Topic: #security
-
Solana's Bonk DAO Loses $20M in Governance Attack
BonkDAO, the decentralized organization behind the Solana-based Bonk meme coin, suffered a $20 million treasury drain through a malicious governance proposal. More than 4.4 trillion BONK tokens were stolen in the exploit, and law enforcement has been notified.
-
Summer.fi pauses Lazy Summer vaults after $6M flash loan exploit
DeFi protocol Summer.fi halted its Lazy Summer yield vaults after a flash loan attack drained approximately $6 million from the Ethereum platform. The protocol's SUMR token fell over 18% following the exploit.
-
Ill Bloom Vulnerability Drains $5M From Thousands of Crypto Wallets
Coinspect identified a critical vulnerability affecting thousands of wallets across Bitcoin, Ethereum, Polygon, and other chains. The "Ill Bloom" exploit stems from weak recovery phrase generation in certain software wallets, with at least $5 million drained since May 27.
-
Crypto hacks hit record 207 in H1 2026, but smart contracts aren't the main target
The first half of 2026 saw 207 separate crypto hacks—the most in any six-month period—yet total losses fell to $972 million, less than half of H1 2025's $2.3 billion, as attackers increasingly target infrastructure and operational systems rather than smart-contract code.
-
Lummis defends Clarity Act against Warren's illicit-finance claims
Senator Cynthia Lummis countered Elizabeth Warren's criticism of the Digital Asset Market Clarity Act, saying the bill includes 16 illicit finance safeguards including BSA/AML rules and Iran-related sanctions provisions.
-
US Treasury sanctions Brazilian nationals for $30M crypto money laundering
The US Treasury's OFAC sanctioned two Brazilian nationals, three Brazilian companies, and one Portuguese firm for laundering over $30 million in drug proceeds through cryptocurrency tied to the PCC criminal organization, marking the third enforcement action against the group.
-
Crypto hack thefts drop 7% in June to $76M, Humanity Protocol breach dominates
Cryptocurrency theft losses declined 7% in June 2026 to $76 million, but a single Humanity Protocol breach accounted for nearly half the total, highlighting persistent security vulnerabilities despite overall improvement.
-
CryptoBandits malware hijacks wallet addresses, crypto fraud hits $17B in 2025
Microsoft's threat intelligence team published analysis of CryptoBandits, a Windows malware that hijacks copied wallet addresses and steals seed phrases. Crypto fraud losses hit record highs in 2025, with individual holders increasingly targeted by scams that don't break cryptography but manipulate what your machine shows.
-
BIP-110 faces miner rejection with only 0.31% hashrate support
BIP-110, a proposal to restrict data-heavy protocols like Ordinals on Bitcoin, has secured only 0.31% of hashrate support as of late June 2026, far below the 55% threshold needed for early lock-in before its August signaling phase begins.
-
StarkWare Launches Private KYC on Starknet Using Zero-Knowledge Proofs
StarkWare introduced Private KYC on Starknet, allowing users to prove specific identity attributes via zero-knowledge proofs without exposing full passport details. The launch addresses record data breaches across sectors.
-
FIFA deploys Snicko ball-tracking at 2026 World Cup without blockchain
FIFA deployed Snicko-style ball-tracking technology at the 2026 World Cup, using motion-sensing microchips to detect contacts 500 times per second. The solution sidesteps blockchain entirely, highlighting the technology's narrow role in sports infrastructure.
-
Aztec Connect smart contract exploited for $2.1M after protocol shutdown
A dormant smart contract from the deprecated Aztec Connect protocol was drained of approximately $2.1 million on June 14 after an attacker exploited a verification logic flaw, highlighting risks inherent in immutable DeFi infrastructure.
-
Humanity Protocol token crashes 85% after $30M private key exploit
The H token fell from $0.70 to $0.08 following the compromise of private keys belonging to a Humanity Foundation member, resulting in at least $30 million in stolen tokens. CEO Terence Kwok advised users to avoid interacting with the bridge and liquidity pools.
-
Pando Rings hacker moves $10M into ETH amid market dip
A wallet tied to the 2022 Pando Rings exploit swapped $10 million DAI for 6,243 ETH at $1,602 per token, signaling unrecovered stolen funds and raising questions about DeFi security and dormant hacker activity.
-
Zcash Orchard exploit reveals cryptographic supply integrity gap
A security researcher at Shielded Labs discovered a critical exploit in Zcash's Orchard protocol using AI on May 29, which could have generated unlimited counterfeit ZEC. Zcash executed emergency forks within days, but the privacy design makes proving the supply was never tampered with cryptographically difficult.
-
FCA warns Premier League clubs over unauthorized crypto sponsorships
The UK's Financial Conduct Authority warned Premier League soccer clubs about sponsorship deals with unauthorized crypto firms, saying clubs could face legal liability and reputational damage if they enable such promotions.
-
Radiant Capital Shuts Down After $50M Hack, 18-Month Recovery Fails
Radiant Capital announced Monday it is closing operations after 18 months of recovery efforts from an October 2024 exploit that drained roughly $50 million. The protocol said it hasn't recovered meaningful funds or raised fresh capital.
-
Crypto exploit losses plunge 90% in May to $68.3 million
Crypto platform exploit losses dropped to $68.3 million in May, a 90% decline from April's $650 million. May marks the third month of 2026 with losses under $100 million, though cross-chain bridges remain the most targeted infrastructure.
-
White-hat hacker recovers $2M from 2016 Hong Coin ICO smart contract
A pseudonymous white-hat hacker known as 0xflorent helped recover $2 million worth of Ether locked in a failed 2016 ICO smart contract, enabling refunds to 48 investors after nearly a decade through exploitation of an integer overflow vulnerability.
-
Security researcher recovers $2M in locked ETH from nine-year-old HongCoin bug
A white-hat security researcher discovered and fixed an integer-overflow vulnerability in the HongCoin ICO smart contract, recovering approximately $2 million worth of ETH that had been trapped since the 2016 token sale failed to reach its funding goal.
-
Gravity Bridge halts after $5.4M exploit tied to signing key compromise
Gravity Bridge, a cross-chain bridge connecting Ethereum and Cosmos, was drained of approximately $5.4 million in a suspected signing key compromise, prompting validators to halt operations while investigating the breach.
-
Microsoft threatens legal action against researcher over zero-day exploits
Microsoft's Digital Crimes Unit has disabled accounts and threatened legal action against security researcher Nightmare Eclipse for publishing zero-day exploits, sparking debate over vulnerability disclosure practices and researcher safety.
-
DeFi's Biggest Threat Is Human Error, Not Code Flaws
Isaac Patka argues that most DeFi failures stem from operational security mistakes and poor parameter configuration, not smart contract bugs. Error correction mechanisms can coexist with decentralization, he says.
-
StakeDAO Attacker Mints 5.4T vsdCRV, Cashes Out Only $91K
An attacker exploited a compromised StakeDAO deployer key on Arbitrum to mint over 5.4 trillion vsdCRV tokens worth $763 billion on paper, but thin liquidity limited actual proceeds to approximately $91,000 in realized gains.