- Researchers uncovered a vulnerability in DeFi smart contracts, putting $10 million at risk, but most funds were secured before exploitation.
- A Hacker stole $2.2 million from Texture’s USDC vault on Solana; after negotiations, 90% of the funds were returned.
- Decentralized exchange GMX experienced a $42 million hack, with additional damage of $9 million to lending platform Abracadabra.
- Kinto’s K token price crashed after attackers exploited a proxy contract to mint fraudulent tokens and sell them rapidly.
- Multiple DeFi projects faced security threats but responded with fixes and, in several cases, managed to recover large portions of stolen funds.
Security researchers at VennBuild announced on July 9, 2025, the discovery of a critical vulnerability affecting thousands of decentralized finance (DeFi) smart contracts. The flaw exposed over $10 million, mainly in digital assets, but most funds were rescued before attackers could exploit the backdoor.
According to VennBuild, the vulnerability was connected to a group suspected of links to North Korea. The attackers manipulated proxy contracts—tools that allow upgrades to programs running on the blockchain—by introducing malicious versions. The compromised contracts appeared normal on public blockchain explorers like Etherscan, masking the threat to users. Security groups including Dedaub and the DeFi Security Alliance (SEAL) helped secure the majority of assets at risk.
“The backdoor gave Hackers full control, forwarding calls to the original contract while [block explorer] Etherscan showed no issues,” said a researcher using the handle “deebeez.” The researchers believe the attackers were waiting for a large target and had not yet exploited the contracts when the issue was identified. “We stayed stealthy to avoid tipping them off. A high-stakes game.”
In a separate incident, Texture, a lending platform on the Solana Blockchain, suffered a $2.2 million breach in its USDC vault contract. The company’s response included offering the attacker a 10% bounty for returning the remainder of the stolen funds, arguing, “it’s not too late to avoid escalating the situation.” The approach led to the return of 90% of the taken assets. The same day, the decentralized exchange GMX was hacked for $42 million, indirectly causing $9 million in losses to Abracadabra, which used GMX assets as loan collateral.
Meanwhile, the price of Kinto’s K token plunged sharply amid accusations of a “rug-pull,” a situation where insiders allegedly sell off their own holdings and crash the market. Kinto co-founder Ramon Recuero later reported that a “state actor” had exploited a proxy contract on the Arbitrum network to mint fake tokens and immediately sell them. Scanners such as Arbiscan failed to detect the altered contract.
These events add to a growing series of attacks and attempted exploits in the DeFi sector. Teams continue to work on identifying vulnerabilities quickly, deploying fixes, and, in some cases, recovering stolen funds. Despite improvements in security collaboration, risk remains high in decentralized finance.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- US House to Hold Crypto Tax Hearing as Key Crypto Bills Advance
- Fake Crypto Startups Use Social Media to Spread Wallet-Stealing Malware
- XRP Glitches Trigger Panic as Price Errors Shake Crypto Markets
- Ant International May Add Circle’s USDC to Global Whale Platform
- Bitcoin Hits Record $112,000 as Musk Confirms Wild Crypto Rumors
