News linked to both this project and an event.
Humanity announced the independent investigation results from Quantstamp, stating that the security incident—exceeding $31 million—originated from a phishing attack that led to the leakage of private keys. The attackers subsequently gained control of the smart contract and dumped tokens; the tools and tactics employed exhibit characteristics commonly associated with North Korean hacker groups.
According to on-chain security platform Blockaid (@blockaid_), the MILC Platform cross-chain bridge suffered a private key leak on both the BNB Chain and Ethereum networks. The attacker exploited a historical bridge administrator wallet to grant the DEFAULT_ADMIN_ROLE and MANAGER_ROLE permissions to the attacker’s address. Subsequently, assets were withdrawn from the bridge contract, and administrative control was transferred to the attacker’s wallet. Confirmed losses currently stand at approximately $97,003 USDT (on BNB Chain) and approximately 39.21 ETH (on Ethereum, transferred out via Rhino.fi), totaling roughly $161,000.
Humility Protocol released a security incident update on the X platform, stating that its H token suffered a coordinated attack on the Ethereum and BSC chains yesterday, with confirmed losses exceeding $36 million in stolen and dumped assets.Preliminary investigations indicate the incident originated from a compromised employee computer, which led to the leakage of private keys for the multi-signature wallet controlling the Hyperlane Bridge ProxyAdmin. Specifically, the attacker obtained 3 out of 6 private keys of the Gnosis Safe wallet on the Ethereum chain, transferred ownership of the ProxyAdmin to a wallet under their control, upgraded the bridge contract to a malicious implementation, and subsequently transferred approximately 141.2 million H tokens in a single transaction.Simultaneously, the attacker also gained control of 3 out of 5 private keys of the Safe wallet on the BSC chain, took over the ProxyAdmin using the same method, deployed a malicious contract with unlimited minting functionality, and minted 200 million H tokens in two separate transactions to their own wallet.Humility stated that it has suspended all deposit and withdrawal operations on the affected bridge services and is collaborating with partners such as exchanges to mitigate losses. Meanwhile, it is cooperating with the police investigation and attempting to recover part of the stolen funds.
According to on-chain security firm CertiK (@CertiKAlert), the Gravity Bridge attacker recently deposited another 1,180 ETH (approximately $2.06 million) into Tornado Cash. Earlier, on May 30, the attacker exploited the permissionless deployERC20() function by forging the Osmosis token string, tampering with the token registry, and mapping fake balances to real custodial assets—thereby stealing approximately 2,600 ETH (around $5.4 million) from Gravity Bridge. To date, 2,020 ETH of the stolen funds have been transferred to Tornado Cash via two externally owned accounts (EOAs); the remainder has been dispersed across centralized exchanges, making fund recovery significantly challenging.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
According to the official documentation of the prediction market platform Polymarket, the Bridge Deposit page has consolidated the previously separate Ethereum and Polygon deposit recovery tools into a single tool, and removed the original "matic-recovery[.]polymarket[.]com" link.
According to Cointelegraph, U.S. law firm Gerstein Harrow LLP has filed an application with the U.S. District Court for the Southern District of New York seeking a temporary restraining order and three writs of execution to prevent the Arbitrum DAO from transferring 30,766 ETH (valued at approximately $73 million) frozen following the Kelp vulnerability. The firm argues that its clients obtained default judgments against North Korea in U.S. courts in 2010, 2015, and 2016, entitling them to roughly $877 million in compensation—and contends that the stolen ETH constitutes North Korean-linked assets that should be used to satisfy those judgments. Kelp DAO suffered a $292 million hack on April 18; the attacker was identified as TraderTraitor, a subgroup of the North Korean state-sponsored hacking group Lazarus Group. Aave Labs previously proposed unfreezing the seized funds and transferring them into the “DeFi United” fund to compensate rsETH holders—but this legal action by Gerstein Harrow may significantly delay compensation for victims. Members of the Arbitrum DAO community have criticized the move, arguing it shifts the burden of North Korea’s debts onto another set of victims, thereby exacerbating the original harm. Gerstein Harrow had previously pursued litigation related to the 2023 Heco Bridge hack involving Teth
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.
According to an official announcement, the BTTC Bridge transaction history page has completed its functional upgrade and is now officially live, aiming to provide cross-chain users with a more efficient and transparent asset tracking experience. This update introduces a dual-view mode—“All Records” and “In Progress”—displayed independently, along with a multi-dimensional filtering tool that supports flexible, combined searches by transaction status, type, and custom date ranges. Additionally, the page now features dedicated identification markers for deposits, withdrawals, and cross-chain activities, helping users quickly locate fund flows. Users can now visit the platform to experience a clearer cross-chain transaction management view. The team will continue refining product details to support broader on-chain interaction scenarios.
According to Cointelegraph, blockchain analytics firm Chainalysis released a report stating that stablecoin-adjusted transaction volume is projected to reach $719 trillion by 2035—marking a substantial increase from $28 trillion in 2025. If two major macro catalysts align, this figure could double further to $15 trillion, surpassing the current annual global cross-border payment volume of approximately $10 trillion. The two catalysts are: (1) the transfer of over $100 trillion in wealth from the Baby Boomer generation to younger, crypto-native generations; and (2) stablecoins fully replacing traditional payment rails as the default payment infrastructure. Rachael Lucas, an analyst at Australian crypto exchange BTC Markets, noted that strategic moves—including Stripe’s acquisition of Bridge and Mastercard’s partnership with BVNK—are concrete steps forward. Coupled with regulatory clarity provided by the GENIUS Act, institutional participation is expected to expand significantly.