News linked to both this project and an event.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
the French National Organized Crime Prosecutor's Office (PNACO) issued a statement on Friday stating that France has launched judicial investigations into 12 cryptocurrency kidnapping cases orchestrated by organized crime groups, and has indicted 88 suspects, including more than 10 minors.According to statistics, since 2023, France has recorded 135 cryptocurrency-related attacks, including 18 in 2024, 67 in 2025, and 47 so far in 2026. The accused individuals face charges including kidnapping, illegal detention, extortion, and money laundering. Recently, police arrested six suspects in two operations targeting kidnapping cases, and all individuals are currently in preventive detention. CertiK blockchain intelligence analyst Jonathan Riss stated that the masterminds behind such criminal gangs are typically located outside the European Union.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
According to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech. The attack employs a social engineering technique called “ClickFix” to trick victims into pasting commands into their Mac Terminal, thereby granting attackers access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims detect it, complicating attribution and detection. Additionally, attackers have already carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.
According to security firm CertiK (@CertiKAlert), the DeFi protocol Rhea Finance has been attacked. The attacker created a fake token contract and injected liquidity into a new liquidity pool, apparently aiming to mislead oracles and the verification layer, ultimately withdrawing approximately $7.6 million in assets.
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.