DLTA

Coding agents now surface smart contract vulnerabilities faster than the teams shipping those contracts can review them. An attacker runs that agent against every deployed protocol at once; a defender runs it against one codebase before launch. This does not stay on-chain. The same agents read CI/CD configs, exposed RPC endpoints, and deployment keys, and the cheapest route to a protocol's treasury is often the web2 host holding its signing infrastructure. Audits priced for a quarterly cycle do not survive an adversary iterating in minutes. DLTA tracks that exposure off-chain, mapping the controls a digital asset team needs to its real maturity. #DeFi #SmartContractSecurity #Web3Security #CTI

This weekend, attackers reset Instagram accounts by spoofing a location to Meta's AI support bot and asking it to drop MFA. One of the hijacked accounts belonged to the Obama White House. The assistant wired into account recovery had quietly become the authentication authority, and nobody scoped it as one. Every support chatbot, KYC helper, and wallet-recovery agent now sits on that same boundary, one prompt away from the session tokens, password resets, and MFA toggles it was given to be helpful with. For a crypto exchange or custodian, the support bot that handles a locked-out user is the same surface that can release an account holding real funds. DLTA maps the intelligence-to-control loop for that boundary, at the maturity level the client is actually at, before the helpful agent becomes the initial-access vector. https://t.co/K3HbdtGjim #AISecurity #Web3Security #CTI #ThreatIntel

A spear-phishing ZIP aimed at government officials lands the same on any supplier in that vendor graph, putting developer workstations, code-signing chains, and M365 inboxes next to the validator operator keys and custody approval inboxes a digital asset firm keeps in the same tenant.

Four security incidents this week, one shared failure: the control that was supposed to decide who gets in stopped deciding. Palo Alto’s GlobalProtect gateway let attackers bypass authentication and reach the internal network. A published one-click RCE in self-hosted Flowise surrenders the cloud IAM roles and wallet API keys wired into the agent. A MiCA-licensed stablecoin issuer was drained while its paperwork still read compliant. On-chain, cross-chain bridges still account for 42% of losses because a single verifier keeps approving forged withdrawal messages. The web2 perimeter and the web3 signing path fail for the same reason: an authorization check that trusts whoever calls it first. DLTA maps that gap to the control at your current maturity level, not to a compliance checkbox. #CTI #Web3Security #ThreatIntel #DigitalAssets

China-aligned groups pivoting toward AI and robotics intellectual property puts the build pipelines, code-signing chains, and developer workstations of every supplier in that chain on the target list, alongside the validator keys and bridge relayers of any digital asset firm in the same vendor graph.