Polymarket hit by $2.9M theft, users to be refunded
Polymarket said it contained the compromise and removed the affected dependency after attackers injected a malicious script into its frontend. Go to Source
Cybersecurity
Auto Added by WPeMatico
DeFi TVL drops 39% in 2026 amid market downturn and record hack activity
DeFi TVL fell 39% in 2026 as a broader market downturn and fallout from major exploits, including the Kelp DAO hack, weighed on the sector. Go to Source
THORChain resumes trading more than a month after $10M exploit
THORChain resumed all network activity after implementing multiple security upgrades and a vault migration to fix the vulnerabilities that led to the $10.7 million exploit. Go to Source
Q2 2026 emerges as most-hacked quarter on record with 83 incidents
Crypto hackers stole $755 million across 83 cybersecurity incidents, as cross–chain bridges remained the most costly attack vector of the crypto industry. Go to Source
France to stop certifying products lacking quantum-resistant encryption
France’s cybersecurity agency plans to block certification of products without quantum-resistant encryption starting in 2027, with full adoption targeted for 2030. Go to Source
Zcash Patches Critical Bug Enabling Unlimited Counterfeit ZEC Minting as Price Crashes 41%
Zcash developers have patched a critical flaw in the Orchard shielded pool that a security researcher showed could forge an unlimited supply of counterfeit ZEC. The token fell more than 40% as the disclosure came to light. A Forgery Flaw Hidden Since 2022 Zcash founder Zooko Wilcox confirmed that security researcher Taylor Hornby had uncovered … Read more
Stake DAO Freezes Arbitrum vsdCRV Markets After Attacker Mints 5.4T Synthetic Tokens
On May 27, decentralized finance platform Stake DAO suffered an infinite-minting exploit on its Arbitrum protocol. However, Stake DAO core contributors quickly secured the mainnet funds backing the tokens, shut down the vsdCRV bridge, and successfully contained the exploit. Infinite-Minting Loophole Triggers Exploit Decentralized finance ( DeFi), platform Stake DAO confirmed May 27 that its … Read more
GitHub Worm Hits npm Packages With 16M Downloads
A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising AntV, echarts-for-react, and Microsoft’s durabletask SDK. Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads The Mini Shai-Hulud campaign, attributed to the threat group Team PCP, does not work the way most supply chain attacks do … Read more
Defillama Confirms April 2026 as Crypto’s Most-Hacked Month With 30 Incidents
April 2026 closed as the most-hacked month in crypto history by incident count, with Defillama confirming 28 to 30 separate exploits and more than $625 million stolen across the industry. Key Takeaways: Defillama confirmed April 2026 as the most-hacked month in crypto history, with 28-30 incidents totaling over $625M stolen. Drift Protocol lost $285M on … Read more
Mach-O Man Malware Steals macOS Keychain Data in Lazarus Group Crypto Campaign
North Korea’s Lazarus Group has deployed a modular macOS malware kit called Mach-O Man that uses fake meeting invites to steal credentials and crypto wallet access from fintech executives and developers. Key Takeaways: North Korea’s Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026. Bitso’s Quetzal Team … Read more