News linked to this event type.
Bankr posted on platform X, stating that the team is currently working with external partners such as zeroShadow to continue the investigation and restoration efforts. It is expected that full functionality will be restored by next week after completing additional security reviews and monitoring measures.Bankr stated that in the short term, it may gradually restore token issuance and some "read-only" features, allowing users to view account information such as balances. However, wallet transaction functions, including swap and transfer, will remain suspended during the review period.Previously, Bankr disclosed that an attacker had gained access to 14 Bankr wallets. The platform subsequently suspended related functions and promised full compensation for user losses.
According to on-chain analyst PeckShield (@PeckShieldAlert), the VerusCoin cross-chain bridge attacker has returned 4,052.4 ETH (approximately $8.5 million) to the project team’s address (0xF9AB...C1A74), representing 75% of the total stolen amount. The remaining 25% (1,350 ETH, approximately $2.8 million) is retained in the attacker’s wallet as a white-hat bounty.
According to an official announcement, South Korean cryptocurrency exchange Bithumb has announced the immediate suspension of all virtual asset deposits and withdrawals related to the overseas payment platform Heleket, effective May 21, 2026. The announcement states that Heleket is suspected of involvement in illegal activities such as money laundering and terrorist financing. Bithumb stated that this measure is taken to comply with relevant regulations, including the Act on Reporting and Using Specified Financial Transaction Information and the Virtual Asset User Protection Act, and to safeguard users’ assets. Bithumb also warned that using unverified overseas services may expose users to risks such as hacking attacks and disruptions to deposit and withdrawal services.
according to monitoring by Specter Analyst, a high-net-worth investor holding significant assets on Kraken and Coinbase exchanges fell victim to an alleged personal intimidation attack, resulting in total losses of approximately $6.7 million across various assets.The attacker withdrew 1,554 ETH (approximately $3.3 million) and 10.5 BTC from the user's Kraken account. Simultaneously, the attacker also breached the user's Coinbase defenses, withdrawing 34.1 cbBTC. Subsequently, the attacker directly deposited over $5.3 million of the stolen funds into the privacy protocol Tornado Cash to obfuscate the transaction trail. (financefeeds)
Syndicate Labs stated that after five years of developing on-chain infrastructure for customizable Ethereum Rollups and sequencers, the company has decided to shut down due to a drastic contraction in the Rollup market. Syndicate Labs previously completed a $20 million Series A funding round led by Andreessen Horowitz in 2021.This decision caused the SYND token price to drop 21% in the past three hours, hitting an all-time low of $0.012, a 99.5% decline from its peak of $2.61 in September 2025.Additionally, Syndicate Labs stated that the Syndicate Network Collective operates independently of Syndicate Labs, so the governance of the SYND token will not be immediately affected. The decision to shut down was not influenced by the previous hacking incident involving bridged assets.
According to CertiK monitoring, the attacker of cross-chain aggregation protocol Transit Finance has deposited 832.9 ETH into Tornado Cash, valued at approximately $1.8 million.
Syndicate, a DAO infrastructure service provider, has announced it will gradually cease operations. It stated that after five years of continuously building on-chain developer infrastructure, the Rollup market has undergone fundamental changes. Currently, the Rollup market has significantly shrunk, some Rollup projects are gradually shutting down, and the market has shifted from EVM Rollups to custom chains built from scratch by consulting teams, leading to a notable decline in reusable technology and network value.Syndicate stated that its system consists of two parts: Syndicate Labs, responsible for development, will be closed, while the independent entity Syndicate Network Collective (Wyoming DUNA), which holds SYND tokens and has governance rights, will continue to exist. SYND governance will not be affected in the short term.Furthermore, Syndicate emphasized that this decision to cease operations is unrelated to recent cross-chain security incidents. Affected users and SYND holders have been fully compensated through the treasury reserves, and team and investor tokens are currently still in a lock-up period.
According to on-chain analyst PeckShield (@PeckShieldAlert), RetoSwap—a peer-to-peer, decentralized exchange for Monero (XMR)—was exploited by hackers leveraging a vulnerability in the Haveno trading protocol, resulting in the theft of users’ funds totaling 7,000 XMR (approximately $2.7 million). Following the incident, the RetoSwap team responded swiftly, blacklisting the attacker’s onion address at 02:33 UTC and pausing all platform trading by enforcing an upgrade to client version 2.0.0. The attack has now been contained.
According to the Wall Street Journal, US President Donald Trump had a tense and heated phone call with Israeli Prime Minister Benjamin Netanyahu on Tuesday evening. According to sources, Netanyahu strongly criticized the agreement aimed at ending the war with Iran during the call, while Trump defended the diplomatic process. Israel has long been skeptical about whether Iran will adhere to any agreement to dismantle its nuclear program and halt attacks on regional countries. According to insiders, Netanyahu reiterated these positions to Trump during calls on both last Sunday and Tuesday. However, Trump was not convinced. He told Netanyahu that he would continue to push for an agreement to prevent Iran from acquiring nuclear weapons. Trump also stated that if Iran fails to show greater flexibility in negotiations, it may face a new round of strikes. (Golden Ten)
Sentient has officially launched the latest season of its hackathon, Challenge 0. This event offers a $6,000 prize pool and MiniMax points.
Drift Protocol stated on X platform that after the protocol resumes operation, users who have staked in the Insurance Fund will be able to withdraw their corresponding shares normally. The Insurance Fund is designed to maintain the protocol's solvency during liquidation or bankruptcy scenarios. Since the protocol was paused before losses were realized through normal liquidation or bankruptcy processes, the Insurance Fund was not affected by the relevant vulnerability or attack.Drift Protocol added that the protocol's own Insurance Fund assets will be used to support system restart and user recovery, and it plans to disclose the relevant on-chain addresses to allow the community to track fund usage and subsequent deployment.
LayerZero Labs has released a recent incident report stating that on April 18, 2026, the KelpDAO rsETH cross-chain bridge, built on its cross-chain communication protocol, suffered an attack resulting in the theft of approximately 116,500 rsETH (around $292 million). Multiple security organizations, including Mandiant, CrowdStrike, and independent researchers, have attributed this attack to the North Korea-linked hacker group TraderTraitor (UNC4899).According to the report, the attack began on March 6, 2026. The attackers compromised a LayerZero developer account through social engineering, obtained session keys, and penetrated the RPC cloud environment. They further contaminated internal RPC node data and manipulated the returned results to deceive monitoring systems and the Decentralized Verification Network (DVN). Subsequently, the attackers launched a denial-of-service attack against external RPC providers, forcing the verification system to rely on the compromised nodes to generate forged cross-chain proofs, thereby successfully extracting the funds.LayerZero pointed out that the core vulnerability of this incident lay in the affected application adopting a "single-verifier" configuration. This allowed the target contract to execute asset releases upon receiving only a single valid signature, leading to the theft of rsETH.Following the incident, LayerZero Labs announced an adjustment to security policies. This includes no longer allowing its own DVN to act as the sole signer in a single-verifier configuration, rebuilding the affected cloud infrastructure, and introducing short-term credentials, instant permission upgrades, and multi-party approval mechanisms to enhance security. Additionally, zeroShadow and law enforcement agencies have initiated investigations and asset tracing. LayerZero stated it will continue to collaborate with ecosystem partners to strengthen the cross-chain security framework to address increasingly sophisticated nation-state attack threats.
GitHub posted on X platform, sharing more investigation details regarding the unauthorized access incident to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.Current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attackers' claim of approximately 3,800 repositories aligns with GitHub's investigation direction so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring subsequent activities. A more comprehensive report will be released upon completion of the investigation.
According to an announcement by Bankr’s official X account (@bankrbot), on May 20, 2026, Bankr—a blockchain-based financial infrastructure platform—confirmed it had suffered a cyberattack. A total of 14 user wallets were compromised. The platform has urgently suspended its trading functionality and pledged to fully compensate all losses. Blockchain analyst @99barzzz tracked the incident, revealing that the losses amounted to approximately $385,000. The hacker’s EVM-compatible address has been identified.
According to monitoring by SlowMist's Cosan, multiple user wallets of Bankr have been compromised. @bankrbot responded that the incident is a social engineering attack targeting the trust layer between automated agents, specifically involving the interaction between Grok and Bankrbot, which led to unauthorized transaction signatures.
Grafana Labs posted on X, stating that it confirmed a targeted hacker attack on May 16. The attacker gained unauthorized access to its GitHub repository and downloaded the codebase through a TanStack npm supply chain attack (Mini Shai-Hulud campaign), subsequently issuing a ransom threat.Investigations indicate that this incident was strictly limited to Grafana Labs' GitHub environment, with no evidence suggesting it affected customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to source code, also included the names and email addresses of some internal business contacts. Although the attacker downloaded the codebase, it was not tampered with. Grafana Labs has decided not to pay the ransom and has notified federal law enforcement authorities. It is currently implementing defensive measures, including enhancing CI/CD pipeline security.
Threshold Network posted on platform X, stating that on May 18, 2026, a malicious attacker attempted to mint tBTC without depositing the underlying Bitcoin. The attempt was unsuccessful; no invalid tBTC was issued, and user funds were not at risk.As a precautionary measure against high-frequency malicious activity in the broader crypto ecosystem, Optimistic Minting has been temporarily suspended. Currently, minting operations are conducted through the liquidation mechanism, with typical minting times increasing from approximately 1.5 hours to around 6 to 7 hours.
Echo Protocol announced that the team has now regained control of the administrative keys and destroyed the remaining 955 eBTC held by the attacker. Additionally, the current exposure on Aptos is limited to approximately $71,000 in the Echo lending market and the Hyperion liquidity pool, and the team has observed no fund losses on Aptos. As a precautionary measure, the team has fully suspended Aptos bridge operations while the review remains ongoing. Echo Aptos Lending remains unaffected but has been paused for security reasons.
Odaily Echo Protocol posted on X platform, confirming a security incident on the Monad cross-chain bridge. An investigation is currently underway, and all cross-chain transaction functions have been suspended. The protocol stated that it will continue to provide updates through official channels once the investigation progresses.
Odaily Kelp announced on X platform that it has coordinated with multiple DeFi protocols to complete the liquidation of the attacker's positions, achieving key progress in the rsETH recovery process. Among them: Compound participated in coordination multiple times over the past four weeks, providing approximately 3,000 ETH in support, and jointly completed the liquidation with Aave, recovering a total of approximately 17,426.20 rsETH; Euler Finance liquidated the attacker's positions within its protocol and plans to return the excess ETH to the DeFi ecosystem fund.