30 crypto-security item(s) in the window with ~$25.7M in reported losses The largest is "@chainalysis: Ethereum’s most notorious sandwich attacker just lost $7.5 million to a honeypot. Read our latest research explaining t…" (~$7.5M). Dominant vectors: rug pull, supply-chain attack, frontend / DNS hijack, private-key compromise.
-
Sam: “Okay team. We all agree the Mythos name alone was begging to be drone stiked by the USG. We need names for these new models that….isn’t that.” Intern: “Cupcakes? Everyone loves cupcakes!” Intern: “Puppies?” Intern: “Rainbows? Unicorns!” Greg: “Gay.” Sam: “….” Greg: https://t.co/retv30qvow
@tayvano_: Sam: “Okay team. We all agree the Mythos name alone was begging to be drone stiked by the USG. We need names for these… -
🔍A 32-byte omission. A multi-million-dollar lesson. The root cause of the SecondFi wallet incident: the secret prefix used in Ed25519 nonce generation was dropped during implementation, allowing the private key to be mathematically recovered from a single on-chain signature. https://t.co/L3a4eMQogR
@Beosin_com: 🔍A 32-byte omission. A multi-million-dollar lesson. -
dear god why please put the nerds back in their silo thank you https://t.co/TSi0XF0Ryk [Protocols: silo]
@tayvano_: dear god why -
Base Resumes Block Production After Roughly Two-Hour Mainnet Halt
Coinbase-incubated Layer 2 Base stalled block production for about two hours Thursday after an invalid block triggered a consensus fault, before the network recovered. The outage renewed scrutiny of single-sequencer risk on major rollups.
-
nontechnical vibecoder chain https://t.co/3ZuduAszU0
@spreekaway: nontechnical vibecoder chain https://t.co/3ZuduAszU0 -
Uniswap Flashtestations Audit
Summary
-
Mystery deepens over Cardano wallet’s $18.5M white hat hacker
Cardano's founder made various claims that cast doubt on wether or not the white hat hacker moving SecondFi funds is known. The post Mystery deepens over Cardano wallet’s $18.5M white hat hacker appeared first on Protos.
-
Ethereum’s most notorious sandwich attacker just lost $7.5 million to a honeypot. Read our latest research explaining the theft, where the money’s gone, and how you can avoid getting hacked. https://t.co/5AaXDCwzGI https://t.co/a72CFTZ8Or [Loss ~$7,500,000]
@chainalysis: Ethereum’s most notorious sandwich attacker just lost $7.5 million to a honeypot. Read our latest research explaining t… -
Inside a Sandwich Attack: Lessons From the $7.5 Million Heist Against JaredfromSubway.eth
~$7.5M · Summary JaredfromSubway.eth, the most prolific sandwich-attack bot on Ethereum, was drained of at least $7.5 million in a reverse honeypot… The post Inside a Sandwich Attack: Lessons From the $7.5 Million Heist Against JaredfromSubway.eth appeared first on Chainalysis.
-
Secret Network - Rekt
$4.7M · $4.67 million lost from Secret Network’s bridge connection to Axelar Network after a forked Secret-side IBC contract minted unbacked tokens from thin air. 2 missing validation checks let an attacker forge deposits with a fake Cosmos chain. Drain went undetected for 7 days.
-
South Korea revises debt relief rules to include crypto assets
South Korea has expanded cryptocurrency disclosure requirements for its public debt relief program by including virtual asset holdings in applicant asset reviews and linking debt forgiveness more closely to repayment capacity. According to local media, the Financial Services Commission said…
-
Ark Invest buys Coinbase, Robinhood, Circle and Bullish on market dip
Cathie Wood’s Ark Invest has increased its positions in Coinbase, Circle, Bullish, and Robinhood after all four stocks posted losses in Thursday’s trading session. Ark Invest’s latest daily trading disclosure showed the firm bought 9,014 Coinbase shares across its ARK…
-
🧵1/3 🧯Old contract exploits keep happening — how should projects respond? Recently, smart contract vulnerability attacks have been occurring frequently. In particular, legacy contracts deployed years ago are being increasingly exploited as attackers leverage AI techniques to https://t.co/1txrdXwlxc
@GoPlusSecurity: 🧵1/3 -
🚨 SlowMist TI Alert 🚨 The Mini Shai-Hulud, Miasma, and Hades malware family, now expanding beyond npm into the Go module ecosystem. Affected Go modules: https://t.co/CRRD64BbZv https://t.co/wFOScxyaxw https://t.co/dt2Som48vx is a Cosmos SDK-based Layer 1 blockchain project https://t.co/2Rft5D5ugG
@SlowMist_Team: 🚨 SlowMist TI Alert 🚨 -
🚨GoPlus Security Alert: #Polymarket suffered a supply chain attack, with multiple users losing approximately $3 million @Polymarket Due to a compromise of a third-party vendor, malicious code was injected into the frontend. Around 15 user accounts collectively lost https://t.co/j0Ol2wY0VK https://t.co/La1aKILSwX [Loss ~$3,000,000]
@GoPlusSecurity: 🚨GoPlus Security Alert: -
the good news: this makes slightly more sense than SBF's bet the bad news: they still don't know what log(0) is https://t.co/rcX2H3WGEg
@spreekaway: the good news: this makes slightly more sense than SBF's bet -
Even the DAO extractoooors are capitulating https://t.co/vjTvQSRcjb
@spreekaway: Even the DAO extractoooors are capitulating https://t.co/vjTvQSRcjb -
Genuinely what the fuck do you want the govt to do about this? This framing is so constant with these fucktards and it’s absolutely why the USG is now blocking access to the latest models. 🤬 “We control the most powerful shit but can’t detect or prevent it from getting in the https://t.co/BMWGNfwLAL
@tayvano_: Genuinely what the fuck do you want the govt to do about this? -
Completely insane to let the fucking government control your product, release processes, and, ultimately, your profits. What the fuck are you guys doing. https://t.co/naHqtROAu3
@tayvano_: Completely insane to let the fucking government control your product, release processes, and, ultimately, your profits. -
Polymarket to Refund Users After Scammers Swipe Millions in Website Exploit
Hackers infiltrated Polymarket’s website via a compromised third-party vendor, the company said, swiping millions in crypto from users.
-
CoinEx Denies 'Knowledge' of Aiding Sanctioned Iran Crypto Market in $3.8 Billion Disconnect
TRM Labs said it uncovered over $3.84 billion in crypto flows between CoinEx and a web of more than 60 sanctioned Iranian platforms.
-
Coinbase's Base blockchain resumes after two-hour outage disrupted network
The incident temporarily halted transaction processing on one of Ethereum's largest layer-2 networks.
-
Tornado Cash DAO faces ‘malicious’ governance attack, researchers warn
The DAO behind notorious privacy protocol Tornado Cash has received a proposal that would replace key addresses with spoofed lookalikes. The post Tornado Cash DAO faces ‘malicious’ governance attack, researchers warn appeared first on Protos.
-
Wallet Screening Best Practices for Compliance Teams | TRM Labs
Learn why wallet screening matters, how it fits into AML/CFT programs, and best practices across KYC, sanctions, transaction monitoring, Travel Rule, and operationalization. See how TRM Labs supports compliance outcomes and how to measure success.
-
Polymarket users lose $3 million after frontend hack
~$3.0M · A hack targeting one of Polymarket’s third-party vendors has resulted in $3M worth of crypto being stolen from users. The post Polymarket users lose $3 million after frontend hack appeared first on Protos.
-
One of my 4am tweets mentions nonce reuse. I was speaking casually bc I was flabbergasted by just how fucking stupid this is. And nonce reuse is historically the stupidest thing so they got crossed in my heads. I got the other one right, so I'll repeat it now: These guys rolled https://t.co/kSnep3Z9YC
@tayvano_: One of my 4am tweets mentions nonce reuse. I was speaking casually bc I was flabbergasted by just how fucking stupid th… -
Kraken in talks to buy 15% stake in DeFi lender Aave at $385 million valuation
The DeFi lender is rebuilding after the fallout from April's KelpDAO exploit sparked a multibillion-dollar exodus of deposits despite Aave itself not being hacked.
-
a16z-backed crypto firm rebrands, shifts focus to solving AI’s global copyright headache
The startup formerly known as Story Protocol raised $140 million to secure internet rights and is now building an audit layer for data consent, licensing, and provenance for tech firms.
-
AI agents move funds on-chain at machine speed. One compromised compliance oracle can push them into a sanctions violation. 🚨 The fix is layered: multiple oracles, default-deny on outages, reject stale data, on-chain logs, circuit breakers. 👇 https://t.co/YDTMzTNIFQ
@HalbornSecurity: AI agents move funds on-chain at machine speed. One compromised compliance oracle can push them into a sanctions violat… -
#PeckShieldAlert @apyx_fi's $apxUSD has dropped below $0.8. https://t.co/YUYPIEuRDF [Loss ~$0.8]
@PeckShieldAlert: #PeckShieldAlert @apyx_fi's $apxUSD has dropped below $0.8. https://t.co/YUYPIEuRDF
Sources unavailable: Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)
Generated by GM Security · automated digest, verify before acting.