THORChain’s exploit response has moved into a second risk phase as fake refund and airdrop claims target confused users. The warning shows how attackers turn protocol incidents into wallet-drainer opportunities.
in about 7 hours · 1 min read
Follow the desk on X or jump into Telegram for live updates and conversation.
Real-time alerts, market briefs, and curated opportunities from across the ecosystem.
Adshares’ reported bridge exploit has moved into a recovery phase, but public evidence for a 10% bounty offer still needs official confirmation. The case shows why exploit recovery claims need the same verification standard as attack reports.
Philippine investigators arrested 15 people in Mandaluyong after raiding an alleged crypto investment scam hub using a spoofed website. The case shows how organized fraud desks package crypto promises through social engineering and forged digital systems.
Ripple CTO David Schwartz warned XRP users that fake airdrops, giveaway posts and impersonator accounts have surged across social platforms. The alert puts wallet-drainer risk back at the center of XRP Ledger user security.
Pi Network’s latest warning tells users to verify founder accounts, official channels and wallet links before trusting Pi-related claims. The alert comes as impersonators use fake giveaways, misleading pages and support-style messages to target Pioneers.
DarkSword’s leaked iOS exploit code has turned a targeted spyware chain into a wider wallet-security concern. Crypto users now face higher risk from malicious websites, fake support pages and mobile data theft.
Mistral AI’s official Python SDK briefly shipped a malicious PyPI version that downloaded a Linux-focused credential stealer. The attack raises direct key-rotation questions for AI and crypto teams using developer secrets in build systems.
Three malicious node-ipc versions were pushed to npm with credential-stealing code that targeted developer machines and CI/CD systems. The incident shows how one poisoned JavaScript package can create downstream key-risk across crypto teams.
Huma Finance says deprecated Polygon V1 BaseCreditPool contracts were exploited for about $101,400, while user deposits, PST and Solana V2 stayed unaffected. The breach turns old DeFi infrastructure into the main risk signal.
TrustedVolumes lost millions after a custom RFQ proxy accepted attacker-signed orders against the protocol’s own inventory. The exploit shows how signer validation can fail when authorization is not tied to the asset source.
ShapeShift’s FOX Colony on Arbitrum was drained after a meta-transaction self-call bypassed authorization checks. SlowMist says the flaw let an attacker replace the resolver and drain ERC-20 assets through delegatecall.
TAC’s TON-side bridge incident moved from a $2.8 million exploit into a recovery test after the team said affected assets were limited to USDT, BLUM and tsTON. The case puts cross-chain controls under pressure again.
Follow the desk on X or jump into Telegram for live updates and conversation.
