compensation

Cardano wallet service provider SecondFi stated that it has identified the root cause of the recent security incident and has deployed patches for the unaffected wallets, and will soon resume normal operations. SecondFi disclosed that there were a total of 4 incidents of funds being transferred out, of which 3 were carried out by external attackers, resulting in approximately 16 million ADA being transferred from 374 addresses. To reduce further losses during the ongoing attacks, SecondFi initiated an emergency transfer, moving approximately 129 million ADA to an independent third-party custodian for safekeeping, and has hired an external accounting firm for a special audit to facilitate subsequent verification and return assets to the affected addresses. SecondFi advises affected users to submit claims through the official support page and currently not to import their mnemonic phrases into other Cardano wallets, as the security risk occurs at the address and signature level.

According to a new document from the U.S. Securities and Exchange Commission (SEC), Musk has exercised all rights under his 2018 Tesla CEO compensation plan, acquiring 304 million shares of stock, with a paper gain of approximately $116 billion (about 780 billion yuan). However, the aforementioned shares will be locked until 2028. At that time, Musk will be able to sell these shares.

According to the Korea Herald, the five major virtual asset trading platforms in South Korea (Upbit, Bithumb, Coinone, Korbit, Gopax) have experienced a total of 57 hacking and system failure incidents over the past six years (from 2020 to April 2026), with a total compensation amount of approximately 7 billion Korean won (about 5.1 million USD). By exchange, the number of incidents is as follows: Upbit 26 incidents, Bithumb 14 incidents, Gopax 8 incidents, Coinone 6 incidents, Korbit 3 incidents.Among them, Bithumb compensated approximately 2.5 billion Korean won (about 1.8 million USD) for the BTC misissue incident in February this year, Upbit compensated approximately 790 million Korean won (about 570,000 USD) for a hacking incident in November 2025, and compensated approximately 3.2 billion Korean won (about 2.3 million USD) for a system incident on December 3, 2024. It is worth noting that the standards for compiling incident reports by exchanges and the scale and form of compensation vary. For example, Gopax counts errors that occur when viewing the asset list as system failures, while Bithumb only counts situations where all customers encounter difficulties using core services for more than 10 minutes as system failures.In addition, Bithumb also provided some applicants who suffered losses due to system failures with free fee vouchers instead of cash compensation. The compensation amounts for system failures are as follows: Upbit approximately 3.21 billion Korean won, Bithumb approximately 3.2 billion Korean won, Coinone approximately 49 million Korean won. Korbit and Gopax did not provide any compensation.

Drift Protocol stated that its current top priority is to restart the platform and restore revenue-generating capabilities to expedite the recovery process of user funds. After the platform restarts, it will become the largest USDT-based perpetual contract trading platform on Solana, and the related revenue will be used to support a specially established user compensation fund.Drift claims that substantial progress has been made in the restart efforts with strategic support from Tether and other partners. To enhance security, Drift announced the appointment of Noah Prince, the former head of engineering at Helium Protocol, as the protocol lead, responsible for protocol restructuring and security system upgrades.Meanwhile, former members of the Gauntlet team have also joined the restart efforts, providing risk management and treasury design support for the platform, including clearing engine reviews, funding rate optimization, market parameter adjustments, and ongoing risk monitoring. Additionally, Drift has hired the cybersecurity company Mandiant to conduct an independent forensic investigation of the attack incident.The investigation results indicate that this attack can be clearly attributed to the North Korean hacker group UNC6862, which is associated with multiple cyber attack operations. Drift stated that it will continue to prioritize security in advancing the platform restart and will announce the user compensation mechanism and specific timeline in the future.

The edgeX official report on the abnormal price fluctuations of the EDGE token states that the EDGE price once dropped from approximately $1.12 to about $0.32 within about 1 hour, during a period of weak liquidity, due to concentrated sell-offs from multiple addresses combined with high-leverage long liquidations and flash crashes triggered by CEX interactions. There were no changes to the team address during this period.edgeX stated that it will strengthen market making and liquidity, and set up a reward of 200,000 USDC on-chain to trace the addresses associated with the attack. At the same time, for users who incurred actual realized losses due to long positions in EDGE being liquidated or triggering stop-losses on edgeX Perp V1/V2 within a specified time window, the platform will provide goodwill compensation based on the actual loss amount, with a limit of 100,000 USDC per person, of which 50% will be distributed in USDC within 7 days after review, and 50% will be distributed in EDGE based on the 7-day TWAP in the first week of April 2027.

The Hyperliquid ecosystem project Ventuals posted on X: "We have noticed that about an hour ago, there was an incident in our SPACEX market. One of the off-chain data providers, which is a component of the oracle price, returned erroneous data, causing severe fluctuations in the oracle price and mark price of that market, which in turn triggered the liquidation of some users' positions.We have taken immediate measures to prevent similar situations from occurring in any Pre-IPO market and are assessing the impact of this incident on affected users to formulate an appropriate compensation plan. Affected users will receive compensation within the next 48 hours.According to previous news from ChainCatcher, the SPACEX-USDH perpetual contract on Hyperliquid experienced a 45% flash crash last night."

According to official news, FTX announced that the expected registration date for the next round of payouts is set for June 16, 2026, aimed at users holding approved FTX claims and equity. The next round of payouts is expected to begin on July 31, 2026. The next payment for preferred shareholders will also be made on the same day, with the registration date being June 16.Approved NFT customer equity claim holders can begin the NFT allocation process on June 30, 2026. FTX has also submitted a modification notice proposing to reduce the disputed claims reserve by approximately $600 million. Upon court approval, the released cash will be used for the next distribution.

The Hong Kong Securities and Futures Commission issued a notice reminding the public to remain highly vigilant against scams that impersonate the Investor Compensation Fund. These scams often cause victims to suffer secondary losses. Scammers contact individuals who have previously suffered investment losses and falsely claim that the victims are eligible to recover losses from the compensation fund, demanding that they only need to pay an additional "deposit" or "fee" to arrange for the compensation fund to provide "compensation," resulting in many victims being defrauded a second time.The Hong Kong Securities and Futures Commission reminds the public that the Commission will not contact investors through social media or instant messaging platforms to request payments related to compensation claims.

According to Bits.media, the U.S. Department of Justice has announced the initiation of a compensation program for victims of the cryptocurrency mining scam AirBit Club. Founded in 2015, AirBit Club operated a financial pyramid scheme under the guise of cryptocurrency mining and virtual currency trading platforms. U.S. authorities have seized over $400 million in assets for compensation. Victims who previously provided information to the FBI or prosecutors will be contacted by RCB Fund Services. Prosecutors stated that there are no fees for the compensation process.The founder of AirBit Club was charged with money laundering and fraud by the Southern District of New York in August 2020, and the trial concluded in September 2023, with the court ordering the forfeiture of all fraud proceeds, including over 16,000 bitcoins.

THORChain officials stated that a large number of fake accounts and false information have appeared in the market, involving activities such as "refunds," "airdrops," and "compensations"; preliminary investigations show that user funds were not harmed in the previous security incidents, and no refund, airdrop, or compensation plans are currently underway. Any accounts claiming otherwise are impersonating or spreading false information. Progress on the investigation and more information will be announced later.

According to a notice from Transit Finance, a security incident recently occurred in the project due to historical vulnerabilities in an old version of the smart contract deployed on TRON, which was deprecated in 2022, affecting a small number of users after being exploited.The team stated that after discovering the issue, they urgently completed investigation, isolation, and repair, and on May 12, further auditing and rectification were carried out. The currently used contract version has not been affected, has been running safely for over four years, and continues to undergo security audits and monitoring.Transit stated that affected users will receive full compensation, and specific plans will be announced through official channels. They also reminded users to be wary of counterfeit official messages and not to disclose private keys or mnemonic phrases.

CoW DAO announced that its domain registrar was subjected to a social engineering attack on April 14, during which the attacker briefly controlled the official domain for about 4.5 hours and directed users to a phishing website, thereby inducing them to sign malicious transactions. The project team emphasized that the CoW Protocol itself was not compromised, but some user assets were affected during that time window.In response to this incident, the CoW DAO community governance proposal CIP-86 has been approved, establishing a discretionary compensation fund to reimburse affected users for their losses. The official reminder states that eligible users must submit their claims by May 14, including affected wallet addresses, asset information, transaction hashes, and names, and apply via email at help@cow.fi, with the email subject clearly stating "Discretionary Grant Claim for".

The AI infrastructure platform B.AI has released a history of Credits consumption record optimization and compensation explanation. With the continuous upgrade of the Credits billing system and display dimensions, the platform has recently conducted a comprehensive review of historical consumption records. During this process, it was found that for certain requests made between May 1, 2026, 00:00 and May 3, 2026, 03:00 (SGT), the consumption details displayed on the front end did not fully present all cost components. This was mainly due to the underlying cache-related fees not being displayed on the page, causing users to typically only see input/output token consumption, leading to a misunderstanding of the overall Credits consumption.To address the above issues, the platform has now completed data corrections and realigned with historical records. Additionally, based on more cautious and user-friendly rules, Credits compensation will be automatically issued to affected accounts (valid for 30 days from the date of receipt) without any action required from users. Please pay attention to account balance updates. In the future, B.AI will continue to upgrade the Credits display system to further enhance long-term transparency and user experience.

Syndicate stated on platform X that regarding the latest developments of the Syndicate bridge security incident, all affected SYND holders on the Commons Chain have received full compensation, along with an additional 15% of the total losses as compensation.The relevant amounts have been directly sent to the affected users' Base chain wallets, with the Gas fees covered by Syndicate Labs. The total compensation amounts to 12.901 million SYND, and no action is required through any claim page.

Wasabi Protocol released a security incident update, stating that attackers exploited a configuration vulnerability in the Spring Boot Actuator within its AWS infrastructure to steal the private keys controlling EVM smart contracts, resulting in the theft of approximately $4.8 million in user funds and $900,000 in protocol treasury funds, with total losses amounting to about $5.7 million.The attack chain began with a public server used for analysis, whose Actuator heap dump was not properly password protected, allowing attackers to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident only affected EVM deployments, including certain treasuries on Ethereum, Base, Blast, and Berachain, while Solana deployments and Prop AMM were not affected.There has not yet been a final update on the user compensation plan, but "ensuring all affected users are compensated" remains the team's top priority, and updates on the investigation progress will be released in the Discord community in the future.

According to Cointelegraph, the U.S. law firm Gerstein Harrow LLP has applied to the court for an injunction to prevent Arbitrum DAO from transferring frozen Ethereum assets related to the Kelp attack.The law firm claims that its clients have obtained default judgments in three cases against North Korea, totaling approximately $877 million (including punitive damages and interest), and assert a right to claim the related assets.Previously, Kelp DAO was attacked on April 18, resulting in losses of about $292 million, which is believed to be related to the North Korean hacker group Lazarus Group. Subsequently, the Arbitrum security committee urgently froze approximately 30,766 Ether (about $73 million).The incident has sparked controversy. Some community members believe that if the injunction takes effect, it will delay the return of funds to the victimized users and shift the North Korean-related debts onto secondary victims. Previously, Aave Labs had proposed to unfreeze the funds and inject them into a compensation fund to restore the damaged assets.It is worth noting that Gerstein Harrow has previously filed claims regarding assets stolen by North Korean-related hackers and frozen by cryptocurrency platforms, including the 2023 Heco Bridge incident. Industry analysts believe that this case may have a demonstrative impact on the disposal of DAO assets and the definition of cross-jurisdictional claims.

According to official news, a recent agreement was attacked due to a lack of verification mechanisms, resulting in approximately 11 BTC being stolen, mainly involving altcoin trading. The attackers exploited a negative miner fee vulnerability to transfer funds to their own accounts through multi-signature transactions.Currently, Bisq is discussing compensation plans, and victims can choose compensation in Bitcoin or BSQ tokens, but it must be implemented after a DAO vote, which is expected to be determined after the DAO cycle ends on May 25.Bisq stated that the vulnerability has been fixed and plans to release a patch update while strengthening the security review of the codebase, focusing on preventing vulnerabilities that may affect wallets. In addition, Bisq reminds users to temporarily reduce the amount of BTC stored in their wallets. The officials believe that although this incident is serious, it is controllable, and they hope to provide a security warning for other projects.

According to official news, Syndicate Labs disclosed that its cross-chain bridge contract was maliciously upgraded on two chains due to a private key leak. The attacker transferred and sold approximately 18.5 million SYND (about $330,000) and around $50,000 worth of user tokens. The incident only affected specific chains, while others were not impacted.Syndicate Labs stated that this attack involved multi-stage reconnaissance, infrastructure mapping, and careful execution, demonstrating a high level of technical complexity, and ruled out the involvement of internal personnel. The root cause was that the private key was stored in a password management tool without an additional layer of encryption, and the upgrade process did not utilize multi-signature or hardware signature mechanisms, nor did it have early warning and circuit breaker measures for contract upgrades.Syndicate Labs announced that it will fully compensate all affected users, including returning 18.5 million SYND and providing additional compensation, while also fully compensating affected application chain clients. The company has initiated security upgrade measures, including strengthening private key encryption, tightening access permissions, and plans to introduce hardware or multi-signature mechanisms and upgrade path monitoring to prevent similar incidents from occurring again.

The Sui liquid staking protocol Aftermath Finance's social media stated that it expects users to receive full compensation within the next 48 to 72 hours.Previously, it was reported that the Sui Foundation and Mysten Labs will ensure the Aftermath protocol continues to operate and recover user funds.

Texas man Robert Dunlap was sentenced to 23 years in federal prison for his involvement in a cryptocurrency scam exceeding $20 million and was ordered to pay restitution to nearly 1,000 victims.Prosecutors stated that Dunlap operated a cryptocurrency project and sold Meta - 1 Coin, falsely claiming that the token was backed by $44 billion in gold and approximately $1 billion in artwork, including works by Pablo Picasso, Vincent van Gogh, and Salvador Dalí, and that the assets had been audited. A jury had found him guilty of mail fraud last year.