News
15 May 2026, 17:17
$10M THORChain Exploit Triggers Network-Wide Emergency Security Response to Halt Attacks

Cross-chain liquidity protocol THORChain has just faced a major exploit, with early reports suggesting over $10m in digital assets lost. All incomes from the breach were withdrawn across blockchains-Bitcoin, Ethereum, BNB Chain, Base. The exploit was first revealed to blockchain security analysts through a PeckShield alert and then confirmed by THORChain in its own subsequent protocol update. #PeckShieldAlert @THORChain has been exploited for ~$10M worth of crypto, including 36.75 $BTC ($3M) and ~$7M worth of assets from #BNBChain , #Ethereum , and #Base . The stolen funds mainly sit in: bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37… pic.twitter.com/mhWIWueVPK — PeckShieldAlert (@PeckShieldAlert) May 15, 2026 Independent investigator ZachXBT also issued a warning, via a ZachXBT alert, adding that total losses might exceed the original estimates. However, while this continues to be a fast-moving, fluid situation, early reports suggest users and funds were not directly at risk – which has been positive in terms of keeping community confidence from cratering straight after. Can tell because they did not check the numbers themselves / chains listed. I finished accounting again now and it looks to be $10M+ stolen at least. — ZachXBT (@zachxbt) May 15, 2026 Exploit Targets Asgard Vault Infrastructure Initial investigation suggests a compromise of one of the core infrastructure components within THORChain, specifically Asgard vault. Together, these vaults are managed by node operators to store and provide cross-chain liquidity across the network. Which points to one of their six Asgard vaults being breached allowing outbound transactions. The attacker allegedly siphoned off an estimated 36.75 BTC worth around $3 million and approximately $7 million in assets between Ethereum, BNB Chain and Base. The cross-chain dimension of the exploit speaks to how complicated THORChain architecture is. While this aspect of interoperability is important, it also increases the attack surface to any potential weaknesses that may reveal themselves as it allows for easy swapping of assets between different blockchains. Despite the massive scale of the exploit, the protocol has stressed that most of these assets were owned by the protocol and not user deposits. This difference is important because it suggests liquidity providers and traders may have been protected from loss of capital. Important Announcement Trading on THORChain is currently halted after a vault was compromised. Initial indications are user funds are safe and only protocol owned funds are affected. The network automatically detected abnormal behavior and halted signing activity, which alerted… — THORChain (@THORChain) May 15, 2026 Automatic Safety Systems Minimize Impact One prominent feature of the incident was real-time response from the network. The current integrated security mechanisms in THORChain spotted deficiencies and stopped signing, ceasing more unauthorized transactions from getting broadcasted. The automated intervention activated the alert across all markets, leading to an immediate halt of trading. The protocol was able to contain the damage and prevent further exploitation by stopping the process quickly. Their defensive measures highlight the importance of decentralized security design. THORChain’s system does not rely primarily on manual reactions but instead it autonomously detects and responds to threats, which was also key in this case.In addition to the trading freeze, churn activity, the standard process for rotating node operators and reallocating responsibilities, was paused in an effort by developers to maintain system stability while investigating the source of the breach. Node Operator at Risk of Slashing and Security Audit The exploit also had an economic impact on node operators associated with the exploited vault. The arrangement means nodes are required to bond the RUNE tokens as collateral under THORChain’s security model, losing more or all of their staked funds if an unauthorized transaction occurs. As a result, the bonded RUNE of nodes linked to the compromised vault was cut, demonstrating that the protocol is keen on holding its participants accountable and ensuring their risks are shared by all. This method of slashing is carried out in order to allow for security best practices and avoid negligence. In the wake of the event, THORChain has urged all node operators to conduct urgent reviews of their infrastructure, from host environments and key management processes, to broader operational security protocols. Operators linked to the affected vault were specifically requested by the team to give Bifrost logs. These logs should be useful in identifying the attack vector and informing remedial measures to prevent reinfection. The importance of transparency and cooperation is in line with the decentralized nature of the network, which approaches security as a group responsibility. Network Stability Takes Precedence, Ongoing Investigation Investigation is still ongoing to ascertain the root cause of the exploit. The developers and contributors are still investigating the breach, with more updates coming as the details unfold. At the same time, a few of the network functions were suspended for some while. The onboarding of additional chains has been called off and processes related to churn are still on hold to ensure system integrity. Despite such interruptions, THORChain has sought to assure users that key functionalities will go back online when the safety of the chain is guaranteed. The focus is on addressing all the vulnerabilities before normal operation resumes. In particular, early evaluations reveal that although the hack influenced protocol-level components targeted by numerous individual user swaps remain safe. Wider Implications for Cross-Chain Security in DeFi This THORChain exploit is an extreme example of the hurdles faced by cross-chain DeFi systems. Although interoperability can unlock significant value, it also creates complex security challenges. With growing activity across many blockchains, the need for better security architecture becomes apparent. Collectively, automated detection tools, economic deterrents and coordinated incident response frameworks comprise the foundational components needed to create resilient ecosystems. The next few weeks will be crucial for THORChain. With successful resolution of the breach and bolstering protocol safeguards thereafter, confidence could be restored. On the other hand, if you do not patch underlying vulnerabilities, all concerns surrounding cross-chain liquidity networks will linger. With the investigation underway, eyes will be firmly fixed on what happens next, and not just for answers only the crash can provide, but also so lessons might be learned which may influence the future of decentralized financial infrastructure. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
15 May 2026, 16:30
Lombard Adopts Chainlink CCIP as Cross-Chain Standard, Replacing LayerZero After Security Review

BitcoinWorld Lombard Adopts Chainlink CCIP as Cross-Chain Standard, Replacing LayerZero After Security Review Lombard, a Bitcoin-based financial infrastructure platform known for its BARD token, has officially adopted Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its primary cross-chain standard, replacing LayerZero. The decision, first reported by CoinDesk, follows a broader industry reassessment of cross-chain security after the Kelp DAO rsETH hack exposed vulnerabilities in LayerZero’s bridge infrastructure. Why Lombard Made the Switch Lombard’s move is rooted in growing concerns about the security of cross-chain messaging protocols. The Kelp DAO incident, in which an attacker exploited a LayerZero bridge to drain approximately $200,000 worth of rsETH, served as a catalyst for the review. Lombard’s team determined that Chainlink’s CCIP offered a more robust security architecture, including decentralized oracle networks and multiple layers of validation that reduce the risk of single points of failure. Chainlink CCIP is designed to provide end-to-end security for cross-chain transfers, using a combination of off-chain oracle nodes and on-chain verification. This layered approach contrasts with LayerZero’s reliance on a single relayer and oracle model, which critics argue introduces trust assumptions that can be exploited in certain configurations. Industry Implications Lombard’s decision reflects a wider trend among DeFi protocols reassessing their cross-chain dependencies. The Kelp DAO hack, while relatively small in scale compared to other exploits, highlighted a structural weakness in the LayerZero ecosystem: the ability for a compromised relayer to manipulate messages between chains. This has prompted several other protocols to explore alternatives or implement additional security measures. Chainlink CCIP, which launched in early 2023, has been gaining traction among institutional and retail DeFi platforms seeking a more battle-tested interoperability solution. The protocol supports multiple blockchain networks, including Ethereum, Avalanche, and Polygon, and has undergone extensive security audits from firms like Trail of Bits and Sigma Prime. What This Means for Users For Lombard users, the transition to Chainlink CCIP is expected to be seamless. The platform has assured users that all existing cross-chain functionality will remain operational during the migration. The primary benefit is enhanced security: CCIP’s decentralized validation model means that even if one node is compromised, the network can still verify the integrity of cross-chain messages. This change also positions Lombard more favorably for future institutional partnerships, as Chainlink’s reputation and track record in the oracle space provide a stronger compliance and risk management profile. Conclusion Lombard’s adoption of Chainlink CCIP over LayerZero is a significant endorsement of Chainlink’s security model and a clear signal that the DeFi industry is prioritizing robust cross-chain infrastructure. As cross-chain activity continues to grow, protocols that prioritize security over convenience are likely to gain a competitive advantage. Lombard’s decision, while influenced by a specific security incident, reflects a maturing market that demands higher standards for interoperability. FAQs Q1: Why did Lombard replace LayerZero with Chainlink CCIP? Lombard made the switch after a security review prompted by the Kelp DAO rsETH hack, which exploited a LayerZero bridge. Chainlink CCIP was chosen for its more robust decentralized security architecture. Q2: What is Chainlink CCIP? Chainlink CCIP (Cross-Chain Interoperability Protocol) is a decentralized protocol for secure messaging and token transfers between different blockchain networks. It uses multiple oracle nodes and on-chain verification to ensure message integrity. Q3: Will this change affect Lombard users? Lombard has stated that the migration to Chainlink CCIP will be seamless for users, with no interruption to cross-chain functionality. The change is expected to improve security without affecting user experience. This post Lombard Adopts Chainlink CCIP as Cross-Chain Standard, Replacing LayerZero After Security Review first appeared on BitcoinWorld .
15 May 2026, 16:25
Amundi and Spiko Finance to Launch Regulated UCITS Fund on Solana

BitcoinWorld Amundi and Spiko Finance to Launch Regulated UCITS Fund on Solana Amundi, Europe’s largest asset manager by assets under management, has confirmed plans to launch a UCITS-compliant fund on the Solana blockchain in partnership with Spiko Finance. The announcement, made via Solana’s official X account, signals a significant step toward institutional adoption of decentralized finance (DeFi) infrastructure. What the Partnership Entails The UCITS (Undertakings for Collective Investment in Transferable Securities) framework is a strict regulatory standard for investment funds sold across the European Union. By bringing such a fund onto Solana, Amundi and Spiko Finance aim to combine the liquidity and investor protections of traditional finance with the efficiency and transparency of blockchain settlement. Spiko Finance, a platform focused on tokenizing real-world assets, will provide the technical infrastructure to issue and manage the fund on-chain. Solana’s high throughput and low transaction costs make it a practical choice for handling the frequent subscriptions and redemptions typical of UCITS funds. Why This Matters for Institutional Crypto Adoption This development represents a concrete bridge between regulated finance and public blockchains. Unlike many crypto-native products that operate outside traditional oversight, a UCITS fund on Solana would be subject to European securities law, offering investors familiar protections. For Solana, the partnership adds credibility as a network capable of supporting enterprise-grade financial products. The move also aligns with a broader trend of major asset managers exploring tokenization. BlackRock, Franklin Templeton, and others have launched tokenized money market funds on various blockchains, but Amundi’s UCITS initiative is among the first to target the European retail and institutional market with a fully regulated structure. Timeline and Next Steps Specific launch dates and fund details have not yet been disclosed. Industry observers expect further announcements in the coming weeks as the necessary regulatory approvals and technical integrations are finalized. The fund is likely to target fixed-income or money market assets initially, given the conservative nature of UCITS mandates. Conclusion The Amundi-Spiko Finance collaboration marks a notable milestone in the convergence of traditional asset management and blockchain technology. By issuing a UCITS fund on Solana, the partners are testing whether regulated funds can benefit from on-chain efficiency without compromising investor protections. The outcome could influence how other large asset managers approach tokenization in Europe. FAQs Q1: What is a UCITS fund? A UCITS fund is a type of investment fund regulated under European Union directives, designed to offer high levels of investor protection, liquidity, and diversification. They can be sold to retail and institutional investors across EU member states. Q2: Why launch a UCITS fund on Solana? Solana offers fast transaction processing and low fees, which can reduce operational costs for fund subscriptions, redemptions, and record-keeping. Blockchain also provides transparent, real-time audit trails. Q3: Is this fund available to all investors? While UCITS funds are generally open to retail and institutional investors, the specific distribution channels and minimum investment amounts for this fund have not yet been announced. Investors should wait for official documentation from Amundi. This post Amundi and Spiko Finance to Launch Regulated UCITS Fund on Solana first appeared on BitcoinWorld .
15 May 2026, 16:23
Pi Network rolls out AI app converter in latest ecosystem push

Pi Network has launched an update for Pi App Studio, which now supports creating Pi Apps from third-party AI software applications. Now, its 60 million investors and devs lacking technical knowledge to use the platform can use it without the need to develop the necessary back-end technologies for their products. The update has factored into the abundance of software that creates apps using AI, the problem of how to attract actual users and process payments still persists. Pi App Studio solves this problem by offering a solution to integrate such apps within Pi’s network. Pi App Studio opens doors for external AI-created apps The new flow will target ‘vibe coders’ and developers who create applications using external platforms that leverage AI. Some of the supported platforms will be Codex, Claude Code , Replit, Cursor, Lovable, and many other AI coding assistants. After creating an application externally, one can easily import it into Pi App Studio to make it an integrated Pi App . This enhancement enables Pi App Studio to move beyond the boundaries of developing within the ecosystem. This will now allow developers to use various AI tools even when they are not yet members of the Pi ecosystem. The Pi Core Team noted that this functionality changes the formula for creators. While AI handles fast prototyping, Pi provides the distribution channel, payment system, identity verification service, and other human-based platform functionalities to turn an idea into a tangible product. Pi Network changes the equation for creators: Source: Pi . Integration is supposed to be quick and easy. The creators only need to insert the link to the app built externally in Pi App Studio, provide the necessary information, and use the specially tailored instructions to copy and paste information into external AI platforms. In this way, the system automatically integrates the Pi SDK, handles authentication, and provides access to Pi payments while complying with all Pi Network developer guidelines. According to the Pi blog , the entire process may take up to 2 minutes, depending on the app’s complexity. As an example in the Pi video, the app being integrated is a Connect 4 game created on an external AI coding platform. Is AI integration into finance systems a friend or foe? Inclusion of AI technology in financial services presents a classic double-edged sword. While AI provides greater efficiency and innovative solutions for businesses, it also raises cybersecurity risks that can lead to market instability worldwide, according to recent statements from the IMF and crypto hacks. State-of-the-art AI is making the barrier to cybercrime extremely low. As reported by Cryptopolitan , new-age artificial intelligence can detect and exploit software and computer network weaknesses faster and cheaper than ever before. For instance, in April 2026, hackers tied to North Korea used AI to launch two attacks that earned them more than $600 million. According to blockchain forensics company TRM Labs, AI was instrumental in target identification and exploit creation. These attacks triggered immediate market reactions: investors pulled out a whopping $9 billion within two days from the lending protocol involved. According to the IMF, Anthropic Claude Mythos Preview is particularly worth paying attention to. It is a potent model that can find vulnerabilities in major operating systems and web browsers despite the lack of professional operators. This feature already proves that there will be more “zero-day” vulnerabilities in the future. Another dangerous technology comes from OpenAI – GPT-5.5. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
15 May 2026, 16:00
USD1 enters Binance Futures as a primary settlement stablecoin: Details

Can USD1 climb to global top three stablecoin list with the recent Binance scaling partnership?
15 May 2026, 15:50
Bitcoin Network Growth Rebounding Fast, Hinting at End of Local Bottom: Glassnode

Blockchain analytics firm Glassnode says Bitcoin network activity is showing signs of a strong recovery. This trend has historically aligned with the end of local market bottoms and the return of bullish momentum. Visit Website














































