ChainCatcher news, the Iranian cryptocurrency exchange Nobitex today issued a security incident notification, confirming that the platform has suffered a hacker attack, affecting some assets in hot wallets. It is reported that the pro-Israel hacker group "Gonjeshke Darande" has claimed responsibility for the attack and threatened to release Nobitex's source code and internal information within 24 hours.Nobitex stated that user assets in cold storage are safe and promised to fully compensate losses through insurance funds and platform resources. Currently, the platform's website and application have been temporarily closed, awaiting the security team's completion of a comprehensive investigation.

According to ChainCatcher news, as disclosed by Slow Fog founder Yu Xian, individual cryptocurrency investors have encountered multiple large-scale theft incidents in the past week, including two cases with losses exceeding $1 million, one case exceeding $2 million, and the highest single loss reaching $6.5 million. Smaller theft incidents occurred more frequently, but specific data was not disclosed.

ChainCatcher message, Echo Protocol team member @jonphayyy posted that the official project X platform account has been compromised, and the abnormal content currently published is not from the team. Users are advised not to click or interact with the related links.The team stated that this incident has not affected user funds and data, and the protocol itself remains completely secure. Echo Protocol is working with the X platform to facilitate account recovery and reminds users to report any suspicious content they may find.

According to ChainCatcher news, monitoring by the on-chain security analysis firm PeckShield revealed that in May 2025, there were approximately 20 major cryptocurrency security incidents, resulting in a total loss of $244.1 million, a decrease of 39.29% compared to the previous period.Among them, the Cetus protocol suffered an attack of $220 million, making it the largest incident of the month. Currently, the Cetus protocol and SUI have successfully frozen $157 million of the stolen funds, while the remaining $63 million is still in the attacker’s wallet. Other significant incidents include the Cork protocol being attacked for $12 million, a suspected North Korea-related hacking incident causing a loss of $5.2 million, and MBU tokens and MaplestoryU losing $2.2 million and $1.2 million, respectively.

ChainCatcher news, according to the Cork Protocol announcement, at 11:23 UTC today, a security incident occurred in the wstETH:weETH market on the platform. Currently, to prevent further risks, Cork has suspended all other market trading, and no other markets are affected at this time. The team is actively investigating the cause of the incident and will continue to provide updates on the progress.

ChainCatcher news, according to Cointelegraph, five major banking industry groups led by the American Bankers Association jointly sent a letter to the U.S. Securities and Exchange Commission (SEC) on May 22, requesting the repeal of the requirement in the "Cybersecurity Risk Management Rules" issued in July 2023 that public companies must disclose cybersecurity incidents within four days.The signatories include the Securities Industry and Financial Markets Association, the Bank Policy Institute, and other organizations. The banking industry groups pointed out that this rule directly conflicts with the confidentiality reporting requirements for protecting critical infrastructure, which could hinder incident response and law enforcement actions, leading to market disruption. They specifically requested the removal of the "1.05 clause" in the 8-K form, arguing that the existing framework for disclosing significant information is sufficient to protect investor interests. This rule also applies to publicly listed cryptocurrency companies.Earlier this month, Coinbase faced at least seven lawsuits for disclosing a user data breach incident, as the company refused to pay a $20 million ransom, with estimated potential losses reaching $400 million. If the rule is repealed, related companies will have more flexibility in their incident disclosure timelines.

ChainCatcher news, DeFi protocol Curve released a follow-up announcement regarding the "official website DNS hijacking" incident that occurred early this morning: neither the smart contracts nor the internal systems have been compromised, the protocol itself remains operational and secure, and user funds are safe. This incident did not affect the protocol's infrastructure and was limited to the DNS layer. Users should still avoid interacting with the affected domain names until official updates are released through the certified communication channels of Curve Finance.Previous news, Curve Finance was once again subjected to a DNS hijacking attack, putting user assets at risk.

ChainCatcher news, Binance founder Zhao Changpeng today issued an important security warning regarding the hacking incident of the Ledger Discord administrator account. He pointed out that the attacker infiltrated the official Ledger Discord administrator account, forged a security vulnerability announcement, and lured users to a phishing website to submit their 24-word recovery phrases. Zhao Changpeng emphasized, "No matter who the other party is, never give out your private key recovery phrase," and noted that "the social media accounts of crypto companies are often the weakest security link."In this attack, the hacker meticulously designed phishing messages that included false compensation schemes, falsely claiming that there was a vulnerability in the Ledger security system that could lead to the leakage of users' recovery phrases. It is worth noting that the phishing domain used by the hacker was highly deceptive. Zhao Changpeng's warning highlights the new types of social engineering attack risks currently facing the crypto industry, particularly the escalating threat of hijacking official communication channels.

ChainCatcher news, according to monitoring by Shield, in April 2025, a total of 18 major cryptocurrency security incidents occurred, resulting in a total loss of $357.11 million.It is worth noting that ZKsync, KiloEx, and Term Labs jointly recovered a total of $14.4 million of the stolen funds.

ChainCatcher news, according to Chainwire, the DeFi platform R0AR has announced the implementation of a regular buyback plan in response to a previous staking contract security incident. The platform will repurchase $1R0R tokens through weekly open market purchases, aiming to maintain token liquidity.ChainCatcher previously reported that SlowMist issued a security alert, stating that the root cause of The R0AR (@th3r0ar) vulnerability was a backdoor in the contract. During the deployment process, the R0ARStaking contract tampered with the balance of a specified address (user.amount) by directly modifying the storage slot. Subsequently, the attacker extracted all funds from the contract through an emergency withdrawal function.

ChainCatcher message, according to Jinshi reports, recently, the Japanese security team CSIRT revealed a security vulnerability in WinRAR that can bypass Microsoft's Windows Mark of the Web (MoTW) security mechanism, potentially allowing users to unknowingly execute malicious programs from the internet, posing serious security risks. This vulnerability is numbered CVE-2025-31334.To actively respond to the cybersecurity challenges posed by the WinRAR security vulnerability to our critical infrastructure, it is recommended to take the following measures from a technical perspective: first, conduct a comprehensive inspection of network devices in WinRAR user environments that are affected by this vulnerability and promptly install the latest version. Second, perform a reset of WinRAR client configurations. Third, it is advised that WinRAR users avoid connecting to untrusted networks when handling sensitive data.

ChainCatcher news, according to the official announcement from KiloEx, the platform has successfully recovered all stolen assets from this security incident, involving an amount of approximately 5.5 million USD. They are currently cooperating with judicial authorities and third-party experts to advance the formal case closure process.At the same time, a 10% bounty will be awarded to the white hat hackers as per the agreement. KiloEx stated that it will not pursue further legal responsibilities and is committed to continuously strengthening the platform's security construction.

ChainCatcher news, ZKsync founder and Matter Labs CEO Alex Gluchowski posted on social media, reiterating that there have been no incidents of code, contract, or operator key leaks, and stated that ZKsync has withstood the test precisely because it has an ultimate security architecture (Endgame). The team is still investigating the related security incident, and a detailed explanation will be released once the investigation and recovery work are completed.Alex stated that he initiated the investigation immediately after receiving feedback from the community. He added that although most Layer 2 project token prices have been under pressure recently, ZKsync has performed relatively steadily, but the team still has an unbreakable, legally binding commitment to investors, partners, and members.

ChainCatcher news, according to official information, the RWA lending protocol Zoth has released the latest progress on the security incident investigation.Zoth stated that there have been no significant changes to the involved funds, and the team is closely collaborating with intelligence agencies and ecosystem partners to continuously track and investigate the attackers' related activities.The official said that their current key tasks include:Real-time monitoring of the fund flows of relevant wallets;Collaborating with on-chain analysis teams to trace the attackers' digital footprints;Coordinating with law enforcement agencies and legal teams to formulate the next steps.

ChainCatcher news, blockchain security company PeckShield has released the latest data showing that the loss amount from the GMX and MIM Spell security vulnerability incidents has increased to approximately 6260 ETH, equivalent to about 13 million USD at current market prices.

ChainCatcher message, AdsPower officially stated on social media that its security team transparently disclosed an intrusion incident on January 24. Hackers spread malicious code, tampering with some third-party cryptocurrency wallet plugins in the AdsPower fingerprint browser. AdsPower has fixed the vulnerabilities and strengthened system security, while also reporting to the authorities in Singapore and actively cooperating with the police investigation.Internal investigations show that the attackers exploited vulnerabilities in third-party technology service systems to upload and spread a malicious version of the MetaMask plugin, which may have led to the leakage of cached information from users' wallet plugins. Currently, AdsPower has upgraded the plugin download mode in the application center and will further enhance network security, emergency response, and supply chain security management in the future. Affected users can receive exclusive value-added service plans in the AdsPower client.

ChainCatcher news, according to Slow Mist monitoring, the losses from Web3 security incidents in February 2025 are estimated to total $1.681 billion. The Slow Mist blockchain hacker archive has recorded a total of 15 hacking incidents, resulting in approximately $1.676 billion in losses, of which $52.45 million has been frozen or recovered.In addition, according to data from the Web3 anti-fraud platform Scam Sniffer, there were a total of 7,442 victims of phishing attacks this month, with total losses reaching $5.32 million. The majority of incidents were caused by smart contract vulnerabilities, social engineering, account intrusions, and private key leaks.

ChainCatcher news, Cobo co-founder and CEO Shen Yu posted on platform X, stating that the Bybit $1.5 billion security incident and multiple cases of Safe owner tampering have exposed three major pain points in current blockchain security:Front-end/plugins are easily tampered with, and users cannot verify signed data;The environment of multi-signature key holders lacks independence and has no mandatory review mechanism;Hardware wallet transaction parsing capabilities are weak, essentially in a blind signing state;

According to ChainCatcher's message and data statistics from the hacker section of the DefiLlama website, the theft of over $1.4 billion in assets from Bybit is the largest security incident in cryptocurrency history, accounting for about 15% of the total stolen amount from all security incidents in cryptocurrency history.The panel data shows that the cumulative amount stolen in cryptocurrency history exceeds $10.62 billion, with DeFi-related stolen assets reaching as high as $6.31 billion, and stolen assets from various bridging projects amounting to $2.87 billion.