Community
Contribute by sharing insights and tips to strengthen the community.
Category
π Anatomy of the Taiko Hack: How a GitHub Key Leak Drained $1.7M from an Ethereum L2June 22, 2026 | Blockchain Forensic AnalysisIntroductionJust past midnight on June 21, 2026, approximately $1.7 million vanished from the bridge of Taiko, an Ethereum Layer 2 blockchain. The attacker didn't need a sophisticated exploit. A single signing key left exposed on GitHub was more than enough.Security firm Blockaid was the first to detect anomalous activity. The Taiko team quickly posted on X (formerly Twitter), urging all bridge users to withdraw their funds immediately. South Korean exchanges β Upbit, Bithumb, Coinone, and Korbit β suspended TAIKO deposits and withdrawals within hours.So where exactly did the money go? We traced the attacker's footsteps on-chain.The Attack: Forging a Proof to Open the VaultTaiko relies on a system called Raiko β an SGX (Secure Enclave)-based proof generator β to verify the validity of transactions bridging between chains. The signing key for this system had been left publicly accessible on GitHub.The attacker obtained this key and executed the following sequence: β Crafted fraudulent "MessageSent" events without any real bridge deposits β‘ Submitted forged withdrawal proofs to the Ethereum mainnet bridge contract β’ The bridge contract accepted the proofs as legitimate and released ERC-20 Vault assets β£ Assets worth millions were drained β without a single dollar ever being deposited In plain terms: the attacker checked out funds they never checked in.Four Attacker Wallets β Published by Taiko ItselfThe Taiko team disclosed four attacker wallet addresses directly on X, requesting cooperation from centralized exchanges.Following the Money: A Step-by-Step BreakdownStep 1 β Immediate Post-Exploit: Token DispersionThe primary wallet (0x7506...b76a) extracted the following assets directly from the Taiko Bridge contract (0xd60247c6848B7Ca29eDdF63AA924E53dB6Ddd8EC):Step 2 β ETH Siphoned Into a Holding WalletThe attacker split 500 ETH into exactly five transfers of 100 ETH each, routing them to a separate holding wallet (0xa98035081fb739ebe9c8f80904668fb11438a846). This is a textbook structuring pattern β breaking up large transfers to evade detection thresholds.π΄ As of the time of analysis, this wallet still holds 778 ETH β approximately $1.34 million β with no outbound movement recorded.For investigators, this is a window of opportunity. The funds remain accessible for freezing via legal process or exchange cooperation before they move further.Step 3 β Stablecoins Routed Through UniswapThe stablecoins and ERC-20 tokens (USDC, USDT, crvUSD, CRV, WBTC) were consolidated at the swap hub wallet (0x9108...acd4), then swapped via Uniswap V3 and fully dispersed. That wallet's current balance is zero.Step 4 β TAIKO Tokens Cashed Out via MEXCThe fastest-liquidated asset was the TAIKO token itself. On-chain data corroborated by Lookonchain shows the attacker transferred 1.99 million TAIKO (β $189,000) directly to MEXC within hours of the exploit.Notably, MEXC is listed on South Korea's KoFIU (Korea Financial Intelligence Unit) high-risk / unregistered exchange blocklist β suggesting the attacker deliberately chose a venue where regulatory freeze requests face higher friction and slower response times.Full Fund Flow Map [Taiko Bridge Contract: 0xd602...d8ec] β Forged proof withdrawal βΌ [Attacker Wallet #1: 0x7506...b76a] ββ 500 ETH Γ 5 splits βββββββββΊ [ETH Holding Wallet: 0xa980...a846] β π΄ 778 ETH (~$1.34M) STILL SITTING HERE β ββ USDC / USDT / crvUSD / CRV / WBTC β ββββββββββββββββββββββββΊ [Swap Hub: 0x9108...acd4] β βββΊ Uniswap V3 swaps β drained β ββ 1,990,000 TKO βββββββββββββββββΊ MEXC (cash-out in progress) [Attacker Wallet #2: 0x5fbc...4990] ββ 1,990,000 TKO βββββββββββββββββΊ MEXC [MEXC-linked address: 0x3cc9...cf18] ββ 1,500 ETH βββββββββββββββββββββΊ MEXC internal transfer confirmed Three Lessons This Hack Leaves Behindβ Operational Security Is Code QualityThis attack didn't exploit a bug in Taiko's bridge logic. The contracts themselves functioned as designed. What failed was operational security (OPSEC). A signing key was left in a public GitHub repository. No amount of cryptographic sophistication matters if the key walks out the front door.β‘ Bridges Remain DeFi's Weakest LinkRonin ($620M, 2022). Wormhole ($320M, 2022). Nomad ($190M, 2022). Now Taiko. Cross-chain bridges require complex verification logic by their very nature β and complexity is attack surface. Until the industry develops more robust, trustless bridge architectures, this pattern will repeat.β’ Attackers Know the Regulatory MapThe choice of MEXC was likely not accidental. Unregistered exchanges operating outside major regulatory frameworks respond more slowly β or not at all β to freeze requests. Sophisticated attackers now factor the regulatory geography of their cash-out venues into their operational planning. This is a level of tradecraft that investigators must account for.Where Things Stand NowOn-chain evidence shows 778 ETH (approximately $1.34 million) has not moved from the holding wallet as of this writing. That is a meaningful recovery opportunity if law enforcement and the Taiko team act swiftly.Taiko has stated it is actively coordinating with its Security Council and ecosystem partners. South Korean exchanges have designated TAIKO as a cautionary trading asset and will reassess the status in the fourth week of July.Closing ThoughtThis hack was not technically sophisticated. But it was effective β and expensive. What the attacker left behind on-chain, however, is a remarkably clear trail. The immutability of the blockchain cuts both ways: every transaction is permanent, public, and traceable.$1.7 million moved in the dark β but the ledger kept the lights on.This analysis is based on publicly available on-chain data. All addresses and transaction hashes are independently verifiable on the Ethereum mainnet.Analysis date: June 22, 2026
Date: June 22, 20260. Forensic MethodologyTo reconstruct this complex cross-chain incident, the ChainBounty Threat Intelligence team deployed the SentinelTX Blockchain Forensic Intelligence System. Our technical investigation utilized a structured, multi-layered approach to establish an immutable chain of custody:OSINT Ingestion: Seeded the initial technical parameters by identifying 4 core attacker entity addresses via public security alerts from PeckShield and Blockaid.Multi-Chain Screening: Monitored real-time transaction activity and balance state changes across both the Ethereum Mainnet and the Taiko Layer-2 (L2) network.Outbound Proximity Tracing: Tracked the downstream movement of illicitly extracted funds up to an operational depth of 5 distinct hops.Token-Specific Forensics: Isolated and tracked individual asset ledgers independently, including TKO, USDC, USDT, WBTC, CRV, crvUSD, WETH, iZi, and weETH.Bridge Tracking: Identified and verified cross-chain telemetry data passing through the official Taiko Bridge contract.Inbound & Cluster Attribution: Analyzed the funding sources and internal transfer ties of the swap executor address to evaluate joint-control relationships.Smart Contract Reverse-Engineering: Audited creation timestamps, internal state calls, and event logs for malicious proxy architectures.Centralized Exchange Identification: Traced endpoints reaching exchange hot wallets and cross-verified counterparty profiles against international regulatory lists (including the South Korean FIU blocklist).Valuation Metric Note: All digital asset values are calculated using the spot exchange rates at the exact block timestamp of the respective transaction. Low-liquidity tokens (e.g., iZi) are tracked strictly by native token volume to preserve the primary evidentiary value of the chain of custody.1. Executive SummaryOn June 21, 2026, at approximately 22:07 UTC, the Taiko Bridge infrastructure suffered a major exploit. The threat actor successfully executed a forged message proof verification attack by exploiting a leak of the system's SGX signing keys, allowing them to extract approximately $1,700,000 in multi-token digital assets.The attacker deployed an aggressive, multi-path liquidation and layering operation across the Ethereum Mainnet using 4 core wallets, with the primary exploit engine identified as EOA address 0x7506DeA0c38ca0B55364B22424374c5Alae1B76a.Key Investigation Findings:CEX Liquidation (MEXC Global): The attacker moved 1,990,000 TKO tokens through a 2-hop layering sequence into a MEXC Exchange hot wallet. MEXC is currently flagged as an unregistered, high-risk counterparty on the South Korean Financial Intelligence Unit (KoFIU) blocklist.Decentralized Token Swapping: The attacker transferred a massive basket of stolen assetsβincluding 649,761 USDC, 138,139 USDT, 0.426 WBTC, 126,160 CRV, and 156,832 crvUSDβinto a dedicated swap agent address to convert them into ETH via Uniswap V3. Cluster analysis confirms this agent operates under the same unified operator control as the main exploiter.Layer-2 Bridge Escapism: The attacker successfully routed 500.005 ETH through the official Taiko Bridge back into a Taiko L2 address. These funds are currently sitting stagnant on Layer-2.Stagnant L1 Residue: The primary exploit wallet still holds a residue balance of 2,140,403 iZi and 0.53 weETH on the Ethereum mainnet.2. Complete Chronological Attack TimelineTimestamp (UTC) Event Transaction Hash (TX) Associated Addresses Amount / Assets 2024-05-01Target Vault CreationN/A0x996282calle5deb6b5d122cc3b9alfcaad4415abExploit Source Vault2026-03-04Malicious Proxy DeploymentN/A0x6f21c543a4af5189ebdb0723827577elef57eflfSuspicious Contract2026-06-18 05:47:59Pre-Attack L2 Setup0x8744d8364abf6f5a7e2010af3198aa86ed820f018067ebe9f19849f985912ee20x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a8460.005 ETH2026-06-21 22:07:00Exploit ExecutionMultiple Consolidated Traces0x996282ca...15ab -> 0x7506DeA0c38ca0B55364B22424374c5AlaelB76aBulk Stolen Assets2026-06-21 22:11:35Swap Agent Delegation0x1b6d504f2e35eabeda731bbbbda5f2a8acad2aea8e7ecalebc701fd37f7dd26c0x7506DeA0...1B76a -> 0x9108828e30f2de407aadb0af677b4a9228e4acd4Multi-Token Basket2026-06-21 22:26:23Secondary USDC Swap0x85c4d6c318a0060a169b8e8b47410603216a94a1b238d4c6b7a77fa27e87c78d0x9108828e...acd4 -> 0x7506DeA0...1B76a26,000 USDC Swap2026-06-21 22:28:59TKO Layering - Hop 10x5d8127d07d0b94263c11be2a51f01b610f287580fb29ed3f4d35aa27359837d40x7506DeA0...1B76a -> 0x5fbc60a12bc6635e7d587d8dac52e4b1388b49901,990,000 TKO2026-06-21 22:37:35TKO Layering - Hop 20x6f262f8860a21761023e63d3b6c2291c27eba85c865d9aaa2387c3d9967eded50x5fbc60a1...990 -> 0x3cc936b795a188f0e246cbb2d74c5bd190aecf181,990,000 TKO2026-06-21 23:58:11Bridge Injection (1/5)0xa2b259f7daeb5485327f472afcdc638c6ca26d6a83537ad8e5f658b2bf8d38870x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a846100 ETH2026-06-21 23:58:59Bridge Injection (2/5)0x93fle93c47173d6d1811c62d49f84f5eaab95a3041dd7f7ale639adac19d40d40x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a846100 ETH2026-06-21 23:59:59Bridge Injection (3/5)0x467bd50f788f5e934503ab95cc0396fda5775fe26459f5455d81221444cf9c5d0x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a846100 ETH2026-06-22 00:10:11Bridge Injection (4/5)0x43431c9eee9c8d4b764a9d7e6ea83614361b804d42eb4b910a24d67fb9f0f49b0x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a846100 ETH2026-06-22 00:32:11Bridge Injection (5/5)0x25f2dc828d6c66d880f9b92ecda9e6531f85d82df629628f86a9ba5cec104dfd0x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a846100 ETH[cite: 2]2026-06-22 00:33:35Auxiliary EOA Setup0x9ce9d5529e6ff01d05c80ef16a8c687aefa78f35710298c365925d9e85f624100x7506DeA0...1B76a -> 0x2f205367f408269b2aae3dd5fd4358aa6ae8d7e00.05 ETH[cite: 2]2026-06-22 00:43:59Supplementary Bridge0x4096b723fa8f06a84ed6f5d8dd4e88ea71e793e379585c625731887496dec09d0x7506DeA0...1B76a -> 0xa98035081fb739ebe9c8f80904668fb11438a846100 ETH[cite: 2]2026-06-22 00:55:23L2 Micro-Bridge Route0xfee99d74e8459d7ed28a9f9aa488af32cae55e7e0dd00905170b73025e3b5b880x2f205367...d7e0 -> 0xd60247c6848b7ca29eddf63aa924e53db6ddd8ec0.01 ETH[cite: 2]2026-06-22 01:07:47Secondary Micro-Bridge0xee20d87660670033faa486589e115b74ac788be6ce047bf9647408930a068def0x2f205367...d7e0 -> 0xd60247c6848b7ca29eddf63aa924e53db6ddd8ec0.01 ETH[cite: 2]2026-06-22 01:27:59Proxy Intercept (1/3)0x67900d1499ee23864bf857662f6cde6e059de4d9a3b4b9d335862b3b626dc2a50x2f205367...d7e0 -> 0x6f21c543a4af5189ebdb0723827577elef57eflf0.001 ETH[cite: 2]2026-06-22 01:48:47Proxy Intercept (2/3)0x77b219ef57e98875f2159c1d569b7f965ealee0adedd6a22ca96c2aaa5da5a7e0x2f205367...d7e0 -> 0x6f21c543a4af5189ebdb0723827577elef57eflf0.001 ETH[cite: 2]2026-06-22 02:31:47Proxy Intercept (3/3)0xdb21315494272eba02ccad0fe94dcb5c71d1fb6d94384b4a80b1de3875a524410x2f205367...d7e0 -> 0x6f21c543a4af5189ebdb0723827577elef57eflf0.001 ETH[cite: 2]2026-06-22 11:38:47Terminal CEX Deposit0x9efa97d7a5f695ad6e5b249abcef9b40cee775105f11d6ac9f1c7452293dd03b0x3cc936b795a188f0e246cbb2d74c5bd190aecf18 -> MEXC Hot Wallet1,990,000 TKO[cite: 2]3. Detailed Inventory of Stolen AssetsAsset Symbol Extracted Token Volume Asset Classification / Operational Status USDC649,761.00Stablecoin Ledger / Fully Liquidated to ETH via Uniswap V3[cite: 2]USDT138,139.00Stablecoin Ledger / Fully Liquidated to ETH via Uniswap V3[cite: 2]WBTC0.42634415Wrapped Bitcoin / Fully Liquidated to ETH via Uniswap V3[cite: 2]CRV126,160.973069Curve DAO Asset / Fully Liquidated to ETH via Uniswap V3[cite: 2]crvUSD156,832.011092Curve Stablecoin / Fully Liquidated to ETH via Uniswap V3[cite: 2]WETH20.700000Wrapped Ethereum / Consolidated into Main Capital Flow[cite: 2]iZi2,140,403.026072Low-Liquidity Token / Stagnant Residue inside Main Exploit Wallet[cite: 2]weETH0.530999Wrapped Liquid Staking ETH / Stagnant Residue inside Main Exploit Wallet[cite: 2]4. Advanced Fund Flow & Cluster AnalysisPath A: The TKO Layering & CEX Liquidation RouteTo obscure the origin of the Taiko (TKO) native tokens, the attacker utilized a programmatic, 2-hop layering architecture before initiating cash-out sequences.This rapid, highly coordinated multi-hop execution (completed within a tight window) proves a clear intent to delay corporate asset freezes and defeat automated exchange heuristics.Path B: Uniswap V3 Coordinated Swap ClusterThe non-native token balances were offloaded to a dedicated external address: 0x9108828e30f2de407aadb0af677b4a9228e4acd4. This entity interacted across five isolated liquidity pools on Uniswap V3:USDC Pool: 0x88e6a0c2ddd26feeb64f039a2c41296fcb3f5640USDT Pool: 0x11b815efb8f581194ae79006d24e0d814b7697f6CRV Pool: 0x919fa96e88d67499339577fa202345436bcdaf79WBTC Pool: 0xcbcdf9626bc03e24f779434178a73a0b4bad62edcrvUSD Pool: 0x4dece678ceceb27446b35c672dc7d61f30bad69eOur inbound flow analysis explicitly proves a Single Operator Cluster model: the swap agent interacted exclusively with the primary exploit engine, maintained zero individual financial upside, and returned 100% of the newly acquired ETH straight to the primary attacker EOA.Path C: Cross-Chain Gateway Loop (Taiko L2)Following capital consolidation, the attacker pushed a significant liquidity block back into Layer-2 through the official Taiko Bridge (0xd60247c6848b7ca29eddf63aa924e53db6ddd8ec). A total volume of 500.005 ETH was funneled directly into L2 address 0xa98035081fb739ebe9c8f80904668fb11438a846.Our ongoing 7-day deep tracking confirms that these Layer-2 assets remain completely stagnant. The attacker may be keeping the funds idle on L2 to evade the immediate automated tooling and tracking focus applied to Layer-1.5. Comprehensive Key Address LedgerTarget Address Entity Type System Identity / Forensic Role First Spotted Activity On-Chain Notes & Anomalies 0x7506DeA0c38ca0B55364822424374c5Alae1B76aEOAPrimary Exploit Engine2026-06-18Drained L1 Vault; holds 2.14M iZi & 0.53 weETH0x5fbc60a12bc6635e7d587d8dac52e4b1388b4990EOAHop-1 TKO Intermediary Proxy2026-06-21Single-use disposable transit wallet0x3cc936b795a188f0e246cbb2d74c5bd190aecf18EOAHop-2 Dedicated MEXC Depositor2026-06-21User-level CEX deposit intake pipeline0x9108828e30f2de407aadb0af677b4a9228e4acd4EOAProgrammatic Swap Router Agent2026-06-21Part of single operator cluster; balance now zero0xa98035081fb739ebe9c8f80904668fb11438a846EOATarget L2 Attacker Vault2026-06-18Sits on 500.005 ETH with zero L2 outbound moves0x2f205367f408269b2aae3dd5fd4358aa6ae8d7e0EOAAuxiliary Operational Address2026-06-22Created post-exploit; routed micro-bridge gas funds0x6f21c543a4af5189ebdb0723827577elef57eflfContractMalicious Proxy Intercept2026-03-04Inbound-only execution; yields 0 event logs0x996282calle5deb6b5d122cc3b9alfcaad4415abContractExploit Source Target Vault2024-05-01Source of the bulk unauthorized token drainage0x75e89d5979e4f6fba9f97c104c2f0afb3f1dcb88CEXMEXC Global Hot WalletHistoricalTerminal destination for 1.99M stolen TKO tokensForensic Noise Exclusion: During the data compilation phase, we intercepted a transfer of 138,139 ha138com spam tokens originating from 0x757c3a8883b11b2e15c30dee9813ddcb64cbf76a. This has been formally classified as an Address-Poisoning / Air-Drop phishing attack and is entirely unrelated to the core exploit architecture.6. Centralized Exchange Vulnerability & AttributionThe single most critical vector for off-chain identity attribution lies within the TKO cash-out trajectory to MEXC Global (0x75e89d5979e4f6fba9f97c104c2f0afb3f1dcb88).The terminal transaction hash 0x9efa97d7a5f695ad6e5b249abcef9b40cee775105f11d6ac9f1c7452293dd03b deposited 1,990,000 TKO on June 22 at 11:38 UTC. Because the source depositor EOA (0x3cc936b795a188f0e246cbb2d74c5bd190aecf18) is directly mapped as a unique, user-level intake lane, a formal compliance disclosure request to MEXC will expose crucial security logs, including registration IPs, device IDs, and linked fiat withdrawal routes.7. Immediate Threat Mitigation & Action PlanChainBounty advises asset issuers, core foundations, and global compliance cells to coordinate on the following intervention pathways immediately:MEXC Emergency Asset Freeze (Urgent): Submit a formal asset preservation request to MEXC Compliance to freeze any credit equivalent to the 1.99M TKO deposit. Concurrently, law enforcement should prepare an international Mutual Legal Assistance Treaty (MLAT) or Letter Rogatory to subpoena the account owner's KYC profile.Layer-2 Containment Protocols: Request that the Taiko Foundation and L2 bridge operators enforce a structural monitor and circuit breaker on address 0xa98035081fb739ebe9c8f80904668fb11438a846 to freeze the stagnant 500 ETH before any outbound L2 transfer can execute.Token Blacklisting: Coordinate with the dev teams at Izumi Finance and EtherFi to evaluate blacklisting capabilities for the remaining 2,140,403 iZi and 0.53 weETH currently stranded inside the L1 hacker address.Regulatory Reporting Escalation: File a Suspicious Transaction Report (STR) with international financial intelligence networks (e.g., South Korean KoFIU) regarding the use of blocked, high-risk platforms for criminal laundering purposes.8. ConclusionThe Taiko Bridge exploit underscores the devastating ecosystem risks of core cryptographic key management failures, specifically regarding SGX signing environments. By manufacturing forged message validation proofs, the attacker bypassed traditional contract boundaries to steal $1.7M in multi-token assets.While the attacker's sophisticated use of multi-hop TKO layering and dedicated automated Uniswap swap agents temporarily complicated tracing, their operational security broke down at the exchange onboarding endpoints. The combination of a locked 500 ETH block on Layer-2 and an explicit KYC trail at MEXC provides global security forces with an actionable framework for fund recovery and attribution.ChainBounty Threat Intelligence has locked webhooks onto all associated cluster addresses. Real-time updates will be deployed automatically if any L2 state updates occur.
Date: June 19, 2026Executive SummaryOn June 15, 2026, the Web3 ecosystem witnessed a sophisticated attack targeting the Thetanuts Finance Legacy Index Vault on the Ethereum mainnet. ChainBountyβs Threat Intelligence team has conducted a full on-chain forensic investigation into the incident, mapping the attacker's execution methods and subsequent money laundering operations. While the initial exploit successfully drained approximately $2,100,000 in option tokens, rapid intervention by a whitehat hacker resulted in the recovery of approximately $2,000,000. The attacker managed to successfully bridge and launder the remaining assets, resulting in a realized net loss of approximately $105,000. Forensic MethodologyTo unearth the full scope of this attack, ChainBounty utilized the SentinelTX Blockchain Forensic Intelligence System, analyzing on-chain data up to June 19, 2026. Trace Parameters: We tracked outbound fund movements on Ethereum (Chain ID 1) with a maximum query depth of 5 hops, successfully reaching the terminal endpoints within 3 hops. Data Enrichment: Our analysis cross-referenced 40+ cross-chain bridge APIs, the Sentinel TRDB, and the June 2026 OFAC SDN Sanctions list. OSINT Verification: Intelligence was corroborated using public alerts from Blockaid, PeckShieldAlert, SlowMist, and CryptoTimes.Anatomy of the Exploit: Integer Division VulnerabilityThe exploit was directed at the vulnerable legacy contract 0xC2C3AE0a7b405058558C9b4a63b373486CB86Ac7. The attacker (0x30498e4466789E534c72e03B52A16c978655b41e) executed the attack by weaponizing a flash loan against a Solidity integer division flaw. Here is the step-by-step breakdown of the attack execution:Capital Acquisition: The attacker initiated a massive flash loan to borrow capital. Supply Manipulation: By heavily burning the vault's tokens, the attacker manipulated the contract's state, driving the totalSupply variable down to a value approaching zero. Exploiting the Math: The contract utilized a redemption formula calculated as backing * amount / totalSupply. Due to Solidity's integer division characteristics and inadequate handling of edge cases for near-zero supply, dividing by this manipulated totalSupply caused the function to return a value of 0. Free Minting: Because the deposit function's share calculation evaluated to 0, the attacker was able to repeatedly mint new option tokens entirely for free. Value Extraction & Repayment: The attacker immediately redeemed these illegitimately minted tokens to extract the vault's actual underlying USDC assets, subsequently repaying the flash loan to secure the profit. Post-Exploit Money Laundering TacticsFollowing the extraction, the attacker initiated a 5-step layering process designed to obfuscate the origin of the funds. On June 15, the stolen assets were consolidated into a dedicated "Loot Wallet" (0xaf3a0fdbfb0e3127247b66a042310e09c32f2299), which was initially funded with 0.027575 ETH to cover gas fees. From the Loot Wallet, ChainBounty identified three distinct laundering vectors:Path A: Extreme Fan-Out via DEX AggregatorExecution: On June 15, the attacker routed 105,471.499078 USDC into a DEX aggregator/hub address (0x709de0b97e369661c99ad54f2b858139897d3dba). Dispersion: Over a 7-day period, this address operated as a massive fan-out hub, executing 419 transactions to disperse the capital across 313 distinct addresses. Asset Swapping: To further break the tracking chain, the USDC was swapped into varying amounts of USDT, ETH, and highly volatile meme coins, including DOGEUS, KISHU, and ASTEROID. Path B: Structuring via OFAC-Sanctioned MixersExecution: To completely sever the on-chain link, the attacker converted a portion of the funds into ETH and utilized the Tornado Cash protocol. Structuring Pattern: On June 17, a total of 57 ETH was sent to the Tornado Cash Router (0xd90e2f925da726b50c4ed8d0fb90ad053324f31b). To avoid triggering volume-based alerts, the attacker used a deliberate "structuring" technique, dividing the deposits into five batches of 10 ETH and seven batches of 1 ETH. Sanctions Violation: Because the Tornado Cash Router is an OFAC SDN-sanctioned entity, this interaction represents a severe violation of international sanctions. Path C: Centralized Exchange Liquidation (Binance)Execution: ChainBounty analysts discovered a critical operational security failure by the attacker. On June 17, exactly 0.85 ETH was moved from the Loot Wallet. Routing: This micro-transaction was routed through a single intermediary address (0x9ad8859dad6ab6d027855ff5f7ac2ddf73f9701d) and deposited directly into a Binance hot wallet (0x28c6c06298d514db089934071355e5743bf21d60). ChainBounty Strategic RecommendationsWhile the funds mixed through Tornado Cash currently possess a recovery probability of less than 5%, other avenues remain actionable. ChainBounty advises the following immediate steps: Exploit Centralized Exchange KYC: Because Binance enforces mandatory global KYC, the 0.85 ETH deposit pathway is the strongest lead. Law enforcement agencies should immediately submit a Mutual Legal Assistance Treaty (MLAT) or Letter Rogatory to subpoena the identity associated with the intermediary deposit address (0x9ad8859dad6ab6d027855ff5f7ac2ddf73f9701d). Regulatory Reporting: A Suspicious Transaction Report (STR) must be filed with financial intelligence units (such as KoFIU) regarding the deliberate use of the sanctioned Tornado Cash mixer. Real-Time Mixer Monitoring: Analysts must deploy real-time monitoring to flag any exchange deposits that mathematically correlate with future Tornado Cash withdrawals originating from this exploit. ConclusionThe Thetanuts Finance Legacy Vault exploit serves as a stark reminder of the persistent risks associated with legacy smart contracts, specifically regarding floating-point limitations and integer division vulnerabilities. While the prompt action of the whitehat community prevented a devastating $2 million loss, the attacker's sophisticated use of DEX fan-outs and sanctioned mixers allowed them to successfully launder approximately $105,000. ChainBounty will continue to monitor the dormant assets linked to this exploit. For the latest Web3 forensic analysis and threat alerts, follow the ChainBounty intelligence feed.
How a Single Infected Laptop Triggered a $36 Million Crypto Heist β An On-Chain Forensic Analysis of the Humanity Protocol HackTL;DR: On June 8β9, 2026, an attacker exploited a catastrophically mismanaged multisig setup on Humanity Protocol β all keys on one laptop β to drain $36M+ across Ethereum and BNB Chain. This report traces the money. It went to KyberSwap, 0x Protocol, a BNB intermediary hub, NomiswapPair DEX, and ultimately to Binance. 711 ETH remains dormant at an unattributed address. The attacker's structuring pattern β identical 2,992,500 H token batches sold dozens of times β is textbook layering.1. Background: What Is Humanity Protocol?Humanity Protocol was a decentralized identity project that used palm-scan biometrics and zero-knowledge cryptography to let users prove their humanity without revealing personal data β positioning itself as a direct rival to Sam Altman's Worldcoin. The project raised $50 million from 27 investors including Jump Crypto, Pantera Capital, Hex Trust, Animoca Brands, and Kingsway Capital, reaching a peak valuation of $1.1 billion.The native token, H, had been trading near all-time highs of ~$0.80 in the week preceding the attack. A major token unlock of 2.86% of total supply (over 15% of free float) was scheduled for June 25 β just 16 days away.That context matters.2. The Attack: One Laptop to Rule Them AllOn the night of June 8, 2026, a malware infection on a single developer's machine exposed seven private keys simultaneously. These included:3 of 6 Ethereum multisig keys (sufficient for threshold)3 of 5 BNB Chain multisig keys (sufficient for threshold)The private key for one of the protocol's hot walletsThe attacker seized proxy admin control over the ERC-BNB bridge, enabling unauthorized minting of H tokens directly. Within hours, Humanity Protocol's founder Terence Kwok confirmed on-chain that attackers had compromised the keys of a foundation member.3. The Attacker's WalletPrimary attacker address: 0x6aa22cb8420e94fc2119364b4c7885710ae753bbCurrent balance at time of investigation: $0.54 (BNB dust only). The community has already tagged this address with commemorative tokens: H-HACKER, FUCKH (Fuck Humanity), and Humanity Hacker β an ironic but forensically useful confirmation that this is the correct address.The address is not registered in any threat intelligence database as of the time of analysis, suggesting a freshly created operational wallet β a common DPRK Lazarus Group pattern (more on this later).4. Fund Flow Analysis: Following the MoneyThis is where it gets interesting. The attack was not just a theft β it was a pre-planned, structured liquidation operation executed with disciplined speed.4.1 Ethereum Path: The Silent HoardThe attacker moved stolen H β ETH on Ethereum and immediately forwarded the ETH to a single receiving address:TX 1: 0x2ec21c7f25e54f39e9e12c2e5144d0b28fc0b704a8048b91f37be90e63805a9c Sender: 0x6aa22cb8420e94fc2119364b4c7885710ae753bb (Attacker) Receiver: 0x59eff548cd9bcfbc169b6340f734e442c764a814 Amount: 688.81 ETH Date: 2026-06-09 TX 2: 0xc7356ba6cfbd44cba4670015efa7edb251aea1018375403544aafd6bd9ead8ff Sender: 0x6aa22cb8420e94fc2119364b4c7885710ae753bb (Attacker) Receiver: 0x59eff548cd9bcfbc169b6340f734e442c764a814 Amount: 22.61 ETH Date: 2026-06-10 Total Ethereum outflow: 711.42 ETH (approximately $2.37M at time of transfer)The receiving address 0x59eff548cd9bcfbc169b6340f734e442c764a814 shows no subsequent outbound Ethereum activity in the 30-day trace window. This is a dormant holding address β the funds are parked, waiting. Law enforcement should flag this address for real-time monitoring; any movement should trigger immediate exchange notification.4.2 BNB Chain Path: The Structured Liquidation MachineThe BNB Chain operation was far more sophisticated. The attacker ran what forensic analysts call a peel chain / structuring fan-out β selling stolen H tokens in precisely identical batches, routing through multiple DEX aggregators to obscure the origin.Step 1 β Mass H token dumps via DEX aggregators:The attacker submitted hundreds of transactions routing H tokens through:KyberSwap Meta Aggregation Router v2 (0x6131b5fae19ea4f9d964eac0408e4408b66337b5)0x Protocol Allowance Holder (0x0000000000001ff3684f28c67538d4d072c22734)PancakeSwap Router v2 (0x10ed43c718714eb63d5aa57b78b54704e256024e)The structuring pattern is unmistakable:The ratio of 99.75% / 0.25% is consistent across every batch β a programmatic split strongly suggesting automated bot execution, not manual trading.Step 2 β BNB consolidation through an intermediary hub:Converted BNB was funneled through 0xad7baae94959317929723a277694f3ecbd7358e1: TX: 0xd7afb62182857ab63ec28caabcf000f2e4a5fdbb0ccf815efb017cb30e5b5528 Amount: 1,101 BNB β intermediary hub (2026-06-09) TX: 0x740625ad7393851b3b1a92d064ca08fdc14c45a14de2a05826b57a79106a4a29 Amount: 366.61 BNB β intermediary hub (2026-06-09) TX: 0xa3d2ad2d8019c2b7b609fb5b1849d2cdfaeb9beebe05dd1f7f6535e642735f1c Return: 1,467.66 BNB returned to attacker for redistribution Step 3 β DEX-based layering via NomiswapPair:Significant BNB was routed through 0xe82e2d3b9db59f7c7b438239d92e2190a64e26ce (NomiswapPair), which received 200 BNB in 8+ identical transactions on June 9 alone: TX: 0xe821458e8d908a60c680ef0c1ff1b0e1395f9cd04b7936e416a21bd874ebc904 β 200 BNB TX: 0x2381acb7501c7a63504655c74472a29514b65b8f3f77e29b4de36f1bdd264774 β 200 BNB TX: 0x68d2d45cce2f520c9e6bd6208079b7393e641faa39e4df700b74c82e3feb987b β 200 BNB TX: 0x1d4ffd1187b20e8ee370e3a5c9450b1b3b760361405131af75b259359de2c6fd β 200 BNB TX: 0x4dbc7aafc0cac2dc9d14a7aaed09e9c5d1b01bdce39fa56c8ef7ba25f08fa3e9 β 200 BNB TX: 0x1b932f80c4a52ea78abfd8c37fd4ec09b4dde06e0aec55e3b7a34ab08c4590c β 200 BNB NomiswapPair served as a high-velocity mixer proxy β the attacker exploited the DEX's normal user traffic to blend stolen funds with legitimate transactions.Step 4 β Final cash-out: Binance:The trail terminates at Binance. On-chain data confirms a value-bearing transfer to: Binance Deposit Address: 0xb300000b72deaeb607a12d5f54773d1c19c7028d TX: 0x0068ddd18d... (BNB Chain) Assets deposited: USDC + USDT (post-swap) This is the critical KYC link. Binance's deposit address system assigns individual addresses to verified users. The entity that controls this deposit address has a verified Binance account β KYC documents exist and are obtainable via legal process.Step 5 β Cross-chain bridge attempt:The attacker also used the Din CrossChain Forwarder (0x663dc15d3c1ac63ff12e45ab68fea3f0a883c251) to move assets to an additional chain. The destination chain and receiving address require further tracing but constitute a separate laundering leg.5. The DPRK QuestionMultiple forensic indicators overlap with known Lazarus Group (DPRK) operational signatures:On-chain sleuth ZachXBT raised the possibility that this incident was "possibly staged" β citing aggressive market-making practices before the hack and the suspicious timing ahead of the June 25 token unlock. This remains an analytical inference (not confirmed on-chain) and would require examination of off-chain communications, market-maker agreements, and internal wallet clustering to substantiate.6. Complete On-Chain Evidence TrailKey AddressesKey Transactions7. What Remains Untraced711 ETH ($2.37M equivalent) sitting at 0x59eff548cd9bcfbc169b6340f734e442c764a814 on Ethereum β no outbound movement detected in the 30-day trace window.Cross-chain destination via Din Bridge β the receiving chain and address have not yet been identified. This constitutes a second active laundering leg.Residual BNB distributed across 340+ addresses via the DEX layering operation β the bulk has likely been converted to stablecoins and is either parked or slowly bleeding into OTC desks.8. Recommended Actions for InvestigatorsImmediate (within 24 hours):π΄ Submit freeze request to Binance Compliance for deposit address 0xb300000b72deaeb607a12d5f54773d1c19c7028d β cite TX hash and wallet attribution. Binance has cooperated in similar cases.π΄ Register 0x59eff548cd9bcfbc169b6340f734e442c764a814 for real-time monitoring β 711 ETH dormant, may move at any time. Flag with all major exchanges.π Report to relevant FIU β the structuring pattern (repeated identical batch sizes, DEX layering) meets the threshold for suspicious transaction reporting under FATF Recommendation 16 / applicable national AML law.Within 30 days:Trace the Din CrossChain Bridge destination β identify the receiving chain and address.Subpoena market-maker communications referenced by ZachXBT β determine whether the "staged hack" thesis has merit.Submit MLAT/legal assistance request to Binance's home jurisdiction for KYC records tied to the deposit address.Cross-reference the attacker wallet with known Lazarus Group infrastructure clusters.9. ConclusionThe Humanity Protocol hack is a masterclass in what happens when operational security is treated as an afterthought. Seven keys on one laptop. A multisig that wasn't. A pre-hack price rally that now looks suspicious in retrospect. And a June 25 unlock that would have diluted the supply anyway.On-chain, the attacker was disciplined: structured selling in identical batches, rapid DEX hops to obscure origin, an intermediary hub that bounced BNB before redistribution, and a final exit through Binance. The 711 ETH parked on Ethereum is the most actionable frozen asset remaining β if law enforcement moves quickly, that money is recoverable.The DPRK attribution remains a working hypothesis, not a confirmed finding. The behavioral overlap is significant, but attribution requires corroborating intelligence beyond what on-chain data alone can provide.What is certain: the funds are not gone. They are traceable. The Binance KYC link exists. The dormant ETH address is known. The window is open β but it won't stay open forever.π All on-chain data cited in this report is publicly verifiable on BscScan and [filtered]. Analysis was performed using SentinelTX Blockchain Forensic Intelligence System as of June 17, 2026.β οΈ This report constitutes analytical findings only. DPRK attribution and internal staging allegations are working hypotheses and have not been confirmed by law enforcement. All addresses and transaction hashes are presented in full for independent verification.
The DeFi space is no stranger to sophisticated attacks, but the recent exploit of Ambient Finance (formerly CrocSwap) stands out for its meticulous preparation and invisible execution. On June 7, 2026, an attacker exploited a surplus collateral accounting vulnerability in Ambient Financeβs CrocSwapDex contract on the Ethereum mainnet.Within a mere 12 secondsβacross consecutive blocks 25266404 and 25266405βapproximately $110,600 was drained from the protocol. However, this wasn't your typical smash-and-grab flash loan attack. The orchestrator deployed advanced evasion tactics, making this case a fascinating study for Web3 security professionals.π οΈ The Exploit Mechanism: Zero-Cost AmplificationThe core of the exploit targeted a flaw in the surplus collateral accounting logic of the single-contract DEX architecture. By strategically cycling calls through the HotProxy, WarmPath, and ColdPath execution layers, the attacker manipulated internal surplus balances to withdraw ETH without actually locking up corresponding real collateral.To fund the exploit, the attacker utilized a classic DeFi weapon: Balancer V2's zero-fee flash loans. In the most devastating of the two sequential attacks (Block 25266405), they borrowed 50 ETH and 1 USDC at absolutely zero cost, executed the accounting manipulation, and extracted 83.72 ETH and 55,913 USDC. The flash loan was repaid within the very same transaction, securing a risk-free profit.PhaseFrom (Entity)To (Entity)Amount / ActionBlock / DatePreparationInitial Funder (0xb180...cc8a)Orchestrator EOA (0x0003...02af)0.4 ETH (Seed funding)May 19, 2026Exploit #1(USDT)Balancer V2 (0xba12...f2c8)Exploit Contract #1 (0x0461...e4f)3 ETH + 1 USDT (Flashloan)25266404Exploit Contract #1Ambient CrocSwapDex (0xaaaa...f688)Surplus Accounting Exploit25266404Ambient CrocSwapDexExploit Contract #14.32 ETH (Withdrawal)25266404Exploit #2(USDC)Balancer V2Exploit Contract #2 (0xaac1...c1b)50 ETH + 1 USDC (Flashloan)25266405Exploit Contract #2Ambient CrocSwapDexSurplus Accounting Exploit25266405Ambient CrocSwapDexExploit Contract #283.72 ETH (Withdrawal)25266405Laundering& BribeExploit Contracts (#1, #2)Uniswap V4 PoolsUSDC/USDT β ETH SwapInternal TxsProfit Router (0x0003...dd0f)Titan Builder (0x4838...5f97)~35.24 ETH (MEV Bribe)25266404~5Profit RouterAttacker Profit Wallet (0x0008...394a)~35.24 ETH (Net Profit)25266404~5AftermathAttacker Profit WalletUnknown / Bridges / Private BundlesFull Drain (Current Bal: 0)Post-Exploitπ₯· The Ultimate Stealth Play: A 50% MEV BribeWhat makes this exploit truly remarkable is how the attacker managed to bypass public mempool detection. Typically, massive transactions broadcasted to the public mempool can be front-run or blocked by MEV (Maximal Extractable Value) bots or defensive monitoring systems.To guarantee atomic on-chain execution, the attacker bypassed the public mempool entirely. They submitted the exploit transactions as a private MEV bundle directly to Titan Builder, a dominant Ethereum block builder.The cost of this invisibility? A staggering 50% of the total profits. The attacker routed 55,913 USDC through Uniswap V4 to swap it into ETH, and then paid approximately 35.24 ETH (worth around $59,300 at the time) as a direct coinbase bribe to Titan Builder. By sacrificing half their loot to secure a 50/50 profit split, the attacker ensured their transaction was included in consecutive blocks without any chance of defensive intervention.π΅οΈββοΈ A Pre-Planned, Highly Coordinated OperationForensic analysis reveals that this was not an opportunistic, spur-of-the-moment hack. The attacker seeded their infrastructure 20 days before the attack (around May 19, 2026) with an initial 0.4 ETH funding.They deployed at least six "vanity address" smart contracts (all starting with 0x000...) generated deliberately to obfuscate fund flows and create visual clustering on-chain.As of the latest intelligence, the primary profit wallet (which received the remaining ~35.24 ETH) has been fully drained, likely moved via private bundle transfers or cross-chain bridges. However, the attacker's orchestrator EOA remains operationally active, holding residual balances across **Ethereum (**725),BNBChain(**54), Arbitrum (**41),andBase(20).π Whatβs Next?The Ambient Finance exploit serves as a stark reminder that DeFi attackers are prioritizing execution certainty and stealth over profit maximization. Security communities must look beyond standard re-entrancy bugs and closely audit intra-contract state consistencies.For investigators and law enforcement, the trail hasn't completely gone cold. The focus now shifts to deeper multi-chain tracing of the active Orchestrator EOA, and potentially submitting a formal cooperation request to Titan Builder to unmask the private bundle submitter's identity.Stay safe, stay vigilant, and always audit the smart contracts.Appendix: Trace graph
A forensic breakdown of the June 2026 Raydium AMM V3 exploit β and where the money wentOn June 10, 2026, a single attacker quietly drained $1.34 million from a Solana-based decentralized exchange using a smart contract that the protocol had officially retired five years earlier. No alarm was triggered in real time. No user interface exposed the vulnerable pools. The attacker simply knew something most people had forgotten: dead code, if left callable on-chain with real assets still inside it, never truly dies.This is a forensic reconstruction of the Raydium legacy AMM V3 exploit β how it was executed, how the funds were laundered, and what investigators found when they followed the money on-chain.The Victim: Raydium and Its Forgotten PoolsRaydium is one of Solana's largest decentralized exchanges, operating more than $777 million in total value locked (TVL) and handling $148 million in daily trading volume at the time of the incident. Its current infrastructure β the Concentrated Liquidity Market Maker (CLMM) and AMM V4 β is actively maintained, audited, and widely regarded as secure.The vulnerability had nothing to do with any of that.The attacker instead targeted the legacy AMM V3 program, a smart contract Raydium had phased out in 2021 when it migrated to newer, more capital-efficient architecture. The old program was never formally disabled. It remained on-chain, callable by anyone, with five deprecated liquidity pools β Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL β still holding real assets inside them.Those five pools collectively held approximately:The Exploit: Forging a Key to an Unlocked VaultTo understand the attack, you need to understand how liquidity pools track ownership. In any standard automated market maker, when you deposit assets into a pool, you receive LP (Liquidity Provider) tokens in return. These tokens represent your proportional share of the pool. When you withdraw, you burn your LP tokens, and the contract releases your share of the underlying assets β but only after verifying that the LP tokens you're burning are the legitimate ones issued by that specific pool.That verification step β confirming the LP mint address matches the pool's authorized mint β is a fundamental security check. Raydium's legacy AMM V3 program did not perform it.The attack sequence was elegant in its simplicity:The attacker created a brand-new SPL token mint β a completely fake LP token with no connection to any real Raydium pool.The attacker minted a single unit of this counterfeit token.The attacker called the legacy withdraw function, passing the fake mint as if it were the pool's legitimate LP token.The old contract accepted it. Without checking the mint address, the contract treated the attacker as a 100% LP shareholder and released the pool's entire reserve.The sequence was repeated across all five deprecated pools.As pseudonymous Raydium contributor 0xInfra confirmed on X: the exploit was "a self-contained logic flaw" in the deprecated program. There was no key compromise, no oracle manipulation, no authority-level breach. Just missing input validation in code that had been sitting dormant on-chain, with real money inside it, for five years.The On-Chain Forensic TrailThe following analysis is based on on-chain tracing of 1,058 transactions across 372 addresses emanating from the attacker's wallet within 30 days of the incident.Attacker's primary Solana address: 4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVkBy the time on-chain investigators began tracing the wallet, the balance was already $0. The attacker had moved fast.Phase 1 β Asset Aggregation and Swap (Hour 0)Immediately after draining the five pools, the attacker consolidated the stolen assets. The 5,603 SOL was routed through a Solana DEX aggregator (5m2LUcmZqA26QxzALdrZqiVoFAkrVKji4FFfzzLKn9pa) and converted to USDC β a deliberate move to unify all proceeds into a single stablecoin before cross-chain transfer. The attacker did not attempt to liquidate through any Solana-native exchange.Phase 2 β Structuring: The Peel Chain PatternRather than moving funds in a single large transfer β which would be immediately flagged β the attacker deployed a textbook structuring / peel-chain technique. The $893,700 USDC was broken into a series of near-identical outbound transfers:$93,690 Γ 7 transactions β Intermediary cluster A (D5YqVMoSxnqeZAKAUUE1Dm3bmjtdxQ5DCF356ozqN9cM)$100,000 Γ 5 transactions β Intermediary cluster B (FkaLnX17cXZGyeu3kZGdHCNdFMJJzBrPPYVvd18B3MZp)$319,996 β Intermediary C (8Dz5HLLQKzXtwm8SxgcYzJqMzotinWgQFTiytjW35nwd)$255,261 β Intermediary D (6gxqegc6C9c2TYbNn8fjsVXvcctjdLahUtV45KrMEnpn)$191,797 β Intermediary E (997p6CNyaJquJd54ytDnqyr16e5yv4QUnVv2eWCZN62J)$191,809 β Intermediary F (AaegV4PEhkrvuayWDr8Yv2DxPWqUwjFBHFoMF6z8nwiW)$191,652 β Intermediary G (ByCFj1x3G9UszbTeFqekG1Zx91uG6GYgZKEn9e8ey13N)$193,700 β Intermediary H (GJvewfRjqTUPtx6WsBSUnaFbdgXwgXnWfpDyLm65T4YA)$127,815 β Intermediary I (Hrvy5r62HFT2BdFEF95jW61crTcortQztGxD5zx3NrQw)Each of these intermediary addresses received funds, held them briefly, then forwarded them onward. This layering pattern β splitting a large sum into multiple similar-sized transfers across numerous addresses β is a recognized money-laundering typology. The objective is to generate noise, making it harder to reconstruct the total fund flow from any single transaction.Phase 3 β Reconvergence at the Bridge Preparation HubAfter the peel-chain dispersion, the funds did not stay scattered. All nine intermediary clusters funneled their USDC back into a single bridge preparation hub address (2snHHreXbpJ7UwZxPe37gnUNf7Wx7wv6UKDSR2JckKuS).This reconvergence is a telling pattern. The dispersion was not intended to permanently split the funds β it was a layering maneuver to create forensic noise. Once the "layering" phase was complete, everything was reunited for the final cross-chain exit. The total time between the exploit and this reconvergence was measured in hours, not days.Phase 4 β Cross-Chain Bridge: Solana to EthereumFrom the bridge preparation hub, the entire balance was bridged from Solana to Ethereum. The specific bridge protocol has not been confirmed via on-chain corroboration at the time of writing β this hop is reported based on PeckShield's tracking and should be treated as a credible but unverified lead pending direct on-chain confirmation of the Ethereum-side receiving address.What is confirmed by multiple independent security researchers: the funds arrived on Ethereum shortly after leaving Solana.Phase 5 β The Final Destination: Tornado CashOn the Ethereum side, the attacker moved swiftly:810 ETH deposited into Tornado Cash β the primary mixing event, representing approximately $1.26 million of the total stolen amount. Tornado Cash, removed from the U.S. Treasury's sanctions list in March 2025, remains the exit ramp of choice for DeFi exploiters seeking to break the on-chain trail.7 ETH transferred to FixedFloat β a smaller tranche sent to a non-custodial swap service, likely to convert a portion of funds into another asset or chain with reduced traceability.Once funds enter Tornado Cash in sufficient volume, transaction-level tracing β at least by conventional methods β terminates. No funds have been reported frozen or flagged by any centralized exchange.The Complete Fund Flow [5 Deprecated AMM V3 Pools on Solana] β Fake LP mint exploit β June 10, 2026 [Attacker Wallet: 4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVk] | ββ SOL 5,603 β DEX Swap Hub β converted to USDC | ββ USDC β Structuring / Peel Chain (9 intermediary addresses) | $93,690 Γ7 | $100,000 Γ5 | $319K | $255K | $191K Γ3 | $127K | ββ All USDC β Bridge Prep Hub (2snHHreXbpJ7UwZxPe37gnUNf7Wx7wv6UKDSR2JckKuS) | Cross-Chain Bridge (Solana β Ethereum) | ββββββββββββββββ΄βββββββββββββββ 810 ETH 7 ETH Tornado Cash FixedFloat [Trail ends] [Swap / convert] The Investigation Anchor: KuCoinHere's the detail that matters most for any law enforcement or compliance action: the attacker's wallet was initially funded through KuCoin.Before the exploit, the attacker received operating funds β likely for gas and test transactions β from an account on KuCoin, a centralized exchange with mandatory KYC registration. This represents the most viable attribution anchor in the entire case. KuCoin holds identity records for the account that funded the attacker's wallet. A formal legal request (court order, MLAT, or voluntary cooperation request from a relevant jurisdiction) to KuCoin could yield the attacker's real-world identity.This is the single most actionable lead for investigators.Raydium's Response: Full ReimbursementRaydium's response was swift and unambiguous. Within hours of the exploit being flagged, the protocol confirmed that:No active users, current pools, or modern infrastructure were affected.The deprecated AMM V3 program had not been accessible via the UI since 2021.All affected liquidity providers would be fully reimbursed from the project treasury.This is not the first time Raydium has faced this situation. The December 2022 incident β a $4.4 million loss caused by a private key compromise β was similarly handled through a governance-approved reimbursement using buyback fees and vested team tokens. That incident was structurally different (an operational breach, not a code vulnerability), but the compensation commitment reflects an established pattern in how the protocol handles security failures.At the time of writing, RAY traded near $0.57, down less than 1% on the day of the incident β a remarkably muted market reaction, likely attributable to the credible reimbursement commitment and the fact that no active user positions were touched.What This Means for DeFi SecurityThe Raydium June 2026 exploit is not a novel attack. It is, in many ways, a familiar one β a legacy codebase vulnerability, a deprecated program left callable on-chain, real assets left sitting in retired infrastructure. The attack method (fake mint address bypass) belongs to a documented vulnerability class. A March 2026 symbolic-execution study examining 8,714 bytecode-only Solana contracts flagged 467 with potential bugs, citing missing key/mint verification as one of the most common failure modes.There are three systemic lessons here:1. Deprecated β Disabled A contract phased out of the UI is not a contract that has been deactivated. On a permissionless blockchain, if a program is deployed and callable, anyone can call it β regardless of whether the interface still exposes it. Protocol teams must treat deprecated on-chain programs as live attack surfaces until they are formally neutralized (which, on Solana, means migrating or closing the program accounts).2. Legacy Assets in Legacy Code The deeper failure here is not just that the old AMM V3 existed on-chain, but that real assets remained inside it. When Raydium migrated to AMM V4 and CLMM in 2021, a full asset migration from the deprecated pools should have been part of the transition. Five years of dormancy, combined with real liquidity, created the exact conditions the attacker exploited.3. Laundering Playbooks Are Predictable The attacker followed a pattern that security researchers have documented extensively: structuring β cross-chain bridge β mixer. The predictability cuts both ways. It makes tracing easier for investigators, but it also demonstrates that mixers and bridges remain the laundering infrastructure of choice for DeFi exploiters. The centralized funding point (KuCoin) is the only meaningful deviation from a fully anonymous operation β and it may prove to be the attacker's critical mistake.Recovery ProspectsBluntly: the $1.34 million is unlikely to be recovered in full.810 ETH inside Tornado Cash is, for practical purposes, currently untraceable at the transaction level. FixedFloat, a non-custodial swap service, offers limited recourse. The bridge destination address on Ethereum was not confirmed with on-chain corroboration at time of publication.What investigators do have:The complete Solana-side fund flow reconstructed hop-by-hopKuCoin as a KYC-linked funding source β the strongest attribution leadThe attacker's primary Solana address (4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVk) fully mappedA documented structuring pattern that constitutes on-chain evidence of deliberate layeringThe KuCoin lead is real. Whether it results in an arrest depends on the jurisdiction, the response timeline, and whether KuCoin's cooperation yields actionable identity records before the statute of limitations becomes a concern.ConclusionThe Raydium June 2026 exploit is a $1.34 million lesson about the hidden risks of deprecated infrastructure. The vulnerability was not exotic. The attack required no zero-days, no insider access, no flash loan engineering. It required only the observation that an old contract with missing input validation still held real money β and the knowledge of how to ask for it.The attacker executed a professional laundering sequence: structuring, peel chains, cross-chain bridging, and mixing. But they made one mistake that most sophisticated exploiters avoid: funding their operational wallet through a KYC-registered exchange before the attack.That connection to KuCoin is the thread investigators should pull.Forensic analysis conducted using on-chain data from the Solana mainnet and OSINT from PeckShield, on-chain investigator Specter, and published security research. All address attributions are based on confirmed on-chain fund flows. The Ethereum-side bridge destination has not been independently confirmed on-chain at time of publication and is reported on the basis of security researcher findings. This post is for informational and investigative purposes only.
Most people imagine a crypto hack involving stolen private keys, phishing campaigns, or sophisticated smart contract vulnerabilities.The AISOTH exploit was none of those.The attacker needed no special permissions, no compromised keys, and no hidden backdoor.Instead, they used only public functions available to every user and extracted over $30,000 in profit from a single atomic transaction.Even more surprisingly, five days later, the funds remain untouched in the attackerβs wallet.This is the story of how a seemingly harmless presale design turned into a risk-free arbitrage opportunity.Executive SummaryChain: BNB Smart ChainLoss: $30,314.76Attack Type: Presale Instant Claim ExploitCapital Required: $0 (Flash Loan Funded)Transactions Required: 1Special Permissions: NoneCurrent Status: Funds remain in attackerβs walletUnlike most DeFi exploits, the attacker did not break the protocol.The protocol behaved exactly as designed.That design was the problem.The Critical MistakeAISOTH operated a standard presale model.Users would:Buy tokens during presaleWait for the claim periodClaim their tokens laterAt least, that was the intended flow.The vulnerability existed because the protocol never actually enforced the waiting period.The contract checked only one thing:βHas this address purchased tokens?βIt never checked:βWhen were those tokens purchased?βAs a result, anyone could:Buy β Claim β Sellall within the same transaction.That single missing condition created a completely risk-free arbitrage opportunity.Why the Economics Were BrokenThe attack was only possible because of a massive price gap.The discount itself wasnβt the issue.Presales commonly offer discounted tokens.The issue was allowing those discounted tokens to become immediately liquid.Once that happened, the market effectively offered free money.All an attacker needed was enough temporary capital.Flash loans solved that problem instantly.The Entire Attack Happened in One TransactionThe exploit was executed atomically.If any step failed, everything would revert.If it succeeded, the attacker walked away with profit.This eliminated virtually all risk.Step 1 β Borrow FundsThe attacker borrowed:5,746.57 USDTfrom a PancakeSwap liquidity pool using a flash loan.No collateral.No upfront capital.Step 2 β Buy Presale TokensThe borrowed USDT was sent to the AISOTH presale contract.The attacker received an allocation of:164,187 AISat the presale price.At this stage, everything looked like normal user behavior.Step 3 β Trigger the VulnerabilityImmediately after purchasing, the attacker called:The contract approved the request.No waiting period.No vesting.No claim window.The attacker instantly received all presale tokens.This was the critical failure point.Step 4 β Accept the Token TaxAISOTH included transfer-tax mechanics.Several thousand tokens were burned or distributed through protocol fees.After deductions, the attacker held:159,262 AISThe reduction was insignificant compared to the arbitrage opportunity.Step 5 β Dump on PancakeSwapThe attacker sold all received AIS tokens into the existing PancakeSwap market.Result:36,075.73 USDT receivedThe presale discount had now been converted directly into cash.Step 6 β Repay Flash LoanThe flash loan was repaid immediately.Repayment:5,760.97 USDTRemaining profit:30,314.76 USDTTotal attacker capital invested:$0Execution time:One blockThe Most Interesting PartMost exploiters begin laundering funds almost immediately.That has not happened here.As of June 10, 2026:No exchange depositsNo bridge activityNo mixersNo secondary walletsThe funds remain parked in the original attacker-controlled address.This leaves two possibilities.Scenario 1 β Strategic DelayThe attacker may be waiting for monitoring activity to cool down before moving funds.This is common among experienced exploiters.Scenario 2 β White Hat IntentThe attacker may have conducted the exploit to demonstrate the vulnerability and could be preparing a disclosure or negotiation with the protocol team.At the moment, on-chain evidence supports neither theory conclusively.What Developers Should LearnThis incident highlights a recurring lesson in DeFi security.The biggest risks are not always code bugs.Sometimes they are economic bugs.The AISOTH contracts functioned exactly as written.The vulnerability emerged because the economic assumptions behind the design were never enforced on-chain.Three principles stand out:Presale Discounts Must Have LockupsIf discounted tokens can be sold immediately, the discount becomes an arbitrage mechanism.Assume Infinite CapitalFlash loans mean attackers effectively have unlimited temporary liquidity.Designs that rely on capital constraints are already broken.Test Economic Behavior, Not Just CodeUnit tests verify technical correctness.They do not verify economic safety.Protocols need adversarial simulations that ask:βWhat happens if every public function is used in the most profitable way possible?βConclusionThe AISOTH exploit did not require hacking.It required reading the rules.The attacker simply followed the protocolβs intended execution path and discovered that the path itself created free money.One transaction.Zero capital.Zero permissions.Over $30,000 in profit.The most dangerous vulnerabilities are often the ones that execute exactly as designed.
π΅οΈ FAKE UNISWAP / ANGELFERNO DRAINER CAMPAIGN β FORENSIC TRACE REPORTDate of Analysis: May 26, 2026 | Case Ref: CASE-20260526-AFDRSUMMARYA live, actively draining phishing campaign is targeting Uniswap users via sponsored Google Ads. The operation deploys the AngelFerno drainer-as-a-service kit β a scam-as-a-service platform previously linked to front-end attacks against OpenEden and Curvance. Two primary collector wallets have aggregated $400,000+ in stolen assets, with the broader campaign responsible for $1.27M+ since March 2026 according to Security Alliance (SEAL).Attack vector: Victims search "Uniswap" on Google β click sponsored ad β land on a pixel-perfect phishing clone β connect wallet β sign a malicious approval transaction β all tokens/ETH are swept instantly by the drainer contract.Critical finding: Both drainer wallets remain active as of May 25β26, 2026, with the largest movements occurring within the past 48 hours.ON-CHAIN TRACEπ΄ Drainer Wallet #10x37925684BA178821b4436E06e67f5dBD6cfA49Bb Primary ETH aggregator β most active of the twoActivity window: May 12 β May 25, 2026 (34 traced transactions, 109 total analyzed)DateTX HashFrom β ToAmountNotesMay 120x5b2be8...d232Victim 0x18c5...eb7e β Drainer #10.759 ETHDrain eventMay 120xaec8e69ebd54c5673a983d389f619b85c5a7ddc8ff1f552dbaf797bcdafe85d9Drainer #1 β 0xe245...1b3a3.845 ETHLayering hopMay 120x8e178cc8339c6edbd5c384fa7ab15a877904da98c258ac67e19d6a11b42e6ebfDrainer #1 β Relay.link1.201 ETHCross-chain bridge (Base β ETH)May 120x158da6...f81bStargate Finance β chain5,098 USDTStablecoin bridge-outMay 120xaa4607...f68cDrainer #1 β 0x Protocol5,098 USDTToken swap/launderingMay 160x02faa0...0340Feeder 0xc237...35a6 β Drainer #11.286 ETHETH consolidationMay 240x7caf0c...c7bcDrainer #1 β 0x Protocol18,082 USDCSwap out USDCMay 240x05e274...46d1Drainer #1 β 0x02e5...b2a912.9B MogMeme token dumpMay 250x589e10...4588Drainer #1 β 0x02e5...b2a94.65 PAXGGold-backed token drained from victimMay 250xcb5811...d633Relay.link Relayer β Drainer #14.680 ETHInbound bridge receiptMay 250xad3ee71e425192734ade50a40ca26d2140f66cf33cf9d06ad29167a5ccec79ccRelay.link Relayer β Drainer #13.127 ETHInbound bridge receiptMay 250x9ca97bea5de3f2677a06e45ac61b9ceeceefc81e738ae99345769eb60076715eRelay.link Relayer β Drainer #11.830 ETHInbound bridge receiptMay 250x96d703...7b0eDrainer #1 β Relay.link0.001 ETHTest/probe txMay 250x76bb7ae7360056f16774c58201fc844a4aa75dd1d15dfc28fd96c17e7a00365fDrainer #1 (Base) β Relay.link3.135 ETHCross-chain bridge BaseβEthereum confirmedMay 250x428c0f...c017Feeder 0xca7d...4589 β Drainer #10.892 ETHFund consolidationCross-chain bridge confirmed (Relay protocol):TX 0x76bb7ae7360056f16774c58201fc844a4aa75dd1d15dfc28fd96c17e7a00365f (Base) bridges 3.135 ETH β Ethereum main drainer, destination TX 0xad3ee71e425192734ade50a40ca26d2140f66cf33cf9d06ad29167a5ccec79ccNEAR Intents bridge detected:Two NEAR Intents inbound deliveries totaling 2.260 ETH (0x39a85b...ef79 + 0xec85c5...2c8b), suggesting funds were laundered through the NEAR protocol ecosystem before being returned to Ethereum.π΄ Drainer Wallet #20x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2 High-volume batch collector β 51 inbound transactions in 72 hoursActivity window: May 23 β May 25, 2026 (51 traced transactions β most recent activity: May 25, 2026)This wallet's transaction profile is highly abnormal: the vast majority of inbound txs originate from 0xca11bde05977b3631167028862be2a173976ca11, which is the canonical Multicall3 contract deployed at the same address across all EVM chains. This is a hallmark of the AngelFerno drainer kit β it batches victim asset sweeps using Multicall3 to maximize throughput per block and reduce per-victim gas costs.DateTX HashAmountNotesMay 240x3667fa7015f66af98c0b2fe6deefda170665ed54cec10d8424866d970c4869a317.58 ETHLargest single Multicall3 sweepMay 240xb08a80b1b9ac26cf55a23e1479601a2cfe568a01e563f9d4e97f8f50a8617bb111.43 ETHMulticall3 batch drainMay 240x348886dcf90959a019a1a62a105f52701f533bcf4292b67b0ea3beec8625ed2f11.40 ETHMulticall3 batch drainMay 230x6727ce4b417c3ade48c7a73ec1de7e99a367ffb403f7c630c6fd9331e68bda57617B KISHU tokensMeme token sweepMay 250xa14c313b684c3eddaec8e1cdc6332a6d8eb2e4f998c9376661c9611a52187039170K ORX tokensToken sweepThe 30+ additional inbound transactions from 0xca11 across May 24β25 represent a rolling wave of victim drains occurring in near real-time.π‘ Key Intermediary / Hop AddressesAddressRoleEvidence0xe245f57734ef7f2a868cc549ca1003e658781b3aLayering hop walletReceived 3.845 ETH from Drainer #1 (TX: 0xaec8e69ebd54c5673a983d389f619b85c5a7ddc8ff1f552dbaf797bcdafe85d9); also receives gas from Multicall30x02e5be68d46dac0b524905bff209cf47ee6db2a9Token dump aggregatorReceives PAXG, Mog, XEN, PERP, NMT, SPCX, sato β likely sells via OTC or DEX0xca7ded7e4f4ba8ab3b10009236ae6d1b95094589Feeder wallet AConsolidates ETH to Drainer #1: 0.892 ETH + 0.290 ETH0xada5bb90d0de0bd1b6f3938708f49295a8d1f7cbFeeder wallet BMinor ETH top-up to Drainer #1 (0.035 ETH)0x4cd00e387622c35bddb9b4c962c136462338bc31Relay.link bridgeConfirmed cross-chain movement Base β Ethereum0x2cff890f0378a11913b6129b2e97417a2c302680NEAR Intents bridgeRouted 2.26 ETH through NEAR protocol ecosystemCURRENT STATUS OF FUNDS (as of May 26, 2026)Drainer #1 β 0x37925684BA178821b4436E06e67f5dBD6cfA49BbTotal current portfolio: ~$169,268ChainAssetBalanceEst. USDEthereumETH (native)~62 ETH equivalent$162,138BaseUSDC6,577.83 USDC~$6,578BaseaBasWETH (Aave)0.2599 WETH~$544BaseAERO0.0795~$0.08EthereumKISHU Inu108.9B~traceEthereumORX30,016βPolygonMATIC~$4.40dustBNB ChainBNB~$3.91dustβ οΈ ACTIVE: ~$6,578 USDC still parked on Base chain + ~$162K ETH value on Ethereum. No CEX deposit detected yet for these funds β the attacker is holding or continuing to launder.Drainer #2 β 0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2Total current portfolio: ~$228 (Polygon MATIC) + tokensChainAssetBalanceNotesPolygonMATIC~$227.93EthereumKISHU Inu617BMeme token β low liquidityEthereumORX170,092IlliquidAvalancheAVAX$0.00Swept/emptiedArbitrumETH$0.00Swept/emptiedFinding: Drainer #2 has been nearly fully swept outbound β ETH was consolidated and moved. The Multicall3 batch operations flooding this address represent the actual drain engine; the real ETH value has been passed through and laundered onward. The residual KISHU/ORX tokens are likely to be OTC-sold or simply abandoned.ANALYSIS & RECOMMENDATIONSLaundering Architecture β Confirmed TechniquesThe AngelFerno campaign employs a 4-layer laundering stack:Layer 1 β Victim Drain (via Malicious Approval): Victims sign an approve() transaction on the phishing site, granting the drainer contract unlimited allowance. AngelFerno uses the Multicall3 contract (0xca11bde05977b3631167028862be2a173976ca11) to batch-sweep all victim assets in a single block β ETH, ERC-20 stablecoins, LP tokens, and NFTs simultaneously.Layer 2 β Token Conversion (via DEX aggregators): Stolen tokens (USDC, USDT, PAXG, meme tokens) are routed through 0x Protocol (0x0000000000001ff3684f28c67538d4d072c22734) and Uniswap V2 Router to convert into ETH or USDC β a standard "dirty β clean native" laundering step.Layer 3 β Cross-Chain Layering (Relay + NEAR Intents): Proceeds are bridged across chains to break the on-chain trace:Relay.link bridge confirmed (Base β Ethereum): TX 0x76bb7ae7360056f16774c58201fc844a4aa75dd1d15dfc28fd96c17e7a00365fNEAR Intents bridge: 2.26 ETH routed through NEAR ecosystem and returned to EthereumStargate Finance USDT bridge: 5,098 USDT bridged outbound (May 12)Layer 4 β Consolidation & Off-ramp (Pending): No confirmed CEX deposit detected yet. Current holding pattern (~$169K on Drainer #1) suggests the operator is either waiting for Google to remove the ads and then bulk cashing out, or has a private OTC arrangement. The token dump address 0x02e5be68d46dac0b524905bff209cf47ee6db2a9 receives illiquid tokens and is the likely OTC/DEX liquidation point.Phishing Infrastructure Patterns (OSINT-confirmed)TechniqueDetailsPunycode / Cyrillic domainsURLs using Cyrillic homoglyph substitution (e.g., uniswΠ°p.org with Cyrillic 'Π°') β visually indistinguishable from real domainHidden iframesMalicious approval payload embedded in hidden iframes to evade Google's ad review crawlersCompromised advertiser accountsOperators buy/steal aged Google Ads accounts with established reputation to pass automated reviewCloakingServes different content to Google's review bots vs. real users (real users get drainer, bots get legit Uniswap clone)GraphQL proxyProxies Uniswap's own GraphQL endpoint to display victim's real wallet balance inside the phishing UI β reinforces legitimacy and enables targeted draining of the highest-value positionsScam-as-a-ServiceAngelFerno is a commercial kit β operators pay a % of stolen funds to the AngelFerno developersRisk ScoreMetricScoreOverall Risk Scoreπ΄ 98/100 β CRITICALMoney Laundering Probability97%Cross-chain obfuscationβ Confirmed (Relay + NEAR Intents + Stargate)DEX launderingβ Confirmed (0x Protocol, Uniswap V2)Mixer usageβ Not detected (yet)CEX deposit (KYC exposure)β οΈ Not yet confirmed β funds still heldActive campaign statusπ΄ LIVE β last drain May 25, 2026 (β€24h ago)Attribution to AngelFerno familyβ High confidence (Multicall3 batch pattern, SEAL/Protos confirmation)Recommended ActionsImmediate (0β24 hours):Relay.link cooperation request β Relay bridge confirmed funds movement between Base and Ethereum. Contact Relay.link security team with TX 0x76bb7ae...365f and 0xad3ee71...79cc to identify any linked KYC data or IP logs.NEAR Intents / NEAR Foundation cooperation β Two NEAR Intents bridge deliveries totaling 2.26 ETH. The NEAR-side source address may be traceable and may be linked to a NEAR-registered entity.Google Ads abuse report escalation β File formal abuse reports with Google's Trust & Safety team citing both drainer wallet addresses, the Multicall3 drain pattern, and SEAL's documented campaign tracking. Uniswap Labs and ZachXBT have already applied public pressure; a formal legal hold request from law enforcement would be more effective.Victim alert distribution β Broadcast both drainer addresses (0x37925684BA178821b4436E06e67f5dBD6cfA49Bb and 0x2fC25F46cC49D226eF92E9A7665f3d2821F3c5E2) and the hop wallet (0xe245f57734ef7f2a868cc549ca1003e658781b3a) to all major CEXs for pre-emptive freeze requests. If the operator attempts to cash out via Binance, Coinbase, Kraken, OKX, or Bybit, these flags will trigger compliance review.Revoke emergency advisory β Victims who interacted with any Uniswap-lookalike site in the past 30 days should immediately check and revoke all token approvals via revoke.cash or [filtered].io/tokenapprovalchecker.Follow-up (24β72 hours):Trace 0x02e5be68d46dac0b524905bff209cf47ee6db2a9 β This token dump aggregator receives all illiquid stolen tokens (PAXG, Mog, XEN, PERP, NMT, SPCX). It may interact with a known OTC desk or NFT marketplace that has KYC.Trace 0xe245f57734ef7f2a868cc549ca1003e658781b3a β The 3.845 ETH hop from Drainer #1 is parked here with minimal outbound activity. This wallet may be staged for a future CEX deposit. Monitor urgently.SEAL coordination β Security Alliance is actively tracking this campaign (356+ malicious ads blocked). Share this trace with SEAL radar at radar.securityalliance.org.Base chain follow-up β Drainer #1 holds 6,577 USDC and 0.26 WETH deposited into Aave (aBasWETH) on Base. This Aave position may be unwound in coming days; monitor the Base chain activity of 0x37925684BA178821b4436E06e67f5dBD6cfA49Bb closely.Fund Recovery Feasibility: MODERATE-LOW. The ~$169K currently held by Drainer #1 has not yet been deposited to a regulated CEX β this is the window for a freeze request. However, if the operator off-ramps via OTC or DEX, recovery becomes effectively impossible. Time is critical.
A SquidRouterModule exploit reportedly hit Safe accounts across Ethereum and Base, draining roughly $3.2 million before funds were consolidated into DAI.WHAT HAPPENED:Attackers abused missing identity validation in SquidRouterModule and used a Foundry-based exploit contract to call the DelegateBundler route.The result:β’ 86 Safe accounts affectedβ’ USDC, ENA, and USDT drainedβ’ Assets swapped through attacker-seeded Uniswap V3 poolsβ’ Around 3.07 million DAI consolidated after laundering stepsLAUNDERING FLOW:The attack path shows clear pre-planning:β Tornado Cash-funded attacker EOAβ Exploit execution across Safe walletsβ Liquidity manipulation through worthless βuβ token poolsβ DAI conversionβ Relay.link and NEAR Intents Bridge movement attemptsKey addresses to monitor:β’ Attacker EOA: 0x9bdc730183821b6bb2b51be30b77c964fa645b91β’ DAI hub: 0xa447f71782135ab96a71374271a749ff7aa54859β’ Unknown 90 ETH wallet: 0xe12e0f117d23a5ccc57f8935cd8c4e80cd91ff01CHAINBOUNTY ANALYSIS:This was not a simple wallet drain. It targeted Safe execution infrastructure and abused delegated transaction pathways at scale.The Tornado Cash funding, attacker-seeded liquidity pools, and rapid DAI consolidation suggest a prepared operation rather than opportunistic theft.The current priority is a freeze-versus-bridge race. If the 3.07 million DAI hub has not exited to centralized venues, blacklist coordination may still reduce recovery loss.PROTECT YOURSELF:β’ Revoke SquidRouterModule permissions on Safe wallets immediatelyβ’ Review delegated module routes connected to treasury executionβ’ Monitor DAI consolidation wallets before funds move through bridges or swap aggregators
Verus Bridge Exploit: How a $10 Transaction Drained $11.4 MillionOn May 18, 2026, the Verus-Ethereum Bridge lost approximately $11.4 million in a single exploit transaction. The attacker paid roughly $10 in fees. The bridge released everything.What makes this incident especially alarming is that the system behaved exactly as designed.This exploit exposed a deeper structural weakness still present across many cross-chain bridges in DeFi.What Happened?The Verus-Ethereum Bridge enables asset transfers between the Verus blockchain and Ethereum.The protocol relied on a notary system where at least 8 out of 15 notaries had to cryptographically sign a state root before it was accepted as valid.The bridge successfully verified those signatures.But it failed to verify whether the underlying assets on the Verus side actually existed.According to Blockaid, the root cause was:βMissing source-amount validation in the checkCCEValues process.βIn simple terms, the attacker was able to create a cross-chain transfer request with an empty source-side payload. No real assets were locked on the Verus chain.The notaries signed the state root because the cryptographic structure itself appeared valid. The bridge then accepted that state and released real funds from its Ethereum reserves.The result: approximately $11.4 million drained from the bridge.This Isnβt a New Type of AttackThe attack category is painfully familiar.Major bridge exploits caused by source-destination validation failures include:Wormhole β $325M lostNomad β $190M lostFour years later, the same fundamental validation issue is still being exploited.Pre-Attack ActivityRoughly 14 hours before the exploit, the attackerβs execution wallet received 1 ETH from Tornado Cash.Tornado Cash Funding Address0x47ce0c6ed5b0ce3d3a51fdb1c52dc66a7c3c2936Attacker Execution Wallet0x5aBb91B9c01A5Ed3aE762d32B236595B459D5777This type of pre-funding pattern closely resembles operational behavior previously associated with organized threat actors, including Lazarus Group-linked activity seen before the Drift Protocol and KelpDAO exploits in April 2026.Attribution in the Verus incident remains unconfirmed.The Exploit TransactionExploit Transaction Hash0x6990f01720f57fc515d0e976a0c4f8157e0a9529194c4c15d190e98d087eb321Target Bridge Contract0x71518580f36feceffe0721f06ba4703218cd7f63The stolen assets were moved into the following holding wallet:Holding Wallet0x65Cb8b128Bf6e690761044CCECA422bb239C25F9Assets DrainedImmediately after the exploit, the attacker swapped the stolen tBTC into ETH using a swap contract.tBTC Swap Contract0x00000011f84b9aa48e5f8aa8b9897600006289beAfter consolidation, the attacker controlled approximately:5,402 ETH (~$11.4M)Where Did the Money Go?The stolen funds split into two major routes.Route A β USDC Flow Into BinanceThe USDC funds were routed through a DEX address before reaching a Binance deposit wallet. Holding Wallet β DEX Routing Address 0xbee3211ab312a8d065c4fef0247448e17a8da000 β β Binance Deposit Address 0xb300000b72deaeb607a12d5f54773d1c19c7028d Additional WETH and USDT inflows were also detected at the Binance deposit address.This is currently the strongest actionable lead in the investigation.If Binance compliance responds quickly, investigators may still have an opportunity to:Freeze assetsIdentify linked KYC accountsTrace additional laundering activityRoute B β ETH Laundering PathThe ETH moved through an intermediate address before disappearing further downstream. Holding Wallet β Intermediate Address 0x83928b7f2a85bdde9854f27a1e78aac29316f23b β Current Balance: 0 ETH Final Destination: UNKNOWN The ETH has already left the intermediate address.Investigators are now monitoring for:Mixer usageAdditional bridge hopsExchange depositsOTC cash-out activityPriority Actions1. Emergency Binance Freeze RequestCritical address:0xb300000b72deaeb607a12d5f54773d1c19c7028dBecause the wallet received direct exploit proceeds, there is sufficient basis for an emergency freeze request and KYC disclosure inquiry.Every hour matters.2. Continue ETH Route TrackingTracking target:0x83928b7f2a85bdde9854f27a1e78aac29316f23bAll outbound transactions from this address should be mapped and flagged across major exchanges before the attacker reaches a successful cash-out point.The Bigger Problem With Bridge SecurityAccording to PeckShield, at least eight major bridge exploits occurred between February and mid-May 2026, resulting in combined losses exceeding $328.6 million.The Verus exploit is simply the latest example.The economics are staggering:Attack cost: ~$10Profit: ~$11.4MEstimated ROI: ~1,140,000xWhat makes this even more frustrating is that the fix appears relatively straightforward.According to Blockaid, the bridge needed an additional validation step to confirm source-side asset amounts before releasing destination-side funds.That validation did not exist.And it is the same class of failure that contributed to the Wormhole and Nomad exploits years earlier.Final ThoughtsThe Verus Bridge exploit was not just a smart contract bug.It exposed a broader issue still affecting cross-chain infrastructure today:Many bridges verify cryptographic validity without verifying actual economic reality.A valid signature does not necessarily mean valid collateral exists.Until cross-chain security standards enforce both layers of verification, bridges will likely remain one of the most heavily exploited sectors in DeFi.
Become an Investigator
