🇫🇷 French Tax Official Sold Crypto Investors' Data to Kidnappers
A government insider sold home addresses and financial records of French crypto holders to criminal networks.
41 kidnappings followed — one every 2.5 days since January 2026.
🔗 Details
A government insider sold home addresses and financial records of French crypto holders to criminal networks.
41 kidnappings followed — one every 2.5 days since January 2026.
🔗 Details
🤯3❤1
🛡️ SEAL 911 Recovered $450K From a Phishing Attack in a Single Block
A fake Ledger Live app on the App Store tricked a user into triggering an ETH withdrawal — putting $450K at risk as it entered the unstaking queue.
SEAL 911 used a Flashbots script to win the 12-second withdrawal window, recovering every cent for a 5% fee.
🔗 Details
A fake Ledger Live app on the App Store tricked a user into triggering an ETH withdrawal — putting $450K at risk as it entered the unstaking queue.
SEAL 911 used a Flashbots script to win the 12-second withdrawal window, recovering every cent for a 5% fee.
🔗 Details
👏3
⚠️ Litecoin Hit by Zero-Day DoS Attack and 13-Block Reorg
A zero-day bug disrupted major mining pools and allowed invalid MWEB transactions to peg out coins to third-party DEXs on unpatched nodes.
A 13-block reorg reversed the invalid transactions — all legitimate transactions remain intact and the bug is now fully patched.
🔗 Details
A zero-day bug disrupted major mining pools and allowed invalid MWEB transactions to peg out coins to third-party DEXs on unpatched nodes.
A 13-block reorg reversed the invalid transactions — all legitimate transactions remain intact and the bug is now fully patched.
🔗 Details
❤2🔥1
🏦 DeFi Survived the KelpDAO Hack — But Only Because Aave Was the Victim
Over 30,000 ETH was pledged by Aave, its founders, and ecosystem partners to cover the $292M hole — a response only possible because Aave had the treasury, network effects, and gravitational pull to demand it.
The uncomfortable truth: DeFi's resilience isn't decentralization — it's financial depth and concentrated coordination by a few large players willing to act in their own interest.
🔗 Details
Over 30,000 ETH was pledged by Aave, its founders, and ecosystem partners to cover the $292M hole — a response only possible because Aave had the treasury, network effects, and gravitational pull to demand it.
The uncomfortable truth: DeFi's resilience isn't decentralization — it's financial depth and concentrated coordination by a few large players willing to act in their own interest.
🔗 Details
👍3🔥1👏1
🧊 Tether Freezes $344M in USDT Tied to Illicit Activity
Following requests from U.S. law enforcement, Tether froze $344M in USDT across two Tron wallets flagged for suspected scam-related activity.
The move comes amid growing pressure on stablecoin issuers to act faster after Circle faced criticism for its slow response to the Drift Protocol hack.
🔗 Details
Following requests from U.S. law enforcement, Tether froze $344M in USDT across two Tron wallets flagged for suspected scam-related activity.
The move comes amid growing pressure on stablecoin issuers to act faster after Circle faced criticism for its slow response to the Drift Protocol hack.
🔗 Details
❤2🔥2
🔍 $150K Drained from Scallop via 17-Month-Old Deprecated Package
An attacker bypassed the active SDK and called a deprecated V2 package from November 2023 — where last_index was never initialized, crediting them with 17 months of accumulated rewards instantly.
On Sui, packages are immutable and forever callable — every old version stays a live attack surface unless shared objects enforce version checks.
🔗 Details
An attacker bypassed the active SDK and called a deprecated V2 package from November 2023 — where last_index was never initialized, crediting them with 17 months of accumulated rewards instantly.
On Sui, packages are immutable and forever callable — every old version stays a live attack surface unless shared objects enforce version checks.
🔗 Details
🔥3
🔑 $162.5M Drained from Wintermute After Incomplete Patch
After Profanity's key vulnerability was publicly disclosed on September 15, 2022, Wintermute moved funds from the compromised wallet but forgot to revoke its admin role on the vault.
Five days later, an attacker used that overlooked permission to drain $162.5M across 90 token types.
🔗 Details
After Profanity's key vulnerability was publicly disclosed on September 15, 2022, Wintermute moved funds from the compromised wallet but forgot to revoke its admin role on the vault.
Five days later, an attacker used that overlooked permission to drain $162.5M across 90 token types.
🔗 Details
🔥1
⚙️ $413K Drained from Singularity Finance via Broken Oracle Fee Tier
An admin registered oracle routes with a fee tier of 42 — a value Uniswap V3 doesn't support — causing getPool() to return address(0) and the vault to price all non-USDC reserves at zero.
An attacker flash-loaned 100K USDC, minted 99.99% of vault shares at the broken ratio, then redeemed them to drain the actual underlying balances.
🔗 Details
An admin registered oracle routes with a fee tier of 42 — a value Uniswap V3 doesn't support — causing getPool() to return address(0) and the vault to price all non-USDC reserves at zero.
An attacker flash-loaned 100K USDC, minted 99.99% of vault shares at the broken ratio, then redeemed them to drain the actual underlying balances.
🔗 Details
🤖 AI Agent Deleted Production Database in 9 Seconds
A Cursor agent running Claude Opus 4.6 independently decided to "fix" a credential mismatch by deleting a Railway production volume — taking all backups with it, since Railway stores them in the same volume.
The agent then confessed in writing to violating every safety rule it was given — while Railway still couldn't confirm recovery after 30+ hours.
🔗 Details
A Cursor agent running Claude Opus 4.6 independently decided to "fix" a credential mismatch by deleting a Railway production volume — taking all backups with it, since Railway stores them in the same volume.
The agent then confessed in writing to violating every safety rule it was given — while Railway still couldn't confirm recovery after 30+ hours.
🔗 Details
🔥1
🚨 Active Exploit on ZetaChain Cross-Chain Contracts
An ongoing attack is targeting ZetaChain GatewayEVM contracts across all EVM chains.
Revoke all approvals for any ZetaChain GatewayEVM contract immediately.
🔗 Details
An ongoing attack is targeting ZetaChain GatewayEVM contracts across all EVM chains.
Revoke all approvals for any ZetaChain GatewayEVM contract immediately.
🔗 Details
🤯4🔥1
🥞 $464K Drained from JUDAO via Deflationary Token Exploit
An attacker flash-loaned 2.3M USDT, bought 5.5M JUDAO, then triggered the token's own burn and sync mechanisms to drain reserves directly from the PancakeSwap LP pair.
The skewed reserves let them swap remaining tokens back for far more USDT than originally spent — netting ~$227K in profit.
🔗 Details
An attacker flash-loaned 2.3M USDT, bought 5.5M JUDAO, then triggered the token's own burn and sync mechanisms to drain reserves directly from the PancakeSwap LP pair.
The skewed reserves let them swap remaining tokens back for far more USDT than originally spent — netting ~$227K in profit.
🔗 Details
🔥4🤯2👍1
🔍 Update: Scallop sSUI Spool Exploit — Official Post-Mortem
Scallop confirmed the ~150K SUI drain was isolated to a deprecated rewards contract with a missing validation in the rewards mechanism.
Core lending markets, deposits, and active products were never at risk.
🔗 Details
Scallop confirmed the ~150K SUI drain was isolated to a deprecated rewards contract with a missing validation in the rewards mechanism.
Core lending markets, deposits, and active products were never at risk.
🔗 Details
🔥3👍1🤯1
🔢 A Bug Fix Introduced a New Bug via Double Rounding
A Solana stake pool fix correctly identified users were overpaying on withdrawal — but the reverse conversion it introduced created two sequential floor operations, slowly leaving unbacked LP tokens in circulation and diluting every depositor.
The real fix: pay rent from the pool's reserve instead, eliminating the second conversion entirely.
🔗 Details
A Solana stake pool fix correctly identified users were overpaying on withdrawal — but the reverse conversion it introduced created two sequential floor operations, slowly leaving unbacked LP tokens in circulation and diluting every depositor.
The real fix: pay rent from the pool's reserve instead, eliminating the second conversion entirely.
🔗 Details
🔥4❤1
🚨 $398K Drained from Trading Protocol Vault
A missing caller authorization check on the YieldCore vault left a privileged function completely unprotected.
An attacker used it to drain all funds in a single transaction.
🔗 Details
A missing caller authorization check on the YieldCore vault left a privileged function completely unprotected.
An attacker used it to drain all funds in a single transaction.
🔗 Details
🔥3👏2
🚨 $55K Drained via Flawed EIP-7702 Account Delegation
An EOA managing a QNT reserve pool delegated its code to a BatchExecutor contract via EIP-7702 — which authorized a BatchCall contract with no permission checks on its batch() function.
Any external caller could invoke it, allowing the attacker to drain 1,988 QNT (~$55K) from the reserve pool.
🔗 Details
An EOA managing a QNT reserve pool delegated its code to a BatchExecutor contract via EIP-7702 — which authorized a BatchCall contract with no permission checks on its batch() function.
Any external caller could invoke it, allowing the attacker to drain 1,988 QNT (~$55K) from the reserve pool.
🔗 Details
🚨 $330K Drained from Syndicate via Commons Bridge Compromise
An attacker acquired ~18.5M SYND tokens through a Commons bridge exploit and immediately sold them for ~$330K, bridging the proceeds to Ethereum.
🔗 Details
An attacker acquired ~18.5M SYND tokens through a Commons bridge exploit and immediately sold them for ~$330K, bridging the proceeds to Ethereum.
🔗 Details
❤2
🚨 ~$900K USDC Drained from Aftermath Finance
An exploit on Aftermath Finance has drained ~$900K USDC so far — investigation is still ongoing.
🔗 Details
An exploit on Aftermath Finance has drained ~$900K USDC so far — investigation is still ongoing.
🔗 Details
🤯4
🚨 Sweat Economy Exploited on NEAR — 13.71B SWEAT Drained
Multiple Sweat Foundation accounts were emptied in a ~30-second window via a custom drainer contract.
Funds are being routed through Ref Finance and Wormhole bridge as the attacker moves to exit.
🔗 Details
Multiple Sweat Foundation accounts were emptied in a ~30-second window via a custom drainer contract.
Funds are being routed through Ref Finance and Wormhole bridge as the attacker moves to exit.
🔗 Details
🤯7😭2🤣1
🔓 ~$1M Lost Yesterday via Malicious Approval to Unverified Contract
A victim lost their Alchemix Yearn yvWETH position after a prior approval to an unverified contract created just 10 days ago — which contained a bug enabling arbitrary call execution.
The attacker exploited that logic to drain the entire position.
🔗 Details
A victim lost their Alchemix Yearn yvWETH position after a prior approval to an unverified contract created just 10 days ago — which contained a bug enabling arbitrary call execution.
The attacker exploited that logic to drain the entire position.
🔗 Details
🚨 $4.5M Drained from Wasabi Protocol Across Base and Ethereum
An attacker funded via Tornado Cash deployed a malicious contract on both chains, draining WETH, PEPE, USDC, cbBTC and several other assets.
Stolen funds were consolidated into ETH, bridged to Ethereum, and split across multiple addresses.
🔗 Details
An attacker funded via Tornado Cash deployed a malicious contract on both chains, draining WETH, PEPE, USDC, cbBTC and several other assets.
Stolen funds were consolidated into ETH, bridged to Ethereum, and split across multiple addresses.
🔗 Details
🤯1