News linked to this event type.
Coinbase, a cryptocurrency trading platform, has disclosed in a technical sharing session that its internal multi-agent development tool "Mux" is reshaping software engineering workflows, transitioning the engineer's role from traditional code implementers to task orchestrators for AI agents.With the widespread internal adoption of AI programming tools such as Cursor, Copilot, OpenCode, and Claude Code, code generation efficiency has significantly improved. However, development workflows have long remained stuck in a traditional "single-task, single-branch, sequential execution" mode, creating a new collaboration bottleneck.Mux was born as an internal tool against this backdrop. By assigning each AI agent an independent git worktree, branch, and terminal environment, the system enables parallel multi-task development and conflict-free collaboration, allowing engineers to simultaneously direct multiple agents to handle tasks such as API development, test writing, vulnerability fixes, and code refactoring.Data shows that as of April 2026, Mux has covered over 600 users within Coinbase (including engineers, product managers, and designers), with 335 actively using it and 197 being high-frequency users. It has facilitated over 5,000 PR merges across 461 code repositories and 10 organizations. Engineers using Mux achieved an average of 39.6 PR merges, approximately 3.5 times the baseline of 11.4.Coinbase stated that Mux's success relies on its internal infrastructure capabilities, including an LLM Gateway, secure model access, and a code flow deployment system, enabling deep integration of multi-agent tools into real development workflows. This trend marks a structural shift in the software engineering paradigm: as AI reduces the cost of code generation, the core value of engineers is transitioning from "implementation capability" to "problem definition and agent orchestration capability."
Odaily AI security startup Depthfirst has announced that its self-developed AI model outperforms Anthropic’s latest model, Mythos, in code vulnerability detection. It has discovered more critical security vulnerabilities at approximately one-tenth the cost, drawing attention from the cybersecurity industry.According to the company, a month before the launch of Mythos, it had previously claimed to have found a large number of severe vulnerabilities in key internet infrastructure code. Depthfirst now says its model has further identified multiple high-risk vulnerabilities that Mythos missed, all at a lower cost (approximately $1,000 compared to $10,000).Depthfirst CEO Qasim Mithani stated that the company has improved vulnerability detection efficiency through a “single-task-optimized AI model,” significantly reducing the cost of security analysis while enhancing coverage depth.The company completed $80 million in funding in March this year, achieving a valuation of $580 million. Alongside this, it launched the “Open Defense Initiative,” providing $5 million worth of AI detection credits to open-source developers and critical infrastructure projects for vulnerability scanning and security audits. (Forbes)
Odaily, Web3 security firm CertiK has released the "Skynet North Korean Crypto Threat Report." Data shows that since 2016, North Korean hacking groups have accumulated approximately $6.75 billion in stolen digital assets. In 2025 alone, their thefts amounted to $2.06 billion in losses, accounting for nearly 60% of the total annual losses in the global crypto industry (including the $1.5 billion Bybit hack). As of early 2026, this threat trend continues, with losses attributable to them making up about 55%.The report emphasizes that the North Korean hackers' attack patterns have fundamentally shifted, evolving from mere code vulnerability exploitation into a state-level attack system combining social engineering, deep supply chain attacks, and 'physical infiltration.' In the recent Drift protocol incident, attackers even spent six months infiltrating offline industry conferences, building trust through real financial transactions and personal interactions before launching the attack.CertiK security experts warn that in the face of such systemic attacks, purely technical defenses are proving inadequate. Crypto institutions urgently need to fully implement a 'zero-trust' hiring model, reinforce third-party supply chains, establish fund circuit breaker mechanisms, and collaborate with professional security firms to build a full lifecycle defense system covering code auditing, round-the-clock risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.
privacy project Monero has released the graphical wallet software GUI version 0.18.5.0 "Fluorine Fermi". This update is a recommended upgrade version, primarily including numerous bug fixes and feature optimizations. Key highlights of this release include:Migration of the P2Pool installation path to LocalAppData on Windows systemsFix for an edge case in URI parsingProhibition of creating offline transactions in scenarios involving long payment IDsEscaping untrusted text during QR code scanning to enhance securityUpgrade of P2Pool to v4.15Numerous detail bug fixes and stability improvementsMonero officials stated that this version has been open-sourced on GitHub. Users can download and upgrade through official channels to obtain the latest security fixes and stability improvements.
According to Odaily, AI startup White Circle has completed an $11 million seed funding round, with participation from Romain Huet of OpenAI, Durk Kingma of Anthropic, and several other executives from prominent AI companies. The company provides a unified API for real-time monitoring of large model inputs and outputs, used to detect hallucinations, prompt injection attacks, harmful content, model drift, and malicious user behavior. It also supports custom security policies (such as rate limiting and banning) and automated governance. (Techfundingnews)
on-chain detective ZachXBT has exposed US threat actor Dritan Kapllani Jr., alleging his involvement in social engineering thefts targeting crypto users, totaling approximately $19 million.ZachXBT stated that Dritan has long been flaunting luxury cars,名牌 watches, private jets, and nightclub lifestyles on social media. On April 23, 2026, during a "Band 4 Band (B4B)" voice call on Discord, in an attempt to prove he was wealthier than another hacker, he publicly displayed an Exodus wallet containing $3.68 million in assets.The relevant ETH address is: 0x4487db847db2fc99372a985743a26f46e0b2bba6ZachXBT's tracking revealed that this address is linked to a social engineering theft incident on March 14, 2026, involving 185 BTC (approximately $13 million). The following day, Dritan's Exodus wallet received about $5.3 million from that theft. By the time of the B4B call six weeks later, approximately $1.6 million had already been spent or laundered.On May 11, the US Department of Justice unsealed a criminal indictment against Trenton Johnson, charging him with participation in the theft of 185 BTC. He faces a potential maximum sentence of 40 years in prison. The indictment refers to "Co-Conspirator 1 (CC-1)," believed to be Dritan, who has not yet been formally charged.ZachXBT also noted that Dritan is connected to hacker John Daghita (Lick), who was previously arrested for stealing $46 million from the US government. John had previously exposed Dritan's old wallet address on Telegram. On-chain analysis shows that this address is linked to multiple high-confidence social engineering thefts in 2025, with a cumulative total exceeding $5.85 million.ZachXBT stated that Dritan has long been active in the "The Com" hacker circle and had seemingly avoided formal prosecution due to being a minor. Now that he has turned 18, his "borrowed time may finally be over."
According to monitoring by MistEye, the threat intelligence monitoring system operated by blockchain security firm SlowMist (@SlowMist_Team), a highly sophisticated npm worm named “Mini Shai-Hulud” is spreading via well-known developer projects including TanStack, UiPath, and DraftLab. Attackers have hijacked GitHub credentials to publish malicious packages disguised as legitimate updates. These packages contain a hidden script—<code>router_init.js</code>—that executes silently within CI/CD environments such as GitHub Actions, specifically designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information. Data exfiltration is conducted using GitHub’s own infrastructure. SlowMist has already shared this threat intelligence (IOC) with its clients. It recommends that projects using the affected packages immediately audit their CI/CD pipelines for the presence of <code>router_init.js</code>, rotate all exposed GitHub, cloud service, and cryptocurrency credentials, and continuously monitor development environments for anomalous background activity.
Roaring Kitty, the protagonist of the GameStop "Retail vs Wall Street" saga and the king of meme stocks, had his official X account allegedly compromised in the early hours of today. The hacker posted the contract address of the meme coin Red Kitten Crew (RKC), causing the token's market cap to briefly reach $12 million before plummeting to $1.8 million.Shortly afterwards, Roaring Kitty appears to have regained control of the account and deleted the tweet containing the contract address. Roaring Kitty himself has yet to issue a clarifying statement, with the community widely believing that the posting of the meme coin contract address was due to a brief account compromise.
Huma Finance posted on X platform, stating that its old v1 contract deployed on Polygon was exploited today, resulting in the transfer of approximately 101,400 USDC. This incident did not compromise user funds, and the related PST system was also unaffected. Only the gradually phased-out v1 legacy pools were impacted. The Huma v2 system is a complete rewrite deployed on Solana and is not vulnerable to this exploit. The team was already in the process of retiring v1 liquidity pools, and following this incident, they have fully suspended the operation of v1 contracts and accelerated the completion of migration efforts.
Sky (formerly MakerDAO) announced on X that the cross-chain bridging of USDS OFT on the Solana network, which was suspended due to the security review of the rsETH vulnerability incident, has resumed operation.Sky emphasized that during the review, its USDS-related contracts and the protocol itself were not affected. USDS has always maintained a fully overcollateralized state as designed, which can be verified in real-time on-chain. The suspension was a precautionary security measure. Currently, the bridging function on the Solana side has been reopened, while the Avalanche-related bridging will resume after further review is completed.
According to The Block, Rob Nichols, CEO of the American Bankers Association (ABA), sent a letter to senior bank executives on Sunday evening urging them to contact U.S. Senators and call for further tightening of provisions related to stablecoin rewards ahead of the Senate Banking Committee’s markup vote scheduled for Thursday. Nichols warned that the current draft fails to effectively prevent crypto firms from offering users “interest-like rewards,” which could trigger massive outflows of bank deposits and threaten economic growth and financial stability. The current draft was negotiated by Senators Angela Alsobrooks and Thom Tillis. It prohibits paying users interest or returns for holding stablecoins but permits rewards tied to genuine activity or transactions—a provision supported by Coinbase. Banking industry groups contend that these exceptions contain loopholes that could be circumvented, and on May 8, they jointly wrote to Committee Chairman Tim Scott and Democrat Elizabeth Warren, requesting technical revisions to the language of the provision.
Binance has released its latest security report. In response to the current industry trend of rapidly proliferating AI-powered fraud, the platform has deployed over 24 AI security initiatives and equipped more than 100 AI models to build an intelligent defense system against various types of crypto fraud. Statistics show that from the beginning of 2025 to the first quarter of 2026, Binance has protected over 5.4 million users and intercepted potential fund losses amounting to $10.53 billion.In Q1 2026, the platform successfully intercepted 22.9 million scams and phishing attacks, protecting $1.98 billion in user funds. It pushed over 9,600 real-time risk alerts daily and blacklisted a total of 36,000 malicious on-chain addresses. The report points out that AI-powered social engineering attacks, including deepfakes, voice cloning, and phishing bots, have become mainstream fraud methods. In 2025, the overall scale of crypto fraud reached $17 billion, a 30% year-over-year increase.On the risk control front, Binance's AI systems handle 57% of fraud detection work, reducing card fraud rates to 60%-70% of the industry average. Upgraded AI-driven anti-forgery KYC verification has increased audit efficiency by up to 100 times. Its AI trading tool, Binance Ai Pro, adopts an isolated account architecture, granting only trading permissions while prohibiting withdrawals. The platform blocked 12% of high-risk third-party AI plugins. Additionally, in 2025, Binance assisted in recovering $12.8 million in defrauded funds, handled 48,000 cases, and worked with law enforcement agencies to freeze $131 million in illegal assets.
Trader A (@missoralways) posted that he had stored seven-figure assets in Sigma for a long time without encountering security issues in the past. However, two of his recent wallets have suffered asset theft, both occurring when wallet balances fell below $10,000.He also stated that another friend suffered the theft of approximately $200,000 in assets today, and mentioned Sigma in connection with the incident. The Sigma team has launched an investigation. The trader said he released this information for security reminder purposes and emphasized that he is not an affiliated promoter of any bot-related products.
According to SlowMist, its security monitoring system MistEye has detected a counterfeit TronLink Chrome MV3 extension targeting TRON wallet users with a two-layer phishing attack. The extension disguises itself as the official plugin using Unicode obfuscation and brand spoofing. Upon installation, it first loads a remote iframe-based pop-up page designed to trick users into entering their mnemonic phrases, private keys, keystore files, and passwords—then exfiltrates this sensitive data via same-origin APIs to a Telegram bot. The malicious infrastructure involved includes the domains tronfind-api[.]tronfindexplorer[.]com and trx-scan-explorer[.]org; the malicious extension ID is ekjidonhjmneoompmjbjofpjmhklpjdd. SlowMist advises users to immediately uninstall the extension. If sensitive information has already been submitted, users should promptly migrate their assets and discontinue use of the compromised wallet.
According to Blockaid’s monitoring, Ink Finance’s Workspace Treasury Proxy on Polygon was exploited minutes ago, involving approximately $140,000.
According to on-chain analyst PeckShield (@PeckShieldAlert), the TrustedVolumes attacker has laundered approximately $278,000 of stolen funds to date, including depositing 10.2 ETH (approx. $23,600) into Tornado Cash and swapping 110 ETH (approx. $250,000) for BTC via THORChain. Additionally, the attacker attempted to deposit 0.5 ETH into Railgun but subsequently withdrew it. TrustedVolumes was attacked on May 7, resulting in losses of approximately $6.7 million.
South Korea’s Financial Security Institute announced three key initiatives focused on digital asset services: developing a smart contract verification tool, establishing a smart contract verification framework, and cultivating specialized talent in digital assets. The Institute will develop a dedicated security verification tool capable of automatically detecting major vulnerabilities—including reentrancy attacks, access control errors, and missed collateral checks—targeting use cases such as tokenized securities and stablecoins. Detection rules will be continuously updated to align with South Korea’s financial regulatory environment. Concurrently, the Institute will release the “Smart Contract Security Guidelines,” covering the full lifecycle of development, deployment, and operations, and will enhance financial institutions’ digital asset security capabilities through workshops, collaborative networks, and other means.
Syndicate announced on X platform that, regarding the latest developments in the Syndicate bridge security incident, all affected SYND holders on Commons Chain have been fully compensated, and have received an additional 15% payout on top of their total losses. The relevant funds have been sent directly to the affected users' Base chain wallets, with gas fees covered by Syndicate Labs. This compensation totals 12.901 million SYND, and no claim page operation is required.
Odaily News On the 10th local time, sources indicated the key points of Iran's response to the U.S., which include a demand for the U.S. Treasury Department's Office of Foreign Assets Control to lift sanctions related to Iran's oil sales within 30 days.The sources stated that the U.S. disclosure of Iran's response was inaccurate in some important aspects, particularly regarding nuclear issues. Iran's response emphasized the need to reach an agreement through political understanding, immediately end the war, ensure no further attacks against Iran, and that the U.S. must lift sanctions. Additionally, Iran's response also addressed changes in its control over the Strait of Hormuz if the U.S. fulfills certain commitments.The sources said that Iran stressed that after signing a preliminary understanding agreement, the U.S. must immediately lift the naval blockade on Iran and remove sanctions on Iran's oil sales within 30 days. Iran's response also included the U.S. unfreezing Iranian assets based on a preliminary understanding between the two sides, and the U.S. implementing certain measures within 30 days. (CCTV News)
According to CoinDesk, the floor price of Bored Ape Yacht Club (BAYC) NFTs has risen from approximately 5 ETH to over 10 ETH in the past month, while ApeCoin (APE) rebounded from below $0.10 to around $0.16 during the same period, with trading volume notably expanding. Meanwhile, repeated security vulnerabilities and persistently declining yields in the DeFi sector have driven some capital toward the NFT market. The financialization trend of NFTs is also intensifying: a recent $2.8 million loan collateralized by a CryptoPunk attracted widespread attention, with the lender expected to earn roughly $138,000 in interest over 90 days. Blue-chip collections such as Pudgy Penguins have also strengthened concurrently, and market expectations surrounding a potential token launch by OpenSea have further boosted sentiment.