News linked to this event type.
Sui announced that Sui Mainnet operations, which were suspended due to a crash vulnerability in the gas billing logic introduced in version 1.72, have now resumed. Sui stated that a full post-mortem of this incident will be published in the coming days.
According to on-chain investigator Eye, DxSale is suspected of withdrawing approximately $7.3 million from some of its early liquidity pools locked on BNB Chain since 2021—impacting over 1,400 LPs. Eye stated that the attack involved silent ownership transfers and over 80 wallet hops. Eye noted that the newly used wallet address in the attack received 104 BNB from Bybit 20 hours prior to the liquidity pool withdrawal, and subsequently received approximately 1,200 BNB after the funds were withdrawn from the liquidity pools. Thereafter, this address transferred roughly 3,400 BNB in total to two wallets, with the related funds already withdrawn via multiple Binance deposit addresses.
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
A man in Florida, USA, was arrested for allegedly stealing approximately $1.9 million worth of Bitcoin using the mnemonic phrase of his former employer’s hardware wallet. According to police, the unauthorized transfer of the stolen funds occurred in 2020, when the suspect still had access to critical security information.
SUPERFORTUNE AI posted on X platform, stating that the team is investigating a GUA security incident that occurred on May 27. The incident led to drastic price fluctuations in the token. Preliminary investigations suggest the incident may involve address tampering during a multi-signature transaction.The announcement states that the original plan was to send additionally unlocked tokens to the airdrop claim contract address. However, during execution, the funds were mistakenly sent to a different hacker address. The team noted that this hacker address had never interacted with any SUPERFORTUNE-related addresses before, making an "address poisoning attack" less likely as the attack vector.Furthermore, SUPERFORTUNE stated that its internal processes include a multi-layered address verification mechanism. The team is continuing its investigation into the incident and will update the community on the latest developments subsequently.
Stake DAO posted a response on platform X regarding the security incident, stating that its team has taken note of the incident and that users should not interact with vsdCRV for the time being.In addition, contracts related to Stake DAO on Arbitrum exhibited abnormal behavior, resulting in the minting of 5.4 trillion vsdCRV tokens. Security teams have classified this as a suspected infinite minting exploit.
According to on-chain analyst PeckShield (@PeckShieldAlert), StakeDAO (@StakeDAOHQ) on the Arbitrum network was exploited via an infinite minting vulnerability. The attacker minted a total of 5.4 trillion vsdCRV tokens, then swapped a portion of them for 43.781 ETH (approximately $91,200) and bridged the funds cross-chain to the Ethereum address 0xeF3C...aa25.
StakeDAO deployer's private key leaked on Arbitrum, attacker mints approximately 5.45 trillion vsdCRV and exchanges for ETH.
The Resolv Foundation has announced its recovery plan following the protocol security incident. USR/wstUSR tokens held and snapshot-recorded prior to the incident will be redeemed for USDC at a 1:1 ratio, while USR/wstUSR acquired after the incident will be redeemed at a 1:0.5 ratio. RLP holdings will be restored at a core redemption rate of 0.71 USDC per token, with additional RESOLV token allocations based on a reference price of $0.03. The Foundation stated that eligible users may claim their recovery funds between May 26, 2026, and August 26, 2026.
According to CCTV News, General Staff of the Iranian Armed Forces spokesperson Shekarchi stated that Iran is prepared for war and will respond more forcefully—with new tactics—if the U.S. and Israel launch a new attack. He added that if war resumes and Iran’s oil exports are banned, Iran will block regional oil shipments. (Jinshi)
According to Cointelegraph, phishing ads impersonating the decentralized exchange protocol Uniswap have appeared in Google search results, enabling attackers to steal at least $400,000. On-chain analyst b-block stated that the associated counterfeit websites are draining funds from multiple wallets; the implicated addresses currently hold a combined total of 146 ETH—worth approximately $306,000 at press time. Security Alliance (SEAL) noted that such fraudulent Google ads are a common source of phishing attacks, with attackers either purchasing ad placements or compromising legitimate advertising accounts to impersonate popular crypto protocols in sponsored search results. SEAL also reported that between March 13 and March 30, these attacks resulted in total losses amounting to $1.27 million.
Oobit, a mobile wallet supported by Tether, issued a clarification on X, stating that after “on-chain detective” ZachXBT disclosed a vulnerability exploit against two smart contracts (EURR and USDR) of stablecoin issuer StablR—resulting in losses of approximately $13.5 million—the attackers attempted to withdraw the stolen funds via Oobit. However, Oobit’s compliance team identified the anomalous activity and successfully froze EURR funds valued in the six-figure range, while also shutting down the withdrawal channel. No user funds were affected in this incident, and Oobit’s own systems were not compromised. Oobit is currently cooperating with StablR and investigators to advance follow-up actions. Earlier reports indicated that StablR suffered a hack resulting in losses of approximately $2.8 million, causing both EURR and USDR to de-peg.
Cosine, founder of SlowMist, posted an analysis of the Squid security incident on X. He stated that sampling revealed all affected Safe wallets were single-signature, with different owners—but the issue was not related to private keys. Rather, the vulnerability lay in the module shown in the image (SquidRouterModule) used by these Safe addresses. Attackers could forge messages and easily bypass relevant validations to initiate subsequent swap operations, thereby draining funds from the targeted Safe wallets. Additionally, Cosine disclosed the attacker’s profit accumulation address. Earlier reports indicated that a third-party Gnosis Safe module was exploited on Base and Ethereum, causing approximately $3.2 million in losses. The victims were 86 Gnosis Safe wallets that had added this contract as a trusted Safe Module. The contract is named “SquidRouterModule” on Basescan. Subsequently, Squid clarified that it was not impacted by the Gnosis Safe-related vulnerability incident.
the Saturn Foundation officially posted on X, stating that it has blacklisted addresses related to the Squid hacker incident and frozen the stolen funds. Affected users can submit tickets on Saturn's official Discord server.None of Saturn's contracts or infrastructure were affected by this incident.
According to Cryptopolitan, the North Korea–linked hacker group Lazarus Group has been found deploying the fileless remote access Trojan RemotePE, primarily targeting banks, cryptocurrency exchanges, and fintech companies. This malware runs entirely in memory and employs process hollowing, anti-analysis detection techniques, and encrypted C2 communications—making it difficult for traditional antivirus and forensic tools to detect. The report states that attacks typically begin with Telegram-based social engineering: attackers impersonate employees of trading firms and lure victims into installing malicious software using forged Calendly and Picktime links, ultimately executing the payload without touching the file system.
Odaily news Squid posted on X platform, stating that this incident is unrelated to the Squid core protocol and contracts. All Squid users and integrators are unaffected and no action is required.Today, a third-party Gnosis Safe module on the Base and Ethereum networks was attacked, resulting in a loss of approximately $3.2 million. The vulnerable contract is verified on Basescan under the name "SquidRouterModule," but this contract was not built, deployed, or operated by Squid. It is a third-party smart wallet product that chose to integrate with Squid and other protocols, and has no connection with Squid.The attack principle is that this third-party module accepts a constant string provided by the caller as a message security proof. This string is publicly visible in the verified contract code. By inputting this string, the attacker could execute arbitrary calldata arrays and freely steal funds. The victim's Safe wallet had added this problematic contract as a trusted Safe Module, allowing the contract to control any tokens within the Safe without requiring a signature. Squid's own router contract (0xce16...D666) has a different architecture and was unaffected. Squid users' funds, authorizations, and integrations are completely safe.Early public reports may have mentioned "SquidRouter" due to the contract verification name on Basescan. The accurate description should be: a third-party SquidRouterModule was attacked, not Squid's Router contract. This contract shares the name with Squid, but it is not Squid's code. Squid is continuously monitoring the situation and will provide updates if there are any significant changes.
according to Blockaid monitoring, it detected an ongoing attack targeting the SquidRouter module on the Ethereum and Base chains. Within approximately 2 hours, 86 Gnosis Safe wallets were drained of about $3 million in assets. All stolen tokens were swapped for DAI via a Uniswap V3 pool controlled by the attacker.
According to PeckShield’s monitoring, the WUSD/GLOVE pool on Ethereum was attacked, resulting in losses of approximately $207,000. The attacker has swapped the stolen assets for roughly 98 ETH and deposited them into Railgun.
According to on-chain analyst PeckShield (@PeckShieldAlert), SlowMist’s threat intelligence system MistEye has detected a cross-registry supply chain attack targeting developers. Malicious packages have spread across three major registries—npm, PyPI, and Crates.io—comprising over 34 malicious packages and more than 384 related versions. The attack targets developer communities in cryptocurrency, DeFi, Solana, Sui/Move, and AI. It may lead to the theft of cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and other sensitive developer information. Some malicious payloads also attempt persistence via mechanisms including `.cursorrules`, `CLAUDE.md`, Git hooks, cron, systemd, and SSH. SlowMist recommends immediately removing affected packages, isolating compromised systems, rotating exposed credentials, rebuilding CI environments and developer machines from clean images, and conducting comprehensive reviews of GitHub, cloud, SSH, and wallet-related activities.
according to monitoring by crypto KOL Yusuf, two contracts of European stablecoin issuer StabIR, EURR and USDR, were attacked yesterday, resulting in losses exceeding $10 million. Following the incident, over $100,000 in stolen funds have been frozen, with the de-pegging range of USDR and EURR exceeding 20%.