Rekt

Syscoin - Rekt

Thu, 11 Jun 2026 14:53:26 +0000

5 billion SYS minted from a malformed SPV proof that slipped past Syscoin’s bridge relay parser. The team published the receipts, coordinated a whitehat recovery, and the funds came back. No public audit record for the relay path that failed.

_{-- Delivered by RssEverything service}

TesseraDao - Rekt

Tue, 09 Jun 2026 15:13:37 +0000

One key held everything. TesseraDAO lost $2.49 million - minted from nothing, dumped, and gone through Tornado Cash. No multisig, no real audit, not even an acknowledgment that they were exploited. Just hollow men, straw governance, and a Telegram full of bots.

_{-- Delivered by RssEverything service}

Gravity Bridge - Rekt

Thu, 04 Jun 2026 17:13:40 +0000

$5.4 million gone from Gravity Bridge after an attacker minted worthless tokens on Osmosis, poisoned the token registry with a fabricated denom string, and walked out with real assets. The attacker didn't break the code. They just found where it stopped asking questions.

_{-- Delivered by RssEverything service}

DxSale - Rekt

Tue, 02 Jun 2026 15:53:34 +0000

A 2021 DxSale locker, an unprotected admin key, $7.3 million gone. Decurity flagged the risk in 2023 for $500. Two compromised contracts holding $15.5 million remains untouched, for now.

_{-- Delivered by RssEverything service}

Poisoned Pipeline

Fri, 29 May 2026 12:01:01 -0400

One poisoned VS Code extension silently auto-updated to 2.2 million developers, and TeamPCP walked out with 3,800 GitHub internal repositories in eleven minutes, the culmination of eight months spent climbing the developer supply chain one trusted tool at a time.

_{-- Delivered by RssEverything service}

New Market Trading - Rekt

Thu, 28 May 2026 10:08:51 -0400

$3.98 million drained from 88 Gnosis Safes across three chains on New Market Trading. A third-party Safe module trusted caller-supplied data over msg.sender. One missing require check. Anyone who read the source code could drain every wallet.

_{-- Delivered by RssEverything service}

THORChain - Rekt III

Thu, 21 May 2026 13:48:01 -0400

A malicious node is believed to have exploited THORChain’s GG20 TSS signing stack to leak vault key material, reconstructed the private key offline, and drained $10.7 million across multiple chains. The network halted itself. The attacker was already gone.

_{-- Delivered by RssEverything service}

Paranoid By Default

Mon, 18 May 2026 14:13:37 -0400

They told you to connect everything. You wrote the explainer. They sent you to a conference. On May 11, someone else did the checking - 170 packages, 518 million downloads, OpenAI's signing certificates. The unaudited stack is the attack surface. Be paranoid by default.

_{-- Delivered by RssEverything service}

TrustedVolumes - Rekt

Thu, 14 May 2026 16:00:53 -0400

$5.87 million gone in one transaction. A permissionless signer function, a broken authorization check, and unlimited approvals did the rest. TrustedVolumes' contract was never open-sourced. The team hadn't posted in over a year. The bug bounty line is open.

_{-- Delivered by RssEverything service}

Is Age Verification a Trap?

Tue, 12 May 2026 07:45:11 -0400

Is Age Verification a Trap? Every bill in this wave invokes children. Every system gets breached. Every jurisdiction that builds it never repeals it. The ratchet only turns one direction. And no one asked if you wanted it built.

_{-- Delivered by RssEverything service}

Wasabi Protocol - Rekt

Mon, 04 May 2026 14:52:58 -0400

Admin key compromised, UUPS upgrades pushed to over a dozen vaults across four chains - Wasabi Protocol lost $5.9 million before most users saw a single alert. No multisig. No timelock. April 2026 was DeFi's worst month on record. Are we April Fools?

_{-- Delivered by RssEverything service}

The Stack Nobody Checked

Thu, 30 Apr 2026 11:40:05 -0400

The AI protocol wired to your org has been exploited a dozen times since 2025. The creator called the flaw expected behavior. One hacker used Claude to breach nine Mexican agencies. Crypto firms on this stack could be exposing on-chain operations and internal comms.

_{-- Delivered by RssEverything service}