Refund Plan for Recovered Assets

The protocol will return the $8 million in recovered tokens, secured by whitehat teams and Balancer internal security, to affected users in the same token types. StakeWise separately handles $19.7 million in osETH and osGNO positions with an independent recovery timeline.

Whitehat actors, who helped secure funds ahead of the hacker, will receive 10% of the recovered assets as rewards, paid in the same token types. Some chose to waive their rewards, highlighting ethical hacking compliance under Balancer’s Safe Harbor Agreement.

Affected users will connect their wallets, verify balances via snapshot, and accept a short legal agreement. Approved claims are paid instantly. The claim window is expected to be open for 90–180 days, after which unclaimed funds may be redirected by DAO vote.

Market Impact and Behavioral Analysis

Following this, the attacker recently moved 6,999 ETH to a new wallet, triggering increased attention and scrutiny on on-chain analytics platforms. After the exploit, Balancer’s TVL dropped from $775 million to $258 million, and the BAL token lost roughly 30% of its value. Meanwhile, the announcement of the refund plan led to a 2% recovery in BAL price over the past 24 hours.

The root cause of the attack was minor rounding errors in some v2 pool balance calculations. This flaw created extremely unbalanced pools, enabling manipulation that drained millions of dollars.

DeFi Security Test

This refund initiative emphasizes transparency and strengthens investor confidence. The DAO expects the claim portal to go live in late December or early January, while StakeWise recovery follows its own schedule. The case underscores the importance of secure DeFi protocols for future investor trust.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Balancer Announces $8M Refund Plan After $128M Hack appeared first on Coin Engineer.

Details of the Attack and Preparation

Blockchain analyses show the attacker funded their account stealthily with small 0.1 ETH transfers through Tornado Cash to avoid detection. Coinbase executive Conor Grogan said the attacker stored at least 100 ETH in Tornado Cash smart contracts and that those funds may link to earlier hacks. Grogan stated, “Hacker seems experienced: seeded the account with 100 ETH and operated with 0.1 ETH Tornado Cash transfers. No opsec leaks.” This behavior clearly points to a professional actor who prepared ahead of time. Balancer announced it would offer a 20% white‑hat bounty if the stolen funds were returned in full (minus the reward).

What Makes the Balancer Hack Unique

Deddy Lavid, co‑founder and CEO of blockchain security firm Cyvers, called the Balancer exploit one of the most sophisticated attacks of 2025. The attackers bypassed access control layers to manipulate asset balances directly. This represents a critical failure in operational governance rather than a flaw in core protocol logic.

Lavid also warned that static code audits are no longer enough. He urged platforms to implement continuous, real‑time monitoring to detect suspicious flows before funds are drained.

, co‑founder and CEO of blockchain security firm Cyvers, called the Balancer exploit one of the most sophisticated attacks of 2025. The attackers bypassed access control layers to manipulate asset balances directly. This represents a critical failure in operational governance rather than a flaw in core protocol logic.

Lavid also warned that static code audits are no longer enough. He urged platforms to implement continuous, real‑time monitoring to detect suspicious flows before funds are drained.

Lazarus Group and Long‑Term Preparation Strategies

Similarly, North Korean group Lazarus reportedly paused illicit activity for months before the Bybit hack. Chainalysis data showed a sharp decline in cybercriminal activity after July 1, 2024, which experts interpreted as regrouping to identify new targets and probe infrastructure.

In the Bybit incident, attackers laundered the $1.4 billion through THORChain within 10 days. That operation demonstrates how months‑long stealth and preparation can precede large, professionally executed exploits—parallels that highlight the seriousness of the Balancer incident.

Recommendations for Balancer Users

Store crypto assets only in trusted wallets and avoid moving large sums in single transactions. Be aware that using Tornado Cash and similar mixers can draw attention from professional attackers and investigators, and consider employing multi‑layer security practices to reduce exposure to sophisticated on‑chain exploits.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Was the Balancer DEX Hack Prepared Months in Advance? appeared first on Coin Engineer.

In their announcement, the team said: “The recent incident halted our growth, and safely restarting would require six- to seven-figure costs for audits and monitoring, which we do not have.” This adds another closure to the recent wave of shutdowns in the DeFi sector.

DeFi Security in Focus After $8.4 Million Exploit

Bunni DEX was built on the Uniswap v4 infrastructure and used a custom Liquidity Distribution Function to optimize returns for liquidity providers. However, the September attack affected both the Ethereum mainnet and the Layer 2 UniChain network, resulting in total losses of $8.4 million.

Following the exploit, the platform’s Total Value Locked (TVL) fell from $80 million to nearly zero within just two months. The team paused all smart contract functions and announced that users could withdraw their assets via the website. Remaining treasury assets will be distributed to BUNNI, LIT, and veBUNNI token holders once legal procedures are completed.

Smart Contracts Made Open-Source Under MIT License

Despite shutting down, the Bunni team took a noteworthy step by transferring its v2 smart contracts from the Business Source License (BUSL) to the MIT license. This change allows developers to access all features previously created by Bunni, including liquidity distribution functions, volatility fees, and autonomous rebalancing systems.

This move ensures that even after the project’s closure, Bunni continues to contribute to the DeFi ecosystem. Experts suggest that the open-source MIT license may inspire the development of safer and more transparent decentralized exchanges in the future.

Chain of Closures in the DeFi Ecosystem

The closure of Bunni DEX came shortly after Kadena announced the termination of its operations the same week. This highlights the ongoing impact of the crypto winter and the significant challenges DeFi projects face in maintaining sustainability.

Experts emphasize that these recent events have shaken investor confidence, making security audits, capital management, and risk controls more critical than ever for decentralized finance projects.

Conclusion

The closure of Bunni DEX is more than just the loss of a single project—it serves as a warning for the DeFi ecosystem. Innovative platforms may offer high returns, but security vulnerabilities and a lack of sustainable funding create the weakest link in the ecosystem.

The decision to make Bunni’s code open-source under the MIT license leaves a positive legacy for the sector. However, the financial losses underscore the need for stricter regulatory and auditing processes for decentralized finance projects in the future.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bunni DEX Shuts Down After $8.4 Million Security Breach appeared first on Coin Engineer.

Cetus Protocol Breach Pressures SUI: $4.01 Support In Jeopardy

Following the news of the security breach, SUI witnessed sharp selling pressure and is currently attempting to hold above the crucial $4.01 support. Analysts warn that if this level is lost on a 4-hour close, the price may retreat further to the $3.83 support.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Increased trading volume in recent hours signals that this level is under heavy scrutiny. A confirmed breakdown could open the door to further downside pressure.

Recovery Scenario: Targeting A Move Toward $4.20

Still, if $4.01 holds and buyers regain control, a short-term rebound is possible. In such a case, a recovery move toward $4.20 is likely. Technical indicators suggest an increased probability of testing this level again if support remains intact.

The coming hours could prove pivotal for SUI, as traders await confirmation of either a breakdown or a bounce from support.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post SUI Price Plunges After Cetus Hack, All Eyes On Key Support appeared first on Coin Engineer.

Millions Lost Within Minutes

The attacker deployed a smart contract from address 0xb32a53… at 07:31 UTC and launched the exploit two minutes later from contract 0x631adf…, draining funds from wallet 0xb5252f… The stolen tokens were quickly converted into USDT, totaling $2,152,219.99.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Cyvers classified the exploit as “critical,” citing abnormal transaction patterns and suspicious contract code. As of publication, the attacker’s wallet remains active and has not moved the stolen assets. No official statement has been issued by the Mobius Token team.

Cyvers noted their system had flagged the malicious contract two minutes prior to the exploit, but it was too late to prevent the loss.

Crypto Exploits Surge in 2025

This incident follows a wave of crypto hacks reported in April 2025, when PeckShield identified over $360 million in digital asset losses from 18 attacks — a 990% increase from March. The largest was a $330 million BTC theft via social engineering.

As the crypto space grows, so do the threats. This attack highlights the importance of not only decentralization but robust smart contract security in protecting investors and protocols alike.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Mobius Token Smart Contracts Exploited on BNB Chain appeared first on Coin Engineer.

“OKX cannot freeze a customer’s funds based on a personal X post or verbal communication. We follow legal consumer protection policies. As a CEO yourself, you should understand this,” Xu said. He added that no such request had been received via official channels. “Our LE team checked all inboxes — including spam. No request related to this case was found,” Xu stated.

Tron DAO Confirms Account Breach

On May 3, Tron DAO informed its 1.7 million followers that the organization’s X account was compromised. The hacker reportedly shared a malicious smart contract address, sent suspicious DMs, and followed random accounts.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Sun claimed, “These stolen funds are not mine. I’m acting to protect the community.” His original post, which accused OKX of negligence, was later deleted. Xu responded by asking Sun to publicly share a screenshot of the alleged law enforcement request.

Crypto Twitter Faces Wave of Hacks

The Tron incident follows a series of high-profile security breaches targeting crypto accounts on X. On March 15, Kaito AI and its founder Yu Hu were hacked; attackers shorted KAITO tokens and posted fake security alerts.

Earlier on February 26, Pump.fun’s X account was hijacked to promote a fraudulent governance token. On April 15, UK MP Lucy Powell also had her account compromised to push a scam crypto coin.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post OKX Claps Back at Justin Sun Over Alleged Freeze Request appeared first on Coin Engineer.

The exploit occurred on April 26 when attackers manipulated Loopscale’s RateX PT token pricing. Approximately $5.7 million worth of USDC and 1,200 Solana (SOL) were drained from the protocol, accounting for about 12% of total funds.

Hope for Settlement With White Hat Hacker

After the attack, Loopscale’s team sent an onchain message to the exploiter on April 27, offering a 10% bounty and full legal immunity in exchange for 90% of the funds. On April 28, the attacker responded, showing willingness to negotiate.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

So far, 10,000 WSOL (~$1.48M) and 4,463 WSOL (~$660K) have been returned, following an earlier 5,000 WSOL (~$740K) recovery.

10% Bounty Offer Yields Results

Recoveries like this are rare in the DeFi world. But Loopscale’s communication strategy appears to have worked. Meanwhile, Term Finance — another Ethereum-based lending protocol — also recently recovered $1M out of $1.6M lost due to an oracle issue.

According to an April report from blockchain security firm PeckShield, more than $1.6 billion in crypto was stolen in Q1 2025. Of that, $1.5 billion came from a massive attack on Bybit, linked to North Korea’s Lazarus Group.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Loopscale Recovers $2.8M After DeFi Exploit and Bounty Talks appeared first on Coin Engineer.

On April 26, a hacker siphoned around $5.7 million USDC and 1,200 SOL by executing a series of undercollateralized loans, co-founder Mary Gooneratne said.

Following the attack, Loopscale announced it had re-enabled loan repayments, balance top-ups, and loop closing. However, “all other app functionalities, including Vault withdrawals, remain temporarily restricted” as investigations continue.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Gooneratne clarified that only the USDC and SOL vaults were impacted, with the losses representing about 12% of the protocol’s total value locked (TVL).

DeFi Sector Continues to Face Cyber Threats!

The Loopscale team emphasized that they are fully mobilized to investigate the incident, recover the stolen funds, and protect users.

In the first quarter of 2025, hackers stole over $1.6 billion in cryptocurrencies from exchanges and on-chain smart contracts. Over 90% of these losses were attributed to the $1.5 billion hack on the centralized exchange ByBit, reportedly orchestrated by North Korea’s Lazarus Group.

Loopscale’s Innovative Lending Model

Loopscale officially launched on April 10 after a six-month closed beta. The platform aims to boost capital efficiency by directly matching lenders and borrowers.

Unlike traditional DeFi platforms like Aave, Loopscale operates on an order book model rather than liquidity pools.

Its main USDC and SOL vaults currently offer annual percentage rates (APRs) exceeding 5% and 10%, respectively. It also supports lending markets for tokens such as JitoSOL, BONK, and looping strategies for over 40 token pairs.

Loopscale holds approximately $40 million in total value locked and has attracted over 7,000 lenders, according to researcher OurNetwork.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Solana’s DeFi Protocol Loopscale Halts Lending After $5.8M Hack appeared first on Coin Engineer.

A major development has shaken the crypto investment world. Well-known on-chain investigator ZachXBT has claimed that the so-called “Hyperliquid whale,” who trades with 50x leverage on the Hyperliquid exchange, is in fact a cybercriminal gambling with stolen funds.

This whale managed to survive liquidation attempts by crypto investors and secured an impressive $9 million in net profit. ZachXBT emphasized that this whale has no connection to the North Korea-backed Lazarus Group. Earlier this year, in February 2025, ZachXBT had linked the $1.5 billion Bybit hack to that hacker collective. Now, he has followed the trail to this Hyperliquid whale.

“Crypto Twitter Is Speculating, But the Truth Is More Sinister”

ZachXBT made the following statement on X (Twitter):

“It’s funny watching CT speculate on the ‘Hyperliquid whale’ when in reality it’s just a cybercriminal gambling with stolen funds.”

Responding to a follower’s question regarding potential ties to the Lazarus Group, ZachXBT replied:

“No, there’s no connection to Lazarus.”

Some users asked ZachXBT to reveal the whale’s identity. However, he responded by saying:

“We’ll see, it’s just not enjoyable posting investigations on X/Twitter anymore.”

Failed Attempts to Liquidate the Whale

For weeks, the crypto market has speculated about who the Hyperliquid whale is and how they could be stopped. The whale had opened 40x and 50x short positions on Bitcoin (BTC) and Ethereum (ETH), drawing massive attention.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The whale notably opened a $450 million short position on BTC, which triggered a major reaction across the market. Traders attempted to counter this by aggressively buying up BTC, trying to force a liquidation. However, they ultimately failed. According to Lookonchain, the whale deposited an additional $5 million USDC to increase margin and avoid liquidation.

Aside from BTC and ETH, the whale also opened a $31 million short position on Chainlink (LINK) with 10x leverage and placed short orders on GMX.

A Major Threat in the Crypto Market: Stolen Funds and High-Leverage Trades

ZachXBT’s comments have reignited concerns about stolen funds re-entering circulation through decentralized finance (DeFi) protocols. The situation also highlights how cybercriminals exploit high-leverage trading to gamble with illicit funds, posing a significant risk to the overall market.

While the true identity of this whale remains undisclosed, the broader question for the crypto ecosystem is how to address these high-risk scenarios and prevent bad actors from destabilizing the markets.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Big Bet from ZachXBT on Whale in Hyperliquid! appeared first on Coin Engineer.

North Korea-Linked Lazarus Group in Action!

According to a pseudonymous crypto analyst, the Lazarus Group, linked to North Korea, has successfully laundered the majority of the funds stolen from Bybit on February 21. Only 156,500 ETH remains to be moved, which is expected to happen within the next three days.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The FBI has flagged 51 Ethereum addresses, while Elliptic has identified over 11,000 wallet addresses connected to the hackers. Chainalysis reports that the attackers have converted portions of the stolen Ether into Bitcoin (BTC), Dai (DAI), and other assets using DEXs, cross-chain bridges, and instant swap services.

THORChain Under Fire!

Hackers have been utilizing decentralized protocols to obscure their transactions. One of the most criticized platforms in this process has been THORChain. Developer “Pluto” announced they would no longer contribute to the protocol after a proposal to block North Korean hacker-linked transactions was overturned.

The Bybit hack, with a $1.4 billion loss, is the biggest exploit in crypto history, surpassing the $650 million Ronin Bridge hack from March 2022 by more than double.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bybit Hackers Resume Laundering! appeared first on Coin Engineer.