Security

Stay informed on cybersecurity and blockchain security news, including smart contract vulnerabilities, protocol exploits, phishing attacks, wallet security, data breaches, and emerging threats. Learn about security best practices, industry responses, and developments aimed at protecting users and digital assets.
Featured only
7-9
GOAT Network says its Bitcoin zkRollup keeps proving in-house to reduce operational risk
GOAT Network says it is the only Bitcoin zkRollup that does not outsource its proof system. The project argues that keeping proving guarantees in-house reduces operational risk and helps protect the foundation of the network’s security model. The statement focuses on the independence of proof generation within a zkRollup architecture, positioning its security assumptions as different from other Bitcoin L2 approaches. The post provides no details on mainnet status, TVL, transaction volume, partnerships, third-party audits, or any disclosed vulnerabilities.
GOAT
GOAT-0.81%
7-9
7-8
Gate user account reportedly accessed via old Mac web device and legacy passkey, with 746,475 HSK and 100,000–1,700,000 USDT said stolen
A Gate exchange user account was reportedly accessed from the owner’s old Mac web device using a legacy passkey, with the platform said to have retained complete records of the login. The incident is described as involving the theft of about 100,000–1,700,000 USDT (U) and 746,475 HSK, with HSK presented as the primary stolen asset. The key dispute centers on how liveness facial verification was passed, prompting calls for Gate to release the verification video for independent review amid speculation about possible AI spoofing. There is said to be no evidence the case was staged, but the failure of security controls is treated as a confirmed outcome in the discussion.
U
U+0.00%
7-8
7-7
Two Solana validator operators linked to private inclusion lanes for MEV bot MRiYA4oN3158fCV8evhuCofrDzbHyYvYnGZUDJvoCsa
Two Solana validator operators were identified as running private inclusion lanes for a major on-chain MEV bot, MRiYA4oN3158fCV8evhuCofrDzbHyYvYnGZUDJvoCsa. The bot paid zero priority fee yet achieved an 84% success rate on Helius leaders and 80% on Kiln. With the same bot and the same transactions, success across every other validator was 25%. The behavior was described as not attributable to SWQoS or luck.
SOL
SOL-1.23%
7-7
7-6
Coinspect flags “Ill Bloom” weak-randomness flaw putting thousands of wallets at risk, with over $5M drained since May 27
Security research firm Coinspect has identified a cross-chain randomness-generation flaw dubbed “Ill Bloom” that affects thousands of wallets on networks including Bitcoin, Ethereum and Solana. The weakness stems from poor randomness, allowing attackers to derive private keys and steal funds, according to Coinspect. Losses have exceeded $5 million since May 27. The incident has undermined confidence in on-chain asset custody and impacts public blockchains and ecosystem tokens that rely on ECDSA or similar signature mechanisms.
M
M+2.35%
7-6
7-6
Developer wallet tied to Polymarket user routed ~9.7 ETH to Bybit after deploying Base tokens $BRIAN and $JESSE
The article says the Base token $JESSE was deployed and fully controlled by the same developer wallet linked to a Polymarket account and the $BRIAN project. It alleges the wallet repeatedly claimed creator fees and sold each claim within a minute. About ~9.7 ETH (about $12,000) was routed through a fresh burner wallet into Bybit within two hours. The author adds they joined without auditing the contract mechanics and later concluded the project carried a centralized single-point risk with no multisig or governance constraints.
7-6
7-5
TRM Labs: Crypto hacks reached 207 in H1 2026, but 76% of losses came from operational failures
TRM Labs reported 207 crypto hacks in the first half of 2026, the highest half-year total it has recorded, while total losses fell to $972 million from $2.3 billion a year earlier. Smart-contract exploits drove 125 incidents, but operational weaknesses such as key theft, compromised signing systems and failed bridge validation accounted for about 76% of stolen value, or roughly $740 million. North Korea-linked activity made up about 66% of the losses, largely tied to two April infrastructure-level intrusions at Drift Protocol ($285 million) and KelpDAO ($292 million). The report said audits alone are no longer enough, with controls over how funds are moved becoming the largest risk exposure.
Selected
M
M+2.35%
7-5
7-4
Warning issued after report cites a fully AI-executed Bitcoin cyberattack
The Independent reported a Bitcoin cyberattack that it said was carried out autonomously by artificial intelligence. The report said the incident did not rely on human intervention and described it as the first publicly confirmed fully AI-driven on-chain attack, according to The Independent. It did not disclose the technical method, any loss amount, affected addresses or a specific time. The coverage framed the episode as a security warning focused on the evolving risks of AI in offensive and defensive security.
BTC
BTC-0.10%
7-4
7-4
New Solana meme-coin launches in 2026 show a familiar rug-pull pattern
The article argues that newly launched meme coins on Solana exhibit a typical “rug pull” profile, focusing on risk patterns in the Solana ecosystem in 2026. It does not name specific projects or provide amounts, on-chain evidence, regulatory actions, audit reports, or trading data to support the claim. The piece is framed as a market observation and classification rather than documentation of confirmed rug pulls or systemic vulnerabilities.
SOL
SOL-1.23%
7-4
7-3
TokenWorks shifts protocol to withdraw-only at block 25452023 after Chainlink callback frontrun leads to CryptoPunk 5450 purchase
TokenWorks said a vulnerability allowed an attacker to frontrun a Chainlink callback and change which NFT was selected, resulting in the unfair purchase of CryptoPunk 5450, the highest-priced listing in the pool. The team said it has contacted the Punk 5450 owner and will cover the ETH worth about $66,000. The protocol was switched to withdraw-only mode as of block 25452023 and a snapshot of $FWA holders was taken. Purchases are currently disabled while the team evaluates whether to restart or rebuild the project.
ETH
ETH+0.34%
7-3