I. Executive Summary On June 18, 2025, Nobitex, Iran’s largest cryptocurrency exchange, became the target of a significant cyberattack claimed by “Gonjeshke Darande,” also known as “Predatory Sparrow,” a hacking group widely associated with Israel. The incident resulted in a reported loss exceeding $48 million in Tether (USDT) from Nobitex’s hot wallets. Following the breach, Gonjeshke Darande issued a public warning, threatening to release Nobitex’s source code and internal network information within 24 hours, cautioning that any remaining assets on the platform would be at risk.

1. Executive Summary Chihuahua Stealer, a.NET-based information-stealing malware, emerged in April 2025, posing a significant threat through its targeted attacks on browser credentials and cryptocurrency wallet data. This malware, also identified under the alias “Pupkin Stealer” 2, exhibits characteristics that suggest links to a Russian-speaking developer known as “Ardent”. A peculiar trait is the embedding of transliterated Russian rap lyrics within its code, which are displayed on the console during execution, serving as a potential cultural signature of its author.

Pectra’s EIP-7702: Redefining Trust Assumptions in Ethereum’s Ecosystem Ethereum’s upcoming Pectra upgrade introduces EIP-7702, a groundbreaking proposal that fundamentally transforms how we understand Externally Owned Accounts (EOAs) and their capabilities. This upgrade represents the most significant change to Ethereum’s account architecture since the Merge, enabling standard EOAs to temporarily behave like smart contract wallets without compromising self-custody or security. The innovation effectively “redefines trust” by challenging longstanding assumptions about account behavior while introducing powerful new capabilities that bridge the gap between traditional EOAs and smart contract wallets.

ZKsync Security Breach: Analysis of the $5 Million Token Theft On April 15, 2025, ZKsync, a prominent Ethereum layer-2 scaling solution, suffered a significant security breach when hackers compromised an administrative wallet and minted unauthorized tokens worth approximately $5 million. The incident specifically targeted unclaimed airdrop tokens, resulting in market volatility and raising questions about security practices within the protocol. This report examines the breach details, ZKsync’s response, market impact, and broader security implications for the cryptocurrency ecosystem.

KiloEx DEX $7.5 Million Security Breach: Analysis and Mitigation Strategies for Similar Platforms The recent KiloEx decentralized exchange (DEX) exploit represents a significant security incident in the decentralized finance ecosystem, highlighting the ongoing vulnerabilities that plague even backed and established platforms. This security breach, which resulted in the theft of $7.5 million through price oracle manipulation, offers critical lessons for similar companies operating in the DeFi space. The KiloEx Security Breach: Timeline and Technical Details On April 14, 2025, KiloEx, a decentralized perpetuals trading platform, fell victim to a sophisticated cross-chain attack that targeted multiple blockchain networks simultaneously.

The Bybit Exchange Hack of February 2025: A Comprehensive Analysis In February 2025, cryptocurrency exchange Bybit suffered what has become the largest digital heist in cryptocurrency history, with losses totaling approximately $1.5 billion. This sophisticated attack, attributed to North Korean state actors, exposed critical vulnerabilities in multi-signature wallet systems and highlighted the evolving nature of threats in the cryptocurrency space. The incident involved a complex chain of events including the compromise of a developer’s machine, manipulation of transaction interfaces, and rapid laundering of stolen funds.

Assembly language is a low-level programming language that closely corresponds to machine code, using mnemonics to represent CPU instructions. It provides direct control over hardware and memory, making it essential for tasks requiring granular analysis and manipulation. Assembly language is foundational for cybersecurity because it enables deep introspection and manipulation of software behavior. Mastery of assembly equips professionals to reverse engineer binaries, dissect malware, and develop exploits, bridging the gap between high-level abstractions and hardware-level execution.

The Open Systems Interconnection (OSI) model provides a conceptual framework essential for understanding how network attacks target different aspects of communication systems. This seven-layer model serves as both a foundation for implementing network protocols and a structure for analyzing security vulnerabilities that exist at each level. Understanding these layers and their associated attack vectors enables security professionals to implement comprehensive protection strategies that safeguard networks against increasingly sophisticated threats. Network security requires attention to each layer of the OSI model, as attackers continuously develop methods to exploit vulnerabilities throughout the entire communication stack.

Nmap’s TCP ACK scan (-sA) method is much harder to filter for firewalls and IDS/IPS systems than regular SYN (-sS) or Connect scans (sT) because they only send a TCP packet with only the ACK flag. When a port is closed or open, the host must respond with an RST flag. Unlike outgoing connections, all connection attempts (with the SYN flag) from external networks are usually blocked by firewalls. However, the packets with the ACK flag are often passed by the firewall because the firewall cannot determine whether the connection was first established from the external network or the internal network.

When engaging in cybersecurity activities, such as penetration testing or vulnerability assessment, having a comprehensive toolkit of commands and scripts is essential. The following list provides a collection of commonly used commands across various stages of a cybersecurity engagement, including service scanning, web enumeration, exploiting public vulnerabilities, managing shells, escalating privileges, and transferring files. These commands are crucial for identifying potential vulnerabilities, exploiting them, and maintaining access to systems. They cover tools like nmap for network scanning, gobuster for web directory enumeration, Metasploit for exploiting known vulnerabilities, and netcat for establishing reverse shells.