The decentralized finance (DeFi) sector is a monetary frontier zone, dwelling to a few of crypto’s most risk-on experiments.
Consequently, few days go by with out a dose of DeFi drama. Nevertheless it’s not all unhealthy information…
Backdoor vulnerability left $10M in danger
Safety researchers at VennBuild introduced the invention of a “critical backdoor” vulnerability, by which suspected North Korean hackers had laid a lure affecting “thousands of smart contracts, leaving over $10,000,000 at risk for months.”
We @VennBuild simply found a important backdoor on 1000’s of good contracts leaving over $10,000,000 in danger for monthsAlong with the assistance of safety researchers @dedaub @pcaversaccio, the seals workforce @seal_911 and others, we managed to rescue nearly all of funds…
— deebeez (@deeberiroz) July 9, 2025
Learn extra: Whitehat hacker rescues $1.5M from first DeFi hack of 2025
Uncovered along side different researchers from Dedaub and the DeFi Safety Alliance (SEAL), the plot concerned front-running the initialization of proxy contracts to malicious variations, while overlaying their tracks through spoofed logs.
A VennBuild researcher, going by the X deal with “deebeez,” defined: “The backdoor gave hackers full control, forwarding calls to the original contract while [block explorer] Etherscan showed no issues.”
They think the traps have been set by “a sophisticated group waiting for a bigger target, not small wins,” and as such hadn’t but been exploited.
“We stayed stealthy to avoid tipping them off. A high-stakes game.”
Hacker supplied 10% bounty in the event that they return Texture’s USDC
Worse luck got here for Solana-based lending platform Texture, which introduced a hack of $2.2 million from its USDC Vault contract final night time.
We’ve got found a safety breach of the Texture Vaults contract, person funds within the quantity of USDC 2.2m have been compromised, the breach appears to be restricted to the USDC vault. Our workforce has recognized the vulnerability and is working to deploy a repair. We’re organising a conflict…
— Texture (@texture_fi) July 9, 2025
Learn extra: Circle dragged for dragging toes as DeFi protocol GMX hacked
The workforce took to X to supply the offender a ten% bounty in the event that they returned the remaining funds. Taking a hardball strategy to the negotiations, they are saying the hacker “made an opsec mistake, but it’s not too late to avoid escalating the situation.”
The unhealthy cop routine seems to have spooked the thief, who has now returned 90% of the funds, in accordance with the Texture workforce.
Earlier the identical day, a $42 million hack hit decentralized perps trade GMX on the Arbitrum community.
The consequences weren’t restricted to GMX itself, nevertheless. Lending platform Abracadabra suffered “collateral” harm of $9 million in a market utilizing GMX’s (exploited) GLP token as collateral.
Many GMX v1 forks have been additionally feared to be susceptible to an identical assault.
Kinto accused of rug-pull
Screenshots of crimson candles aren’t unusual on any crypto fanatic’s timeline, however the current worth motion of Kinto’s Okay token was extra eye-catching than most.
chat what can we name this sample? that is kinto btw pic.twitter.com/XiFrMRsNWn
— OxTøchi 
(@OxTochi) July 10, 2025
Learn extra: DWF Labs-backed USDf depegs as crimson flags raised over high quality of backing
Whereas many have been fast to accuse the workforce of a rug-pull, insiders promoting massive portions of tokens and crashing the value, it seems there’s extra to the story.
Granted, Kinto’s preliminary response was suspiciously obscure and solely served to stir up suspicion. One X person replied merely, “This doesn’t even address the issue,” whereas others accused the workforce of rugging by promoting “their bags.”
Nonetheless, a later replace described an eerily comparable scenario to the proxy backdoor lure uncovered by VennBuild and others.
Kinto co-founder Ramon Recuero says a “state actor… upgraded the implementation of the K token on Arbitrum and used it to mint fake K tokens that they dumped immediately,” including that “Arbiscan didn’t detect the bogus proxy implementation.”
It seems like, in DeFi, chaos isn’t the exception however the rule.
Obtained a tip? Ship us an e mail securely through Protos Leaks. For extra knowledgeable information, comply with us on X, Bluesky, and Google Information, or subscribe to our YouTube channel.
The publish Simply one other day in DeFi: A hack, a rug-pull, and $10M saved appeared first on Protos.
