How Did the Venus Protocol Attack Happen?

On-chain data reveals that the attack was carried out using a highly planned and complex strategy. According to analyses, the attacker used an address beginning with 0x1a35 and spent a long period preparing within the system. Research indicates that over approximately nine months, the attacker gradually accumulated around 84% of the THE token supply (about 14.5 million tokens) while quietly attempting to gain control over market liquidity. The actual exploit began when the tokens were transferred directly to the protocol contract. With this method, the attacker managed to bypass the platform’s normal deposit and supply cap control mechanisms. As a result, a collateral position far exceeding the system’s allowed limits was created. Ultimately, the attacker established a massive collateral position reaching approximately 3.7 times the permitted limit, enabling them to borrow a significant amount of assets from the protocol.

Using the inflated collateral value, the attacker borrowed large amounts of crypto assets from the protocol. According to blockchain analysis, the assets taken included:

• 20 BTC (Bitcoin)
• 1.58 million USDC
• 801 BNB
• 6.67 million CAKE tokens

As a result of these transactions, the total loss was reported to exceed $3.7 million.

Price Manipulation and THE Token Collapse

One of the strategies used during the attack involved price manipulation. After borrowing assets from the protocol using THE tokens as collateral, the attacker bought more THE tokens from the market to increase the collateral value. The goal was to wait for the oracle price mechanism to update, artificially inflating the collateral value and enabling the withdrawal of even more assets from the system. During this manipulation process, the THE token price rose from approximately $0.26 to $0.56. However, once the liquidation process began, heavy selling pressure quickly emerged in the market, causing the token price to drop sharply to around $0.22. Following the incident, market confidence declined, and the THE token lost more than 17% of its value within 24 hours.

After the attack, the Venus Protocol team quickly implemented several security measures. In a statement, the platform said:

“While we continue investigating unusual activity in the THE pool, we have temporarily suspended all THE borrowing and withdrawal operations to prevent further abuse.”

Additionally, the platform temporarily paused operations in several markets with high liquidity concentrations, including BCH, LTC, UNI, AAVE, FIL, and TWT.

DeFi Security Back in the Spotlight

This incident once again highlights that security vulnerabilities remain a significant risk in the DeFi ecosystem. As the industry grows, attack methods are becoming increasingly sophisticated. According to data from blockchain security firm PeckShield, total losses from crypto hacks fell to $49 million in February, marking the lowest level in the past year. However, phishing and social engineering attacks have increased during the same period. Experts emphasize that DeFi platforms need stronger security measures, particularly in critical areas such as supply caps, oracle price mechanisms, and collateral systems. The Venus Protocol attack once again exposed the security risks faced by decentralized finance platforms. The exploit, which resulted in a $3.7 million loss, demonstrates that supply cap manipulation and the abuse of pricing mechanisms continue to pose serious threats to DeFi protocols. Experts stress that strengthening security infrastructure is crucial for maintaining investor confidence in the DeFi ecosystem.

In the comment section, you can freely share your comments and  opinions about the topic. Additionally, don’ t forget to follow us on Telegram, YouTube, and Twitter for the latest news and updates.

The post Hack Shock in the Crypto Market: The Price Dropped Sharply! appeared first on Coin Engineer.

Security Breach on BONK.fun

According to the platform’s announcement, attackers managed to gain control of a BONK.fun team account and initiate a malicious process on the site. As a result of this breach, a wallet drainer mechanism targeting user wallets was activated on the platform. Such attacks are typically carried out through malicious smart contracts that can trigger unauthorized token transfers once users connect their wallets to the platform. Following the breach, the BONK.fun team announced that the incident is being thoroughly investigated and that a comprehensive security review has been launched to identify the root cause. The platform also warned users about potential risks and recommended that they revoke wallet approvals and transfer their assets to safer addresses. These steps are considered critical for minimizing potential losses. The BONK.fun team also advised users not to interact with the platform until the security investigation is fully completed. To reduce possible risks, users were reminded to take several security precautions:

• Revoke wallet approvals
• Check applications connected to their wallets
• Move assets to different and secure wallets

Security experts note that incidents like this, particularly on launchpad platforms, pose high risks related to phishing and wallet drainer attacks. According to experts, users should carefully review permissions before connecting their wallets to any platform and avoid suspicious transactions.

What is BONK.fun?

BONK.fun is a meme coin launchpad platform operating on the Solana network, previously known as LetsBONK. The platform provides infrastructure that allows users to create and launch new tokens without requiring technical knowledge or coding skills. Launched in April 2025 through a collaboration between the BONK community and Raydium, the platform uses a dynamic logarithmic bonding curve model to simplify token launch processes. With this system, token pricing can be determined automatically, enabling users to launch tokens much faster. As a result, BONK.fun offers a launchpad model designed to allow even users without technical expertise to easily start new meme coin projects.

The platform experienced rapid growth in the Solana launchpad market until mid-2025. BONK.fun quickly captured around 84% of the market share, surpassing the Pump.fun platform. However, over time the sustainability of the platform’s reward mechanisms became more difficult, and the number of successful token launches began to decline. This led to a noticeable decrease in user engagement. Meanwhile, Pump.fun regained strength in the market through large buybacks, the acquisition of Kolscan, and improved scaling infrastructure.

Evaluation

The security breach on BONK.fun once again highlights how critical security risks are for launchpad platforms. Since users must connect their wallets to these platforms, potential vulnerabilities can directly put user assets at risk. For this reason, experts emphasize that users should regularly review wallet permissions and avoid suspicious transactions when interacting with such platforms. Competition among launchpad platforms within the Solana ecosystem remains intense. While the rivalry between BONK.fun and Pump.fun continues, the recent security incident has once again highlighted the importance of strong security infrastructure for these platforms. According to analysts, such incidents represent a significant test for platforms trying to maintain user trust.

Also, in the comment section, you can freely share your comments and opinions about the topic. Additionally, don’t forget to follow us on Telegram, YouTube and Twitter for the latest news and updates.

The post Hack Shock in the Crypto Market: Critical Warning! appeared first on Coin Engineer.

How Did the Attack Happen?

According to blockchain data, the breach began when the externally owned account (EOA) controlling the “TransferValidatorWithPayload” contract was compromised. Once the attacker gained access to this private key, they obtained full control over the TokenSafe and MinterPool contracts, effectively seizing ownership-level authority within the system.

With these elevated permissions, the attacker abused mint and transfer functions to extract significant amounts of assets in a short period of time. Experts emphasized that this was not a complex smart contract exploit but rather a direct compromise of ownership and private key security. The stolen funds were largely converted into Ethereum (ETH) and later bridged to the Bitcoin network via THORChain. Analysts noted that this method—bridging across multiple networks—is commonly used to obscure fund tracking and complicate forensic analysis.

On-chain reports indicate that multiple digital assets were taken, including:

• 2,835 UNI
• 45,825 BUSD
• 85 million IOTX
• 71 PAXG
• 20,158 DAI
• 11 WBTC
• 635 WETH
• 36 million USDC
• 14 million USDT

In addition, the attacker reportedly minted approximately $4 million worth of CIOTX tokens via MinterPool. The total estimated loss exceeds $8 million.

Official Statement from IoTeX

Following the widespread circulation of the news, the IoTeX team released a formal statement confirming that the breach had been contained. The team suggested that some figures circulating online may have been exaggerated and that the actual realized loss could be lower.

They also confirmed that major cryptocurrency exchanges were contacted to help track and potentially freeze the stolen funds. Users were advised to rely only on official communication channels and disregard unverified information.

According to analysts, there was no inherent flaw in the protocol’s core smart contracts. However, the compromise of a single private key enabled a cascading system-wide impact. The loss of ownership authority allowed the attacker to manipulate minting and transfer functions, once again highlighting the critical importance of key management and security in DeFi and bridge infrastructures.

Evaluation

The $8 million hack within the IoTeX ecosystem underscores the fundamental importance of private key security in crypto infrastructure. Even without a smart contract vulnerability, the compromise of one privileged key led to significant financial damage. Moving forward, coordination between the IoTeX team and major exchanges will be crucial in tracking the stolen funds and exploring potential recovery options. The incident serves as another reminder that operational security especially around ownership keys remains one of the most critical layers in decentralized finance systems.

You can freely share your thoughts and comments about the topic in the comment section. Additionally, please don’t forget to follow us on our Telegram, YouTube and Twitter channels for the latest news and updates instantly.

The post Major Hack in This Altcoin: Million-Dollar Loss! appeared first on Coin Engineer.

Official Statement from CrossCurve

In an announcement shared on the X platform on Sunday, the CrossCurve team stated that a critical security vulnerability had been detected in one of the smart contracts used in the bridge infrastructure. Project officials confirmed that the vulnerability was exploited by attackers and noted that a detailed investigation has been launched to determine the full scope of the incident. The statement urged users to immediately halt all interactions with CrossCurve until the security review is completed.

“Our bridge is currently under attack. A vulnerability in one of the smart contracts has been exploited. Please stop interacting with CrossCurve until the investigation is complete.”

How Did the Attack Occur?

Blockchain security platform Defimon Alerts explained that the attack stemmed from a missing validation check in the ReceiverAxelar contract. According to the analysis, attackers were able to create fake cross-chain messages and call the expressExecute function, bypassing gateway validation. This led to unauthorized token releases from the protocol’s PortalV2 contract. Data from Arkham Intelligence shows that the PortalV2 contract balance dropped from approximately $3 million to nearly zero after the attack.

Experts note that this vulnerability bears similarities to the Nomad bridge exploit in 2022, which resulted in losses of around $190 million. Security expert Taylor Monahan emphasized after the incident that fundamental risks in cross-chain verification mechanisms still remain unresolved.

Protocol and Investor Support

CrossCurve, formerly known as EYWA, stands out as a cross-chain liquidity and settlement protocol developed in collaboration with Curve Finance. While aiming to enable secure and efficient cross-chain transfers within the decentralized finance ecosystem, the project is also supported by Curve Finance founder Michael Egorov. To date, CrossCurve has raised a total of $7 million across various funding rounds, attracting attention with its strong investor backing.

The protocol infrastructure integrates multiple validation and messaging systems such as Axelar and LayerZero to avoid reliance on a single validator for cross-chain transactions. Although this structure theoretically aims to enhance security, the recent attack reveals that cross-chain architectures still carry significant risks.

Assessment

The CrossCurve attack has once again demonstrated that cross-chain bridges continue to pose high security risks. This incident shows that users should consider not only yield and speed, but also smart contract risks and security architecture when interacting with bridge protocols. Especially in multi-chain infrastructures, even a small validation error has been proven once again to be capable of causing serious losses.

Also, you can freely share your thoughts and comments about the topic in the comment section. Additionally, please follow us on our Telegram, YouTube and Twitter channels for the latest news and updates.

The post Crypto Market Hit by Hack Shock: Millions of Dollars Stolen! appeared first on Coin Engineer.

Details of the Hack

The hackers rapidly converted the tokens in the pool into ETH and moved them across the Ethereum network with high liquidity. On-chain analyses reveal that the attackers used an MEV (Maximal Extractable Value) producer address to obscure their transactions and make tracking more difficult. While this method allows funds to be moved quickly and discreetly in DeFi attacks, it also significantly complicates tracing and investigation efforts for security researchers.

After the attack, the ETH was distributed to two main wallets:

• Wallet 1: 1,023 ETH (~$3.3 million)
• Wallet 2: 276 ETH (~$880,000)

This once again demonstrates the critical importance of security for liquidity pools and smart contracts on DeFi platforms.

The Makina Finance hack once again highlights the need for continuous audits and robust security measures in DeFi projects. To protect user funds, platforms must regularly update smart contract code, prepare in advance for potential attack scenarios, and tighten their risk management protocols requirements that are now more critical than ever.

These measures not only help build investor confidence, but also play a vital role in maintaining the long-term sustainability of the DeFi ecosystem, market stability, and overall trust in the sector. In addition, effective use of blockchain and on-chain analytics enables more proactive defenses against attacks and transparent tracking of fund movements.

Investor Warning

While Makina Finance has not yet released an official statement, it is crucial for investors to exercise extreme caution when allocating funds to DeFi liquidity pools. On-chain data and security reports not only help anticipate potential losses, but also provide valuable insights into which pools may be safer and which strategies carry higher risk. Such data serves as an important guide for protecting funds, monitoring liquidity flows, and taking precautions against possible attacks. Moreover, constantly evolving threats and smart contract vulnerabilities in the DeFi ecosystem make it essential for investors to treat risk management as a top priority.3

Also, you can freely share your thoughts and comments about the topic in the comment section. Additionally, please follow us on our Telegram, YouTube and Twitter channels for the latest news and updates.

The post Hack Incident Shakes the Market: Millions of Dollars Stolen appeared first on Coin Engineer.

How Did the Hack Happen?

Security monitoring platform Cyvers detected the attack and reported that 8,535 ETH was withdrawn from the “Truebit Protocol: Purchase” contract through a suspicious transaction, with total losses estimated at around $26 million. Further details are expected to be shared in the coming days.

According to initial findings, the attacker invoked a function within Truebit’s Purchase contract notably named “Attack.” Through this action:

• Approximately 8,500 ETH was withdrawn in a single transaction,
• Around 50% of the funds were quickly routed through Tornado Cash.

Experts emphasize that the attack was executed extremely quickly and abruptly, completed in a single move without any gradual draining or obfuscation attempts.

TRU Price Crash and Liquidity Crisis

Immediately after the incident, TRU suffered a drop of up to 100% on decentralized exchanges, effectively going to zero. This dramatic price collapse made it nearly impossible for investors to liquidate their positions. The rapid disappearance of liquidity led to significant losses, particularly for small and mid-sized investors. The event serves as a stark warning for the crypto community about vulnerabilities in decentralized protocols and underscores potential risks for other altcoin projects as well. Experts stress that development teams must strengthen security audits, while users should manage their funds with greater caution to prevent similar incidents.

Officials commented on the situation as follows:

“The attack occurred in a single transaction and resulted in a significant loss of funds. The Truebit team and security researchers are currently investigating the details of the incident. Investors are advised to remain cautious.”

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Truebit Protocol (TRU) Hacked! Price Dropped to Zero! appeared first on Coin Engineer.

The incident has reignited discussions around exchange security, privileged accounts, and the potential systemic risks they pose when misused.

Sudden Price Surge Fueled by $10–20 Million

Reports suggest that a potential attacker gained access to a market maker account on Binance holding between $10 million and $20 million in capital. Using these funds, the attacker allegedly executed aggressive buy orders in the BROCCOLI714–USDT pair on Binance’s spot market.

Due to relatively low liquidity in the pair, the impact of these large purchases was immediate and dramatic. Within a very short timeframe, the token’s price surged by approximately 16 times (16x). The move demonstrated how quickly substantial capital can distort price discovery in lower-liquidity altcoin markets.

Rapid Rise Followed by an Equally Sharp Collapse

Despite the explosive rally, the price increase proved to be unsustainable. Shortly after reaching its peak, BROCCOLI714 experienced a rapid sell-off, retracing almost the entire move and returning close to its original price levels.

This sequence of events closely resembles a classic pump-and-dump pattern. However, the suspected involvement of a compromised market maker account adds a more serious dimension to the situation, raising concerns beyond typical market manipulation narratives.

Market Maker Accounts Under the Spotlight

Market makers play a crucial role in maintaining liquidity and orderly trading on centralized exchanges. However, this incident highlights the risks associated with accounts that control large amounts of capital and have elevated operational privileges.

At the time of writing, Binance has not issued an official statement confirming or denying whether a market maker account was hacked. Nevertheless, the scale and speed of the price movement suggest that this was not a routine market event.

Broader Implications for Exchange Security

The situation underscores the importance of robust security measures for institutional and market maker accounts. If compromised, such accounts can introduce extreme volatility, undermine market confidence, and expose retail participants to significant risk.

As developments continue to unfold, the crypto community is closely monitoring the situation, particularly in terms of transparency, accountability, and preventive measures going forward.

This content does not constitute investment advice. Cryptocurrency markets are highly volatile, and individuals should conduct their own research before making any investment decisions.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Was a Binance Market Maker Account Compromised? appeared first on Coin Engineer.

On-Chain Data Strengthens Hack Suspicions

Blockchain security monitoring tools have reported that abnormal amounts of funds were withdrawn from Balancer’s liquidity pools within a short period of time.
Initial findings suggest that attackers may have exploited a vulnerability in the protocol’s smart contracts, leading to the unauthorized fund movements.

According to data shared by on-chain analytics platform PeckShield, hundreds of thousands of dollars worth of digital assets were transferred to multiple wallets. While the scale of the attack and the exact amount of losses have not yet been confirmed, community managers acknowledged the incident and stated that an investigation is ongoing.

BAL Token Price Reacts Sharply

Following the news, Balancer’s native token (BAL) experienced a sharp decline within hours. According to CoinGecko data, the BAL price dropped by nearly 7%, falling to around $0.90. As uncertainty over fund security persisted, a large number of investors shifted to sell positions.

Analysts suggest that while the incident could temporarily undermine confidence in the Balancer ecosystem, the price may recover if the team responds quickly with a strong technical fix and transparent communication.

What Is Balancer?

Founded in 2018, Balancer is one of the largest Ethereum-based automated market maker (AMM) protocols. It allows users to create custom liquidity pools, swap tokens, and earn trading fees from their deposits.

While Balancer has faced a few security vulnerabilities in the past, the team strengthened its audit and risk control processes following a smaller-scale exploit in 2023. However, this latest incident once again highlights that smart contract security remains a weak link within the DeFi industry.

DeFi Security Back in the Spotlight

The recent attack on Balancer serves as a reminder of how vulnerable decentralized finance protocols still are to cyber threats. Experts suggest that, depending on the scale of the breach, DeFi projects may adopt stricter security audits and standards in the coming months.

The Balancer team is currently working with blockchain security firms to determine the full scope of the attack and assess the status of user funds, as the community awaits further updates on the investigation.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post DeFi Protocol Balancer Has Been Hacked! appeared first on Coin Engineer.

What is 4 (FOUR)?

Introducing itself as “BNB’s most memeable meme coin,” $FOUR quickly attracted interest. The project’s motto supports this:

• $FOUR means no FUD.
• $FOUR means $4 billion.
• $FOUR means for everyone and everything.
• $FOUR, Make BNB Great Again!

These slogans indicate that the project operates with a community- and humor-focused perspective rather than a serious technical vision.

How Did 4 (FOUR) Emerge?

$FOUR’s story has an unusual beginning. The project came into the spotlight following a security breach of the BNB Chain’s official social media account. The hack led to phishing links being posted, causing user losses.

According to the BNB Chain team’s statement:

• The attacks resulted in a total loss of $8,000 across all chains.
• The largest loss was from a single user at $6,500.
• The attacker deployed a phishing contract. Initially injecting $17,800, he sold all his meme tokens for $22,000.

Following the incident, the team announced that victims would be fully compensated. They also emphasized that security measures would be enhanced and efforts to prevent similar attacks would continue.

The Community’s Unexpected Move

What sets $4 apart from other meme coins is the community’s response immediately after the hack. After the attacker sold all his tokens for a mere $4,000 profit, users essentially took ownership of the project.

The community repurchased the tokens at higher levels, turning the attack into an ironic launch. This response made $FOUR a meme in its own right.

Binance founder CZ also highlighted this development, describing the community’s comeback as “one of the funniest.”

“Interestingly, after the hacker dumped all his tokens for a $4k gain, the community took over and bought the meme coin higher, as a mock to the hacker. Funniest comeback by the community!”

What Does 4 (FOUR) Represent?

While $4 doesn’t offer a complex technical vision, it once again proves the power of community impact in the crypto ecosystem. The project demonstrates how users can turn a negative event into a positive story.

In the meme coin market, it shows that investors value not just profits but also irony, entertainment, and community spirit. $4’s story is a striking example for “meme coin culture.”

Born from a security breach, $FOUR was quickly embraced by the community and carved out its own place in the BNB Chain ecosystem. Its story and the community’s strong response make it unique.

$FOUR is more than a simple meme coin—it’s a symbol that highlights the resilience and humor of crypto communities. Therefore, $4 is likely to be remembered not just as a token but as an intriguing tale in crypto culture.

Official Links

• Website
• X (Twitter)

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post What is 4 (FOUR)? appeared first on Coin Engineer.

Details of the Hack

Venus confirmed that millions of dollars in assets were stolen during the attack. It is estimated that the breach occurred within the protocol’s liquidity pools.

Experts indicate that such attacks stem from security vulnerabilities in DeFi platforms.

Market Reaction

Following the hack, Venus token ($XVS) experienced a sharp price drop. Analysts warn that volatility may continue in the short term and advise investors to exercise caution.

This incident once again highlights how critical security is on DeFi platforms. Investors should carefully review security measures and the protocol’s track record before depositing funds into liquidity pools.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Hack Attack Shakes Investors: Major Protocol Affected appeared first on Coin Engineer.