Defendor — DeFi Security
Kanalga Telegram’da o‘tish
Web3 Security Feed Ads: https://t.me/arsen_btnk
Ko'proq ko'rsatish2 302
Obunachilar
+1124 soatlar
+107 kunlar
+16630 kunlar
Postlar arxiv
🚨 Security Alert: Crypto-Linked Extortion Cases Surge in France
France reported 77 crypto-related kidnapping, extortion, or attempted extortion cases in the first half of 2026, already surpassing the 45 cases recorded across all of 2025.
Criminals are increasingly targeting crypto holders outside the digital world, highlighting the growing importance of operational security alongside wallet security.
🔗 Details
🚨 AFI Protocol afiUSD Vault Exploit
The ~$484K afiUSD vault exploit stemmed from a trojanized Foundry proof-of-concept, not a smart contract flaw.
The malicious PoC enabled FFI, executed hidden system commands, compromised a developer's machine, and gave the attacker remote access to drain the vault.
🔗 Details
🛡️ CertiK Launches Invite-Only Security Platform
CertiK introduced CertiK Hunt, an invite-only platform that brings together bug bounty programs, audit competitions, and AI security challenges, with researchers and projects selected through a review process to improve report quality.
The platform launched with GoldfishFi as its first program and will gradually onboard more participants. CertiK also announced the retirement of SkyShield, with existing reports continuing through the normal review and payout process.
🔗 Details
🗓️ Weekly Web3 Security Roundup: $4.1M Lost
Two notable incidents combined for roughly $4.1M in losses across the Web3 ecosystem this week, June 22-28.
A full vulnerability breakdown and in-depth analysis of each case is available in the linked report.
🔗 Details
☠️ 30 Malicious npm Packages Target DeFi Developers
SlowMist flagged a coordinated supply-chain campaign using fake trading-bot repos and DeFi-themed npm packages to steal wallet vaults, private keys, and developer credentials.
The campaign spans 30 malicious packages, with one locked dependency linked to a repo boasting ~2.3K likely batch-generated forks.
🔗 Details
🔮 Edel Finance Drained for $403K via Oracle Manipulation
Edel Finance, an Aave-fork on Ethereum, lost ~$403K after an attacker flash-loaned 180K USDC and ran a 41x supply/borrow loop to skew the ERC-4626 share ratio of wGOOGLx, inflating its reported price from ~$180 to ~$28K.
With massively overvalued collateral, the attacker borrowed out 204K USDC plus tokenized stocks wSPYx, wQQQx, wMSTRx, wNVDAx, and wTSLAx, draining most of the pool's ~$602K TVL.
🔗 Details
🛡️ EtherFi Outlines Its Multi-Layer Security Approach
EtherFi has detailed its security investments, including hardened cross-chain infrastructure, deprecated chains that fell below security standards, and real-time monitoring with emergency response controls.
On the risk side, roughly 50% of assets sit in non-restaked positions with zero allocations to slashable restaking protocols, guided by a principle of being non-custodial and actively defended.
🔗 Details
📊 June 2026: $81.7M Lost Across 67 Incidents
June 2026 saw roughly $81.7M lost to exploits, with $12.7M of that tied to phishing, marking the highest number of recorded incidents (67) since the start of 2026.
🔗 Details
🕵️ $250K Atomic Stealer Theft Traced to KuCoin Mule Accounts
A community report says a victim of a $250K Atomic stealer theft from August 2025 traced the stolen funds to multiple KuCoin deposit addresses, allegedly tied to accounts opened using purchased mule KYC.
The victim later received a legal warning after raising concerns publicly, adding to broader reports of blocked access and alleged illicit fund flows tied to KuCoin.
🔗 Details
🏛️ Aave Governance Funds Concord Formal Verification Framework
Aave governance has approved funding for Concord, an open-source framework for formally verifying that smart contract upgrades preserve protocol behavior.
🔗 Details
🤖 Cantina's AI Auditor Matches Human Audits 100% on Critical Bugs
Cantina analyzed 1,610 production runs of Apex, its AI bug hunter, finding that across 8 codebases with a comparable human audit, Apex matched every critical and high-severity finding, 9/9 and 32/32.
Findings scale sub-linearly with compute (doubling adds ~40% more bugs), and on every audit checked, the AI compute needed to match a human audit's crit+high set was orders of magnitude cheaper than the audit's actual cost.
🔗 Details
🏦 Vault4626 Exploit Drains ~$53K via Double-Pay Bug
A custom ERC-4626 Uniswap V3 LP yield vault on Base and Arbitrum lost ~34 WETH (~$53K) after a redeem function double-paid the WETH side of the position, both valuing it via TWAP and transferring the actual WETH.
The attacker flash-loaned 1.755M USDC and 12.92 WETH to seize nearly all shares of a small vault, donated WETH to inflate the double-paid balance, then redeemed to drain the position across 3 vaults.
🔗 Details
🔬 How Formal Verification Caught a Future Risk in Kamino Lending
Certora's formal verification flagged a precision loss bug in Kamino Lending's exchange rate calculation, where rounding down during division could let a user redeem slightly more liquidity than they deposited.
The bug needed a token supply above 2^59 to trigger and wasn't exploitable on Solana at the time, but Kamino patched it anyway using a Mul-Div pattern to round down and prevent future risk.
🔗 Details
🔥 AIDC Token Exploit Drains $120K via Flawed Burn Logic
AIDC on BSC lost 220.12 WBNB (~$120,929) after a flawed burn mechanism let the attacker repeatedly burn tokens from the PancakeSwap pair instead of the seller.
This artificially deflated the pool's reserves on sync(), letting the attacker drain nearly all WBNB from the AIDC/WBNB pair in a final swap.
🔗 Details
⚡️ Cantina's AI Catches Chain-Halting Bug in Provenance
Cantina's AI Code Analyzer flagged a high-severity liveness bug in Provenance's trigger module, where a user could name a transaction trigger block-height or block-time to collide with reserved keys and crash every validator in EndBlocker.
Provenance confirmed the issue and shipped a fix in v1.27.1, swapping unsafe type assertions for checked conversions on the consensus path.
🔗 Details
⚠️ How Input Validation Flaws Caused a $13.4M Hack
January's $13.4M exploit of SwapNet worked because its low-level call function validated approvals but never checked what the actual call did, letting an attacker swap a router address for USDC and pass transferFrom as the calldata to drain wallets with infinite allowances.
Aperture Finance was hit by the same pattern hours later for $3.67M, pushing combined losses past $17M across four chains before SwapNet paused on Base.
🔗 Details
🌪️ DLMC Exploiter Launders $222.5K via Tornado Cash
The DLMC attacker exploited the protocol for ~$222.5K on BNB Chain through price/oracle manipulation, then bridged the funds to Ethereum via Li.Fi and Mayan Swift.
The proceeds were swapped and split into 37 ETH worth of Tornado Cash deposits, broken into 10 ETH and 1 ETH notes.
🔗 Details
🚨 SecondFi Update: 374 Wallets Hit, $2.4M Confirmed Lost
EMURGO confirms 374 wallet addresses were affected across 3 attack events on SecondFi, totaling roughly 16 million ADA (about $2.4M) compromised, while ~129 million ADA has already been secured through rescue efforts.
Compromised wallets are considered permanently unsafe at the address and key level, so affected users are warned not to restore seed phrases elsewhere, with an official recovery process coming soon.
🔗 Details
🛡️ Oak Security Launches Free OpSec Academy
Oak Security has launched the OpSec Academy, 18 free operational security guides covering device hardening, key management, multisig operations, CI/CD security, and incident response.
The launch also includes an AI-powered OpSec Agent trained on Oak's knowledgebase, built on the idea that the next exploit may target operations, not code.
🔗 Details
🎯 Sherlock: Why Penetration Testing Is Now Core to Web3 Security
Sherlock says protocol risk has moved beyond the contract into wallets, frontends, signing flows, and infrastructure, making penetration testing an increasingly routine part of full security reviews.
Their breakdown covers real bugs outside the contract, like malicious dApps smuggling hidden fields into signed messages, and injected wallet providers forging events from the page itself.
🔗 Details
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
