South Korean authorities are facing scrutiny after a tax office mistakenly leaked a cryptocurrency wallet recovery phrase to the public, enabling unknown actors to steal approximately $4.8 million in PRTG tokens.

According to multiple reports, the country’s National Tax Service (NTS) inadvertently made public a document containing the mnemonic phrase tied to a government-controlled crypto wallet. The document was included in a press release issued on February 26, 2026. That phrase, effectively the master key to the wallet, was later used to transfer out the funds.

The incident highlights growing operational risks as governments increasingly seize, store, and manage digital assets.

How the Wallet Was Compromised

At the center of the incident was a crypto wallet holding assets previously confiscated as part of a tax enforcement action. Authorities had reportedly published press materials, including a photo of documentation that included sensitive wallet information.

Among the disclosed details was the wallet’s recovery phrase, a sequence of words that allows full access and control over cryptocurrency holdings. Once exposed, anyone with the phrase could recreate the wallet and move the funds without additional authentication.

Shortly after publication, blockchain data showed transfers from those wallets. At the time of the incident, the total value of the drained assets was estimated at roughly $4.8 million.

Because blockchain transactions are irreversible, the funds cannot simply be retrieved once transferred, unless the recipient voluntarily returns them or law enforcement identifies and freezes the assets on an exchange.

>>> Read more: Inside the I-Soon data leak – China’s Cyber Warfare Tactics

Why Seed Phrase Exposure Is Critical

A crypto wallet’s seed phrase functions differently from a typical password. While many online accounts offer multi-factor authentication or account recovery options, a mnemonic phrase provides direct, unrestricted access to funds.

In practical terms, publishing such a phrase is equivalent to publicly sharing the private keys to a vault containing digital assets.

The South Korean tax office leak underscores how digital asset custody requires different security standards than traditional financial asset management. Unlike bank accounts, crypto wallets do not rely on centralized intermediaries that can reverse unauthorized transfers.

For government agencies handling seized crypto, this presents unique challenges. Secure storage typically involves cold wallets, multi-signature authorization systems, and strict internal access controls. Any lapse, especially public disclosure, can immediately compromise assets.

Accountability and Security Questions

The National Tax Service has reportedly removed the exposed information, but the damage was already done. It remains unclear how long the recovery phrase was accessible before the funds were drained.

The incident raises broader questions about how public institutions manage digital asset evidence. As enforcement agencies around the world increase crypto seizures tied to tax violations, fraud, and other crimes, custody infrastructure becomes a critical operational component.

This accidental leak at the South Korean tax office may prompt reviews of internal procedures governing how confiscated crypto is stored, documented, and disclosed in public records. Even routine transparency measures can carry unintended consequences when they involve digital keys.

So far, there has been no public confirmation that the stolen funds have been recovered. Blockchain analytics may help trace asset movements as of late February 2026, but identifying the individuals behind wallet transfers remains complex unless funds pass through regulated platforms.

>>> Read more: South Korea Crypto Tax Crackdown Targets Cold Wallets

A Broader Signal for Government Crypto Handling

This episode serves as a reminder that digital assets operate under fundamentally different security assumptions than traditional finance. Control of a private key or seed phrase equals control of the funds, without recourse.

For governments that have increasingly positioned themselves as regulators of crypto markets, operational competence in handling seized assets is becoming part of the credibility equation.

As crypto adoption expands globally, public-sector institutions may need to invest more heavily in digital asset security expertise. The consequences of mistakes are immediate and, as this case shows, financially significant.

While investigations may clarify how the exposure occurred, the broader takeaway is already clear: in crypto custody, even a single disclosure can result in irreversible loss.

The post $4.8M Stolen After South Korean Tax Agency Publishes Crypto Recovery Phrase appeared first on CrispyBull.

TL;DR

• USPD lost around $1 million after attackers exploited a misconfigured upgradeable proxy that granted unintended access to treasury functions.
• The team paused the protocol, secured remaining assets, and began a forensic investigation with external security partners.
• The breach highlights recurring risks in DeFi architectures that rely on proxy-based contract upgrades and permissioning.

The USPD stablecoin hack resulted in the loss of roughly $1 million. Attackers exploited a flaw in the project’s proxy deployment architecture. The team confirmed the USPD exploit in a statement on X. They paused the protocol to prevent additional damage and launched a forensic review. Early findings suggest the vulnerability enabled unauthorized access to treasury-level permissions. The attacker drained several assets before the breach was contained.

What Happened

Reports indicate the USPD exploit stemmed from a misconfigured upgradeable proxy. The flaw allowed the attacker to gain control of critical smart contract functions. With this level of access, the malicious actor rerouted funds held by treasury contracts and moved them into external wallets. Assets involved in the $1 million stablecoin hack include USDT, USDC, WBTC, and WETH.

Suspicious activity surfaced shortly before the protocol was halted. Once the breach became clear, USPD disabled affected operations. The goal was to secure remaining reserves and stop further withdrawals. The rapid pause limited additional losses, although the full operational impact is still under review.

The Technical Root Cause

Preliminary analysis indicates a proxy deployment vulnerability in USPD’s architecture. Upgradeable proxy patterns are common in DeFi, yet they demand precise configuration. Missing or incorrect initialization steps can open unintended permission pathways. In this case, the attacker appears to have gained privileged access by exploiting the misconfigured proxy contract. That access enabled interaction with treasury mechanisms that should have remained restricted.

Researchers note that proxy-related weaknesses have contributed to several notable failures in the past. Because proxy contracts sit between user-facing logic and core functionality, even small deployment mistakes can undermine an entire protocol.

USPD’s Emergency Response

The team moved quickly to contain the incident. They froze the affected components of the protocol and secured remaining treasury balances. After confirming the breach, they notified the users. In its public statement, the team described the event as a “stablecoin protocol breach.” They also outlined ongoing cooperation with external auditors, smart-contract specialists, and on-chain investigators.

An on-chain investigation is underway. Early wallet movements have been flagged, and analysts are tracking further transfers across networks. Recovery prospects remain uncertain. The team has not provided a timeline for resuming normal operations.

Broader Implications

The incident joins a growing list of DeFi security breach cases caused by misconfigured proxy contracts. It highlights how architectural oversights can produce significant consequences, especially for stablecoin projects. These systems depend on predictable collateral management, so even small vulnerabilities can damage user trust. Smaller stablecoin projects that rely on complex upgrade paths may face heightened scrutiny after the USPD hack.

>>> Read more: Elixir deUSD Collapse Exposes Synthetic Stablecoin Risk

What Comes Next

USPD plans to share more information once its review concludes. For now, the protocol remains paused while the team evaluates structural fixes and long-term security measures. The USPD stablecoin hack underscores the need for rigorous audits of proxy deployments and shows how overlooked technical details can expose entire systems in fast-moving DeFi environments.

The post USPD Stablecoin Protocol Hit by $1M Exploit After Proxy Deployment Failure appeared first on CrispyBull.

• Upbit suffered a ₩54B ($37M) Solana hot-wallet breach, forcing an immediate halt to Solana deposits and withdrawals.
• The incident hit hours after Naver announced its acquisition of Dunamu, overshadowing one of Korea’s biggest digital-asset deals.
• Upbit says it will fully reimburse all user losses, while regulators intensify scrutiny amid an already tense compliance environment.

South Korea’s largest crypto exchange, Upbit, halted Solana deposits and withdrawals on Wednesday after detecting unauthorized transactions draining roughly ₩54 billion (about $37 million) from one of its operational wallets. The Upbit hack, which the exchange described as an “abnormal withdrawal activity” incident, forced the immediate freeze of Solana-network services. It also triggered a wider migration of assets into cold storage.

The breach landed at a highly sensitive moment. Just hours earlier, Naver Financial announced a stock-swap acquisition of Dunamu, Upbit’s parent company. The deal would fold South Korea’s largest crypto platform into one of the country’s most powerful tech conglomerates. Instead of dominating the news cycle, the merger was eclipsed by the exchange’s latest security failure.

A Hot-Wallet Breach Limited to Solana Assets

Upbit said the incident was contained to a single Solana hot wallet. The wallet handled daily operational flows such as customer withdrawals. The exchange confirmed that it immediately transferred all remaining Solana tokens from the wallet to cold storage after detecting the breach.

A preliminary review shows that the attackers siphoned off a wide mix of assets. These included majors like SOL and USDC, ecosystem tokens such as JUP, RAY, RENDER, ORCA and PYTH, and high-volume memecoins that trade heavily on Korean exchanges. Among them were BONK, TRUMP, MOODENG and smaller Solana-native tokens. The list aligns with on-chain tracking performed by multiple analytics firms. It also reflects user queries about which tokens were stolen in the Upbit hack.

Upbit stressed that no other networks were affected. It also said the intrusion did not compromise cold wallets, which hold the majority of customer and corporate assets.

Operational Freeze and User Assurances

Within minutes of identifying the breach, Upbit initiated a full suspension of Solana withdrawals. It also disabled deposits for all Solana-based tokens. The company moved remaining assets from its Solana hot wallet into cold storage and began working with blockchain forensics teams and Korean authorities. Investigators are now tracing the stolen funds. Early indications suggest that portions of the tokens have already been flagged or frozen on-chain.

Most critically for customers, the exchange said it will fully cover the loss using corporate reserves. Upbit emphasized that the incident will not affect user balances and also confirmed that it has reconciled all accounting for the $37M Solana breach.

This assurance is essential for South Korean users, who rely heavily on local exchanges due to the country’s closed capital system rules. Earlier exchange failures in the region, particularly during the 2022–2023 restructuring cycle, have made users wary of platform risk.

A Corporate Megadeal Collides With a Security Crisis

The most damaging aspect of the breach may not be the loss itself. Its proximity to one of the biggest corporate moves in the Korean fintech and digital-asset sector is more significant. The Naver–Dunamu merger, executed via a multibillion-dollar stock swap, aims to position Naver as a major player in blockchain infrastructure, digital identity, tokenization and AI-driven financial services.

Instead of celebrating a milestone that would make Upbit part of the Naver ecosystem, headlines quickly shifted to a security lapse at the very exchange Naver is acquiring. In a country where tech conglomerates shape national strategy, the optics were severe. Hours after one of Korea’s most influential companies announced its entry into digital assets through a high-profile merger, the centerpiece of that acquisition suffered a hot-wallet breach.

The episode complicates Naver’s narrative. The merger was designed to project institutional scale and stability. It was also intended to demonstrate readiness for regulated Web3 services. Instead, the breach revived concerns about operational vulnerabilities.

Six Years After the 2019 Upbit Hack, History Echoes

The incident also revives uncomfortable memories of the 2019 attack on Upbit. In that event, hackers stole 342,000 ETH from the exchange’s hot wallet, worth roughly ₩58 billion at the time. Korean authorities later attributed the breach to North Korea–linked groups.

There is no evidence or attribution yet for the current attack. Even so, the recurrence, ie, similar month, similar wallet tier, similar operational vectors, adds symbolic weight. Korean media quickly noted the six-year parallel. They also pointed out that the new breach arrives just as Upbit is being absorbed into a larger corporate structure.

Regulators Were Already Watching Closely

The timing intersects with an already tense regulatory environment. Upbit recently received a fine from Korea’s FIU and a temporary three-month ban on onboarding new users. The enforcement campaign aims to tighten domestic compliance frameworks. Regulators have also been vocal about hot-wallet risk, exchange liquidity transparency and the need for real-time monitoring tools.

The new incident will likely accelerate discussions over how Korea will regulate exchanges after the Upbit hack. Lawmakers could consider stricter caps on hot-wallet balances and mandatory cyber-insurance requirements. They may also push for expanded oversight of operational security practices. With the incoming Naver–Dunamu consolidation, regulators are likely to ask how the merged entity plans to enforce safety across a larger financial ecosystem.

Market Reaction: Contained and Exchange-Specific

Despite the size of the loss, market reaction across the Solana ecosystem remained contained. SOL traded within a narrow band following the news. The SOL price reaction was muted for an event involving a top Asian exchange.

Memecoins such as BONK, TRUMP and MOODENG saw brief intraday swings. They avoided the kind of cascading sell-offs associated with protocol-level failures. Analysts noted that the impact of Upbit hack on the Solana ecosystem was minimal because the event was clearly exchange-specific. It did not indicate an issue with Solana’s consensus or security model.

This decoupling reflects a growing maturity in crypto markets. Investors increasingly distinguish between operational risks at centralized exchanges and vulnerabilities within blockchain networks.

>>> Read more: Balancer Hack 2025: $128M Exploit Hits DeFi Forks

What Comes Next

Upbit says it will restore Solana transactions once security reviews are complete. It has not provided a specific timeline. Investigators are tracing the stolen funds across multiple addresses. Korean authorities are conducting a formal review of Upbit’s systems and incident response procedures.

Naver now faces an early stress test of an acquisition meant to expand its presence in digital finance and Web3 infrastructure. Regulators, meanwhile, are likely to treat the incident as a catalyst for tighter oversight. And users will ultimately judge Upbit on one metric only: whether the exchange fully compensates every loss.

The merger may reshape Korea’s digital-asset landscape. Even so, the timing of this breach ensures that the road to integration begins under scrutiny rather than celebration.

The post Upbit Hack Overshadows Naver’s Acquisition of Dunamu as ₩54B Solana Breach Halts Transfers appeared first on CrispyBull.

The Multisig Breach That Sparked It All

UXLINK, a Web3 social protocol, experienced a collapse of its governance system when attackers compromised its multisig wallet. This enabled them to mint more than $2 billion worth of CRUX tokens, far exceeding the project’s intended supply. While the headline number shocked the industry, analysts estimate the actual realized losses were closer to $11–48 million, depending on token liquidity and sell-offs.

Market Fallout and Exchange Warnings

The market reaction was swift. The UXLINK token price fell by over 70%, wiping out months of gains. Major exchanges such as Upbit issued trading warnings, and others flagged the project as high-risk to protect users. Confidence in UXLINK evaporated overnight. As a result, discussions quickly shifted from concern to skepticism over whether the project could recover.

>>> Read more: GMX Hack: Attacker Returns $37M in Deal After $42M Exploit

The Twist: Hacker Becomes the Hacked

If the exploit wasn’t strange enough, the attacker soon faced an even stranger twist. In what many called crypto karma, the wallet that drained UXLINK later fell victim to a phishing attack. A large portion of the stolen tokens disappeared.

The irony hasn’t gone unnoticed. Lookonchain commented: “Interestingly, the hacker who attacked $UXLINK was targeted by a phishing attack and lost 542M $UXLINK($48M).”

Community reaction was swift and merciless. Memes flooded social media, mocking both UXLINK’s flawed defenses and the hacker’s own lack of awareness. What began as one of the largest minting exploits in recent memory turned into a comedy of errors.

Lessons From the Chaos

The UXLINK breach highlights deeper problems in the DeFi security landscape. Multisig wallets, long seen as safeguards against unilateral exploits, once again proved vulnerable to poor governance and errors. At the same time, the fact that even the hacker fell for basic phishing tactics shows how trust in Web3 systems remains fragile. For investors, the message is clear: no protocol is too big, too decentralized, or too well-funded to avoid catastrophic mistakes.

>>> Read more: August 2025 Crypto Hacks: $163M Lost

The UXLINK hack will be remembered not just for the billions in tokens minted or the millions in market losses. It will also be remembered for the sheer absurdity of its aftermath. In the end, both the project and the attacker lost — one to compromised governance, the other to a scam as old as the internet. The episode is a stark reminder that in crypto, the line between victim and villain can blur faster than the market can crash.

The post UXLINK Hacker Gets Hacked: $2B Token Minting Scandal Takes a Bizarre Turn appeared first on CrispyBull.

Background: What Is Venus Protocol?

Venus Protocol is a leading lending and borrowing platform on the BNB Chain. It allows users to deposit collateral and borrow assets in return. With billions of dollars in transaction volume, Venus has long been a cornerstone of Binance’s DeFi ecosystem. Its sudden shutdown following the Venus Protocol hack shows that even established platforms remain vulnerable.

The $27 Million Incident

The breach occurred on September 2, 2025. An attacker siphoned roughly $27 million in assets. Security firm Cyvers confirmed abnormal activity that drained the whale’s wallet. After the attack, Venus Protocol halted operations to prevent further losses. The decision sparked concern among investors and traders who relied on the platform.

Conflicting Explanations: Phishing or Exploit?

The leading explanation points to a phishing scam. A whale may have been tricked into signing malicious transactions that gave attackers access to funds. This type of attack has become increasingly common across DeFi.

Not all reports agree. Some outlets suggested the incident may have involved a smart contract compromise. Others, citing Cyvers’ analysis, pointed to a possible user mistake. One trader reportedly lost close to $30 million in a mishandled transaction.

The contradictory accounts leave open the possibility that the Venus Protocol phishing story is only part of a broader vulnerability.

Platform Response

In response to the BNB Chain hack, Venus Protocol suspended deposits and withdrawals. The team has not confirmed the exact cause of the breach. However, it promised to strengthen protections and restore user confidence. For now, activity on the platform remains frozen.

Wider Lessons for DeFi Security

The Venus Protocol hack highlights the overlapping risks in decentralized finance:

• DeFi exploits that target code flaws.
• Phishing attacks that trick users into handing over access.
• Human error when managing private keys or approvals.

DeFi platforms cannot rely only on audited smart contracts. User education, stronger wallet safeguards, and layered defense systems are just as critical. As the sector grows, ongoing DeFi security risks continue to erode trust and pressure the industry to improve standards.

>>> Read more: August 2025 Crypto Hacks: $163M Lost

The Venus Protocol hack caused a $27 million loss and forced one of BNB Chain’s largest DeFi platforms to suspend activity. A phishing scam appears to be the most likely cause. Yet speculation about a smart contract compromise or trader error shows how murky crypto forensics can be. Regardless of the root cause, the outcome is the same: another major blow to DeFi credibility and another reminder that the sector urgently needs stronger defenses.

The post Venus Protocol Hack Forces Platform Suspension After $27M Phishing Scam on BNB Chain appeared first on CrispyBull.

What Happened

The Bunni hack began when attackers found a flaw in the way Bunni’s contracts handled precision in token calculations. By manipulating the bug, they drained stablecoin liquidity pools and destabilized the protocol.

Reports on the total losses vary, with estimates ranging from about $2.3 million in stablecoins to as high as $8 million. The difference depends on whether calculations include losses across both Ethereum and the Unichain exploit.

Why the Precision Bug Matters

The attack centered on a precision bug that skewed token calculations. In DeFi, where smart contracts manage billions of dollars, even a small error can create major risks.

This is not the first time smart contract vulnerabilities, tied to math or decimal handling, have caused losses. Past incidents include overflow errors and decimal mismanagement. These mistakes show how precision issues can trigger systemic failures. The Bunni case now ranks alongside other Uniswap v4 hack concerns. It raises doubts about whether the new architecture has been tested enough.

Impact on Bunni and Its Users

For Bunni’s liquidity providers, the fallout is severe. The Bunni Uniswap exploit drained stablecoins and tokens from pools. Providers now face unrecoverable losses.

At the time of reporting, official updates from the Bunni team remain limited. There is still no clear path to reimbursement. For individual users, the incident proves again that funds locked in unaudited or lightly tested protocols carry high risk.

Security Lessons for DeFi

The Bunni case highlights broader DeFi security risks linked to deploying on experimental infrastructure like Uniswap v4 hooks. Hooks expand the flexibility of decentralized exchanges. But their novelty also increases the chance of overlooked smart contract vulnerabilities.

Experts argue that more rigorous audits and stronger verification methods are needed. Live testing environments would help developers find flaws before launch. The Ethereum DeFi hack reinforces the urgency of raising standards across the ecosystem.

Market and Ecosystem Reactions

The $8M DeFi hack has fueled new doubts about Uniswap’s v4 framework. Some projects may delay adoption of hooks, fearing similar attacks.

At the same time, the incident adds to a growing list of exploits targeting early-stage protocols. Developers and investors alike are now asking if DeFi innovation is moving faster than the industry can secure it.

>>> Read more: Uniswap Hits $3T – A Big Moment for DeFi

The Bunni hack is a textbook reminder that precision matters in DeFi. A small coding flaw in a Uniswap v4 hook created millions in stolen assets. Liquidity providers and developers are now left to deal with the aftermath.

As the sector continues to evolve, stronger audits, better testing, and greater caution will be essential. Only then can DeFi withstand the constant threat of exploitation.

The post Uniswap v4 Hook Bunni Hack: Precision Bug Exposes $8M in Vulnerabilities appeared first on CrispyBull.

August Crypto Hacks 2025: Breakdown of Major Incidents

The single biggest theft in August involved 783 BTC, worth $91 million, stolen via a support impersonation scam. The attackers tricked victims into handing over wallet access and quickly laundered the funds through Wasabi. The scale of this Bitcoin heist makes it one of the largest individual thefts of the year so far.

The month also saw a major crypto exchange hack at BtcTurk, which lost between $48 million and $50 million in a multi-chain hot-wallet breach. The exchange briefly suspended withdrawals and deposits following the incident. The case reminded investors that even large exchanges remain exposed.

• Odin.fun: ~$7M liquidity pool exploit.
• BetterBank.io: ~$5M reward mint manipulation.
• CrediX Finance: ~$4.5M drained before the team vanished, raising suspicions of an exit scam.

Together, these cases paint a picture of crypto hack statistics where no corner of the industry, DeFi protocols, centralized exchanges, or retail users, is safe.

>>> Read more: BtcTurk Cyberattack June 2024 Reveals Critical Weaknesses

Phishing Scams and the Human Factor

While smart contract audits and DeFi security have improved, attackers are shifting their efforts toward crypto phishing scams. The $91M Bitcoin hack was not the result of a technical vulnerability. It was a carefully orchestrated social engineering play.

This reflects a broader industry weakness: the human layer is now the weakest link. Code is stronger than ever. People are not. Fake support agents, phishing websites, and malicious signature requests are now more effective than contract exploits. The data suggests that user education and operational security are just as critical as code reviews.

Exchange Risks Back in the Spotlight

The BtcTurk hack in August 2025 underscores the lingering risks of crypto exchanges being hacked. Centralized exchanges hold large amounts of user funds in hot wallets. This creates single points of failure.

Unlike DeFi exploits, which are often visible and dissected by the community in real time, exchange breaches tend to be opaque. Public details are scarce, and responses are often delayed. For traders and investors, the renewed wave of CEX hacks is a reminder that custody choices matter as much as market conditions.

The Bigger Picture: Crypto Hack Statistics 2025

The losses in August bring the 2025 year-to-date tally to around $2.47 billion, already surpassing 2024 totals. Reports from CertiK and Infosecurity confirm that phishing, insider threats, and North Korea crypto hacks are fueling the 2025 surge.

Another alarming trend is the speed of laundering. Security firms note that stolen funds can be moved and hidden in under three minutes. That speed makes it nearly impossible for exchanges or investigators to react in time.

Overall, this year’s crypto hack statistics reveal a clear trend: fewer smart contract bugs, more behavioral exploitation, and centralized vulnerabilities.

>>> Read more: How Blockchain Fights Deepfake Scams in Crypto and Media

Looking ahead, the risks are unlikely to subside. Security analysts warn that crypto phishing scams could escalate further in the remainder of 2025 as attackers refine their tactics. Analysts also expect fresh attacks on bridges and exchanges.

Hackers will retain the upper hand unless the industry strengthens user education, automates incident response, and improves AML controls.

The message from August is clear: crypto hacks in 2025 were driven less by broken code and more by broken trust. With nearly $2.5B already lost this year, the industry faces a race to adapt faster than its adversaries.

The post Crypto Hacks in August 2025: $163M Stolen as Phishing Scams Rise appeared first on CrispyBull.

Only in August 2025 did the UK Treasury’s Office of Financial Sanctions Implementation (OFSI) formally attribute the theft to North Korea’s Lazarus Group. The prolonged delay highlights the complexity of crypto laundering and why it is often slow and contentious to attribute these hacks when state-sponsored actors are involved.

The Laundering Playbook: How Lazarus Hid the Trail

The Lazarus Group is infamous for moving stolen digital assets through a web of crypto laundering channels. The Lykke case showed how sophisticated these tactics have become:

• Token conversions: Ethereum from the hack was swapped into DAI stablecoins using decentralized finance (DeFi) protocols.
• Wallet splitting: Bitcoin was dispersed across multiple wallets to scatter traces and break up transaction flows.
• Crypto mixers: The group relied on services such as Tornado Cash, which remain central to their laundering strategy despite sanctions.
• Decentralized exchanges laundering: Without a central authority, DEX platforms provided another layer of obfuscation, making forensic tracking far more difficult.

Whitestream analysts eventually reconstructed the flows. They discovered that the stolen funds had passed through entities notorious for ignoring anti-money-laundering controls. This confirmed long-held suspicions about Lazarus’ tactics.

>>> Read more: How North Korea Steals Crypto

Why Attribution Took Over a Year

Attributing a Lazarus crypto hack is not as simple as following the money. In the case of the Lykke hack, several factors dragged the process out:

• Forensic complexity: Multi-hop transfers, cross-chain swaps, and mixer use obscured patterns that investigators had to painstakingly reconstruct.
• International coordination: Attributing the hack required the UK Treasury to collaborate with external forensic firms and international agencies, ensuring the claim could stand up to scrutiny.
• Independent verification: OFSI waited until Whitestream and other analysts confirmed the laundering methods before going public.
• Skepticism in cybersecurity circles: Some experts argued the evidence was not conclusive, pushing regulators to hold off until they built a stronger case.

This caution reflects the stakes. Accusing a nation-state group like the Lazarus Group has political as well as legal consequences. It also shows why attributing these incidents remains one of the hardest challenges in digital forensics.

Legal Fallout: Collapse and Claims

The Lykke exchange collapse illustrates the devastating ripple effects of crypto hacks. By March 2025, more than 70 users had filed claims totaling about £5.7 million. The courts ordered Lykke into liquidation, appointing Interpath Advisory to manage any asset recovery.

Founder Richard Olsen declared bankruptcy in January 2025 and is under criminal investigation in Switzerland related to the platform’s downfall. Customers, meanwhile, have to wait in line with little chance of full reimbursement.

Broader Implications

The Lykke case highlights the widening gap between sophisticated crypto hacks and the regulatory protections available to smaller exchanges. It underscores three key lessons:

1. Crypto laundering tactics are evolving faster than compliance systems. Crypto mixers, token swaps, and DEXs make it harder to trace funds in real time.
2. Attributing hacks is slow by necessity. To avoid missteps, regulators require corroboration across multiple investigative bodies.
3. Victims often pay the price. By the time attribution is made, platforms like Lykke are already defunct, and customer losses remain unresolved.

>>> Read more: North Korea Crypto Hackers Undermine the Crypto Ecosystem

The Lykke hack shows that in the contest between crypto criminals and regulators, time favors the attacker. The Lazarus Group successfully laundered millions and avoided attribution for more than a year, buying cover through a maze of wallets, mixers, and decentralized exchanges. By the time investigators caught up, the Lykke exchange had already collapsed, destroying customer trust and wiping out the platform.

For regulators, exchanges, and users, the message is clear: securing digital assets requires not just stronger defenses. It requires faster, globally coordinated responses to hacks. Otherwise, groups like Lazarus will continue to exploit the lag between theft and accountability.

For victims, time is money — and in crypto, both can vanish overnight.

The post Why It Took a Year to Pin the Lykke Hack on Lazarus Group appeared first on CrispyBull.

What Happened in the BigONE Hack?

According to official statements from BigONE, the supply chain attack occurred in mid-July 2025. The hackers leveraged weaknesses within a third-party service connected to BigONE’s systems, ultimately breaching its hot wallet security. The attackers made off with a mix of major cryptocurrencies, including Bitcoin (BTC), Ethereum (ETH), Tether (USDT), Solana (SOL), and Tron (TRX).

BigONE promptly disclosed the breach and confirmed that it would fully compensate users for their losses. This swift response aims to mitigate reputational damage and maintain user trust in the wake of the crypto exchange’s security lapse.

>>> Read more: CertiK May Report: Social Engineering Drives 2025 Crypto Losses

Why Crypto Exchange Security Remains Vulnerable

The BigONE hack is not an isolated event but rather part of a broader pattern of exchange vulnerabilities in 2025. As platforms expand their integrations and adopt more complex operational frameworks, they expose themselves to new types of risks, particularly crypto supply chain exploits that leverage trusted but insecure third-party services.

Hot wallets remain a favored attack vector for security breaches due to the always-on nature of these wallets. They are more accessible to cybercriminals than cold storage solutions. This incident reinforces warnings from cybersecurity experts about the persistent dangers lurking in the crypto infrastructure’s weakest links.

How Supply Chain Attacks Exploit Hot Wallet Security

Supply chain attacks in crypto often target exchanges indirectly, breaching ancillary services to gain access to critical systems. In BigONE’s case, the attackers circumvented direct security measures by exploiting vulnerabilities within trusted integrations. That’s a growing trend among sophisticated threat actors.

Such breaches highlight systemic risks tied to blockchain security, where even robust defenses can be undermined through third-party weaknesses. Industry analysts warn that unless crypto exchanges reassess their reliance on interconnected services, more incidents like the BigONE hack are likely.

Industry Reactions to the BigONE Security Breach

The BigONE hack has drawn concern from across the crypto community, prompting renewed calls for exchanges to bolster security. Analysts emphasize the need for more rigorous security audits, enhanced monitoring of third-party integrations, and better risk management practices to combat cryptocurrency theft.

While some regulatory observers see this incident as evidence of the sector’s growing pains, others stress the importance of transparency and user protection. BigONE’s immediate pledge to compensate users has been well-received, contrasting with slower or less forthcoming responses seen in prior exchange breaches.

Crypto Market Resilience Despite the Latest Cryptocurrency Hack

Interestingly, the broader market has shown resilience following this BigONE hack. While past breaches triggered market-wide sell-offs, major assets like Bitcoin and Ethereum held steady. Analysts attribute this stability to increased market maturity and investor confidence in established assets, despite recurring crypto exchange security failures.

This tempered reaction suggests that, though still a concern, security breaches no longer provoke panic among seasoned traders and institutional participants.

>>> Read more: GMX Hack: Attacker Returns $37M in Deal After $42M Exploit

The BigONE hack underscores the ongoing challenges facing crypto exchange security, particularly as supply chain attacks become more prevalent and sophisticated. Despite user compensation promises and robust incident responses, the event reveals critical weaknesses. Exchanges must address these to safeguard user assets.

For users and investors alike, this latest cryptocurrency exchange hack serves as a stark reminder of the importance of understanding custodial risks and the necessity for continued vigilance in an industry still grappling with security maturity.

The post BigONE Hack Exposes $27M Security Breach in New Wave of Supply Chain Attacks appeared first on CrispyBull.

The Hack: How GMX Was Exploited

The GMX exploit took place earlier this week, targeting the decentralized perpetual exchange’s smart contract systems. The attacker exploited an oracle manipulation vulnerability, which allowed them to drain liquidity pools and manipulate pricing mechanisms. Over $42 million in various crypto assets were siphoned off before GMX was able to freeze key operations and contain the damage.

Security researchers later confirmed that flaws in the contract design and oracle integration were at the core of the breach. Similar issues have plagued multiple decentralized exchange hacks across the DeFi sector.

Hacker Turns White-Hat in $5M Bounty Deal

In a rare case of post-exploit diplomacy, the GMX hacker entered into communication with the protocol’s development team. He agreed to return $37 million worth of assets. In exchange, they were allowed to keep $5 million as part of a formal white-hat bounty deal. Such deals are controversial, but an increasingly common method of mitigating damage in DeFi exploits.

The GMX community largely supported the move, framing it as a pragmatic response in the absence of legal recourse in decentralized systems. The deal follows similar arrangements seen in the Euler, Curve, and Mango protocol breaches over the past year.

Tracing the Funds: 11,700 ETH in Motion

Blockchain analysts traced the stolen funds as they were converted into 11,700 ETH, distributed across multiple wallets. These movements triggered initial fears of asset laundering. However, soon after, the hacker returned the funds in a series of on-chain transactions, likely to wallets under the GMX team’s control.

On one hand, this act salvaged a significant portion of user and protocol funds. But it also showcased the role that crypto bounty negotiations can play in resolving high-stakes breaches without external enforcement mechanisms.

>>> Read more: CertiK May Report: Social Engineering Drives 2025 Crypto Losses

DeFi Security in the Spotlight

Despite the recovery, the incident casts a long shadow over the current state of DeFi security. The GMX exploit exposed once again how smart contract vulnerabilities and poorly protected oracle systems remain favorite targets for malicious actors. Security experts have warned that relying on ad hoc bounty settlements creates a dangerous precedent. They fear future hackers may view exploits as a negotiation tactic rather than a punishable offense.

The GMX hack also raised questions about the adequacy of protocol audits and the limitations of permissionless financial infrastructure.

GMX Token Rebounds on Return News

Initially, the breach sent shockwaves through the market. The swift return of funds and the publicized bounty deal then sparked a strong market reaction. The GMX token surged by over 16% within hours of the announcement, regaining much of the value lost during the panic. Analysts noted increased trading volume and renewed investor confidence, driven largely by the transparency of the team’s communication and the speed of the resolution.

This GMX price surge also signals a growing investor tolerance for DeFi volatility, provided incidents are resolved in favor of user funds.

Lessons Learned and Protocol Response

Following the exploit and resolution, the GMX team announced plans for a comprehensive protocol upgrade, including tighter oracle protections and third-party audits. Community members have also proposed the formalization of a structured DeFi attack response framework, possibly including pre-defined bounty tiers and third-party mediators.

While the GMX hack ended on a relatively positive note, it underscores the need for systemic change. As DeFi governance evolves, the sector must move beyond reactive measures and toward preventative architectures.

>>> Read more: Coinbase Data Breach: $20M Bounty After Ransom Demand

The GMX hack and its unexpected reversal are a defining moment in the evolving dynamics of decentralized finance. A white-hat hacker reversing a multimillion-dollar theft in exchange for a bounty may seem like a win. However, it also spotlights the fragility of the system. With the GMX token rebounding and the protocol poised for reform, the crypto world now grapples with a key question: Can DeFi scale on the back of trust, negotiation, and goodwill, or does it need new rules?

The post GMX Hacker Returns $37M in White-Hat Deal: Token Surges After $42M Exploit appeared first on CrispyBull.