On April 28th security researchers from V12sec, discovered critical vulnerability in Thorchain that could lead to $32mil in loses
Despite it being so critical, Thorchain refused to pay, citing that "the bounty program is retired"
SOURCE @DWCupdate
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1๐1
The malicious site tricked them into connecting their wallet, which allowed the attacker to drain the funds shortly after.
SOURCE @DWCcove
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1
Reuters reported that the UK Financial Conduct Authority warned Premier League and other football clubs that sponsorship deals with unauthorized crypto firms and trading platforms could expose them to legal liability, money laundering risks and reputational damage. The FCA said some unauthorized firms may be using high-profile club sponsorships to promote products to football fans despite not being allowed to operate in the UK, and has urged clubs to strengthen checks on their partners.
Source๏ผ
via x.com/WuBlockchain
Zero trophies, zero FCA registration, but somehow still on the sleeve. ๐ฆบ The FCA is reminding Premier League clubs that "they paid us well" is not a compliance framework, and that laundering money through a stadium sponsorship is still laundering money. Turns out due diligence doesn't care how many followers your shirt sponsor has.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1
โ๏ธJUST IN: EARLY APOLLO ABOUT TO EXIT FOR $1300 BTC โ ๏ธ
LINK - https://oguser.com/Thread-Ghosted-from-Hawk
OP sent $1.3k btc to @/Hawk (early apollo rank, 327 reputation, 33 deals) to buy some twitchcon cape codes. @/Hawk confirmed the payment and started immediately stalling. It's been 5 days with @/Hawk being active on tele, but ghosting.
โ๏ธ go first to an early apollo in 2026 huh?
โ๏ธDWC, @/Hawk is likely exiting on more people as of this momentโ ๏ธ
LINK - https://oguser.com/Thread-Ghosted-from-Hawk
OP sent $1.3k btc to @/Hawk (early apollo rank, 327 reputation, 33 deals) to buy some twitchcon cape codes. @/Hawk confirmed the payment and started immediately stalling. It's been 5 days with @/Hawk being active on tele, but ghosting.
โ๏ธ go first to an early apollo in 2026 huh?
โ๏ธDWC, @/Hawk is likely exiting on more people as of this moment
Please open Telegram to view this post
VIEW IN TELEGRAM
Evaders
Multiple handles obtained via the PATCHED exploit are currently being returned to their rightful owners.
SOURCE / @DWCusers
Please open Telegram to view this post
VIEW IN TELEGRAM
So far, law enforcement has arrested 60+ suspected threat actors, Coinbase has seized over $3M in stolen crypto, and Meta has disabled more than 1.4M accounts linked to scam activity.
SOURCE @DWCusers
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1๐1๐ฅ1
#CertiKInsight ๐จ
We have seen an exploit of ~$243K on ATM token. The transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer.
Stay vigilant!
via x.com/CertiKAlert
Someone shipped a transferFrom() that hands out a 20% bonus to anyone clever enough to loop it, and yes, people did loop it. $243K gone because the ATM token's core function was basically a coupon that never expires.
We have seen an exploit of ~$243K on ATM token. The transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer.
Stay vigilant!
via x.com/CertiKAlert
Someone shipped a transferFrom() that hands out a 20% bonus to anyone clever enough to loop it, and yes, people did loop it. $243K gone because the ATM token's core function was basically a coupon that never expires.
๐จ SlowMist TI Alert ๐จ
A new Rust-based supply-chain malware campaign, IronWorm, actively targeting developer environments and Web3/crypto ecosystems via malicious npm packages.
Potential attacker actions include credential theft, wallet seed and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret exfiltration, Tor-based command-and-control, and stealth via an eBPF rootkit.
Security teams should audit repositories for backdated commits, suspicious branches, unexpected build hooks, and commits attributed to automation-like identities such as claude, dependabot, renovate, or github-actions. Remove or deprecate affected package versions, publish clean releases, rotate all exposed secrets and tokens, review GitHub Actions artifacts, and rebuild potentially compromised developer or CI systems from clean images.
Thanks to @JFrogSecurity for the discoveryโฆ
via x.com/SlowMist_Team
Devs really said "let's build the financial system of the future" and left the door unlocked, the windows open, and a welcome mat that says
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
A new Rust-based supply-chain malware campaign, IronWorm, actively targeting developer environments and Web3/crypto ecosystems via malicious npm packages.
Potential attacker actions include credential theft, wallet seed and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret exfiltration, Tor-based command-and-control, and stealth via an eBPF rootkit.
Security teams should audit repositories for backdated commits, suspicious branches, unexpected build hooks, and commits attributed to automation-like identities such as claude, dependabot, renovate, or github-actions. Remove or deprecate affected package versions, publish clean releases, rotate all exposed secrets and tokens, review GitHub Actions artifacts, and rebuild potentially compromised developer or CI systems from clean images.
Thanks to @JFrogSecurity for the discoveryโฆ
via x.com/SlowMist_Team
Devs really said "let's build the financial system of the future" and left the door unlocked, the windows open, and a welcome mat that says
npm install trust-me. IronWorm doesn't need to be clever, it just needs you to not check your build hooks. Rotate your secrets, or don't, the malware already has them.Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
SlowMist (@SlowMist_Team) on X
SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
๐ฅ1
$5.4M gone from @gravity_bridge. An attacker minted worthless tokens on Osmosis, poisoned the token registry with a fabricated denom string, and walked out with real assets. They didn't break the code. They just found where it stopped asking questions.
via x.com/RektHQ
The registry trusted a string it never should have met. ๐ชค Attacker minted garbage tokens, slipped a fake denom into the registry like a counterfeit bill in a vending machine, and collected $5.4M in real money on the way out. The code didn't fail. It just never learned to be suspicious.
via x.com/RektHQ
The registry trusted a string it never should have met. ๐ชค Attacker minted garbage tokens, slipped a fake denom into the registry like a counterfeit bill in a vending machine, and collected $5.4M in real money on the way out. The code didn't fail. It just never learned to be suspicious.
โค4โก3
JUST IN: ๐บ๐ธ $1.75 trillion wiped out from the US stock market today.
$130,000,000,000 wiped out from the crypto market cap.
via x.com/WatcherGuru
Crypto was supposed to be the hedge and it just caught the same cold as everything else, on a Monday, before lunch. $1.75T gone from stocks, $130B gone from crypto, and somewhere a boomer is nodding so hard his reading glasses fell off.
$130,000,000,000 wiped out from the crypto market cap.
via x.com/WatcherGuru
Crypto was supposed to be the hedge and it just caught the same cold as everything else, on a Monday, before lunch. $1.75T gone from stocks, $130B gone from crypto, and somewhere a boomer is nodding so hard his reading glasses fell off.
๐คฎ3๐ค2๐ข2๐1๐1
Weekly Project Updates: Hyperliquid Perp Volume Hits Record, Radiant Capital Prepares Shutdown, Polymarket suspects industrial espionage from Kalshi, Hacker Drains Kelp DAO Bridge Funds, etc
via x.com/WuBlockchain
Radiant prepping shutdown while Kelp gets drained and Polymarket thinks Kalshi sent a spy, genuinely just a normal content week in this industry. Hyperliquid perps are the only green in the whole roundup and even that feels ominous at this point.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
via x.com/WuBlockchain
Radiant prepping shutdown while Kelp gets drained and Polymarket thinks Kalshi sent a spy, genuinely just a normal content week in this industry. Hyperliquid perps are the only green in the whole roundup and even that feels ominous at this point.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
โค2๐1
Just inโ ๏ธ : A verified member + @Major staff (@side) has scammed @ton4life for 5000๐ฒ!
All proofs of him scamming can be found here:
https://t.me/khaosdwc.
DO NOT DEAL WITH HIM until everything is figured out.
SOURCE @OGULounge!
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
All proofs of him scamming can be found here:
https://t.me/khaosdwc.
DO NOT DEAL WITH HIM until everything is figured out.
SOURCE @OGULounge!
Please open Telegram to view this post
VIEW IN TELEGRAM
๐2โค1๐ข1
UPDATE:
Following the exposure of the fake @dices sale that resulted in a user losing $5,000, @side (Khaos) has started accusing virtually everyone around him of being scammers โ including Telegram-related staff, Major, verification providers, and community members.
His latest position appears to be simple: everyone is a scammer except him.
The community is still waiting for one thing only โ the return of the victim's $5,000.
SOURCE @godspeed
Following the exposure of the fake @dices sale that resulted in a user losing $5,000, @side (Khaos) has started accusing virtually everyone around him of being scammers โ including Telegram-related staff, Major, verification providers, and community members.
His latest position appears to be simple: everyone is a scammer except him.
The community is still waiting for one thing only โ the return of the victim's $5,000.
SOURCE @godspeed
๐คฏ2๐ฅด2โค1
ZachXBT Flags JuCoin Over Withdrawal Issues and Reserve Concerns
ZachXBT said multiple users have reported withdrawal issues on JuCoin over the past week. He also questioned the exchangeโs reported $511 million reserves, alleging most consist of USDC and USDT issued on its own JuChain without clear backing. ZachXBT further noted JuDAO suffered a $20 million incident in 2025 and a $225,000 exploit in April 2026, while JuCoin attributed the delays to platform upgrades and restructuring.
via x.com/WuBlockchain
$511M in reserves where most of it is stablecoins they printed on their own chain is not reserves, that's a screenshot of a number. "Platform upgrades and restructuring" is doing a lot of heavy lifting when Zach's already walking through the receipts. Two incidents and a withdrawal freeze and they're still in the upgrades explanation.
ZachXBT said multiple users have reported withdrawal issues on JuCoin over the past week. He also questioned the exchangeโs reported $511 million reserves, alleging most consist of USDC and USDT issued on its own JuChain without clear backing. ZachXBT further noted JuDAO suffered a $20 million incident in 2025 and a $225,000 exploit in April 2026, while JuCoin attributed the delays to platform upgrades and restructuring.
via x.com/WuBlockchain
$511M in reserves where most of it is stablecoins they printed on their own chain is not reserves, that's a screenshot of a number. "Platform upgrades and restructuring" is doing a lot of heavy lifting when Zach's already walking through the receipts. Two incidents and a withdrawal freeze and they're still in the upgrades explanation.
โค1
๐จSlowMist TI Alert๐จ
๐ธ Loss: 14.411518807585587 ETH
๐ Root Cause: Storage slot collision between
๐ Attacker (EOA): 0x2d2aafc193c24e59bd16139056ac9b4df4d37ad0
๐ Victim Contract: 0xa10de71ddb4e0d51938ef6e0118822e157a62888
๐ Attack Contract: 0x2441e480f62bf609a08da09143e4baf8a817d757
Storage collision between reward accounting and reentrancy guard enables unlimited reward drainage.
Powered by #SlowMist.AI
via x.com/SlowMist_Team
The reentrancy guard was literally paying the attacker to trigger it, 200 times.
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
๐ธ Loss: 14.411518807585587 ETH
๐ Root Cause: Storage slot collision between
ATOHook.rewards mapping slot and Solady ReentrancyGuard fixed slot (0x02215292eb9609279094554c6e223f800950648ddfa3da30329838d6c170928d). The nonReentrant modifier in getReward() writes sentinel value 0xffffffffffffff to the guard slot, which is simultaneously read as rewards[attackContract] due to the collision. This inflated reward is paid as ETH each call, allowing 200 repeated claims.๐ Attacker (EOA): 0x2d2aafc193c24e59bd16139056ac9b4df4d37ad0
๐ Victim Contract: 0xa10de71ddb4e0d51938ef6e0118822e157a62888
๐ Attack Contract: 0x2441e480f62bf609a08da09143e4baf8a817d757
Storage collision between reward accounting and reentrancy guard enables unlimited reward drainage.
Powered by #SlowMist.AI
via x.com/SlowMist_Team
The reentrancy guard was literally paying the attacker to trigger it, 200 times.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1
Newsview Daily
Jackpot Pot: ๐ช 3 โ a slice of every win, drawn tonight.
Yesterday's top chatters:
1. WardenMaxFive โ 376 msgs (+๐ช 30)
2. pironcorp โ 294 msgs (+๐ช 20)
3. ๐๐ข๐ฎ๐ข๐ฆ๐ญ โ 224 msgs (+๐ช 10)
The month's top chatters win real cash: $40 / $20 / $5 (and it scales as we grow).
Spam won't win it: gibberish and bot activity are auto-filtered, and winners are hand-reviewed before any payout.
Grab your free daily points two ways: tap Claim in the app, or /claim once you're in the chat group.
Then chat to earn more, gamble at /dice /flip /slots /duel, and redeem for Telegram Stars, Premium and a $100 crypto prize.
Jump into the chat and games below.
Jackpot Pot: ๐ช 3 โ a slice of every win, drawn tonight.
Yesterday's top chatters:
1. WardenMaxFive โ 376 msgs (+๐ช 30)
2. pironcorp โ 294 msgs (+๐ช 20)
3. ๐๐ข๐ฎ๐ข๐ฆ๐ญ โ 224 msgs (+๐ช 10)
The month's top chatters win real cash: $40 / $20 / $5 (and it scales as we grow).
Spam won't win it: gibberish and bot activity are auto-filtered, and winners are hand-reviewed before any payout.
Grab your free daily points two ways: tap Claim in the app, or /claim once you're in the chat group.
Then chat to earn more, gamble at /dice /flip /slots /duel, and redeem for Telegram Stars, Premium and a $100 crypto prize.
Jump into the chat and games below.
PiggyBank Unwinds LAB Hedge, Reports Up to 15% NAV Drawdown
PiggyBank said it closed a LAB hedge after extreme volatility and negative funding rates made the position unsustainable. The protocol expects drawdowns of about 15% for its USDC vault, 12% for SPYx, and 9% for JitoSOL, while excluding its locked LAB holdings from NAV until August unlocks. ZachXBT criticized the strategy as exposing user funds to a highly speculative asset.
via x.com/WuBlockchain
"Extreme volatility made the position unsustainable" is just saying the hedge didn't work without saying the hedge didn't work. Locking out the LAB from NAV until August is a nice trick too, love a good "we'll count it when it's worth counting." ZachXBT said what he said.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
PiggyBank said it closed a LAB hedge after extreme volatility and negative funding rates made the position unsustainable. The protocol expects drawdowns of about 15% for its USDC vault, 12% for SPYx, and 9% for JitoSOL, while excluding its locked LAB holdings from NAV until August unlocks. ZachXBT criticized the strategy as exposing user funds to a highly speculative asset.
via x.com/WuBlockchain
"Extreme volatility made the position unsustainable" is just saying the hedge didn't work without saying the hedge didn't work. Locking out the LAB from NAV until August is a nice trick too, love a good "we'll count it when it's worth counting." ZachXBT said what he said.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1
Asia's weekly TOP10 crypto news: Japan Eyes Yen Stablecoins & Crypto ETFs, Korea Forms KRW Stablecoin Alliance, Coinbase Launches INR Deposits in India, Hong Kong Plans Legislationto Regulate Crypto Trading & Custody, US Sanctions Iranโs Top crypto exchange Nobitex.
via x.com/WuBlockchain
Every government in Asia simultaneously decided crypto is real this week, apparently.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
via x.com/WuBlockchain
Every government in Asia simultaneously decided crypto is real this week, apparently.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1
JUST IN: ๐ฐ๐ท South Korea's KOSPI stock market halted after 8.4% crash, triggering circuit breaker.
via x.com/WatcherGuru
8.4% in a single session and they had to physically unplug the market, incredible work everyone.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
๐ The Damage ยท ๐ Read
via x.com/WatcherGuru
8.4% in a single session and they had to physically unplug the market, incredible work everyone.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ The Damage ยท ๐ Read
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Watcher.Guru (@WatcherGuru) on X
Watcher Guru gives you unparalleled, unbiased coverage of all-things crypto & finance in real-time | Posts Are Not Financial Advice | @BTCPrice
๐จTenArmor Security Alert๐จ
Our system has detected a suspicious attack involving #Ambient Finance on #ETH, resulting in an approximately loss of $110.6K.
Attack transaction:
With TenArmorโs TenMonitor, you get early detection and automated response to on-chain attacks.
Need protection? Reach out anytime!
#TenArmorAlert #TenArmor
via x.com/TenArmorAlert
$110K gone and the security company's press release is already formatted and ready to go, amazing hustle. Half the ecosystem's business model is just waiting for the next drain and being first to tweet about it. detection is fast, prevention is apparently optional.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
๐ The Damage ยท ๐ Read
Our system has detected a suspicious attack involving #Ambient Finance on #ETH, resulting in an approximately loss of $110.6K.
Attack transaction:
With TenArmorโs TenMonitor, you get early detection and automated response to on-chain attacks.
Need protection? Reach out anytime!
#TenArmorAlert #TenArmor
via x.com/TenArmorAlert
$110K gone and the security company's press release is already formatted and ready to go, amazing hustle. Half the ecosystem's business model is just waiting for the next drain and being first to tweet about it. detection is fast, prevention is apparently optional.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ The Damage ยท ๐ Read
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ2โค1
Yuga Labs completes whitehat rescue of high-value NFTs in Flooring Protocol exploit
Yuga Labs CEO Michael Figge said the team has completed a whitehat rescue operation for an exploit discovered in Flooring Protocol.
The rescued NFTs are now safely in Yuga Labsโ custody, including 29 BAYC, 4 MAYC, 1 BAKC, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird and 2 Doodles.
Yuga Labs said it instructed its GrailsOTC trading desk to front the funds and NFTs needed to rescue the at-risk assets, and will work with the protocol developers to return the assets once a solution is finalized.
via x.com/WuBlockchain
Respect the save, but imagine being the dev who wrote a bug that almost yeeted a CryptoPunk into the void.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ง Exclusive Giveaways & Rewards USE CODE: evaders On Sign Up. If your location is restricted use a VPN.
๐ The Damage ยท ๐ Read
Yuga Labs CEO Michael Figge said the team has completed a whitehat rescue operation for an exploit discovered in Flooring Protocol.
The rescued NFTs are now safely in Yuga Labsโ custody, including 29 BAYC, 4 MAYC, 1 BAKC, 2 CryptoPunks, 1 Azuki, 2 Elementals, 26 Captains, 1 Moonbird and 2 Doodles.
Yuga Labs said it instructed its GrailsOTC trading desk to front the funds and NFTs needed to rescue the at-risk assets, and will work with the protocol developers to return the assets once a solution is finalized.
via x.com/WuBlockchain
Respect the save, but imagine being the dev who wrote a bug that almost yeeted a CryptoPunk into the void.
You're here for the carnage, might as well get paid for it. Earn points just for being active, then cash them in for Telegram Stars, Premium, even a $100 crypto prize. Open ๐ The Damage to start.
๐ The Damage ยท ๐ Read
Please open Telegram to view this post
VIEW IN TELEGRAM
โค1