Posts

Showing posts from May, 2026

How Aave Recovered From Its $293M Bridge Exploit in 40 Days

Image
  On April 18, 2026, a single forged message inside a cross-chain bridge triggered what became the biggest decentralized finance exploit of the year. The target was not Aave's code. It was the bridge Aave trusted. Kelp's LayerZero V2 bridge from Unichain to Ethereum was running a one-of-one verification setup, meaning one signer confirmed every cross-chain transaction. That signer got compromised through an RPC-poisoning attack. The result was 116,500 rsETH released onto Ethereum mainnet with no corresponding burn on the source chain. An attacker used those tokens as collateral on Aave and walked out with roughly $230 million in real assets. What happened after is less covered but more important. Aave did not collapse. Within 90 minutes, the Protocol Guardian froze the affected markets. Within 48 hours, a coalition of DeFi protocols was already forming to restore backing for affected users. That coalition, called DeFi United, eventually pulled together over $300 million in reco...

How Hackers Used Gravity Bridge's Own Validators to Steal $5.4M

Image
 A cross-chain bridge lost $5.4 million last week. Not because the code was broken. Because the people running it were turned against themselves without knowing it. Gravity Bridge, which connects Ethereum and the Cosmos ecosystem, was drained on May 30 after an attacker manipulated its validator set in a two-stage operation that took just over 28 hours from start to finish. Here is the basic structure of what happened. Gravity Bridge uses a system where funds on its Ethereum contract only release when validators holding 2/3 of the voting power sign off. No admin key. No override. Signatures are everything. A dormant wallet that had been a legitimate bridge relayer in early 2025 woke up after roughly 280 days and submitted a validator set update. It shrank the active set from 58 validators to 34. Enough of the original validators, by voting power, signed that change themselves, clearing the required threshold. Twenty-eight hours later, the concentrated set signed the withdrawal...

Circle Just Froze $12.6M Inside a DeFi Privacy Protocol and Nobody Was Warned

Image
  Circle, the issuer of USDC, blacklisted a live Ethereum smart contract on May 30, 2026, freezing approximately $12.6 million in user funds held inside Zama's confidential USDC wrapper. The action, executed at 01:08 UTC, came without any advance notice to Zama's team. The freeze traces back to a U.S. federal court temporary restraining order connected to a civil lawsuit filed against Overnight Finance founder Maxim Ermilov. The suit, Newton AC/DC Fund LP v. Maxim Ermilov et al. , alleged Ermilov misappropriated over $15 million from Overnight Finance's treasury. Judge P. Casey Pitts directed Circle to blacklist wallets tied to the alleged theft. The problem is that the Overnight Finance-linked wallet had deposited $12.4 million USDC into Zama's cUSDC contract on May 11, well before any sanctions flags existed on the address. Since that single deposit made up more than 99% of all funds in the contract at the time, the court order targeted Zama's entire wrapper rathe...

XRP's Biggest Exchange Inflow of 2026 Hit Right at the Bottom

Image
  Something strange happened with XRP on May 28, 2026. A flood of coins landed on exchanges, which normally signals that holders are getting ready to sell. But this inflow, the largest single-day exchange deposit for XRP all year at 22.80 million tokens, arrived at the exact moment the price hit its lowest point in 15 weeks. Within 48 hours, most of those coins were gone again. According to Santiment's on-chain exchange flow tracking, 25.24 million XRP moved back off exchanges between May 29 and May 30. The retail traders who sold near that low did so into a reversal they did not see coming. XRP climbed 5% from that capitulation point. This kind of pattern, large inflow at a low followed immediately by a larger outflow, has shown up in XRP's history before. It tends to point toward absorption rather than sustained selling. Coins that arrive at exchanges and leave quickly without dragging the price lower suggest buyers stepped in before sellers could clear the order book. On-cha...

Cardano's Treasury Just Said No to Its Own Founders. Here Is Why That Is Historic.

Image
  A 32.9 million ADA funding request from Input Output Global, the company that built Cardano's core protocol, is heading toward rejection. As of late May 2026, 86.72% of active DREP votes are against it. The vote closes June 8. Most headlines are treating this as a governance meltdown. It is not. The proposal covered legitimate science: Leios scaling technology, Peras protocol work, and post-quantum cryptography. The objection from independent Japanese DREPs was never about the research. It was about how the request was structured. No phased milestones. No capital release schedule tied to deliverables. One large all-or-nothing bundle asking the community to approve everything or nothing. In any serious commercial relationship, you do not hand a contractor a multi-million dollar check without delivery stages and measurable KPIs. The Japanese DREPs applied that same standard to a blockchain treasury, and the proposal did not pass it. Cardano founder Charles Hoskinson warned publ...

Midnight NIGHT Token Is Quietly Building Toward a Big Summer

Image
  Something is happening with the Midnight NIGHT token and most people tracking the broader crypto market are missing it. While Bitcoin headlines dominate the feeds, a smaller but increasingly active token called NIGHT has been climbing steadily on Binance. The 4-hour perpetual chart at $0.03990 tells part of the story. The bigger part comes from the man behind the project. Charles Hoskinson, the founder of Input Output Global and the architect of the Cardano blockchain, posted this week that Midnight is heading into what he expects to be a very good summer. His reasoning is specific: a network hardfork is coming, Korean exchanges are opening their doors to NIGHT, and Japan is already showing increased activity around the token. The hardfork is not a cosmetic upgrade. Midnight's core developer Sebastien Guillemot confirmed the ledger update introduces a built-in upgrade system, meaning the network can evolve without the kind of disruptive restarts that slow other blockchains down. ...

XRP Is Flashing a Warning Sign Retail Traders Are Missing

Image
  XRP has been quiet lately. Too quiet. The price is sitting around $1.33 and barely moving. Social chatter has dried up. Most retail holders are just waiting. But on-chain data published this week is showing something that the price chart is not. The NVT ratio for XRP, a metric that compares the network's total market value to its actual transaction volume, has climbed more than 20% above its 3-month baseline. That is an overvaluation warning. Not a rumour. Not a prediction. A metric. What makes this week's data more serious is what is happening on Binance at the same time. Spot inflows and outflows have both dropped approximately 98% from their 3-month averages. Active deposit addresses, the number of wallets actually sending XRP to the exchange, fell 94% from the same baseline. The spot market is not just slow. It has effectively stopped. Most crypto media covering XRP right now is focused on whether the NVT reading is bullish or bearish in isolation. That framing misses the...

: Bexo Wallet Hack: What You Need to Know After the $500K EVM Drain

Image
 Nearly 300 crypto wallets were emptied in a matter of hours this week. The attack hit users across ten different blockchains, and the name attached to the incident is one a lot of people in smaller wallet communities are only now hearing for the first time: Bexo. On May 28, Bexo wallet posted a public warning on X telling its users to move their funds to an external wallet immediately. The platform said it had detected irregular account activity and was actively investigating. A follow-up post gave users a step-by-step guide: take your 12-word recovery phrase, import it into MetaMask or Trust Wallet, and get your money out. That kind of warning does not come without a reason. On-chain researcher mrwildcat7 tracked the damage. At least 297 wallets were drained across EVM chains including Ethereum, Polygon, BNB Chain, Arbitrum, Optimism, Base, Scroll, and others. All the funds flowed into a single wallet address before being swapped out through FixedFloat, a no-KYC exchange. Tota...

Sui Network Went Down for 6 Hours. Here Is What Happened.

Image
  A bug hidden inside a routine software update shut down the Sui blockchain for nearly six hours on May 28, 2026. The fix came, the chain came back, but the questions about how it happened are still open. The issue was traced to the gas charging logic inside version 1.72 of the Sui protocol. Gas charging is the mechanism that calculates transaction fees before execution. A crash-level fault in that layer does not throttle the network. It halts it entirely. Sui Network confirmed on X that the mainnet stalled and that transactions were paused while the Core team worked on a solution. By the time the chain resumed, more than two-thirds of validators had upgraded to the patched version. SuiScan showed no new blocks or checkpoints for the entire downtime window. No user funds were lost. That part is confirmed. What is not confirmed yet is why a bug of this severity passed through the release process on a chain processing $111 billion in stablecoin transfers monthly. A full post-mortem ...

Stellar XLM Posts 40% Weekly Gain on DTCC News — But Technicals Signal Caution Ahead

Image
  Stellar's XLM had one of its strongest weekly closes in months. A 40% candle printed off the back of a major announcement between DTCC and the Stellar Development Foundation, confirming plans to integrate DTC's tokenization service with the Stellar blockchain. The news sent XLM past $0.20 briefly and pushed trading volume above $300 million in a single session. But the move has run price directly into a key resistance level. The 50-week exponential moving average at $0.22 hasn't been tested since October 2025. For anyone watching XLM through a technical lens, that's the first place to pay attention. Technical analyst ChartNerdTA flagged this on X immediately after the weekly candle closed, noting that while the move was well deserved given the DTCC catalyst, price was now at a level where rejection becomes the expected outcome. His read puts $0.16 below as the key support zone if selling kicks in at the EMA. What makes this story different is the longer timeframe pict...

XRP Just Broke $1.28: Here's What Analysts Are Watching Now

Image
  XRP dropped below $1.30 this week, and the reaction from the crypto community split sharply. Most retail holders are watching losses widen. A smaller group of technical analysts is mapping the dip as an entry opportunity. The immediate level that matters is the FIB support band between $1.28 and $1.24. Technical analyst ChartNerdTA flagged this on X as the zone that must hold to prevent a push toward $1.00. XRP was trading at $1.29 at time of writing. Separately, analyst CryptoPatel published a detailed accumulation map showing three entry zones: the first from $1.00 to $1.20 already filled, the second sitting between $0.85 and $0.70, and a third deeper zone from $0.65 down to $0.50. His long-term price targets run to $3, $7, and then $10 for XRP over a multi-year horizon. The chart structure shows XRP inside a descending wedge pattern with FIB confluence at $1.28 and $1.24. If those levels break on strong volume, the downside opens up faster. If they hold, the wedge compression ...

James Wynn Launched a $WORLD Token and Walked Away With $260

Image
  If you follow crypto Twitter, you already know James Wynn. The man turned a $7,000 stake in PEPE into over $83 million and became the most-watched trader on Hyperliquid with a $1.25 billion Bitcoin long. Now his name is attached to something much smaller: a Solana meme token called $WORLD that collapsed almost immediately after launch, leaving a trail on-chain that is difficult to look away from. On-chain tracking account Lookonchain posted on May 28 that Wynn launched $WORLD on Pump.fun and then dumped it. The exit netted 3.2 SOL, which works out to around $260. Transaction records on Solscan showed the wallet movements clearly. The token hit a brief price spike, then fell to near zero within minutes. Wynn responded quickly, posting on X that his account had been hacked. The problem is that his account had already posted the token's contract address earlier the same day, before Lookonchain flagged the launch. That sequence has raised obvious questions about the timeline. This fo...

Google Engineer Arrested for Insider Trading on Polymarket: What Crypto Users Need to Know

Image
 A Google software engineer known online as "AlphaRaccoon" was arrested in New York on May 27, 2026, charged with using confidential internal data to win $1.2 million on Polymarket, a crypto-based prediction market platform. Michele Spagnuolo, 36, an Italian citizen residing in Switzerland, allegedly accessed Google's nonpublic Year in Search 2025 data through an internal company tool and used that information to place targeted bets on which individuals would top Google's most-searched list for the year. Federal prosecutors say Spagnuolo staked approximately $2.75 million across 25 separate prediction market outcomes between October and December 2025. The bets landed with near-perfect accuracy. Once the Year in Search results went public on December 4, 2025, Spagnuolo's account cleared approximately $1.2 million in winnings. The case is not just about one engineer. It marks the second federal insider trading prosecution tied to Polymarket in 2026 alone. The fi...

Ethereum's Biggest Believer Just Sold. Here's What He Said.

Image
  One of Ethereum's most well-known advocates, David Hoffman, co-founder of the Bankless media platform, made headlines across the crypto world last week when he confirmed he sold his entire ETH position after holding for nine years. Hoffman was clear that this was not a bearish call on Ethereum as a technology. He remains, in his own words, massively bullish on the network and its ecosystem. What changed was his view on ETH as a financial asset. His argument: the thesis that ETH would become a globally dominant form of money has already run its realistic course. The network achieved a market cap that reflects its actual progress. The window for a structural rerating upward, or downward, appears to be closing. The timing is significant. Exchange outflow data from CryptoQuant shows Ethereum withdrawals from exchanges dropped to 16.05 million ETH over the past 30 days, the lowest figure since June 2024. Binance alone accounted for around 7 million ETH of that volume. The drop reflect...

Stake DAO Hack Explained: What the 5.4 Trillion Token Mint Means for DeFi Users

Image
 Stake DAO exploit on Arbitrum on May 27, 2026 is drawing attention across the DeFi space after an attacker minted 5.4 trillion vsdCRV tokens and began converting them to ETH. The attack started with a compromised private key. Specifically, the Stake DAO deployer wallet was taken over and used to reconfigure the protocol's LayerZero v2 OFT peer settings on the vsdCRV token contract. Once that reconfiguration was done, the attacker sent a forged cross-chain message that triggered a mint of 5,446,744,073,709 vsdCRV on Arbitrum. That is not a typo. 5.4 trillion tokens. On-chain security firm Blockaid caught the exploit as it was happening and pushed out public alerts. Stake DAO confirmed the situation shortly after and told users to avoid any interaction with vsdCRV until further notice. The damage did not stay contained to vsdCRV holders. Curve Finance followed with its own warning, telling users in the asdCRV LlamaLend market on Arbitrum to exit their positions as a precaution. T...

XRP's Whale-Retail Gap Just Hit a 12-Month Low — Here's What It Means

Image
  Something is shifting in XRP's on-chain structure. The Binance Whale vs Retail Spread, a metric that tracks the gap between large-holder outflows and smaller retail outflows on Binance, just retested 88.3%. That reading puts it at its lowest level since May 2024. The metric was flagged by CryptoQuant analyst Amr Taha, who noted that a single low reading can be written off as noise. But when the same zone gets retested within the same month, it stops looking like noise and starts looking like a structural shift. To understand what this means, here is the context. When the spread is above 94%, whale-sized withdrawals are running far ahead of retail-sized ones. That tends to match periods when XRP's price momentum is strongest. At 88.3%, that gap has compressed. Whales are still leading outflows, but not by the same margin as before. Now pair that with the price chart. Technical analyst ChartNerdTA flagged on X that $1.20 and $1.30 are acting as multi-month support for XRP. The ...

OKX P2P Scam Alert: How Kenyan Traders Are Losing USDT to MPESA Reversals in 2026

Image
  Kenyan traders selling USDT on OKX are facing a new wave of payment reversal fraud. A scammer sends M-Pesa payment from an unrecognized third-party processor, the seller releases the crypto, and seconds later the payment is reversed. Money gone. USDT gone. This is not a hypothetical. It happened on May 26, 2026. Screenshots shared on X showed a trader receiving Ksh64,950 from an entity called Finora Solution Ventures at 3:28 PM. One minute later, the full amount was reversed from their M-Pesa account. The crypto had already been released. Brian Mutuab (@Mutuabrian_M), a Nairobi-based P2P trader, confirmed it was the second case he had seen with this exact setup. His warning was direct: never accept payment from unrecognized third-party apps or banks. Stick to M-Pesa, Co-op, IM Bank, KCB, and NCBA. If a buyer sends from anything else, refund first. The scam has gone automated. Omar Patel Tate (@Ayadollar) explained that attackers no longer need to manually trigger prompts. Systems...

THORChain Is Rebuilding After a $10M Exploit and the Plan Is Actually Interesting

Image
 THORChain went down on May 15. A malicious node operator drained roughly $10.17 million from one of the protocol's vaults by exploiting a flaw in the GG20 threshold signature system. The network paused. Swaps went offline. And now, nearly two weeks later, the recovery is moving through governance, patches, and a live bounty window. The governance proposal at the center of everything is ADR028. Node operators approved it, and the plan covers losses through Protocol-Owned Liquidity without minting new RUNE or diluting existing holders. That is not the standard playbook after a DeFi exploit. Most protocols either mint tokens to cover gaps or quietly walk away. THORChain is doing neither. Patch v3.18.1 is already live on nodes. It fixes the immediate vulnerability and restores Rujira Network's borrow and repay functions. The next version, v3.19.0, is headed for stagenet testing before it gets pushed to mainnet. No launch date is confirmed yet. One move that generated serious di...

Why a DeFi Security Insider Just Told People to Get Out

Image
One of the people most responsible for making DeFi's largest protocols auditable just said he no longer trusts them. Manuel Aráoz, co-founder of OpenZeppelin — the security firm behind audits for Aave, Compound, MakerDAO, and Uniswap — posted publicly on May 26 that he now considers all of DeFi unsafe. He said he had already privately advised friends and family to exit positions before making the statement public. His reasoning is not emotional. It is structural. Smart contract security has always worked on an asymmetric basis. Defenders must close every gap. Attackers only need one. That was always true. What Aráoz says has changed is that AI coding agents are now operating at superhuman speed when scanning code for exploits. The time advantage defenders once had is narrowing or gone. This is not a fringe view showing up from outside the industry. OpenZeppelin is the firm that helped build the security standards the entire sector relies on. When someone with that background sa...

Binance Returns to the Philippines — Here Is What Changed

Image
  The Philippine crypto market just got a major update. Binance, the world's largest cryptocurrency exchange, has officially announced a partnership with BlockShoals Technologies Inc., a locally registered firm operating under the Philippine Securities and Exchange Commission's Crypto Asset Intermediary framework. This is not a quiet re-entry. BlockShoals went through more than two years of regulatory engagement with the SEC before receiving in-principle approval through the Commission En Banc in November 2025. The company is now inside the SEC's Strategic Sandbox, known as StratBox, which allows firms to test financial products in a live but controlled environment before any broader market launch. Why does this matter? Because Binance was formally banned in the Philippines in March 2024. The SEC ordered internet providers to block the exchange and directed Apple and Google to remove the app from their stores. Millions of Filipino users were cut off from one of the most liq...

XRP Ledger Upgrade Deadline Is Tomorrow: What the fixCleanup3_1_3 Amendment Actually Fixes

Image
  Tomorrow, May 27, 2026, the XRP Ledger activates its fixCleanup3_1_3 amendment. Every validator still running software older than version 3.1.3 loses network access the moment it does. That is not a threat. That is how XRPL's amendment blocking mechanism works by design. The upgrade, rippled 3.1.3, patches four protocol areas that have had known issues for some time. NFT creators on XRPL have dealt with expired NFTokenOffer entries sitting on the ledger and never being cleaned up. That gets fixed. Vault users have had trust line token limit checks skipped on withdrawals, which the amendment now enforces. Loan accounting in the Lending Protocol was not updating correctly when loans changed state, whether through default, impairment, or reversal. That gets corrected too. Permissioned Domains get an invariant check that stops failed transactions from altering domain state. Ripple engineer Ed Hennis committed the version update on May 6, 2026. The default vote on the amendment was se...

A Brussels Community Just Lost Everything to a Crypto Wallet Mistake You Can Fix Today

Image
  A cooperative in Brussels lost €110,000 on May 25, 2026. Not to a complex smart contract exploit. Not to a protocol vulnerability. To two signing keys stored in the same MetaMask wallet, belonging to a person who had already left the organization months earlier. CommonHub Brussels, a social community hub, ran its treasury through a SAFE multisig wallet on Gnosis Chain. SAFE wallets are considered one of the safest tools in Web3 finance — they require multiple independent signatories to approve any transaction. The system works, as long as the keys are genuinely independent and the signatories are still part of the team. Neither condition held here. Xavier Damman, speaking for the organization on X, confirmed that both keys belonged to the same individual, stored on one device. When an attacker compromised that MetaMask, both signatures were available instantly. The threshold was met. The €110,000 cleared in one transaction. The funds were converted from EURe, a regulated euro...

How a Fake Uniswap Pool Drained $3M From 86 Crypto Wallets Overnight

Image
 A major DeFi exploit on May 25, 2026 drained approximately $3.2 million from 86 Gnosis Safe wallets in under two hours. The incident targeted a third-party contract called the SquidRouterModule, deployed on both Ethereum and Base networks. What made this attack different from most DeFi hacks was the exit strategy. The attacker held real delegate permissions on the victim Safes but could not directly transfer funds. The module only authorized Uniswap V3 swap actions. So instead of attempting a blocked transfer, the attacker deployed a worthless ERC-20 token, built a fake Uniswap V3 pool, and used the victims' real assets to "swap" into it. Since the attacker owned the liquidity position, pulling the real funds out was straightforward. It is one of the most technically precise exploits seen on-chain in 2026. The attacker did not break the permissions. They worked entirely within them. Blockchain security firm Blockaid detected the attack in real time and published the e...

Ondo Finance Founder Nathan Allman Dies Unexpectedly — What It Means for the RWA Sector

Image
  One of crypto's most important builders died on May 25, 2026. Nathan Allman, the founder and CEO of Ondo Finance, passed away unexpectedly. No cause of death was given. The announcement came directly from Ondo Finance on X, and the reaction across the industry was immediate. Allman started Ondo in 2021 after working on Goldman Sachs' Digital Assets team. He had a specific vision: bring traditional financial instruments, U.S. Treasuries, yield-bearing stablecoins, and eventually tokenized equities, onto public blockchain infrastructure. That vision became a company with $3.79 billion in total value locked and flagship products that now run across 12 blockchain networks. OUSG, Ondo's tokenized Treasury fund, crossed $827 million in total value locked in late 2025. USDY passes Treasury yields directly to holders. Ondo Global Markets expanded the product range into tokenized stocks. The institutional partnerships that arrived under Allman's leadership, JPMorgan, Frankli...