News linked to both this project and an event.
According to Cointelegraph, cybersecurity leaders led by former Facebook Chief Security Officer Alex Stamos jointly penned a letter urging the Trump administration to lift restrictions on the use of Anthropic’s Mythos model. They argue that these restrictions harm defenders far more than attackers, hindering the overall development of the cybersecurity ecosystem.
Odaily Zcash founder Zooko Wilcox posted on X stating that a security audit conducted by Anthropic's Claude Mythos AI model did not find any "more severe vulnerabilities" in the Zcash protocol. The audit was commissioned by Shielded Labs, a Swiss non-profit organization supporting Zcash development. On June 3, Zcash developers temporarily paused Orchard transactions after discovering a vulnerability in the shielded pool, restoring functionality through an emergency upgrade the same day. The issue stemmed from a four-year-old forging vulnerability in the Orchard shielded pool, identified by security researcher Taylor Hornby with the assistance of Anthropic's Claude Opus 4.8 model. The Zcash Foundation stated there is no evidence that the vulnerability was exploited, nor was any unauthorized value creation detected, and user privacy remained unaffected.Anthropic released the first public version of the Claude Mythos model, Fable 5, on Tuesday, and stated on Friday that it has suspended access to the Fable 5 and Mythos 5 AI models due to export control directives issued by the U.S. government citing national security concerns. (Cointelegraph)
According to Cointelegraph, Zcash founder Zooko Wilcox stated that a security audit of the Zcash protocol—commissioned by Shielded Labs and conducted using Anthropic’s Mythos AI model—did not uncover any new critical vulnerabilities. Previously, security researcher Taylor Hornby discovered, using Claude Opus 4.8, a four-year-old forgery vulnerability in the Orchard shielded pool, prompting developers to urgently suspend Orchard transactions on June 3 and complete the fix the same day. The Zcash Foundation confirmed there is no evidence the vulnerability was ever exploited, and user privacy remained unaffected.
law enforcement agencies from 11 countries have jointly shut down the money laundering network AudiA6, which processed over 336 million euros in illicit funds between 2022 and 2025. On June 10, law enforcement arrested two administrators of Russian and Ukrainian nationality in Georgia, seized 25 domain names, over 30 servers, and 80 vehicles, and froze approximately 778,000 euros in cryptocurrency. Operating as a "mixer-as-a-service," AudiA6 provided services to cybercriminals involved in ransomware attacks, helping them cash out crypto assets and conceal the flow of funds, charging commissions of 3% to 10% and claiming to complete the "cleaning" process within about an hour.Since 2021, the AudiA6 wallet has received approximately 10,333 BTC, valued at around $389 million at the time of the transactions. The investigation also revealed that the money laundering network used thousands of fake accounts created with stolen or purchased identities, involving over 6,000 KYC records; many of these accounts were linked to Russian-speaking intermediaries and were used to transfer criminal proceeds through cryptocurrency exchanges. The clearnet and darknet domains of AudiA6 and Dark2Web have been replaced with seizure banners. (Cointelegraph)
Odaily, Mitchell Amador, CEO of bug bounty platform Immunefi, stated at the WAIB Summit that new AI models such as Claude Opus 4.8 and ChatGPT 5.5 are shifting the balance of cybersecurity offense and defense in favor of attackers, leading to a resurgence in crypto hacks in 2026. Data from DefiLlama shows that in April 2026, illicit actors stole over $634 million from crypto platforms, the highest monthly total since the Bybit hack in February 2025 drove losses of approximately $1.4 billion.Amador stated that the crypto industry is in a critical survival period for the next three to four years until security teams leverage similar AI models to build codebases that attackers cannot breach; if the industry adopts more crowd-sourced security solutions, this timeline could be shortened to within two years. The latest Claude Mythos model, Fable 5, from AI company Anthropic, previously raised concerns about accelerating the ability to exploit crypto vulnerabilities.Anthropic stated that Fable 5 has safeguards in place that will redirect topics related to cybersecurity and similar fields to Claude Opus 4.8. On April 19, an attacker transferred approximately 116,500 restaked Ethereum (rsETH) from Kelp DAO's LayerZero-based rsETH bridge, valued at around $290 million to $293 million at the time. Cross-chain protocol LayerZero stated that the 1/1 decentralized verification network configuration of Kelp DAO relied on a single verification path for processing cross-chain messages, creating a single point of failure. (Cointelegraph)
CertiK data shows attack losses on crypto platforms fell to $68.3 million in May, down nearly 90% from $650 million in April. May became the third month in 2026 with losses below $100 million. Approximately $2.6 million of this came from phishing attacks, and about $9.4 million of the stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the attack type with the highest losses, totaling approximately $45 million, accounting for 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary attack targets, suffering losses of $28.6 million, accounting for 42%.
According to Cointelegraph, phishing ads impersonating the decentralized exchange protocol Uniswap have appeared in Google search results, enabling attackers to steal at least $400,000. On-chain analyst b-block stated that the associated counterfeit websites are draining funds from multiple wallets; the implicated addresses currently hold a combined total of 146 ETH—worth approximately $306,000 at press time. Security Alliance (SEAL) noted that such fraudulent Google ads are a common source of phishing attacks, with attackers either purchasing ad placements or compromising legitimate advertising accounts to impersonate popular crypto protocols in sponsored search results. SEAL also reported that between March 13 and March 30, these attacks resulted in total losses amounting to $1.27 million.
stablecoin issuer StablR suffered a sustained attack, causing its euro stablecoin EURR and dollar stablecoin USDR to depeg.Blockchain security firm Blockaid stated that the attacker allegedly gained control by obtaining the private key of one of the owners of the minting multi-signature account. Exploiting the 1/3 signature threshold mechanism, the attacker replaced other administrators and minted an additional 8.35 million USDR and 4.5 million EURR.Subsequently, the attacker swapped tokens worth approximately $10.4 million for about 1,115 ETH on a DEX, yielding an actual profit of around $2.8 million. Following the incident, EURR fell to around $0.88, while USDR dropped to approximately $0.7.Blockaid noted that the incident was not caused by a smart contract vulnerability but rather by a failure in key management and governance mechanisms. (Cointelegraph)
According to Cointelegraph, Bitcoin mining company MARA Holdings spent $4.3 million on CEO Fred Thiel’s personal security in 2025, including $430,780 for vehicle armor, as well as residential and personal security expenses. Filings show related spending for 2024 totaled $191,040. In the same year, MARA also spent $3.9 million on CFO Salman Khan’s personal security. The report notes that personal safety costs for companies are rising amid an increase in “wrench attacks” targeting cryptocurrency executives and investors.
Casa co-founder Jameson Lopp has warned of a new phishing attack, where attackers leverage legitimate Google account recovery forms to hide malicious links within large amounts of blank space. This technique involves embedding "invisible" or overlooked whitespace characters within long text, making the malicious link less noticeable to users, thereby tricking them into clicking and exposing their account information.Lopp advises users to remain vigilant when handling account recovery emails or forms, and to avoid clicking on links that are from unknown sources or intentionally hidden. (Cointelegraph)
According to Cointelegraph, privacy-focused messaging app Signal stated it may exit the Canadian market if required to comply with Canada’s proposed lawful access bill, Bill C-22. Udbhav Tiwari, Signal’s Vice President of Strategy and Global Affairs, said the bill could compel service providers to build technical surveillance capabilities and retain certain user metadata for up to one year—potentially undermining end-to-end encryption and increasing the risk of cyberattacks. The report notes that Bill C-22 has not yet entered into force and still requires parliamentary review and royal assent. In addition to Signal, VPN provider Windscribe has also indicated it may follow suit and withdraw from Canada if the bill is passed.
According to Cointelegraph, Tezos ecosystem developers have launched the quantum-resistant privacy payment prototype TzEL on the testnet. TzEL employs post-quantum cryptography and zk-STARK proofs to defend against “harvest now, decrypt later” attacks, safeguarding transaction data and encrypted payment metadata. The prototype also integrates Tezos’ data availability layer to handle the relatively large size of post-quantum proofs. According to the whitepaper, the quantum-resistant zk-STARK proofs used by TzEL are approximately 300 KB in size. TzEL is currently running on the Tezos testnet, and the Tezos ecosystem’s transition to post-quantum cryptography remains in its early stages.
According to Cointelegraph, a New York judge has postponed the hearing on Aave’s emergency motion to unfreeze approximately $71 million worth of ETH and ordered Aave and Gerstein Harrow LLP to submit additional case briefs. A new hearing is scheduled for June 5. The court noted that Aave previously failed to adequately explain why users’ funds would suffer “derivative losses” if the restraining order remained in effect. The assets in question are linked to the Kelp DAO hack, which involved approximately $293 million and was previously frozen by Arbitrum. The judge also directed both parties to further clarify several legal issues, including the applicable law governing the hacker’s transactions, the legal distinction between fraud and theft, the priority ranking of creditors’ claims, the applicability of constructive trust, and whether assets can be proportionally returned to victims.
According to Cointelegraph, Marlon Ferro, a 20-year-old man from California known online as “GothFerrari,” was sentenced to 78 months in federal prison, three years of supervised release, and ordered to pay $2.5 million in restitution for his involvement in a cryptocurrency theft ring responsible for over $250 million in losses. Prosecutors stated that when co-conspirators were unable to remotely breach victims’ systems or trick them into surrendering their crypto assets, Ferro carried out physical break-ins to steal hardware wallets containing the funds. The group operated from late 2023 through early 2025 and its members were also involved in database intrusions, target identification, scam phone calls, and money laundering. The investigation was led by the FBI and the IRS Criminal Investigation Division.
According to Cointelegraph, Coinbase has been sued in a U.S. federal court in California over frozen funds linked to a $55 million DAI phishing theft that occurred in 2024. The plaintiffs allege that some traceable stolen funds—after being mixed via Tornado Cash—were deposited into Coinbase retail user accounts and remain frozen. Coinbase states it can only release the assets after a court rules on their ownership. The complaint also links the theft to the malicious wallet drainer platform Inferno Drainer. Victims had engaged Zero Shadow and Five Stones Intelligence to track the stolen funds.
Kelp DAO has announced the migration of its restaking token rsETH to Chainlink CCIP, citing enhanced security as the reason for this move. Previously, a cross-chain bridge built by Kelp DAO on LayerZero was attacked on April 18, with hackers stealing approximately 116,500 rsETH, valued at around $292 million, and using the assets as collateral to borrow WETH on Aave v3.Regarding the cause of the vulnerability, LayerZero previously stated that the issue stemmed from Kelp DAO using a single DVN verification path configuration rather than multiple independent verifications. Kelp DAO responded that this configuration was the default setting and that LayerZero had confirmed its security without flagging any related risks. LayerZero CEO Bryan Pellegrino subsequently denied this claim, stating that Kelp DAO had proactively modified the default multi-DVN configuration. Both parties continue to dispute responsibility for the incident. (Cointelegraph)
According to Cointelegraph, DeFi protocol Aave filed an emergency motion in New York on Monday seeking to vacate a restraining notice issued by U.S. law firm Gerstein Harrow LLP, which prevents the Arbitrum DAO from transferring 30,766 ETH to victims of the Kelp exploit. Gerstein Harrow LLP served the restraining notice on the Arbitrum DAO last Friday, asserting that its client is entitled to over $877 million in damages under a default judgment against North Korea. The firm claims that the North Korean hacking group behind the April 18 Kelp exploit previously held these tokens and that its client therefore holds a legal claim to the relevant ETH.
According to Cointelegraph, U.S. law firm Gerstein Harrow LLP has filed an application with the U.S. District Court for the Southern District of New York seeking a temporary restraining order and three writs of execution to prevent the Arbitrum DAO from transferring 30,766 ETH (valued at approximately $73 million) frozen following the Kelp vulnerability. The firm argues that its clients obtained default judgments against North Korea in U.S. courts in 2010, 2015, and 2016, entitling them to roughly $877 million in compensation—and contends that the stolen ETH constitutes North Korean-linked assets that should be used to satisfy those judgments. Kelp DAO suffered a $292 million hack on April 18; the attacker was identified as TraderTraitor, a subgroup of the North Korean state-sponsored hacking group Lazarus Group. Aave Labs previously proposed unfreezing the seized funds and transferring them into the “DeFi United” fund to compensate rsETH holders—but this legal action by Gerstein Harrow may significantly delay compensation for victims. Members of the Arbitrum DAO community have criticized the move, arguing it shifts the burden of North Korea’s debts onto another set of victims, thereby exacerbating the original harm. Gerstein Harrow had previously pursued litigation related to the 2023 Heco Bridge hack involving Teth
According to Cointelegraph, the Arbitrum Committee voted to unfreeze $71 million worth of Ethereum to mitigate the $290 million loss caused by the Kelp DAO vulnerability.
Andre Cronje stated most current decentralized finance (DeFi) protocols no longer qualify as "DeFi in the strict sense" and are closer to commercial systems operated by teams. This has sparked industry division over whether "circuit breakers" should be introduced to mitigate attack risks.In an interview, Andre Cronje pointed out that early DeFi centered on immutable smart contracts, but today many protocols rely on upgradeable contracts, multi-signature permissions, off-chain infrastructure, and manual operational processes. In essence, they have transitioned from "immutable public goods" to "operable, for-profit businesses." He noted that against the backdrop of recent security incidents, including DeFi attacks involving approximately $280 million and $293 million, industry risks have expanded from simple smart contract vulnerabilities to "Web2-style risks" such as infrastructure issues, permission controls, and social engineering attacks.Regarding risk management, Cronje's firm Flying Tulip recently introduced circuit breakers that delay or queue withdrawals during abnormal fund outflows, providing an emergency response window of about six hours to prevent systemic bank runs and further losses.However, this mechanism has also sparked controversy. Michael Egorov believes that circuit breakers may introduce new centralized attack surfaces. If controlled by signers or administrators, they could instead become new security vulnerabilities or sources of freezing risk. He emphasized that DeFi design should minimize human intervention rather than increase manual control points. Industry analysts pointed out that this debate essentially reflects how DeFi is shifting from the ideal model of "code is law" toward a practical architecture of "hybrid governance plus operational control," while the security boundaries are being redefined. (Cointelegraph)