News linked to both this project and an event.
According to on-chain security firm CertiK (@CertiKAlert), the Gravity Bridge attacker recently deposited another 1,180 ETH (approximately $2.06 million) into Tornado Cash. Earlier, on May 30, the attacker exploited the permissionless deployERC20() function by forging the Osmosis token string, tampering with the token registry, and mapping fake balances to real custodial assets—thereby stealing approximately 2,600 ETH (around $5.4 million) from Gravity Bridge. To date, 2,020 ETH of the stolen funds have been transferred to Tornado Cash via two externally owned accounts (EOAs); the remainder has been dispersed across centralized exchanges, making fund recovery significantly challenging.
data from blockchain security firm CertiK shows total losses in the crypto sector from hacks, vulnerabilities, and scams in May 2026 were approximately $68.3 million. This represents a nearly 90% decline from the over $650 million in losses recorded in April, making it the third month this year where losses fell below $100 million. Phishing attacks accounted for about $2.6 million of the losses.In April, industry losses surged due to two major attacks on Drift Protocol and KelpDAO, which together accounted for approximately 95% of the month's losses, making April one of the most devastating months for losses in recent years.The institution reminds that while large-scale protocol-level attacks have decreased, risks such as phishing, deepfakes, and credential leaks are on the rise, with the focus of attacks increasingly shifting towards personnel and identity systems. The decline in losses this time is merely due to the absence of major security incidents; the overall security risks in the industry have not been fundamentally eliminated. Cross-chain bridge vulnerabilities and insider threats remain primary risks. (Financefeeds)
CertiK data shows attack losses on crypto platforms fell to $68.3 million in May, down nearly 90% from $650 million in April. May became the third month in 2026 with losses below $100 million. Approximately $2.6 million of this came from phishing attacks, and about $9.4 million of the stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the attack type with the highest losses, totaling approximately $45 million, accounting for 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary attack targets, suffering losses of $28.6 million, accounting for 42%.
According to CertiK monitoring, the attacker of cross-chain aggregation protocol Transit Finance has deposited 832.9 ETH into Tornado Cash, valued at approximately $1.8 million.
Ronghui Gu, co-founder and CEO of CertiK, stated that AI tools are exacerbating the imbalance between attack and defense in DeFi security, making it easier for attackers to discover vulnerabilities and replicate attack paths across different protocols.He pointed out that the DeFi security situation was particularly severe in April of this year, with only 3 days that month free from hacker attacks, resulting in cumulative losses exceeding $690 million for DeFi protocols. Excluding the Bybit attack in February 2025, April has become the month with the highest losses from DeFi hacks since March 2022.Ronghui Gu believes that attackers can concentrate significant computing power to repeatedly test a single protocol, whereas security companies need to serve multiple clients simultaneously with dispersed resources, putting the defense side at a natural disadvantage. Meanwhile, the focus of recent attacks is also shifting from smart contract vulnerabilities to operational security and weak points in the supply chain.He emphasized that even if AI fails to find vulnerabilities over an extended period, it does not prove the code is completely secure; under current technical conditions, formal verification remains a more reliable method for ensuring security.
Odaily, Web3 security firm CertiK has released the "Skynet North Korean Crypto Threat Report." Data shows that since 2016, North Korean hacking groups have accumulated approximately $6.75 billion in stolen digital assets. In 2025 alone, their thefts amounted to $2.06 billion in losses, accounting for nearly 60% of the total annual losses in the global crypto industry (including the $1.5 billion Bybit hack). As of early 2026, this threat trend continues, with losses attributable to them making up about 55%.The report emphasizes that the North Korean hackers' attack patterns have fundamentally shifted, evolving from mere code vulnerability exploitation into a state-level attack system combining social engineering, deep supply chain attacks, and 'physical infiltration.' In the recent Drift protocol incident, attackers even spent six months infiltrating offline industry conferences, building trust through real financial transactions and personal interactions before launching the attack.CertiK security experts warn that in the face of such systemic attacks, purely technical defenses are proving inadequate. Crypto institutions urgently need to fully implement a 'zero-trust' hiring model, reinforce third-party supply chains, establish fund circuit breaker mechanisms, and collaborate with professional security firms to build a full lifecycle defense system covering code auditing, round-the-clock risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.
According to The Block, blockchain security firm CertiK released a report on May 8 stating that 34 confirmed “wrench attacks” (i.e., offline physical assaults and extortion targeting cryptocurrency holders) occurred globally in the first four months of 2026—an increase of 41% compared to the same period in 2025. Victims’ total losses amounted to approximately $101 million. If this trend continues, the annual number of incidents is projected to reach around 130, with losses potentially totaling hundreds of millions of dollars. Geographically, 28 of the 34 incidents (82%) occurred in Europe, with France standing out particularly: 24 cases were recorded there in the first four months of 2026 alone—exceeding the full-year total of 20 incidents in 2025. CertiK attributes this surge to France’s hosting of flagship crypto firms such as Ledger and Binance, frequent data breaches, and a community culture of conspicuous wealth display and proactive doxxing. In contrast, reported incidents in the U.S. dropped from nine in Q1 2025 to three in Q1 2026, while Asia saw a decline from 25 to two. Regarding attack patterns, CertiK notes that criminal groups have shifted toward a “data-driven targeting” model—purchasing victims’ names, addresses, and asset information from data brokers, thereby reducing the need for physical reconnaissance. Over half of this year’s incidents involved threats against or direct harm to victims’ family members (spouses, children, elderly parents) as a coercive tactic. Operationally, small gangs of three to five individuals typically carry out these attacks via
a report from CertiK shows that in the first four months of 2026, 34 "wrench attacks" (offline violence or coercion to obtain crypto assets) have occurred globally, a 41% increase year-over-year, with cumulative losses of approximately $101 million.The report indicates that attack patterns are shifting towards being "data-driven," involving prior collection of victim information and incorporating "proxy targets," such as family members, into the threat scope to apply pressure.Regionally, Europe accounts for 82% of incidents, with France being the most concentrated. Industry insiders believe that such attacks have become a significant security risk for crypto asset holders.
According to CertiK Alert, an attacker stole approximately $5.87 million. The attacker exploited a public function to register as an AllowedOrderSigner and then executed orders to transfer pre-approved funds from victims’ addresses. CertiK urges users to immediately revoke approvals for the vulnerable contract and remain vigilant.
According to CertiK Alert (@CertiKAlert), cryptocurrency security incidents in April 2026 resulted in total losses of approximately $651 million, of which around $3.5 million stemmed from phishing attacks. This marks the highest monthly loss since March 2022 (approximately $715 million), second only to the Bybit hack in February 2025 (excluded from comparison).
According to blockchain security firm CertiK (@CertiKAlert), Wasabi Protocol (@wasabi_protocol) has suffered a security breach, with approximately $2.9 million stolen so far. Preliminary investigations indicate that the attacker gained privileged access after compromising a wallet deployed by Wasabi, enabling the attack. The stolen funds are currently distributed across the following addresses: 0xb8Bb...70dB (approximately $677,000) and 0x6244...f906 (approximately $1.1 million). The incident remains under active investigation.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
the French National Organized Crime Prosecutor's Office (PNACO) issued a statement on Friday stating that France has launched judicial investigations into 12 cryptocurrency kidnapping cases orchestrated by organized crime groups, and has indicted 88 suspects, including more than 10 minors.According to statistics, since 2023, France has recorded 135 cryptocurrency-related attacks, including 18 in 2024, 67 in 2025, and 47 so far in 2026. The accused individuals face charges including kidnapping, illegal detention, extortion, and money laundering. Recently, police arrested six suspects in two operations targeting kidnapping cases, and all individuals are currently in preventive detention. CertiK blockchain intelligence analyst Jonathan Riss stated that the masterminds behind such criminal gangs are typically located outside the European Union.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
According to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech. The attack employs a social engineering technique called “ClickFix” to trick victims into pasting commands into their Mac Terminal, thereby granting attackers access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims detect it, complicating attribution and detection. Additionally, attackers have already carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.
According to security firm CertiK (@CertiKAlert), the DeFi protocol Rhea Finance has been attacked. The attacker created a fake token contract and injected liquidity into a new liquidity pool, apparently aiming to mislead oracles and the verification layer, ultimately withdrawing approximately $7.6 million in assets.
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.