Exchange, bridge, and protocol breaches where funds were stolen — incident reports and post-mortems.
The real target isn't a developer's wallet file — it's the workstation, where SSH keys, AWS credentials, GitHub tokens and live AI coding sessions all sit on the same machine.
The $148B in DeFi still locked isn't shrinking because AI broke smart contracts — it's shrinking because the attacks are now cheaper, faster, and increasingly aimed at the operational layer around…
The stall is the second outage this year for Sui and lands as the network tries to position itself as reliable high-throughput infrastructure against Solana and Ethereum.
The stall is the second headline network outage for a top-10 L1 in weeks, and it lands while the SUI token is already sliding — testing the chain's "reliable alt-L1" pitch.
A single deployer-key compromise on Arbitrum let an attacker forge 5.4 trillion vsdCRV — but the structural read is that automated yield vaults bundle risks the interface never shows, and April 2026…
The bombshell isn't the quote — it's the source. OpenZeppelin audits Aave, Compound, MakerDAO, Uniswap and Coinbase, so its co-founder telling family to exit DeFi is a signal the audit industry…
OpenZeppelin's CEO says coding agents have flipped the asymmetry on smart contract security — and $1.1B in 12-month hack losses plus a $20B+ TVL drop make the warning impossible to wave off.
When the lead author of the contracts the space audits itself against tells you to leave Aave, MakerDAO, and Compound too, the warning is structural — not protocol-specific.
Decentralized finance's total value locked has shed roughly 14% since the KelpDAO exploit rattled the restaking sector…
A third-party multisig module — not Squid's own contracts — was the attack surface, and the $6M raise from Ripple's $3M slot becomes a painful backdrop rather than a marquee win.
The 1-of-3 multisig meant a single compromised key was enough to mint millions in unbacked tokens — the structural flaw MiCA was supposed to price out of the market just did.
The HYPE flip is the headline; the privacy-token slide is the story — ZEC and XMR gave back the loudest share of recent gains as US-Iran strikes lifted oil and the dollar.
The pain isn't the headline number — it's the contrast: the same wallet that banked $100M shorting BTC has torched $200M+ on ETH longs, and is still deploying capital into Hyperliquid and a $38M ZEC…
Cross-chain liquidity router Squid has moved to distance itself from a $3.2 million exploit tied to a third-party…
Security researchers have flagged an active malware campaign dubbed TrapDoor, targeting developer environments across…
The 10-month-old bag — bought before the cycle peak, held through the drawdown, and finally handed to Binance — is the kind of forced selling that turns into a sentiment data point for every DeFi…
Backed by Tether and Kraken, StablR had no structural defense against a 1-of-3 multisig compromise — the attacker minted unbacked EURR and USDR and drained liquidity into ETH before anyone could…
The danger is no longer a hypothetical "someday" — AI is compressing quantum timelines while also weaponising code auditing, forcing blockchain networks to treat post-quantum migration as a…
41 kidnappings so far this year — roughly one every 2.5 days — point to France as the epicenter of physical-extortion crime against crypto holders, driven by centralized KYC data leaks.
On-chain investigator ZachXBT has flagged an active exploit targeting StablR-linked stablecoin contracts, with losses…
CoinDesk
CryptoSlate
WuBlockchain
TheBlock
Crypto News
Lookonchain
CoinTelegraph