# 0x5 Web3 Security Bulletin *Crypto and web3 security insights, including tools, hacks, and regulations. * By [W3SB](https://paragraph.com/@w3sb) · 2025-10-29 web3, security, hacks, crypto --- Insightful ========== **Oooh Frameworks** Sometimes there's nothing better than grabbing a cup of coffee, sitting back and digging into a framework. So when I came across [@joe\_vanloon](https://x.com/joe_vanloon)'s [Web3 OpSec Standard (W3OS)](https://github.com/W3OSC/web3-opsec-standard?tab=readme-ov-file) that's just what did. **Decentralize It! And Host it on AWS...Ouch, bad week for that...** Per rekt's style, a great write up on the industry and the house of cards most are building on. ([rekt](https://rekt.news/we-have-centralization-issue)) **More on Amazon's Outage** Amazon has confirmed that a significant DNS failure was the root cause of a massive AWS outage earlier this week, which disrupted numerous websites and online services. The incident highlights the critical role of DNS infrastructure in maintaining internet stability. ([Bleeping Computer](https://www.bleepingcomputer.com/news/technology/amazon-this-weeks-aws-outage-caused-by-major-dns-failure/)) **Multisig Security Analysis: When is a Safe not so safe?** Electisec delves into the security of multisig configurations, questioning their inherent safety. The analysis explores potential vulnerabilities within these systems, providing insights into how to enhance the security of multisignature setups in the blockchain ecosystem. ([Electicsec](https://blog.electisec.com/multisig-security)) **North Korea: Sanctions Evasion via Cyber and IT Worker Networks** A new MSMT report details how North Korea systematically violates UN sanctions by deploying IT workers abroad and integrating advanced cybercrime—including cryptocurrency heists, laundering, and ransomware—across a constellation of state-controlled entities. From Jan 2024 to Sep 2025, DPRK actors stole over $2.8 billion in cryptocurrency and leveraged networks in China, Russia, Argentina, and Cambodia to launder funds, support WMD development, and run illicit procurement via stablecoins and coordinated facilitators. ([Multilateral Sanctions Monitoring Team](https://msmt.info/Publications/detail/MSMT%20Report/4221)) **AI-Powered North Korean Hackers Redefine Crypto Threat Landscape** North Korea's Lazarus Group now deploys large language models across entire attack chains—from reconnaissance and phishing to code analysis and money laundering—automating vulnerability discovery at unprecedented scale. Mysten Labs' chief cryptographer warns that AI, not quantum computing, poses the immediate existential threat, enabling state-backed teams to scan thousands of smart contracts within minutes and replicate exploits across blockchains. ([CoinDesk](https://www.coindesk.com/business/2025/10/25/north-korea-s-ai-powered-hackers-are-redefining-crypto-crime)) **Crypto Wallets Unite for Real-Time Phishing Defense** Security Alliance, in collaboration with MetaMask, WalletConnect, Backpack, and Phantom, launched a global real-time phishing defense network to counter rising crypto phishing losses, which exceeded $400 million in H1 2025. Using verifiable phishing report technology, anyone can trigger warnings across the ecosystem for faster threat response, establishing a decentralized security standard for wallets. ([Security Alliance](https://www.securityalliance.org/news/2025-10-phishing-defense-network)) **Crypto and Crime: Inside the FBI's Virtual Assets Unit: Podcast Ep. 172** The Public Key podcast episode explores the FBI's Virtual Assets Unit operations combating cryptocurrency-enabled crime. Law enforcement officials discuss evolving investigation techniques, multi-agency collaboration strategies, and emerging challenges posed by blockchain technology adoption in criminal enterprises. The conversation reveals how federal agencies are developing specialized capabilities to trace illicit cryptocurrency flows while navigating the complex intersection of traditional financial crime investigation and decentralized technology. ([Chainalysis](https://www.chainalysis.com/blog/crypto-crime-fbi-virtual-assets-unit-podcast-ep-172/)) Companies in the news ===================== **Bron Labs Targets Crypto Self-Custody** Physical attacks targeting cryptocurrency wealth surged over 50% in 2025 as self-custody risks escalate beyond digital threats. Copper Technologies founder Dmitry Tokarev launches new business addressing rising security challenges of managing private keys, recognizing that decentralized asset ownership introduces personal safety and operational security vulnerabilities. ([Bloomberg](https://www.bloomberg.com/news/articles/2025-10-28/a-new-tech-platform-takes-aim-at-crypto-s-self-destruct-button)) Gimme the loot ============== _A few notable hacks from_ [_rekt_](https://rekt.news/) _and other sources…_ **MEV Governance Exploit Nets $2K in Single Block** Attackers leveraged Ethereum MEV infrastructure to seize governance tokens by becoming the block’s fee recipient, enabling a one-transaction proposal and execution. This maneuver drained $2,078 from an old contract. ([Defimon Alerts on X](https://x.com/DefimonAlerts/status/1982850945018147072)) **LuckyCode Smart Contract Brute-Forced for $56K** An outdated LuckyCode contract was drained of $56,000 after attackers exploited a flaw in its winner selection logic. By brute-forcing 4-digit codes and precomputing winning contract addresses, rogue actors repeatedly called the contract’s `checkAward_()` function to siphon funds. This breach highlights the risks in simple code-based lottery mechanisms. ([Defimon Alerts on X](https://x.com/DefimonAlerts/status/1981671353674846591)) [SlowMist stats this week](https://hacked.slowmist.io/statistics/?c=all&d=2025) ------------------------------------------------------------------------------- Total 2025 hack events: 169 The total amount of money lost by blockchain hackers is about $2,706,404,055 We must have regulations ======================== **Fed Proposes Direct Access for Stablecoin Issuers** The Federal Reserve unveiled a proposal granting stablecoin issuers and fintechs direct access to its payment rails via “payment accounts,” without requiring partnerships with traditional banks. The plan aims to streamline approvals for entities like Ripple and Anchorage Digital, signaling a significant policy shift and inviting broader industry participation. Feedback will be solicited before finalizing the framework. ([Cryptonews](https://cryptonews.com/news/fed-proposes-letting-stablecoin-issuers-access-banking-system-directly-without-banks/)) **UK to Consult on Stablecoin Regulation in November** The Bank of England will launch a consultation on stablecoin regulation starting November 10, targeting alignment with U.S. standards. The framework seeks to boost investor confidence and establish the UK as a global leader in crypto regulation. The move is part of broader efforts to foster innovation in the UK’s financial sector and attract crypto capital. ([Binance](https://www.binance.com/en/square/post/10-21-2025-bank-of-england-to-launch-stablecoin-regulation-consultation-in-november-31312699173826)) **ESRB Warns on Stablecoin Systemic Risks, Issues Recommendations** The European Systemic Risk Board (ESRB) released a report warning of financial stability risks from stablecoins involving joint EU and non-EU issuers. ESRB recommends policymakers exclude these schemes from MiCAR rules and implement safeguards by 2026, including enhanced supervision and closer international cooperation, to mitigate vulnerabilities in cross-border stablecoin operations. ([European Systemic Risk Board](https://www.esrb.europa.eu/news/pr/date/2025/html/esrb.pr251020~84e90ccc73.en.html)) Research corner =============== **RiskTagger: LLM-based Agent for Web3 Crypto Money Laundering Annotation** RiskTagger, an LLM-based agent, automates the annotation of crypto money laundering behaviors in Web3. It extracts clues from complex reports, reasons over multichain transaction paths, and generates auditor-friendly explanations, significantly improving the efficiency and coverage of anti-money laundering datasets. ([ArXiv](https://arxiv.org/abs/2510.17848)) --- *Originally published on [W3SB](https://paragraph.com/@w3sb/0x5-web3-security-bulletin)*