Raydium Exploit – $1.34M via deprecated Pools ⚠️
Am 10. Juni nutzte ein Hacker 5 alte, deprecated Liquiditätspools auf Raydium (Solana).
Angriff auf das Legacy AMM V3 Programm → gefälschte LP-Token → $1.34M gestohlen → überbrückt nach ETH → direkt in Tornado Cash.
Wichtig: Kein aktueller User betroffen. TVL stabil bei $822M ( 6.71% 7d), Volume $899M.
Treasury deckt Verluste.
Kern-Lektion: Auch „deprecated“ Smart Contracts bleiben on-chain angreifbar. Genau das, was AI-Scans immer schneller ausnutzen.
Bleibt wachsam bei alten Pools, Leute.
#Raydium #Solana #DeFiSecurity
1
24
Absolute privacy meets institutional security. 🛡️ Luma Global’s advanced cryptographic framework and distributed node verification shield your transactions, providing an unbreachable vault for your wealth.
#LumaGlobal #SecurePayments #CryptoPrivacy #DeFiSecurity #TrustlessTech
47
Jun 14
Over the past week: HTX delisted USD1 after WLF unilaterally froze exchange addresses, an old Raydium pool was exploited for
1.34M,OKXaccountsfacedrepeatedrisk‑controllimits,andTetherfroze72M USDT. The industry is maturing, but infrastructure security still has a long way to go.
#DeFiSecurity #CryptoRisk #IndustryWatch
36
Full breakdown of every wallet scored, what we caught, what we missed, and what we fixed.
kaelai.io/blog
#DeFi #DeFiSecurity #Web3Security #WalletSecurity
10
Humanity Protocol Hack Tied To North Korean Actors In 36 Million Dollar Multisig Exploit
• Humanity Protocol suffered a 36 million dollar plus exploit on June 8 after a phishing email impersonating Bithumb led to malware on a director’s laptop and theft of bridge admin keys.
• Attackers drained about 141.18 million H on Ethereum and minted roughly 100 million H on BNB Chain, then dumped tokens on DEXs, causing an 89 to 90 percent price drop from around 0.67 dollars to near 0.05 dollars.
• Quantstamp’s investigation linked the operation to North Korea aligned actors, with over 21 million dollars in ETH traced to attacker wallets and Humanity halting bridges, offering a 1 million dollar bounty, and abandoning its BSC deployment.
#HumanityProtocol #CryptoHack #NorthKorea #DeFiSecurity
2
177
Jun 12
gQuip X Family 🌠🌱
Most people ignore quantum risk until wallet security becomes expensive across Web3 ecosystems.
That is why @quipnetwork feels important from a post-quantum infrastructure angle today.
Crypto security is no longer only about hacks, phishing, bridges, or smart contract exploits.
The next major wallet threat may come from the cryptography protecting onchain ownership.
That is why post-quantum infrastructure matters before quantum computers become mainstream.
Bitcoin, DeFi vaults, bridges, and protocols all depend on trusted wallet signatures.
If the signature layer becomes weak, every Web3 application above it becomes exposed.
Proof of Work secures blockchains, but Proof of Useful Work can make compute productive.
Instead of wasting computational power only for consensus, useful work can support real optimization.
For Web3, this matters because future security needs stronger wallets and smarter compute layers.
The future of DeFi security will not start only from TVL or yield.
It starts from the wallet layer, where ownership, transactions, and trust are protected.
Quantum resistance may not look exciting during the early infrastructure building phase.
But strong infrastructure usually becomes valuable before the market fully understands its importance.
Study wallet security early, because future DeFi needs protection before threats become obvious.
#QuipNetwork #PostQuantumSecurity #Web3Security #DeFiSecurity #ProofOfUsefulWork
27
5
31
744
Jun 12
🚨 New #DeFiSecurity guide: analysis of the Aurora (2026), Morpho (2024), and Radiant (2025) hacks a practical checklist. Moving on to "Security by Design." ⬇️
github.com/rdin777/defi-secu……
#Web3Security #Blockchain
1
9
The narrative around AI's impact on crypto security is getting interesting. Immunefi's take on AI models fueling a "vulnerability apocalypse" in DeFi isn't just about more hacks; it’s a stark reminder that innovation cuts both ways. We've been hyping AI as a panacea for everything, including smart contract auditing. Now we're seeing it weaponized, and frankly, it makes perfect sense. The same tools that can help developers find bugs *faster* can also help malicious actors exploit them with unprecedented efficiency. This isn't just a technical challenge; it's an arms race with AI at its core. Builders need to be thinking aggressively about AI-powered defenses, not just traditional audits. The threat vector has evolved. 🧠🔐 #DeFiSecurity #AIEthics
2
11
ALERTA DE SEGURANÇA: Vulnerabilidades Críticas no Ecossistema Bitflow e a Negligência da Immunefi 🛡️⚠️
@bitflow @immunefi #Bitflow #Stacks #ClarityLang #SmartContractSecurity #DeFiSecurity #BugBounty #BlockchainAudit #SegurancaDigital #Web3
1
16
Across the recent Token of Power exploit and today’s Raydium exploit - two separate incidents weeks apart - the same Tornado Cash mixer address appears: 0xd90e2f925da726b50c4ed8d0fb90ad053324f31b.
Same funding infrastructure. Different targets. Consistent behavioral fingerprint.
We’ve built an exploit registry tracking confirmed attacker wallets across 9 major 2026 incidents. Cross-incident patterns like this are how threat actor clusters get identified before the next attack.
@Blockaid @PeckShieldAlert @ZachXBT @0xriptide
#DeFi #DeFiSecurity #Web3Security
75
Jun 10
CipherBot on DeFi United, the white-hat coalition that saved the LRT reward funds.
The rescue worked. Etherfi, Kelp and EigenLayer figures coordinated, replicated the attacker's method, drained the vulnerable contracts before the attacker could finish, and secured the funds in a multisig.
Here is the part worth sitting with. This is the same control layer the Humanity and Token of Power attackers exploited this week, only here it was exercised by insiders for good.
In every case the underlying fact is the same: a supposedly decentralised system contained an authority layer a small group could activate. The only variable was whether the hands were hostile or friendly.
Benevolent centralisation is still centralisation. The DAO fork proved it in 2016. DeFi United just proved it again.
The funds were saved by exactly the kind of unelected coordination these systems claim to have removed.
#Restaking #DeFiSecurity #WhiteHat
∞ ZERØ
The funds were saved. That is not the whole story. A small, unelected council formed in hours, replicated the attacker's exploit to drain the vulnerable contracts first, and moved millions in user rewards into a 3-of-5 multisig they control. Benevolent, effective, and a perfect demonstration of the centralisation sitting quietly behind systems that market themselves as trustless.
pulsechain.nexus/defi-united…
82
Token of Power exploit: attacker mints 10B TOP and drains $1.58M in WETH.
• June 9, 2026: attacker acquired ~8,192 TOP (>50% of 16,384) for ~663 WETH from the Balancer V1 pool.
• Malicious proposal executed in one transaction, TokenManager minted 10,000,000,000 TOP; 944.2 WETH (~$1.58M) drained.
• Funds routed through Tornado Cash; attacker net ≈281 WETH.
• Post-incident stats: max supply 10,000,016,384 TOP, 1 wallet owns 100%, Gini 0.9954, holders 218.
#Crypto #DeFiSecurity #Tokenomics
1
1
33
A medium I submitted got duped into oblivion. On paper: worthless.
In practice: proof my attacker-mindset is transferring from red team → smart contracts.
The bug doesn't pay. The confirmation that I'm on the right path does. Keep showing up. 📈
#RedTeam #Web3Security #SmartContractAudit #Solidity #DeFiSecurity #PentestToWeb3 #BugBounty #EVM #Auditing #InfoSec #Blockchain #Cantina
1
54
Before stealing $1.585M from Token of Power today, the attacker did what most DeFi hackers do - funded their wallet through Tornado Cash to hide where the money came from.
We scored the attacker wallet through KaelAi Shield. Our system spotted the Tornado Cash connection automatically and returned BLOCK.
2 days old. 50 transactions in 4 hours. Then gone.
Attackers leave traces and these exploits can be stopped in advance but most protocols just aren’t looking.
kaelai.io/shield
#DeFi #DeFiSecurity #Web3Security #CryptoSecurity
67
⚠️Unconfirmed rumours are circulating about wider access to Claude Mythos / Mythos-class models.
I could not find solid proof that this is happening today, despite the rumours spreading across X since yesterday.
But in security, I prefer:
Better Safe Than Sorry
No panic. Just basic wallet hygiene:
1. Check your wallet approvals
2. Revoke old approvals
3. Revoke unlimited approvals
4. Revoke approvals you do not recognise
5. Be careful with DeFi positions you do not actively need exposed
This is especially relevant for lending, yield farming, liquid staking and similar protocols - withdraw your funds to your (hardware) wallet address.
More on revoking wallet approvals here: x.com/CryptoBobesh/status/20…
Not fear. Just reducing unnecessary attack surface.
I covered the Mythos topic here: 👇
#DeFiSecurity
I exited DeFi in April. This week, two events made me think it was the right call.
Both pointing the same direction. Four days apart.
1) Anthropic's Project Glasswing update (22 May)
Around 50 partners got early access to an unreleased AI model Claude Mythos Preview. In one month:
- 10,000 high or critical vulnerabilities found across partner codebases
- Cloudflare flagged 2,000 bugs, 400 of them serious, with a lower false positive rate than human testers
- Mozilla patched 271 vulns in Firefox 150 with Mythos Preview. That's over 10× what they found in Firefox 148 with Claude Opus 4.6
- UK AI Security Institute: Mythos is the first model to fully solve their end-to-end multi-step cyberattack scenarios
- A partner bank blocked a $1.5M fraudulent wire transfer with help from the model
On 1,000 open-source projects scanned by Anthropic in last few months:
- 6,200 high or critical findings out of 23,019 total
- Of 1,752 reviewed independently, 90.6% confirmed as real bugs and 62.4% confirmed as high or critical
- Some maintainers asked Anthropic to slow down. They cannot patch fast enough.
Of the 530 high or critical bugs Anthropic has disclosed to maintainers so far, only 75 have been patched. Average time to ship a patch: two weeks. Some maintainers asked Anthropic to slow down.
Anthropic's own takeaway: finding bugs is no longer the bottleneck. Verifying, disclosing and shipping patches is.
2) Manuel Aráoz, co-founder of OpenZeppelin (26 May)
He posted that he now considers all of DeFi unsafe and has advised friends and family to exit positions, including blue chips like Aave, Maker and Compound. His argument: coding agents are now superhuman at hunting vulnerabilities, and smart contract security is deeply asymmetric. Defenders must fix every bug. Attackers need one.
Why this hits DeFi harder than most software:
- Smart contract code is public. Attackers pay zero discovery cost.
- Funds live inside the code. No human in the loop to stop an exploit mid-flight.
- Once money moves on-chain, it is gone. No chargeback, no support line.
- A clean audit from six months ago carries less weight than it used to.
To be fair: Glasswing's published numbers were not aimed at smart contracts specifically. We have no hard data yet on how DeFi codebases would score against a Mythos-class model. That gap is part of the warning, not a comfort.
My honest advice:
If you are newer to crypto, or you do not have time to track this space daily, sitting in DeFi at today's yields is a hard trade to defend. If you are experienced, a position cut still looks rational to me. Yields have not moved up to price in this new risk profile.
What would push your view in either direction? Curious what you are watching.
ALT Project Glasswing, Anthropic's security initiative, ran for one month with around 50 partners using an unreleased Claude Mythos Preview model. Headline numbers: over 10,000 high or critical vulnerabilities surfaced across partner codebases. Cloudflare alone flagged 2,000 bugs. Mozilla patched 271 vulns in Firefox, roughly ten times their previous rate. Across more than 1,000 open-source projects scanned, 23,019 total findings were produced. Of the 1,752 reviewed by independent triagers, 90.6% were confirmed as real vulnerabilities. A partner bank used the model to block a $1.5 million fraudulent wire transfer. The pattern matters for DeFi: smart contract code is public, funds sit inside the code, and once an exploit lands there is no chargeback. Source: Anthropic Project Glasswing update, 22 May 2026.
1
132
Humanity Protocol’s ethereum:0xcf5104d094e3864cfcbda43b82e1cefd26a016eb token suffered a major collapse after a security breach.
• Attackers drained $30M from wallets linked to a compromised Humanity Foundation member’s private keys.
• H plunged 90% , falling from recent highs around $0.73–$0.85 to lows near $0.05–$0.08, before recovering slightly to around $0.12.
• On-chain data indicates the attacker swapped roughly 187M H tokens into ETH and BNB, while also minting about 100M additional H tokens on BNB Chain.
• Market cap dropped to around $225M, while 24-hour trading volume surged above $600M as panic selling spread across liquidity providers and bridge users.
#HumanityProtocol #Htoken #CryptoHack #DeFiSecurity
27
Jun 9
Building a strong abuse report in under 10 minutes is possible.
Our templates checklists help victims package timelines, addresses, and evidence cleanly for Binance, Coinbase, Kraken, etc.
Free guide → tracefunds.app/guides/exchan…
#OnChainAnalysis #CryptoForensics #DeFiSecurity
2
21
📍 攻击者相关地址
1️⃣ etherscan.io/address/0x456Cb…
2️⃣ etherscan.io/address/0xee4B6…
3️⃣ etherscan.io/address/0x1dfe5…
4️⃣ etherscan.io/address/0xAf2a4…
5️⃣ etherscan.io/address/0xD1ea8…
访问 ⏩ arisk.io 免费体验毫秒级地址分析、链上追踪等功能。
➡️ 关注 @Arisk_io 获取最新黑产分析、链上安全警报与情报更新
#HumanityProtocol #DeFiSecurity #WalletSecurity #Arisk #CryptoAlert
1
98
📰 Crypto roundup: the U.S. is getting ready to ramp up oversight as the CFTC plans to add 100 employees for prediction markets digital-asset regulation—while internal restructuring signals the workload is about to grow. 🚨
On the security front, Humanity’s founder confirmed a private key leak tied to a foundation member, with associated addresses still seeing outflows now topping $30M. Users are urged to stay away from cross-chain bridges and liquidity pools until things are verified safe.
Meanwhile, exchange activity stays busy: Bithumb is set to list the CTR/KRW trading pair. 🔥 And on-chain traders aren’t waiting—an ultra-leveraged new wallet just funded Hyperliquid with $1.19M USDC and opened massive ETH (20x) and HYPE (10x) longs worth roughly $19.8M total.
#CryptoNews #CFTC #PredictionMarkets #DeFiSecurity
50