS // Current Ops
Actively building:
πΉ AI ReconX β adversarial AI + prompt security scanner
πΉ NetMapper β network discovery & visual intel
πΉ RedOrch β automated red team ops & reporting
πΉ LoRaMonitor β secure LoRaWAN mesh analytics
Testing fusion models: AI + Offensive Security.
If youβre building in #AIsec, #redteam, #DeFiSecurity, @mention me β letβs align signals.
More drops coming. Stay operational. βοΈ
π¨ Weekly Cybersecurity Highlights
From $15B BTC seizure to cross-chain bridge hacks and developer malware, this week shows the evolving risks in crypto and software ecosystems:
- EtherHiding malware via smart contracts steals crypto
- Khmelnytskyi crypto gang dismantled
- Global Ledger reports ~$2.9B lost in bridge hacks
- Malicious VSCode/OpenVSX extensions targeting developers
π¬ How is your team preparing for these advanced threats? Comment your strategies & follow TechNadu for verified cybersecurity intelligence.
#CyberSecurity #CryptoSecurity #Bitcoin #Blockchain #Malware #VSCode #DeFiSecurity #ThreatIntel #TechNadu
This one was difficult to write for us, it's not something we have taken lightly...
https://medium.com/@1inch.exchange/yes-we-hacked-bzx-fulcrum-but-one-month-ago-3f7e5c437ee3
#DeFi #DeFiSecurity @[email protected]
π¦π: https://twitter.com/1inchExchange/status/1230634060449538050
Ai Orbit
TechNadu
π―πππππππππβ’
Hacktivate Labs
The Lebowski
greg