Smart-contract and DeFi vulnerabilities — oracle manipulation, reentrancy, flash-loan attacks, and governance exploits.
Two separate flaws shipped in v1.72 — a gas-charging bug in the new address-balances feature, then a known risk in a rushed interim patch — combined to stall the chain three times in 36 hours.
Florent's rescue returns roughly $2M to original investors who had no path to the funds — a rare happy ending in an era dominated by exploit losses.
A developer has successfully recovered approximately $2 million in funds that had been trapped inside a 2016 ICO smart…
Sui's mainnet has suffered three separate halts, all traced back to bugs introduced during network upgrades — including…
The wipe wasn't a macro move or a token-specific catalyst — it was bad oracle data, and it liquidated 405 users in under half an hour.
Security researchers have flagged an active exploit targeting Stake DAO, in which an attacker minted trillions of…
Socket's TrapDoor disclosure named 34+ malicious packages across npm, PyPI and Crates.io targeting developer machines, CI/CD credentials and AI coding files — the control plane a smart-contract audit…
On-chain investigator ZachXBT has flagged a suspected exploit involving the UMA adapter contract used by Polymarket…
Echo, a BTCFi protocol building around an eBTC market on the Monad blockchain, has been exploited according to onchain…
A wallet linked to an Ethereum Name Service token unlock transferred 1.457 million ENS tokens — worth approximately…
Aave has proposed contributing 25,000 ETH to DeFi United, a collective effort to plug the hole left by the Kelp DAO…
Griff Green argues the real risk on Aave isn't smart-contract bugs — it's operational: leaked keys and social engineering from state-aligned attackers that lending markets haven't priced in.
A coalition of crypto developers and security researchers has released a formal technical proposal aimed at protecting…
The loss is small relative to SUI's $1B+ DeFi TVL, but the incident hits a lending market that had marketed itself as institutional-grade — and 100% reimbursement is now the social contract Scallop…
A zero-day in the MimbleWimble Extension Block let attackers peg out funds and DoS mining pools; the chain reorg reversed the invalid spend while valid transactions were unaffected.
A 1 BTC bounty was the prize for breaking 15-bit ECC — but the math extrapolates to roughly 500,000 qubits for 256-bit, with an estimated 6.9 million BTC sitting in address types that would need a…
WuBlockchain
CoinTelegraph
TheBlock
CryptoSlate
Lookonchain
CoinDesk