Step Finance reports that compromised executive endpoints led to unauthorized access to multiple treasury wallets, with losses later estimated at approximately $40M.

The incident underscores persistent risks around endpoint compromise, privileged access, and operational security in DeFi environments. Partial recovery was achieved through token protections and partner coordination, while some platform operations were paused for reinforcement.

As DeFi platforms mature, incidents like this reinforce the importance of strict device hardening, segmented access, and treasury-level defense-in-depth.

Source: https://www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/

💬 What controls meaningfully reduce exec-level compromise risk in Web3?
➕ Follow TechNadu for calm, technically grounded infosec coverage

#Infosec #DeFiSecurity #EndpointSecurity #CryptoRisk #Web3Security #StepFinance

🔐 Step Finance, a Solana-native instrument panel, just discovered the gauges were lying. 261,854 SOL gone, roughly $28.7M, siphoned from treasury and fee wallets. Entry point unspecified, labeled familiar, which is never comforting. Incident response is now outsourced to forensics and badges. The system noticed itself breaking.

https://www.web3isgoinggreat.com/single/step-finance-theft #DeFiSecurity

Unleash Protocol has paused operations following an incident involving multisig governance abuse and an unauthorized contract upgrade, resulting in approximately $3.9M in asset losses.

The case underscores risks associated with administrative privilege concentration, upgrade paths, and post-exploitation fund movement across bridges and mixers.

From an InfoSec standpoint, this reinforces the need for layered controls, continuous governance monitoring, and clear incident response playbooks in DeFi environments.

What controls have you found effective for securing contract upgrades?

Source: https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/

Follow TechNadu for practical, unbiased security reporting.

#InfoSec #DeFiSecurity #SmartContractRisk #GovernanceControls #TechNadu

🛰️ HACKTIVATE LABS // Current Ops

Actively building:
🔹 AI ReconX – adversarial AI + prompt security scanner
🔹 NetMapper – network discovery & visual intel
🔹 RedOrch – automated red team ops & reporting
🔹 LoRaMonitor – secure LoRaWAN mesh analytics

Testing fusion models: AI + Offensive Security.
If you’re building in #AIsec, #redteam, #DeFiSecurity, @mention me — let’s align signals.

More drops coming. Stay operational. ⚔️

RE: https://infosec.exchange/@Hacktivate/115581912020238418

🛰️ HACKTIVATE LABS // Current Ops

Actively building:
🔹 AI ReconX – adversarial AI + prompt security scanner
🔹 NetMapper – network discovery & visual intel
🔹 RedOrch – automated red team ops & reporting
🔹 LoRaMonitor – secure LoRaWAN mesh analytics

Testing fusion models: AI + Offensive Security.
If you’re building in #AIsec, #redteam, #DeFiSecurity, @mention me — let’s align signals.

More drops coming. Stay operational. ⚔️

🚨 Weekly Cybersecurity Highlights
From $15B BTC seizure to cross-chain bridge hacks and developer malware, this week shows the evolving risks in crypto and software ecosystems:
- EtherHiding malware via smart contracts steals crypto
- Khmelnytskyi crypto gang dismantled
- Global Ledger reports ~$2.9B lost in bridge hacks
- Malicious VSCode/OpenVSX extensions targeting developers

💬 How is your team preparing for these advanced threats? Comment your strategies & follow TechNadu for verified cybersecurity intelligence.

#CyberSecurity #CryptoSecurity #Bitcoin #Blockchain #Malware #VSCode #DeFiSecurity #ThreatIntel #TechNadu

RT @[email protected]

This one was difficult to write for us, it's not something we have taken lightly...
https://medium.com/@1inch.exchange/yes-we-hacked-bzx-fulcrum-but-one-month-ago-3f7e5c437ee3
#DeFi #DeFiSecurity @[email protected]

🐦🔗: https://twitter.com/1inchExchange/status/1230634060449538050