News linked to both this project and an event.
Humanity has announced the $H incident recovery plan: The legacy version of H on Ethereum, BNB Smart Chain, and Humanity Mainnet has been deprecated. A new Ethereum ERC-20 version of H will be airdropped 1:1 to eligible holders based on a pre-attack snapshot. Attackers and associated addresses have been excluded.
According to PeckShield monitoring, structured products protocol ThetanutsFi has been attacked, resulting in a loss of approximately $2.1 million. Of this, roughly $2 million in option tokens have been recovered by a white hat address. The attacker has exchanged $105,000 USDC for approximately 60 ETH, and still holds USDC option tokens worth around $34,000.
in response to a suspected attack on the Aztec Router contract on the Ethereum chain, Aztec Labs has formally launched an investigation. At the same time, it clarified that Aztec Connect was deprecated three years ago, and that Aztec Labs does not hold any admin keys or control over the system, and cannot currently pause or upgrade it. Therefore, the community is advised to be wary of fake "support" accounts and direct messages.
According to on-chain analyst Yu Jin (@EmberCN), the attacker responsible for the March THE liquidation event on the Venus platform sold 1,912 ETH for $3.26 million one hour ago to repay part of their loan on Aave. That loan was originally taken out by collateralizing ETH and was used to manipulate the Venus liquidations. The attacker’s address still has $6.78 million in USDT outstanding on Aave.
A cryptography expert advisory committee led by Coinbase released a report stating that Bitcoin should immediately begin preparing for potential quantum computing attacks. However, the committee did not take a clear stance on whether to freeze the millions of bitcoins potentially vulnerable to quantum-computing theft in the future. The committee includes several leading experts, such as Justin Drake, a researcher at the Ethereum Foundation. They argue that the current debate is not about *how* to introduce quantum-resistant signature schemes, but rather *how to handle* bitcoins held in long-dormant addresses that fail to migrate. One camp advocates setting a final deadline after which Bitcoin’s existing ECDSA and Schnorr signature schemes would no longer be supported, and unmigrated funds would be frozen—thereby preventing future quantum attackers from seizing large amounts of BTC and destabilizing markets. The other camp contends that freezing funds would effectively amount to asset confiscation, violating Bitcoin’s core principles of immutability and full user control over assets—and could set a precedent for future regulatory-driven freezes. The Coinbase advisory committee notes that these approaches are not mutually exclusive and could be combined. Yet it declines to state a position on whether “legacy BTC” should be frozen, asserting that the ultimate decision rests with Bitcoin’s community governance. It emphasizes two key points: first, technical development of quantum-resistant signature migration must begin immediately—not wait for governance debates to conclude; second, users must receive clear, timely risk communication to prevent prolonged uncertainty from harming the Bitcoin ecosystem.
Odaily, Mitchell Amador, CEO of bug bounty platform Immunefi, stated at the WAIB Summit that new AI models such as Claude Opus 4.8 and ChatGPT 5.5 are shifting the balance of cybersecurity offense and defense in favor of attackers, leading to a resurgence in crypto hacks in 2026. Data from DefiLlama shows that in April 2026, illicit actors stole over $634 million from crypto platforms, the highest monthly total since the Bybit hack in February 2025 drove losses of approximately $1.4 billion.Amador stated that the crypto industry is in a critical survival period for the next three to four years until security teams leverage similar AI models to build codebases that attackers cannot breach; if the industry adopts more crowd-sourced security solutions, this timeline could be shortened to within two years. The latest Claude Mythos model, Fable 5, from AI company Anthropic, previously raised concerns about accelerating the ability to exploit crypto vulnerabilities.Anthropic stated that Fable 5 has safeguards in place that will redirect topics related to cybersecurity and similar fields to Claude Opus 4.8. On April 19, an attacker transferred approximately 116,500 restaked Ethereum (rsETH) from Kelp DAO's LayerZero-based rsETH bridge, valued at around $290 million to $293 million at the time. Cross-chain protocol LayerZero stated that the 1/1 decentralized verification network configuration of Kelp DAO relied on a single verification path for processing cross-chain messages, creating a single point of failure. (Cointelegraph)
blockchain security analyst Specter posted on X platform, stating that an old liquidity pool of the Solana DeFi protocol Raydium is suspected of being attacked, with the attacker stealing approximately $1.34 million in assets, mainly including USDC, RAY, and wSOL. Currently, the hacker has transferred the stolen funds to Ethereum via a bridge and subsequently deposited them into Tornado Cash for mixing.
According to on-chain security platform Blockaid (@blockaid_), the MILC Platform cross-chain bridge suffered a private key leak on both the BNB Chain and Ethereum networks. The attacker exploited a historical bridge administrator wallet to grant the DEFAULT_ADMIN_ROLE and MANAGER_ROLE permissions to the attacker’s address. Subsequently, assets were withdrawn from the bridge contract, and administrative control was transferred to the attacker’s wallet. Confirmed losses currently stand at approximately $97,003 USDT (on BNB Chain) and approximately 39.21 ETH (on Ethereum, transferred out via Rhino.fi), totaling roughly $161,000.
Humanity released a post-mortem report on the H token security incident that occurred between June 8 and 9, stating that the incident was not caused by a smart contract vulnerability, but rather by a malware intrusion into a developer's device, which led to the leakage of private keys. Humanity stated that the attacker still holds the ProxyAdmin permissions for the ETH bridge and the BNB Chain token. Preliminary investigations confirmed that a colleague's device was infected with malware, which the attacker used to obtain the hot wallet private key of the administrator and the private keys for signing on 6 Gnosis Safe wallets. The team has hired an external security agency to conduct a forensic investigation and stated that they are formulating a recovery plan for affected users.
Humanity released an incident update stating that its H token was subject to a coordinated attack on Ethereum and BSC on the evening of June 8, resulting in approximately $36 million worth of tokens stolen and dumped across both chains. The project disclosed that the attack originated from a compromised employee laptop, which led to the leakage of multiple owner keys for the Gnosis Safe controlling the Hyperlane bridge ProxyAdmin. On Ethereum, the attacker seized ownership of the ProxyAdmin and upgraded the contract to a malicious implementation, transferring approximately 141.2 million H tokens in a single transaction. On BSC, after similarly gaining control of the ProxyAdmin, the attacker deployed a malicious implementation with infinite minting capabilities, minting 200 million H tokens in two transactions and continuously dumping them. Humanity has suspended deposits and withdrawals on the affected cross-chain bridge and is cooperating with exchanges and law enforcement to investigate the incident and seek partial recovery of the stolen funds.
Humility Protocol released a security incident update on the X platform, stating that its H token suffered a coordinated attack on the Ethereum and BSC chains yesterday, with confirmed losses exceeding $36 million in stolen and dumped assets.Preliminary investigations indicate the incident originated from a compromised employee computer, which led to the leakage of private keys for the multi-signature wallet controlling the Hyperlane Bridge ProxyAdmin. Specifically, the attacker obtained 3 out of 6 private keys of the Gnosis Safe wallet on the Ethereum chain, transferred ownership of the ProxyAdmin to a wallet under their control, upgraded the bridge contract to a malicious implementation, and subsequently transferred approximately 141.2 million H tokens in a single transaction.Simultaneously, the attacker also gained control of 3 out of 5 private keys of the Safe wallet on the BSC chain, took over the ProxyAdmin using the same method, deployed a malicious contract with unlimited minting functionality, and minted 200 million H tokens in two separate transactions to their own wallet.Humility stated that it has suspended all deposit and withdrawal operations on the affected bridge services and is collaborating with partners such as exchanges to mitigate losses. Meanwhile, it is cooperating with the police investigation and attempting to recover part of the stolen funds.
According to monitoring by on-chain analyst Ember, the "private key leak" has allowed the minting and dumping of H to continue for 13 hours. The so-called "hacker" is still able to mint H on the BSC chain and sell it off, draining every last cent from the pools. The "hacker" has minted 300 million H and sold a total of approximately 450 million H, cashing out $34 million (ETH+BNB). The H pool on BSC has been drained to just $13 in liquidity, and the price of H has plummeted 99.9% to $0.0009. Meanwhile, the perpetual contract price on CEX stands at $0.09, a 100x difference. In essence, they have de-pegged into two unrelated tokens.
according to Lookonchain monitoring, the Humanity hacker has minted an additional 100 million H tokens on the BSC chain. The hacker has already obtained 18,510 ETH (worth $30.83 million) and 1,548 BNB (worth $924,000) by selling H tokens. The hacker currently still holds 111.36 million H tokens (worth $14 million) for sale. On-chain liquidity is now nearly depleted.
According to Specter (@SpecterAnalyst), Humanity Protocol has been hacked, with losses exceeding $31 million. Funds are still being transferred, and the attacker is converting H into ETH.
: According to Onchain Lens monitoring, Humanity Protocol has suffered a hacker attack, with losses exceeding $31 million. The fund outflow is ongoing, as the hacker is converting H tokens into ETH.
Odaily News, June 9th — BitMEX co-founder Arthur Hayes stated in his latest article "Reality Test" that if oil prices continue to rise due to the US-Iran conflict, it could trigger a collapse of the AI stock bubble and drag the entire crypto market down.Hayes said that if traffic restrictions in the Strait of Hormuz persist deep into the second quarter, spot prices for hydrocarbons and other key commodities could rise in the third quarter. If oil prices continue to climb and inflationary pressures impact the US midterm elections, Trump might pivot to a tough stance targeting data center construction, AI regulation, and taxation. Hayes believes the market could anticipate Trump limiting AI capital expenditure and taxing AI companies, thereby triggering the burst of the AI stock bubble.Hayes also noted that since November 2022, the scale of AI-related debt issuance has been approximately $1.5 trillion, and US M2 has increased by roughly the same amount during the same period. He believes the three factors that could pop the AI bubble include rising energy costs, the market's inability to absorb three major AI-related IPOs — namely SpaceX, Anthropic, and OpenAI — and Trump's shift to opposing AI. In terms of portfolio, Hayes stated that Maelstrom's stock portfolio holds significant positions in US-listed energy producers; he has sold AI-related stocks and offloaded non-core crypto assets, having dumped HYPE, NEAR, and WLD last week, as well as selling ZEC due to the Orchard Pool vulnerability. He still holds Bitcoin and ETH and will execute tactical short trades via derivatives.
in April this year, KelpDAO's LayerZero bridge was exploited in a $292 million vulnerability attack, triggering an $8.45 billion deposit run on Aave within 48 hours, marking the largest capital outflow event in decentralized finance (DeFi) history. Aave founder Stani Kulechov stated that the design of Aave V3 withstood the market test, demonstrating the network's "resilience." However, independent data indicates that Aave's survival primarily relied on $300 million in emergency rescue, including a 25,000 ETH guarantee from the Aave DAO and a personal injection of 5,000 ETH (approximately $8.4 million) by Kulechov.Kulechov attributed the vulnerability to third-party infrastructure rather than core smart contracts. However, analysts pointed out that this incident exposed deficiencies in Aave's risk architecture and insurance mechanisms, leading the platform to incur significant bad debt (approximately $123.7 million in wETH). To prevent future bridge failures from triggering systemic bank runs, Aave V4 will adopt a modular "hub-and-spoke" architecture, enabling local risk auto-adjustment and collateral freezing. (CoinDesk)
according to Lookonchain monitoring, 6 hours ago, the Pando Rings hacker (0x303...3d9F) spent 10 million DAI to buy 6,243 ETH at an average price of $1,602.
According to on-chain security firm CertiK (@CertiKAlert), the Gravity Bridge attacker recently deposited another 1,180 ETH (approximately $2.06 million) into Tornado Cash. Earlier, on May 30, the attacker exploited the permissionless deployERC20() function by forging the Osmosis token string, tampering with the token registry, and mapping fake balances to real custodial assets—thereby stealing approximately 2,600 ETH (around $5.4 million) from Gravity Bridge. To date, 2,020 ETH of the stolen funds have been transferred to Tornado Cash via two externally owned accounts (EOAs); the remainder has been dispersed across centralized exchanges, making fund recovery significantly challenging.
According to on-chain analyst PeckShield (@PeckShieldAlert), approximately 19 hours ago, TesseraDao (@TesseraDao) on BNB Chain was attacked. The hacker maliciously minted 99 million TSR tokens and immediately dumped them, causing the TSR price to plummet by 99%. The attacker then exchanged the stolen TSR for approximately $2.5 million in USDT and cross-chained the funds to Ethereum. The attacker has since laundered 1,285.5 ETH via TornadoCash.