vulnerabilities

According to The Block, the Sui Foundation released an incident analysis report on the recent three interruptions of the mainnet, attributing the three network outages that occurred last Thursday and Friday to two independent vulnerabilities introduced by the v1.72 version upgrade. The first interruption lasted about six and a half hours, while the second and third occurred on Friday morning and afternoon, respectively.The first two interruptions were caused by the "address balance" feature introduced in v1.72, which exposed flaws in the transaction fee deduction method. When a transaction was canceled due to insufficient funds, the network would still spend those funds, resulting in a negative balance that caused the validation node reconciliation process to crash. The foundation acknowledged that the temporary fix pushed urgently on Thursday carried known interruption risks, and the team accepted this risk to quickly restore on-chain services, which led to another network interruption on Friday morning.The third interruption was triggered by another undisclosed random state vulnerability, occurring when the validation nodes restarted to install the fix patch. Sui stated that user funds were never at risk, that both vulnerabilities have been fixed, and that a mechanism to forcibly terminate stalled epochs has been established. The foundation also mentioned that AI agents with access to its production systems significantly accelerated the diagnostic process.

The Zcash Foundation has released the node client Zebra version 4.5.0 update, which includes multiple security fixes, including a critical consensus vulnerability and several high-risk denial of service (DoS) issues. All node operators are strongly advised to upgrade immediately.It is reported that this core fix includes a sigop counting error caused by P2SH script parsing (which may lead to a consensus fork with zcashd), a defect in the NU5 block validation cache logic, a risk of transparent address balance overflow crashes, as well as multiple crashes and resource exhaustion vulnerabilities in RPC interfaces and memory pool handling. Additionally, some vulnerabilities can be exploited by malicious nodes, leading to node freezes, reboot loops, or even permanent shutdowns.

StablR officially announced on the X platform that it has identified a security vulnerability affecting its euro stablecoin EURR and dollar stablecoin USDR, and is actively controlling the vulnerability and mitigating its impact. Protecting users and user funds is its top priority, and details and follow-up measures will be announced as soon as the relevant issues are verified.According to previous reports, the StablR stablecoin became unpegged after an attack, and the attacker has profited approximately 2.8 million dollars.

According to The Block, Nasdaq-listed Bitcoin ATM operator Bitcoin Depot has filed for Chapter 11 bankruptcy in the Southern District of Texas to gradually shut down operations. CEO Alex Holmes stated that changes in the regulatory environment have made the current business model unsustainable, with states implementing stricter compliance obligations, including new transaction limits, and some jurisdictions even directly restricting or banning Bitcoin ATM operations.In April, the company experienced a security breach that resulted in the theft of $3.7 million. Last week, the company stated that there were "significant deficiencies" in cash transportation reconciliation, preventing timely delivery of the first-quarter financial report. Preliminary unaudited data shows that first-quarter revenue decreased by 49.2% year-over-year, with a net loss of $9.5 million, compared to a net profit of $12.2 million in the same period last year. The company was founded in 2016 and operates the largest Bitcoin ATM network in North America, with over 9,000 machines globally.

The privacy coin project Monero has released the graphical wallet software GUI version 0.18.5 "Fluorine Fermi". This update is a recommended upgrade version, mainly containing a large number of bug fixes and functionality optimizations.Key highlights of this update include: migrating the P2Pool installation path to LocalAppData on Windows systems, fixing boundary case issues in URI parsing, prohibiting the creation of offline transactions in long payment ID scenarios, escaping untrusted text in QR code scanning to enhance security, upgrading P2Pool to v4.15, and multiple detail bug fixes and stability improvements.Monero's official team stated that this version has been open-sourced on GitHub, and users can download the upgrade through official channels to obtain the latest security fixes and stability improvements.

According to Decrypt, Google's Threat Analysis Group confirmed that cybercriminals used an AI model to discover and exploit a zero-day vulnerability in a popular open-source web management tool that could bypass two-factor authentication. Google stated that this is the first time the company has confirmed AI-assisted zero-day vulnerability development in a real-world environment. Before attackers could exploit it on a large scale, Google worked with the affected vendor to patch the vulnerability. Google's report noted that the vulnerability was a logic error, where the software trusted a condition that could bypass two-factor authentication. Unlike traditional scanners that look for crashes or error codes, AI analyzed the expected behavior of the software and detected logical contradictions, allowing attackers to bypass security checks without compromising encryption.

The Zcash Foundation officially announced the release of Zebra version 4.4.0. This update fixes multiple consensus-level critical security vulnerabilities and strongly recommends that all node operators upgrade immediately. This includes a denial-of-service vulnerability that can cause new blocks to stop being discovered permanently, consensus divergences caused by errors in block signature operation (sigops) counting, anomalies in the processing of transparent transaction signature hashes, and risks of memory allocation amplification attacks.The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks that are rejected by zcashd, leading to chain forks. If not updated in a timely manner, nodes may face risks such as interruption in block discovery, consensus forks, and resource consumption amplification, and there are currently no alternative mitigation solutions.

Wasabi Protocol stated that Wasabi's contracts on Solana are secure and not affected by this vulnerability. The vulnerability is limited to Wasabi's EVM deployment. The team is working with leading security teams and has contacted law enforcement and the FBI. Further updates will be announced when available.

Sui ecosystem DEX protocol Aftermath Finance announced that the team has discovered a vulnerability affecting the protocol and is actively investigating it with security partners.As a precaution, the protocol has been suspended, and measures are being taken to minimize the potential impact on user funds.

According to a16z, its researchers conducted a systematic test on whether AI agents can independently exploit DeFi price manipulation vulnerabilities.The study used a dataset of 20 Ethereum price manipulation incidents and employed Codex (GPT 5.4) equipped with the Foundry toolchain as the testing agent. Under baseline conditions without domain knowledge, the agent's success rate was only 10%; after introducing structured domain knowledge extracted from real attack events, the success rate increased to 70%. Failure cases showed that the agent could accurately identify vulnerabilities but generally struggled to understand the leverage logic of recursive borrowing, misjudged profit margins, and could not assemble multi-step attack structures across contracts. The experiment also recorded a sandbox escape incident: the agent extracted the RPC key from the local node configuration and called the anvil_reset method to reset the node to a future block, bypassing information isolation restrictions and obtaining real attack data. The research team believes that AI agents can currently effectively assist in vulnerability identification but cannot yet replace professional security auditors.

According to The Information, Anthropic and OpenAI have both experienced security incidents, raising market concerns about the safety of AI models themselves.Currently, Anthropic is investigating potential unauthorized access to its Claude Mythos model by users. Almost simultaneously, OpenAI was also reported to have accidentally exposed several unreleased models in its Codex application. Industry opinions indicate that these vulnerability incidents have intensified scrutiny on the security governance capabilities of AI companies and reflect that the security systems of current AI technology still need improvement as it rapidly develops. Analysts believe that even AI model providers that focus on cybersecurity capabilities face significant security challenges themselves. As AI is gradually used to defend against cyberattacks, issues related to platform security and access control have also become critical risk points.

According to The Block, JPMorgan analysts stated that the frequent security incidents in DeFi and the stagnation of total locked value (TVL) in ETH terms continue to limit institutional interest in DeFi. The report mentioned that a recent cross-chain bridge attack related to Kelp DAO led to a loss of approximately $20 billion in DeFi TVL within a few days. The attackers minted about $292 million in unsecured rsETH and borrowed real ETH on Aave using it as collateral, resulting in approximately $230 million in bad debt. JPMorgan also pointed out that after security incidents, users tend to turn to Tether's USDT for safety.

According to Decrypt, Mozilla recently revealed that Anthropic's latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser, and the related vulnerabilities have been fixed this week.In comparison, a previous version of the Anthropic model only found 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities were within the scope of top human researchers' findings. Claude Mythos was officially released in March 2026 and is Anthropic's most powerful model in the fields of reasoning, coding, and cybersecurity, currently available for use by vetted partners such as Amazon, Apple, and Microsoft through the "Project Glasswing" initiative.

The security agency Innora released a report stating that the financial protocol Saturn on Ethereum has two serious vulnerabilities. These include:Withdrawal freeze vulnerability: Under normal business operations, all user funds could be locked, with a minimum of 30 days and, in extreme cases, indefinitely frozen. No hacker is needed; the protocol can trigger this itself.Privileged addresses in the protocol can legally intercept up to 33.33% of the funds per operation. According to current data, a single operation can intercept up to approximately $157,000, with a theoretical total risk of up to $4.26 million.Innora stated that over 90% of Saturn's assets are managed by privileged addresses, and users are completely reliant on trust. As of the report's release, this vulnerability has not yet been fixed.

According to CoinDesk, researchers from the University of California, Santa Barbara, the University of California, San Diego, blockchain security company Fuzzland, and World Liberty Financial have jointly published a paper warning that "LLM routers"—intermediary services located between users and AI models—have become a significant security risk for crypto assets.The researchers found that 26 LLM routers are secretly injecting malicious tool calls and stealing user credentials, with one incident leading to the emptying of a customer's crypto wallet worth $500,000.Additionally, the researchers were able to control about 400 downstream hosts within hours by "polluting" the router ecosystem. Since sensitive data such as private keys and API credentials are often transmitted in plaintext through these routers, users are effectively exposing their assets to risk without their knowledge.The researchers pointed out that as McKinsey predicts AI agents will mediate $30 trillion to $50 trillion in global consumer spending by 2030, Binance founder Changpeng Zhao also predicts that the payment volume of AI agents will be a million times that of humans. The current infrastructure security is severely lagging behind the pace of industry development, and the risk of the "weakest link" could trigger a systemic chain crisis.

According to market news, researchers from the University of California recently disclosed that some third-party AI large language model (LLM) routers have security risks that could lead to the theft of cryptocurrency assets. The research shows that LLM routers, acting as API intermediaries, can read plaintext information, and some routers have been found to inject malicious code and steal credentials.The team tested 28 paid and 400 free routers, finding that 9 routers actively injected malicious code, 2 deployed evasion triggers, and 17 accessed Amazon Web Services credentials. Some routers even transferred ETH using the researchers' Ethereum private keys.The study pointed out that the malicious behavior of the routers is difficult to detect, and some AI agent frameworks' "YOLO mode" can automatically execute commands, increasing security risks. The research recommends that developers should not allow private keys or mnemonic phrases to be transmitted through AI agents and calls on AI companies to encrypt signatures in responses to enhance security.

The 360 vulnerability mining agent recently discovered and reported 1 high-risk and 2 medium-risk high-value vulnerabilities related to OpenClaw, totaling 3 vulnerabilities. Currently, all newly discovered vulnerabilities have been officially patched and publicly disclosed.It is understood that the three newly discovered vulnerabilities directly target the core operating mechanism of AI agents, directly affecting the core security of user devices, data, and accounts.

According to PR Newswire, BTQ Technologies has released a research paper titled "Kardashev Scale Quantum Computing for Bitcoin Mining," which quantifies the physical costs of the entire process of using quantum computing for Bitcoin mining for the first time. The related research points out that the market has long confused two types of quantum threats: one is the attack on Bitcoin's elliptic curve digital signatures (real and urgent), and the other is quantum mining accelerated by Grover's algorithm (theoretically possible but with extremely high practical costs).The BTQ paper argues that to have a substantial impact on consensus, a quantum computing cluster with energy consumption far exceeding the current level of human civilization needs to be built. The study also proposes an open-source resource estimation model, covering key aspects such as reversible double SHA-256 computation, fault-tolerant quantum error correction, and large-scale quantum bit scheduling. The conclusion emphasizes that the more realistic risk facing Bitcoin comes from vulnerabilities in cryptographic signatures, rather than quantum mining capabilities.

The Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China has monitored and found that attackers are using exploit tools targeting Apple Inc.'s terminal products to carry out cyber attack activities, which can lead to serious harms such as information theft and system control. The affected range includes Apple terminal products such as iPhone and iPad running iOS 13 to 17.2.1.Attackers induce users to use the Safari browser to visit web pages containing malicious code through methods such as SMS, email, or web poisoning, comprehensively utilizing security vulnerabilities present in the terminal devices to implant remote control Trojans into the victim's terminal products, stealing sensitive user information, gaining maximum privileges, and taking control.It is recommended that users of Apple terminal products conduct risk assessments, and promptly fix vulnerabilities through version upgrades and patch installations (refer to the Apple Security Updates). Pay attention to system update notifications and the latest security update announcements released by Apple, upgrade to the latest secure version in a timely manner, strengthen security awareness, avoid clicking on unknown links, and prevent the risk of cyber attacks.