DeFi, payments, tokenization, Soroban, governance, and project launches — curated daily from publications, project blogs, and community channels across the Stellar blockchain ecosystem.
Certora outlines a practical threat modeling approach for Soroban smart contracts using the 4 A's framework (Assets, Actors, Assumptions, Attack Vectors) and STRIDE methodology, emphasizing that early threat modeling reduces bugs and speeds audits.
Soundness deployed the only post-quantum signature migration strategy that scores YES on all four properties in Coinbase's Independent Advisory Board report. The approach uses zero-knowledge proofs of seed knowledge to enable quantum-safe wallets without address changes, asset migration, or hard forks.
Kuyfi, a black-box security scanner for Soroban smart contracts, launches its first phase. It analyzes contract bytecode without requiring source code, addressing a critical gap in DeFi security for protocols like Soroswap and Blend.
Certora and the Stellar Development Foundation published a comprehensive guide for preparing Soroban smart contracts for security audits through the Audit Bank program, covering threat modeling, code quality, testing, and security tooling.
Quantum computing progress has accelerated the timeline for cryptographic threats to blockchain. Research shows qubit requirements to break elliptic curve cryptography fell 44%, Google targets 2029 for quantum-safe systems, and major chains face a race condition during migration that leaves zero margin for error.
LumosCore launches Private Mode, allowing users to mask their identity while trading across Stellar, XRPL, and other supported networks. The feature lets traders toggle privacy on or off instantly, hiding usernames from public feeds and reducing exposure to wallet watching and social engineering.
Normal Finance completed a comprehensive security audit with Halborn, emphasizing that security must be a foundational design principle rather than a launch checkbox. The protocol prioritized clarity and modularity from inception to manage the elevated risks of index protocols handling pooled capital.
ChainPatrol announces the launch of its redesigned website, ChainPatrol.com, featuring 24/7 booking, streamlined landing pages, fresh blog content, updated product info, changelog, and new customer testimonials. The platform protects Web3 projects from phishing and impersonations. Notable clients include Stellar among others like MetaMask, TON, Sui, Polkadot, and Polymarket.
On October 9, SDF discovered a bug in Stellar's state archival feature (Protocol 23) that caused outdated entries to be archived and restored incorrectly. The network immediately paused archival eviction and deployed a patch to quarantine corrupted entries, affecting only 478 smart contract entries out of ~47 million ledger entries.
Veridise has published a security checklist for Soroban developers to prepare for smart contract audits. The guide covers best practices and vulnerability prevention for building on Stellar's native smart contract platform.
The Stellar Development Foundation announced that all SDF projects are unaffected by a major NPM supply chain attack discovered on September 8, 2025. SDF conducted audits and found no malicious packages in their projects, while providing guidance to the broader Stellar ecosystem on how to protect against the attack.
Range announces a partnership with zeroShadow to integrate forensic-grade incident intelligence into its blockchain security platform. This collaboration enhances threat detection and incident response for ecosystems including Stellar. Real-time data from zeroShadow's investigations will improve Range's Transaction Security and Risk API products.
The Stellar Development Foundation announced enhanced 2025 updates to the Soroban Security Audit Bank, which has conducted over 40 audits and deployed $3 million in support. The program now offers complimentary initial audits with co-payment refunds for swift vulnerability remediation, incentivized follow-up audits at TVL milestones, advanced security tooling, and enhanced audit readiness support.
Researchers uncovered critical vulnerabilities in browser wallets including Stellar Freighter, enabling attackers to silently steal recovery phrases and drain funds just by visiting a malicious site, without user interaction. Detailed exploits in Stellar Freighter, Frontier, and Coin98 wallets were reported and fixed with bounties. These flaws highlight risks in wallet architecture and the need for robust security.
This article contrasts Proof-of-Stake (PoS) vulnerabilities in networks like Ethereum and Solana with Stellar's Proof-of-Agreement (PoA) consensus. It highlights PoS risks such as MEV exploits, censorship, and irrational state attacks due to anonymous validators. Stellar's trust-based model requires validators to earn trust from peers, enhancing security through reputation rather than economic stakes.
Stellar has partnered with Hypernative to adopt its real-time threat detection and response platform to protect the network and projects building on it from hacks and security threats.
Stellar has launched a new passkey feature that brings Web2-style user experience to Web3, enabling users to sign transactions and verify contracts using biometrics instead of traditional 2FA. The non-custodial solution leverages Soroban and secp256r1 to provide enhanced security, reliability, and accessibility for decentralized finance.
Veridise security analysts discovered a critical issue in Soroban's build-test-deploy process where the `createimport!` macro allows deployment of contracts with outdated or incorrect imported dependencies without requiring them to be listed as crate dependencies, potentially leading to broken contracts in production.
The Stellar Development Foundation launched the Soroban Security Audit Bank, distributing up to $1M in audit credits from six top-tier firms to 20-30 high-priority projects building on Soroban to strengthen smart contract security across the ecosystem.
Stellar Development Foundation partners with Certora to conduct security audits for Soroban, its upcoming WebAssembly-based smart contracts platform. The formal verification tools will provide continuous integration security checks as the platform approaches mainnet launch in early 2025.
The Stellar Development Foundation's Twitter account was compromised via SIM swap attack on July 8, 2023, used to spread phishing scams. SDF regained control within 6 hours and upgraded security protocols across all platforms to use stronger authentication methods like security keys.
Carole House, former White House cybersecurity director, discusses crypto's role in financial crime investigations, regulatory enforcement, and the push for an enabling US regulatory environment for digital currencies.
The Stellar Development Foundation launched a new bug bounty program on HackerOne focused on Soroban, the network's smart contract platform. The program offers rewards up to $50k for critical vulnerabilities, with higher bounties as Soroban matures toward Mainnet launch.
AnChain.AI, a Web3 security firm, integrated with Stellar to provide AI-powered risk management and fraud prevention tools for developers building on the network. The integration enables Stellar developers to access AnChain.AI's security solutions from the earliest phases of development.
The Stellar Development Foundation published an updated security guide covering common scams targeting the Stellar community, including phishing, support fraud, look-alike assets, and false claims. SDF clarifies it never asks for private keys, controls accounts, or freezes funds, and provides guidance on protecting yourself and reporting fraud.
The article details a 'Stellar Staking Marathon' email-phishing scam targeting Stellar (XLM) users, linked to the 2020 Ledger.com database breach that exposed over 1 million emails and personal data of 270,000 individuals. Stellarscam.report connects this to memo-phishing bots on the Stellar Network, noting pattern changes coinciding with the breach. Users are urged to check haveibeenpwned.com and report scams.
Stellar Development Foundation disclosed a phishing attack on November 29 targeting community members with fake emails impersonating SDF. The attackers compromised third-party email service API keys but did not access Stellar network infrastructure or user accounts; SDF emphasized it never requests secret keys.
SDF redesigned the Stellar Account Viewer with improved security features, hardware wallet support, and a new browser wallet called Freighter. The updated AV now emphasizes key management best practices and offers a better mobile experience.
The article recounts the origin of Stellarscam.report, created to combat 'memo-phishing' scams on the Stellar Network where scammers send malicious memos with tiny XLM amounts to trick users into revealing secret keys. The author, frustrated by repeated scam reports on r/Stellar, developed a bot in mid-May 2020 to automatically send warning transactions to victims. Monthly stats show the bot countered tens of thousands of scam transactions, highlighting ongoing community efforts against persistent fraud.