incident

According to Jinshi reports, the United States has carried out military strikes against Iran on June 27 local time.

The password management tool LastPass announced that its third-party market intelligence platform Klue experienced a security incident, where hackers stole multiple OAuth tokens held by Klue for various clients (including LastPass) and used these tokens to access LastPass's Salesforce CRM system, potentially leading to the leakage of business contact information and CRM data, including some customers' names, phone numbers, email addresses, home addresses, and support cases.The official reminder: LastPass's products, services, infrastructure, and customer vaults have not been affected, and Gong system data has not been accessed. LastPass has immediately taken measures, including stopping employee access to Klue, rotating exposed API tokens, conducting a detailed investigation, and collaborating with Klue, Salesforce, and law enforcement, while also sharing threat intelligence with the security community through the TIME team and strengthening future protections. Users should remain vigilant against potential phishing emails, calls, or social engineering attacks that may exploit the leaked information, and remember that LastPass will never ask for the master password; all official communications are sent through trusted channels.

Taiko released a security incident update on platform X, stating that the incident has been brought under control, the cross-chain bridge and vault have been suspended, and funds can no longer be withdrawn. The cross-chain bridge is offline in both directions, and pending transactions are in a suspended state rather than lost. More information will be announced soon.

Taiko posted on platform X stating that all Proposers (nodes responsible for producing new blocks) have suspended block production. Taiko mentioned that the team is currently investigating the breach of the chain state validation mechanism and is continuously assessing the scope of the incident's impact and subsequent response measures. Previously, Taiko confirmed that its chain state validation mechanism had been compromised and advised users to immediately withdraw funds from cross-chain bridges deployed on Taiko.

The cross-chain protocol Axelar Network released a statement regarding the recent security incident related to Secret Network, stating that there is a misunderstanding within the community about the event. Both Axelar and the Inter-Blockchain Communication Protocol (IBC) were not attacked or compromised. The affected token smart contracts were neither developed, deployed, nor maintained by Axelar, and Axelar's firewall mechanism also prevented the impact from spreading to other chains.It is reported that the exploited contract is a forked version based on CW20-ICS20, but the developers removed two core security checks, resulting in an "infinite minting" vulnerability. By deleting the verification mechanisms originally used to prevent such issues, this fork altered the original trust model of the contract and did not undergo a new security audit.Axelar Network explained that anyone can deploy contracts for cross-chain asset wrapping through IBC, and similar contracts have also been used to wrap tokens from other chains into Secret Network. However, the Secret side fork version in this incident has vulnerabilities due to the removal of key security checks. This incident is not a unique logical flaw, nor is it an issue with the IBC protocol itself, but rather a security risk introduced by modifications to third-party contracts.

In response to rumors regarding the attack on the BNB Chain OLPC/LABUBU liquidity pool, PancakeSwap's official announcement stated that the platform has noted the news related to this security incident. After preliminary verification, PancakeSwap's own smart contracts do not have security vulnerabilities. The project team is still continuously investigating the complete causes of the incident and will promptly share the latest investigation progress once more clues are obtained. Meanwhile, the official reminds users that all relevant event information should be based on content released through PancakeSwap's official channels.

The Zodiac team released a security incident analysis report regarding the impact on the Zodiac Roles Modifier, disclosing that the root cause of the vulnerability lies in a flaw in the ERC-1271 transaction signature verification logic: the system only determines the validity of the signature based on the returned "magic value" without verifying whether the call itself was successful, which may disguise a failed verification as a valid signature, bypassing the module authentication mechanism.

DeFi structured protocol Thetanuts Finance issued a statement in response to the security incident involving its Vault. Preliminary investigations indicate that the relevant Vault is an old version contract that was deprecated and migrated years ago, and it is not associated with any currently running contracts or products. Further details are still under investigation, and a complete post-incident analysis report will be released once more information is available.Earlier reports suggested that Thetanuts Finance may have suffered an attack, with preliminary estimates of losses around $2.1 million.

Syscoin released a bridge security incident report, disclosing details of the UTXO-to-NEVM bridge vulnerability incident, which reportedly led to approximately 5 billion SYS being unauthorizedly released on the UTXO side. The related funds have since been returned to the official recovery address and destroyed through the standard OP_RETURN method, making them unusable by the protocol again. The on-chain reported SYS supply has been restored to the expected value, and the bridge function remains suspended while the team completes the final review and fixes.Syscoin pointed out that it will fix the cross-layer parsing defects. The core lesson from this incident is that cross-layer systems must uniformly standardize data processing, and any ambiguous bridge proof should be considered a default failure.

Syscoin released a bridge security incident report, disclosing details of the UTXO-to-NEVM bridging vulnerability incident. It is reported that this incident led to approximately 5 billion SYS being unauthorizedly released on the UTXO side. The related funds have since been returned to the official recovery address and destroyed through the standard OP_RETURN method, making them unusable by the protocol again, and the on-chain reported SYS supply has been restored to the expected value. The bridging function is currently still suspended, and the team is completing the final review and repair.

DeFi structured protocol Thetanuts Finance issued a statement in response to the security incident involving its Vault. Preliminary investigations indicate that the related Vault is an old version of the contract that was deprecated and migrated years ago, and it is not associated with any currently running contracts or products. Further details are still under investigation, and a complete post-incident analysis report will be released once more information is obtained.Previously, it was reported that Thetanuts Finance allegedly suffered an attack, with preliminary estimates of losses around 2.1 million USD.

Humanity released an independent investigation report by Quantstamp, which disclosed that in the H token security incident, the attacker used tools and methods characteristic of North Korean hackers, disguising themselves as communication from the Bithumb exchange through phishing emails, inducing project directors to click on malicious attachments, thereby deploying a remote control Trojan on their devices, ultimately gaining full desktop control and wallet private keys. Subsequently, on Ethereum and BNB Chain, they launched on-chain attacks: on the Ethereum side, by stealing keys to upgrade contracts and transferring approximately 141.18 million H tokens, and on the BSC side, by taking over the ProxyAdmin contract and minting new tokens. The stolen assets were then continuously sold on Uniswap and PancakeSwap for about 8 hours, causing significant impact on liquidity and market prices.Currently, the H token contract on the Ethereum side has been frozen, the mainnet bridge remains unaffected, but the BSC deployment has been controlled by the attacker and still has minting permissions. The team is working with exchanges and security parties to advance subsequent disposal and recovery plans, while reminding users to be wary of false "compensation/claim" links, and stated that further progress will be announced through official channels.Previously, the Humanity Protocol was attacked, resulting in the leak of a private key from a member of the Humanity Foundation, leading to over 31 million dollars in funds being stolen.

According to Arkham monitoring, a certain address has just withdrawn approximately 1% of the total amount from the Zcash privacy pool Orchard Pool. Currently, Orchard Pool theoretically still holds about 3.88 million ZEC, valued at approximately 1.65 billion dollars at the current price.

PiggyBank released a detailed report on the LAB incident on June 6, stating that the protocol experienced a net withdrawal of approximately $579,000 on June 6, primarily due to a LAB token basis trade being manipulated by the market.In early May, PiggyBank purchased 142,800 locked LAB tokens (approximately $102,500) through an OTC intermediary while simultaneously opening a perpetual contract short hedge. However, market participants continuously maintained the spot price above the perpetual contract price, resulting in a deeply negative funding rate (annualized -17,000%), and the high hedging costs forced the shorts to close, resulting in a loss of approximately $476,000. The currently locked LAB tokens have a spot value of about $1 million, but due to poor liquidity and lack of hedging, they have been excluded from the NAV calculation.PiggyBank will undergo structural reforms: increasing transparency of on-chain mechanisms, strategy logic, and fund allocation will be publicly verifiable, while basis trading and funding rate arbitrage will be gradually phased out. In terms of compensation, affected users will receive USDC compensation based on actual losses, with funding sources including NAV discrepancies, future LAB sales (expected to unlock from August 14 to October 14, currently valued at approximately $1 million), and 50% of future platform revenue. All users recorded in the snapshot on June 6 are eligible for compensation.

According to monitoring by Blockaid, a key leakage incident occurred on the cross-chain bridge of MILC Media Metaverse on BNB and Ethereum. The attacker exploited a historical bridge administrator wallet to grant administrator privileges to an EOA address they controlled, subsequently extracting MLT tokens from the bridge contract and transferring the administrator control of the cross-chain bridge to the attacker's wallet.Currently, the attacker has obtained approximately 97,003 USDT on BSC and transferred about 39.21 ETH on Ethereum through Rhino.fi, with total losses amounting to approximately $161,000.

Humanity Protocol founder Terence Kwok posted on the X platform confirming a security incident, stating that this incident involves the private key leak of a Humanity Foundation member. For safety reasons, users are advised not to interact with cross-chain bridges or any liquidity pools until safety is confirmed. The team is working with security experts and exchange partners to resolve the issue.According to previous reports, associated addresses of Humanity Protocol have been stolen for over 31 million dollars.

According to the Korea Herald, the five major virtual asset trading platforms in South Korea (Upbit, Bithumb, Coinone, Korbit, Gopax) have experienced a total of 57 hacking and system failure incidents over the past six years (from 2020 to April 2026), with a total compensation amount of approximately 7 billion Korean won (about 5.1 million USD). By exchange, the number of incidents is as follows: Upbit 26 incidents, Bithumb 14 incidents, Gopax 8 incidents, Coinone 6 incidents, Korbit 3 incidents.Among them, Bithumb compensated approximately 2.5 billion Korean won (about 1.8 million USD) for the BTC misissue incident in February this year, Upbit compensated approximately 790 million Korean won (about 570,000 USD) for a hacking incident in November 2025, and compensated approximately 3.2 billion Korean won (about 2.3 million USD) for a system incident on December 3, 2024. It is worth noting that the standards for compiling incident reports by exchanges and the scale and form of compensation vary. For example, Gopax counts errors that occur when viewing the asset list as system failures, while Bithumb only counts situations where all customers encounter difficulties using core services for more than 10 minutes as system failures.In addition, Bithumb also provided some applicants who suffered losses due to system failures with free fee vouchers instead of cash compensation. The compensation amounts for system failures are as follows: Upbit approximately 3.21 billion Korean won, Bithumb approximately 3.2 billion Korean won, Coinone approximately 49 million Korean won. Korbit and Gopax did not provide any compensation.

Dragonfly Managing Partner Haseeb published a statement regarding the recently patched Zcash vulnerability, indicating that there are many misunderstandings in the market about this event. He pointed out that even if the vulnerability had been exploited before it was fixed, attackers could only profit by faking ZEC in the privacy pool, and these tokens must first be converted from a privacy address to a transparent address to enter mainstream trading platforms.Since the supply of ZEC in transparent addresses can be publicly verified, any abnormal transfers exceeding the maximum supply will be detected and blocked, so the vast majority of investors holding transparent ZEC and exchange users will not be affected.Haseeb stated that the Zcash team plans to introduce a new "Turnstile" mechanism and a brand new privacy pool in future upgrades to verify that there is no inflation issue in the current privacy pool. He also mentioned that formally verified cryptographic systems can reduce implementation errors from a design perspective. Haseeb finally disclosed that Dragonfly still holds ZEC, and he is also a ZODL investor.

Slow Fog's Yuxian stated on platform X that incidents of search engine poisoning involving fake Codex, Claude Code, and others have recently surged. It mentioned that it has previously warned multiple times about Google search results and its own services like Google Sites being exploited by black and gray market poisoning, but Google has not taken action against such obvious poisoning methods.