Security Incidents

Circle’s Chief Strategy Officer Dante Disparte responded to the Drift Protocol theft incident, emphasizing that freezing USDC is being carried out according to law, calling for stronger coordination between law and technology, and suggesting that DeFi protocols should draw on protection mechanisms from traditional markets to advance legal protection of property rights and financial privacy.

Decentralized GPU cloud computing platform Aethir confirmed that its Ethereum bridge contract was attacked, with losses kept within $90k. The team promptly disconnected the contract and worked with exchanges to deal with the hacker wallets. The attacker used a cross-chain smart contract to move funds. Aethir plans to announce a compensation plan next week, and revenue is expected to reach $127.8 million in 2025.

Bitcoin Depot reported a security breach where hackers stole 50.9 BTC, worth approximately $3.6 million, by compromising internal settlement account credentials. This incident highlights vulnerabilities in crypto companies' operational infrastructure, emphasizing the need for enhanced security measures.

Aethir issued a security advisory on April 10, confirming that it successfully blocked a malicious attack on the ATH token cross-chain bridge contract, with losses under $90k. All affected contracts have been disconnected, and the core circulating supply remains intact. Aethir will work with trading platforms and law enforcement agencies to support the freezing of funds and the identification and tracking of the attacker, and it will publish investigation updates and a compensation plan in its Discord community.

Security research reveals that in the LLM agent ecosystem, over 20% of free API routers actively inject malicious code, leading to asset theft and credential crises. In addition, the Claude code-leak incident has enabled attackers to spread malware by exploiting developers’ curiosity. The research team proposes a three-layer defense mechanism to address supply-chain security risks.

Solayer’s founder exposes a security vulnerability in large language model (LLM) routers; in 428 routers, more than 20% exhibit malicious behavior, such as private keys being stolen. The research recommends that developers implement a separate end-to-end integrity verification mechanism on the client side and provides three defense options to mitigate supply-chain attacks.

The U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection announced that it will expand free cyber threat intelligence to eligible digital asset companies—marking the first time the cryptocurrency industry has been included in the country’s national financial cybersecurity information-sharing framework. This initiative is intended to help digital asset companies respond to cyber threats more effectively and to align with relevant policy recommendations to strengthen the resilience and security of the financial system.

Solayer’s founder reveals safety risks of large language models, pointing out that LLM agents relying on third-party API routers face a risk of being attacked by malicious code. Testing shows that multiple routers have security vulnerabilities, and can even leak sensitive credentials. In addition, research demonstrates feasible attack methods and defense measures.

The French National Assembly has passed a rule requiring mandatory reporting of crypto assets held in self-custody wallets above 5,000 euros, applicable to multiple mainstream wallets. The DGFIP opposes this, arguing that enforcement will be difficult and that data centralization will increase user risk. Experts say the law may be hard to implement and urge users to closely monitor subsequent developments.

Blockchain security platform GoPlus issues an alert, warning that the EngageLab SDK has a serious vulnerability that affects more than 50 million Android users, mainly cryptocurrency wallet users. Attackers can steal private keys and login credentials through stealthy cross-app attacks. Developers and users are advised to update immediately to the secure version to prevent losses.

Stabble, a Solana decentralized exchange, advised users to withdraw liquidity after a former executive was linked to alleged North Korean hacking, causing its total value locked to plummet by 62%. This incident highlighted the importance of personnel trust in decentralized platforms.

An FBI report shows that in 2025, the United States lost $11.4 billion due to cryptocurrency scams, up 22% from the previous year. Many of the scams are controlled by criminal groups in Southeast Asia. Victims lose an average of more than $60k each, and many even lose their life savings.

The U.S. Department of the Treasury expands its Cybersecurity Threat Identification Program, providing free threat intelligence services for blockchain companies to address the cybersecurity challenges facing the digital asset industry. A series of recent attack incidents, especially cases involving North Korean infiltration, have highlighted the risks to the crypto industry, prompting the government to incorporate it into its financial infrastructure protection framework to improve security defenses.

Phantom Wallet malfunctioned during the airdrop period, causing abnormal token prices and account balances to display. Although the assets are safe, users suffered trading losses, triggering compensation demands and a trust crisis. The incident also increased concerns about blockchain security, and some malicious actors may take advantage of the chaos to launch phishing attacks. Although the technical issue has been fixed, improvements are still needed to the user experience and system stability.

Phantom Wallet experienced a malfunction during the airdrop period, causing the token price and account balances to display abnormally. Although the assets were safe, users suffered transaction losses, triggering compensation requests and a crisis of trust. The incident also heightened concerns about blockchain security, as some bad actors may take advantage of the chaos to launch phishing attacks. While the technical issue has been fixed, improvements are still needed for the user experience and system stability.

Phantom Wallet experienced a malfunction during the airdrop period, causing abnormal token prices and account balances to display. Although users’ assets were safe, users suffered transaction losses, leading to compensation requests and a trust crisis. The incident also heightened concerns about blockchain security, and some bad actors may take advantage of the chaos to launch phishing attacks. While the technical issue has been fixed, improvements are still needed for the user experience and system stability.

A crypto project founded by the Trump family, WLFI, has drawn market attention to liquidity risk and alleged insider connections through lending facilitated by Dolomite. WLFI pledges stablecoins USD1 and platform tokens, borrows $31.4 million, and moves it to a CEX that is suspected to be used for exchanging it into fiat currency. WLFI has a high concentration level and also carries liquidation risk. On-chain data shows that WLFI has recently transferred a large amount of tokens, with the destination unclear, and has not yet responded regarding the transactions.

A certain CEX participated in an "Operation Atlantic" operation led by the U.K. National Crime Agency to crack down on crypto and investment scams, with a particular focus on authorized phishing schemes. The CEX provided on-site support, helped identify victims and malicious websites, and shared intelligence with law enforcement agencies, protecting thousands of potential victims.

On-chain sleuth ZachXBT accuses Gurhan Kiziloz, the suspected co-founder of the casino platform Spartans, of spearheading the Blockdag Network project, allegedly luring retail investors into fundraising with false promotion of $300 million, and withdrawing the funds to the Middle East within two years. Gurhan is also suspected of lavish spending and using public relations to maintain his image.