BlockSecOps Blog
Expert insights on Web3 security, smart contract vulnerabilities, and the latest in blockchain DevSecOps
Articles
SwapNet's Arbitrary Call Exploit Drains $16.8 million from Matcha Meta Users
A critical vulnerability in SwapNet's router contract enabled attackers to drain approximately **$16.8 million** from cryptocurrency wallets on January 25, 2026, marking what security researchers call the "largest approval attack (excluding phishing)" ever documented. The exploit specifically targeted users of Matcha Meta, a DEX aggregator built on 0x Protocol, who had disabled the platform's One-Time Approval safety feature and granted persistent token allowances to SwapNet's integrated contracts.
420k Binance Credentials Exposed in Massive Infostealer Database Discovery
A security researcher discovered an unprotected cloud database containing **149.4 million unique credentials**—including **420,000 Binance-related logins**—representing one of the largest publicly exposed infostealer log compilations ever documented. This wasn't a traditional data breach: the 96GB trove was harvested from malware-infected consumer devices worldwide and left accidentally accessible on an unsecured server. The discovery underscores how infostealer malware has industrialized credential theft at an unprecedented scale, with **1.8 billion credentials** stolen by infostealers in just the first half of 2025 alone—an **800% increase** over the prior six-month period.
North Korean Hackers Are Using AI to Target Crypto Developers — Here's How to Protect Yourself
KONNI APT expands operations to hunt blockchain engineers, deploying AI-generated backdoors to steal wallet access and infrastructure credentials
YO Protocol's $3.7M Swap Disaster: Official Post-Mortem Reveals Automation Gap
On January 12, 2026, YO Protocol's Automated Harvesting System executed a catastrophic swap that turned $3.84 million worth of stablecoins into just $112,000—a 97% loss in a single transaction. The incident, reported by blockchain security firm BlockSec, stemmed from an incorrect estimated output value that nullified slippage protection, combined with routing through a high-fee, low-liquidity pool. YO Protocol has now published a detailed post-mortem acknowledging that safeguards designed for large trades were not consistently applied across all automated systems.
Ethereum security in 2026: What enterprises need to know now
The largest crypto theft in history—$1.5 billion from Bybit—wasn't a smart contract bug. It was a supply chain attack on wallet infrastructure. This single incident encapsulates the seismic shift in blockchain security heading into 2026: the threat landscape has evolved beyond Solidity vulnerabilities to target the entire operational stack, and enterprises processing significant transaction volume must adapt or face catastrophic losses.
Top Rust Smart Contract Vulnerabilities in 2025: Real-World Examples and Fixes
As Rust-based blockchain platforms like Solana continue to gain traction in 2025, understanding common security vulnerabilities has become critical for developers building decentralized applications. While Rust's memory safety guarantees eliminate entire classes of bugs, smart contract development introduces unique challenges that can lead to severe exploits. In this comprehensive guide, we'll explore the most prevalent Rust smart contract vulnerabilities discovered in 2024-2025, complete with vulnerable code examples and their fixes.