fa
Feedback
Defendor — DeFi Security

Defendor — DeFi Security

رفتن به کانال در Telegram
2 335
مشترکین
-124 ساعت
+297 روز
+10230 روز
آرشیو پست ها
🌉 BitTorrent Bridge Drained for $13.3M via Privileged Proxy Upgrade The BTTC bridge on Ethereum lost ~$13.3M, including ~7,2
🌉 BitTorrent Bridge Drained for $13.3M via Privileged Proxy Upgrade The BTTC bridge on Ethereum lost ~$13.3M, including ~7,285 ETH and various ERC20 assets, after a privileged proxy upgrade granted the attacker CFO_ROLE on the upgraded RootChainManager, enabling a withdrawAll() call to drain predicate contracts. 🔗 Details

🏆 Audit Competitions Find 4x More Critical Bugs Than Private Audits An analysis of 1,178 audit reports from Trail of Bits, Z
🏆 Audit Competitions Find 4x More Critical Bugs Than Private Audits An analysis of 1,178 audit reports from Trail of Bits, Zellic, and OpenZeppelin found the median private audit surfaces zero critical or high-severity bugs, while Immunefi's 58 competitions averaged 6.2 serious findings each at $6,548 per critical found versus ~$66K for a private audit. 🔗 Details

📊 $1.31B Lost in H1 2026 Across 344 Incidents CertiK's H1 2026 report shows losses are actually ~28% higher than H1 2025 on
📊 $1.31B Lost in H1 2026 Across 344 Incidents CertiK's H1 2026 report shows losses are actually ~28% higher than H1 2025 on a like-for-like basis, with wallet compromise topping attack vectors at $444M across just 33 incidents, driven by the Kelp DAO and Drift Protocol breaches in April. Phishing incident volume dropped 52% year-over-year, yet losses barely fell, as attackers shifted to fewer, high-value targets, with just 4 incidents accounting for ~85% of all phishing losses. 🔗 Details

🏛️ Malicious Governance Vote Drains $21M From BONK Treasury A malicious governance proposal on BONK passed and drained ~$21M
🏛️ Malicious Governance Vote Drains $21M From BONK Treasury A malicious governance proposal on BONK passed and drained ~$21M in BONK from its treasury, sending the token's price down 9%. The attacker has since moved $148K worth of BONK onto OKX. 🔗 Details

🕵️ Wallet Tied to Collapsed Ponzi Scheme Moves 5,000 ETH A wallet linked to Mining Express, a 2019 Ukrainian MLM Ponzi schem
🕵️ Wallet Tied to Collapsed Ponzi Scheme Moves 5,000 ETH A wallet linked to Mining Express, a 2019 Ukrainian MLM Ponzi scheme, swapped 5,004 ETH for 8.8M DAI after the funds had been quietly staked through Lido and EtherFi since early 2025 before being fully unstaked on May 4, 2026. Mining Express was founded by Brazilian national Kaze Fuziyama and raided by Ukrainian law enforcement in early 2022, with mining equipment seized as part of the investigation. 🔗 Details

🔴 Critical Bug in Aptos Move VM Allowed Arbitrary Storage Hijack Hexens discovered a stale cache vulnerability in the Aptos
🔴 Critical Bug in Aptos Move VM Allowed Arbitrary Storage Hijack Hexens discovered a stale cache vulnerability in the Aptos Move VM where a partial cache flush wiped the struct name index map but left the type tag cache intact, letting an attacker recycle struct indices and redirect borrow_global_mut to a victim's storage slot. In theory, the bug could have enabled vault draining, capability theft (SignerCapability, MintRef), and cross-chain damage via Wormhole and LayerZero bridges. A patch was deployed privately before public disclosure in February 2026. 🔗 Details

🚨 SummerFi Incident Report The attacker flash-loaned 65.4M USDC and 1M USDT from Morpho, then routed through public Lazy Sum
🚨 SummerFi Incident Report The attacker flash-loaned 65.4M USDC and 1M USDT from Morpho, then routed through public Lazy Summer vault flows to exploit same-transaction accounting assumptions across FleetCommander, Arks, and VaultV2, not a key compromise or admin abuse. After repaying the flash loans, 6,016,754 DAI in profits was swapped out via Curve to the attacker's address. 🔗 Details

🚨 Summer Finance Hit With $6M Liquidity Manipulation A suspicious transaction involving Summer Finance netted the attacker ~
🚨 Summer Finance Hit With $6M Liquidity Manipulation A suspicious transaction involving Summer Finance netted the attacker ~$6M using a ~$65.4M flashloan to manipulate liquidity on Ethereum. 🔗 Details

🛠️ The Red Guild's DevSecOps Handbook Is Worth Revisiting The Red Guild put together a practical DevSecOps handbook covering
🛠️ The Red Guild's DevSecOps Handbook Is Worth Revisiting The Red Guild put together a practical DevSecOps handbook covering GitHub analysis, CI/CD pipeline security, secrets detection, source code vulnerabilities, container hardening, and cloud security, paired with a ready-to-run toolkit container. Tools like Semgrep, Trufflehog, Checkov, and Octoscan are built in for hands-on use. 🔗 Details

📋 11 Things Every Team Should Do Before Their Audit Adevar Labs breaks down the most common mistakes teams make before and d
📋 11 Things Every Team Should Do Before Their Audit Adevar Labs breaks down the most common mistakes teams make before and during audits, from skipping threat models and cutting scope to save cost, to submitting fixes weeks after the report when auditor context has already faded. On the technical side, recurring patterns include retroactive fee application, missing supply == 0 checks on share tokens, and init vs init_if_needed issues on Anchor ATAs. 🔗 Details

🔍 How Solana Quietly Patched a Network-Halting Bug In August 2024, a vulnerability in the Agave and Jito validator clients w
🔍 How Solana Quietly Patched a Network-Halting Bug In August 2024, a vulnerability in the Agave and Jito validator clients was found to allow an attacker to crash validators one by one by deploying a maliciously crafted ELF file with a misaligned .text section, triggering a segfault via the CALL_REG opcode. The patch was privately distributed to high-stake validators first, reaching the required 67% supermajority within 48 hours before any public disclosure. 🔗 Details

🌪️ Tornado Cash 100 ETH Pool Swells to 222.3K ETH ($392M+) Stolen funds from two of the largest exploits of 2026 are being a
🌪️ Tornado Cash 100 ETH Pool Swells to 222.3K ETH ($392M+) Stolen funds from two of the largest exploits of 2026 are being actively laundered through Tornado Cash, with millions deposited every hour in real time. 🔗 Details

🛡 BattleChain Launches Pre-Mainnet Security Testing BattleChain lets protocols deploy audited contracts with real funds befo
🛡 BattleChain Launches Pre-Mainnet Security Testing BattleChain lets protocols deploy audited contracts with real funds before mainnet, where whitehats can legally exploit vulnerabilities for bounties under Safe Harbor. The goal is to uncover exploitable bugs before production, bridging the gap between audits and mainnet deployment. 🔗 Details

🚨 Step Finance Exploiter Launders Funds The Step Finance attacker bridged another $27.2M in stolen funds to Ethereum and has
🚨 Step Finance Exploiter Launders Funds The Step Finance attacker bridged another $27.2M in stolen funds to Ethereum and has deposited $10.8M into Tornado Cash. About $16M remains under the attacker's control. Two exploiters deposited over $21M into Tornado Cash within five hours, highlighting ongoing laundering activity. 🔗 Details

🚨 UXLINK Exploiter Launders Funds The UXLINK exploiter swapped the remaining ~10.54M DAI for 6,000.8 ETH before depositing 6
🚨 UXLINK Exploiter Launders Funds The UXLINK exploiter swapped the remaining ~10.54M DAI for 6,000.8 ETH before depositing 6,038 ETH into Tornado Cash. Over the past two weeks, the exploiter has laundered a total of 14,336.6 ETH through Tornado Cash. 🔗 Details

🚨 Corezcat & GameStopfun Rug Pulls Corezcat and GameStopfun were exploited for a combined ~$93K after their token contracts
🚨 Corezcat & GameStopfun Rug Pulls Corezcat and GameStopfun were exploited for a combined ~$93K after their token contracts delegated balanceOf() to external contracts, allowing arbitrary balance manipulation. The attacker inflated pool and contract balances, enabling the rug. The stolen funds remain in the attacker's wallets. 🔗 Details

📊 June 2026 Crypto Hacks Totaled $75.87M Forty major exploits caused $75.87M in losses during June, down 7.13% from May. Hum
📊 June 2026 Crypto Hacks Totaled $75.87M Forty major exploits caused $75.87M in losses during June, down 7.13% from May. Humanity Protocol suffered the largest loss at $31M. Investigators also observed laundering activity across multiple chains, with funds linked to both the Humanity Protocol and KelpDAO exploits. 🔗 Details

🛡️ Security Resources for Sui Developers Certora has released new resources to help Sui developers build securely from day o
🛡️ Security Resources for Sui Developers Certora has released new resources to help Sui developers build securely from day one. They include guidance, documentation, best practices, and free security materials. Preventing vulnerabilities early is easier than fixing them after deployment. 🔗 Details

🛡️ Security Resources for Sui Developers New resources help Sui developers build securely from day one. They include guidanc
🛡️ Security Resources for Sui Developers New resources help Sui developers build securely from day one. They include guidance, documentation, best practices, and free security materials. Preventing vulnerabilities early is easier than fixing them after deployment. 🔗 Details

💰 Bug Bounties Prevent Costly Exploits Long-running bug bounty programs uncovered critical vulnerabilities in most projects.
💰 Bug Bounties Prevent Costly Exploits Long-running bug bounty programs uncovered critical vulnerabilities in most projects. Paying researchers early costs far less than recovering from an on-chain exploit. Continuous review complements audits by catching new vulnerabilities before attackers do. 🔗 Details