Security Desk

Security

The one desk that watches all three beats: AI systems being manipulated, crypto protocols being drained, and the quantum timeline for breaking today's encryption. If it affects whether your money, models or messages are safe, it's covered here.

76 briefings

incident & advisory log

yfarmx://security-desk
  1. [CRYPTO]ERC-8213 could make wallet signing clearer for Web3 usersERC-8213 is a proposal to improve how wallets display signature and calldata information. Here is what ERC-8213 does, why it matters for Web3 security, and what needs to happen next.
  2. [CRYPTO]USDP Exploit: proxy takeover drains stETH from ‘fully audited’ stablecoinUSDP, a decentralised stablecoin protocol launched in September 2025, has been halted after a critical exploit on 4 December allowed an attacker to mint 98 million USDP and drain around $1 million in liquidity, including roughly 230+…
  3. [CRYPTO]AI exploits blockchain: Anthropic’s red team puts DeFi on noticeAnthropic’s latest frontier red-team study is a neat, slightly chilling proof-of-concept: AI exploits blockchain at scale, in simulation, and it is already economically worthwhile. Their researchers wired up autonomous agents to poke at…
  4. [CRYPTO]Cryptomixer takedown: Europol drains a €1.3 billion laundering hubA Cryptomixer takedown announced today has removed one of Europe’s longest-running Bitcoin mixers from the ransomware and darknet tool kit. In a joint action led by Swiss and German police, and supported by Europol and Eurojust under…
  5. [CRYPTO]Yearn Finance exploit: Legacy yETH pool drained after infinite-mint bugOn Sunday, the Yearn Finance protocol’s legacy yETH product was exploited, allowing an attacker to mint effectively unlimited yETH and drain almost 9 million dollars’ worth of ETH and liquid staking tokens from Balancer and Curve pools…
  6. [CRYPTO]Upbit hack explained: exchange blames signature bugThe upbit hack is only a few days old, but Upbit already has a preferred explanation: a cryptographic bug in its own Solana wallet stack that may have allowed attackers to infer private keys from biased signing data. Whether that story…
  7. [CRYPTO]Tornado cash sanctions ruling: how a US court pulled OFAC backThe tornado cash sanctions story has flipped from headline enforcement win to legal setback for the US Treasury. In 2022, OFAC treated Tornado Cash like a sanctioned entity and blacklisted its smart contracts; by April 2025, a federal…
  8. [CRYPTO]Bitmain investigation: National security concernsThe Bitmain investigation, codenamed Operation Red Sunset, pulls Bitcoin mining hardware into the national security frame. Federal agencies are now treating Chinese-made ASIC rigs as potential vectors for espionage and grid disruption…
  9. [CRYPTO]Cardano disruption explained: the library bug impactOn 21 November, a malformed delegation transaction turned an obscure library bug into the most visible cardano disruption the network has seen. For roughly half a day, Cardano ran two parallel histories, exchanges paused flows, and ADA…
  10. [CRYPTO]ICIJ’s Coin Laundry investigation part 2: Inside crypto’s cash desksIf Part 1 of Coin Laundry was about the exchanges, Part 2 is about the bit they’d rather not talk about: the places where crypto turns back into envelopes of cash, diamonds, gold bars and yacht rentals, often without anyone asking who…
  11. [CRYPTO]Coin Laundry: ICIJ’s $28 billion probeAn ambitious new cross-border investigation from the International Consortium of Investigative Journalists, The New York Times and 36 partner outlets (dubbed Coin Laundry) alleges that at least $28 billion in suspect crypto has coursed…
  12. [CRYPTO]DOJ’s $15M USDT DPRK-related crypto seizureOn Friday, the U.S. Department of Justice (DOJ) announced its latest North Korea crypto seizure: more than $15 million in Tether (USDT) linked to state-backed hackers and a sprawling fake-IT-worker network that burrowed into 100+…
  13. [CRYPTO]Bybit report claims 16 blockchains can freeze user fundsBybit’s in-house research team, Lazarus Security Lab, has published a report “Blockchain Freezing Exposed” claiming that 16 major blockchains already include code or controls that can freeze or restrict user funds, with a further 19…
  14. [CRYPTO]DOJ forms “Scam Center Strike Force” aimed at crypto-fraud ringsThe U.S. Department of Justice has stood up a new Scam Center Strike Force to dismantle transnational “pig-butchering” operations that use crypto investment schemes to fleece Americans. Led by the U.S. Attorney’s Office for the District…
  15. [CRYPTO]Hyperliquid’s POPCAT wipeout: inside the $63m liquidation cascadeOn Thursday, Hyperliquid (one of DeFi’s busiest perp venues on its own Layer-1) endured what analysts dubbed “peak degen warfare.” A single actor engineered a violent collapse in the POPCAT perpetual market, deliberately torching…
  16. [CRYPTO]UK Sentencing of Zhimin Qian, the China crypto fraudsterOn 11 November 2025, Southwark Crown Court jailed Qian for 11 years and eight months for laundering proceeds from a vast China-based fraud that targeted more than 128,000 victims. UK authorities say they seized over 61,000 BTC (valued…
  17. [CRYPTO]Suspects in Roman & Anna Novak case now in custodyRussian authorities have arrested multiple suspects accused of abducting and killing crypto fraudster Roman Novak and his wife Anna Novak in the UAE this October. The couple (once symbols of post-pandemic digital wealth) were found…
  18. [CRYPTO]USDX depeg: DeFi’s “delta-neutral” blind spotHear AI summary 0:00 / –:– Playback speed 0.8×0.9×1.0×1.25×1.5×1.75× USDX, a delta-neutral stablecoin issued by Stables Labs, snapped its $1, flushing to $0.3887 and hovering far below par on a circulating supply that recently sat near…
  19. [CRYPTO]Reentrancy Family of AttacksThe reentrancy family of attacks occur when a smart contract makes an external call to another untrusted contract before it resolves its own state. If the external contract contains a fallback function that makes recursive calls back…
  20. [CRYPTO]zachXBT and BNB: lowering the noise, raising the barListen to summary 0:00 / –:– Playback speed 0.8×0.9×1.0×1.25×1.5×1.75× BNB Chain has done something grown-up: it has hired scrutiny. The zachXBT and BNB collaboration isn’t myth-making or a new lick of paint; it proceeds on the view…
  21. [CRYPTO]MEV bot operator returns $12.8M in Berachain Balancer exploitHear article summary 🎧 0:00 / –:– Playback speed 0.8×0.9×1.0×1.25×1.5×1.75× A white-hat MEV operator has emerged at the centre of the Berachain exploit, playing a decisive role in recovering and returning nearly $12.8 million drained…
  22. [CRYPTO]Moonwell exploit highlights perils of stale oraclesThe moonwell exploit on 4 November 2025 exposed a quietly lethal risk in DeFi’s plumbing: not faulty code, but complacent data. Roughly $1 million (about 292 ETH) was drained from the multi-chain lending protocol after it relied on a…
  23. [CRYPTO]Balancer hack, V2 vaults drained in $100M exploitBalancer’s V2 vaults were picked clean for roughly $70.6m on Ethereum and (via forks and clones) roughly $116m across chains (figures under verification). The incident underscores how migration inertia and latent code paths can magnify…
  24. [CRYPTO]Berachain hard fork. Emergency response after Balancer exploitBerachain, a high-performance EVM-compatible Layer 1 blockchain, executed an emergency hard fork following a critical exploit linked to Balancer V2’s smart contract vulnerability. The attack, which originated on Balancer’s Ethereum…
  25. [CRYPTO]Human Rights Foundation raises alarm over The Quantum Threat to BitcoinThe Human Rights Foundation (HRF) has sounded a clear warning: The Quantum Threat to Bitcoin is no longer a sci-fi edge case but a planning mandate. If cryptographically-relevant quantum computers (CRQCs) emerge within the next 5–20…
  26. [CRYPTO]Zcash’s privacy promise – and the edge where surveillance livesHear article summary 0:00 / –:– Playback speed 0.75×1.0×1.25×1.5×1.75× Privacy rarely breaks at the math, it frays at the edges. As Zcash draws fresh attention, it’s worth separating robust on-chain cryptography from the real-world…
  27. [CRYPTO]AWS outage disrupts Coinbase and RobinhoodAWS outage disrupts Coinbase and Robinhood, highlighting risks of centralised cloud reliance.
  28. [CRYPTO]$3M XRP Theft, A Cautionary Tale$3M XRP theft highlights risks and user errors in self-custody solutions. ZachXBT traced the stolen funds to sanctioned exchange Huione.
  29. [CRYPTO]Hidden Code on Blockchains: Malware, Messages, and MischiefFrom botnets to Rickrolls, hidden code on blockchains reveals just how weird and unerasable the digital ledger has become.
  30. [CRYPTO]DPRK Embraces EtherHiding: Malware Goes On-ChainEtherHiding: North Korea uses blockchain to hide malware, marking a new era in cyber threats.
  31. [CRYPTO]SEAL’s ‘Verifiable Phishing Reporter’ takes aim at cloaked scam sitesVerifiable Phishing Reporter by SEAL Org combats sophisticated phishing tactics using TLS attestations.
  32. [CRYPTO]WazirX Cleared by Singapore Court, Users to be CompensatedWazirX cleared by Singapore Court, paving the way for relaunch after $234M hack.
  33. [CRYPTO]Alleged Flash Crash Insider Denies Trading AllegationsAlleged flash crash insider denies insider trading and opens a new $340 million Bitcoin short.
  34. [CRYPTO]Ripple Attackathon: Secure the XRP LedgerRipple Attackathon offers $200K to secure the XRP Ledger lending protocol.
  35. [CRYPTO]Zcash Rally Defies Market TrendsZcash Rally defies the crypto market crash, surging over 450% amid rising global financial surveillance.
  36. [CRYPTO]MEV / transaction-order abuseFront-running Description:Front-running is when an attacker or MEV searcher deliberately inserts their transaction just before a target transaction to gain an economic edge – for example buying before you to profit from your price…
  37. [CRYPTO]Sahil Strikes Again: Jesse Pollak Duped into Promoting Fake Tyson Fury Coin on ZoraSahil strikes again with a fake Tyson Fury coin on Zora, raising questions about platform credibility.
  38. [CRYPTO]The Odin.Fun Comeback: Resilience After HackThe Odin.Fun Comeback explores ODIN•FUN’s resilience after a major hack.
  39. [CRYPTO]Cryptojacking Scheme: Influencer Jailed for FraudCryptojacking scheme by Charles O. Parks III led to a 12-month jail term for exploiting cloud resources to mine cryptocurrency.
  40. [CRYPTO]BTCTurk Hack Halts Exchange ServicesBTCTurk Hack sees $48M in digital assets stolen, halting withdrawals.
  41. [CRYPTO]Darknet Founder Arrested in Bitcoin ScandalDarknet founder Tomas Jirikovsky arrested in a $45M Bitcoin scandal linked to ex-Justice Minister Pavel Blazek’s resignation.
  42. [CRYPTO]Solana Theft: Ex-Developer Awaits SentencingSolana Theft: Former Pump.fun developer pleads guilty to $2M fraud, awaits sentencing.
  43. [CRYPTO]Do Kwon Pleads Guilty to Fraud ChargesDo Kwon pleads guilty to fraud charges related to the $40bn Terra collapse.
  44. [CRYPTO]Tornado Cash Conviction Raises ConcernsTornado Cash Conviction: Roman Storm’s case raises concerns over developer liability and privacy in the crypto industry.
  45. [CRYPTO]Bitcoin Laundering: $20 Million Scheme Dismantled in ChinaUncovering a $20 million Bitcoin laundering scheme in China.
  46. [CRYPTO]Crypto Malware Hits Steam: “Chemia” Incident Exposes RisksCrypto malware is surging, with stealers like Lumma stripping browser data, cookies, and hot‑wallet files while loaders inject payloads.
  47. [CRYPTO]Monero 51% Attack? How Qubic’s uPoW Redefines Network SecurityExplore how Qubic’s innovative uPoW concept impacts Monero network security.
  48. [CRYPTO]Pengu Dusting Scam: Protect Your AssetsUncover the Pengu dusting scam plaguing Solana. Learn how to protect your crypto from sophisticated threats.
  49. [CRYPTO]WOO X: Withdrawals Frozen Amid $14M Phishing BreachWOO X halts withdrawals following a $14M phishing breach, spotlighting security vulnerabilities and liquidity concerns.
  50. [CRYPTO]$220M SUI Network Cetus Exploit – Oracle BugA single oracle-pricing bug let an attacker drain more than $626 million from Cetus, the biggest DEX on Sui, in minutes. Our deep-dive reconstructs the on-chain transactions, traces the laundering trail, and explains why oracle…
  51. [CRYPTO]Coinbase Data Breach, $20 Million Extortion BidCoinbase faces renewed scrutiny after a coinbase data breach in which hackers bribed offshore support contractors, siphoned customer data and demanded a $20 million bitcoin ransom, an extortion the exchange refused to pay. The…
  52. [CRYPTO]DeFi’s Centralised Gateways Under Fire After Twin Incidents at Curve and ZKsyncDecentralised finance prides itself on tamper-proof code, yet the past two days underlined how exposed its Web2 skin remains.
  53. [CRYPTO]SIM-Swap Culprit Faces 24 Months Over Fake Bitcoin-ETF X PostU.S. prosecutors have asked Judge Amy Berman Jackson to sentence 25-year-old Eric Council Jr. to two years in prison for the January 2024 SIM-swap attack that let him seize the Securities and Exchange Commission’s X account and publish…
  54. [CRYPTO]Mashinsky Sentenced, Celsius Ruling Signals Limits on LeniencyAlex Mashinsky sentenced to twelve years for the Celsius fraud, a ruling that signals Washington’s hard limit on retail deception in crypto.
  55. [CRYPTO]$330M Bitcoin Theft and Monero LaunderingOn April 27, 2025, a wallet holding 3,520 Bitcoin was drained, with funds swiftly moved. ZachXBT revealed the Monero laundering operation, as the attacker swapped the BTC into XMR via instant exchanges, spiking Monero’s price 50% to $339.
  56. [CRYPTO]ZKsync Hack $5 Million in Controlled ReturnZKsync’s recent exploit resolution highlights the uneasy normalisation of bounty-based restitution in decentralised finance. While the protocol successfully recovered nearly $5 million through a safe-harbour arrangement, the broader…
  57. [CRYPTO]SBF Speaks from Behind BarsFrom behind the bars of a high-security prison, Sam Bankman-Fried passionately defended his innocence in the FTX collapse during a phone call with The New York Sun, hinting at a political pivot toward Trump and criticising the legal…
  58. [CRYPTO]Railgun Returns Stolen Funds: $9.5 Million zkLend ExploitThe zkLend exploit reveals how privacy protocols with compliance mechanisms can unexpectedly reverse illicit gains, casting fresh light on the evolving interplay between DeFi, enforcement, and user anonymity.
  59. [CRYPTO]Tornado Cash: Developer Pertsev’s Release and House ArrestAlexey Pertsev’s supervised release marks a pivotal moment in the Tornado Cash saga, igniting debates over crypto privacy, regulatory overreach, and the future of immutable digital technologies.
  60. [CRYPTO]SparkCat: New Malware Uses OCR to Steal Crypto Wallets from Your PhotosKaspersky Lab has warned that a new program called SparkCat uses neural networks to steal photos and other data on both iOS and Android smartphones, particularly targeting cryptocurrency wallets. SparkCat’s malicious code employs OCR to…
  61. [CRYPTO]Scammers Hit for $10 Million in DogWifTools ExploitDogWifTools, a favorite tool among Pump[.]fun ruggers, was exploited for $10 million—draining users’ wallets, including hot, cold, and centralised exchange accounts. In a twist of irony, the scammers became the scammed.
  62. [CRYPTO]Misconceptions Around The Tornado Cash RulingThe U.S. Court of Appeals for the Fifth Circuit had already reversed and remanded the OFAC sanctions on Tornado Cash. Today’s event was more procedural, not a fresh ruling, here’s what actually happened: ▫️ The Fifth Circuit had…
  63. [CRYPTO]SBF Appeal Seeks to Overturn Conviction, Cites Judicial BiasSam Bankman-Fried has filed an appeal seeking a retrial of his fraud conviction, citing judicial bias and claiming that the original trial was unfair. His legal team argues that the judge’s actions compromised the fairness of the trial,…
  64. [CRYPTO]Indodax Hack: $22 Million Lost in Major Crypto BreachIndonesian cryptocurrency exchange Indodax has suffered a significant security breach, resulting in the loss of over $22 million in digital assets.
  65. [CRYPTO]zkSync and Avalanche Discord Breaches Underscore Urgent Need for Enhanced SecurityBoth zkSync and Avalanche found their official Discord servers compromised today.
  66. [CRYPTO]Faulty Upgrade Script Caused $10 Million Ronin Bridge Hack, Report RevealsA recent $10 million hack on the Ronin bridge was caused by a critical error in an upgrade script, leaving the system vulnerable to unauthorised withdrawals. The flaw allowed an attacker to exploit the bridge without needing validator…
  67. [CRYPTO]Ripple Co-Founder’s Personal Accounts Compromised in $112.5 Million HackIn a significant breach impacting the cryptocurrency industry, Chris Larsen, the co-founder of Ripple, experienced a substantial Ripple hack involving his personal XRP wallets. This alarming security breach led to the unauthorised…
  68. [CRYPTO]Lazarus Group’s Sneaky Tactics: Attempts to Steal from Euler Finance HackersOn March 15th, 2023, Euler Finance, a decentralised finance (DeFi) protocol built on the Ethereum network, suffered a flash loan attack resulting in the loss of $199 million worth of digital assets. However, on March 21st, 2023, new…
  69. [CRYPTO]Grand Theft Auto VI Game Footage Leaked as Hacker Demands at Least $100,000 in CryptocurrencyA hacker has leaked pre-release footage of Grand Theft Auto VI, the most anticipated video game by Rockstar and Take-Two Interactive Software Inc.
  70. [CRYPTO]Premint NFT Hack Victims to Receive $500K in Ethereum as Platform Acquires VulcanApproximately $525,000 will be refunded to defrauded Premint customers, according to Mulligan. The NFT platform is also acquiring wallet security firm Vulcan to help prevent future hacks.
  71. [CRYPTO]Hacked Ronin Bridge will Reopen with Enhanced Security and RefundsAxie Infinity, the play-to-earn game based on NFT’s, is bringing the Ronin Bridge back three months after being hacked and developers are saying things will be different this time.
  72. [CRYPTO]OpenSea Discord Hack, NFT’s Stolen in fake YouTube Phishing AttackOpenSea Discord hack goes to show that even the biggest NFT marketplaces can’t keep their channels safe from scammers.
  73. [CRYPTO]U.S. Blacklists Crypto Mixer Used to Launder Proceeds from Axie Infinity HackOn Friday, the Treasury Department announced sanctions against a crypto mixer it accused North Korea of using as part of its malicious cyber activities program to launder stolen digital currency.
  74. [CRYPTO]After $600 million crypto hack, Axie Infinity raises $150 million to launch new gameLast week Sky Mavis, the Vietnam-based company behind the crypto game Axie Infinity, revealed that a hacker stole hundreds of millions of dollars worth of crypto from its blockchain. At nearly the exact same time, it’s launching a new…
  75. [CRYPTO]Crypto Giant Binance Bails out Ronin Network after HackA cryptocurrency and NFT games company that was hacked for more than $540 million (£412 million) last month now says its customers will be reimbursed after it received an injection of cash.

⚠ EXPLOIT TRACKER

Every major crypto exploit we've logged — protocol, date, amount lost and how it happened. One of the tools this desk maintains.

Open the tracker →