14 articles
Web3 WatchStake DAO suffers active exploit on Arbitrum after deployer key compromise. Attacker mints 5.4T vsdCRV, swaps for ETH. Curve warns LlamaLend users to exit now.
Web3 WatchCommonHub Brussels lost its entire €110,000 community treasury on May 25 after attackers drained its SAFE multisig wallet — exploiting signing keys that should have been removed months earlier.
Web3 Watch86 Gnosis Safe wallets lost $3.2M in under two hours on May 25. The attacker couldn't just transfer funds. The module's permissions only allowed Uniswap V3 swaps, so they engineered a fake pool to drain instead.
Web3 WatchA compromised admin key on Echo Protocol's Monad deployment led to $816K in confirmed losses after an attacker minted 1,000 unbacked eBTC, borrowed against them on Curvance, and laundered the proceeds through Tornado Cash.
Web3 WatchTHORChain confirmed a $10.7M exploit tied to a flaw in GG20 threshold signature cryptography. The attacker rebuilt the vault's private key from the inside. Here's what that means for the rest of DeFi.
Web3 WatchLayerZero admits comms failure after Lazarus Group's $290M RPC attack. New OneSig multisig and DVN overhaul announced, but the RPC entry vector stays unexplained.
Web3 WatchLayerZero Labs' production multisig keys securing $3B+ were used to trade memecoins, exposing users to supply chain attacks, security researchers reveal.
Web3 WatchA compromised device, one paste, and $1,200 gone to a hacker's wallet. Clipboard hijacking malware is quietly draining crypto wallets worldwide, and most victims only find out after the transaction confirms.
Web3 WatchA Snapshot vote backed by 16.9 million ARB tokens moved to return $71M in frozen KelpDAO exploit funds. Then lawyers for DPRK kidnapping victims obtained a federal restraining order that put the entire plan on hold.