We're aware of a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation. The safety of our community is our top priority, and we want to be fully transparent about what we know. As a precaution, please do NOT interact with the bridge or any liquidity pools until we give the all clear. This is the single most important step you can take to protect your funds right now. We are actively working with leading security experts and our exchange partners to assess the scope of the incident and secure all affected systems. We're deeply sorry that this has happened. Protecting this community is our responsibility, and we don't take that lightly. We will share verified updates as soon as we have them and we won't speculate before facts are confirmed. Official updates will only come from this account or @terencekwok Beware of the scammers and impersonators who exploit moments like this. We will never DM you first or ask for your seed phrase or private keys.

We’re aware of an exploit affecting the $ASTX token contract that occurred around 4am GMT 8 earlier today. Our team is currently investigating the root cause of the exploit. We will drop a full, official post-mortem statement once we have everything mapped out. Thanks for standing by us though this unfortunate incident.

If your protocol is ready to get certified, these firms are accredited and taking clients now. Already working with one of them? Ask about SEAL Certifications starting today. @audit_wizard @BlockSecTeam @chain_security @Composable_Sec @ConsensysAudits @cyfrin @DefiSafety @hackenclub @HackenProof @SecurityOak @OpenZeppelin @opsek_io @Quantstamp @0xshield3 @sigp_io @statemindio @trailofbits @Wonderland @zellic_io @zeroshadow_io Announcement: radar.securityalliance.org/s…

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.

.@VerusCoin's Verus-Ethereum Bridge smart contract (0x715185) was reportedly attacked hours ago on #Ethereum, with estimated losses of about $11.7M, including ~1,625.4 ETH, ~103.6 tBTC, and ~148K USDC. The stolen assets were transferred to 0x65cb8b and swapped into roughly 5,402.4 ETH (valued at ~$11.4M). On-chain records show that the attacker address, 0x5abb91, was funded via Tornado Cash. The root cause remains under investigation. Attack TX: app.blocksec.com/phalcon/exp…

📣 Transit Announcement Regarding a recent incident related to historical legacy risks, we would like to share the following update: 1️⃣ Cause of the Incident The issue was related to an early-version smart contract previously deployed on TRON. Although this legacy contract had been deprecated since 2022, historical vulnerabilities within it were recently exploited, affecting a limited number of users. 2️⃣ Actions Taken Upon discovery, our team immediately carried out investigation, isolation, and mitigation measures, followed by additional review and remediation on May 12, 2026. Users do not need to take any action. The current smart contract version remains unaffected and has been operating securely for over four years, with ongoing security audits, testing, and monitoring in place. We will continue strengthening the management of legacy contracts and potential on-chain risks to further improve overall security. 3️⃣ Compensation Affected users will receive full compensation, with further details to be announced through our official channels. 4️⃣ Security Reminder • Please remain cautious of unsolicited messages or accounts claiming to represent Transit Finance. • Never share your private key or seed phrase with anyone. Transit Team

There is an active security incident on Ekubo swap router contract on EVM chains only. Liquidity providers are not affected. Starknet is not affected. We are investigating the scope of the issue, but to be safe revoke all outstanding approvals: revoke.cash

1/3 USDT has been quietly unfreezing addresses that @circle's USDC still has frozen. In multiple cases, funds moved directly to @Binance within hours of removal.