In one of the most expensive lapses of 2025, $1.5B in ETH was stolen without touching a single line of on-chain logic.
How It Happened
A compromised developer machine pushed malicious JavaScript to the Safe{Wallet} frontend. Users saw what looked like the real interface.
But under the hood, the attackers had swapped out the legitimate multi-sig contract for a malicious one. The signers unknowingly approved.
The contract was secure. The people and workflows weren’t.
A Growing Trend
In just the first half of 2025, attackers stole over $1.7 billion by exploiting:
-
Fragile frontend codebases and lack of integrity checks
-
Wallets that still allow blind signing
-
Weak operational security across teams
-
Social engineering and identity spoofing
Key Takeaways
-
Audits aren’t enough if your frontend can be hijacked.
JavaScript pinning and Subresource Integrity (SRI) should be standard. -
Blind signing is outdated.
EIP-712 needs to be mandatory so signers clearly see what they are approving. -
OpSec matters more than ever.
Secure the developer environment, CI/CD pipelines, and multi-sig signer devices. -
UI vulnerabilities are real.
Address poisoning still works because wallet UIs truncate addresses use checksums and better visual cues. -
Smart contract math needs live safety nets.
Cetus lost $223M in Q2 due to an overflow in liquidity logic. Real-time TVL monitoring with auto-pause could have prevented it.
The AI-Powered Threat
There’s also the growing threat of AI-powered exploits.
From phishing emails to deepfakes and automated bug hunting, the number of AI-driven attacks has increased over 1,000% since last year.
Insecure APIs, exposed endpoints, and human trust assumptions are being weaponized faster than most teams can react.
The Lesson
Security today is about defending your people, processes, and interfaces — not just your solidity code.
Have you upgraded your security model beyond the contract layer?
