15 articles published
Zashleen Singh doesn't just report on Web3 she digs into it. With a background in software development across top tech companies and the Web3 space, she brings a developer's precision to investigative journalism. Specialising in crypto fraud, decentralised applications, and Web3 infrastructure, she has covered over 200 blockchain projects and broken major rug pull investigations that sparked real community action.
in about 13 hours
Adshares’ reported bridge exploit has moved into a recovery phase, but public evidence for a 10% bounty offer still needs official confirmation. The case shows why exploit recovery claims need the same verification standard as attack reports.
in about 12 hours
Ripple CTO David Schwartz warned XRP users that fake airdrops, giveaway posts and impersonator accounts have surged across social platforms. The alert puts wallet-drainer risk back at the center of XRP Ledger user security.
in about 11 hours
Pi Network’s latest warning tells users to verify founder accounts, official channels and wallet links before trusting Pi-related claims. The alert comes as impersonators use fake giveaways, misleading pages and support-style messages to target Pioneers.
in about 9 hours
Huma Finance says deprecated Polygon V1 BaseCreditPool contracts were exploited for about $101,400, while user deposits, PST and Solana V2 stayed unaffected. The breach turns old DeFi infrastructure into the main risk signal.
in about 9 hours
TrustedVolumes lost millions after a custom RFQ proxy accepted attacker-signed orders against the protocol’s own inventory. The exploit shows how signer validation can fail when authorization is not tied to the asset source.
in about 8 hours
ShapeShift’s FOX Colony on Arbitrum was drained after a meta-transaction self-call bypassed authorization checks. SlowMist says the flaw let an attacker replace the resolver and drain ERC-20 assets through delegatecall.
in about 8 hours
Transit Finance says a deprecated TRON contract from 2022 was exploited for about $1.88 million in DAI. The incident shows why old contract versions can remain dangerous even after teams stop using them.
in about 7 hours
TAC’s TON-side bridge incident moved from a $2.8 million exploit into a recovery test after the team said affected assets were limited to USDT, BLUM and tsTON. The case puts cross-chain controls under pressure again.
in about 7 hours
Adshares appears to have suffered a bridge validation failure after fake wrapped ADS was minted and sold into Ethereum liquidity. The case shows how weak mint verification can turn wrapped-token reserves into a direct loss channel.
in about 6 hours
THORChain’s exploit response has moved into a second risk phase as fake refund and airdrop claims target confused users. The warning shows how attackers turn protocol incidents into wallet-drainer opportunities.
in about 6 hours
THORChain’s $10.7 million Asgard vault breach turns a cross-chain exploit into a signing-layer trust test. The key question is whether the failure came from code, operator infrastructure, or validator-side key management.
about 4 hours ago
Olena Oblamska has been extradited from Thailand to face U.S. wire-fraud conspiracy charges tied to Forsage. Prosecutors say the smart-contract pitch masked a $340 million Ponzi and pyramid scheme before trial.
about 4 hours ago
Myanmar’s new anti-scam bill proposes death penalties for violent coercion and life imprisonment for crypto fraud operators. The draft shows how scam compounds are forcing governments to treat digital fraud as organized crime and trafficking.
Yesterday
DeFi users keep chasing yield while most protocol risk remains uncovered. The insurance market exists, but hacks, bridge failures, governance attacks and phishing have outgrown the narrow cover products built during DeFi Summer.
Yesterday
The KelpDAO hack did not rely on a normal smart contract bug. Attackers fooled cross-chain verification infrastructure, released rsETH against a burn that never happened and forced DeFi lenders to confront hidden bridge risk.