News linked to both this project and an event.
Wallets associated with or interacted with Humanity Protocol are being compromised. Currently, over 17 wallets holding H tokens have been stolen, with total losses exceeding $19 million. The cause of the theft remains unclear, but the attack pattern suggests that the affected wallets may share a common risk exposure related to Humanity Protocol.
: According to an official announcement, on June 3, Trust Wallet announced a partnership with BNB Chain and CoinMarketCap to officially launch the "BNB Hack: AI Trading Agents" hackathon, featuring a total prize pool of $36,000. The Trust Wallet Agent Kit serves as the core on-chain execution technology stack for this event. This hackathon also marks the first time the Trust Wallet Agent Kit has been fully integrated as a core infrastructure component into a top-tier AI Agent hackathon system.The hackathon features two main tracks: "Autonomous Trading Agents" (prize pool $24,000, 5 winners) and "Strategy Skills" (prize pool $6,000, 3 winners), in addition to three partner special awards of $2,000 each. In the "Autonomous Trading Agents" track, participants must leverage the Trust Wallet Agent Kit to achieve local self-custodial signing, autonomous mode operation, and on-chain trade execution, deployed within native BNB Chain scenarios such as PancakeSwap and BSC Perpetual Contracts. The "Strategy Skills" track does not require an execution layer; participants build backtestable strategy proposals based on 12 categories of data tools from CoinMarketCap MCP, including market data, technical indicators, on-chain data, sentiment, and news.Track one uses real PnL as the core evaluation criterion, setting a maximum drawdown limit as the risk control threshold. Track two is comprehensively scored by a judging panel across four dimensions: technical execution, originality, real-world value, and presentation. The build window runs from June 3 to June 21, the trading window from June 22 to June 28, and winners will be announced during the week of July 6. In addition to cash prizes, winning teams will receive CoinMarketCap Pro API subscription credits, mentorship from CMC Labs, and the BNB Chain Kickstart ecosystem support package.
Cosine, founder of SlowMist, posted an analysis of the Squid security incident on X. He stated that sampling revealed all affected Safe wallets were single-signature, with different owners—but the issue was not related to private keys. Rather, the vulnerability lay in the module shown in the image (SquidRouterModule) used by these Safe addresses. Attackers could forge messages and easily bypass relevant validations to initiate subsequent swap operations, thereby draining funds from the targeted Safe wallets. Additionally, Cosine disclosed the attacker’s profit accumulation address. Earlier reports indicated that a third-party Gnosis Safe module was exploited on Base and Ethereum, causing approximately $3.2 million in losses. The victims were 86 Gnosis Safe wallets that had added this contract as a trusted Safe Module. The contract is named “SquidRouterModule” on Basescan. Subsequently, Squid clarified that it was not impacted by the Gnosis Safe-related vulnerability incident.
Polymarket staff member Shantikiran Chanal posted on platform X, stating that they have taken note of the security reports related to reward distribution, and that user funds and market settlements remain safe. The investigation indicates that a private key leak occurred in a wallet used for internal operations, and the issue is not related to contracts or core infrastructure. Further updates will be provided.Previous report: ZachXBT stated that the Polymarket UMA CTF Adapter contract allegedly came under attack on Polygon, with over $520,000 having been drained.
According to monitoring by MistEye, the threat intelligence monitoring system operated by blockchain security firm SlowMist (@SlowMist_Team), a highly sophisticated npm worm named “Mini Shai-Hulud” is spreading via well-known developer projects including TanStack, UiPath, and DraftLab. Attackers have hijacked GitHub credentials to publish malicious packages disguised as legitimate updates. These packages contain a hidden script—<code>router_init.js</code>—that executes silently within CI/CD environments such as GitHub Actions, specifically designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information. Data exfiltration is conducted using GitHub’s own infrastructure. SlowMist has already shared this threat intelligence (IOC) with its clients. It recommends that projects using the affected packages immediately audit their CI/CD pipelines for the presence of <code>router_init.js</code>, rotate all exposed GitHub, cloud service, and cryptocurrency credentials, and continuously monitor development environments for anomalous background activity.
Trader A (@missoralways) posted that he had stored seven-figure assets in Sigma for a long time without encountering security issues in the past. However, two of his recent wallets have suffered asset theft, both occurring when wallet balances fell below $10,000.He also stated that another friend suffered the theft of approximately $200,000 in assets today, and mentioned Sigma in connection with the incident. The Sigma team has launched an investigation. The trader said he released this information for security reminder purposes and emphasized that he is not an affiliated promoter of any bot-related products.
According to SlowMist, its security monitoring system MistEye has detected a counterfeit TronLink Chrome MV3 extension targeting TRON wallet users with a two-layer phishing attack. The extension disguises itself as the official plugin using Unicode obfuscation and brand spoofing. Upon installation, it first loads a remote iframe-based pop-up page designed to trick users into entering their mnemonic phrases, private keys, keystore files, and passwords—then exfiltrates this sensitive data via same-origin APIs to a Telegram bot. The malicious infrastructure involved includes the domains tronfind-api[.]tronfindexplorer[.]com and trx-scan-explorer[.]org; the malicious extension ID is ekjidonhjmneoompmjbjofpjmhklpjdd. SlowMist advises users to immediately uninstall the extension. If sensitive information has already been submitted, users should promptly migrate their assets and discontinue use of the compromised wallet.
"on-chain detective" ZachXBT posted on X platform, stating that PolyArb is a fake prediction market product with a wallet drainer on its website. Additionally, the product's account posted controversial replies under multiple tweets from well-known prediction markets to drive traffic and lure users into participating.
According to GlobeNewswire, eToro, a trading and investment platform, announced it has signed an agreement to acquire Zengo, a leading self-custodial crypto wallet provider. This acquisition aims to deepen eToro’s digital asset capabilities and accelerate its strategic initiative to bridge traditional finance with on-chain infrastructure. Founded in 2018, Zengo builds its keyless wallet architecture on Multi-Party Computation (MPC) cryptographic technology. It currently serves over 2 million users across more than 180 countries and regions, and has never experienced a wallet breach since its inception. Following the acquisition, eToro will leverage Zengo’s technological expertise to further support decentralized trading use cases—including tokenized assets, prediction markets, and perpetual contracts. The transaction is subject to customary closing conditions.
According to CoinDesk, researchers from the University of California, Santa Barbara; the University of California, San Diego; blockchain security firm Fuzzland; and World Liberty Financial jointly published a paper warning that “LLM routers”—intermediary services positioned between users and AI models—have become a major threat to cryptocurrency asset security. The researchers discovered that 26 LLM routers are secretly injecting malicious tool calls and stealing user credentials, with one incident resulting in the complete draining of a customer’s cryptocurrency wallet worth $500,000. Additionally, by “poisoning” the router ecosystem, the researchers were able to gain control of approximately 400 downstream hosts within hours. Since sensitive data—including private keys and API credentials—is frequently transmitted in plaintext through these routers, users unknowingly expose their assets to risk. The researchers note that as McKinsey forecasts AI agents will mediate $3–5 trillion in global consumer commerce by 2030—and Binance founder Changpeng Zhao predicts AI agents’ payment volume will be one million times greater than that of humans—the current infrastructure’s security lags far behind the pace of industry development. The “weakest link” risk could thus trigger systemic, cascading crises.
According to The Block, U.S. musician Garrett Dutton (stage name G. Love) lost 5.9 BTC—worth approximately $420,000—after downloading and using a counterfeit Ledger wallet app from the App Store and entering his recovery phrase. On-chain analyst ZachXBT discovered that the attacker laundered the stolen Bitcoin via the KuCoin platform. This incident once again exposes the security risks posed by fake wallet apps, reminding users to exercise heightened caution when downloading and using cryptocurrency-related applications, and to avoid entering sensitive information through unofficial channels.