The decentralized finance (DeFi) sector is a financial frontier zone, home to some of crypto’s most risk-on experiments.
As a result, few days go by without a dose of DeFi drama. But it’s not all bad news…
Backdoor vulnerability left $10M at risk
Security researchers at VennBuild announced the discovery of a “critical backdoor” vulnerability, in which suspected North Korean hackers had laid a trap affecting “thousands of smart contracts, leaving over $10,000,000 at risk for months.”
Read more: Whitehat hacker rescues $1.5M from first DeFi hack of 2025
Uncovered in conjunction with other researchers from Dedaub and the DeFi Security Alliance (SEAL), the plot involved front-running the initialization of proxy contracts to malicious versions, whilst covering their tracks via spoofed logs.
A VennBuild researcher, going by the X handle “deebeez,” explained: “The backdoor gave hackers full control, forwarding calls to the original contract while [block explorer] Etherscan showed no issues.”
They suspect the traps were set by “a sophisticated group waiting for a bigger target, not small wins,” and as such hadn’t yet been exploited.
“We stayed stealthy to avoid tipping them off. A high-stakes game.”
Hacker offered 10% bounty if they return Texture’s USDC
Worse luck came for Solana-based lending platform Texture, which announced a hack of $2.2 million from its USDC Vault contract last night.
Read more: Circle dragged for dragging feet as DeFi protocol GMX hacked
The team took to X to offer the culprit a 10% bounty if they returned the remaining funds. Taking a hardball approach to the negotiations, they say the hacker “made an opsec mistake, but it’s not too late to avoid escalating the situation.”
The bad cop routine appears to have spooked the thief, who has now returned 90% of the funds, according to the Texture team.
Earlier the same day, a $42 million hack hit decentralized perps exchange GMX on the Arbitrum network.
The effects weren’t limited to GMX itself, however. Lending platform Abracadabra suffered “collateral” damage of $9 million in a market using GMX’s (exploited) GLP token as collateral.
Many GMX v1 forks were also feared to be vulnerable to a similar attack.
Kinto accused of rug-pull
Screenshots of red candles aren’t uncommon on any crypto enthusiast’s timeline, but the recent price action of Kinto’s K token was more eye-catching than most.
chat what do we call this pattern?
— OxTøchi
this is kinto btw pic.twitter.com/XiFrMRsNWn(@OxTochi) July 10, 2025
Read more: DWF Labs-backed USDf depegs as red flags raised over quality of backing
While many were quick to accuse the team of a rug-pull, insiders selling large quantities of tokens and crashing the price, it appears there’s more to the story.
Granted, Kinto’s initial response was suspiciously vague and only served to fan the flames of suspicion. One X user replied simply, “This doesn’t even address the issue,” while others accused the team of rugging by selling “their bags.”
However, a later update described an eerily similar situation to the proxy backdoor trap uncovered by VennBuild and others.
Kinto co-founder Ramon Recuero says a “state actor… upgraded the implementation of the K token on Arbitrum and used it to mint fake K tokens that they dumped immediately,” adding that “Arbiscan didn’t detect the bogus proxy implementation.”
It feels like, in DeFi, chaos isn’t the exception but the rule.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.
The post Just another day in DeFi: A hack, a rug-pull, and $10M saved appeared first on Protos.
