News linked to this event type.
According to the official announcement by Transit Finance, an outdated smart contract—originally deployed on the TRON blockchain and deprecated in 2022—was recently exploited via a historical vulnerability, affecting a small number of users. The team completed its investigation, isolation, and remediation efforts on May 12, 2026; no action is required from users. The current version of the smart contract remains unaffected, has been operating securely for over four years, and continues to undergo regular security audits and monitoring. Affected users will receive full compensation; details of the compensation plan will be announced separately via official channels. The team also reminds users to remain vigilant against impersonator accounts and never disclose private keys or mnemonic phrases to anyone.
According to on-chain analyst PeckShield (@PeckShieldAlert), Transit Finance appears to have been hacked, resulting in losses of approximately $1.88 million. The stolen funds are currently held in DAI at the address 0x8a634DfA2609358849D7D65FFA270C8A57a8abA5.
Avant announced that, based on comprehensive market feedback and its own assessment, it has decided to postpone the Token Generation Event (TGE) to mid-September. Avant stated that the broader decentralized finance (DeFi) token market is currently under pressure, and multiple protocols have recently suffered security incidents—conditions unfavorable for launching a token sale. Avant Rewards points will cease accruing on May 15; however, users’ already-earned points will be preserved and remain eligible for participation in the upcoming TGE. During the postponement period, Avant will advance partnerships, expand total value locked (TVL), and enhance its product suite. It also plans to host a public Space this Thursday at 2:00 PM Eastern Time.
Aave posted on X, stating that the first phase of the rsETH technical recovery plan has been completed, including the burning of the attacker's rsETH on Arbitrum.In the coming days, funds will be gradually replenished for the LayerZero OFT adapter, and rsETH-related operations will be restored.
According to Decrypt, Microsoft’s Threat Intelligence team disclosed that attackers had injected malicious code into Mistral AI packages distributed via the PyPI platform. This malicious code automatically executes when developers use the packages on Linux systems, downloading and running a malicious file named <code>transformers.pyz</code> in the background—the filename deliberately mimics the widely used Hugging Face Transformers library to evade detection. Microsoft noted that the malware primarily steals developers’ login credentials and access tokens. It avoids execution on Russian-language systems and includes logic that can randomly delete files on devices located in Israel or Iran. This attack is linked to the “Shai-Hulud” supply-chain campaign launched in September. In response, Mistral stated that its investigation found the attack originated from compromised developer devices, and its corporate infrastructure was not breached.
Coinbase, a cryptocurrency trading platform, has disclosed in a technical sharing session that its internal multi-agent development tool "Mux" is reshaping software engineering workflows, transitioning the engineer's role from traditional code implementers to task orchestrators for AI agents.With the widespread internal adoption of AI programming tools such as Cursor, Copilot, OpenCode, and Claude Code, code generation efficiency has significantly improved. However, development workflows have long remained stuck in a traditional "single-task, single-branch, sequential execution" mode, creating a new collaboration bottleneck.Mux was born as an internal tool against this backdrop. By assigning each AI agent an independent git worktree, branch, and terminal environment, the system enables parallel multi-task development and conflict-free collaboration, allowing engineers to simultaneously direct multiple agents to handle tasks such as API development, test writing, vulnerability fixes, and code refactoring.Data shows that as of April 2026, Mux has covered over 600 users within Coinbase (including engineers, product managers, and designers), with 335 actively using it and 197 being high-frequency users. It has facilitated over 5,000 PR merges across 461 code repositories and 10 organizations. Engineers using Mux achieved an average of 39.6 PR merges, approximately 3.5 times the baseline of 11.4.Coinbase stated that Mux's success relies on its internal infrastructure capabilities, including an LLM Gateway, secure model access, and a code flow deployment system, enabling deep integration of multi-agent tools into real development workflows. This trend marks a structural shift in the software engineering paradigm: as AI reduces the cost of code generation, the core value of engineers is transitioning from "implementation capability" to "problem definition and agent orchestration capability."
Odaily AI security startup Depthfirst has announced that its self-developed AI model outperforms Anthropic’s latest model, Mythos, in code vulnerability detection. It has discovered more critical security vulnerabilities at approximately one-tenth the cost, drawing attention from the cybersecurity industry.According to the company, a month before the launch of Mythos, it had previously claimed to have found a large number of severe vulnerabilities in key internet infrastructure code. Depthfirst now says its model has further identified multiple high-risk vulnerabilities that Mythos missed, all at a lower cost (approximately $1,000 compared to $10,000).Depthfirst CEO Qasim Mithani stated that the company has improved vulnerability detection efficiency through a “single-task-optimized AI model,” significantly reducing the cost of security analysis while enhancing coverage depth.The company completed $80 million in funding in March this year, achieving a valuation of $580 million. Alongside this, it launched the “Open Defense Initiative,” providing $5 million worth of AI detection credits to open-source developers and critical infrastructure projects for vulnerability scanning and security audits. (Forbes)
Odaily, Web3 security firm CertiK has released the "Skynet North Korean Crypto Threat Report." Data shows that since 2016, North Korean hacking groups have accumulated approximately $6.75 billion in stolen digital assets. In 2025 alone, their thefts amounted to $2.06 billion in losses, accounting for nearly 60% of the total annual losses in the global crypto industry (including the $1.5 billion Bybit hack). As of early 2026, this threat trend continues, with losses attributable to them making up about 55%.The report emphasizes that the North Korean hackers' attack patterns have fundamentally shifted, evolving from mere code vulnerability exploitation into a state-level attack system combining social engineering, deep supply chain attacks, and 'physical infiltration.' In the recent Drift protocol incident, attackers even spent six months infiltrating offline industry conferences, building trust through real financial transactions and personal interactions before launching the attack.CertiK security experts warn that in the face of such systemic attacks, purely technical defenses are proving inadequate. Crypto institutions urgently need to fully implement a 'zero-trust' hiring model, reinforce third-party supply chains, establish fund circuit breaker mechanisms, and collaborate with professional security firms to build a full lifecycle defense system covering code auditing, round-the-clock risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.
privacy project Monero has released the graphical wallet software GUI version 0.18.5.0 "Fluorine Fermi". This update is a recommended upgrade version, primarily including numerous bug fixes and feature optimizations. Key highlights of this release include:Migration of the P2Pool installation path to LocalAppData on Windows systemsFix for an edge case in URI parsingProhibition of creating offline transactions in scenarios involving long payment IDsEscaping untrusted text during QR code scanning to enhance securityUpgrade of P2Pool to v4.15Numerous detail bug fixes and stability improvementsMonero officials stated that this version has been open-sourced on GitHub. Users can download and upgrade through official channels to obtain the latest security fixes and stability improvements.
According to Odaily, AI startup White Circle has completed an $11 million seed funding round, with participation from Romain Huet of OpenAI, Durk Kingma of Anthropic, and several other executives from prominent AI companies. The company provides a unified API for real-time monitoring of large model inputs and outputs, used to detect hallucinations, prompt injection attacks, harmful content, model drift, and malicious user behavior. It also supports custom security policies (such as rate limiting and banning) and automated governance. (Techfundingnews)
on-chain detective ZachXBT has exposed US threat actor Dritan Kapllani Jr., alleging his involvement in social engineering thefts targeting crypto users, totaling approximately $19 million.ZachXBT stated that Dritan has long been flaunting luxury cars,名牌 watches, private jets, and nightclub lifestyles on social media. On April 23, 2026, during a "Band 4 Band (B4B)" voice call on Discord, in an attempt to prove he was wealthier than another hacker, he publicly displayed an Exodus wallet containing $3.68 million in assets.The relevant ETH address is: 0x4487db847db2fc99372a985743a26f46e0b2bba6ZachXBT's tracking revealed that this address is linked to a social engineering theft incident on March 14, 2026, involving 185 BTC (approximately $13 million). The following day, Dritan's Exodus wallet received about $5.3 million from that theft. By the time of the B4B call six weeks later, approximately $1.6 million had already been spent or laundered.On May 11, the US Department of Justice unsealed a criminal indictment against Trenton Johnson, charging him with participation in the theft of 185 BTC. He faces a potential maximum sentence of 40 years in prison. The indictment refers to "Co-Conspirator 1 (CC-1)," believed to be Dritan, who has not yet been formally charged.ZachXBT also noted that Dritan is connected to hacker John Daghita (Lick), who was previously arrested for stealing $46 million from the US government. John had previously exposed Dritan's old wallet address on Telegram. On-chain analysis shows that this address is linked to multiple high-confidence social engineering thefts in 2025, with a cumulative total exceeding $5.85 million.ZachXBT stated that Dritan has long been active in the "The Com" hacker circle and had seemingly avoided formal prosecution due to being a minor. Now that he has turned 18, his "borrowed time may finally be over."
According to monitoring by MistEye, the threat intelligence monitoring system operated by blockchain security firm SlowMist (@SlowMist_Team), a highly sophisticated npm worm named “Mini Shai-Hulud” is spreading via well-known developer projects including TanStack, UiPath, and DraftLab. Attackers have hijacked GitHub credentials to publish malicious packages disguised as legitimate updates. These packages contain a hidden script—<code>router_init.js</code>—that executes silently within CI/CD environments such as GitHub Actions, specifically designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information. Data exfiltration is conducted using GitHub’s own infrastructure. SlowMist has already shared this threat intelligence (IOC) with its clients. It recommends that projects using the affected packages immediately audit their CI/CD pipelines for the presence of <code>router_init.js</code>, rotate all exposed GitHub, cloud service, and cryptocurrency credentials, and continuously monitor development environments for anomalous background activity.
Roaring Kitty, the protagonist of the GameStop "Retail vs Wall Street" saga and the king of meme stocks, had his official X account allegedly compromised in the early hours of today. The hacker posted the contract address of the meme coin Red Kitten Crew (RKC), causing the token's market cap to briefly reach $12 million before plummeting to $1.8 million.Shortly afterwards, Roaring Kitty appears to have regained control of the account and deleted the tweet containing the contract address. Roaring Kitty himself has yet to issue a clarifying statement, with the community widely believing that the posting of the meme coin contract address was due to a brief account compromise.
Huma Finance posted on X platform, stating that its old v1 contract deployed on Polygon was exploited today, resulting in the transfer of approximately 101,400 USDC. This incident did not compromise user funds, and the related PST system was also unaffected. Only the gradually phased-out v1 legacy pools were impacted. The Huma v2 system is a complete rewrite deployed on Solana and is not vulnerable to this exploit. The team was already in the process of retiring v1 liquidity pools, and following this incident, they have fully suspended the operation of v1 contracts and accelerated the completion of migration efforts.
Sky (formerly MakerDAO) announced on X that the cross-chain bridging of USDS OFT on the Solana network, which was suspended due to the security review of the rsETH vulnerability incident, has resumed operation.Sky emphasized that during the review, its USDS-related contracts and the protocol itself were not affected. USDS has always maintained a fully overcollateralized state as designed, which can be verified in real-time on-chain. The suspension was a precautionary security measure. Currently, the bridging function on the Solana side has been reopened, while the Avalanche-related bridging will resume after further review is completed.
According to The Block, Rob Nichols, CEO of the American Bankers Association (ABA), sent a letter to senior bank executives on Sunday evening urging them to contact U.S. Senators and call for further tightening of provisions related to stablecoin rewards ahead of the Senate Banking Committee’s markup vote scheduled for Thursday. Nichols warned that the current draft fails to effectively prevent crypto firms from offering users “interest-like rewards,” which could trigger massive outflows of bank deposits and threaten economic growth and financial stability. The current draft was negotiated by Senators Angela Alsobrooks and Thom Tillis. It prohibits paying users interest or returns for holding stablecoins but permits rewards tied to genuine activity or transactions—a provision supported by Coinbase. Banking industry groups contend that these exceptions contain loopholes that could be circumvented, and on May 8, they jointly wrote to Committee Chairman Tim Scott and Democrat Elizabeth Warren, requesting technical revisions to the language of the provision.
Binance has released its latest security report. In response to the current industry trend of rapidly proliferating AI-powered fraud, the platform has deployed over 24 AI security initiatives and equipped more than 100 AI models to build an intelligent defense system against various types of crypto fraud. Statistics show that from the beginning of 2025 to the first quarter of 2026, Binance has protected over 5.4 million users and intercepted potential fund losses amounting to $10.53 billion.In Q1 2026, the platform successfully intercepted 22.9 million scams and phishing attacks, protecting $1.98 billion in user funds. It pushed over 9,600 real-time risk alerts daily and blacklisted a total of 36,000 malicious on-chain addresses. The report points out that AI-powered social engineering attacks, including deepfakes, voice cloning, and phishing bots, have become mainstream fraud methods. In 2025, the overall scale of crypto fraud reached $17 billion, a 30% year-over-year increase.On the risk control front, Binance's AI systems handle 57% of fraud detection work, reducing card fraud rates to 60%-70% of the industry average. Upgraded AI-driven anti-forgery KYC verification has increased audit efficiency by up to 100 times. Its AI trading tool, Binance Ai Pro, adopts an isolated account architecture, granting only trading permissions while prohibiting withdrawals. The platform blocked 12% of high-risk third-party AI plugins. Additionally, in 2025, Binance assisted in recovering $12.8 million in defrauded funds, handled 48,000 cases, and worked with law enforcement agencies to freeze $131 million in illegal assets.
Trader A (@missoralways) posted that he had stored seven-figure assets in Sigma for a long time without encountering security issues in the past. However, two of his recent wallets have suffered asset theft, both occurring when wallet balances fell below $10,000.He also stated that another friend suffered the theft of approximately $200,000 in assets today, and mentioned Sigma in connection with the incident. The Sigma team has launched an investigation. The trader said he released this information for security reminder purposes and emphasized that he is not an affiliated promoter of any bot-related products.
According to SlowMist, its security monitoring system MistEye has detected a counterfeit TronLink Chrome MV3 extension targeting TRON wallet users with a two-layer phishing attack. The extension disguises itself as the official plugin using Unicode obfuscation and brand spoofing. Upon installation, it first loads a remote iframe-based pop-up page designed to trick users into entering their mnemonic phrases, private keys, keystore files, and passwords—then exfiltrates this sensitive data via same-origin APIs to a Telegram bot. The malicious infrastructure involved includes the domains tronfind-api[.]tronfindexplorer[.]com and trx-scan-explorer[.]org; the malicious extension ID is ekjidonhjmneoompmjbjofpjmhklpjdd. SlowMist advises users to immediately uninstall the extension. If sensitive information has already been submitted, users should promptly migrate their assets and discontinue use of the compromised wallet.
According to Blockaid’s monitoring, Ink Finance’s Workspace Treasury Proxy on Polygon was exploited minutes ago, involving approximately $140,000.