News linked to both this project and an event.
Anthropic CEO Dario Amodei has stated that if new AI models pose specific risks, governments should have the authority to prevent their deployment. In a lengthy post on Wednesday, Amodei argued that AI models should undergo mandatory third-party testing to assess potential risks across multiple domains. He wrote that if an AI is deemed to pose "unacceptable risks," then "governments should have the power to block or constrain its deployment." This is one of Amodei's strongest statements to date advocating for stricter AI regulation. "I believe that, at least during this current exponential growth phase, the most appropriate analogy is cars, airplanes, or pharmaceuticals—technologies that are essential to the modern economy but can also lead to significant loss of life if poorly designed or misused," Amodei wrote. Anthropic has previously warned that its AI model, Mythos, possesses the ability to discover and exploit critical software vulnerabilities, leading the company to restrict access to a small number of partners. This week, Anthropic also released a new version that removes related cybersecurity attack capabilities. (Jinshi)
New York Supreme Court Judge Kathy J. King has signed an order to pause proceedings in a lawsuit seeking ownership claims over 39,069 dormant bitcoin wallets, and has scheduled a hearing for July 14 regarding a key amicus curiae brief.The plaintiffs in the case are an anonymous individual referred to as "Noah Doe" and two shell companies, who are seeking to claim ownership of these wallets under the New York State Abandoned Property Law. Attorney Ian R. Cohen submitted an amicus curiae brief opposing the plaintiffs' claims. He argues that the Abandoned Property Law is intended for tangible items, whereas blockchain addresses are always visible to the world; if the original owner was unable to withdraw assets due to a security breach, this constitutes a passive loss of access rather than a voluntary abandonment. (The Block)
Web3 security company Immunefi's latest "2026 Ecosystem Vulnerability Audit Report" shows that losses from DeFi protocol hacks have fallen 74% from a peak of $2.62 billion in 2022 to approximately $680.3 million in 2025.The report notes that the median loss per individual attack has also significantly decreased, from $6 million in 2022 to $1.5 million in 2025, reflecting an overall improvement in security standards. Meanwhile, the share of bridge exploits in total DeFi losses has dropped sharply from 73% in 2022 to 3% in 2025, and the proportion of flash loan attacks has fallen from 54% to less than 1%.The proportion of risks at the infrastructure level (such as private key leaks and database attacks) also decreased from 30.7% in 2022 to 10.3% in 2025. Immunefi stated that this reflects continuous optimization in oracle design, reentrancy attack protection, and access control standards, making the DeFi ecosystem "generally becoming safer."However, the report also notes that losses slightly rebounded to $680.3 million in 2025, primarily due to increased complexity in multi-chain systems and a few high-severity incidents. At the same time, the number of independent security incidents continues to rise, indicating the attack surface is still expanding. (The Block)
Ledger's Donjon security research team successfully bypassed the firmware verification system of the TROPIC01 chip inside the Trezor Safe 7 using laser attacks in a laboratory setting. Chip manufacturer Tropic Square subsequently discovered another attack path affecting the chip's MAC-and-Destroy security mechanism. This vulnerability currently impacts all TROPIC01 chips in production within the field. Trezor stated that the TROPIC01 chip is one of three independent security layers within the Trezor Safe 7, and user funds, wallet backups, and private keys are not stored on it.The chip's hardware encryption storage mechanism completely withstood Ledger's extraction attempts during initial testing. Tropic Square has delayed the release of technical details regarding the vulnerability until the launch of a reinforced silicon version of the TROPIC01 chip later in 2026, with full details expected to be disclosed in the spring of 2027.A firmware mitigation is currently available by disabling the chip's MAINTENANCE mode. Trezor CEO Matej Zak stated that PINs, wallet backups, and user fund keys have never been stored on a single chip. (The Block)
According to The Block, the DeFi lending protocol Radiant Capital has announced it will officially cease operations. The protocol suffered a hack in October 2024, losing approximately $51 million; the attacker gained unauthorized access by deploying backdoor contracts on Arbitrum and BNB Chain. Earlier in 2024, the protocol had also been hit by a flash loan attack, resulting in a loss of roughly 1,900 ETH (approximately $4.5 million). After 18 months of recovery efforts, Radiant Capital stated that it has neither recovered a significant portion of the stolen funds nor secured new financing, declaring that “the DAO has no viable path forward.” The protocol will now enter a “maintenance mode”: its frontend and smart contracts remain accessible, allowing users to withdraw funds, repay loans, and manage positions. Any funds recovered in the future will be returned to affected users.
According to The Block, Martin Koppelmann, co-founder and CEO of Gnosis, stated that Gnosis Pay was compromised due to a vulnerability in the Zodiac Delay Module. Attackers were able to initiate transactions from Safe wallets equipped with this module. Gnosis will cover all user losses. Gnosis is currently requesting bridge validators to pause related operations to contain the impact.
According to The Block, the Sui Foundation released an incident report on May 31, disclosing three consecutive outages on its mainnet from May 29 to 30—each traced back to two independent bugs introduced in the v1.72 upgrade. The first two outages were caused by a gas fee calculation error stemming from the newly launched “address balance” feature: funds were deducted even when transactions were canceled, resulting in negative account balances and subsequent validator node crashes. The third outage was triggered by a latent vulnerability in the random number generator during node restarts, preventing the network’s epoch from closing normally. The Sui Foundation stated that all known issues have now been resolved; user funds remained unaffected throughout the incidents, and no settled transactions were rolled back. The Foundation plans to further enhance its fault-tolerance mechanisms to ensure future similar bugs impact only individual transactions—not the entire network.
According to The Block, security researcher Florent successfully unlocked approximately 1,003 ETH (valued at roughly $2 million) that had been locked for nearly a decade in the 2016 HongCoin ICO smart contract, using a white-hat vulnerability. The contract’s refund function had remained nonfunctional for years due to the absence of overflow protection in the legacy Solidity version used. Florent collaborated with the HongCoin team to reset token balances via an admin function, completing the process in about one week. Currently, 48 original investors are eligible to claim the unfrozen funds; two have already claimed a total of 96.5 ETH and voluntarily paid Florent a white-hat reward. Florent stated that this unlock was purely a technical exploration and that he charged no fees or commissions.
According to The Block, Bitcoin Depot (BTM), a Nasdaq-listed Bitcoin ATM operator, filed for Chapter 11 bankruptcy protection on the 18th in the U.S. District Court for the Southern District of Texas, announcing an orderly liquidation and asset sale. CEO Alex Holmes stated that increasingly stringent state-level compliance requirements, transaction limit restrictions, and operational bans in certain regions have rendered the company’s existing business model unsustainable. Previously, the company suffered a security breach in April 2026, resulting in a $3.7 million loss; its Q1 2026 revenue declined 49.2% year-on-year, with a net loss of $9.5 million. Currently, all over 9,000 Bitcoin ATMs operated globally by Bitcoin Depot have been taken offline, and its overseas entities—including those in Canada—will also be shut down.
the deliberation of the "Cryptocurrency Market Structure Act" (i.e., the CLARITY Act) has commenced in the U.S. Senate Banking Committee. As of now:1. An amendment proposed by Senator Mike Rounds to create an AI regulatory sandbox was passed with 15 votes in favor and 9 against, indicating some bipartisan support, despite Senator Elizabeth Warren urging Democratic members to vote against it.2. An amendment proposed by Elizabeth Warren, aimed at "preventing high-risk assets from entering retirement accounts," was rejected with 11 votes in favor and 13 against.3. An amendment previously proposed by Senator Katie Britt of Alabama, which would have allowed certain retirement accounts to invest in pooled investment vehicles, was withdrawn before the vote.It is reported that one of the most contentious amendments comes from Elizabeth Warren, concerning the strengthening of sanctions authority over cryptocurrency mixers. In her remarks, she referenced the U.S.-sanctioned mixing protocol Tornado Cash, stating it has been used to launder over $7 billion for criminal organizations and North Korean hacker groups, including over $450 million in related funds. Warren argued that the current bill does not grant the U.S. Treasury Department sufficient legal authority to isolate or restrict mixer services, potentially creating loopholes in anti-money laundering oversight. In response, Cynthia Lummis countered that the illegal financial activities are already covered in Parts Two and Three of the bill.
According to The Block, the T3 Financial Crime Unit (T3 FCU), jointly established by Tether, TRON, and TRM Labs, announced that since its founding in 2024, it has frozen over $450 million worth of illicit crypto assets globally. In 2025, the unit’s interception of illicit proceeds increased by 43.9% year-on-year, covering 23 jurisdictions including the United States, Spain, and Germany, and has been recognized by the Financial Action Task Force (FATF) as “a critical resource for global law enforcement agencies.” The T3 FCU has participated in investigations across multiple crime categories, including exchange hacks, North Korea–related activities, terrorist financing, and violent crimes, and assisted Brazil’s Federal Police in freezing over $5.989 billion in assets—including 4.3 million USDT.
According to The Block, Rob Nichols, CEO of the American Bankers Association (ABA), sent a letter to senior bank executives on Sunday evening urging them to contact U.S. Senators and call for further tightening of provisions related to stablecoin rewards ahead of the Senate Banking Committee’s markup vote scheduled for Thursday. Nichols warned that the current draft fails to effectively prevent crypto firms from offering users “interest-like rewards,” which could trigger massive outflows of bank deposits and threaten economic growth and financial stability. The current draft was negotiated by Senators Angela Alsobrooks and Thom Tillis. It prohibits paying users interest or returns for holding stablecoins but permits rewards tied to genuine activity or transactions—a provision supported by Coinbase. Banking industry groups contend that these exceptions contain loopholes that could be circumvented, and on May 8, they jointly wrote to Committee Chairman Tim Scott and Democrat Elizabeth Warren, requesting technical revisions to the language of the provision.
According to The Block, blockchain security firm CertiK released a report on May 8 stating that 34 confirmed “wrench attacks” (i.e., offline physical assaults and extortion targeting cryptocurrency holders) occurred globally in the first four months of 2026—an increase of 41% compared to the same period in 2025. Victims’ total losses amounted to approximately $101 million. If this trend continues, the annual number of incidents is projected to reach around 130, with losses potentially totaling hundreds of millions of dollars. Geographically, 28 of the 34 incidents (82%) occurred in Europe, with France standing out particularly: 24 cases were recorded there in the first four months of 2026 alone—exceeding the full-year total of 20 incidents in 2025. CertiK attributes this surge to France’s hosting of flagship crypto firms such as Ledger and Binance, frequent data breaches, and a community culture of conspicuous wealth display and proactive doxxing. In contrast, reported incidents in the U.S. dropped from nine in Q1 2025 to three in Q1 2026, while Asia saw a decline from 25 to two. Regarding attack patterns, CertiK notes that criminal groups have shifted toward a “data-driven targeting” model—purchasing victims’ names, addresses, and asset information from data brokers, thereby reducing the need for physical reconnaissance. Over half of this year’s incidents involved threats against or direct harm to victims’ family members (spouses, children, elderly parents) as a coercive tactic. Operationally, small gangs of three to five individuals typically carry out these attacks via
According to The Block, the Arbitrum DAO voted to release 30,765.6 ETH (approximately $70 million), previously frozen, to support the DeFi United initiative—aimed at offsetting Kelp DAO’s $292 million exploit loss last month. The vote passed with 90.96% support (182.2 million votes). The attack was allegedly carried out by the North Korean Lazarus hacking group, which exploited a vulnerability in LayerZero’s OFT cross-chain bridge—a single-validator configuration—which allowed attackers to steal 116,500 rsETH and pledge most of the stolen assets as collateral on Aave, resulting in roughly $190 million in bad debt. DeFi United has secured contributions from multiple parties, including 30,000 ETH from Consensys and Joseph Lubin, a 30,000-ETH loan from Mantle, and 5,000 ETH from LayerZero.
According to The Block, a U.S. federal court sentenced Marlon Ferro of California—known online as “GothFerrari”—to 78 months in prison, three years of supervised release, and $2.5 million in restitution. Ferro participated in a nationwide social engineering fraud scheme spanning from late 2023 to early 2025, involving over $250 million worth of cryptocurrency assets. The criminal group employed a range of tactics—including database breaches, fraudulent phone calls, money laundering, and residential burglaries—specifically targeting victims holding large amounts of cryptocurrency assets. Ferro carried out two residential burglaries to steal hardware wallets and assisted in laundering illicit funds. U.S. prosecutors stated that this sentence sends a clear message: cryptocurrency fraud is a serious criminal offense and will result in federal imprisonment.
According to The Block, Kelp DAO will abandon LayerZero and adopt Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its cross-chain infrastructure, along with Chainlink’s Cross-Chain Token (CCT) standard. Previously, in April, Kelp DAO suffered a cross-chain bridge attack totaling approximately $292 million; the attackers are suspected to be linked to North Korea’s Lazarus Group and exploited the single-validator configuration of the LayerZero-powered OFT cross-chain bridge to steal 116,500 rsETH. Chainlink states that its CCIP requires at least 16 independent node operators to validate cross-chain transactions.
North Korea has denied allegations of its involvement in cryptocurrency theft, calling the claims "absurd slander" and a "political tool." The statement, issued by state-run media, emphasized that necessary measures will be taken to safeguard national interests. However, data from blockchain analytics firm TRM Labs shows that in the first four months of 2026, hacker groups linked to North Korea have stolen approximately $577 million, accounting for about 76% of global crypto theft losses during the same period. This includes two major attacks on KelpDAO (approximately $292 million) and Drift Protocol (approximately $285 million).TRM pointed out that the attacks are primarily associated with the Lazarus Group and its sub-organizations. Since 2017, the cumulative scale of crypto theft linked to North Korea has exceeded $6 billion.U.S. and international agencies widely believe that such funds are used to support military and missile programs. Meanwhile, the U.S. Treasury Department has recently imposed sanctions on relevant individuals and entities, targeting approximately $800 million in illicit fund flows in 2024. (The Block)
According to The Block, blockchain intelligence firm TRM Labs released a report stating that North Korean hacker groups stole approximately $577 million in crypto assets during the first four months of 2026—accounting for 76% of global hacking losses over the same period. All these losses stemmed from two major incidents that occurred in April: KelpDAO was attacked by the TraderTraitor group, resulting in $292 million in losses; and Drift Protocol was compromised by another North Korean sub-group, suffering $285 million in losses. Preparations for the latter attack began as early as March 11, and funds were fully extracted within 12 minutes. The two incidents employed distinct money-laundering pathways: stolen funds from Drift remain largely dormant on Ethereum, whereas funds stolen from KelpDAO were rapidly swapped into BTC via THORChain, with subsequent laundering facilitated by Chinese intermediaries. TRM Labs noted that since 2017, North Korea’s cumulative crypto theft has exceeded $6 billion—and its share of global losses has risen steadily, from less than 10% in 2020 to 64% in 2025.
Standard Chartered Bank's latest report indicates that while the theft of KelpDAO's rsETH has severely impacted the DeFi ecosystem, it is insufficient to change the long-term growth trend of Real World Asset (RWA) tokenization. The bank maintains its forecast that the RWA tokenization market will grow from $35 billion in October 2025 to $2 trillion by the end of 2028, with the core drivers remaining the continued expansion of the DeFi banking system and stablecoin liquidity.Geoffrey Kendrick, Head of Digital Assets Research at Standard Chartered, stated that this incident is more like DeFi being "bent, not broken," and could even serve as a significant turning point for the industry to move towards a more resilient structure. (The Block)
Litecoin disclosed on X platform that a recent zero-day vulnerability once led to a DoS attack, affecting the operation of major mining pools. Mining nodes that were not updated in time allowed an invalid MWEB (MimbleWimble Extension Block) transaction to be executed, enabling the relevant tokens to be withdrawn to a third-party DEX. The Litecoin network rolled back these invalid transactions through a 13-block reorganization (reorg), confirming they would not be included in the main chain. All valid transactions during this period were unaffected. The vulnerability has now been completely fixed, and the network has resumed normal operation.