Ok done 😉

DeFi should be simple. Bitcoin.me was built that way. Start swapping today.

swaps are back on @BitcoinMe_ , be @klever_org time to buy when everything is cheap =)

Update: Following our initial disclosure, we are sharing additional findings and actions taken regarding the NFT Marketplace exploit investigation. Security Incident Report — Updated Klever Blockchain — NFT Marketplace Royalty Inflation Exploit Date: June 6, 2026 Status: Mitigated — Investigation Ongoing Summary Klever was alerted by the KleverPulse community builder (kpulse.tech) to suspicious on-chain activity. Internal investigation confirmed a critical arithmetic flaw in the NFT Marketplace kApp settlement logic that allowed an attacker to mint KLV out of thin air through self-controlled NFT trades. The fix was deployed to mainnet on June 5, 2026 at 16:00 BRT (fork 19.rc-2). Two epoch transitions have since completed with no anomalies reported. Exploit Window 2026-06-04T10:38:24Z → 2026-06-05T11:30:32Z (~25 hours) Root Cause The settlement layer of the NFT Marketplace kApp failed to validate that the sum of referralPercentage and royalties.marketPercentage could not exceed 100% at the time of the Buy transaction. These values were validated independently and at different points in time, allowing the attacker to manipulate one of them after the sell order was already snapshotted. At settlement, both the referral payout and the royalty payout were credited in full against the buyer's bid, but the seller's debit was computed as bid − referral − royalty. When both percentages were 100%, this resulted in a negative debit that was silently skipped, effectively minting the difference. Since the attacker controlled the buyer, seller, royalty receiver, and referral address simultaneously, the entire surplus flowed to a single beneficiary. On-Chain Footprint The attacker operated across 2 addresses and 283 total transactions, spanning 4 NFT collections (POCDJ08X0X, POCDJ090G7, POCDJ0GG, NFLATION) and 2 marketplaces (both named "Inflation Market"). The buy cycle was executed 60 times, with bid values escalating in a doubling ladder peaking at 25,600,000 KLV per self-buy. A total of 486,357,300.26 KLV was artificially generated by the exploit. Reconciliation: The attacker's estimated total position (transfers out DEX swaps remaining balance) was ~486,527,149 KLV — a delta of ~169,849 KLV, consistent with the attacker's pre-existing legitimate balance and fees consumed during setup operations. Fund Flow & Exchange Exposure Post-mint, the attacker dispersed funds through 9 intermediate wallets and routed KLV to at least 4 exchanges, confirmed by taint graph analysis (6 depth levels, 28 tainted edges, 27 chains enumerated): • KuCoin — ~69,707,673 ~55,285,585 KLV — Deposited • Bitget — Multiple deposits, traceable — Deposited • Gate — ~777,472 ~627,135 KLV — Deposited • MEXC — ~792,881 ~358,471 KLV — Deposited • VoxSwap — ~5,000 KLV — Deposited Remaining KLV was traced to 10 intermediate wallets still holding funds, flagged for blocking. On the Ethereum side, fabricated KLV was swapped on the DEX to wrapped assets (USDC, USDT, WBTC, WETH) and bridged out via the ETH–KLV bridge. Known Attacker Addresses KLV (primary): klv12n4z3ef86sfk2z97j4fhfta9f2xztsv6frr8faqj7l8q9kc0fcdsfjfqez ETH: 0x5B9c0b7545aC8a62bff83C73b8A0Ab0568f36E6c 0x163945Fd929c0d4FcE2EA2B6011a789c939cdD59 KLV intermediate wallets flagged for blocking (10 addresses, residues ranging from ~3 KLV to ~55M KLV — full list available on request). Response & Mitigation • June 5, 2026 ~16:00 BRT: Fork 19.rc-2 deployed to mainnet. This is the final fix for this vulnerability. • Two epoch transitions completed post-fork with no registered issues. • TRM Labs notified with ETH addresses for blacklisting. • Exchange contacts being pursued for KLV deposit freezes. Next Steps • Service Restoration: Gradually restore all affected services, including the ETH–KLV bridge, bitcoin.me, and swap. • Monitoring: Upgrade network monitoring infrastructure with AI-assisted anomaly detection to proactively identify abnormal on-chain behavior across all kApps. • Legal: Initiate formal criminal proceedings, including police reports and applicable legal procedures across relevant jurisdictions, in relation to the exploit. • Buyback Program: Execute a KLV buyback, conducted gradually and at the team's discretion, to counteract the price pressure resulting from the attacker's liquidations. • Token Burn: Plan and execute a burn of the full 486,357,300.26 KLV artificially minted during the exploit, restoring the circulating supply to its pre-attack state. • Complete root cause analysis and publish full post-mortem. • Engage exchanges for account freezes on all confirmed deposit addresses. This is an updated preliminary report. Information is subject to revision as new findings emerge.

Following the recent Klever incident, we want to reassure our community that all SAME products continue to operate normally. ✅ SAME World ✅ SAME Striker ✅ SAME DEX ✅ SAME Validators ✅ SAME Staking Our ecosystem remains fully functional. We also want to recognize the fast response from the Klever developers, validators, monitoring teams, and community members who worked together to mitigate the issue. We continue to support the Klever ecosystem where possible and look forward to seeing the investigation completed and the remaining improvements implemented. In the meantime, we’re staying focused on what we do best: ⚒️ Building.

Decentralized trading isn't the future. It's already here. Trade on Bitcoin.me.

We have started the gradual restoration of services today. We appreciate your continued patience and support as we bring everything back online. We will continue to provide updates and notify everyone as additional services are restored.

We have started the gradual restoration of services today.

✅ Bitcoin.me services have been restored. We appreciate the community's patience and support during this period.

Security matters. KVM isolates contract execution and enforces strict protocols, reducing common smart contract vulnerabilities. 🛡️

Progress continues. 🚀 We're happy to see Bitcoin.me services restored and available once again. Thank you to everyone who has supported the ecosystem throughout this process.

Bridges turn interoperability into reality. 🌉 Connect ecosystems, move liquidity, and access new opportunities with the Bitcoin.me Bridge. bitcoin.me/bridge

Trading on @BitcoinMe_ is heating up again 🔥 And today, the Swopus arbitrage bot is working like a tiny DeFi beast, catching routes, balancing markets, and helping generate value for our LPs. Join the pool side. We hunt and aggregate liquidity across the whole #Klever ecosystem 🧭Swopus.com

We have started the gradual restoration of services today. We appreciate your continued patience and support as we bring everything back online. We will continue to provide updates and notify everyone as additional services are restored.

Control is just the beginning. Put your crypto to work on Bitcoin.me while staying in control of your assets.

🚨 @klever_org Security Incident Update We have published a detailed report regarding the recent royalty inflation vulnerability in the NFT Marketplace kApp. 🔒 Status: Fully Mitigated 🛠️ Fix: Fork 19.rc-2 deployed successfully For full transparency on the root cause, fund tracking, and our immediate next steps, please read the complete report on the Klever Forum: forum.klever.org/t/security-… #Klever #KLV #SecurityUpdate #KleverBlockchain

If you all want an unofficial explanation of what happened to @klever_org NFT marketplace exploitation you can find it on my Telegram. t.me/BabyPengolinCoin/1 Disclaimer: this is an unofficial explanation. We have to wait to hear from @klever_io for the official one. @BitcoinMe_

Want to create your own token on Klever Blockchain? Here’s a simple how-to 🧵👇

Why use a DEX? ✔️ More control ✔️ More privacy ✔️ No custodial risk Bitcoin.me was built for that.

Swopus arbitrage bot is live. It now works across the Swopus v1 → Swopus v2 → BitcoinMe route, helping balance prices across the ecosystem for the most liquid pairs. More efficient markets. Better price alignment. Additional utility for $XPORT through trading revenue. #Klever #KLV @swopuscom