Threat Daily: $290 Million DeFi Attack and Supply Chain Security Crisis

Introduction: Old Vulnerabilities in New Clothes — Security Threats Never Fade

When you browse the latest ThreatsDay security bulletin, an unsettling sense of déjà vu hits you — vulnerabilities that should have been patched years ago are working again with only minor modifications. The same flaws, the same mistakes, yet still causing hundreds of millions of dollars in losses. This bulletin discloses over 25 new security incidents at once, with the $290 million DeFi protocol hack, macOS Living off the Land (LotL) abuse, and ProxySmart SIM farms drawing particular attention, reflecting deep structural problems in the current cybersecurity ecosystem.

Core Incident One: $290 Million DeFi Protocol Hit by Historic Attack

In the cryptocurrency security space, a DeFi (Decentralized Finance) protocol attack involving approximately $290 million became the bulletin's top story. Attackers exploited logic vulnerabilities in smart contracts, draining the protocol's liquidity pools in a short timeframe through carefully crafted transaction sequences.

Notably, the vulnerability pattern exploited in this attack was not a new discovery. Security researchers pointed out that similar contract logic flaws have appeared in different projects multiple times over the past two years. The "simple yet effective" nature of the attack methodology is precisely what should alarm us most — these exploitation techniques are not sophisticated, yet they still successfully breach defenses. This reflects serious systemic deficiencies in the DeFi ecosystem's code auditing and security verification processes.

Core Incident Two: macOS Living off the Land Techniques Continue to Escalate

Another major focus in this bulletin is the abuse of LotL attacks targeting macOS systems. Living off the Land attacks refer to attackers not relying on external malware, but instead leveraging the operating system's built-in legitimate tools and features to execute malicious operations. This approach makes it extremely difficult for traditional antivirus software and endpoint detection systems to identify anomalous behavior.

Security teams have observed attackers systematically abusing macOS built-in scripting engines, automation tools, and system management features, weaponizing legitimate tool chains. Since these operations appear as normal administrative behavior in system logs, security operations teams face extremely high false positive rates and missed detection risks. As macOS penetration in enterprise environments continues to climb, the expansion of this attack surface warrants serious attention from all security professionals.

Core Incident Three: ProxySmart SIM Farms Expose Communication Infrastructure Risks

The exposure of ProxySmart SIM farms reveals another concerning threat dimension. Attackers have achieved systematic abuse of mobile communication networks by deploying large-scale SIM card farm infrastructure. These SIM farms can be used to send phishing messages in bulk, bypass SMS-based two-factor authentication (2FA) mechanisms, and build anonymous communication networks that are difficult to trace.

The deeper significance of this threat lies in its undermining of the communication infrastructure that many organizations rely on to establish chains of trust. When SIM-based identity verification itself is no longer trustworthy, the vast number of security systems dependent on SMS verification codes will face fundamental reassessment.

Deep Analysis: Supply Chain Security Becomes the Weakest Link

Looking across the more than 25 security incidents in this bulletin, a clear thread runs through them: supply chain security is becoming the most chaotic and vulnerable link in the entire digital ecosystem.

As security researchers have described, those third-party software packages you never carefully inspected are quietly stealing data, implanting backdoors, and continuously spreading. Attacking the build systems and dependency chains behind applications is often far easier than attacking the applications themselves. Modern software development is highly dependent on open-source components and third-party libraries — a single compromised npm package, PyPI package, or container image can affect thousands of downstream projects within hours.

From an AI security perspective, this trend is particularly alarming. The current training and deployment pipelines for large models involve extensive open-source frameworks, pre-trained model weights, and data processing pipelines, with supply chain complexity far exceeding traditional software. Once attackers implant backdoors in the model supply chain — whether by poisoning training data, tampering with model weights, or injecting malicious code into inference frameworks — the scope of impact and difficulty of detection will be unprecedented.

Even more thought-provoking is the "lag paradox" in vulnerability remediation. The security community repeatedly discovers that many successful attacks exploit not zero-day vulnerabilities, but known flaws that were publicly disclosed and should have been patched long ago. These vulnerabilities need only minor variant adjustments to become effective again, indicating that the industry's execution capability in vulnerability management and patch deployment falls far short of where it should be.

Outlook: Three Key Directions for Building Resilient Security Systems

Facing an increasingly complex threat landscape, the security industry needs to accelerate efforts in three directions:

First, supply chain visibility and verification mechanisms. Mandatory implementation of Software Bills of Materials (SBOM), full-chain coverage of code signing verification, and AI-based anomalous dependency detection tools will become foundational capabilities for ensuring supply chain security.

Second, AI-driven threat detection upgrades. Against highly stealthy attack methods such as LotL, traditional signature-based detection approaches are no longer adequate. Intelligent threat detection systems built with large language models and behavioral analysis technologies can identify operational patterns that "appear normal but are actually anomalous" from massive system logs, promising to significantly improve detection efficiency.

Third, shifting from reactive patching to proactive defense. The Shift Left security philosophy needs to move from slogan to practice. Embedding security verification into CI/CD pipelines, performing formal verification on smart contracts, and conducting adversarial testing before model deployment — while these measures increase upfront costs, they are far less expensive than post-incident remediation.

When $290 million vanishes in a single attack, when variants of old vulnerabilities breach defenses time and again, the industry must face a reality: cybersecurity is not a problem that can be solved once and for all, but an enduring battle requiring continuous investment and constant evolution. Those overlooked fundamental security practices are often what ultimately determine victory or defeat.