hub

In May 2026, the decentralized wallet imToken announced its strategic direction for the next decade on the occasion of its tenth anniversary, proposing to evolve from a "Trusted Main Wallet" to a "Personal Digital Hub," helping users control their assets, identity, permissions, and intelligent actions in an open and intelligent internet.imToken stated that in the past decade, the wallet primarily focused on Store, Send, and Stake services for users; facing the era of AI intelligence, the wallet needs to add a fourth core product proposition: Sign. Sign is no longer just about signing transactions, but rather the foundational interface for users to express intentions, grant permissions, set rules, delegate actions, and revoke authorizations.imToken Founder & CEO Ben He stated: "AI will make autonomous action increasingly abundant, but what will truly be scarce is control. In the next decade, imToken hopes to help users continue to control their digital world in the intelligent era."imToken also upgraded its brand proposition to: Your Digital World, Under Your Control.

According to the latest on-chain data, in May, the total market value of TRON stablecoins exceeded 90 billion USD, with a month-on-month growth of 3.63%; monthly revenue reached 32.23 million USD, with a month-on-month growth of 5.6%. Meanwhile, TRON's on-chain transfer data remains impressive, reflecting the vibrancy of the on-chain economy. In the face of massive stablecoin liquidity, an efficient lending and yield hub is becoming a necessity.According to the JUST weekly report data on June 2, the total TVL of the JUST ecosystem has reached 11.08 billion USD, accounting for over 40.25% of the market share in the TRON DeFi sector, continuously providing users with diversified services such as stablecoin savings, collateralized lending, and energy leasing. In addition, the JST buyback and burn mechanism is also operating steadily, injecting the protocol's real earnings into the governance token's deflationary flywheel, allowing the dividends of ecological growth to be genuinely returned to every holder.

SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.

According to Digital Asset, WeHub, the holding company of the largest shareholder of Busan Digital Asset Exchange in South Korea, will expand its business into virtual assets by acquiring the cryptocurrency exchange Flybit. WeHub and its largest shareholder, JM Coffee Group Chairman Yang Jae-seok, have agreed to this acquisition deal, the amount of which has not been disclosed. After the acquisition is completed, WeHub will hold a 40% stake in Flybit, Yang Jae-seok will hold 25%, and Flybit CEO Kim Seok-jin will retain 15%.In addition, Flybit's market share has declined due to its failure to obtain a real-name account in Korean won. WeHub is interested in its VASP qualification and stable AML infrastructure, as Flybit was rated as an "excellent" operator in the financial intelligence department's system assessment. After the acquisition, both parties plan to combine Flybit's cryptocurrency trading infrastructure with the physical asset trading capabilities of Busan Digital Asset Exchange to expand into stablecoin and other businesses.

According to GoPlus monitoring, the hacker group TeamPCP claims to have obtained the source code from about 4,000 private repositories within GitHub and is selling it for $50,000 on underground forums, offering sample verification. If no one buys it, this batch of data may be publicly released for free later.Previously, GitHub officials confirmed that they are investigating the issue of "unauthorized access to internal repositories," suspecting that malicious VS Code/AI Coding plugins were installed on GitHub employee devices.

According to the threat intelligence released by Slow Fog, several high-frequency npm packages including AntV and Echarts-for-react, as well as the Python SDK durabletask, have recently been targeted by the Mini Shai-Hulud "mini sandworm" supply chain attack. The npm account atool was compromised, and the attacker automatically published 637 malicious versions within 22 minutes, affecting 317 packages. The attacker continuously uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 within 35 minutes, bypassing normal release controls and impersonating an official Microsoft release.The large-scale leak of GitHub tokens and the ransomware attack on Grafana Labs are likely related to this supply chain attack. Affected components include high-frequency components such as AntV and Echarts-for-react in the npm ecosystem, as well as Python packages durabletask 1.4.1, 1.4.2, and 1.4.3. Attackers can steal cloud and local credentials, gain unauthorized access to internal repositories and sensitive cloud infrastructure, move laterally to developer machines and CI/CD pipelines, sell and exploit leaked GitHub tokens, and implement ransom and data leak threats.Slow Fog recommends immediately rotating all exposed credentials, replacing affected packages, isolating potentially infected systems, and implementing strict dependency review policies. Previously, it was reported that the "mini sandworm" worm had recently completed widespread infection in open-source code repositories, and developers should be vigilant in checking for issues.

GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."

In response to the unauthorized access event of the internal code repository disclosed by GitHub, Zhao Changpeng reminded, "If the code contains an API Key, even if it is in a private repository, it should be reviewed and replaced immediately."

GitHub has officially stated that it is investigating an unauthorized access incident involving its internal code repository. GitHub claims that there is currently no evidence to suggest that customer data stored in enterprise, organization, or code repositories outside the GitHub platform has been affected, but the company is continuously monitoring its infrastructure to prevent further abnormal activities.GitHub stated that if it is later confirmed that user data or services are affected, it will notify customers through existing incident response and notification channels.

The open-source data visualization tool Grafana stated on platform X that it recently discovered an unauthorized attacker had obtained a token that could access the Grafana Labs GitHub environment and used it to download the code repository.An investigation confirmed that this incident did not involve customer data or personal information leakage, and no impact on customer systems or business operations was found. After the incident, forensic analysis was immediately initiated, and it is believed that the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protection.Furthermore, Grafana disclosed that the attacker attempted to demand a ransom to prevent the code repository from being made public, but the company ultimately decided to refuse to pay the ransom and will release more information about the incident review after the investigation is completed.

According to Slow Fog CISO @im23pds's post on the X platform: attackers used 13 accounts to implant 575 malicious Skills into Hugging Face and ClawHub.

Police officer Guo Tingyu from the Cybersecurity Division of the Qingshan Branch of the Wuhan Public Security Bureau participated in the investigation of Hubei's first virtual currency theft case. By tracking the flow of funds and analyzing the code of fake wallets, he identified and dismantled a cryptocurrency theft gang involved in over 100 million yuan in illicit funds, with all five suspects arrested.The gang induced users to download a counterfeit virtual currency wallet app to steal coins, with a total download count of over ten thousand. Guo Tingyu also participated in the investigation of multiple virtual currency-related criminal cases.

According to market news, the adult website Pornhub has stopped using Tether (USDT) for creator revenue settlements and has switched to USDC issued by Circle.In an email sent to creators, Pornhub stated that this switch aims to make revenue payments "more reliable" and emphasized that USDC is a fully reserved, compliant stablecoin that meets the EU MiCA regulatory framework. Pornhub previously introduced USDT in 2020 after PayPal announced the termination of its partnership with the platform, and it built its payment infrastructure with the help of the TronLink wallet owned by Sun Yuchen. After this switch, the aforementioned partnership has also been removed from its creator page.

The Financial Secretary of Hong Kong, Paul Chan, delivered the opening speech at the 2026 Hong Kong Web3 Carnival, stating, "The rise of AI agents this year is another noteworthy milestone. The intersection of AI and technologies like Web3 is changing the game. The combination of the two will elevate transaction efficiency to a new level and cover a broader range of business areas, from finance and trade to wealth management, supply chain operations, and logistics. This combination will create a multitude of new opportunities but will also pose a series of challenges, such as issues related to infrastructure payment and settlement systems and regulatory rules.Hong Kong's policy on Web3 and AI has always been clear, maintaining consistency under the principle of 'one country, two systems.' As an international financial center, Hong Kong embraces innovation, with stablecoins, tokenization, and AI becoming important components of the mainstream future. Hong Kong's regulators have a dual mission of prudent regulation and promoting market development, which requires us to encourage and support more innovative applications, improving our institutional framework based on continuous experience. I firmly believe that Hong Kong will undoubtedly become a key hub for the thriving development, widespread application, and responsible scaling of the new generation of technologies."

According to the official announcement, OpenClaw's AI agent Skills library platform ClawHub has officially launched a mirror site in China, with the domain mirror-cn.clawhub.com. This infrastructure is sponsored and supported by BytePlus, a subsidiary of ByteDance.

According to the official announcement, Bitget has upgraded its Agent Hub with the addition of 5 analytical AI Skills and 19 data integration tools. This upgrade aims to integrate market analysis and trade execution into a unified system, with new features covering macro analysis, technical signal detection, sentiment monitoring, market intelligence, and cross-market news aggregation.Following the launch of the Agent Hub infrastructure and standardized interface in February this year, Bitget's update aims to address the information processing challenges faced by traders when confronted with multiple complex signals such as macroeconomic data, on-chain activities, and real-time capital flows. The upgraded Agent Hub can continuously process market inputs and convert them into structured strategies directly under the unified account structure of Bitget UEX, further advancing AI from an independent auxiliary tool to the foundational infrastructure for trading operations.

Tencent's PR Director Zhang Jun stated today that on March 30, the WeChat Work CLI open-source project was launched on the GitHub community, opening up seven core product capabilities including messaging, scheduling, documents, smart forms, meetings, to-do lists, and contacts, supporting mainstream AIAgents (such as ClaudeCode, Codex, WorkBuddy, QClaw, etc.) for invocation.Developers can leverage these capabilities to enable AIAgents to understand and utilize WeChat Work's features in a more natural way, quickly developing AI applications that are more aligned with everyday office scenarios.

According to a security alert released by GoPlus Security, Silverfort security researchers discovered a serious vulnerability in OpenClaw's skill repository ClawHub. Attackers can bypass all protective mechanisms by calling the internal function downloads:increment, allowing them to inflate the download count to over 20,000 in just a few minutes with a single curl request, thereby pushing malicious skills to the top of search rankings and enticing users or AI Agents to install them automatically.Once the malicious skill is running, it can steal sensitive data such as cryptocurrency wallets and API keys. The vulnerability has been patched within 24 hours. GoPlus advises users that a high download count does not equal safety and recommends using AgentGuard for security scanning and protection.