Exploits, audits, bridge attacks, key compromises, and post-mortems. The state of crypto security and the auditors trying to keep up.
THORChain was drained across Bitcoin, Ethereum, BNB Chain, and Base simultaneously on May 15. RUNE dropped 12%, all trading and signing was halted, and the team still hasn't explained the attack vector.
The Ethereum Foundation, Ledger, MetaMask, Trezor, Fireblocks and WalletConnect just launched Clear Signing — an open standard that replaces the hex garbage users blindly approve with human-readable transaction descriptions. Bybit's $1.5B hack started with a blind signing. So did most of yours.
Bitcoin Core quietly patched its first-ever memory safety bug in late 2024, disguising the fix as a logging improvement. The vulnerability — now public — let miners remotely crash nodes running versions 0.14.0 through 28.x. Nearly half the network is still exposed.
A single obfuscated tweet tricked xAI's Grok into executing a $175K on-chain transfer — no private keys stolen, no smart contract exploit. Just a chatbot doing what it was told.
A coordinated attacker swept over 500 long-dormant Ethereum addresses, stealing ~$800K and routing funds through ThorChain. The compromise vector is still unknown — and your old wallets may not be safe.
April 2026 was the worst month in crypto hack history: 30 attacks, $625M drained, North Korea behind 76% of it. Now a developer is claiming DPRK trained an AI to autonomously exploit DeFi — and the Wasabi Protocol's $5M multi-chain drain may be its latest hit.
DeFi United drops its technical rescue blueprint today, with Consensys, Aave, Compound, the Solana Foundation and 14 other protocols pledging $300M+ in ETH to re-collateralize rsETH after the $292M Lazarus-linked KelpDAO exploit. This is the most coordinated cross-protocol rescue in DeFi history.
A zero-day exploit in Litecoin's MimbleWimble privacy layer triggered a 13-block chain reorg, wiping three hours of transactions. Litecoin denied it was a zero-day. GitHub commits say otherwise.
Lazarus Group's new 'Mach-O Man' macOS malware is targeting crypto and fintech executives with convincing fake meeting invites, stealing keychain data and wallet credentials before erasing itself completely.
April 2026 is already the worst month for crypto hacks since February 2025. $606 million gone in 18 days. 3.7x the entire first quarter. Today, Congress is holding hearings. Here's what broke.
Hackers breached Vercel — the hosting backbone for thousands of DeFi apps — by exploiting a compromised third-party AI platform. API keys, tokens, and source code are on sale for $2M on BreachForums.
Kelp DAO's rsETH bridge was drained in minutes after an attacker forged LayerZero cross-chain messages. Bad debt cascaded across Aave, Compound, and Euler. It's 2026's biggest DeFi hack — so far.
Operation Atlantic, a joint US-UK-Canada law enforcement strike, froze $12M and traced $45M in crypto approval phishing fraud across 30+ countries. Here's what that means for the industry.
41 violent crypto kidnappings in 2026. France now has the worst crypto ransom attack rate in the world, and the interior ministry just admitted they've lost control.
Grinex — the sanctions-dodging successor to Russia's notorious Garantex — shut down after a $13M hack and blamed 'Western special services.' The irony is too rich.
A new 'canary address' proposal would only freeze 6.5 million vulnerable BTC — including Satoshi's coins — if a quantum computer actually proves it can break Bitcoin first. Adam Back says there's a better way.
Tether is bailing out Drift Protocol with $148M after North Korea's $285M heist — but the real play is quietly replacing Circle's USDC as Solana DeFi's settlement currency.
A fraudulent Ledger Live app slipped through Apple's review process, stayed live for roughly two weeks, and drained $9.5 million from 50+ victims before ZachXBT blew the whistle.
A forged cross-chain proof let an attacker mint 1,000,000,000 fake DOT tokens on Ethereum in a single transaction. Thin liquidity saved Polkadot. Twelve days earlier, Hyperbridge had posted an April Fools' joke about exactly this.
Drift Protocol confirmed today that the April 1 exploit wasn't opportunistic — DPRK-linked hackers spent six months attending crypto conferences, building real relationships, and depositing real money before draining $270M.
ZachXBT just published a damning thread showing Circle had the power to freeze $232M in stolen Drift Protocol funds — during business hours, over 6 hours — and chose not to. It's part of a pattern spanning $420M across 15 cases since 2022.
Drift Protocol, Solana's leading perpetuals DEX, was drained of up to $285M in a still-unconfirmed exploit on April 1 — and the attacker is still moving funds right now.
Google says breaking Bitcoin may need 20x fewer qubits than thought. 6.9M BTC already exposed. The race to hire post-quantum crypto engineers starts now.
512K lines of TypeScript and 44 feature flags exposed via npm. If your crypto team uses AI coding tools, your threat model just changed.
The Axios supply chain attack dropped a crypto-wallet-stealing RAT on 100M weekly installs. What happened, why AI missed it, and the security roles crypto needs now.