News linked to both this project and an event.
The Zcash Foundation released Zebra versions 4.5.3 and 5.0.0 to address a critical soundness vulnerability in the Orchard zero-knowledge proof circuit. Version 4.5.3 temporarily disables Orchard operations via an emergency soft fork, while version 5.0.0 activates NU 6.2, re-enables Orchard using the patched circuit, and permanently closes the vulnerability.
Odaily, Web3 security firm CertiK has released the "Skynet North Korean Crypto Threat Report." Data shows that since 2016, North Korean hacking groups have accumulated approximately $6.75 billion in stolen digital assets. In 2025 alone, their thefts amounted to $2.06 billion in losses, accounting for nearly 60% of the total annual losses in the global crypto industry (including the $1.5 billion Bybit hack). As of early 2026, this threat trend continues, with losses attributable to them making up about 55%.The report emphasizes that the North Korean hackers' attack patterns have fundamentally shifted, evolving from mere code vulnerability exploitation into a state-level attack system combining social engineering, deep supply chain attacks, and 'physical infiltration.' In the recent Drift protocol incident, attackers even spent six months infiltrating offline industry conferences, building trust through real financial transactions and personal interactions before launching the attack.CertiK security experts warn that in the face of such systemic attacks, purely technical defenses are proving inadequate. Crypto institutions urgently need to fully implement a 'zero-trust' hiring model, reinforce third-party supply chains, establish fund circuit breaker mechanisms, and collaborate with professional security firms to build a full lifecycle defense system covering code auditing, round-the-clock risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.
Andre Cronje stated most current decentralized finance (DeFi) protocols no longer qualify as "DeFi in the strict sense" and are closer to commercial systems operated by teams. This has sparked industry division over whether "circuit breakers" should be introduced to mitigate attack risks.In an interview, Andre Cronje pointed out that early DeFi centered on immutable smart contracts, but today many protocols rely on upgradeable contracts, multi-signature permissions, off-chain infrastructure, and manual operational processes. In essence, they have transitioned from "immutable public goods" to "operable, for-profit businesses." He noted that against the backdrop of recent security incidents, including DeFi attacks involving approximately $280 million and $293 million, industry risks have expanded from simple smart contract vulnerabilities to "Web2-style risks" such as infrastructure issues, permission controls, and social engineering attacks.Regarding risk management, Cronje's firm Flying Tulip recently introduced circuit breakers that delay or queue withdrawals during abnormal fund outflows, providing an emergency response window of about six hours to prevent systemic bank runs and further losses.However, this mechanism has also sparked controversy. Michael Egorov believes that circuit breakers may introduce new centralized attack surfaces. If controlled by signers or administrators, they could instead become new security vulnerabilities or sources of freezing risk. He emphasized that DeFi design should minimize human intervention rather than increase manual control points. Industry analysts pointed out that this debate essentially reflects how DeFi is shifting from the ideal model of "code is law" toward a practical architecture of "hybrid governance plus operational control," while the security boundaries are being redefined. (Cointelegraph)