tac

According to Slow Fog monitoring, the DTXT/USDT trading pair on the BNB Chain was attacked, resulting in a loss of approximately 35,041 USDT.The root cause of the attack lies in the DTXT contract, which determines the type of operation by comparing the USDT balance with the trading pair's reserve amount. The attacker directly transferred a small amount of USDT to the trading pair address, causing a large DTXT sell-off to be misjudged as adding liquidity, thus bypassing the sell transaction fee logic.The attacker borrowed 1,077,400 USDT through a flash loan from Moolah, making a profit of approximately 35,000 USDT.

According to CertiK Alert monitoring, the Gravity Bridge attacker has deposited 1,180 ETH into Tornado Cash again, worth approximately $2.06 million. The attack incident has stolen a total of 2,600 ETH (worth about $5.4 million at the time of the attack), of which 2,020 ETH has been deposited into Tornado Cash through two EOA addresses, and the remaining portion has been dispersed and transferred to centralized exchanges.

According to TenArmorAlert monitoring, the BY token on the BSC chain was attacked, resulting in a loss of approximately $88,400.

According to The Block, the latest "2026 Ecosystem Vulnerability Audit Report" released by Web3 security company Immunefi shows that losses from DeFi protocols due to hacker attacks have decreased by 74% from the peak of $2.62 billion in 2022 to approximately $680.3 million in 2025.The report points out that the median loss per attack has also significantly decreased, from $6 million in 2022 to $1.5 million in 2025, reflecting an overall improvement in security levels.At the same time, the proportion of losses from bridge exploits has dramatically decreased from 73% in 2022 to 3% in 2025, and the share of flash loan attacks has dropped from 54% to less than 1%. Risks at the infrastructure level (such as private key leaks and database attacks) have also decreased from 30.7% in 2022 to 10.3% in 2025. Immunefi stated that this reflects the ongoing optimization of oracle design, reentrancy attack protection, and access control standards, indicating that the overall DeFi ecosystem "is becoming safer."However, the report also notes that losses slightly rebounded to $680.3 million in 2025, mainly due to the increasing complexity of multi-chain systems and a few high-severity incidents. Meanwhile, the number of independent security incidents continues to rise, reflecting an expanding attack surface.

According to SlowMist monitoring, a new type of Rust supply chain malware activity named IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret leakage, Tor-based command control, and eBPF rootkit stealth.Security teams should audit the repository for backtracked commits, suspicious branches, unexpected build hooks, and commits from automated identities such as claude, dependabot, renovate, or github-actions. It is recommended to remove or deprecate affected package versions, publish clean versions, rotate all leaked keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.

According to TenArmorAlert monitoring, the ATM tokens on the BSC chain were attacked, resulting in a loss of approximately $243,500.

According to on-chain analyst PeckShield (@PeckShieldAlert), approximately 19 hours ago, TesseraDao (@TesseraDao) on the BNB Chain was attacked, with hackers maliciously minting 99 million TSR and immediately selling it off, causing the TSR price to plummet by 99%.The attackers then exchanged the obtained TSR for approximately 2.5 million USDT and transferred the funds across chains to Ethereum, where they have completed money laundering operations of 1,285.5 ETH through TornadoCash.

SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.

According to monitoring by Shield, the UXLink attackers are exchanging WBTC for ETH, having exchanged 92 WBTC (6.4 million USD) for approximately 3248 ETH, and deposited 1500 ETH into Tornado Cash.UXLink was attacked on September 22, 2025, due to the compromise of its multi-signature wallet, resulting in losses exceeding 44 million USD.

According to GoPlus warning, a user lost approximately $316,000 worth of USDC to a phishing attack due to signing a malicious Permit2 transaction.

The DeFi protocol Radiant announced that after experiencing a hacker attack in October 2024, and after 18 months of continuous efforts, the DAO no longer has a viable path to continue operations and will gradually enter the "sunsetting" phase.Currently, the project has no progress in recovering funds, no new capital injection, and lacks the funds and development space to maintain normal operations, thus it cannot continue responsible long-term operations.

The blockchain security agency PeckShield has issued an alert stating that Gnosis Pay is currently undergoing a security attack. Meanwhile, Gnosis co-founder Martin Köppelmann has publicly urged users to immediately withdraw their GNO and EURe assets to mitigate potential risks.Market analysis indicates that Gnosis Pay, as an important infrastructure connecting payment scenarios with on-chain assets, may face short-term selling pressure on Gnosis GNO and the euro stablecoin EURe if it is confirmed that funds have been stolen or protocol vulnerabilities exploited, further affecting market sentiment for Gnosis ecosystem-related projects.Currently, the official has not disclosed the scale of the attack, the amount of losses, or specific technical details, and the situation is still developing. Users holding related assets or using Gnosis Pay services should closely monitor official follow-up announcements and assess their risk exposure in a timely manner.

According to TenArmorAlert monitoring, the AROS token on the BSC chain was attacked, resulting in a loss of approximately $295,300.

According to Cointelegraph, CertiK data shows that losses from attacks on crypto platforms in May dropped to $68.3 million, a nearly 90% decrease from $650 million in April. May became the third month in 2026 with losses below $100 million. Of this, approximately $2.6 million came from phishing attacks, and about $9.4 million of stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the highest loss type, accounting for about $45 million, or 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary target of attacks, with losses of $28.6 million, accounting for 42%. DeFiLlama data shows that there were a total of 29 incidents in May, of which 7 involved private key leaks.

The Cosmos ecosystem cross-chain bridge Gravity Bridge is suspected to have been attacked due to the leakage of its signing keys, resulting in approximately $5.4 million in assets being stolen. The official team has confirmed that a security incident has occurred and has urgently suspended bridge services for investigation, while also requesting validators to suspend the operation of validation nodes and coordinators. It is reported that its contract keys may have been compromised.

AML / KYT provider Shard disclosed that the number of cyber attacks in the cryptocurrency industry doubled year-on-year in the first quarter of 2026, exceeding 80 incidents, but total losses decreased by 69% year-on-year to $496 million, compared to $1.6 billion in the same period last year. Shard stated that the losses in the same period of 2025 were mainly impacted by a significant theft incident of approximately $1.4 billion involving Bybit; while the attacks in 2026 were more dispersed, targeting DeFi protocols, infrastructure services, and individual users.Looking at the months, there were a total of 29 attacks in January, with losses exceeding $392 million; 26 attacks in February, with losses exceeding $22 million; and 27 attacks in March, with losses exceeding $81 million.

Regarding the attack on the Kelp rsETH LayerZero V2 bridge that occurred on April 18, Aave released a post-incident investigation on the X platform, emphasizing that the exposure was primarily due to third-party bridge infrastructure rather than the protocol itself. The attacker executed an RPC poisoning attack targeting a single validator of LayerZero, forging a cross-chain message. This led to the release of 116,500 rsETH on the Ethereum side without actual destruction on Unichain. The attacker subsequently deposited the stolen rsETH into Aave V3 (Ethereum Core and Arbitrum), borrowing approximately 82,650 WETH and 821 wstETH.The Aave Protocol Guardian and Risk Steward immediately implemented protective measures for the rsETH and WETH reserves. Currently, the WETH and rsETH markets in the affected V3 deployments are operating normally. The rsETH held by the attacker on Arbitrum has been destroyed, the LayerZero OFT adapter has been fully recharged in five batches, rsETH support has been fully restored, and Kelp has reopened the withdrawal, bridging, and claims functions for rsETH. The WETH LTV in the affected markets has been reset to pre-attack values, and Aave V3 is fully operational across all markets except for rsETH.The Arbitrum DAO has voted to authorize the transfer of frozen ETH to Aave LLC, and it is currently awaiting on-chain execution. The court is still reviewing the substantive content of the injunction, and Aave LLC will continue to comply with the injunction during the court's deliberation. Ongoing projects include: the Aave risk framework from Llama Risk, the bridging assessment framework, the release of evaluation reports for currently live assets, on-chain execution of Arbitrum DAO votes, and the court's review of the injunction.

Blockaid disclosed on platform X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker controlled 3 out of 4 Guardian keys to forge a VAA (Verification Authorization Message) and completed the attack in about 7 minutes, stealing approximately $815,000 in assets.During the attack, the attacker minted 13.76 million Wrapped ALPH out of thin air, exceeding the circulating supply before the attack by over 100%, while also unlocking and transferring assets such as USDT, USDC, WBTC, and WETH from the custody pool.Currently, the attacker's address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH, with the largest abnormal transaction being the minting of 13.76 million Wrapped ALPH out of thin air.

On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have encountered a security incident due to a contract key leak, involving assets such as USDC, WETH, and USDT, with total losses of approximately 5.4 million dollars.