Security Time Machine: May–June 2025 Blockchain Hacks Report

Introduction

Blockchain technology, despite its vast potential, continues to be tested by significant vulnerabilities and exploits. At ImmuneBytes, our commitment to security is not only about identifying current threats but also learning from the past. This month, we dive into recent incidents, analyze their impact, and share insights into how our modern security practices would have mitigated these vulnerabilities.

Cetus Protocol (Sui Network) – $223 Million Exploit

On May 22, 2025, the Cetus Protocol faced an exploit that drained approximately $223 million. The exploit revolved around an overflow flaw related to most-significant-bit (MSB) validation, allowing attackers to manipulate liquidity calculations significantly. Prompt action led to the recovery of about $157 million (71% of the stolen funds) through rapid validator-driven freezes.

ImmuneBytes Prevention Strategy:

• Comprehensive bitwise input validation.
• Automated fuzz testing targeting arithmetic edge cases.
• Implementation of emergency freeze and multi-sig pause functionalities.

Alex Protocol (Stacks/BTC DeFi) – $8.3 Million Exploit

On June 6, 2025, attackers exploited Alex Protocol, bypassing critical self-listing verification logic. This allowed the draining of multiple liquidity pools, including assets like STX, sBTC, USDC, and WBTC, amounting to approximately $8.3 million. Alex Protocol has pledged complete reimbursement from their USDC reserves.

ImmuneBytes Prevention Strategy:

• Formal verification of asset-listing and liquidity claim logic.
• Real-time monitoring and alerts for unusual liquidity activity.
• Strong enforcement of invariants within liquidity operations.

Cork Protocol – $12 Million Exploit

In May 2025, Cork Protocol suffered a $12 million loss due to a vulnerability in its market manipulation and permission logic. Attackers created fake market conditions to illicitly extract funds.

ImmuneBytes Prevention Strategy:

• Robust role-based access control systems.
• Advanced permission checks for all sensitive market interactions.
• Regular comprehensive audits focusing on logic integrity.

Mobius DAO (Sonic) – $2.15 Million Minting Bug

A critical decimal-precision error in Mobius DAO’s minting logic enabled attackers to mint approximately 9.73 quadrillion tokens from minimal input, effectively siphoning off around $2.15 million.

ImmuneBytes Prevention Strategy:

• Mathematical formal verification of minting logic.
• Extensive testing for decimal precision edge cases.
• Inclusion of minting caps and emergency halt features.

May 2025 Incident Overview

May 2025 witnessed about 20 significant crypto incidents, with cumulative losses totaling around $244 million, marking a 39% decrease compared to April. Code exploits alone accounted for approximately 76% of this total loss ($229.6 million), highlighting an urgent need for more rigorous smart-contract audits and validations.

Defensive Practices at ImmuneBytes

Our approach to securing blockchain protocols involves:

• Secure-by-Design and Formal Verification: Ensuring mathematical correctness and logical integrity from the design phase.
• Comprehensive Audits: Utilizing static and dynamic testing methods to identify vulnerabilities before deployment.
• Robust Governance Controls: Implementing multi-sig and role-based access to secure critical operations.
• Real-Time Monitoring: Detecting and responding swiftly to abnormal activities and transactions.
• Recovery and Reimbursement Mechanisms: Building in contingency plans and financial safeguards to minimize losses.

Why it Matters

By revisiting recent blockchain incidents through our “Security Time Machine,” we emphasize the critical importance of evolving security practices. It not only educates the community about vulnerabilities but also demonstrates the proactive measures ImmuneBytes employs to safeguard digital assets.

Stay secure. Stay informed. Learn more about our auditing methodologies at immunebytes.com/smart-contract-audit.

Kaif Ahmed