This report summarizes a LABScon 25 presentation detailing the sophisticated attack vectors used in cryptocurrency heists, which have resulted in $9 billion in losses. Threat actors are increasingly targeting developers and software supply chains—such as modifying production JavaScript code and compromising GitHub accounts via personal infrastructure—to execute massive wallet drains.