security

As the infiltration and attacks targeting the cryptocurrency industry continue to escalate, security experts point out that the core difference from hackers with backgrounds in other countries is that cryptocurrency assets have become an important direct source of financing for military expenses in that country. Reports indicate that during a recent months-long infiltration operation against Drift Protocol, North Korean hackers once again caused a stir in the industry.Experts state that this model is not merely a "fund transfer tool," but rather a direct "predatory profit" mechanism used to bypass international sanctions and obtain immediately usable hard currency. Security researchers note that, unlike countries such as Russia and Iran, North Korea almost entirely lacks sustainable foreign economic and commodity export capabilities, making it more reliant on cryptocurrency theft as a core source of income to support its nuclear weapons and ballistic missile programs.Experts also emphasize that North Korean hacker attack targets have expanded from simple phishing to exchanges, wallet services, and key holders of DeFi protocols, commonly employing long-term social engineering and identity disguise infiltration methods. Due to the characteristic of blockchain transactions being "irreversible once confirmed," the cryptocurrency industry is far weaker than the traditional financial system in terms of freezing and recovering funds, making such attacks more destructive in speed and scale. Security personnel warn that this type of "long-term infiltration + precise power seizure" attack model has yet to be effectively addressed by the industry.

OpenAI stated that during a recent industry-wide security incident, potential security issues were discovered in the third-party development library Axios that they use. After investigation, no evidence was found of user data being accessed, systems being compromised, or software being tampered with.Out of caution, OpenAI has initiated security reinforcement measures, focusing on strengthening the authentication mechanism of the macOS application to prevent malicious parties from distributing counterfeit official applications. OpenAI also reminds all macOS users to update to the latest version of the application as soon as possible, either through in-app updates or official channels, to reduce potential risks.

Circle Chief Strategy Officer Dante Disparte published a response regarding the over $270 million theft incident involving Drift Protocol. Disparte stated that Circle only freezes USDC when legally mandated to do so, and this is not a unilateral decision, nor is it a backdoor or algorithmic monitoring. This reflects the rule of law in internet-native financial activities.He pointed out that the core issue facing open systems is that the legal framework's response speed lags behind technological development. Protocols, wallets, exchanges, and stablecoin issuers should regard security and accountability as a shared obligation, and DeFi protocols can develop on-chain technical protection measures by referencing the circuit breaker mechanisms of traditional markets.He also called for the legislative processes of the U.S. GENIUS Act and CLARITY Act to incorporate due process, property rights, and financial privacy protection standards into law before the next major security incident occurs.

The Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) of the U.S. Department of the Treasury announced a new initiative today aimed at strengthening cybersecurity in the digital asset industry.This initiative will provide timely, actionable cybersecurity information to eligible U.S. digital asset companies and industry organizations, helping them better identify, prevent, and respond to cyber threats targeting their customers and networks. This action implements an important recommendation from the President's Working Group on Financial Markets in the report "Enhancing the U.S. Leadership in Digital Financial Technology."

CZ responded on social media regarding the "phone number leak" in the new book, stating that the phone number has not been used for many years. The new owner should be a hacker or the police, and there were previous attempts to apply for an assistant position. Please pay attention to your own safety. It is advised not to add (related social media accounts) anymore.

The Department of Homeland Security's official account pointed out that "token scams" are emerging one after another, especially illegal financial activities such as "holding tokens to get rich" and "making profits from off-exchange trading," which may be exploited by foreign espionage and intelligence agencies to harm national economic security. In the face of new technologies and applications, we must actively embrace and effectively utilize them while also preventing risks and ensuring safety, including risks of leakage and hijacking, risks of forgery and tampering, and risks of fraud traps.In the face of the token craze, we must view its value rationally, pay attention to information security and privacy security, and enhance our awareness of safety precautions, ensuring that we understand tokens and use them wisely.

The Solana Foundation stated that it is launching a series of security enhancement initiatives, including a STRIDE security assessment and monitoring system led by Asymmetric Research, as well as a SIRN response network for handling security incidents.Among them, STRIDE will conduct independent assessments of ecological protocols and provide ongoing operational security (opsec) and proactive threat monitoring, offering formal verification support for projects with a TVL exceeding $100 million. SIRN is composed of multiple security agencies and research teams to collaboratively carry out real-time security incident responses.

JAN3 CEO Samson Mow posted on the X platform, stating that the current response to the threat of quantum computing (QC) to Bitcoin should not be rushed. Blindly and hastily switching from the existing signature mechanism to post-quantum (PQ) solutions may expose Bitcoin to the risk of classical computing attacks in the short term. The size of PQ signatures could increase by 10 to 125 times, significantly reducing network throughput and potentially triggering a repeat of the scaling disputes similar to the early "block wars."In addition, Samson Mow warned that some PQ solutions may have potential backdoor risks. The threat of quantum computing is still in the medium to long-term stage (which may take 10 to 20 years). The more reasonable path currently is to continue research rather than rush deployment. He also specifically mentioned Coinbase, stating that its wallet has quantum attack vulnerabilities due to address reuse, and suggested prioritizing the repair of related infrastructure issues.

According to CoinPost, the Japanese Financial Services Agency has officially announced the "Cybersecurity Enhancement Guidelines for Cryptocurrency Asset Exchange Businesses." This guideline is based on 18 opinions collected from February to March 2026, with the primary goal of protecting investor assets, proposing a three-tiered security enhancement framework of "self-help (individual businesses), mutual assistance (self-regulatory organizations), and public assistance (regulatory authorities)."The authorities pointed out that current cyber attacks have evolved from simple signature key theft to highly organized methods such as social engineering attacks and supply chain intrusions, making traditional cold wallet management insufficient to ensure security. Subsequently, the Financial Services Agency will implement threat-driven penetration testing (TLPT) on some major businesses and plans to revise operational guidelines to enhance cybersecurity personnel allocation and external audit standards.

Blockchain security company CertiK stated that in March 2026, a total of 46 security incidents were recorded, with total losses of approximately $39.8 million (excluding phishing). This is the highest number of recorded security incidents in a month since November 2024.CertiK also mentioned that after reaching a low point in the third quarter of 2025, the number of security incidents increased in the fourth quarter of 2025 and the first quarter of 2026, with the exploitation of code vulnerabilities becoming more frequent, possibly related to the rise of artificial intelligence.

Monad co-founder Keone Hon released a protocol security self-inspection checklist on the X platform, focusing on core issues such as management permissions, fund security, and multi-signature mechanism design, which mainly includes ten points:Clearly identify which admin functions may lead to fund loss;Ensure that relevant operations are time-locked;Establish a real-time monitoring mechanism;Provide timely alerts when admin functions are called;Review all privileged accounts and try to use a multi-signature (k-of-n) structure;Clarify signature threshold parameters;Multi-signature signers should use independent cold devices solely for signing operations and follow best practices (such as independently verifying transaction hashes);Set rate limits on withdrawals and avoid control by the same multi-signature;Ensure employee devices have malware detection and management capabilities;Predefine extreme scenarios where multi-signature signers are compromised, reverse engineer potential attack paths from the attacker's perspective, and optimize system design accordingly to increase attack costs and complexity.

According to official news, the blockchain security agency SlowMist recently released a security assessment report, conducting a special audit of OKX Wallet. The results showed that in the audited version, no behavior was found where the application transmitted sensitive information such as private keys or mnemonic phrases to external servers, and no risk of sensitive data leakage was detected overall.It is reported that this assessment focused on whether there were issues with the external transmission of private keys and mnemonic phrases in OKX Wallet, and the results indicated that the relevant core information was processed locally. The current handling of private keys and mnemonic phrases has become the core of wallet security, and such audit results also provide users with a more direct security reference.

SolanaFloor's latest data shows that the impact of the Drift protocol vulnerability incident continues to expand, with the number of affected protocols increasing from 11 to 20. Nine new protocols have been added: PiggyBank, Perena, Vectis, Valeo, Amp Pay, Loopscale, Prime Numbers Fi, Gauntlet, and Exponent.In terms of specific losses, Prime Numbers Fi estimates losses of over $10 million, Gauntlet approximately $6.4 million, Neutral Trade about $3.67 million, Elemental DeFi around $2.9 million, Reflect Money about $1.95 million, Vectis approximately $1.69 million, Ranger Finance around $919,000, Pyra about $551,000, and PiggyBank has confirmed losses of $106,000, which will be fully compensated by the team.Each protocol has taken corresponding measures, with most suspending minting, redemption, deposits, withdrawals, or related treasury functions. Prime Numbers Fi is still under evaluation and has not announced specific actions. Vectis has not responded but has been confirmed by Ranger Finance to have risk exposure. Gauntlet has restricted further supply and is coordinating with Drift.

Vibhu Norby, Chief Product Officer of the Solana Foundation, posted on the X platform stating that the Drift Protocol has confirmed it was attacked, with the specific source still under investigation. This incident is not caused by a program or smart contract vulnerability, but is more likely related to operational security or social engineering attacks.It should also be clarified that although this incident occurred on a project based on the Solana ecosystem, theoretically, any protocol relying on a multi-signature mechanism across various chains may face similar risks. Therefore, the Drift security incident is an isolated case and does not indicate a systemic issue with Solana DeFi or related products. Once the complete investigation is concluded, the industry may draw important lessons from it, and the Solana DeFi community will quickly recover and rebuild.

Vitalik Buterin shared a post outlining his localization and privatization LLM deployment plan as of April 2026. The core goal is to prioritize privacy, security, and autonomy, minimizing the opportunities for remote models and external services to access personal data. This is achieved through local inference, local file storage, and sandbox isolation to reduce the risks of data leakage, model jailbreaks, and malicious content exploitation.In terms of hardware, he tested solutions including a laptop equipped with an NVIDIA 5090 GPU, an AMD Ryzen AI Max Pro 128 GB unified memory device, and DGX Spark, using the Qwen3.5 35B and 122B models for local inference.Among these, the 5090 laptop achieved approximately 90 tokens/s with the 35B model, the AMD solution around 51 tokens/s, and DGX Spark about 60 tokens/s. Vitalik indicated that he prefers to build a local AI environment based on high-performance laptops while using tools like llama-server, llama-swap, and NixOS to establish the overall workflow.

Wormhole posted on the X platform in response to the impact of the Drift Protocol attack incident, stating that Wormhole user assets are currently not at risk, and the cross-chain bridge function is still operational. However, due to the built-in security mechanisms set for Solana, some cross-chain transfers may experience delays. Wormhole core contributors have been in communication with the Solana ecosystem team and will continue to provide support as needed.

According to monitoring by Lookonchain, the Solana ecosystem DeFi protocol Drift Protocol has suffered a significant attack, with approximately $220 million to $270 million in assets suspiciously transferred to the address "HkGz4K." Subsequently, some of these assets were bridged to the Ethereum chain to purchase ETH, with a total of 19,913 ETH bought so far, valued at $42.6 million.The attacker also transferred some of the stolen SOL to Hyperliquid to exchange for ETH, as well as transferring some stolen SOL to Binance. Additionally, according to monitoring by onchainschool.pro, the details of the stolen assets are as follows: USDC valued at $103 million; SOL valued at $54 million; WBTC valued at $19 million; WETH valued at $12 million; cbBTC valued at $11 million; USDT valued at $6 million; USDS valued at $5 million; SYRUPUSDC valued at $3 million; JLP valued at $2 million.Drift Protocol's official statement indicated that they have noticed unusual activity and are currently investigating. Please do not deposit funds into Drift during the investigation period. This is not an April Fool's joke. Please act cautiously until further notice. Drift Protocol will release the latest news through official channels.

According to on-chain analyst PeckShield, there were a total of 20 major hacking incidents in the cryptocurrency sector in March 2026, with total losses reaching $52 million, a staggering 96% increase compared to $26.5 million in February.The most concerning risk this month is the "shadow contagion" effect, where a single event triggers a chain of bad debts across multiple protocols. Major incidents include: ResolvLabs ($USR) suffering an "infinite minting" attack due to an AWS KMS key management vulnerability, resulting in losses of approximately $25 million, an 80% drop in the price of USR, and causing systemic bad debts for protocols such as MorphoBlue, Euler, and Fluid; Venus ($THE) experiencing an on-chain/off-chain combination attack, leaving $2.18 million in bad debts; well-known on-chain figure @sillytuna facing a physical attack and on-chain coordinated strike, resulting in losses of $24 million; and a Kraken whale user (0xC551...acA21) losing $18 million due to a social engineering attack, with hackers transferring some funds through Thorchain to HitBTC.

The privacy coin Zcash recently disclosed and fixed a critical security vulnerability that could have been exploited by malicious miners to transfer over 25,000 ZEC (approximately 6.5 million USD) from the deprecated Sprout privacy pool. Security researcher Alex "Scalar" Sol disclosed on March 23 that the vulnerability stemmed from the zcashd node skipping proof verification when processing transactions involving the Sprout pool.The official statement indicated that the vulnerability had existed since July 2020 but had not been actively exploited, and user funds remained safe at all times. The development team has released version 6.12.0 to complete the fix, and mainstream mining pools have completed the upgrade deployment within a few days. Additionally, the unaffected Zebra full node implementation has the capability to trigger a chain fork, providing extra protection in the event of exploitation.It was disclosed that although the Sprout pool closed to new deposits in November 2020, approximately 25,424 ZEC remained untransferred. Even if the vulnerability were exploited, Zcash's "turnstile" mechanism would prevent inflationary issuance, ensuring that the total supply would not be breached. This vulnerability was discovered with the assistance of AI, and the researcher will receive a total bounty of 200 ZEC (approximately 51,000 USD). It is worth noting that this is not the first time Zcash has encountered a significant vulnerability; as early as 2019, it had fixed a serious flaw that could lead to unlimited issuance.