0x1 Web3 Security Bulletin

Crypto and web3 security insights, including tools, hacks, and regulations.

On Trend

0x1 Web3 Security Bulletin

<100 subscribers

💡Insightful

Supply chain attacks are exploiting our assumptions

Supply chain attacks exploit fundamental trust assumptions in modern software development, from typosquatting to compromised build pipelines. New defensive tools are emerging to make these trust relationships explicit and verifiable, addressing the growing threat landscape. (Trail of Bits)

Multi-Chain Stablecoins: Security, Risks and Best Practices

Comprehensive analysis of security challenges facing multi-chain stablecoin implementations across different blockchain networks. Best practices include robust bridge architecture, comprehensive monitoring systems, and proper reserve management across different blockchain ecosystems. (Halborn)

ERC-3643 Explained: T-REX Standard in DeFi

The standard enables permissioned transfers, identity verification, and regulatory compliance while maintaining blockchain transparency. Key features include on-chain identity management, transfer restrictions based on investor eligibility, and automated compliance checks for institutional adoption. (QuillAudits)

ERC-8004: Infrastructure for Autonomous AI Agents

ERC-8004 proposes a new standard for autonomous AI agents operating on blockchain networks, enabling self-executing smart contracts with AI decision-making capabilities. (

QuillAudits

)

🏢 Companies in the news

Partner Spotlight: Shift Strengthens Web3 Infrastructure Security with Cyvers

Cyvers announces a partnership with Shift, an institutional DeFi asset manager and infrastructure provider. The collaboration focuses on securing validator operations, treasury wallets, and staking flows through real-time monitoring and counterparty risk assessment. (Cyvers)

Forta Firewall Expands Sanctions Screening with OFAC + 1-Hop Detection

Forta Firewall has upgraded to include sub-6 millisecond transaction screening of addresses one hop away from OFAC-sanctioned wallets. The system already blocks directly sanctioned addresses from OFAC, UK, and EU lists, but now identifies addresses that have interacted with sanctioned wallets within one transaction hop to prevent evasion attempts. (Forta)

Gimme the loot

A few notable hacks from Rekt and other sources…

GriffinAI

LayerZero peer exploit hits Griffin AI where attacker minted 5 billion $GAIN tokens and dumped just 2.8% for $3 million profit while 97.2% sits in the attacker's wallet. The exploit demonstrates how bridge vulnerabilities can become money printers when admin keys provide convenient exit ramps for attackers. (Rekt)

UXLink

An admin coup on UXLink followed by cross-chain laundering and billions of UXLINK minted led to an estimated $41 million exploit. (Rekt)

Anatomy of a Billion-Download NPM Supply-Chain Attack

History's largest npm supply chain attack involved phishing that gave attackers control over packages with 2+ billion weekly downloads. They slipped in a polished crypto-stealer only to drop it into server builds, causing the malware to break CI-CD. (JD)

SlowMist stats this week

Total 2025 hack events: 158

The total amount of money lost by blockchain hackers is about

$2,679,829,362.00

We must have regulations

Estonia Crypto License: 2025 Practical Guide

Estonia has fully aligned with the EU's MiCA Regulation, making licenses from the Estonian Financial Supervision Authority (FSA) MiCA-compliant with EU-wide passporting rights. (Hacken)

Woodrow Brown

2 min read·October 1, 2025