News linked to both this project and an event.
According to on-chain security platform Blockaid (@blockaid_), the MILC Platform cross-chain bridge suffered a private key leak on both the BNB Chain and Ethereum networks. The attacker exploited a historical bridge administrator wallet to grant the DEFAULT_ADMIN_ROLE and MANAGER_ROLE permissions to the attacker’s address. Subsequently, assets were withdrawn from the bridge contract, and administrative control was transferred to the attacker’s wallet. Confirmed losses currently stand at approximately $97,003 USDT (on BNB Chain) and approximately 39.21 ETH (on Ethereum, transferred out via Rhino.fi), totaling roughly $161,000.
Humanity released a post-mortem report on the H token security incident that occurred between June 8 and 9, stating that the incident was not caused by a smart contract vulnerability, but rather by a malware intrusion into a developer's device, which led to the leakage of private keys. Humanity stated that the attacker still holds the ProxyAdmin permissions for the ETH bridge and the BNB Chain token. Preliminary investigations confirmed that a colleague's device was infected with malware, which the attacker used to obtain the hot wallet private key of the administrator and the private keys for signing on 6 Gnosis Safe wallets. The team has hired an external security agency to conduct a forensic investigation and stated that they are formulating a recovery plan for affected users.
: According to an official announcement, on June 3, Trust Wallet announced a partnership with BNB Chain and CoinMarketCap to officially launch the "BNB Hack: AI Trading Agents" hackathon, featuring a total prize pool of $36,000. The Trust Wallet Agent Kit serves as the core on-chain execution technology stack for this event. This hackathon also marks the first time the Trust Wallet Agent Kit has been fully integrated as a core infrastructure component into a top-tier AI Agent hackathon system.The hackathon features two main tracks: "Autonomous Trading Agents" (prize pool $24,000, 5 winners) and "Strategy Skills" (prize pool $6,000, 3 winners), in addition to three partner special awards of $2,000 each. In the "Autonomous Trading Agents" track, participants must leverage the Trust Wallet Agent Kit to achieve local self-custodial signing, autonomous mode operation, and on-chain trade execution, deployed within native BNB Chain scenarios such as PancakeSwap and BSC Perpetual Contracts. The "Strategy Skills" track does not require an execution layer; participants build backtestable strategy proposals based on 12 categories of data tools from CoinMarketCap MCP, including market data, technical indicators, on-chain data, sentiment, and news.Track one uses real PnL as the core evaluation criterion, setting a maximum drawdown limit as the risk control threshold. Track two is comprehensively scored by a judging panel across four dimensions: technical execution, originality, real-world value, and presentation. The build window runs from June 3 to June 21, the trading window from June 22 to June 28, and winners will be announced during the week of July 6. In addition to cash prizes, winning teams will receive CoinMarketCap Pro API subscription credits, mentorship from CMC Labs, and the BNB Chain Kickstart ecosystem support package.
According to on-chain analyst PeckShield (@PeckShieldAlert), approximately 19 hours ago, TesseraDao (@TesseraDao) on BNB Chain was attacked. The hacker maliciously minted 99 million TSR tokens and immediately dumped them, causing the TSR price to plummet by 99%. The attacker then exchanged the stolen TSR for approximately $2.5 million in USDT and cross-chained the funds to Ethereum. The attacker has since laundered 1,285.5 ETH via TornadoCash.
According to The Block, the DeFi lending protocol Radiant Capital has announced it will officially cease operations. The protocol suffered a hack in October 2024, losing approximately $51 million; the attacker gained unauthorized access by deploying backdoor contracts on Arbitrum and BNB Chain. Earlier in 2024, the protocol had also been hit by a flash loan attack, resulting in a loss of roughly 1,900 ETH (approximately $4.5 million). After 18 months of recovery efforts, Radiant Capital stated that it has neither recovered a significant portion of the stolen funds nor secured new financing, declaring that “the DAO has no viable path forward.” The protocol will now enter a “maintenance mode”: its frontend and smart contracts remain accessible, allowing users to withdraw funds, repay loans, and manage positions. Any funds recovered in the future will be returned to affected users.
According to on-chain investigator Eye, DxSale is suspected of withdrawing approximately $7.3 million from some of its early liquidity pools locked on BNB Chain since 2021—impacting over 1,400 LPs. Eye stated that the attack involved silent ownership transfers and over 80 wallet hops. Eye noted that the newly used wallet address in the attack received 104 BNB from Bybit 20 hours prior to the liquidity pool withdrawal, and subsequently received approximately 1,200 BNB after the funds were withdrawn from the liquidity pools. Thereafter, this address transferred roughly 3,400 BNB in total to two wallets, with the related funds already withdrawn via multiple Binance deposit addresses.
on-chain analyst Specter stated that the hijacking incidents of investor Keith Gill, Matt Furie, and WinRAR accounts on the X platform are all linked to the same hacker organization. This organization has accumulated over $14 million in profits by hijacking accounts to promote tokens and conducting cross-chain money laundering, with funds flowing through five chains: Solana, BNB Chain, Ethereum, Tron, and Hyperliquid.Specter claims the organization may also be connected to a $2.45 million wstETH phishing attack in 2024. The investigation found that hackers used compromised accounts to issue Pepe imitation tokens, incorporating a built-in 2% automatic fee mechanism to generate profits; related fund flows are associated with the bnbshare.fun platform and multiple Solana, Tron, and Ethereum addresses. Analysis also showed that several tokens (including USOR, VDOR, DROID, WCOR, UGOR) were used to inflate market caps before being dumped to zero.
According to on-chain analyst PeckShield (@PeckShieldAlert), THORChain has been hacked, resulting in losses of approximately $10 million in crypto assets, including 36.75 BTC (around $3 million) and roughly $7 million in assets from BNB Chain, Ethereum, and Base.
According to an official announcement from Curve Finance, due to a hacker attack on the rsETH LayerZero infrastructure, Curve Finance has suspended its LayerZero infrastructure for security reasons, pending further investigation into the root cause before resuming operations. This suspension affects the following: cross-chain bridging of CRV tokens from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava (chains using native bridges remain unaffected), as well as the crvUSD fast bridge functionality (the L2 slow bridge remains fully operational). Meanwhile, KelpDAO is also reported to have suffered a vulnerability exploit involving approximately $291 million; the exact extent of losses is still under investigation.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridge contract was attacked. The team promptly disconnected the affected contract and, in collaboration with major exchanges, blacklisted the hacker’s wallet, limiting losses to under $90,000. Earlier, blockchain security firm PeckShield estimated losses at $400,000. The attacker exploited Aethir’s cross-chain smart contract, AethirOFTAdapter, to transfer stolen funds from BNB Chain to Tron. Aethir stated that its Ethereum mainnet ATH token supply remains unaffected. It plans to release a detailed compensation plan and incident analysis next week and will collaborate with exchanges including Binance, Upbit, and Bithumb to freeze funds. Web3 security platform ZeroShadow is assisting with the investigation. In 2025, Aethir achieved $127.8 million in revenue and deployed over 440,000 GPU containers globally.