News linked to this event type.
Stake DAO posted a response on platform X regarding the security incident, stating that its team has taken note of the incident and that users should not interact with vsdCRV for the time being.In addition, contracts related to Stake DAO on Arbitrum exhibited abnormal behavior, resulting in the minting of 5.4 trillion vsdCRV tokens. Security teams have classified this as a suspected infinite minting exploit.
According to on-chain analyst PeckShield (@PeckShieldAlert), StakeDAO (@StakeDAOHQ) on the Arbitrum network was exploited via an infinite minting vulnerability. The attacker minted a total of 5.4 trillion vsdCRV tokens, then swapped a portion of them for 43.781 ETH (approximately $91,200) and bridged the funds cross-chain to the Ethereum address 0xeF3C...aa25.
StakeDAO deployer's private key leaked on Arbitrum, attacker mints approximately 5.45 trillion vsdCRV and exchanges for ETH.
The Resolv Foundation has announced its recovery plan following the protocol security incident. USR/wstUSR tokens held and snapshot-recorded prior to the incident will be redeemed for USDC at a 1:1 ratio, while USR/wstUSR acquired after the incident will be redeemed at a 1:0.5 ratio. RLP holdings will be restored at a core redemption rate of 0.71 USDC per token, with additional RESOLV token allocations based on a reference price of $0.03. The Foundation stated that eligible users may claim their recovery funds between May 26, 2026, and August 26, 2026.
According to CCTV News, General Staff of the Iranian Armed Forces spokesperson Shekarchi stated that Iran is prepared for war and will respond more forcefully—with new tactics—if the U.S. and Israel launch a new attack. He added that if war resumes and Iran’s oil exports are banned, Iran will block regional oil shipments. (Jinshi)
According to Cointelegraph, phishing ads impersonating the decentralized exchange protocol Uniswap have appeared in Google search results, enabling attackers to steal at least $400,000. On-chain analyst b-block stated that the associated counterfeit websites are draining funds from multiple wallets; the implicated addresses currently hold a combined total of 146 ETH—worth approximately $306,000 at press time. Security Alliance (SEAL) noted that such fraudulent Google ads are a common source of phishing attacks, with attackers either purchasing ad placements or compromising legitimate advertising accounts to impersonate popular crypto protocols in sponsored search results. SEAL also reported that between March 13 and March 30, these attacks resulted in total losses amounting to $1.27 million.
Oobit, a mobile wallet supported by Tether, issued a clarification on X, stating that after “on-chain detective” ZachXBT disclosed a vulnerability exploit against two smart contracts (EURR and USDR) of stablecoin issuer StablR—resulting in losses of approximately $13.5 million—the attackers attempted to withdraw the stolen funds via Oobit. However, Oobit’s compliance team identified the anomalous activity and successfully froze EURR funds valued in the six-figure range, while also shutting down the withdrawal channel. No user funds were affected in this incident, and Oobit’s own systems were not compromised. Oobit is currently cooperating with StablR and investigators to advance follow-up actions. Earlier reports indicated that StablR suffered a hack resulting in losses of approximately $2.8 million, causing both EURR and USDR to de-peg.
Cosine, founder of SlowMist, posted an analysis of the Squid security incident on X. He stated that sampling revealed all affected Safe wallets were single-signature, with different owners—but the issue was not related to private keys. Rather, the vulnerability lay in the module shown in the image (SquidRouterModule) used by these Safe addresses. Attackers could forge messages and easily bypass relevant validations to initiate subsequent swap operations, thereby draining funds from the targeted Safe wallets. Additionally, Cosine disclosed the attacker’s profit accumulation address. Earlier reports indicated that a third-party Gnosis Safe module was exploited on Base and Ethereum, causing approximately $3.2 million in losses. The victims were 86 Gnosis Safe wallets that had added this contract as a trusted Safe Module. The contract is named “SquidRouterModule” on Basescan. Subsequently, Squid clarified that it was not impacted by the Gnosis Safe-related vulnerability incident.
the Saturn Foundation officially posted on X, stating that it has blacklisted addresses related to the Squid hacker incident and frozen the stolen funds. Affected users can submit tickets on Saturn's official Discord server.None of Saturn's contracts or infrastructure were affected by this incident.
According to Cryptopolitan, the North Korea–linked hacker group Lazarus Group has been found deploying the fileless remote access Trojan RemotePE, primarily targeting banks, cryptocurrency exchanges, and fintech companies. This malware runs entirely in memory and employs process hollowing, anti-analysis detection techniques, and encrypted C2 communications—making it difficult for traditional antivirus and forensic tools to detect. The report states that attacks typically begin with Telegram-based social engineering: attackers impersonate employees of trading firms and lure victims into installing malicious software using forged Calendly and Picktime links, ultimately executing the payload without touching the file system.
Odaily news Squid posted on X platform, stating that this incident is unrelated to the Squid core protocol and contracts. All Squid users and integrators are unaffected and no action is required.Today, a third-party Gnosis Safe module on the Base and Ethereum networks was attacked, resulting in a loss of approximately $3.2 million. The vulnerable contract is verified on Basescan under the name "SquidRouterModule," but this contract was not built, deployed, or operated by Squid. It is a third-party smart wallet product that chose to integrate with Squid and other protocols, and has no connection with Squid.The attack principle is that this third-party module accepts a constant string provided by the caller as a message security proof. This string is publicly visible in the verified contract code. By inputting this string, the attacker could execute arbitrary calldata arrays and freely steal funds. The victim's Safe wallet had added this problematic contract as a trusted Safe Module, allowing the contract to control any tokens within the Safe without requiring a signature. Squid's own router contract (0xce16...D666) has a different architecture and was unaffected. Squid users' funds, authorizations, and integrations are completely safe.Early public reports may have mentioned "SquidRouter" due to the contract verification name on Basescan. The accurate description should be: a third-party SquidRouterModule was attacked, not Squid's Router contract. This contract shares the name with Squid, but it is not Squid's code. Squid is continuously monitoring the situation and will provide updates if there are any significant changes.
according to Blockaid monitoring, it detected an ongoing attack targeting the SquidRouter module on the Ethereum and Base chains. Within approximately 2 hours, 86 Gnosis Safe wallets were drained of about $3 million in assets. All stolen tokens were swapped for DAI via a Uniswap V3 pool controlled by the attacker.
According to PeckShield’s monitoring, the WUSD/GLOVE pool on Ethereum was attacked, resulting in losses of approximately $207,000. The attacker has swapped the stolen assets for roughly 98 ETH and deposited them into Railgun.
According to on-chain analyst PeckShield (@PeckShieldAlert), SlowMist’s threat intelligence system MistEye has detected a cross-registry supply chain attack targeting developers. Malicious packages have spread across three major registries—npm, PyPI, and Crates.io—comprising over 34 malicious packages and more than 384 related versions. The attack targets developer communities in cryptocurrency, DeFi, Solana, Sui/Move, and AI. It may lead to the theft of cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and other sensitive developer information. Some malicious payloads also attempt persistence via mechanisms including `.cursorrules`, `CLAUDE.md`, Git hooks, cron, systemd, and SSH. SlowMist recommends immediately removing affected packages, isolating compromised systems, rotating exposed credentials, rebuilding CI environments and developer machines from clean images, and conducting comprehensive reviews of GitHub, cloud, SSH, and wallet-related activities.
according to monitoring by crypto KOL Yusuf, two contracts of European stablecoin issuer StabIR, EURR and USDR, were attacked yesterday, resulting in losses exceeding $10 million. Following the incident, over $100,000 in stolen funds have been frozen, with the de-pegging range of USDR and EURR exceeding 20%.
According to research by security firm Socket Security, a cryptocurrency-stealing supply chain attack dubbed “TrapDoor” spans npm, PyPI, and Crates.io, involving over 34 malicious packages and 384 related versions and artifacts. The attack targets cryptocurrency, DeFi, Solana, Sui, Move, and AI developers. Attack samples can steal sensitive information including SSH keys, wallet data, AWS credentials, GitHub tokens, browser data, and environment variables. Specifically, npm packages execute the shared payload `trap-core.js` via the `postinstall` hook; PyPI packages execute remote JavaScript upon import; and Crates.io packages steal local keystores via `build.rs`. Socket has flagged all related packages as malicious and reported them to the respective package registries.
multiple blockchain and post-quantum cryptography researchers have warned that artificial intelligence (AI) is accelerating the development of quantum computing and could potentially impact the security systems of mainstream blockchains, including Bitcoin and Ethereum, earlier than anticipated.Alex Pruden, CEO of Project Eleven, a firm focused on quantum-resistant infrastructure, stated that the combination of AI and quantum computing is fundamentally reshaping the future security landscape. "People will no longer be able to rely on existing security assumptions as they have in the past," he said.Researchers point out that AI is already being used to optimize quantum error correction, which is one of the key technical bottlenecks in the development of quantum computing. Illia Polosukhin also noted that AI has been accelerating scientific breakthroughs for years, and in the future, there may even be a circular acceleration effect where "AI helps build the next generation of quantum computers."One of the industry's biggest current concerns is the "Harvest Now, Decrypt Later" strategy, where governments or advanced attackers begin mass-collecting encrypted data now, waiting to decrypt it all at once once quantum computing matures. Polosukhin warned that if quantum computers become viable within a few years, "most of today's important data on the internet could be decrypted in the future."Given that most blockchain networks and internet infrastructure currently rely on elliptic curve cryptography (ECC), a sufficiently powerful quantum computer could theoretically derive a private key from a public key, directly breaking wallets and on-chain systems. Simultaneously, AI itself is strengthening hacking capabilities. Pruden stated that AI models are becoming increasingly adept at discovering software vulnerabilities and cryptography implementation flaws, and may even be able to crack some encryption algorithms directly in the future.However, AI is also being used by developers for code auditing, formal verification, and testing post-quantum security systems, creating a "long-term security arms race" with simultaneous upgrades on both the offensive and defensive sides. Researchers believe the most significant change brought by AI and quantum computing together is that the core assumption of "long-term cryptographic reliability" in the digital age is being challenged. Future security systems may shift from "static upgrades" to continuous dynamic evolution. (CoinDesk)
stablecoin issuer StablR suffered a sustained attack, causing its euro stablecoin EURR and dollar stablecoin USDR to depeg.Blockchain security firm Blockaid stated that the attacker allegedly gained control by obtaining the private key of one of the owners of the minting multi-signature account. Exploiting the 1/3 signature threshold mechanism, the attacker replaced other administrators and minted an additional 8.35 million USDR and 4.5 million EURR.Subsequently, the attacker swapped tokens worth approximately $10.4 million for about 1,115 ETH on a DEX, yielding an actual profit of around $2.8 million. Following the incident, EURR fell to around $0.88, while USDR dropped to approximately $0.7.Blockaid noted that the incident was not caused by a smart contract vulnerability but rather by a failure in key management and governance mechanisms. (Cointelegraph)
UK police announced that five individuals have been sentenced in a “wrench attack” case targeting cryptocurrency holders. The suspects met the victim at a Shoreditch pub in London in July 2025 and forcibly took him to his home, where they used violence and threats—including coercing facial recognition verification—to compel him to access his bank and cryptocurrency accounts, stealing over £10,000 in cash, cryptocurrency, and watches. During the investigation, cryptocurrency exchange Coinbase reported suspicious activity on the victim’s account to the police, who subsequently identified and arrested the suspects. The court sentenced four principal offenders to prison terms ranging from three-and-a-half to six-and-a-half years, while a fifth individual received a community service order for money laundering. Police stated that the incident inflicted long-term psychological trauma on the victim and his family, highlighting the rising risk of offline violent crime targeting cryptocurrency asset holders.
According to Cointelegraph, Bitcoin mining company MARA Holdings spent $4.3 million on CEO Fred Thiel’s personal security in 2025, including $430,780 for vehicle armor, as well as residential and personal security expenses. Filings show related spending for 2024 totaled $191,040. In the same year, MARA also spent $3.9 million on CFO Salman Khan’s personal security. The report notes that personal safety costs for companies are rising amid an increase in “wrench attacks” targeting cryptocurrency executives and investors.