Details of the Attack and Preparation

Blockchain analyses show the attacker funded their account stealthily with small 0.1 ETH transfers through Tornado Cash to avoid detection. Coinbase executive Conor Grogan said the attacker stored at least 100 ETH in Tornado Cash smart contracts and that those funds may link to earlier hacks. Grogan stated, “Hacker seems experienced: seeded the account with 100 ETH and operated with 0.1 ETH Tornado Cash transfers. No opsec leaks.” This behavior clearly points to a professional actor who prepared ahead of time. Balancer announced it would offer a 20% white‑hat bounty if the stolen funds were returned in full (minus the reward).

What Makes the Balancer Hack Unique

Deddy Lavid, co‑founder and CEO of blockchain security firm Cyvers, called the Balancer exploit one of the most sophisticated attacks of 2025. The attackers bypassed access control layers to manipulate asset balances directly. This represents a critical failure in operational governance rather than a flaw in core protocol logic.

Lavid also warned that static code audits are no longer enough. He urged platforms to implement continuous, real‑time monitoring to detect suspicious flows before funds are drained.

, co‑founder and CEO of blockchain security firm Cyvers, called the Balancer exploit one of the most sophisticated attacks of 2025. The attackers bypassed access control layers to manipulate asset balances directly. This represents a critical failure in operational governance rather than a flaw in core protocol logic.

Lavid also warned that static code audits are no longer enough. He urged platforms to implement continuous, real‑time monitoring to detect suspicious flows before funds are drained.

Lazarus Group and Long‑Term Preparation Strategies

Similarly, North Korean group Lazarus reportedly paused illicit activity for months before the Bybit hack. Chainalysis data showed a sharp decline in cybercriminal activity after July 1, 2024, which experts interpreted as regrouping to identify new targets and probe infrastructure.

In the Bybit incident, attackers laundered the $1.4 billion through THORChain within 10 days. That operation demonstrates how months‑long stealth and preparation can precede large, professionally executed exploits—parallels that highlight the seriousness of the Balancer incident.

Recommendations for Balancer Users

Store crypto assets only in trusted wallets and avoid moving large sums in single transactions. Be aware that using Tornado Cash and similar mixers can draw attention from professional attackers and investigators, and consider employing multi‑layer security practices to reduce exposure to sophisticated on‑chain exploits.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Was the Balancer DEX Hack Prepared Months in Advance? appeared first on Coin Engineer.

Details & On-Chain Evidence 

The incident occurred on HyperEVM, Hyperliquid’s Layer-1 blockchain, seconds after the NFTs dropped.  

Attacker’s Movement: Transaction records show extraordinary activity on the suspected attacker wallet 0x72785D42…e1a5238df. Multiple Hypurr NFTs (#2394, #4419, #4084, #4250) were transferred in from different wallets between 50 and 23 minutes ago.  

Immediate Sale: NFTs were quickly sold on NFT marketplaces (likely Match Advance), showing the attacker used market liquidity for instant profit.  

Hypurr NFT Value & Official Warning 

The stolen collection is highly valuable:  

• Given to Genesis Event participants in Nov 2024.  
• Total supply capped at 4,600 NFTs.  
• Users warned no new minting needed and to beware of scams.  

The warning suggests NFTs were stolen from wallets compromised earlier via phishing or suspicious contract approvals, not during the airdrop itself.  

Urgent Security Measures for Users  

• Revoke Permissions: Use revoke.cash to cancel any old or suspicious smart contract approvals.  
• Asset Transfer: Move remaining crypto and NFTs to a new secure wallet if keys may be compromised.  
• The $HYPE team and security units are expected to release full details and attack mechanisms soon.  

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post NFT Heist! HyperEVM (HYPE) Airdrop Stolen Instantly appeared first on Coin Engineer.

Shibarium Bridge Flash Loan Attack Details 

On September 14, the Shibarium cross-chain bridge became the target of a sophisticated flash loan attack. The hacker borrowed 4.6 million BONE tokens and gained control of 10 out of 12 validator signing keys, achieving a two-thirds majority. Using this power, the attacker attempted to withdraw approximately 224.57 ETH and 92.6 billion SHIB. 

Shiba Inu developers acted quickly to suspend staking and unstaking functions, locking the BONE tokens and removing majority control from the attacker. In addition, the hacker held about $700,000 worth of KNINE tokens from the K9 Finance DAO project. The K9 Finance DAO denylisted the attacker’s address to prevent KNINE token liquidation. LEASH, ROAR, TREAT, BAD, and SHIFU coins were also affected but have not been moved or sold. 

UPDATE 13/09/25

What we know so far about the recent incident

How the exploit was executed:

• The attacker used funds from the bridge hack in the same block as the attack to acquire 4.6M BONE to temporarily gain validator voting power, attempting to do it in one… https://t.co/4Ft1VMxeBv

— Shib (@Shibtoken) September 13, 2025

Developer Actions and Security Measures 

The Shiba Inu team secured investor funds by transferring them from proxy contracts to a multisig cold storage wallet. They collaborated with security firms Hexens, Seal911, and PeckShield to conduct a thorough investigation. The developers confirmed that the 4.6 million BONE tokens remain locked, and all validator assets are secure. They continue monitoring and freezing attacker-linked funds while preparing a full incident report. 

Market Impact and Token Performance 

Despite the attack, BONE token surged by 40% while SHIB gained over 8%. These movements reflect investor confidence following the team’s rapid intervention. The Shibarium attack highlights DeFi ecosystem risks, but Shiba Inu’s swift measures ensured all funds stayed safe. 

 You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Shibarium Shiba Bridge Hit by $2.3M Flash Loan Attack! appeared first on Coin Engineer.

Platform users are closely monitoring the situation to secure their assets. The Nemo Protocol team has yet to provide a detailed public statement. Meanwhile, the community seeks clarity on whether the lost funds can be recovered. Security researchers are actively investigating the attack and tracking the attacker’s wallet movements. 

Attack Details and Implications for Nemo Protocol 

Nemo Protocol allows users to deposit assets and take positions based on changing interest rates. All operations are automated through smart contracts, making the system fast and efficient. However, even minor coding errors can lead to significant losses. In this case, the attacker exploited a weak point and quickly moved the funds across different networks, evading detection. 

The scale of this single attack is concerning. DeFi hacks continue to account for a large portion of crypto losses in 2025. Every month, new incidents increase the total loss, with August alone seeing millions of dollars stolen in 16 separate attacks. 

Cross-Chain Bridges: Key Vulnerabilities for DeFi 

Cross-chain bridges allow users to transfer assets between different blockchains. While convenient, these bridges concentrate large funds, making them prime targets for hackers. Attackers exploit the complexity of DeFi systems to move stolen assets across multiple networks. Cross-chain vulnerabilities remain one of the biggest security concerns in DeFi. 

Developers must prioritize security measures to prevent attacks. Even sophisticated users cannot fully mitigate risks if bridge and contract vulnerabilities exist. 

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Breaking: Sui-Based DeFi Platform Hacked! appeared first on Coin Engineer.

One message. That’s all it takes for hackers to drain your entire wallet. A signed offchain message is now powerful enough to hand over control of your funds — no onchain transaction required.

EIP-7702: The Risky New Delegation Mechanism

Activated on May 7, 2025, Pectra’s centerpiece EIP-7702 introduces a transaction type called SetCode, which allows users to delegate control of their wallets via a simple signature.

Arda Usman, a Solidity smart contract auditor, confirmed: “An attacker can use this offchain signature to install malicious code into an externally owned account (EOA) and move ETH or tokens — without the user ever signing a transaction.”

This feature effectively transforms user wallets into smart contracts, opening the door to silent yet devastating attacks.

A Stealth Threat Via Innocent-Looking Messages

Yehor Rudytsia, an onchain researcher at Hacken, emphasized that this transaction type allows arbitrary code to be installed in wallets. Previously, such a change required an actual transaction; now, only a signature is enough.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

This shift means phishing attempts, fake DApps, or Discord scams can now result in complete wallet takeovers. “We believe this will become the most common attack vector following the Pectra upgrade,” Rudytsia warned.

Wallet applications that fail to correctly interpret transaction type 0x04 are especially vulnerable.

Hardware Wallets Are Not Immune Anymore

The once-clear distinction between hot and cold wallets is fading. Rudytsia highlighted that hardware wallets are now just as vulnerable if users unknowingly sign malicious messages: “Once signed, all funds can be gone in a moment.”

To stay safe, users should:

• Never sign messages they do not fully understand.
• Look out for delegation requests, especially those involving nonce values.
• Be aware that some delegation signatures can be replayed on any Ethereum-compatible chain.

While multisig wallets offer more robust protection, single-key wallets — including hardware ones — must adopt new safeguards to prevent exploitation.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Ethereum Pectra Update Contains a Critical Vulnerability! appeared first on Coin Engineer.

Millions Lost Within Minutes

The attacker deployed a smart contract from address 0xb32a53… at 07:31 UTC and launched the exploit two minutes later from contract 0x631adf…, draining funds from wallet 0xb5252f… The stolen tokens were quickly converted into USDT, totaling $2,152,219.99.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Cyvers classified the exploit as “critical,” citing abnormal transaction patterns and suspicious contract code. As of publication, the attacker’s wallet remains active and has not moved the stolen assets. No official statement has been issued by the Mobius Token team.

Cyvers noted their system had flagged the malicious contract two minutes prior to the exploit, but it was too late to prevent the loss.

Crypto Exploits Surge in 2025

This incident follows a wave of crypto hacks reported in April 2025, when PeckShield identified over $360 million in digital asset losses from 18 attacks — a 990% increase from March. The largest was a $330 million BTC theft via social engineering.

As the crypto space grows, so do the threats. This attack highlights the importance of not only decentralization but robust smart contract security in protecting investors and protocols alike.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Mobius Token Smart Contracts Exploited on BNB Chain appeared first on Coin Engineer.

“OKX cannot freeze a customer’s funds based on a personal X post or verbal communication. We follow legal consumer protection policies. As a CEO yourself, you should understand this,” Xu said. He added that no such request had been received via official channels. “Our LE team checked all inboxes — including spam. No request related to this case was found,” Xu stated.

Tron DAO Confirms Account Breach

On May 3, Tron DAO informed its 1.7 million followers that the organization’s X account was compromised. The hacker reportedly shared a malicious smart contract address, sent suspicious DMs, and followed random accounts.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Sun claimed, “These stolen funds are not mine. I’m acting to protect the community.” His original post, which accused OKX of negligence, was later deleted. Xu responded by asking Sun to publicly share a screenshot of the alleged law enforcement request.

Crypto Twitter Faces Wave of Hacks

The Tron incident follows a series of high-profile security breaches targeting crypto accounts on X. On March 15, Kaito AI and its founder Yu Hu were hacked; attackers shorted KAITO tokens and posted fake security alerts.

Earlier on February 26, Pump.fun’s X account was hijacked to promote a fraudulent governance token. On April 15, UK MP Lucy Powell also had her account compromised to push a scam crypto coin.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post OKX Claps Back at Justin Sun Over Alleged Freeze Request appeared first on Coin Engineer.

The exploit occurred on April 26 when attackers manipulated Loopscale’s RateX PT token pricing. Approximately $5.7 million worth of USDC and 1,200 Solana (SOL) were drained from the protocol, accounting for about 12% of total funds.

Hope for Settlement With White Hat Hacker

After the attack, Loopscale’s team sent an onchain message to the exploiter on April 27, offering a 10% bounty and full legal immunity in exchange for 90% of the funds. On April 28, the attacker responded, showing willingness to negotiate.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

So far, 10,000 WSOL (~$1.48M) and 4,463 WSOL (~$660K) have been returned, following an earlier 5,000 WSOL (~$740K) recovery.

10% Bounty Offer Yields Results

Recoveries like this are rare in the DeFi world. But Loopscale’s communication strategy appears to have worked. Meanwhile, Term Finance — another Ethereum-based lending protocol — also recently recovered $1M out of $1.6M lost due to an oracle issue.

According to an April report from blockchain security firm PeckShield, more than $1.6 billion in crypto was stolen in Q1 2025. Of that, $1.5 billion came from a massive attack on Bybit, linked to North Korea’s Lazarus Group.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Loopscale Recovers $2.8M After DeFi Exploit and Bounty Talks appeared first on Coin Engineer.

According to blockchain security firm CertiK, the most significant loss was the $13 million smart contract exploit of the Abracadabra.money decentralized lending protocol on March 25.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Major Code Vulnerabilities and Wallet Breaches

• Code vulnerabilities accounted for over $14 million in losses.
• Wallet compromises resulted in over $8 million being stolen.
• The Zoth protocol suffered a $8.4 million loss after its deployer wallet was compromised.

Some Funds Were Recovered!

While over $33 million was stolen in total, decentralized exchange aggregator 1inch successfully recovered most of the $5 million stolen in a March 5 exploit after negotiating a bug bounty agreement with the attacker.

However, blockchain investigator ZachXBT claimed that an unidentified Coinbase user lost 400 Bitcoin ($34 million).

Additionally, the Australian Federal Police warned 130 people on March 21 about a crypto scam impersonating exchange sender IDs.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Crypto Fraud Losses Drop in March appeared first on Coin Engineer.