Web3 Watch Hub
Web3 Watch - Security Hub
Breaking security news on exploits, bridge hacks, protocol vulnerabilities, and lost funds. Stay informed on Web3 security threats.
Breaking security news on exploits, bridge hacks, protocol vulnerabilities, and lost funds. Stay informed on Web3 security threats.
42 articles
Market NewsA zero-value transfer exploit drained 377,642 USDT from LittleBoyPlus on BNB Chain. SlowMist flagged the flaw in the LBPHashrate contract while ZachXBT called for the entire team to be investigated. The project has not responded.
Web3 WatchCertiK flagged a suspicious drain of $2.19M from Aztec Connect on Ethereum. The contract was deprecated three years ago and cannot be paused or upgraded by anyone.
Web3 WatchRaydium's treasury will cover roughly $1.34 million drained from five legacy pools in a defunct program phased out since 2021, after an attacker bypassed LP mint checks.
Web3 WatchZcash halted Orchard pool transactions June 2 after a vulnerability was caught through routine auditing. Miners pushed the re-enable window past the original deadline, with ZODL now targeting 23:00 EDT.
Web3 WatchFluid's off-chain reward infrastructure was drained on May 27. Four days passed before users knew. What followed was not just a hack disclosure but a quiet $100 million confidence crisis.
Web3 WatchGravity Bridge lost $5.4M after attackers poisoned validators into signing away their own power. Here is exactly how it unfolded.
Web3 WatchStake DAO suffers active exploit on Arbitrum after deployer key compromise. Attacker mints 5.4T vsdCRV, swaps for ETH. Curve warns LlamaLend users to exit now.
Web3 WatchCommonHub Brussels lost its entire €110,000 community treasury on May 25 after attackers drained its SAFE multisig wallet — exploiting signing keys that should have been removed months earlier.
Web3 Watch86 Gnosis Safe wallets lost $3.2M in under two hours on May 25. The attacker couldn't just transfer funds. The module's permissions only allowed Uniswap V3 swaps, so they engineered a fake pool to drain instead.