News linked to both this project and an event.
According to on-chain analyst Yu Jin (@EmberCN), the attacker responsible for the March THE liquidation event on the Venus platform sold 1,912 ETH for $3.26 million one hour ago to repay part of their loan on Aave. That loan was originally taken out by collateralizing ETH and was used to manipulate the Venus liquidations. The attacker’s address still has $6.78 million in USDT outstanding on Aave.
According to on-chain security platform Blockaid (@blockaid_), the MILC Platform cross-chain bridge suffered a private key leak on both the BNB Chain and Ethereum networks. The attacker exploited a historical bridge administrator wallet to grant the DEFAULT_ADMIN_ROLE and MANAGER_ROLE permissions to the attacker’s address. Subsequently, assets were withdrawn from the bridge contract, and administrative control was transferred to the attacker’s wallet. Confirmed losses currently stand at approximately $97,003 USDT (on BNB Chain) and approximately 39.21 ETH (on Ethereum, transferred out via Rhino.fi), totaling roughly $161,000.
Humanity stated that it has shared the attacker’s address tracking page with all centralized exchanges, decentralized exchanges, and aggregators, and will continue updating it. Humanity has also announced a $1 million USDT bounty for information that aids in recovering the stolen funds; all recovered funds will be used to repurchase $H.
Odaily Seer Prophet Channel monitoring shows that the probability of "Zcash will hit $100 in 2026" on Polymarket has risen to 53%, a 24-hour increase of 36%.Market rules: If between 17:35 on November 24, 2025, and 23:59 on December 31, 2026 (Eastern Time), the lowest price (Low) of any 1-minute candlestick of the Binance ZEC/USDT trading pair reaches or falls below the price stated in the title, this market will immediately settle as "Yes"; otherwise, it will settle as "No." Settlement is based solely on the 1-minute candlestick data of the Binance ZEC/USDT trading pair; prices from other exchanges or trading pairs will not be considered.In previous news, the privacy coin Zcash disclosed and fixed a critical security vulnerability that could have been exploited by malicious miners to transfer over 25,000 ZEC (approximately $6.5 million) from the deprecated Sprout privacy pool. Officials stated that the vulnerability had existed since July 2020 but was not actually exploited, and user funds remained safe at all times. The development team has released version v6.12.0 to complete the fix, and major mining pools have already upgraded their deployments.Odaily Seer Prophet Channel continues to monitor prediction markets, seeing changes before pricing.
SlowMist issued a security alert stating that the DTXT/USDT trading pair on BSC was attacked due to spoofable liquidity-addition detection logic, resulting in the attacker profiting approximately $35,041.106 USDT.
According to Drift’s official announcement, the Drift Protocol released its latest recovery update on June 3, 2026. An independent forensic investigation conducted by cybersecurity firm Mandiant has confirmed that the prior attack against Drift was carried out by the North Korean threat group UNC6862, whose tactics closely align with those historically employed by North Korean state-sponsored hacking operations. On the rebuilding front, Drift announced the appointment of Noah Prince—former Engineering Lead of the Helium Protocol—as Protocol Lead, who will spearhead codebase hardening and platform security architecture redesign. Additionally, former members of the Gauntlet team have been brought on board to conduct margin engine reviews, optimize funding rates and market parameters, enhance liquidation mechanisms, and implement continuous risk monitoring. Drift plans to relaunch with “security-first” as its core principle, repositioning itself as Solana’s largest USDT-perpetuals exchange. With support from strategic partners including Tether, Drift will establish a dedicated recovery pool funded by platform revenues to compensate users for losses. Further details regarding the recovery mechanism and timeline will be disclosed progressively.
According to on-chain analyst PeckShield (@PeckShieldAlert), approximately 19 hours ago, TesseraDao (@TesseraDao) on BNB Chain was attacked. The hacker maliciously minted 99 million TSR tokens and immediately dumped them, causing the TSR price to plummet by 99%. The attacker then exchanged the stolen TSR for approximately $2.5 million in USDT and cross-chained the funds to Ethereum. The attacker has since laundered 1,285.5 ETH via TornadoCash.
according to Specter, in collaboration with ChangeNOW, $91,000 of the funds stolen from Gravity Bridge have been frozen. The attacker still holds the majority of the funds, which have not yet been transferred.Previously, it was reported that the private key for Gravity Bridge's bridging contract was leaked, leading to the theft of $5.4 million in assets. The assets extracted by the attacker include: $4.3 million in USDC, 274 WETH (worth approximately $553,000), $434,000 in USDT, and $64,000 in PAYG. The involved addresses are 0x7B58...1F9 and 0x4d3c...A47.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have suffered a security incident due to a smart contract private key leak, affecting assets including USDC, WETH, and USDT, with total losses amounting to approximately $5.4 million.
Zhou, a hacker from Quzhou City, Zhejiang Province, was sentenced by a court to four years and four months’ imprisonment and fined for the crime of illegally controlling computer information systems. Zhou exploited security vulnerabilities in websites to illegally control over 150 government and enterprise servers, causing links on websites belonging to 157 organizations to redirect to overseas pornographic websites. He also profited by reselling control rights. According to disclosures by the investigating authorities, Zhou settled his illicit proceeds using virtual currencies such as USDT and TRX, dispersing and concealing them across multiple cryptocurrency wallets. Authorities subsequently seized assets valued at over RMB 42 million through a cryptocurrency tracing system. Additionally, Zhou voluntarily surrendered over RMB 28 million in illicit gains.
Oobit, a mobile wallet supported by Tether, issued a clarification on X, stating that after “on-chain detective” ZachXBT disclosed a vulnerability exploit against two smart contracts (EURR and USDR) of stablecoin issuer StablR—resulting in losses of approximately $13.5 million—the attackers attempted to withdraw the stolen funds via Oobit. However, Oobit’s compliance team identified the anomalous activity and successfully froze EURR funds valued in the six-figure range, while also shutting down the withdrawal channel. No user funds were affected in this incident, and Oobit’s own systems were not compromised. Oobit is currently cooperating with StablR and investigators to advance follow-up actions. Earlier reports indicated that StablR suffered a hack resulting in losses of approximately $2.8 million, causing both EURR and USDR to de-peg.
According to The Block, the T3 Financial Crime Unit (T3 FCU), jointly established by Tether, TRON, and TRM Labs, announced that since its founding in 2024, it has frozen over $450 million worth of illicit crypto assets globally. In 2025, the unit’s interception of illicit proceeds increased by 43.9% year-on-year, covering 23 jurisdictions including the United States, Spain, and Germany, and has been recognized by the Financial Action Task Force (FATF) as “a critical resource for global law enforcement agencies.” The T3 FCU has participated in investigations across multiple crime categories, including exchange hacks, North Korea–related activities, terrorist financing, and violent crimes, and assisted Brazil’s Federal Police in freezing over $5.989 billion in assets—including 4.3 million USDT.
the L1 blockchain TAC team stated they have confirmed a security incident on the cross-chain layer resulted in approximately $2.8 million in assets being transferred, involving assets such as USDT, BLUM, and tsTON.TAC stated that if the attacker returns the relevant funds to the designated multi-signature address, the team will consider this incident a "white hat rescue" and will not take legal action against the operator of the involved ETH/BSC, ZEC, and TON addresses.As a reward, the attacker can receive an approximately 10% bounty, equivalent to about 13 ETH and 300 ZEC.
TAC stated that its cross-chain layer on the TON side was exploited by external attackers, resulting in approximately $2.8 million in losses involving USDT, BLUM, and tsTON. TAC confirmed that the TAC token, TON, and all ERC-20 tokens bridged from Ethereum remain unaffected. The bridge has been temporarily suspended, and the team is conducting forensic analysis and implementing fixes. Additionally, the team plans to legally structure a sale of the foundation’s TAC token treasury reserves to restore bridge liquidity and compensate affected users. A post-mortem report and further details will be released within the next 48 hours.
following the Kelp security incident, Tether's asset interoperability protocol USDT0 has disclosed details of its protocol security architecture. It stated that the system currently utilizes a proprietary DVN (Decentralized Verification Network) with message veto authority, and requires 3 independent validators, operating on different codebases, to reach a 3/3 consensus before cross-chain messages can be settled. The current verification nodes include the USDT0 proprietary DVN, LayerZero, and Canary, with future plans to expand to 4/4 and 5/5 verification mechanisms.USDT0 also stated that all multi-signature transactions must undergo multiple reviews by internal teams, external security teams, and auditing firms before signatures are submitted. The relevant contracts have been audited by firms such as Guardian and OpenZeppelin, and a $6 million bug bounty program has been launched on Immunefi.
According to the official disclosure by Drift Protocol, all affected wallets impacted by the April 1 attack will receive Recovery Tokens—representing their verified losses and proportional claims against the Recovery Pool—where each Recovery Token corresponds to $1 of verified loss. The Recovery Pool’s initial funding is approximately $3.8 million, sourced from converting the protocol’s remaining assets into USDT. It will be further replenished through a portion of quarterly net exchange revenue, partner contributions, and up to $127.5 million in matching deployment from Tether. Once the Recovery Pool exceeds $5 million, users may begin redeeming Recovery Tokens; the redemption price will be calculated as the Recovery Fund’s value divided by the outstanding supply of Recovery Tokens. Drift stated that the Insurance Fund was unaffected by the attack; any release of related funds requires governance proposals and DAO voting. The exchange plans to relaunch in Q2 2026, focusing primarily on perpetual contracts and a select set of markets. Additionally, it will replace its programs and addresses, rotate keys, reconstruct its community multisig, remove durable nonces and the Earn product, and implement operational security upgrades.
According to Odaily, Drift Protocol has released a user recovery plan for the approximately $295 million security vulnerability incident on April 1, which was attributed to a North Korean-backed hacker group. Under the plan, Drift will issue receipt tokens representing users' verified losses, with each token corresponding to $1 in losses, allowing holders to gradually redeem based on the recovery pool's funding size.Currently, the recovery pool has initial funding of approximately $3.8 million. Subsequent funding sources include up to $127.5 million from exchange revenue, Tether-backed funds, and up to $20 million from partner contributions, aiming to cover total losses of approximately $295.4 million. Drift has frozen approximately $3.36 million in USDC and has established a public bounty program offering 10% of recovered assets. It is expected to relaunch the exchange in a "security-first" model during the second quarter. (CoinDesk)
According to monitoring by on-chain analyst Specter, the Wasabi Protocol attacker has deposited all stolen funds into Tornado Cash, moving approximately $5.9 million into Tornado Cash. Additionally, North Korean hacking groups have also used Tornado Cash to launder stolen funds from KelpDAO and LayerZero. Their process involved first cross-chaining the assets to Bitcoin, then routing them through Wasabi Mixer, extracting and cross-chaining back to Ethereum, depositing into Tornado Cash, subsequently withdrawing to new wallets and dispersing across multiple addresses. The new wallets then deployed tokens, used the stolen funds to buy in, removed liquidity from the deployment wallet, cross-chained to Tron (USDT), held for several hours or days, and finally sent to OTC-related wallets.
According to The Block, JPMorgan analysts noted in their latest report that ongoing DeFi security vulnerabilities and stagnant growth in total value locked (TVL) continue to constrain institutional enthusiasm for the DeFi sector. Recently, Kelp DAO’s cross-chain bridge suffered a major attack, during which the attacker minted $292 million worth of uncollateralized rsETH tokens and borrowed real ETH on Aave, resulting in approximately $230 million in bad debt. This caused DeFi TVL to evaporate by roughly $20 billion within several days. LayerZero and blockchain security researchers have attributed this attack to the North Korean hacker group Lazarus Group; some of the stolen funds have been frozen, while the rest remain in circulation. Analysts also pointed out that DeFi TVL denominated in ETH has remained range-bound for an extended period, raising market concerns about whether DeFi can achieve organic growth sufficient to support institutional adoption. Furthermore, following each security incident, users tend to shift funds into USDT as a safe-haven asset—yet this trend has not yet significantly driven USDT’s market capitalization growth.