Security Incidents

A certain cryptocurrency exchange was extorted by a criminal organization, which claimed it would release internal system access videos. The exchange confirmed it had not suffered a systemic breach, that customer funds are safe, and that due to improper conduct by customer service personnel, data from approximately 2,000 accounts was accessed. The exchange has revoked the relevant permissions and strengthened security controls. The company is working with law enforcement agencies to investigate.

Solana co-founder toly noted that the industry needs a stablecoin that can only be frozen under a court order, opposing other freeze factors. He suggested that the protocol issue a stablecoin with custom freeze strategies on the base layer and strengthen security measures. This view stems from a recent response by Circle to the Drift protocol hack incident, sparking discussions about centralized stablecoins.

A security incident involving the ERC-20 version of Polkadot on Ethereum raised concerns, emphasizing the risks of wrapped and cross-chain assets. An attacker exploited a flaw to mint and dump 1 billion DOT tokens, causing a market collapse and highlighting vulnerabilities in smart contract management.

_Musician G. Love loses 5.9 BTC in fake Ledger app scam, raising serious concerns about crypto security and user awareness worldwide._ A major crypto scam has affected Garrett Dutton, widely known as G. Love. The American singer lost 5.9 Bitcoin valued at almost 420,000. The loss occurred when he t

Author: Jae, PANews Compared with the external pressure of a bear market, Aave has instead seen a “black swan” emerge internally first. Aave, which has long occupied the throne of lending agreements, is now facing the most severe ecosystem shake-up since its founding. There has been no hacker attack, no code vulnerabilities—only power gone out of control and conflicting interests. From BGD Labs, a technical cornerstone, decisively leaving, to a public break between governance pioneer ACI (Aave Chan Initiative), and then to Chaos Labs, the risk-management steward, announcing that it is parting ways— a major “service provider retreat” is unfolding. The depth of this game goes far beyond a mere cooperation dispute; it has triggered

Polkadot faced a major security breach where an attacker minted 1B $DOT coins on Ethereum via a 3rd-party bridge, draining over $240,000 in $ETH. This incident highlights ongoing vulnerabilities in cross-chain infrastructure and its impact on market stability.

Circle CEO Jeremy Allaire addressed criticism at a news conference regarding the previously unfrozen stolen USDC, emphasizing that the company will only freeze wallets under law enforcement instructions. In addition, he said Circle is in communication with U.S. lawmakers, hoping to establish a “safe harbor” mechanism for stablecoin issuers.

Hong Kong police have disclosed a cryptocurrency investment scam in which a woman was tricked on Instagram, losing more than 2 million yuan. The fraudster posed as an investment expert, luring her into making transfers and exchanging cash multiple times. Police remind people to be more vigilant when making online friends and to watch out for transfer scams.

Hong Kong police have recently disclosed an online dating scam in which the losses exceeded HK$2 million. The fraudster initiated contact on Instagram, built trust, and then lured the victim in the name of “cryptocurrency investment,” prompting them to exchange in seven installments for USDT and transfer the funds. Police reminded residents to recognize the hallmarks of scams and advised using anti-fraud tools, urging vigilance when engaging in online dating that involves any fund transfers.

Justin Sun has exposed that the World Liberty Finance project has backdoor functions in its smart contracts, allowing asset confiscation without notice. This violates decentralization principles, harming investor rights and undermining trust in the blockchain community.

Hyperbridge HandlerV1 contract on Ethereum was hit by an MMR proof replay attack, resulting in a loss of about $242k. The attacker used the vulnerability to replay historical proofs to carry out privileged operations, and replay protection failed to effectively bind the request payload.

Hyperbridge's cross-chain gateway contract was recently attacked. The attacker forged messages to tamper with the contract administrators' permissions, illegally minted 1 billion bridged DOT, and sold it all off—but due to insufficient liquidity, they ultimately made only about $237k in profit. This incident did not affect the security of Polkadot's native chain.

Hong Kong police announced that a woman in her 50s was the victim of a cryptocurrency scam, suffering losses of more than HK$2 million. The scammer built a relationship with her through Instagram, lured her into investing, and asked for multiple transfers before ultimately disappearing.

Gate News message, April 13, market reports show that a Polkadot bridge vulnerability was exploited, and the attacker minted 1 billion DOT on the Ethereum network and has already sold it off.

Gate News message: On April 13, American musician Garrett Dutton (stage name G. Love) downloaded and used an application that impersonated a Ledger wallet from the App Store. After he entered his recovery phrase, 5.9 BTC was stolen, for an estimated loss of about $420k. On-chain analyst ZachXBT found that the attacker had moved the stolen Bitcoin through some

University of California researchers warn that some third-party AI large language model routers have security risks, which could lead to crypto assets being stolen. Testing found multiple routers injecting malicious code to steal credentials. Developers are advised to avoid transmitting private keys through AI agents and to strengthen security measures.

A 21-year-old Manhattan resident, Nicholas Truglia, faces 21 counts of felony charges for carrying out a SIM card swap attack that stole more than $23 million in assets from cryptocurrency investor Michael Terpin. This case highlights vulnerabilities in phone-number-based verification mechanisms, sparking discussions in the crypto community about the need for stronger security solutions and driving adoption of safer verification methods such as hardware security keys.

The conflict between the crypto project WLFI supported by Trump’s family and Justin Sun escalates, with Sun accusing the WLFI token contract of containing a backdoor that freezes users’ funds. WLFI, in turn, refutes Sun’s claims as exaggerated. This dispute highlights the tension between crypto project governance and the principles of decentralization.

According to the FBI’s 2025 report, losses from cryptocurrency-related scams reached $11.37B, up 22% from 2024. Among victims, the 60-and-over age group was hit the hardest; the report said investment scams were the main type, accounting for $7.23B in losses. AI was also used in scams, resulting in losses of about $893 million. Total losses from cybercrime were close to $21 billion.

Sun Yuchen publicly accused WLFI of hiding a freezing function in its smart contracts without disclosing it to investors, and criticized its centralized practices as deviating from the principles of decentralized finance. His wallet was added to the blacklist on suspicion of misappropriating funds, causing losses of more than 80 million dollars. Facing multiple pressures such as a sharp collapse in token prices and liquidity risk, WLFI has begun repaying its loans and has promised to roll out a governance proposal.