News linked to both this project and an event.
According to on-chain security platform Blockaid (@blockaid_), the MILC Platform cross-chain bridge suffered a private key leak on both the BNB Chain and Ethereum networks. The attacker exploited a historical bridge administrator wallet to grant the DEFAULT_ADMIN_ROLE and MANAGER_ROLE permissions to the attacker’s address. Subsequently, assets were withdrawn from the bridge contract, and administrative control was transferred to the attacker’s wallet. Confirmed losses currently stand at approximately $97,003 USDT (on BNB Chain) and approximately 39.21 ETH (on Ethereum, transferred out via Rhino.fi), totaling roughly $161,000.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
according to Blockaid monitoring, it detected an ongoing attack targeting the SquidRouter module on the Ethereum and Base chains. Within approximately 2 hours, 86 Gnosis Safe wallets were drained of about $3 million in assets. All stolen tokens were swapped for DAI via a Uniswap V3 pool controlled by the attacker.
stablecoin issuer StablR suffered a sustained attack, causing its euro stablecoin EURR and dollar stablecoin USDR to depeg.Blockchain security firm Blockaid stated that the attacker allegedly gained control by obtaining the private key of one of the owners of the minting multi-signature account. Exploiting the 1/3 signature threshold mechanism, the attacker replaced other administrators and minted an additional 8.35 million USDR and 4.5 million EURR.Subsequently, the attacker swapped tokens worth approximately $10.4 million for about 1,115 ETH on a DEX, yielding an actual profit of around $2.8 million. Following the incident, EURR fell to around $0.88, while USDR dropped to approximately $0.7.Blockaid noted that the incident was not caused by a smart contract vulnerability but rather by a failure in key management and governance mechanisms. (Cointelegraph)
Odaily News: Blockaid posted on platform X, stating that its vulnerability detection system has discovered an attack on the Verus Ethereum cross-chain bridge, which has so far caused losses of approximately $11.58 million.
According to Blockaid’s monitoring, Ink Finance’s Workspace Treasury Proxy on Polygon was exploited minutes ago, involving approximately $140,000.
According to security firm Blockaid (@blockaid_), Ekubo Protocol’s v2 custom extension contract on Ethereum is under an ongoing attack, resulting in losses of approximately $1.4 million so far. The root cause lies in the IPayer.pay callback within this extension, which fails to properly restrict the origin of its parameters—enabling attackers to control the payer, token, and amount parameters and thereby arbitrarily transfer authorized tokens. Users of Ekubo’s core protocol remain unaffected; however, users who have authorized the v2 contract (0x8CCB1ffD5C2aa6Bd926473425Dea4c8c15DE60fd) as a token spender face direct risk. Blockaid recommends that affected users immediately revoke their approvals.
according to Blockaid monitoring, an ongoing attack has occurred on Aftermath Finance's perpetual contract protocol on the Sui Network, with approximately $1.1 million worth of USDC stolen across 11 transactions within about 36 minutes. Analysis indicates the vulnerability stems from a fee accounting flaw in the perpetual contract liquidation system, which the attacker exploited to artificially inflate synthetic collateral and drain funds from the protocol's treasury.
According to on-chain security firm Blockaid (@blockaid_), AftermathFi’s perpetual contract on Sui Network was exploited via a vulnerability on April 29. The attacker (address: 0x1a65...2d41e) stole approximately $1.1 million in USDC across 11 transactions within roughly 36 minutes. The attack exploited a flaw in the perpetual contract liquidation fee calculation, enabling illicit withdrawals from the protocol’s treasury via synthetic collateral inflation.
Felix Leupold, Technical Lead of CoWSwap, posted an update on X stating that the CoWSwap frontend has been restored and users can now access it at swap.cow.finance. The official notice reminds users to authorize only the address 0xc92e8bdf79f0507f65a392b0ab4667716bfe0110 (i.e., the original GPv2VaultRelayer contract). Earlier, Blockaid reported that its system had detected an attack on the frontend of the decentralized exchange CowSwap; CoW Swap subsequently issued an announcement confirming a frontend outage and advising users not to transact on the platform temporarily.
According to official reports, the Blockaid system has detected a front-end attack targeting Cowswap, and the website COW[.]FI has been flagged as malicious. If your wallet is connected, immediately revoke permissions and avoid any interaction with this DApp.