We’ve joined IVAN PPP! 💥 BlockchainUnmasked is now an official partner in a US-led initiative to combat illicit crypto activity and protect the future of digital finance. Read more from MITRE → 🔗 mitre.org/news-insights/news…

Permissionless ≠ powerless. THORChain has: • trading halts • validator control • governance votes And still processes North Korea laundering while collecting fees. That’s hardly “neutral.” Interestingly, they chose Switzerland as their HQ. Likely intentional.

Pre-2008, MBS were accepted as repo collateral at haircuts that assumed the underlying was liquid, diversified, and uncorrelated with broad stress. When that assumption broke, the haircut problem became a solvency problem almost overnight. DeFi just ran the same play with LRTs. Aave's contracts didn't break. Their risk perimeter did. One bridged LRT, 93% LTV, no velocity limits, shared liquidity pools, and a tail risk that everyone priced as negligible until it wasn't. Different instrument. Same failure. Same lesson nobody wanted to learn until it was expensive.

Mythos isn’t hype. The signal is simple: Bug discovery is becoming cheap. Exploit development is compressing. The bottleneck is now patching, triage, and response. If defenders don’t operationalize faster than attackers, the gap widens. Anything else is noise.

Security can’t be an afterthought, or state-sponsored actors will keep draining hundreds of billions that effectively fund hostile regimes. Typically we don’t claim we could’ve stopped something like this—and we won't here. We couldn’t have stopped this (though the 6 hours the funds sat on USDC is another story). I dislike when firms grave-dance and claim their sandbox or monitoring tool would’ve magically prevented a breach. This attack was much more than the typical. But we will say this: if you want to find the real holes before they’re exploited—we’ve built NSA-grade pen-testing and counterintelligence capabilities (mainly for use by Federal Law Enforcement) that can help you identify weaknesses and close them proactively. Tracing after the fact is too late. And tracing itself has become a common-place competency. Prevention is non-negotiable. If you’re a protocol or exchange and what to chat security, get in touch.

Excited to share that we have joined the @circle Alliance Program, a global community of teams focused on bringing the world on-chain, powered by USDC.

We've recently worked on violent crypto crimes alongside federal law enforcement. It's scary. When crypto fraud turns violent, strong chain-analysis and cross-border coordination matter more than ever.

People are calling the recent npm hack a “failure” because it only stole a few bucks. That’s the wrong take. This wasn’t designed to drain wallets, it was a show of force. The attackers proved they could compromise packages with billions of downloads, hijack crypto flows, and manipulate addresses. Instead of hiding it, they made it obvious. They barely touched funds. Why? To send a warning shot. Now every dev team infra provider has to patch holes, spend time, energy, and money fixing exposures. That’s the real impact. This wasn’t accidental. It was intentional. A message: “If we wanted to steal at scale, we could. You’re not ready.”

ICYMI: APPLE PATCHED A ZERO-CLICK VULNERABILITY THAT ALLOWED SOPHISTICATED ATTACKERS TO COMPROMISE DEVICES AND COULD HAVE LED TO CRYPTOCURRENCY THEFT; IT URGED IMMEDIATE UPDATES - PER COINTELEGRAPH

Just when you think you've seen every type of attack, we just got this: Attacker hacks victim's email → hacks their MEXC account → swaps $90k of coins to USD → buys $90K of a low-price token (CAW/USDC) → the price pumps→ attacker dumps it from their own account. They hacked an account so they could front-run their own pump and then dump. No coins "stolen"—just market manipulation. Wild.

We released an updated version of @tayvano_'s guide on what to do if you've been infected by malware, tailored specifically for crypto users. Take a look and save the link, it might come in useful one day securityalliance.org/go/malw…

Yep. We've even had a few NK applicants. They're everywhere.

The dates on this coincide directly with the dates of the API breach we investigated for dozens of individuals. Coinbase denied all of them and closed all of their cases, informing them that it was the user's fault and Coinbase was not liable. news.bitcoin.com/69461-users… via @bitcoinnews

Yep. More often than not unfortunately.

Well well well. coinbase.com/blog/protecting…

Good progress. Crypto companies (exchanges) need to implement better SOPs to protect users.

This is a wild stat.