First major hack of 2026, as @Truebitprotocol was drained for $26.2 million through an overflow in unverified bytecode. The same attacker hit Sparkle weeks prior. Old code keeps bleeding - the archives have clearly become a shopping list. rekt.news/truebit-rekt

3/ The activity also suggests the attack was initiated/planned back in November, when the suspected exploiter was funded via Rhino.fi (likely as part of the setup phase).

2/ The stolen funds are currently consolidated into two wallets holding ~$13M each.

1/ Stablecoin Monitor just got a major upgrade: we now track not only dozens of stablecoins, but also the entities behind them; Issuers, owners, bridges, protocols, DAOs, and more. Visit: stablecoinmonitor.com/entity

A victim, attributed to the ENS name markpascall.eth, lost approximately $1.05M in assets in a suspected private key compromise. The incident came to light after @zachxbt flagged the activity. The stolen funds were consolidated and swapped for ~330 ETH, which was then funneled into Tornado Cash. Exploiter address: 0x4f8affe6cd269d1f8352d0542432de6975c3912d

In a major win for blockchain forensics, @Europol, working with German and Swiss authorities, has successfully shut down Cryptomixer, a service responsible for laundering over €1.3 billion in Bitcoin since 2016. The operation led to the seizure of €25 million in cryptocurrency and the dismantling of critical infrastructure in Zurich. For those in crypto compliance and investigation, the most significant outcome is the seizure of 12 terabytes of operational data, along with the domain cryptomixer.io. This "treasure trove" of logs likely contains years of transaction history and user patterns, previously thought to be untraceable. This data will be instrumental in unmasking historical illicit activity related to ransomware groups and darknet markets for years to come. Read the official announcement here: europol.europa.eu/media-pres…

2/ Approximately two-thirds of the stolen funds (~$2.1M) were bridged to the Ethereum Mainnet using deBridge and Stargate, and subsequently deposited into Tornado Cash. Involved Addresses: • 0x7a503e3ab9433ebf13afb4f7f1793c25733b3cca • 0x98fc13632ff112e4667fc4f21ae980571f122b5a

On Nov 3, @Balancer V2 Composable Stable Pools were exploited, draining ~$129M worth of assets across multiple networks. The majority of funds currently sit on Ethereum, ~$90M, while a substantial portion has been recovered. In our latest report, we break down what went wrong in the math, how the attacker moved funds, and where the crypto is sitting now, with full root cause analysis, on-chain forensics and tracing. Link: research.blockscope.co/balan…

2/ Possible Root cause: A faulty oracle / collateral price feed → over-borrowing. Analysis found that specifically this transaction corrupted the collateral price (tx: 0x77e308091f9eee86bb4e5571ee3bf8be001ce84208501c6aba3f251b5f9150d4), enabling the looped borrow pattern. Using Blockscope AI Investigator we can trace exactly how the price feed was changed.