37 articles tagged with #exploit. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
Security researchers have identified an ongoing exploit of Stake DAO where an attacker minted 5.4 trillion vsdCRV tokens on Arbitrum and is actively converting them to ether. This represents a critical vulnerability in the protocol that threatens user funds and market stability on the affected blockchain.
A $292M exploit involving rsETH enabled attackers to borrow massive amounts against unbacked collateral on Aave, triggering a liquidity crisis as the protocol's ETH pool reached full utilization. Panic withdrawals exceeding $5.4 billion have crippled liquidity, while AAVE token technicals show weakness with critical support levels under pressure.
Drift exchange suffered a $270 million exploit orchestrated by North Korean intelligence operatives who conducted a sophisticated six-month social engineering campaign. The attackers posed as a legitimate trading firm, met Drift team members in person across multiple countries, and deposited $1 million of their own funds to establish credibility before executing the massive drain.
The DAO, a major Ethereum-based decentralized autonomous organization, is under attack through a recursive calling vulnerability that allows an attacker to drain ether into a child DAO. This represents a critical security breach affecting one of the most significant early DeFi experiments.
Microsoft has threatened legal action against security researcher Nightmare Eclipse for disclosing an exploit, raising concerns about the chilling effect such threats may have on vulnerability reporting and security research. The incident highlights tensions between corporate legal strategies and the security community's responsible disclosure practices.
USDR, a USD stablecoin, has experienced a severe 37% de-peg following a $10 million governance exploit disclosed by StablR after a two-month silence. The breach compromises confidence in the protocol's security and raises questions about stablecoin resilience when core governance mechanisms are compromised.
Polymarket, a prominent prediction market platform built on Polygon, reportedly suffered a security exploit resulting in approximately $520,000 in drained assets. The incident highlights persistent vulnerabilities in decentralized finance infrastructure and raises questions about the platform's security protocols.
Google's threat intelligence team confirmed that cybercriminals have successfully used AI models to discover and exploit a previously unknown zero-day vulnerability that bypasses two-factor authentication. This represents a significant escalation in attack sophistication, demonstrating how AI tools are being weaponized to automate vulnerability discovery and exploitation at scale.
Aave LLC filed an emergency motion to overturn a federal court order freezing approximately $73 million in ether stemming from last month's Kelp DAO exploit. The company argues that stolen funds cannot be legally owned by those who took them, challenging the freeze's validity.
The Arbitrum Security Council has frozen $71 million in ETH stolen during the Kelp DAO exploit, with any movement of these funds requiring approval through Arbitrum's governance process. This action demonstrates the security council's ability to intervene in major exploits while maintaining decentralized oversight.
Kelp DAO suffered a $292 million exploit on its LayerZero-powered bridge, marking the largest DeFi hack to date. The incident has significant implications for XRP holders participating in yield-earning strategies through the liquid staking protocol, raising concerns about security risks in cross-chain bridge infrastructure.
Drift Protocol suffered a $285M exploit, prompting Vectis to establish a withdrawal process for affected users. The incident exposes critical vulnerabilities in DeFi protocols and raises concerns about Solana's ecosystem security and market stability.
Polkadot experienced a critical security vulnerability that enabled a sophisticated attack exploiting liquidity on the network. The incident highlights significant risks in the protocol's safety mechanisms and raises concerns about asset protection across the ecosystem.
Drift Protocol on Solana suffered a $270M exploit, prompting Circle's chief strategy officer to advocate for 'circuit breakers' in DeFi protocols. The incident highlights unresolved questions about responsibility distribution among stablecoin issuers, DeFi developers, and regulators when hacks occur.
Cybersecurity expert Omer Goldberg highlights critical vulnerabilities in DeFi multisig security following the Drift attack. The analysis emphasizes the urgent need for time locks and stronger admin key protection to prevent sophisticated exploits in decentralized finance protocols.
Resolv Labs burned 36.7 million USR stablecoins after a security breach allowed an attacker to mint 80 million unbacked tokens through key compromise. The exploit resulted in $24.5 million in ETH being dumped and created a $34 million hole in the protocol's reserves.
Drift, a cryptocurrency platform, suffered a $280 million exploit that the company attributes to the Radiant hackers with medium-high confidence. The attack appears to have been a sophisticated operation that involved months of planning and preparation.
Drift Protocol suffered a $280 million exploit that required months of deliberate preparation by sophisticated attackers. The protocol believes with medium-high confidence that the same actors behind the $58 million Radiant Capital hack in October 2024 were responsible for this attack.
DeFi lending protocol Moonwell is under a governance attack where an attacker spent only $1,800 to purchase tokens and push through a malicious proposal. The attack threatens to drain over $1 million from the protocol, highlighting vulnerabilities in DeFi governance systems.
Onchain asset manager kpk has declared that depositors experienced no losses following a $23 million exploit of the Resolv protocol. The company confirmed that despite the significant hack, all investor funds remained protected.
Google discovered a new iOS exploit kit called Coruna that silently infiltrates iPhones through compromised websites to steal cryptocurrency from popular wallet apps including MetaMask, Phantom, and Trust Wallet. The attack requires no user interaction beyond visiting a malicious website on an unpatched iPhone device.
A DeFi exploiter successfully manipulated oracle pricing on Ploutos Money lending protocol, using BTC/USD price data for USDC tokens. This oracle manipulation allowed the attacker to borrow $400,000 worth of ETH using only $8 of collateral, highlighting critical vulnerabilities in DeFi lending protocol oracle systems.
Stellar-based lending protocol Blend suffered a major exploit over the weekend, losing over $10 million through oracle manipulation. The attack represents a significant security breach in the DeFi lending space, highlighting ongoing vulnerabilities in oracle-dependent protocols.
Major crypto market developments include Tom Lee's $130M ETH purchase, BlackRock's BUIDL reaching $2B assets with $100M dividends, and Metaplanet adding 4,279 BTC to holdings. The market also saw a $3.9M exploit on Unleash Protocol and onchain perpetuals hitting $1T monthly volume.
Mist browser has security vulnerabilities that expose low-level APIs, allowing malicious DApps to access users' file systems and potentially read or delete files. Users are strongly advised to upgrade Mist immediately to protect against these exploits when navigating to untrusted decentralized applications.
