One of the most substantial hacks in the month took place on May 22 on the Cetus decentralized exchange, leading to user losses of $223 million within a span of 24 hours. As per blockchain security firm Dedaub, hackers exploited a flaw in the most significant bits (MSB) check, which allowed them to manipulate the liquidity parameters and establish large positions instantly.

PeckShield and the Sui Network promptly froze $157 million in stolen funds, accounting for 71% of the total stolen amount. The second-largest exploit of the month was a $12 million attack on the DeFi platform, Cork Protocol. The attacker reportedly stole around 3,761 Wrapped Staked Ether (wstETH), which was later converted to Ether ETHUSD.

The remaining three of the top five hacks in May included a suspected DPRK-linked hack of $5.2 million, an MBU token exploit of $2.2 million, and a MapleStory Universe exploit resulting in a loss of $1.2 million.

This decline in crypto theft comes as the industry is stepping up its measures to fight against hackers. BitMEX’s security team discovered operational security gaps in the Lazarus Group, a North Korean state-sponsored cybercrime network, following a counter-operations investigation.

In the first quarter of 2025, over $1.63 billion in cryptocurrency was stolen, with the Bybit exploit accounting for more than 92% of the total losses. The industry saw over $87 million in crypto hacks in January, and a dramatic increase to $1.53 billion in February, largely due to the Bybit incident, marking one of the largest crypto thefts to date.

The post Crypto Theft Declines by 40% in May; $244M Targeted, Reports PeckShield appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

Multichain, the MPC bridge platform, has seen extraordinarily large outflows, leading to fears of a potential multi-million dollar exploit targeting the platform. The alarming movement, which saw over $130 million worth of crypto being transferred out from the platform, has sparked concerns among observers and investors.

These outflows were first noticed on July 6, when it was observed that $102 million worth of crypto was withdrawn from the Multichain Fantom bridge on the Ethereum side. In addition, $666,000 worth of Dogecoin and $5 million from Moonriver were withdrawn. Further, the Fantom bridge’s Ethereum smart contract saw the withdrawal of 7214 Wrapped Ether (WETH) tokens worth $13.6 million, 1024 Wrapped Bitcoin (WBTC) worth $31 million, and $58 million worth of the USDC stablecoin. The total value of the crypto removed by the end of the day amounted to over $100 million.

Additional Withdrawals Raising Concern

In addition to the massive withdrawals from the Multichain Fantom bridge, the Dogecoin bridge’s Ethereum contract experienced a withdrawal of around $666,000, which accounts for more than 86% of its total deposits. As a result, only around $100,000 worth of assets remains in the bridge. Similarly, the Multichain Moonriver contracts on Ethereum saw withdrawals of over $5.8 million worth of USDT and USDC. Currently, the Moonriver bridge contracts only have about $700,000 left.

Potential Exploit and Multichain’s Response

Various on-chain investigators took to Twitter, warning the community of a potential exploit. Blockchain security firm PeckShield tagged Multichain in a post, highlighting the Phantom chain transactions and urging the team to review. While Multichain did not respond initially, Fantom Foundation CEO Michael Kong assured the community that the Fantom team was looking into the issue.

Multichain eventually responded, confirming the abnormal movement of funds and stating that the team was “unsure of what was happening and is currently investigating the issue.”

Multichain’s Escalating Issues

Multichain operates as a multi-party computation (MPC) bridging network, allowing users to bridge assets between chains. However, Multichain has been drawing negative attention following technical issues in recent weeks. In May, the team announced that the CEO had gone missing, resulting in significant transaction delays due to unforeseen circumstances. Adding to the concern, Binance also announced a halt in the withdrawal of some Multichain derivative tokens due to network issues.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The post Concerns of Potential Exploit Arise as Multichain Witnesses Crypto Outflows Worth $130M appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

Sturdy Finance, a well-known DeFi lending protocol, recently faced an unfortunate incident – a security attack by an anonymous hacker, resulting in a loss of 442 ETH, equivalent to around $800,000. The alleged hacker took advantage of the protocol’s re-entrancy vulnerability to manipulate a price oracle incorrectly.

PeckShield, a reputable blockchain analytics company, publicized the incident on Twitter, highlighting the exploitation Sturdy Finance had undergone. According to PeckShield’s analysis, the exploit didn’t reveal any classic signs of a smart contract hack or security breach. Instead, it appears that price manipulation was the issue. Additionally, the analysis identified the hacker’s address and noted that the offender had transferred the 442.6 ETH to Tornado Cash, a decentralized crypto mixer, effectively obscuring the transaction details.

Sturdy Finance Responds to the Security Incident

In response to the unfortunate event, Sturdy Finance promptly halted its trading services to prevent any additional losses. The platform reassured its community, stating “no additional funds are at risk,” and promised to provide more information once they resolved the issue. Furthermore, the team comforted its users by assuring them that no immediate action was required from their end.

Analysis of the Security Breach and the Broader DeFi Landscape

BlockSec, a security firm, identified the root cause of the exploit as the typical Balancer’s read-only re-entrancy, alongside manipulation of the B-stETH-STABLE price. They stated that the exploiter managed to steal the ETHs through this manipulation.

In a broader context, DeFi REKT Database’s recent analysis highlighted that there have been almost nine DeFi attacks this month alone. Among these, the most devastating was the Atomic Wallet exploit on June 4, one of the most significant crypto exploits in history, leading to a loss of over $35 million.

The post DeFi Platform Sturdy Finance Suffers 442 ETH Loss in an Exploit appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

The Jimbos Protocol, a decentralized finance (DeFi) platform built on the Arbitrum network, has fallen prey to a security exploit. The platform has reportedly lost an estimated $7.3 million as a result of the incident. This unfortunate event occurred on May 28, 2023, and has led to a loss of approximately 4000 ETH, which equates to the aforementioned sum. This information comes courtesy of a report by PeckShield, a blockchain security and data analytics company.

An investigation into the breach reveals that the hacker took advantage of a lack of slippage control in the protocol’s primary contract. This loophole allowed the perpetrator to execute a flash loan, manipulate the value of the platform’s native token, and subsequently pilfer the treasury funds. Post-incident, the value of the native JIMBO token has plummeted by 40%.

The Flash Loan Vulnerability

Flash loans have emerged as a common means for hackers to exploit DeFi platforms. In these scenarios, traders borrow unsecured funds from lenders without needing to provide any collateral. The catch is that the transaction is considered complete only when the borrower repays the lender. If a borrower defaults, the transaction gets canceled and the funds are returned to the lender. This system, while seemingly secure, has proven to be a lucrative loophole for savvy hackers.

Jimbos Protocol’s Road to Recovery

In the wake of this incident, the Jimbos Protocol is exploring the best course of action for recovery. They have engaged with security researchers who previously assisted Euler Finance in recovering $200 million post their exploit. The team has also stated their intention to contact law enforcement if the stolen funds are not returned by the perpetrator.

The DeFi Security Challenge

This incident serves as a stark reminder of the persistent security issues plaguing the DeFi ecosystem. Despite concerted efforts to bolster security, the sector continues to grapple with unauthorized access and security vulnerabilities. Earlier victims of similar exploits include the 0VIX protocol and the privacy-focused protocol Tornado Cash, each suffering considerable losses due to flash loan attacks.

The post Decentralized Finance Platform Jimbos Protocol Suffers $7M Loss Due to Security Exploit appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.