Hacks

Hacks
Attacker Mints 10 Billion TOP Tokens Through Governance Takeover, Drains $1.58M from Balancer Pool
An attacker exploited Token of Power's Aragon DAO on Tuesday to mint 10 billion TOP tokens via a malicious governance proposal, then swapped the supply for 944.2 WETH worth roughly $1.58 million.

Hacks
Raydium Confirms $1.34M Drain on Deprecated AMM V3, Pledges Treasury Compensation
Raydium core contributor Infra confirmed Wednesday that an attacker drained ~$1.34M from the legacy AMM V3 program, a contract phased out in 2021. Current users were unaffected, the treasury will cover full compensation, and the root cause was a self-contained LP-mint validation flaw. PeckShield earlier traced the laundering across KuCoin, a Solana-to-Ethereum bridge, Tornado Cash and FixedFloat.

Hacks
Humanity Protocol Traces $36M Hack to Single Malware-Infected Machine That Held Seven Keys
A forensic report from Humanity Protocol found a single malware-infected developer machine held backups of seven private keys, giving an attacker full control over both its Ethereum and BNB Smart Chain infrastructure.

Hacks
Humanity Protocol Loses $36M After Foundation Laptop Is Compromised, Token Drops Nearly 70%
An attacker compromised a Humanity Protocol foundation member's private keys, drained 17-plus Gnosis Safe wallets across Ethereum and BNB Chain, and minted 100 million additional H tokens on BSC. Total losses reach about $36 million. The H token fell nearly 70% on the day. On-chain investigator ZachXBT alleges the incident may have been staged.

Hacks
Yuga Labs Executes White-Hat Rescue of 68 NFTs After Flooring Protocol Exploit
Yuga Labs used its GrailsOTC trading desk to pull 68 blue-chip NFTs valued at more than $500,000 out of vulnerable Flooring Protocol pools before attackers could drain them.

Hacks
Old DxSale Lockers Drained for $7.3M Across 1,400 BNB Chain Pools as Owner-Privilege Exploits Pile Up
A dormant launchpad contract from 2021 was emptied this week through a quiet ownership transfer and a one-wei fee reset — the latest in a string of BNB Chain drains that turn admin keys into the attack surface.

Hacks
Kelp DAO Hacker Has Laundered Nearly All $220M in Unfrozen Funds, Closing the Recovery Window
On-chain traces show the DPRK-linked attacker behind April's $292 million bridge exploit has pushed the unfrozen ~$220 million through THORChain, Wasabi, Tornado Cash, and Umbra, leaving roughly $1.7 million still sitting in the original wallet.

Hacks
V12 Says THORChain Silently Patched Its Critical Bug, Then Told Researchers the Bounty Is 'Permanently Retired'
A security startup says it disclosed a fund-draining vulnerability to the cross-chain protocol weeks before a $10.7M exploit hit a near-identical flaw. Now it plans to publish exploit code for more.

Hacks
Gnosis Pay Hit by 'Delay Module' Exploit as Gnosis Pledges to Cover User Losses
Co-founder Martin Köppelmann said the company will make all users whole after attackers exploited the smart-contract module that governs Gnosis Pay card accounts. No loss figure has been disclosed.

Hacks
Alephium Bridge Loses $815K to Forged Guardian Messages, Not Stolen Keys
Alephium's Wormhole-fork TokenBridge was drained on Ethereum and BNB Chain in roughly seven minutes after an off-chain backend flaw let fraudulent messages slip past its four-guardian network, the team said in a public correction.




