News linked to both this project and an event.
According to PeckShield monitoring, structured products protocol ThetanutsFi has been attacked, resulting in a loss of approximately $2.1 million. Of this, roughly $2 million in option tokens have been recovered by a white hat address. The attacker has exchanged $105,000 USDC for approximately 60 ETH, and still holds USDC option tokens worth around $34,000.
blockchain security analyst Specter posted on X platform, stating that an old liquidity pool of the Solana DeFi protocol Raydium is suspected of being attacked, with the attacker stealing approximately $1.34 million in assets, mainly including USDC, RAY, and wSOL. Currently, the hacker has transferred the stolen funds to Ethereum via a bridge and subsequently deposited them into Tornado Cash for mixing.
according to Specter, in collaboration with ChangeNOW, $91,000 of the funds stolen from Gravity Bridge have been frozen. The attacker still holds the majority of the funds, which have not yet been transferred.Previously, it was reported that the private key for Gravity Bridge's bridging contract was leaked, leading to the theft of $5.4 million in assets. The assets extracted by the attacker include: $4.3 million in USDC, 274 WETH (worth approximately $553,000), $434,000 in USDT, and $64,000 in PAYG. The involved addresses are 0x7B58...1F9 and 0x4d3c...A47.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
Odaily Odaily founder Rand posted on platform X, stating that with the assistance of on-chain detective ZachXBT, the team has identified the root cause of the recent cUSDC freeze incident, which is unrelated to the Zama protocol itself or privacy technology. The incident originated when a wallet address associated with the Overnight Finance hack deposited over $12.5 million USDC into Zama's cUSDC wrapper contract. Since the address was not on any sanctions list at the time of deposit and was not flagged by KYT (Know Your Transaction) tools, the funds were able to enter the protocol.Rand stated that law enforcement agencies recently issued asset restriction orders against several wallets linked to the hacker. At that time, the cUSDC wrapper contract held relatively small funds, with over 99% coming from the aforementioned hacker address. Consequently, the court ordered the freezing of the entire wrapper contract to restrict the movement of the related funds. Rand emphasized that this measure is not a sanction against Zama or privacy protocols, but a common judicial freezing measure in the DeFi space.To cooperate with the investigation, Zama has suspended the operation of the cUSDC, cUSDT, and cWETH contracts until the investigation is complete, all involved addresses are identified, and corresponding measures are taken. Rand reiterated that Zama adheres to the principle of "compliant confidentiality" and will not tolerate any illegal activities. He also indicated that a more detailed post-mortem of the incident and a plan for handling similar requests in the future will be released subsequently.
On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have suffered a security incident due to a smart contract private key leak, affecting assets including USDC, WETH, and USDT, with total losses amounting to approximately $5.4 million.
The Resolv Foundation has announced its recovery plan following the protocol security incident. USR/wstUSR tokens held and snapshot-recorded prior to the incident will be redeemed for USDC at a 1:1 ratio, while USR/wstUSR acquired after the incident will be redeemed at a 1:0.5 ratio. RLP holdings will be restored at a core redemption rate of 0.71 USDC per token, with additional RESOLV token allocations based on a reference price of $0.03. The Foundation stated that eligible users may claim their recovery funds between May 26, 2026, and August 26, 2026.
Verus confirmed on Platform X that its Verus-Ethereum cross-chain bridge has been attacked, resulting in the theft of ETH, USDC, and tBTC from the contract on the Ethereum chain. Other bridged assets are currently unaffected. The Verus network is now suspended, with most block-producing nodes voluntarily going offline after experiencing the cascading effects of the attack. The development team is fully investigating the scope of the incident, the attack vector, and the subsequent remediation plan, and will provide updates once more information is confirmed. Verus stated that it is willing to cooperate with relevant law enforcement agencies to pursue legal accountability; however, if the attacker returns all stolen funds, the project team is willing to offer a bug bounty and will not pursue further legal action.Verus also reminds users that anyone claiming to be part of the Verus team or community in public channels, private messages, or other avenues, and offering "compensation" or "remediation plans," is a scammer. The official statement emphasizes not to interact with anyone claiming there are compensation projects or offering payouts, and to promptly report such accounts to Discord or Platform X.Previously, it was reported that the Verus-Ethereum cross-chain bridge was attacked, resulting in losses of approximately $11.58 million.
According to PeckShield monitoring, the Verus-Ethereum Bridge has been hacked, resulting in the loss of assets including 103.6 tBTC, 1,625 ETH, and 147,000 USDC. The hacker subsequently swapped the stolen assets for approximately 5,402.4 ETH. The attacker's address received an initial 1 ETH approximately 14 hours ago via the mixing protocol Tornado Cash.
Odaily Chainalysis posted on X platform, stating that prior to the THORChain theft, wallets suspected to be linked to the attacker had been transferring funds through Monero, Hyperliquid, and THORChain for several consecutive weeks. As early as late April, the attacker-associated wallets deposited funds into Hyperliquid positions via Hyperliquid and the Monero privacy bridge. These funds were subsequently converted to USDC and transferred to Arbitrum, then bridged to Ethereum. Some of the ETH was then moved to THORChain to stake as RUNE for a newly joined node, which is believed to be the source of the attack.Subsequently, the attacker bridged a portion of the RUNE back to Ethereum and split it into four chains. One chain went directly to the attacker, passing through intermediate wallets before transferring 8 ETH to the wallet that would ultimately receive the stolen funds, just 43 minutes before the attack. The funds from the other three chains flowed in reverse. Between May 14 and 15, these wallets bridged the ETH back to Arbitrum again, deposited it into Hyperliquid, and transferred it into Monero via the same privacy bridge, with the final transaction occurring less than 5 hours before the attack commenced. As of Friday afternoon, the stolen funds remain untouched, but the attacker has demonstrated sophisticated cross-chain money laundering capabilities. The Hyperliquid to Monero path may be the next move.
Euler Finance announced it will take over the maintenance and operation of the Euler contract stack known as Mewler under HypurrFi on the Hyperliquid EVM. The relevant infrastructure is undergoing a smooth transition, with Clearstar Labs continuing to serve as the risk manager for the Prime, Yield, and Earn vaults. HypurrFi Scale and Pooled Markets are scheduled to gradually wind down and undergo orderly liquidation over the coming weeks. However, all existing markets remain solvent and fully operational, with no security vulnerabilities or emergency parameter adjustments.During the migration process, new borrowing functionality for some Pooled assets has been frozen, but HYPE, USDC, and USDT0 can still be used for liquidity provision to allow borrowers to gradually unwind their positions. Euler emphasized that its isolated lending architecture on HyperEVM will continue to serve as core infrastructure, jointly maintained by Euler and Clearstar Labs.The HypurrFi team stated that user deposits, positions, and collateral assets remain fully secure. This adjustment is an active strategic migration, not a security incident or protocol failure. According to the plan, Euler Prime and Yield markets will become the primary entry points for lending and yield markets on HyperEVM moving forward. The HypurrFi brand will be gradually phased out, with related support services closing after May 28. Full market liquidation is expected to be completed by July 15, 2026.HypurrFi also reminded users to be aware of risks and fraudulent links during the migration process, to operate only through official channels, and to use the built-in migration tools to transfer Pooled positions to Euler Prime or Yield markets.
According to Odaily, AI startup White Circle has completed an $11 million seed funding round, with participation from Romain Huet of OpenAI, Durk Kingma of Anthropic, and several other executives from prominent AI companies. The company provides a unified API for real-time monitoring of large model inputs and outputs, used to detect hallucinations, prompt injection attacks, harmful content, model drift, and malicious user behavior. It also supports custom security policies (such as rate limiting and banning) and automated governance. (Techfundingnews)
Huma Finance posted on X platform, stating that its old v1 contract deployed on Polygon was exploited today, resulting in the transfer of approximately 101,400 USDC. This incident did not compromise user funds, and the related PST system was also unaffected. Only the gradually phased-out v1 legacy pools were impacted. The Huma v2 system is a complete rewrite deployed on Solana and is not vulnerable to this exploit. The team was already in the process of retiring v1 liquidity pools, and following this incident, they have fully suspended the operation of v1 contracts and accelerated the completion of migration efforts.
According to Odaily, Drift Protocol has released a user recovery plan for the approximately $295 million security vulnerability incident on April 1, which was attributed to a North Korean-backed hacker group. Under the plan, Drift will issue receipt tokens representing users' verified losses, with each token corresponding to $1 in losses, allowing holders to gradually redeem based on the recovery pool's funding size.Currently, the recovery pool has initial funding of approximately $3.8 million. Subsequent funding sources include up to $127.5 million from exchange revenue, Tether-backed funds, and up to $20 million from partner contributions, aiming to cover total losses of approximately $295.4 million. Drift has frozen approximately $3.36 million in USDC and has established a public bounty program offering 10% of recovered assets. It is expected to relaunch the exchange in a "security-first" model during the second quarter. (CoinDesk)
SolanaFloor posted on X platform, stating that a suspected MEV bot turned $0.22 USDC into $696,000 USDC in a single transaction by executing an MEV-style price manipulation attack on Meteora's ANB pool. The ANB token dropped 99%.
according to Blockaid monitoring, an ongoing attack has occurred on Aftermath Finance's perpetual contract protocol on the Sui Network, with approximately $1.1 million worth of USDC stolen across 11 transactions within about 36 minutes. Analysis indicates the vulnerability stems from a fee accounting flaw in the perpetual contract liquidation system, which the attacker exploited to artificially inflate synthetic collateral and drain funds from the protocol's treasury.
According to on-chain security firm Blockaid (@blockaid_), AftermathFi’s perpetual contract on Sui Network was exploited via a vulnerability on April 29. The attacker (address: 0x1a65...2d41e) stole approximately $1.1 million in USDC across 11 transactions within roughly 36 minutes. The attack exploited a flaw in the perpetual contract liquidation fee calculation, enabling illicit withdrawals from the protocol’s treasury via synthetic collateral inflation.
Circle Ventures, Consensys, and Joseph Lubin have announced their support for the DeFi United initiative, aimed at mitigating losses caused by the Kelp DAO vulnerability. Circle Ventures is supporting the ecosystem by purchasing AAVE tokens. Consensys and Ethereum co-founder Joseph Lubin have confirmed the provision of 30,000 ETH to DeFi United. To date, DeFi United has raised over 132,000 ETH, with a total value exceeding $300 million. These funds will be used to cover bad debts resulting from an attacker minting unbacked rsETH via the LayerZero bridge and borrowing assets on Aave. Previously, Aave proposed a donation of 25,000 ETH, while Lido DAO, Ether.fi, and Kelp have respectively proposed or pledged donations of 2,500 ETH, 5,000 ETH, and 2,000 ETH.
the lending protocol Purrlend was attacked on the MegaETH and HyperEVM networks, resulting in losses of approximately $1.52 million. The attacker extracted approximately $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125 USDT0, 194,745 USDH, and portions of UBTC, wstHYPE, UETH, kHYPE, and WHYPE. The attacker also extracted approximately $324,000 in assets from the MegaETH network, including USDT0, WETH, and USDm. Purrlend has since paused the protocol and launched an investigation. The attacker's address has been identified on the block explorers of both networks.
According to an official announcement by Volo, a security vulnerability occurred today on the Sui network involving Volo—a BTCFi and LST protocol—resulting in the theft of approximately $3.5 million in assets (including WBTC, XAUm, and USDC) from three specific vaults. Immediately after the incident, the team notified the Sui Foundation and ecosystem partners and froze all vaults to prevent further losses. Volo stated that the vulnerability affected only these three vaults; the remaining vaults are not exposed to the same attack vector, and the other ~$28 million in TVL remains secure. The official announcement emphasized that Volo will bear the loss entirely and will not pass it on to users. A comprehensive post-mortem report and remediation plan will be released upon completion of the investigation.