Security Hub

On-chain investigator ZachXBT traced $475K in frozen bitcoin to social engineering scams on elderly Americans after a suspected money mule asked him for help.

Isiah and Raymond Garcia admitted to holding a Minnesota family at gunpoint for eight hours and forcing an $8M crypto transfer. The case shows how self-custody shifts risk to the holder.

G7 leaders issued a fresh joint call to counter state-sponsored crypto theft, citing a Chainalysis figure of more than $2 billion stolen by DPRK-linked hackers.

The CFTC entered a consent order on June 18, 2026 resolving its fraud case against Celsius founder Alexander Mashinsky, with permanent trading and registration bans.

France is pushing to phase out classical encryption in favor of post-quantum schemes, reviving questions about how exposed Bitcoin's signatures really are.

Rodney Burton, the promoter known as 'Bitcoin Rodney,' pleaded guilty over the $1.8B HyperFund Ponzi. He faces up to 5 years and is sentenced July 23.

Zooko Wilcox says prior exploitation of the Orchard counterfeiting bug looks unlikely, but cryptography alone cannot confirm no fake ZEC was ever minted.

A Quantstamp investigation links the $32M Humanity Protocol hack to North Korean actors who used a fake Bithumb email to get in, per a June 14 report.

DefiLlama data shows Q2 2026 has logged roughly 70 hacks, about double the previous quarterly record, even as the dollar losses stay front-loaded in April.

Raydium says an attacker drained $1.34M from five deprecated AMM V3 pools via an LP mint flaw. Active funds were untouched and the treasury will reimburse.

Botanix, a venture-funded Bitcoin Layer 2 that raised $11.5M, is winding down. Users must withdraw assets by July 9 or the validator Federation sweeps the rest.

A CoinDesk post-mortem says the Humanity Protocol drain happened because its multisig signing keys all lived on a single compromised laptop. The lesson for self-custody.

Yuga Labs says it pulled 68 NFTs, among them 29 Bored Apes and 2 CryptoPunks, out of a Flooring Protocol exploit. The rescue underlines pooled-custody risk in DeFi.

Wallets linked to Humanity Protocol were drained for more than $19 million and the H token fell over 80%, per WuBlockchain. Here is what is known so far.

Zcash developers propose Ironwood, a new shielded pool with a turnstile checkpoint, to restore supply verification after a bug in Orchard could have minted fake ZEC.

A four-year-old Zcash flaw surfaced with help from Claude Opus 4.8. Security researchers say AI-found bugs change who hunts vulnerabilities, and how fast.

A soundness bug in Zcash's Orchard shielded pool could have minted undetectable counterfeit ZEC. A researcher found it with an AI model, and validators patched it in five days.

Trezor disclosed a laser fault injection flaw in the Safe 7's TROPIC01 secure element, found by Ledger's Donjon team. Trezor says keys are not stored on the chip.

edgeX's EDGE token fell as much as 70% on June 1-2, triggering $2.81M in liquidations. ZachXBT says insiders controlled a low float and wants counterparties named.

The Kelp DAO exploiter has laundered nearly all of the unfrozen $220M from April's $293M rsETH drain, leaving only the $71M frozen by Arbitrum recoverable.

Radiant Capital is winding down operations after a $50M cross-chain exploit it never recovered from. Here is what the shutdown means for DeFi lending risk.

A developer known as Florent recovered 1,003 ETH worth about $2M that had been stuck in a 2016 ICO smart contract for nine years. Here is what it means for on-chain funds.

Gravity Bridge lost about $5.4M on May 30 in a suspected signing-key compromise. Stolen USDC, ETH, and USDT moved through Binance and ChangeNow.

An attacker drained $7.3M in BNB from more than 1,400 DxSale liquidity lockers dating to 2021, using a privileged fee reset and a backdated lock expiry.

On-chain investigator ZachXBT reports $12.6M of Zama cUSDC frozen after a Circle blacklisting, extending the USDC freeze debate to confidential wrapped tokens.

A third-party SquidRouterModule attached to Safe smart wallets was exploited on Ethereum and Base, draining roughly $3M and exposing module-level risk.

A supply chain campaign called TrapDoor has shipped 34 malicious packages targeting crypto and AI developers, draining wallets, SSH keys, and API tokens.

On-chain investigator ZachXBT flagged a roughly $10M exploit affecting smart contracts tied to StablR's EURR and USDR stablecoins, Cointelegraph reports.

THORChain proposed a recovery plan after the May 15 exploit, ruling out fresh RUNE issuance to repay affected users and forcing losses through protocol revenue instead.

Glassnode warns nearly 10% of BTC supply sits in quantum-vulnerable addresses, with Franklin Templeton, WisdomTree, and Robinhood ETF holdings 100% exposed.

GitHub is investigating unauthorized access to its internal repositories. CZ told developers to rotate API keys in code, including private repos.

Echo Protocol says it has regained control of the compromised admin key and burned the attacker's remaining 955 eBTC after a major cross-chain exploit.

Casa CTO Jameson Lopp tells crypto holders to treat every inbound message as hostile after a phishing scheme abused Google infrastructure to slip past filters.

PeckShield flagged a Verus-Ethereum bridge exploit on May 18, 2026, with attackers funneling roughly $11.4M through Tornado Cash.

THORChain triggered an emergency halt on May 15 after a suspected multichain exploit, putting the cross-chain swap protocol's recovery and trust on trial.

Fireblocks CEO Michael Shaulov says migrating Bitcoin to post-quantum signatures is mostly a coordination issue. The cryptographic algorithms already exist.

Kelp DAO and Aave finished recovery steps for the rsETH exploit, burning the attacker's tokens and committing to refill 117,132 rsETH over two weeks.

CertiK attributes 60% of 2025 crypto theft to North Korean state-sponsored groups, with $2.1B stolen across Bybit, DMM, and DeFi targets.

Physical extortion of crypto holders has produced more than $100M in losses in the first four months of 2026, per CryptoSlate. Here is what is driving it.

April 2026 saw over $635M stolen across 28 crypto exploits, the worst month of the year so far. Here is what drove the spike and what users can do.

A member of the social engineering crew known as GothFerrari was sentenced to 78 months in US federal prison for helping steal roughly $250M in crypto.

Aave moves to tighten collateral and listing standards across its markets after the KelpDAO rsETH exploit forced emergency liquidations and risk freezes.

Solana perpetuals exchange Drift published a recovery plan for users after a $295M exploit that on-chain investigators have linked to North Korean actors.

Binance launches Withdraw Protection, a new account safeguard that adds friction to suspicious withdrawals and gives users a window to reverse risky transfers.

On-chain sleuth ZachXBT alleges DEX aggregator Tokenlon processed funds tied to illicit activity, reigniting debate over compliance gaps in DeFi routing layers.

Bitcoin developers are publicly warning holders against Paul Sztorc's eCash fork, calling its claim mechanics hazardous for everyday BTC users.

Cointelegraph reports a Linux 'Copy Fail' bug, citing Xint Code, that lets attackers tamper with copy operations. Crypto users on Linux face heightened clipboard risks.

Paradigm researcher Dan Robinson proposed PACTs, a scheme that lets dormant Bitcoin holders prove ownership before quantum computers can crack exposed keys.

Hundreds of long-dormant Ethereum wallets were swept into the same tagged addresses, with the cause possibly tracing back years, per CryptoSlate.

Wasabi Protocol lost roughly $5 million after an attacker took control of the deployer admin key and drained contracts across three chains.

PocketOS founder Jeremy Crane says a Cursor agent running Claude Opus erased production data and backups via one Railway API call. Crypto agent risk in focus.

Google scanned billions of pages and found real payloads built to hijack AI agents into draining PayPal balances and leaking enterprise data.

Litecoin developers say a zero-day vulnerability caused a 13-block chain reorganization on April 25. The network has been patched and is stable again.

Glassnode analyst James Check says Bitcoin's quantum risk is concentrated in 1.716M old P2PK coins, not the full 19M supply, narrowing the panic window.

France's national anti-organized-crime branch has charged 88 people across a wave of crypto-related kidnappings, Le Monde reported on April 25, 2026.

The KelpDAO exploiter converted nearly all 75,700 ETH, roughly $175M, into BTC over 36 hours, locking in gains and complicating recovery.

Bybit's security team disclosed a macOS malware campaign that preys on users searching for Claude Code, exploiting AI tool demand to deliver payloads.

Sui-based Volo Protocol has confirmed a $3.5M exploit of its vaults, with roughly $500K frozen so far. What's on the table and what isn't.

Bloomberg reports a small group of unauthorized users accessed Anthropic's new Mythos AI, a model the company says is powerful enough to enable cyberattacks.

The attacker behind the $292M KelpDAO drain has routed roughly $80M in ETH through Thorchain swaps, complicating recovery efforts for rsETH depositors.

Ripple gave itself a 2028 deadline to swap out the XRP Ledger's cryptography before quantum machines can break it, calling the threat 'credible.'

Aave confirmed the rsETH sitting in its V3 and V4 markets on Ethereum is fully backed, but the markets stay frozen while KelpDAO bridge risk is reviewed.

Vercel says a third-party AI tool's compromised Google Workspace OAuth was the entry point for its breach, a supply chain risk crypto devs should map out.

BitMEX Research published a Bitcoin canary fund proposal on April 16, 2026 as an alternative to BIP-361's mandatory five-year quantum migration deadline.

An attacker drained 116,500 rsETH, about $292M, from KelpDAO's LayerZero bridge on April 18, 2026. Aave, SparkLend, and Fluid froze affected markets.

Vitalik Buterin has flagged a DNS registrar attack on eth.limo, the ENS gateway service, and is warning users to stay cautious during the team's response.

Zerion proactively shut down app.zerion.io and Blockaid blocked the site. Mobile apps and browser extension are unaffected. User funds remain safe.

US Secret Service, UK NCA, and Canadian police traced $45M in crypto fraud across 30 countries, freezing $12M and contacting 3,000 victims directly.

The Solana Foundation rolls out two security programs, STRIDE for formal verification and SIRN for 24/7 threat monitoring, six days after the $280M Drift exploit.

Ledger CTO Charles Guillemet warns that AI is making crypto exploits faster, cheaper, and harder to stop, with $1.4 billion already lost this year.

Most no-KYC crypto card claims turn out to mean low limits, delayed verification, or temporary access. Here is what regulation, enforcement, and market history actually say.

Google accelerated its post-quantum cryptography migration from 2035 to 2029, putting pressure on Bitcoin and Ethereum developers racing to replace ECDSA.

The DarkSword exploit chain uses six iOS vulnerabilities to deploy Ghostblade, a data stealer targeting 13 crypto exchange and wallet apps on unpatched iPhones.

Bitrefill reveals a March 1 cyberattack linked to North Korea

Operation Atlantic brings the Secret Service, NCA, and Ontario police together to disrupt approval phishing scams that stole $17 billion in crypto last year.

An attacker accumulated 84% of Thena's THE supply cap on Venus Protocol, manipulated the price, and borrowed $3.7M in CAKE, BTC, and BNB before anyone noticed.

February 2026 crypto losses fell to $26-49M from $385M in January. The catch: social engineering now causes more damage than smart contract exploits.

BONK.fun team confirms hackers took over a team account and embedded a crypto drainer on the Solana token launchpad domain, tricking users with a fake TOS prompt.

A secure boot chain vulnerability in MediaTek processors allowed USB-based seed extraction from Trust Wallet, Phantom, and four other wallets. Patched January 2026.

What protects your money on a crypto card? E-money segregation, Visa/MC chargebacks, custody models, and lessons from three real card program collapses.

Project Eleven releases a post-quantum wallet prototype that restores key derivation for exchanges, solving a critical BIP32 vulnerability before NIST deadlines hit.

Google's threat team found a 23-exploit iPhone kit called Coruna that steals seed phrases from MetaMask, Bitget Wallet, and Exodus. Here is what you need to know.

Cantina's AI tool Apex flagged a signature bypass in the XRPL Batch amendment that would have let attackers drain wallets without private keys.

A private key exploit gave an attacker control of IoTeX bridge contracts, draining $8.8M in tokens. Funds are being laundered through THORChain to Bitcoin.

A fraudulent Google ad mimicking Uniswap drained a trader's mid-six-figure portfolio using the AngelFerno wallet drainer as phishing scams hit $370M in January.

Cecuro's AI security agent detected 92% of exploited DeFi contracts worth $228M, while a GPT-5.1 baseline caught only 34%. The benchmark is now open source.

Moonwell lost $1.78M in bad debt after a Chainlink OEV oracle wrapper misconfigured cbETH pricing at $1.12, with auditors linking the bug to AI-generated code.

Physical phishing letters impersonating Trezor and Ledger use QR codes to steal recovery phrases. Here is how the attack works and how to protect yourself.

A wallet tied to the $200M Mixin Network hack has begun liquidating 59,854 ETH through Tornado Cash after more than two years of dormancy.

Ledger argues AI agents should never hold private keys, pushing a 'propose, humans sign' model that challenges Coinbase's agentic wallet approach.

Bitget partners with BlockSec to publish the UEX Security Standard, a system-level security framework for exchanges bridging crypto and traditional markets.

Binance's 9-level anti-scam system combined AI monitoring with human wake-up calls to prevent $6.69B in fraud losses and shield 5.4M users in 2025.

KuCoin now supports full passwordless login via passkeys. Here is how the FIDO2 standard is reshaping crypto exchange security and why it matters for your funds.

OKX reveals wallet security stats: 8.53M malicious domains blocked, 23M+ risky tokens flagged, and nearly $900M in user assets recovered since launch.

Binance recovered $12.8M in stolen crypto in 2025, up 41% from 2024. Here is how their AI-powered anti-scam system protects users.

Binance issues a detailed warning on lookalike wallet address scams that trick users into sending funds to fraudulent addresses. Detection tips inside.

Binance recommends ED25519 signatures for API security, deprecating HMAC. Here's what the upgrade means for traders, bots, and card-linked accounts.

COCA Wallet integrates Privy for seedless login. No more seed phrases, familiar auth methods, and full self-custody preserved.

Lombard Finance adds Chainlink Proof of Reserve, CCIP, and Price Feeds to verify LBTC collateralization across 15 chains in real-time.

Binance introduces Security Center, an automatic risk scanner for its Web3 Wallet. We analyze what it checks, how it protects funds, and what it means for users.

Jupiter has faced security concerns over its ASR claim flow. Learn why seed phrase imports are dangerous for card-linked wallets and what the new direct claim flow means.

A definitive guide to the ether.fi x MEXC co-branded card. Analyze the 15% dining boost, the issuer accountability stack, and dispute protection frameworks.

RedotPay now supports Apple Pay and Google Pay. Here is what mobile wallet integration changes for security, daily usability, and cardholder behavior.

Binance has launched MPC wallet integration for its ecosystem. Analyze how Multi-Party Computation changes security for crypto cardholders and reduces single-point-of-failure risk.

A deep dive into high-pressure social engineering scams targeting cardholders. Learn how scammers use 'official' authority to bypass security and what you can do to protect your wallet.

A 2000-word deep dive into the technical and legal layers of crypto card custody. Learn about MPC, Account Abstraction (ERC-4337), and how to audit your issuer's solvency risk.

The US CLARITY Act could effectively ban stablecoin rewards. Learn why Coinbase withdrew support, the impact on cardholders, and the $243M revenue stake.

DeFi security no longer stops at audits. Here is what modern security platforms actually do, from monitoring and alerting to oracle, permissions, and incident-response controls.

Self-custody vs custodial crypto cards: security architecture, gas fees, recovery mechanisms, real breach case studies, and a cost-benefit analysis of 7 cards with actual numbers.

How smart contracts protect your crypto card from fraud. Learn about on-chain spending limits, guardians, and the future of decentralized card security.

The end of 'sending your passport' is here. Learn how ZK-KYC and Self-Sovereign Identity (SSI) are making crypto cards private and secure.

How does MiCA 2.0 impact your crypto card choice? Learn about the new EU regulations and how they affect card privacy, limits, and availability.

How Multi-Party Computation (MPC) protects crypto cards: threshold signatures, key share architecture, vs. multisig comparison, real security incidents, and implementation across 12 major cards.