Security Hub

The DarkSword exploit chain uses six iOS vulnerabilities to deploy Ghostblade, a data stealer targeting 13 crypto exchange and wallet apps on unpatched iPhones.

Bitrefill reveals a March 1 cyberattack linked to North Korea

Operation Atlantic brings the Secret Service, NCA, and Ontario police together to disrupt approval phishing scams that stole $17 billion in crypto last year.

An attacker accumulated 84% of Thena's THE supply cap on Venus Protocol, manipulated the price, and borrowed $3.7M in CAKE, BTC, and BNB before anyone noticed.

February 2026 crypto losses fell to $26-49M from $385M in January. The catch: social engineering now causes more damage than smart contract exploits.

BONK.fun team confirms hackers took over a team account and embedded a crypto drainer on the Solana token launchpad domain, tricking users with a fake TOS prompt.

A secure boot chain vulnerability in MediaTek processors allowed USB-based seed extraction from Trust Wallet, Phantom, and four other wallets. Patched January 2026.

What protects your money on a crypto card? E-money segregation, Visa/MC chargebacks, custody models, and lessons from three real card program collapses.

Project Eleven releases a post-quantum wallet prototype that restores key derivation for exchanges, solving a critical BIP32 vulnerability before NIST deadlines hit.

Google's threat team found a 23-exploit iPhone kit called Coruna that steals seed phrases from MetaMask, Bitget Wallet, and Exodus. Here is what you need to know.

Cantina's AI tool Apex flagged a signature bypass in the XRPL Batch amendment that would have let attackers drain wallets without private keys.

A private key exploit gave an attacker control of IoTeX bridge contracts, draining $8.8M in tokens. Funds are being laundered through THORChain to Bitcoin.

A fraudulent Google ad mimicking Uniswap drained a trader's mid-six-figure portfolio using the AngelFerno wallet drainer as phishing scams hit $370M in January.

Cecuro's AI security agent detected 92% of exploited DeFi contracts worth $228M, while a GPT-5.1 baseline caught only 34%. The benchmark is now open source.

Moonwell lost $1.78M in bad debt after a Chainlink OEV oracle wrapper misconfigured cbETH pricing at $1.12, with auditors linking the bug to AI-generated code.

Physical phishing letters impersonating Trezor and Ledger use QR codes to steal recovery phrases. Here is how the attack works and how to protect yourself.

A wallet tied to the $200M Mixin Network hack has begun liquidating 59,854 ETH through Tornado Cash after more than two years of dormancy.

Ledger argues AI agents should never hold private keys, pushing a 'propose, humans sign' model that challenges Coinbase's agentic wallet approach.

Bitget partners with BlockSec to publish the UEX Security Standard, a system-level security framework for exchanges bridging crypto and traditional markets.

Binance's 9-level anti-scam system combined AI monitoring with human wake-up calls to prevent $6.69B in fraud losses and shield 5.4M users in 2025.

KuCoin now supports full passwordless login via passkeys. Here is how the FIDO2 standard is reshaping crypto exchange security and why it matters for your funds.

OKX reveals wallet security stats: 8.53M malicious domains blocked, 23M+ risky tokens flagged, and nearly $900M in user assets recovered since launch.

Binance recovered $12.8M in stolen crypto in 2025, up 41% from 2024. Here is how their AI-powered anti-scam system protects users.

Binance issues a detailed warning on lookalike wallet address scams that trick users into sending funds to fraudulent addresses. Detection tips inside.

Binance recommends ED25519 signatures for API security, deprecating HMAC. Here's what the upgrade means for traders, bots, and card-linked accounts.

COCA Wallet integrates Privy for seedless login. No more seed phrases, familiar auth methods, and full self-custody preserved.

Lombard Finance adds Chainlink Proof of Reserve, CCIP, and Price Feeds to verify LBTC collateralization across 15 chains in real-time.

Binance introduces Security Center, an automatic risk scanner for its Web3 Wallet. We analyze what it checks, how it protects funds, and what it means for users.

Jupiter has faced security concerns over its ASR claim flow. Learn why seed phrase imports are dangerous for card-linked wallets and what the new direct claim flow means.

A definitive guide to the ether.fi x MEXC co-branded card. Analyze the 15% dining boost, the issuer accountability stack, and dispute protection frameworks.

Binance has launched MPC wallet integration for its ecosystem. Analyze how Multi-Party Computation changes security for crypto cardholders and reduces single-point-of-failure risk.

RedotPay now supports Apple Pay and Google Pay. Here is what mobile wallet integration changes for security, daily usability, and cardholder behavior.

A deep dive into high-pressure social engineering scams targeting cardholders. Learn how scammers use 'official' authority to bypass security and what you can do to protect your wallet.

A 2000-word deep dive into the technical and legal layers of crypto card custody. Learn about MPC, Account Abstraction (ERC-4337), and how to audit your issuer's solvency risk.

The US CLARITY Act could effectively ban stablecoin rewards. Learn why Coinbase withdrew support, the impact on cardholders, and the $243M revenue stake.

DeFi security is shifting from basic audits to real-time threat monitoring and cross-chain attack detection. Learn how this protects your crypto card assets.

Deep-dive into self-custody vs custodial models: security architecture comparison (MPC vs multi-sig), product analysis of 5 cards, recovery mechanisms, gas fees, and real-world breach case studies.

The end of 'sending your passport' is here. Learn how ZK-KYC and Self-Sovereign Identity (SSI) are making crypto cards private and secure.

How does MiCA 2.0 impact your crypto card choice? Learn about the new EU regulations and how they affect card privacy, limits, and availability.

How smart contracts protect your crypto card from fraud. Learn about on-chain spending limits, guardians, and the future of decentralized card security.

How Multi-Party Computation (MPC) protects crypto cards: threshold signatures, key share architecture, vs. multisig comparison, real security incidents, and implementation across 12 major cards.