News linked to this event type.
According to TenArmorAlert monitoring, the AROS token on the BSC chain was attacked, resulting in losses of approximately $295,300.
CertiK data shows attack losses on crypto platforms fell to $68.3 million in May, down nearly 90% from $650 million in April. May became the third month in 2026 with losses below $100 million. Approximately $2.6 million of this came from phishing attacks, and about $9.4 million of the stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the attack type with the highest losses, totaling approximately $45 million, accounting for 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary attack targets, suffering losses of $28.6 million, accounting for 42%.
Mohsen Rezaei, a military advisor to Iran's Supreme Leader, recently pointed out in an exclusive interview that for the United States, continuing the current conflict is a "path of no return," and only negotiation is the viable way forward. Rezaei stated that Iran is fully prepared, and if the U.S. continues its maritime blockade against Iran, Iran will launch attacks to break the blockade. Rezaei also mentioned that Iran's Islamic Revolutionary Guard Corps has established a new combat system centered on "asymmetric warfare," relying on cost-effective drones to strike high-value enemy targets.Mohsen Rezaei, a former commander-in-chief of Iran's Islamic Revolutionary Guard Corps who led the development of Iran's military theoretical framework, now serves as a military advisor to Supreme Leader Ayatollah Ali Khamenei and is also a member of Iran's Expediency Council. (CCTV International News)
Sui Chinese Official released a post-mortem of the mainnet outage, stating that on May 28 (Thursday) and May 29 (Friday), 2026, Pacific Time (UTC-7), the Sui mainnet experienced three network failures. The first two failures stemmed from a crash vulnerability caused by the interaction between the Gas charging logic and the recently released version 1.72 (which introduced the Address Balances feature). The fix for Thursday's incident was a temporary measure aimed at restoring network operations as quickly as possible while the Sui core team developed a long-term solution. The team was aware that this temporary fix had an extremely low probability of causing network failure but accepted this risk to expedite mainnet recovery. On Friday morning, another variant of this known issue was triggered, leading to another failure.The third failure occurred during the routine Epoch transition on Friday afternoon. When validators restarted nodes to deploy Friday morning's fix, a long-dormant defect in the Randomness State preservation was triggered, causing another network failure.Failure timeline: First: Started Thursday around 7:00 PT, recovered at 13:30 PT; Second: Started Friday around 5:00 PT, recovered at 8:30 PT; Third: Started Friday around 13:30 PT, recovered at 19:20 PT;Throughout the entire incident, user funds remained secure, and no confirmed transactions were reverted after network recovery.Currently, validators have fully fixed the original Gas Charging and Randomness State vulnerabilities, and network activity has returned to normal.
According to The Block, the Sui Foundation released an incident report on May 31, disclosing three consecutive outages on its mainnet from May 29 to 30—each traced back to two independent bugs introduced in the v1.72 upgrade. The first two outages were caused by a gas fee calculation error stemming from the newly launched “address balance” feature: funds were deducted even when transactions were canceled, resulting in negative account balances and subsequent validator node crashes. The third outage was triggered by a latent vulnerability in the random number generator during node restarts, preventing the network’s epoch from closing normally. The Sui Foundation stated that all known issues have now been resolved; user funds remained unaffected throughout the incidents, and no settled transactions were rolled back. The Foundation plans to further enhance its fault-tolerance mechanisms to ensure future similar bugs impact only individual transactions—not the entire network.
According to The Block, security researcher Florent successfully unlocked approximately 1,003 ETH (valued at roughly $2 million) that had been locked for nearly a decade in the 2016 HongCoin ICO smart contract, using a white-hat vulnerability. The contract’s refund function had remained nonfunctional for years due to the absence of overflow protection in the legacy Solidity version used. Florent collaborated with the HongCoin team to reset token balances via an admin function, completing the process in about one week. Currently, 48 original investors are eligible to claim the unfrozen funds; two have already claimed a total of 96.5 ETH and voluntarily paid Florent a white-hat reward. Florent stated that this unlock was purely a technical exploration and that he charged no fees or commissions.
according to Specter, in collaboration with ChangeNOW, $91,000 of the funds stolen from Gravity Bridge have been frozen. The attacker still holds the majority of the funds, which have not yet been transferred.Previously, it was reported that the private key for Gravity Bridge's bridging contract was leaked, leading to the theft of $5.4 million in assets. The assets extracted by the attacker include: $4.3 million in USDC, 274 WETH (worth approximately $553,000), $434,000 in USDT, and $64,000 in PAYG. The involved addresses are 0x7B58...1F9 and 0x4d3c...A47.
The Cosmos ecosystem’s cross-chain bridge Gravity Bridge was reportedly attacked due to a leaked signature key, resulting in approximately $5.4 million in stolen assets. The official team has confirmed the security incident and has urgently suspended bridging services to conduct an investigation. Validators have also been instructed to halt their validator nodes and coordinators. It is reported that the bridge’s contract keys may have been compromised.
AML/KYT provider Shard disclosed that the number of cyberattacks targeting the cryptocurrency industry in Q1 2026 doubled year-on-year, exceeding 80 incidents; however, total losses declined by 69% year-on-year to $496 million, down from $1.6 billion in the same period last year. Shard noted that losses in Q1 2025 were primarily driven by a major theft incident involving Bybit, valued at approximately $1.4 billion; in contrast, attacks in Q1 2026 were more dispersed, targeting DeFi protocols, infrastructure services, and individual users. On a monthly basis: 29 attacks occurred in January, causing losses exceeding $392 million; 26 attacks occurred in February, causing losses exceeding $22 million; and 27 attacks occurred in March, causing losses exceeding $81 million.
Aave has published a post-mortem of the April 18 rsETH incident, stating that the rsETH LayerZero V2 cross-chain bridge of liquid staking protocol Kelp accepted a forged message during a cross-chain transfer from Unichain to Ethereum. This caused the adapter on the Ethereum side to release 116,500 rsETH without a corresponding burn on the Unichain side. Aave stated that the attack occurred on a third-party cross-chain bridge infrastructure. However, the attacker deposited the stolen rsETH into 8 Aave V3 positions, borrowing 82,650 WETH and 821 wstETH, which impacted the Aave market.Aave stated that the attacker's rsETH on Arbitrum has now been burned. The LayerZero OFT adapter has replenished 116,131.72 rsETH in 5 batches, and the asset backing for rsETH has been fully restored. The affected WETH and rsETH markets have returned to normal.
DxSale.Network posted on X platform in response to a recent security incident, disclosing that the vulnerability originated from the newly launched atomic transaction feature on BNB Smart Chain (BSC), which affected the v1 lockup contract launched in 2021. The team has identified the source of the issue and stated that lockup contracts for v2 and above are completely secure and have been audited by Certik. Users can rest assured that assets locked in v2 and above are unaffected.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
Odaily Odaily founder Rand posted on platform X, stating that with the assistance of on-chain detective ZachXBT, the team has identified the root cause of the recent cUSDC freeze incident, which is unrelated to the Zama protocol itself or privacy technology. The incident originated when a wallet address associated with the Overnight Finance hack deposited over $12.5 million USDC into Zama's cUSDC wrapper contract. Since the address was not on any sanctions list at the time of deposit and was not flagged by KYT (Know Your Transaction) tools, the funds were able to enter the protocol.Rand stated that law enforcement agencies recently issued asset restriction orders against several wallets linked to the hacker. At that time, the cUSDC wrapper contract held relatively small funds, with over 99% coming from the aforementioned hacker address. Consequently, the court ordered the freezing of the entire wrapper contract to restrict the movement of the related funds. Rand emphasized that this measure is not a sanction against Zama or privacy protocols, but a common judicial freezing measure in the DeFi space.To cooperate with the investigation, Zama has suspended the operation of the cUSDC, cUSDT, and cWETH contracts until the investigation is complete, all involved addresses are identified, and corresponding measures are taken. Rand reiterated that Zama adheres to the principle of "compliant confidentiality" and will not tolerate any illegal activities. He also indicated that a more detailed post-mortem of the incident and a plan for handling similar requests in the future will be released subsequently.
On-chain monitoring shows that a batch of funds suspected to be linked to hackers or phishing activities has recently been continuously purchasing Monero (XMR), with total purchases amounting to approximately $23 million, significantly impacting the market price.
On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have suffered a security incident due to a smart contract private key leak, affecting assets including USDC, WETH, and USDT, with total losses amounting to approximately $5.4 million.
: The Zcash Foundation has released version 4.5.0 of its node client, Zebra. This update includes multiple security fixes, addressing a critical consensus vulnerability and several high-severity Denial of Service (DoS) issues. All node operators are strongly urged to upgrade immediately.Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a logic flaw in NU5 block validation caching, a crash risk related to transparent address balance overflow, along with multiple crash and resource exhaustion vulnerabilities in RPC interfaces and mempool processing. The Foundation stated that some vulnerabilities could be exploited by malicious nodes, leading to node stalls, restart loops, or even permanent stoppage.Additionally, this version adds support for ZIP-213 (enabling shielded coinbase outputs to Sapling) and optimizes network performance and security boundaries. This includes limiting resource allocation during the pre-handshake phase, fixing risks related to multi-threaded queue abuse, and enhancing the misbehavior scoring mechanism.The Zcash Foundation stated that this update addresses over 80 security reports from the ZCG Vulnerability Disclosure Program (spanning April to May 2026), covering multiple layers including consensus security, memory management, RPC processing, and the P2P network attack surface. Officials emphasized that there is no alternative to this upgrade; upgrading is the only way to ensure nodes do not experience a chain split and remain secure.
Sui officially announced a network outage on its mainnet due to a vulnerability in the Gas billing logic of version 1.72, temporarily halting all transactions and on-chain activities. The Sui Core team has now completed emergency response, and the mainnet has resumed normal operations. The official statement indicated that a comprehensive post-mortem report will be released subsequently, detailing the cause of the incident and the fix.
SUPERFORTUNE AI released a 24-hour investigation update stating that the May 27 GUA security incident was not, as previously suspected, address poisoning—but rather resulted from the leakage of private keys belonging to multi-signature signers. The attacker then forged valid signatures pointing to a malicious address and exploited the “premium address” feature—where the malicious address shared the same first four and last four characters as the legitimate address—to mislead the remaining signers into completing the signing process via the Safe interface.
Zhou, a hacker from Quzhou City, Zhejiang Province, was sentenced by a court to four years and four months’ imprisonment and fined for the crime of illegally controlling computer information systems. Zhou exploited security vulnerabilities in websites to illegally control over 150 government and enterprise servers, causing links on websites belonging to 157 organizations to redirect to overseas pornographic websites. He also profited by reselling control rights. According to disclosures by the investigating authorities, Zhou settled his illicit proceeds using virtual currencies such as USDT and TRX, dispersing and concealing them across multiple cryptocurrency wallets. Authorities subsequently seized assets valued at over RMB 42 million through a cryptocurrency tracing system. Additionally, Zhou voluntarily surrendered over RMB 28 million in illicit gains.
According to SlowMist monitoring, the ONTR token contract suffered a loss of 49.4801 WETH, valued at approximately $98,000, due to an access control vulnerability in the onlyOwner modifier.The attacker (0xe806...b760) exploited this vulnerability by passing the permission check when the owner was set to address(0). The attacker then called transferOwnership() to set the attacker's contract as the owner. Subsequently, desertJasper() was invoked to queue hidden balances, followed by glenFlash() to execute ashBud(), which directly increased an address's balance by 1e30 base units without incrementing totalSupply. The attacker transferred the inflated tokens to PancakePair (0xd46d...83fd) and exchanged them for WETH via swap().