stolen

According to a post by Specter, it has jointly frozen $91,000 of the stolen funds from Gravity Bridge with ChangeNOW. The attacker still holds most of the funds and has not transferred them.Previously, it was reported that the key to the Gravity Bridge bridging contract was leaked, resulting in $5.4 million in assets being stolen. The assets extracted by the attacker include: $4.3 million USDC, 274 WETH (worth approximately $553,000), $434,000 USDT, and $64,000 PAYG. The addresses involved are 0x7B58...1F9 and 0x4d3c...A47.

Blockaid disclosed on platform X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker controlled 3 out of 4 Guardian keys to forge a VAA (Verification Authorization Message) and completed the attack in about 7 minutes, stealing approximately $815,000 in assets.During the attack, the attacker minted 13.76 million Wrapped ALPH out of thin air, exceeding the circulating supply before the attack by over 100%, while also unlocking and transferring assets such as USDT, USDC, WBTC, and WETH from the custody pool.Currently, the attacker's address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH, with the largest abnormal transaction being the minting of 13.76 million Wrapped ALPH out of thin air.

On-chain monitoring shows that the cross-chain bridge Gravity Bridge may have encountered a security incident due to a contract key leak, involving assets such as USDC, WETH, and USDT, with total losses of approximately 5.4 million dollars.

According to crypto KOL Yusuf's monitoring, yesterday the EURR and USDR contracts under the European stablecoin issuer StabIR were attacked, resulting in losses exceeding 10 million dollars.After the incident, over 100,000 dollars of stolen funds have been frozen, and the USDR and EURR have depegged by more than 20%.

The TON Network expansion project TAC has disclosed that a security incident occurred with the TON-TAC asset bridge on May 11. Four days later, approximately 80% of the affected assets have been returned. TAC today released a post-incident analysis report detailing the events. The root cause of the vulnerability was a lack of a single verification in the sorter software: the attacker deployed a counterfeit Jetton wallet on TON, and the sorter accepted the counterfeit tokens because it did not verify the code hash of the sender's wallet. The total loss was approximately $2.86 million, involving USDT, BLUM, and tsTON. Following a public appeal, about 90% of the assets were returned to the multi-signature address controlled by TAC on May 14, with the remaining 10% retained by the attacker.The cross-chain bridge remains paused, awaiting independent review of the repaired sorter software by the auditing party and TON partners. Cross-chain operations will resume once the verification of the repaired software is completed and the gap is filled with recovered assets and TAC Foundation token reserves. Due to the need for multi-party coordination, a precise timeline cannot be provided. The remaining funding gap will be filled by the TAC Foundation treasury, ensuring that users and protocols incur no financial losses. TAC reminds users that official updates are only published through this account and Telegram, and any unsolicited "recovery" or "support" private messages are scams.

According to Slow Fog's Yu Xian monitoring, multiple user wallets of Bankr have been stolen. @bankrbot replied that the incident was a social engineering attack targeting the trust layer between automated agents, specifically involving the interaction between Grok and Bankrbot, which led to unauthorized transaction signatures.

According to monitoring by Paitun, the Adshares cross-chain bridge attacker has returned 256 ETH to the project deployer's address, worth approximately $540,700, accounting for about 86% of the previously stolen funds.Previously, the Adshares cross-chain bridge was attacked on May 17, 2026, resulting in a loss of approximately $628,000.

According to monitoring by PeckShield, Verus's Verus-Ethereum Bridge has been hacked, with lost assets including 103.6 tBTC, 1625 ETH, and 147,000 USDC. The hacker subsequently exchanged the stolen assets for approximately 5402.4 ETH. The attacker's address obtained an initial fund of 1 ETH about 14 hours ago through the mixing protocol Tornado Cash.

U.S. Judge Margaret M. Garnett in New York postponed the ruling on Aave's emergency application on Wednesday, which aims to unfreeze $71 million in ETH related to the Kelp DAO hacking incident, and requested both parties to submit supplemental briefs before the hearing on June 5. Aave is attempting to reclaim the $71 million in ETH frozen on Arbitrum to assist in the asset recovery efforts from this hacking incident—Kelp DAO suffered losses of up to $293 million from the hack, making it one of the most severe security incidents in the DeFi space this year.However, the U.S. law firm Gerstein Harrow LLP submitted a restraining order to the court in early May, claiming that its client has rights to the aforementioned funds. Aave then filed an emergency motion to lift the freeze, warning that if the funds are not released in a timely manner, it could lead to user liquidations and potentially impact the entire DeFi market. Judge Garnett noted in her ruling that Aave failed to adequately explain how user funds would incur "compound losses" if the restraining order remained in place. She also acknowledged the complexity of the case, the risks faced by the victims, and requested both parties to provide supplemental statements on six key issues, including: whether the hacking transaction is subject to New York state sanctuary principles, the legal distinctions between fraud and theft and what rights the hacker has over the stolen assets, which laws apply to determine the priority of claims for frozen assets, whether constructive trusts are an appropriate remedy, and whether Aave or Arbitrum can identify individual victims and proportionally return assets. Both parties must submit supplemental briefs by May 22.Meanwhile, the overall compensation work for Kelp DAO is progressing. Kelp and Aave announced on Tuesday that the rsETH held by the hacker has been destroyed on Arbitrum, and approximately $278 million in loss tokens will be restored within the next two weeks through the funds of the Aave Recovery Guardian multi-signature wallet. Once the relevant smart contracts are reactivated, all functions of rsETH will return to normal.

According to Huma Finance's official disclosure, its old V1 contract on Polygon was exploited, resulting in approximately 101,400 USDC being transferred out. The project team stated that this incident did not affect user fund security, and Huma Finance PST was not impacted. Its V2 system on Solana is a completely restructured version and is not affected by the vulnerability.Huma stated that the team had previously been working on gradually phasing out the V1 liquidity pool, and has now fully suspended all V1 related contracts, and will continue to handle the subsequent wrap-up work.

TrustedVolumes confirmed on platform X that it has been attacked, disclosing that the stolen funds are currently stored in three addresses, totaling approximately 6.7 million USD. Two of the addresses hold about 3 million USD in assets each, while the other address holds about 700,000 USD in assets. At the same time, TrustedVolumes expressed its willingness to engage in constructive communication with the attacker regarding a bounty for the vulnerability and a mutually acceptable solution.

According to market news, an anonymous crypto whale residing in Puerto Rico has sued Coinbase, accusing the exchange of refusing to return funds stolen in a 2024 hacking incident.The lawsuit is highly similar to a security breach in August 2024, when a crypto user lost over $55 million in DAI stablecoins after falling victim to a phishing attack. The plaintiff claims to have hired several on-chain investigation firms to trace the stolen funds, which were tracked to a Coinbase account. Coinbase confirmed in early December 2024 that it had locked the relevant funds but froze them pending investigation. However, a year and a half later, Coinbase has still not returned the funds, claiming that a court order is needed to release them.The attack was initially identified by on-chain detective ZachXBT, who reported that the hacker created a fake DeFi Saver login page using the "Inferno Drainer" platform, leading the victim to mistakenly hand over control of their wallet to the attacker.

According to on-chain analyst Specter, the attacker of the Wasabi protocol has transferred all stolen funds into Tornado Cash, completing a centralized mixing operation of approximately $5.9 million in assets.On-chain analysis shows that this attacker and a suspected North Korean-related hacker organization (DPRK) have recently continued to use Tornado Cash to launder stolen funds, including those from KelpDAO and LayerZero, exhibiting a multi-stage complex flow of funds.A typical money laundering path includes: funds first entering the Wasabi Mixer for initial mixing and withdrawal, then cross-chain flowing back to Ethereum, re-entering Tornado Cash for deep mixing, withdrawing to a new wallet, and dispersing to multiple addresses. New tokens are deployed in the new wallets, liquidity is guided to buy and extract liquidity assets, and then cross-chain to the Tron (USDT) system, where funds briefly stay before flowing to OTC-related wallets. On-chain security analysis indicates that this model has become a high-frequency attack money laundering template recently, presenting a combination structure of "mixing + cross-chain + tokenization + OTC exit."Industry security personnel remind that such attacks have shifted from simple theft to systematic engineered money laundering paths, significantly increasing the difficulty of tracking.

According to official news, a recent agreement was attacked due to a lack of verification mechanisms, resulting in approximately 11 BTC being stolen, mainly involving altcoin trading. The attackers exploited a negative miner fee vulnerability to transfer funds to their own accounts through multi-signature transactions.Currently, Bisq is discussing compensation plans, and victims can choose compensation in Bitcoin or BSQ tokens, but it must be implemented after a DAO vote, which is expected to be determined after the DAO cycle ends on May 25.Bisq stated that the vulnerability has been fixed and plans to release a patch update while strengthening the security review of the codebase, focusing on preventing vulnerabilities that may affect wallets. In addition, Bisq reminds users to temporarily reduce the amount of BTC stored in their wallets. The officials believe that although this incident is serious, it is controllable, and they hope to provide a security warning for other projects.

In less than three weeks, 12 agreements were stolen for over $606 million. Among them, the Drift incident resulted in a loss of $285 million, and Kelp DAO suffered a loss of $292 million, with the two attacks accounting for approximately 95% of the total losses.

According to the latest report from TRM Labs, North Korean hackers stole nearly $600 million worth of cryptocurrency in the attacks on Drift Protocol and Kelp DAO, accounting for 76% of the total losses. TRM Labs estimates that since 2017, hackers associated with North Korea have stolen over $6 billion from cryptocurrency protocols and projects.The report shows that the share of losses caused by North Korean hackers in global cryptocurrency hacking attack losses has increased from less than 10% in 2020 and 2021 to 22% in 2022, 37% in 2023, 39% in 2024, and 64% in 2025.

According to monitoring by blockchain security firm CertiK, the Wasabi Protocol has experienced a security breach, with approximately $2.9 million in funds stolen. Preliminary investigations indicate that the attacker gained privileged roles after compromising the wallet deployed by Wasabi, subsequently carrying out the attack.The stolen funds are currently dispersed across the following addresses: 0xb8Bb...70dB (approximately $677,000) and 0x6244...f906 (approximately $1.1 million), and the incident is still under investigation.

According to Arkham monitoring, the Kyber Network hacker is transferring stolen funds to Tornado Cash.The hacker Andean Medjedovic previously stole $48.8 million from KyberSwap at the end of 2023 and had also attacked Indexed Finance, stealing $16.5 million. He was indicted by the FBI in 2025.

According to market news, attackers exploited a flawed EIP-7702 account to steal 1,988.5 QNT (approximately 54.93 ETH) from the QNT reserve pool. The root cause is that the reserve pool administrator EOA delegated the code to the BatchExecutor contract via EIP-7702, and this contract set the permissionless BatchCall contract as the authorized caller.Since the BatchCall.batch() function did not have any permission checks set, any external caller could invoke it, ultimately leading to the depletion of the reserve pool assets.

In the past ten years, the cumulative loss was $17.1 billion, involving 518 incidents; in the past five years, the loss was approximately $15.2 billion, involving over 450 incidents; in the past year, the loss was about $2.5 billion, involving over 140 incidents. Recent losses indicate that crypto attacks have shifted from smart contract vulnerabilities to private key leaks and access control.