News linked to both this project and an event.
According to on-chain security platform Blockaid (@blockaid_), the MILC Platform cross-chain bridge suffered a private key leak on both the BNB Chain and Ethereum networks. The attacker exploited a historical bridge administrator wallet to grant the DEFAULT_ADMIN_ROLE and MANAGER_ROLE permissions to the attacker’s address. Subsequently, assets were withdrawn from the bridge contract, and administrative control was transferred to the attacker’s wallet. Confirmed losses currently stand at approximately $97,003 USDT (on BNB Chain) and approximately 39.21 ETH (on Ethereum, transferred out via Rhino.fi), totaling roughly $161,000.
Humanity released a post-mortem report on the H token security incident that occurred between June 8 and 9, stating that the incident was not caused by a smart contract vulnerability, but rather by a malware intrusion into a developer's device, which led to the leakage of private keys. Humanity stated that the attacker still holds the ProxyAdmin permissions for the ETH bridge and the BNB Chain token. Preliminary investigations confirmed that a colleague's device was infected with malware, which the attacker used to obtain the hot wallet private key of the administrator and the private keys for signing on 6 Gnosis Safe wallets. The team has hired an external security agency to conduct a forensic investigation and stated that they are formulating a recovery plan for affected users.
Syscoin released a preliminary post-mortem of the cross-chain bridge incident, stating that due to a verification issue in the bridging process, the attacker exploited an abnormal transaction proof validation to generate approximately 5 billion SYS tokens abnormally on the UTXO side via the affected bridging path.
: SlowMist posted on X platform, stating that its threat intelligence system has detected a new Rust supply chain malware activity named IronWorm. This malware actively attacks developer environments and the Web3/crypto ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet seed phrase and password theft, GitHub repository tampering, malicious package publishing, CI/CD key theft, Tor-based command and control, and covert persistence via eBPF rootkits.SlowMist recommends that security teams audit repositories for backdated commits, suspicious branches, abnormal build hooks, and commits attributed to automated identities such as claude, dependabot, renovate, or github-actions; remove or deprecate affected package versions, publish clean versions, rotate all exposed keys and tokens, review GitHub Actions build artifacts, and rebuild potentially compromised developer or CI systems from clean images. This threat was discovered and analyzed by JFrogSecurity.
: According to an official announcement, on June 3, Trust Wallet announced a partnership with BNB Chain and CoinMarketCap to officially launch the "BNB Hack: AI Trading Agents" hackathon, featuring a total prize pool of $36,000. The Trust Wallet Agent Kit serves as the core on-chain execution technology stack for this event. This hackathon also marks the first time the Trust Wallet Agent Kit has been fully integrated as a core infrastructure component into a top-tier AI Agent hackathon system.The hackathon features two main tracks: "Autonomous Trading Agents" (prize pool $24,000, 5 winners) and "Strategy Skills" (prize pool $6,000, 3 winners), in addition to three partner special awards of $2,000 each. In the "Autonomous Trading Agents" track, participants must leverage the Trust Wallet Agent Kit to achieve local self-custodial signing, autonomous mode operation, and on-chain trade execution, deployed within native BNB Chain scenarios such as PancakeSwap and BSC Perpetual Contracts. The "Strategy Skills" track does not require an execution layer; participants build backtestable strategy proposals based on 12 categories of data tools from CoinMarketCap MCP, including market data, technical indicators, on-chain data, sentiment, and news.Track one uses real PnL as the core evaluation criterion, setting a maximum drawdown limit as the risk control threshold. Track two is comprehensively scored by a judging panel across four dimensions: technical execution, originality, real-world value, and presentation. The build window runs from June 3 to June 21, the trading window from June 22 to June 28, and winners will be announced during the week of July 6. In addition to cash prizes, winning teams will receive CoinMarketCap Pro API subscription credits, mentorship from CMC Labs, and the BNB Chain Kickstart ecosystem support package.
According to on-chain analyst PeckShield (@PeckShieldAlert), approximately 19 hours ago, TesseraDao (@TesseraDao) on BNB Chain was attacked. The hacker maliciously minted 99 million TSR tokens and immediately dumped them, causing the TSR price to plummet by 99%. The attacker then exchanged the stolen TSR for approximately $2.5 million in USDT and cross-chained the funds to Ethereum. The attacker has since laundered 1,285.5 ETH via TornadoCash.
According to The Block, the DeFi lending protocol Radiant Capital has announced it will officially cease operations. The protocol suffered a hack in October 2024, losing approximately $51 million; the attacker gained unauthorized access by deploying backdoor contracts on Arbitrum and BNB Chain. Earlier in 2024, the protocol had also been hit by a flash loan attack, resulting in a loss of roughly 1,900 ETH (approximately $4.5 million). After 18 months of recovery efforts, Radiant Capital stated that it has neither recovered a significant portion of the stolen funds nor secured new financing, declaring that “the DAO has no viable path forward.” The protocol will now enter a “maintenance mode”: its frontend and smart contracts remain accessible, allowing users to withdraw funds, repay loans, and manage positions. Any funds recovered in the future will be returned to affected users.
DxSale.Network posted on X platform in response to a recent security incident, disclosing that the vulnerability originated from the newly launched atomic transaction feature on BNB Smart Chain (BSC), which affected the v1 lockup contract launched in 2021. The team has identified the source of the issue and stated that lockup contracts for v2 and above are completely secure and have been audited by Certik. Users can rest assured that assets locked in v2 and above are unaffected.
According to on-chain investigator Eye, DxSale is suspected of withdrawing approximately $7.3 million from some of its early liquidity pools locked on BNB Chain since 2021—impacting over 1,400 LPs. Eye stated that the attack involved silent ownership transfers and over 80 wallet hops. Eye noted that the newly used wallet address in the attack received 104 BNB from Bybit 20 hours prior to the liquidity pool withdrawal, and subsequently received approximately 1,200 BNB after the funds were withdrawn from the liquidity pools. Thereafter, this address transferred roughly 3,400 BNB in total to two wallets, with the related funds already withdrawn via multiple Binance deposit addresses.
According to on-chain analyst PeckShield (@PeckShieldAlert), SlowMist’s threat intelligence system MistEye has detected a cross-registry supply chain attack targeting developers. Malicious packages have spread across three major registries—npm, PyPI, and Crates.io—comprising over 34 malicious packages and more than 384 related versions. The attack targets developer communities in cryptocurrency, DeFi, Solana, Sui/Move, and AI. It may lead to the theft of cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and other sensitive developer information. Some malicious payloads also attempt persistence via mechanisms including `.cursorrules`, `CLAUDE.md`, Git hooks, cron, systemd, and SSH. SlowMist recommends immediately removing affected packages, isolating compromised systems, rotating exposed credentials, rebuilding CI environments and developer machines from clean images, and conducting comprehensive reviews of GitHub, cloud, SSH, and wallet-related activities.
Odaily News: Blockaid posted on platform X, stating that its vulnerability detection system has discovered an attack on the Verus Ethereum cross-chain bridge, which has so far caused losses of approximately $11.58 million.
on-chain analyst Specter stated that the hijacking incidents of investor Keith Gill, Matt Furie, and WinRAR accounts on the X platform are all linked to the same hacker organization. This organization has accumulated over $14 million in profits by hijacking accounts to promote tokens and conducting cross-chain money laundering, with funds flowing through five chains: Solana, BNB Chain, Ethereum, Tron, and Hyperliquid.Specter claims the organization may also be connected to a $2.45 million wstETH phishing attack in 2024. The investigation found that hackers used compromised accounts to issue Pepe imitation tokens, incorporating a built-in 2% automatic fee mechanism to generate profits; related fund flows are associated with the bnbshare.fun platform and multiple Solana, Tron, and Ethereum addresses. Analysis also showed that several tokens (including USOR, VDOR, DROID, WCOR, UGOR) were used to inflate market caps before being dumped to zero.
Odaily Chainalysis posted on X platform, stating that prior to the THORChain theft, wallets suspected to be linked to the attacker had been transferring funds through Monero, Hyperliquid, and THORChain for several consecutive weeks. As early as late April, the attacker-associated wallets deposited funds into Hyperliquid positions via Hyperliquid and the Monero privacy bridge. These funds were subsequently converted to USDC and transferred to Arbitrum, then bridged to Ethereum. Some of the ETH was then moved to THORChain to stake as RUNE for a newly joined node, which is believed to be the source of the attack.Subsequently, the attacker bridged a portion of the RUNE back to Ethereum and split it into four chains. One chain went directly to the attacker, passing through intermediate wallets before transferring 8 ETH to the wallet that would ultimately receive the stolen funds, just 43 minutes before the attack. The funds from the other three chains flowed in reverse. Between May 14 and 15, these wallets bridged the ETH back to Arbitrum again, deposited it into Hyperliquid, and transferred it into Monero via the same privacy bridge, with the final transaction occurring less than 5 hours before the attack commenced. As of Friday afternoon, the stolen funds remain untouched, but the attacker has demonstrated sophisticated cross-chain money laundering capabilities. The Hyperliquid to Monero path may be the next move.
following the $292 million exploit of Kelp DAO's LayerZero bridge, the security of cross-chain infrastructure has once again come under scrutiny. DeFi protocols Kelp DAO, Solv Protocol, Re, and crypto exchange Kraken have all taken similar migration measures, with the total value of this outflow reaching approximately $4 billion.Decentralized finance protocol Lombard has become the latest project to join the migration wave, announcing a gradual phase-out of LayerZero and the migration of over $1 billion in Bitcoin collateral assets to Chainlink's Cross-Chain Interoperability Protocol (CCIP). Bitcoin-related tokens issued by Lombard include LBTC and BTC.b. It is reported that Lombard's initial migration assets cover the Solana, Etherlink, Berachain, Corn, and TAC chains, while the use of LayerZero on Morph and Swell will also be terminated. As of now, LayerZero has not responded to requests for comment. (CoinDesk)
According to Odaily, THORChain has issued an emergency announcement stating that after discovering a suspected breach of an Asgard vault, the network has suspended trading operations to respond to the security incident. Preliminary information indicates that user funds remain unaffected, with losses primarily concentrated on the protocol's own capital.The official statement noted that the system automatically detected anomalous behavior and halted signing operations, thereby alerting the community and preventing further asset outflow. The investigation is currently ongoing to determine the root cause of the vulnerability and the full scope of the impact.Known information indicates that this incident involves one of the six Asgard vaults, with estimated losses of approximately $10.7 million. Meanwhile, staked RUNE on the affected nodes has been slashed due to a penalty mechanism triggered by unauthorized outgoing transactions. The network has paused churn operations and delayed the launch of new chains and related features until system stability is restored.THORChain stated that no user cross-chain transactions have been affected so far and has requested node operators to thoroughly inspect their infrastructure, secure key management, and anomalous behavior, and to submit relevant logs to assist the investigation.
According to on-chain analyst PeckShield (@PeckShieldAlert), THORChain has been hacked, resulting in losses of approximately $10 million in crypto assets, including 36.75 BTC (around $3 million) and roughly $7 million in assets from BNB Chain, Ethereum, and Base.
OpenAI has confirmed a supply chain attack targeting a malicious TanStack NPM package in its internal environment, infecting two employees' devices. While user data and core code were not affected, the attackers stole access credentials for some internal code repositories, including code signing certificates used for iOS, macOS, and Windows products.To prevent hackers from exploiting the stolen certificates to distribute counterfeit applications, OpenAI has initiated defensive certificate rotation and announced that all macOS users of ChatGPT desktop, Codex, and Atlas browsers must upgrade to the latest version by June 12, 2026. After this deadline, old certificates will be revoked, and system-level blocks will prevent the launch of older versions and new installations.OpenAI stated that the company had previously deployed stricter code package blocking policies, but the infected devices had not yet synchronized the latest configuration, allowing the malicious component to successfully infiltrate. Currently, the iOS and Windows clients are unaffected, and core data such as user account passwords and API keys have been confirmed secure.
Kraken announced on X platform that Chainlink CCIP will become the sole cross-chain infrastructure for kBTC and future wrapped assets, replacing the original LayerZero protocol. This decision followed last month's $292 million LayerZero cross-chain bridge exploit incident at Kelp.Currently, a total of over $3 billion in total value locked has migrated from LayerZero. The migration covers blockchains including Ethereum, Ink, Unichain, and Optimism. The current market cap of kBTC is approximately $260 million. Kraken stated that it will continue to be responsible for the issuance and custody of assets, while Chainlink CCIP will handle cross-chain asset transfers. (coindesk)
Odaily Odaily News Gate Research recently released its "April 2026 Cryptocurrency Market Review" report, indicating that the overall cryptocurrency market saw a volatile upward trend in April, with total market capitalization significantly higher than in March. BTC and ETH ETF trading volumes maintained high volatility overall. The report shows continued divergence in activity across major public chain ecosystems. Solana's daily transaction volume remained in the range of approximately 90 million to 110 million transactions, maintaining its leading position.Regarding trending sectors, the report notes that Pokemon TCG RWA has become one of the fastest-growing on-chain RWA sub-sectors, entering a second explosive growth phase in April. Major trading platforms saw monthly trading volumes exceed $220 million, with weekly revenue briefly approaching $6 million, setting new historical records. Meanwhile, Aave experienced its most severe liquidity crisis ever in April, with TVL outflows reaching tens of billions of dollars within a few days and net outflows exceeding $9 billion for the entire month.In terms of fundraising and security incidents, the Web3 industry completed 51 financing rounds in April, totaling approximately $834 million, with capital further concentrating on leading financial and infrastructure tracks. Among these, Payward ranked first for the month with a $200 million financing round. On the security front, Web3 security incidents in April resulted in losses of approximately $306 million, a month-over-month increase of about 858%, primarily driven by a single cross-chain infrastructure attack on Kelp DAO worth approximately $293 million. The report suggests that against the backdrop of a recovering market, on-chain activity and capital liquidity are both increasing simultaneously. However, the security risks associated with cross-chain infrastructure and high-leverage protocols remain worthy of continued attention.
TAC stated that its cross-chain layer on the TON side was exploited by external attackers, resulting in approximately $2.8 million in losses involving USDT, BLUM, and tsTON. TAC confirmed that the TAC token, TON, and all ERC-20 tokens bridged from Ethereum remain unaffected. The bridge has been temporarily suspended, and the team is conducting forensic analysis and implementing fixes. Additionally, the team plans to legally structure a sale of the foundation’s TAC token treasury reserves to restore bridge liquidity and compensate affected users. A post-mortem report and further details will be released within the next 48 hours.