bridge

According to CertiK Alert monitoring, the Gravity Bridge attacker has deposited 1,180 ETH into Tornado Cash again, worth approximately $2.06 million. The attack incident has stolen a total of 2,600 ETH (worth about $5.4 million at the time of the attack), of which 2,020 ETH has been deposited into Tornado Cash through two EOA addresses, and the remaining portion has been dispersed and transferred to centralized exchanges.

According to monitoring by Catcher Predict, the probability of the "Yes" option in the sub-market "Mikal Bridges: Assists O/U 0.5" for the "Knicks vs. Spurs" event on the prediction market Polymarket has experienced significant fluctuations, rising from 50% an hour ago to the current 65.5% (a fluctuation of 15.5%). Please note the impact of related breaking news.

According to monitoring by Catcher Predict, in the Polymarket event "Knicks vs. Spurs," the win rate of the sub-market "Mikal Bridges: Rebounds O/U 0.5" for the "Yes" option has experienced significant fluctuations, soaring from 50% an hour ago to the current 74% (a fluctuation of 24%). Please note the impact of relevant breaking news.

According to Beijing Business Today, the Monetary Authority of Macao announced that Macao has completed the system integration with the multilateral central bank digital currency bridge mBridge project, and officially launched local bank "on-bridge" transactions on June 2, to establish an efficient, secure, and low-cost cross-border payment settlement channel.

According to monitoring by Catcher Predict, in the predicted market event "Knicks vs. Spurs" on Polymarket, the "Yes" option for the sub-market "Mikal Bridges: Assists O/U 0.5" has experienced a dramatic fluctuation in winning probability, soaring from 67.5% an hour ago to the current 91% (a fluctuation of 23.5%). Please note the impact of relevant breaking news.

According to The Defiant, approximately $220 million of unfrozen funds from the Kelp DAO cross-chain bridge attack has been almost entirely laundered by hackers. On-chain analyst Arkham Intelligence tracking shows that only about $1.7 million remains in the original attacker's wallet. This hacker is linked to North Korea and previously launched a $292 million cross-chain bridge attack on LayerZero in April.Funds were transferred using privacy tools such as THORChain, Wasabi, Tornado Cash, and Umbra. The approximately $71 million in Ethereum frozen by the Arbitrum security council on April 20 is currently the only recoverable portion. A report released by LayerZero on May 18 attributed the attack to the North Korean group TraderTraitor. Kelp has recovered approximately 116,000 rsETH by migrating to Chainlink CCIP and the DeFi United program, while the Aave security module absorbed about $190 million in bad debt.

According to a post by Specter, it has jointly frozen $91,000 of the stolen funds from Gravity Bridge with ChangeNOW. The attacker still holds most of the funds and has not transferred them.Previously, it was reported that the key to the Gravity Bridge bridging contract was leaked, resulting in $5.4 million in assets being stolen. The assets extracted by the attacker include: $4.3 million USDC, 274 WETH (worth approximately $553,000), $434,000 USDT, and $64,000 PAYG. The addresses involved are 0x7B58...1F9 and 0x4d3c...A47.

The Cosmos ecosystem cross-chain bridge Gravity Bridge is suspected to have been attacked due to the leakage of its signing keys, resulting in approximately $5.4 million in assets being stolen. The official team has confirmed that a security incident has occurred and has urgently suspended bridge services for investigation, while also requesting validators to suspend the operation of validation nodes and coordinators. It is reported that its contract keys may have been compromised.

Regarding the attack on the Kelp rsETH LayerZero V2 bridge that occurred on April 18, Aave released a post-incident investigation on the X platform, emphasizing that the exposure was primarily due to third-party bridge infrastructure rather than the protocol itself. The attacker executed an RPC poisoning attack targeting a single validator of LayerZero, forging a cross-chain message. This led to the release of 116,500 rsETH on the Ethereum side without actual destruction on Unichain. The attacker subsequently deposited the stolen rsETH into Aave V3 (Ethereum Core and Arbitrum), borrowing approximately 82,650 WETH and 821 wstETH.The Aave Protocol Guardian and Risk Steward immediately implemented protective measures for the rsETH and WETH reserves. Currently, the WETH and rsETH markets in the affected V3 deployments are operating normally. The rsETH held by the attacker on Arbitrum has been destroyed, the LayerZero OFT adapter has been fully recharged in five batches, rsETH support has been fully restored, and Kelp has reopened the withdrawal, bridging, and claims functions for rsETH. The WETH LTV in the affected markets has been reset to pre-attack values, and Aave V3 is fully operational across all markets except for rsETH.The Arbitrum DAO has voted to authorize the transfer of frozen ETH to Aave LLC, and it is currently awaiting on-chain execution. The court is still reviewing the substantive content of the injunction, and Aave LLC will continue to comply with the injunction during the court's deliberation. Ongoing projects include: the Aave risk framework from Llama Risk, the bridging assessment framework, the release of evaluation reports for currently live assets, on-chain execution of Arbitrum DAO votes, and the court's review of the injunction.

Blockaid disclosed on platform X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker controlled 3 out of 4 Guardian keys to forge a VAA (Verification Authorization Message) and completed the attack in about 7 minutes, stealing approximately $815,000 in assets.During the attack, the attacker minted 13.76 million Wrapped ALPH out of thin air, exceeding the circulating supply before the attack by over 100%, while also unlocking and transferring assets such as USDT, USDC, WBTC, and WETH from the custody pool.Currently, the attacker's address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH, with the largest abnormal transaction being the minting of 13.76 million Wrapped ALPH out of thin air.

According to monitoring by PeckShieldAlert, the Gravity Bridge hacker has stolen approximately $5.4 million and has laundered part of the stolen assets through ChangeNow and Binance, currently still holding 2,102 ETH (approximately $4.23 million).Previously, according to on-chain analyst Specter, the cross-chain bridge Gravity Bridge was suspected to have been attacked, with its contract keys seemingly leaked, resulting in approximately $5.4 million in assets being stolen. The stolen assets mainly include about $4.3 million in USDC, 274 WETH (approximately $553,000), $434,000 in USDT, and $64,000 in PAYG. Currently, Gravity Bridge officials have not responded.

On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have encountered a security incident due to a contract key leak, involving assets such as USDC, WETH, and USDT, with total losses of approximately 5.4 million dollars.

Babylon Labs has initiated a temperature check proposal in the Aave community, proposing to integrate native Bitcoin as collateral on Aave V4 through the Babylon Trustless Bitcoin Vaults protocol.This solution does not require wrapping, cross-chain bridges, or custodians. Users will lock Bitcoin in Taproot UTXOs, and redemptions will be controlled by on-chain rules (such as loan repayments), settling directly to Bitcoin UTXOs. The proposal deploys two Aave V4 Spokes: Babylon Core Lending Spoke (lending) and BTC Vault Swap Spoke (post-liquidation settlement).Collateral exists in the form of vaultBTC, a transfer-restricted ERC-20 token that can only be transferred between fixed whitelisted addresses. In the liquidation process, liquidators can immediately settle with WBTC, and subsequent Bitcoin redemptions will be completed by arbitrageurs.

Toncoin announced that its bridge-v3 cross-chain bridge is scheduled to officially and permanently close on September 1, 2026. During the transition period before the closure, all proportionally charged cross-chain fees have been canceled, and users who have used the bridge are reminded to check their wallets as soon as possible and complete the withdrawal of any unprocessed or unrecovered assets before the deadline.If you hold Wrapped TON in Ethereum or BNB Smart Chain, you should rebridge to the TON network before the deadline. If you hold tokens such as jUSDT, jUSDC, jDAI, jWBTC, etc., you need to bridge back to the Ethereum network. Users must complete all asset migrations before the deadline to avoid assets being unable to operate across chains. After September 1, the cross-chain bridge will stop all transfer functions.

According to on-chain analyst PeckShield (@PeckShieldAlert), the attacker of the VerusCoin cross-chain bridge has returned 4,052.4 ETH (approximately $8.5 million) to the project team's address (0xF9AB...C1A74), which accounts for 75% of the total stolen amount. The remaining 25% (1,350 ETH, approximately $2.8 million) is retained in the attacker's wallet as a white hat bounty.

According to on-chain analyst PeckShield (@PeckShieldAlert), the VerusCoin cross-chain bridge attacker has returned 4,052.4 ETH (approximately 8.5 million USD) to the project team's address (0xF9AB...C1A74), accounting for 75% of the total stolen amount. The remaining 25% (1,350 ETH, approximately 2.8 million USD) is retained in the attacker's wallet as a white hat bounty.

According to Catcher Predict monitoring, in the predicted market Polymarket for the "Cavaliers vs. Knicks" event, the "Yes" option for the sub-market "Mikal Bridges: Rebounds O/U 0.5" has experienced a dramatic fluctuation in winning probability, soaring from 52.5% an hour ago to the current 72.5% (a fluctuation of 20%). Please note the impact of related breaking news.

According to Blockaid monitoring, the Map Protocol/Butter Network cross-chain bridge has been attacked on Ethereum and BSC. The attacker tricked the Butter Bridge V3.1 contract into directly minting approximately 100 trillion MAPO tokens to a newly created EOA address, which is about 480 million times the legitimate supply of 208 million tokens. Additionally, according to DeFi community YAM monitoring, the attacker has currently profited approximately 52.2 ETH (about $110,000). In response, MAP Protocol stated that the team is aware of the situation and is coordinating with external security partners to investigate and contain the issue. The bridging between MAPO ERC-20 and MAPO mainnet has been suspended. Please do not trade MAPO ERC-20 tokens on Uniswap at this time. During the event mitigation period, the liquidity pool remains at risk.Butter Network responded that ButterSwap has been suspended, and the team is coordinating with external security partners for the investigation. Pending transactions will be processed after security is restored. User funds are not at risk, and all affected transactions will be fully processed after recovery.

The TON Network expansion project TAC has disclosed that a security incident occurred with the TON-TAC asset bridge on May 11. Four days later, approximately 80% of the affected assets have been returned. TAC today released a post-incident analysis report detailing the events. The root cause of the vulnerability was a lack of a single verification in the sorter software: the attacker deployed a counterfeit Jetton wallet on TON, and the sorter accepted the counterfeit tokens because it did not verify the code hash of the sender's wallet. The total loss was approximately $2.86 million, involving USDT, BLUM, and tsTON. Following a public appeal, about 90% of the assets were returned to the multi-signature address controlled by TAC on May 14, with the remaining 10% retained by the attacker.The cross-chain bridge remains paused, awaiting independent review of the repaired sorter software by the auditing party and TON partners. Cross-chain operations will resume once the verification of the repaired software is completed and the gap is filled with recovered assets and TAC Foundation token reserves. Due to the need for multi-party coordination, a precise timeline cannot be provided. The remaining funding gap will be filled by the TAC Foundation treasury, ensuring that users and protocols incur no financial losses. TAC reminds users that official updates are only published through this account and Telegram, and any unsolicited "recovery" or "support" private messages are scams.