News linked to this event type.
AML/KYT provider Shard disclosed that the number of cyberattacks targeting the cryptocurrency industry in Q1 2026 doubled year-on-year, exceeding 80 incidents; however, total losses declined by 69% year-on-year to $496 million, down from $1.6 billion in the same period last year. Shard noted that losses in Q1 2025 were primarily driven by a major theft incident involving Bybit, valued at approximately $1.4 billion; in contrast, attacks in Q1 2026 were more dispersed, targeting DeFi protocols, infrastructure services, and individual users. On a monthly basis: 29 attacks occurred in January, causing losses exceeding $392 million; 26 attacks occurred in February, causing losses exceeding $22 million; and 27 attacks occurred in March, causing losses exceeding $81 million.
Aave has published a post-mortem of the April 18 rsETH incident, stating that the rsETH LayerZero V2 cross-chain bridge of liquid staking protocol Kelp accepted a forged message during a cross-chain transfer from Unichain to Ethereum. This caused the adapter on the Ethereum side to release 116,500 rsETH without a corresponding burn on the Unichain side. Aave stated that the attack occurred on a third-party cross-chain bridge infrastructure. However, the attacker deposited the stolen rsETH into 8 Aave V3 positions, borrowing 82,650 WETH and 821 wstETH, which impacted the Aave market.Aave stated that the attacker's rsETH on Arbitrum has now been burned. The LayerZero OFT adapter has replenished 116,131.72 rsETH in 5 batches, and the asset backing for rsETH has been fully restored. The affected WETH and rsETH markets have returned to normal.
DxSale.Network posted on X platform in response to a recent security incident, disclosing that the vulnerability originated from the newly launched atomic transaction feature on BNB Smart Chain (BSC), which affected the v1 lockup contract launched in 2021. The team has identified the source of the issue and stated that lockup contracts for v2 and above are completely secure and have been audited by Certik. Users can rest assured that assets locked in v2 and above are unaffected.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
Odaily Odaily founder Rand posted on platform X, stating that with the assistance of on-chain detective ZachXBT, the team has identified the root cause of the recent cUSDC freeze incident, which is unrelated to the Zama protocol itself or privacy technology. The incident originated when a wallet address associated with the Overnight Finance hack deposited over $12.5 million USDC into Zama's cUSDC wrapper contract. Since the address was not on any sanctions list at the time of deposit and was not flagged by KYT (Know Your Transaction) tools, the funds were able to enter the protocol.Rand stated that law enforcement agencies recently issued asset restriction orders against several wallets linked to the hacker. At that time, the cUSDC wrapper contract held relatively small funds, with over 99% coming from the aforementioned hacker address. Consequently, the court ordered the freezing of the entire wrapper contract to restrict the movement of the related funds. Rand emphasized that this measure is not a sanction against Zama or privacy protocols, but a common judicial freezing measure in the DeFi space.To cooperate with the investigation, Zama has suspended the operation of the cUSDC, cUSDT, and cWETH contracts until the investigation is complete, all involved addresses are identified, and corresponding measures are taken. Rand reiterated that Zama adheres to the principle of "compliant confidentiality" and will not tolerate any illegal activities. He also indicated that a more detailed post-mortem of the incident and a plan for handling similar requests in the future will be released subsequently.
On-chain monitoring shows that a batch of funds suspected to be linked to hackers or phishing activities has recently been continuously purchasing Monero (XMR), with total purchases amounting to approximately $23 million, significantly impacting the market price.
On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have suffered a security incident due to a smart contract private key leak, affecting assets including USDC, WETH, and USDT, with total losses amounting to approximately $5.4 million.
: The Zcash Foundation has released version 4.5.0 of its node client, Zebra. This update includes multiple security fixes, addressing a critical consensus vulnerability and several high-severity Denial of Service (DoS) issues. All node operators are strongly urged to upgrade immediately.Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a logic flaw in NU5 block validation caching, a crash risk related to transparent address balance overflow, along with multiple crash and resource exhaustion vulnerabilities in RPC interfaces and mempool processing. The Foundation stated that some vulnerabilities could be exploited by malicious nodes, leading to node stalls, restart loops, or even permanent stoppage.Additionally, this version adds support for ZIP-213 (enabling shielded coinbase outputs to Sapling) and optimizes network performance and security boundaries. This includes limiting resource allocation during the pre-handshake phase, fixing risks related to multi-threaded queue abuse, and enhancing the misbehavior scoring mechanism.The Zcash Foundation stated that this update addresses over 80 security reports from the ZCG Vulnerability Disclosure Program (spanning April to May 2026), covering multiple layers including consensus security, memory management, RPC processing, and the P2P network attack surface. Officials emphasized that there is no alternative to this upgrade; upgrading is the only way to ensure nodes do not experience a chain split and remain secure.
Sui officially announced a network outage on its mainnet due to a vulnerability in the Gas billing logic of version 1.72, temporarily halting all transactions and on-chain activities. The Sui Core team has now completed emergency response, and the mainnet has resumed normal operations. The official statement indicated that a comprehensive post-mortem report will be released subsequently, detailing the cause of the incident and the fix.
SUPERFORTUNE AI released a 24-hour investigation update stating that the May 27 GUA security incident was not, as previously suspected, address poisoning—but rather resulted from the leakage of private keys belonging to multi-signature signers. The attacker then forged valid signatures pointing to a malicious address and exploited the “premium address” feature—where the malicious address shared the same first four and last four characters as the legitimate address—to mislead the remaining signers into completing the signing process via the Safe interface.
Zhou, a hacker from Quzhou City, Zhejiang Province, was sentenced by a court to four years and four months’ imprisonment and fined for the crime of illegally controlling computer information systems. Zhou exploited security vulnerabilities in websites to illegally control over 150 government and enterprise servers, causing links on websites belonging to 157 organizations to redirect to overseas pornographic websites. He also profited by reselling control rights. According to disclosures by the investigating authorities, Zhou settled his illicit proceeds using virtual currencies such as USDT and TRX, dispersing and concealing them across multiple cryptocurrency wallets. Authorities subsequently seized assets valued at over RMB 42 million through a cryptocurrency tracing system. Additionally, Zhou voluntarily surrendered over RMB 28 million in illicit gains.
According to SlowMist monitoring, the ONTR token contract suffered a loss of 49.4801 WETH, valued at approximately $98,000, due to an access control vulnerability in the onlyOwner modifier.The attacker (0xe806...b760) exploited this vulnerability by passing the permission check when the owner was set to address(0). The attacker then called transferOwnership() to set the attacker's contract as the owner. Subsequently, desertJasper() was invoked to queue hidden balances, followed by glenFlash() to execute ashBud(), which directly increased an address's balance by 1e30 base units without incrementing totalSupply. The attacker transferred the inflated tokens to PancakePair (0xd46d...83fd) and exchanged them for WETH via swap().
Sui announced that Sui Mainnet operations, which were suspended due to a crash vulnerability in the gas billing logic introduced in version 1.72, have now resumed. Sui stated that a full post-mortem of this incident will be published in the coming days.
According to on-chain investigator Eye, DxSale is suspected of withdrawing approximately $7.3 million from some of its early liquidity pools locked on BNB Chain since 2021—impacting over 1,400 LPs. Eye stated that the attack involved silent ownership transfers and over 80 wallet hops. Eye noted that the newly used wallet address in the attack received 104 BNB from Bybit 20 hours prior to the liquidity pool withdrawal, and subsequently received approximately 1,200 BNB after the funds were withdrawn from the liquidity pools. Thereafter, this address transferred roughly 3,400 BNB in total to two wallets, with the related funds already withdrawn via multiple Binance deposit addresses.
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
A man in Florida, USA, was arrested for allegedly stealing approximately $1.9 million worth of Bitcoin using the mnemonic phrase of his former employer’s hardware wallet. According to police, the unauthorized transfer of the stolen funds occurred in 2020, when the suspect still had access to critical security information.
SUPERFORTUNE AI posted on X platform, stating that the team is investigating a GUA security incident that occurred on May 27. The incident led to drastic price fluctuations in the token. Preliminary investigations suggest the incident may involve address tampering during a multi-signature transaction.The announcement states that the original plan was to send additionally unlocked tokens to the airdrop claim contract address. However, during execution, the funds were mistakenly sent to a different hacker address. The team noted that this hacker address had never interacted with any SUPERFORTUNE-related addresses before, making an "address poisoning attack" less likely as the attack vector.Furthermore, SUPERFORTUNE stated that its internal processes include a multi-layered address verification mechanism. The team is continuing its investigation into the incident and will update the community on the latest developments subsequently.
Stake DAO posted a response on platform X regarding the security incident, stating that its team has taken note of the incident and that users should not interact with vsdCRV for the time being.In addition, contracts related to Stake DAO on Arbitrum exhibited abnormal behavior, resulting in the minting of 5.4 trillion vsdCRV tokens. Security teams have classified this as a suspected infinite minting exploit.
According to on-chain analyst PeckShield (@PeckShieldAlert), StakeDAO (@StakeDAOHQ) on the Arbitrum network was exploited via an infinite minting vulnerability. The attacker minted a total of 5.4 trillion vsdCRV tokens, then swapped a portion of them for 43.781 ETH (approximately $91,200) and bridged the funds cross-chain to the Ethereum address 0xeF3C...aa25.
StakeDAO deployer's private key leaked on Arbitrum, attacker mints approximately 5.45 trillion vsdCRV and exchanges for ETH.