News linked to both this project and an event.
blockchain security analyst Specter posted on X platform, stating that an old liquidity pool of the Solana DeFi protocol Raydium is suspected of being attacked, with the attacker stealing approximately $1.34 million in assets, mainly including USDC, RAY, and wSOL. Currently, the hacker has transferred the stolen funds to Ethereum via a bridge and subsequently deposited them into Tornado Cash for mixing.
According to Drift’s official announcement, the Drift Protocol released its latest recovery update on June 3, 2026. An independent forensic investigation conducted by cybersecurity firm Mandiant has confirmed that the prior attack against Drift was carried out by the North Korean threat group UNC6862, whose tactics closely align with those historically employed by North Korean state-sponsored hacking operations. On the rebuilding front, Drift announced the appointment of Noah Prince—former Engineering Lead of the Helium Protocol—as Protocol Lead, who will spearhead codebase hardening and platform security architecture redesign. Additionally, former members of the Gauntlet team have been brought on board to conduct margin engine reviews, optimize funding rates and market parameters, enhance liquidation mechanisms, and implement continuous risk monitoring. Drift plans to relaunch with “security-first” as its core principle, repositioning itself as Solana’s largest USDT-perpetuals exchange. With support from strategic partners including Tether, Drift will establish a dedicated recovery pool funded by platform revenues to compensate users for losses. Further details regarding the recovery mechanism and timeline will be disclosed progressively.
According to on-chain analyst PeckShield (@PeckShieldAlert), SlowMist’s threat intelligence system MistEye has detected a cross-registry supply chain attack targeting developers. Malicious packages have spread across three major registries—npm, PyPI, and Crates.io—comprising over 34 malicious packages and more than 384 related versions. The attack targets developer communities in cryptocurrency, DeFi, Solana, Sui/Move, and AI. It may lead to the theft of cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and other sensitive developer information. Some malicious payloads also attempt persistence via mechanisms including `.cursorrules`, `CLAUDE.md`, Git hooks, cron, systemd, and SSH. SlowMist recommends immediately removing affected packages, isolating compromised systems, rotating exposed credentials, rebuilding CI environments and developer machines from clean images, and conducting comprehensive reviews of GitHub, cloud, SSH, and wallet-related activities.
According to research by security firm Socket Security, a cryptocurrency-stealing supply chain attack dubbed “TrapDoor” spans npm, PyPI, and Crates.io, involving over 34 malicious packages and 384 related versions and artifacts. The attack targets cryptocurrency, DeFi, Solana, Sui, Move, and AI developers. Attack samples can steal sensitive information including SSH keys, wallet data, AWS credentials, GitHub tokens, browser data, and environment variables. Specifically, npm packages execute the shared payload `trap-core.js` via the `postinstall` hook; PyPI packages execute remote JavaScript upon import; and Crates.io packages steal local keystores via `build.rs`. Socket has flagged all related packages as malicious and reported them to the respective package registries.
on-chain analyst Specter stated that the hijacking incidents of investor Keith Gill, Matt Furie, and WinRAR accounts on the X platform are all linked to the same hacker organization. This organization has accumulated over $14 million in profits by hijacking accounts to promote tokens and conducting cross-chain money laundering, with funds flowing through five chains: Solana, BNB Chain, Ethereum, Tron, and Hyperliquid.Specter claims the organization may also be connected to a $2.45 million wstETH phishing attack in 2024. The investigation found that hackers used compromised accounts to issue Pepe imitation tokens, incorporating a built-in 2% automatic fee mechanism to generate profits; related fund flows are associated with the bnbshare.fun platform and multiple Solana, Tron, and Ethereum addresses. Analysis also showed that several tokens (including USOR, VDOR, DROID, WCOR, UGOR) were used to inflate market caps before being dumped to zero.
following the $292 million exploit of Kelp DAO's LayerZero bridge, the security of cross-chain infrastructure has once again come under scrutiny. DeFi protocols Kelp DAO, Solv Protocol, Re, and crypto exchange Kraken have all taken similar migration measures, with the total value of this outflow reaching approximately $4 billion.Decentralized finance protocol Lombard has become the latest project to join the migration wave, announcing a gradual phase-out of LayerZero and the migration of over $1 billion in Bitcoin collateral assets to Chainlink's Cross-Chain Interoperability Protocol (CCIP). Bitcoin-related tokens issued by Lombard include LBTC and BTC.b. It is reported that Lombard's initial migration assets cover the Solana, Etherlink, Berachain, Corn, and TAC chains, while the use of LayerZero on Morph and Swell will also be terminated. As of now, LayerZero has not responded to requests for comment. (CoinDesk)
Odaily Odaily News Gate Research recently released its "April 2026 Cryptocurrency Market Review" report, indicating that the overall cryptocurrency market saw a volatile upward trend in April, with total market capitalization significantly higher than in March. BTC and ETH ETF trading volumes maintained high volatility overall. The report shows continued divergence in activity across major public chain ecosystems. Solana's daily transaction volume remained in the range of approximately 90 million to 110 million transactions, maintaining its leading position.Regarding trending sectors, the report notes that Pokemon TCG RWA has become one of the fastest-growing on-chain RWA sub-sectors, entering a second explosive growth phase in April. Major trading platforms saw monthly trading volumes exceed $220 million, with weekly revenue briefly approaching $6 million, setting new historical records. Meanwhile, Aave experienced its most severe liquidity crisis ever in April, with TVL outflows reaching tens of billions of dollars within a few days and net outflows exceeding $9 billion for the entire month.In terms of fundraising and security incidents, the Web3 industry completed 51 financing rounds in April, totaling approximately $834 million, with capital further concentrating on leading financial and infrastructure tracks. Among these, Payward ranked first for the month with a $200 million financing round. On the security front, Web3 security incidents in April resulted in losses of approximately $306 million, a month-over-month increase of about 858%, primarily driven by a single cross-chain infrastructure attack on Kelp DAO worth approximately $293 million. The report suggests that against the backdrop of a recovering market, on-chain activity and capital liquidity are both increasing simultaneously. However, the security risks associated with cross-chain infrastructure and high-leverage protocols remain worthy of continued attention.
Huma Finance posted on X platform, stating that its old v1 contract deployed on Polygon was exploited today, resulting in the transfer of approximately 101,400 USDC. This incident did not compromise user funds, and the related PST system was also unaffected. Only the gradually phased-out v1 legacy pools were impacted. The Huma v2 system is a complete rewrite deployed on Solana and is not vulnerable to this exploit. The team was already in the process of retiring v1 liquidity pools, and following this incident, they have fully suspended the operation of v1 contracts and accelerated the completion of migration efforts.
Sky (formerly MakerDAO) announced on X that the cross-chain bridging of USDS OFT on the Solana network, which was suspended due to the security review of the rsETH vulnerability incident, has resumed operation.Sky emphasized that during the review, its USDS-related contracts and the protocol itself were not affected. USDS has always maintained a fully overcollateralized state as designed, which can be verified in real-time on-chain. The suspension was a precautionary security measure. Currently, the bridging function on the Solana side has been reopened, while the Avalanche-related bridging will resume after further review is completed.
Wasabi Protocol released a security incident update, stating that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal private keys controlling EVM smart contracts, and subsequently drained approximately $4.8 million in user funds and $900,000 from the protocol’s treasury—totaling roughly $5.7 million in losses. The attack chain originated from a public-facing analysis server whose Actuator heap dump was not properly password-protected, enabling the attacker to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident affected only EVM deployments—including certain treasuries on Ethereum, Base, Blast, and Berachain—while Solana deployments and the Prop AMM remained unaffected. No final user compensation plan has been announced yet; however, “ensuring all affected users are compensated” remains the team’s top priority. Updates on the investigation will be shared with the community via Discord.
Wasabi Protocol stated that the Wasabi smart contracts on Solana are secure and unaffected by this vulnerability. The vulnerability is limited to Wasabi’s EVM deployments. The team is collaborating with leading security firms and has contacted law enforcement and the FBI. Further updates will be shared as they become available.
Michael Egorov (@newmichwill), founder of Curve Finance, posted that recent security incidents in the DeFi space—triggered by centralized failure points—have occurred frequently and severely damaged the industry’s reputation. Citing examples such as Aave users being unable to withdraw funds following the rsETH exploit and the LayerZero cross-chain bridge hack, he emphasized that problems must be prevented *before* they occur—not addressed only after damage is done. He called on the industry to jointly establish DeFi security standards, proposing that the Ethereum Foundation and Solana Foundation take the lead in collaborating with projects across ecosystems, auditing firms, and risk-assessment teams to develop principles and specifications for secure system design—and suggesting that lessons could be drawn from traditional finance’s approaches to safeguarding centralized nodes.
According to an official announcement by Orca, Vercel—the frontend hosting provider for Solana’s liquidity protocol Orca—recently experienced a security incident involving unauthorized access to its internal systems. Orca stated that, as a precautionary security measure, it has proactively rotated all keys and deployment credentials potentially compromised in the incident. Orca emphasized that this incident affected only the frontend hosting layer; the on-chain protocol and user funds remain unaffected. The team is currently monitoring the situation closely and will provide timely updates.
According to Cointelegraph, stablecoin issuer Circle faces a class-action lawsuit in the U.S. District Court for the District of Massachusetts for failing to freeze stolen funds during the Drift Protocol hack on April 1. Plaintiffs allege that attackers transferred approximately $230 million worth of USDC from Solana to Ethereum via Circle’s cross-chain transfer protocol (CCTP) within hours—and that Circle failed to intervene. The lawsuit accuses Circle of aiding and abetting conversion and of negligence. Cryptocurrency analytics firm Elliptic previously suspected the attack may be linked to North Korea–backed hackers; the stolen funds were subsequently converted into ETH and laundered through Tornado Cash.
According to CoinDesk, Drift Protocol—the largest decentralized perpetual futures exchange on Solana—announced it has secured up to $147.5 million in funding from Tether and its partners (including $127.5 million from Tether and $20 million from other partners) following a hack that stole over $270 million. The funds will be used to restore user assets and relaunch the protocol. The attack was carried out on April 1 by a North Korea–linked group that had posed as a quantitative trading firm and infiltrated the protocol for approximately six months, causing the DRIFT token’s value to plummet roughly 70%. The funding structure combines revenue-linked credit, ecosystem subsidies, and market-maker loans, aiming to cover approximately $295 million in user losses. Upon relaunch, the protocol will replace USDC with USDT as its core settlement layer; Tether will simultaneously provide fee waivers, user incentives, and liquidity support.