News linked to both this project and an event.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
According to on-chain analyst PeckShield (@PeckShieldAlert), a user’s Alchemix Yearn yvVault position (token $yvWETH) was attacked, resulting in an estimated loss of approximately $1 million. The root cause of the attack lies in the user’s prior approval grant to an unverified contract (contract address: 0x143a), deployed 10 days ago. Reverse-engineering analysis revealed that this contract contains a vulnerability enabling arbitrary call execution. Exploiting this vulnerability, the attacker successfully transferred the victim’s yvVault position. PeckShield has now publicly disclosed the specific logic of this vulnerability. Users are advised to review and revoke token approvals granted to unknown or unverified contracts to mitigate asset risks.
Currently, the LayerZero Labs DVN has resumed operations and announced that it will no longer sign or verify messages for applications still using the 1/1 configuration. LayerZero has collaborated with multiple law enforcement agencies worldwide and is actively assisting in tracking the stolen funds.
According to on-chain analytics platform Lookonchain (@lookonchain), an OTC whale previously purchased 163,405 ETH (approximately $440 million) and 4,000 cbBTC (approximately $296 million). Due to the KelpDAO rsETH cross-chain bridge vulnerability, this whale was unable to withdraw ETH normally from Aave and was forced to discount-swap 7,438 aEthWETH (approximately $16.83 million) for 1,930 stETH and 5,272 ETH, incurring a loss of approximately 237 ETH (about $540,000). The whale has since withdrawn 98,032 wstETH (approximately $272 million) and 3,000 cbBTC (approximately $221.6 million) from Aave, leaving 10,000 ETH (approximately $22.8 million) still deposited in Aave.
Odaily News France has become a hotspot for wrench attacks, with at least 41 cryptocurrency-related kidnappings and home invasions reported this year, averaging one incident every 2.5 days. Jean-Didier Berger, the Deputy Minister of the Interior, stated that a series of new measures are being prepared with Interior Minister Laurent Nuñez to address this issue.A wrench attack refers to the use of physical violence to force victims to transfer crypto assets. Data from Certik and Jameson Lopp shows that globally, there were 72 verified cases of physical coercion in 2025, a 75% year-on-year increase, with cases involving physical assaults rising by 250%. Ledger co-founder David Balland was kidnapped in France in January 2025. Security researchers point out that attackers are shifting from targeting wallets to hunting individuals, using social media and leaked data to identify targets. Due to the irreversible nature of crypto transactions, attackers often convert illicit proceeds into stablecoins and transfer them across chains to evade tracking. Experts recommend using tools such as multi-signature wallets, withdrawal delays, and spending limits to reduce the risk of attack.
According to a post by Lido, the Lido Earn team is aware of the developments regarding the Kelp DAO exploit, and earnETH has exposure to rsETH. As a precautionary measure, additional deposits to earnETH have been paused while the situation is being assessed with relevant partners. More details will be announced later.
According to The Block, Circle CEO Jeremy Allaire responded at a press conference in Seoul, South Korea, to criticism over Circle’s decision not to freeze the stolen USDC involved in the Drift incident. He stated that Circle fulfills its legal obligations and freezes wallets only upon instruction from law enforcement agencies or courts; unilaterally freezing assets would constitute a “major ethical dilemma.” He also revealed that Circle is engaging with U.S. legislative bodies regarding the Clarity Act, seeking to establish a “safe harbor” mechanism for stablecoin issuers in extreme circumstances—but emphasized that any such authority must be explicitly granted through legislation, not exercised unilaterally by the company.
According to The Block, U.S. musician Garrett Dutton (stage name G. Love) lost 5.9 BTC—worth approximately $420,000—after downloading and using a counterfeit Ledger wallet app from the App Store and entering his recovery phrase. On-chain analyst ZachXBT discovered that the attacker laundered the stolen Bitcoin via the KuCoin platform. This incident once again exposes the security risks posed by fake wallet apps, reminding users to exercise heightened caution when downloading and using cryptocurrency-related applications, and to avoid entering sensitive information through unofficial channels.