BlockSec

USDT UNFREEZING ADDRESSES USDC STILL HAS FROZEN In late March, USDC and USDT both froze the same batch of TRON addresses, one week apart. It looked like coordinated cross-issuer enforcement. Then April came. WHAT WE OBSERVED: → March 24: USDC froze a batch of addresses on TRON → March 31: USDT followed with matching freezes → April 7–22: USDT began removing the freezes, one by one → In multiple cases, funds moved to Binance within hours of each USDT unfreeze USDC's freeze remains in place. When two major stablecoins take coordinated action, and one quietly reverses course, the addresses don't stay quiet. We're tracking this. 🟧 Alerted by #PhalconNetwork https://lnkd.in/gzVMVm2g 🟧 Verified in #PhalconCompliance https://lnkd.in/dG_rnd8q #Stablecoin #USDT #USDC #Tron #AML #Compliance

The KelpDAO $290M bridge exploit triggered a chain reaction that froze WETH liquidity exceeding $6.7 billion across five chains, affecting users who never interacted with rsETH. The incident also revealed the practical boundaries of "permissionless" systems when Arbitrum's Security Council executed a forced state transition, moving 30,766 ETH without the holder's signature through a governance-sanctioned atomic contract upgrade. https://lnkd.in/gMek2vyt

🗓Weekly Web3 Security Roundup | Apr 13 - Apr 19 🚨4 incidents | ~$310M lost this week Full analysis with vulnerability breakdown: https://lnkd.in/gFApEv3U

🎙️ BlockSec Co-founder Yajin Zhou will join a roundtable panel at the First Global Web4.0 Conference in Hong Kong on April 22. Hosted by Huaying Group (NASDAQ: AXG) at Cyberport CyberArena, the conference explores the intersection of AI and digital assets. Yajin will speak on "Security & Auditability: Establishing the Trust Foundation of Web 4.0," alongside leaders from top security firms in the industry. As AI-driven finance and on-chain ecosystems grow more complex, the role of security infrastructure has never been more critical — from smart contract auditing to real-time threat detection and compliance monitoring. 📍 Hong Kong Cyberport | April 22, 2026 #Web4 #BlockchainSecurity #AI #DigitalAssets #HongKong #Cyberport #Web3Security

🗓Weekly Web3 Security Roundup | Apr 6 - Apr 12 🚨4 incidents | ~$928.6K lost this week Full analysis with vulnerability breakdown: https://lnkd.in/gkb5Sc2w Starting this week, we highlight one incident at the top of each report. The selection is not necessarily based on loss amount — it may be chosen for its novel protocol design, clever attack technique, or broader lessons for the community.

🤝 BlockSec is partnering with Jumio Corporation to deliver end-to-end Web3 compliance. 🪪 Off-chain (KYC): who the user is, whether they appear on sanction lists, whether their identity is real 🔗 On-chain (KYT): where funds come from, where they go, whether they touched mixers, stolen assets, or sanctioned addresses For years, these two layers lived in separate vendor stacks. Compliance teams had to reconcile data across systems by hand. Now, through deep product-level collaboration with Jumio, BlockSec Phalcon Compliance brings both into a single workflow — from user onboarding to transaction-level oversight. 📌 Why this matters now: ✅ FATF Travel Rule enforced across more jurisdictions ✅ MiCA fully in effect across the EU ✅ HK, SG, UAE have matured their VASP regimes ✅ US tightening requirements on stablecoins and custody For crypto exchanges, custodians, stablecoin issuers, and Web3 projects, this means: one integration, shorter compliance buildouts, fewer vendors, and an audit trail that holds up to global regulators. 🚀 Together, BlockSec and Jumio are building the compliance infrastructure Web3 needs to scale. 🔗 Learn more: blocksec.com #Web3 #Compliance #KYC #KYT #MiCA #FATF #CryptoCompliance #Blockchain

🗓Weekly Web3 Security Roundup | Mar 30 - Apr 5 9 incidents | ~$287M lost this week Full analysis with vulnerability breakdown⬇️ https://lnkd.in/gYSgkxB2

A single victim deposit address on TRON led us to a $1.6 billion Ponzi infrastructure with 8 generations of hot wallets, 79 relay addresses, and same-second payout channel handoffs. ⸻ WHAT HAPPENED VerilyHK presented itself as a Hong Kong health tech investment platform. The name appears designed to exploit confusion with two unrelated companies: Alphabet's Verily Life Sciences, known for AI-driven healthcare, and a Chinese A-share listed environmental engineering firm (stock code 300190). Its website copy closely echoed the real Verily's positioning, claiming expertise in AI health, big data analytics, and medical devices. In April 2025, China's Heshan District government flagged it as a pyramid scheme reliant on overseas cryptocurrency transactions. The platform ceased operations in February 2026. Over 16 months, its on-chain fund orchestration system processed approximately $1.6B in TRON USDT through a highly structured multi-layer topology, significantly exceeding other major crypto Ponzi schemes that faced SEC action, including Forsage ($300M) and NovaTech ($650M). KEY FINDINGS → 15 collection hot wallets rotated across 8 generations. Each generation ended on the exact day the next one started. The final generation processed over $900M in under 4 months. → 79 intermediate relay addresses funneled 80.8% of all outflows to identified payout channel hubs, with near-zero retained balances. → 3 generations of payout channels, each running symmetric a/b dual lines. The Gen 2 to Gen 3 handoff occurred at the same second on Aug 4, 2025. → Gen 3's two parallel payout lines ($260M and $681M) share zero overlap in large-value downstream recipients, yet both exit through the same major CEX hot wallet via ~60,000 deposit addresses. → A cross-generational hub active from Mar 2025 to Feb 2026 routed ~$240M through its network. On-chain tracing reveals direct fund flow connections between this hub and Huione Group, a Cambodia-based financial group barred from the U.S. financial system by FinCEN. WHY THIS MATTERS What stands out is the combination of sheer volume, approximately $1.6B in cumulative on-chain flow, and the precision of the infrastructure: day-exact generational handoffs, paired payout channels with largely separate downstream networks, and tens of thousands of single-use addresses funneling into a shared exchange exit. For compliance teams at exchanges, these structural signatures represent actionable detection heuristics. For investigators and regulators, the layered architecture illustrates why tracing illicit funds requires looking beyond individual transactions to reconstruct the full network topology. ⸻ Full analysis ↓ https://lnkd.in/g8JBzxme 🟧 Traced with #MetaSleuth metasleuth.io 🟧 Check your exposure with #PhalconCompliance https://lnkd.in/dG_rnd8q #AML #blockchain #crypto #compliance #TRON #USDT #onchain #investigation

🚨 On April 1, 2026, a fatal flaw in governance architecture cost Drift Protocol $285.3 million. By exploiting Solana's durable nonces, attackers managed to delay the execution of phished multisig signatures, silently taking over the protocol's 2-of-5, zero-timelock governance. With ultimate admin authority, they engineered a malicious token market, inflated prices, and drained the protocol's reserves in merely 12 minutes. Beyond the staggering financial loss, this exploit highlights a critical architectural flaw: durable nonces can decouple a signer's original intent from on-chain execution, effectively bypassing the implicit security assumptions of multisig setups.

For a detailed analysis, read our deep-dive post: https://lnkd.in/gmjapD5x