Security Incidents

A user lost $316,000 in USDC due to a malicious Permit2 transaction, highlighting vulnerabilities in token approval mechanisms. GoPlus Security urges users to avoid phishing by following key security practices and installing its protective extension.

Cow Swap, a DEX aggregation platform built by Cow Protocol, suffered DNS hijacking on April 14. The attacker tampered with domain name records, redirecting user traffic to a spoofed website, and deployed a wallet-draining script. Cow DAO immediately paused the service and advised users to revoke approvals. This incident did not affect the protocol’s smart contracts, but users should remain alert to related risks and verify their transaction records.

Blockaid has identified a frontend attack on CoW Swap, marking its domain as malicious. Users are advised to cease interactions, revoke wallet authorizations, and await further updates from the CoW Swap team.

The Ethereum DeFi platform CoW Swap experienced DNS hijacking on April 14, which may put users at risk of phishing. Although the protocol itself was not compromised, the risk of frontend attacks remains high. The industry recommends that users revoke approvals before taking any future actions. CoW Swap offers batch transaction functionality and protects against MEV attacks, and its security incident may affect the entire DeFi ecosystem.

Blockaid's security system detected a frontend attack on Cowswap, flagging the website COW.FI as malicious. Users are urged to revoke wallet permissions and refrain from interacting with the DApp.

Polymarket announced an audit of some of the onboarded startup projects that have been accused of using allegedly insider trading account information to steer users into making trades. The move is intended to strengthen compliance management and address external concerns about the risks of insider trading.

Hacken’s report shows that in the first quarter of 2026, Web3 projects lost $464.5 million due to hacker attacks and scams, with phishing and social engineering attacks accounting for $306 million in losses. In addition, hardware wallet scams accounted for the bulk of the losses. Moreover, losses were also significant due to smart contract vulnerabilities and access control failures. In terms of regulation, the European legal framework has increased security monitoring requirements.

Recently, altcoins represented by RAVE have sparked a fierce investment craze, but some old star projects like FF and INX have used this wave of hype to carry out “pump-and-dump” operations—rapidly driving up coin prices to lure retail investors to buy, and then dumping them heavily, causing the price to plunge rapidly. Such behavior not only exposes the project team’s funding difficulties, but also damages investors’ trust. Investors need to stay alert to signals like abnormal short-term surges in order to avoid the risk of being manipulated by the market.

The U.S. FBI and Indonesian police successfully cooperated to dismantle a W3LL phishing network, seizing related equipment and detaining suspects. The W3LL phishing toolkit offers low-priced fake login pages that use man-in-the-middle attacks to easily bypass multi-factor authentication, forming an organized cybercrime ecosystem. This operation marks cooperation between the U.S. and Indonesia in law enforcement against cybercrime; however, the security threats to cryptocurrency users remain severe.

Solana ecosystem multi-signature agreement Squads issued a warning, pointing out that attackers launched an address poisoning attack against users by using fake accounts to trick users into making unauthorized transfers. Squads confirmed that there was no loss of funds and emphasized that this is a social engineering attack rather than a protocol vulnerability. To respond, Squads has implemented protective measures such as a warning system, non-interactive account prompts, and a whitelist mechanism. This incident reflects the growing social engineering threats in the Solana ecosystem and has prompted ongoing security reviews.

South Korea has recently seen multiple “revenge intermediary” organizations that use cryptocurrency as a payment method. They offer intimidation and murder services via Telegram. Even though the main culprit has been arrested, related advertisements are still being posted. Police are investigating more than 50 cases and have arrested about 30 people.

A fake Ledger app on Apple's App Store deceived musician Garrett Dutton into losing 5.9 BTC by entering his seed phrase. This case highlights ongoing wallet scams and the exploitation of trust, as the stolen bitcoin was laundered through KuCoin.

A certain cryptocurrency exchange was extorted by a criminal organization, which claimed it would release internal system access videos. The exchange confirmed it had not suffered a systemic breach, that customer funds are safe, and that due to improper conduct by customer service personnel, data from approximately 2,000 accounts was accessed. The exchange has revoked the relevant permissions and strengthened security controls. The company is working with law enforcement agencies to investigate.

Solana co-founder toly noted that the industry needs a stablecoin that can only be frozen under a court order, opposing other freeze factors. He suggested that the protocol issue a stablecoin with custom freeze strategies on the base layer and strengthen security measures. This view stems from a recent response by Circle to the Drift protocol hack incident, sparking discussions about centralized stablecoins.

A security incident involving the ERC-20 version of Polkadot on Ethereum raised concerns, emphasizing the risks of wrapped and cross-chain assets. An attacker exploited a flaw to mint and dump 1 billion DOT tokens, causing a market collapse and highlighting vulnerabilities in smart contract management.

_Musician G. Love loses 5.9 BTC in fake Ledger app scam, raising serious concerns about crypto security and user awareness worldwide._ A major crypto scam has affected Garrett Dutton, widely known as G. Love. The American singer lost 5.9 Bitcoin valued at almost 420,000. The loss occurred when he t

Author: Jae, PANews Compared with the external pressure of a bear market, Aave has instead seen a “black swan” emerge internally first. Aave, which has long occupied the throne of lending agreements, is now facing the most severe ecosystem shake-up since its founding. There has been no hacker attack, no code vulnerabilities—only power gone out of control and conflicting interests. From BGD Labs, a technical cornerstone, decisively leaving, to a public break between governance pioneer ACI (Aave Chan Initiative), and then to Chaos Labs, the risk-management steward, announcing that it is parting ways— a major “service provider retreat” is unfolding. The depth of this game goes far beyond a mere cooperation dispute; it has triggered

Polkadot faced a major security breach where an attacker minted 1B $DOT coins on Ethereum via a 3rd-party bridge, draining over $240,000 in $ETH. This incident highlights ongoing vulnerabilities in cross-chain infrastructure and its impact on market stability.

Circle CEO Jeremy Allaire addressed criticism at a news conference regarding the previously unfrozen stolen USDC, emphasizing that the company will only freeze wallets under law enforcement instructions. In addition, he said Circle is in communication with U.S. lawmakers, hoping to establish a “safe harbor” mechanism for stablecoin issuers.