News
5 Jun 2026, 05:09
ZEC drops 30% after Anthropic AI finds Zcash counterfeit vulnerability

ZEC market capitalization fell by almost $3 billion over the past 24 hours following the disclosure of a critical vulnerability, despite it being patched already.
5 Jun 2026, 04:10
Gravity Bridge Hacker Moves Another $2.1 Million in Stolen ETH to Tornado Cash

BitcoinWorld Gravity Bridge Hacker Moves Another $2.1 Million in Stolen ETH to Tornado Cash The hacker responsible for the Gravity Bridge exploit has transferred an additional 1,180 ETH, valued at approximately $2.06 million, to the cryptocurrency mixing service Tornado Cash, according to blockchain security firm CertiK. This latest transaction brings the total amount of stolen funds sent through the mixer to 2,020 ETH. Details of the Latest Transactions CertiK reported that the funds were moved through two externally owned accounts (EOAs) in a series of transactions over the past 24 hours. The total stolen during the initial exploit was 2,600 ETH, worth roughly $5.4 million at the time of the hack. Of that amount, the majority has now been routed through Tornado Cash, a protocol designed to obscure transaction trails on the Ethereum blockchain. The remaining stolen assets have been distributed across multiple centralized exchanges (CEXs), according to the security firm’s on-chain analysis. This pattern of moving funds through mixers and exchanges is a common tactic used by hackers to launder illicit proceeds and evade law enforcement. Background on the Gravity Bridge Exploit The Gravity Bridge hack, which occurred in mid-2024, exploited a vulnerability in the cross-chain bridge protocol. The attacker drained over 2,600 ETH from the bridge’s smart contract, prompting an immediate investigation by CertiK and other blockchain forensics teams. The incident highlighted ongoing security risks associated with cross-chain infrastructure, which remains a frequent target for attackers due to the complexity of inter-blockchain communication. Why This Matters for the Crypto Ecosystem The continued movement of stolen funds through Tornado Cash underscores persistent challenges in blockchain security and regulatory enforcement. Despite sanctions imposed by the U.S. Treasury Department on the mixer in 2022, the protocol remains operational and continues to be used for laundering stolen cryptocurrency. This case also illustrates the difficulty of recovering assets once they enter mixing services, as transaction histories become nearly impossible to trace. For users and investors, the Gravity Bridge incident serves as a reminder of the risks associated with cross-chain protocols and the importance of thorough smart contract audits. It also highlights the ongoing cat-and-mouse dynamic between blockchain security firms and malicious actors. Conclusion The Gravity Bridge hacker’s latest move to funnel over $2 million in stolen ETH through Tornado Cash brings the total laundered through the mixer to more than 2,000 ETH. With the remaining funds scattered across exchanges, the case remains active, and CertiK continues to monitor the wallets involved. The incident reinforces the need for stronger security measures in cross-chain protocols and the ongoing challenge of tracing and recovering stolen digital assets. FAQs Q1: What is Tornado Cash and why do hackers use it? Tornado Cash is a decentralized cryptocurrency mixer that breaks the on-chain link between a sender and receiver by pooling funds from multiple users. Hackers use it to obscure the trail of stolen assets, making it difficult for investigators to trace the funds. Q2: How much was stolen in the Gravity Bridge hack? The attacker stole 2,600 ETH, which was valued at approximately $5.4 million at the time of the exploit. The funds have since been moved through mixers and exchanges. Q3: Can the stolen funds be recovered? Recovery is extremely challenging once funds enter a mixer like Tornado Cash, as the transaction history is intentionally obfuscated. However, blockchain security firms like CertiK continue to monitor the wallets and may provide intelligence to law enforcement if any funds resurface on exchanges. This post Gravity Bridge Hacker Moves Another $2.1 Million in Stolen ETH to Tornado Cash first appeared on BitcoinWorld .
5 Jun 2026, 03:45
Zcash Bug Fixed, Says Cyber Capital Founder, Urging Community Calm

BitcoinWorld Zcash Bug Fixed, Says Cyber Capital Founder, Urging Community Calm Justin Bons, founder of European crypto investment firm Cyber Capital, has moved to calm the cryptocurrency community following the discovery of a critical bug in Zcash (ZEC). The vulnerability, located in the privacy-focused protocol known as Orchard, could have theoretically allowed for the infinite creation of new Zcash tokens. Bug Discovery and Immediate Response In a statement shared on X (formerly Twitter), Bons confirmed that the bug has already been patched. He emphasized that the flaw was discovered by security researchers acting in good faith, preventing any malicious exploitation. Bons praised the Zcash development team for their swift and competent response, urging users to refrain from panic. Understanding the Orchard Protocol Vulnerability The Orchard protocol is a core component of Zcash’s privacy architecture, designed to enable shielded transactions. The bug, had it been exploited, could have undermined the cryptocurrency’s fundamental scarcity by allowing an attacker to create tokens out of thin air. While the potential impact was severe, the fact that it was identified and resolved internally—before any public exploit—has been framed as a testament to the project’s security practices. Why This Matters for Privacy Coins Bons used the incident to highlight the broader importance of privacy-focused development in the cryptocurrency space. He argued that such technology is too valuable to be derailed by public overreaction or a lack of technical understanding. The incident serves as a reminder of the constant security challenges faced by all blockchain projects, particularly those prioritizing advanced privacy features. Conclusion The Zcash team’s rapid fix of the Orchard bug reinforces the importance of proactive security audits and responsible disclosure. For investors and users, the key takeaway is that the vulnerability was contained before it could cause harm. The episode underscores the ongoing need for vigilance and expertise in the development of privacy-preserving financial technologies. FAQs Q1: What was the Zcash bug? The bug was found in the Orchard protocol, a privacy feature of Zcash. It could have allowed an attacker to create an unlimited number of new Zcash tokens. Q2: Has the bug been fixed? Yes. According to Justin Bons of Cyber Capital, the bug was discovered by security researchers and has already been patched by the Zcash development team. Q3: Was any Zcash stolen or created because of the bug? No. The bug was discovered and fixed before any malicious exploitation occurred. The issue was handled internally and responsibly. This post Zcash Bug Fixed, Says Cyber Capital Founder, Urging Community Calm first appeared on BitcoinWorld .
5 Jun 2026, 03:00
Arthur Hayes Dumps Entire Zcash Position Over Orchard Pool Bug, Declares ‘Holy Trinity’ Over

BitcoinWorld Arthur Hayes Dumps Entire Zcash Position Over Orchard Pool Bug, Declares ‘Holy Trinity’ Over BitMEX co-founder Arthur Hayes has confirmed on X that he sold his entire Zcash (ZEC) position, citing a vulnerability in the Orchard Pool that, while unlikely to be exploited, cannot be cryptographically ruled out. The move marks the end of what Hayes called his ‘Holy Trinity’ portfolio, which previously included HYPE and NEAR tokens. Why the Orchard Pool Bug Mattered Hayes explained that the Orchard Pool bug, a technical flaw in Zcash’s privacy protocol, forced his decision. ‘The probability of unauthorized minting is extremely low, but it cannot be proven cryptographically impossible,’ he wrote. For Hayes, the narrative of protecting privacy from AI, governments, and Big Tech demands perfection—a standard the bug undermined. Zcash, known for its shielded transactions and zero-knowledge proofs, relies on the Orchard Pool to enable private transfers. Any theoretical exploit, even one with a low probability, could compromise the entire privacy guarantee that the coin is built upon. End of the ‘Holy Trinity’ Hayes had previously disclosed selling all his HYPE and NEAR tokens, promising to reveal his reasons next Tuesday. With the ZEC sale, his so-called ‘Holy Trinity’—a term he used to describe his high-conviction holdings—is now fully liquidated. He confirmed he continues to hold Worldcoin (WLD), though he did not elaborate on that position. The announcement has sparked debate among crypto analysts about the impact on Zcash’s market confidence. Some argue that Hayes’s exit signals a broader concern about privacy coins’ technical resilience, while others view it as an overreaction to a low-risk edge case. Market and Community Reaction Following Hayes’s post, ZEC experienced a modest sell-off, though trading volumes remained within normal ranges. The Zcash development team has not issued an official statement regarding the Orchard Pool bug, but community members on forums have noted that the vulnerability was previously documented in developer discussions. Privacy coin advocates emphasize that no major exploit has occurred, and that the bug does not affect all Zcash transactions—only those using the Orchard Pool. Still, the incident highlights the ongoing tension between theoretical cryptographic risk and practical security in privacy-focused blockchain projects. Conclusion Arthur Hayes’s decision to exit Zcash entirely underscores a critical reality for privacy coins: even minor technical uncertainties can erode confidence among high-profile investors. Whether the Orchard Pool bug proves to be a footnote or a turning point for Zcash will depend on how the community and developers address the underlying cryptographic concern. FAQs Q1: What is the Orchard Pool bug in Zcash? The Orchard Pool bug is a technical vulnerability in Zcash’s privacy protocol that, according to Arthur Hayes, could theoretically allow unauthorized minting of ZEC tokens. The probability of exploitation is considered extremely low, but it cannot be proven impossible. Q2: Why did Arthur Hayes sell his ZEC position? Hayes stated that the narrative of protecting privacy from AI, governments, and Big Tech demands perfection. The Orchard Pool bug, even with low exploit probability, violated that standard, leading him to sell his entire ZEC holdings. Q3: What is the ‘Holy Trinity’ portfolio Arthur Hayes mentioned? The ‘Holy Trinity’ refers to Hayes’s previous high-conviction holdings: HYPE, ZEC, and NEAR. He has now sold all three positions, with plans to explain his reasoning for the HYPE and NEAR sales next Tuesday. This post Arthur Hayes Dumps Entire Zcash Position Over Orchard Pool Bug, Declares ‘Holy Trinity’ Over first appeared on BitcoinWorld .
5 Jun 2026, 01:35
South Korea Shifts AML Burden to Crypto Exchanges for Large Transfers

BitcoinWorld South Korea Shifts AML Burden to Crypto Exchanges for Large Transfers South Korea is moving toward a significant shift in how it polices money laundering risks tied to cryptocurrency transactions. Under a proposed regulatory change, virtual asset service providers (VASPs) in the country will be required to independently manage anti-money laundering (AML) risks for crypto transfers of 10 million won (approximately $7,300) or more to overseas exchanges or personal wallets. This marks a departure from the current system, which mandates uniform reporting of such transactions to financial authorities. Industry Consultation Drives Policy Change The decision follows a meeting between South Korea’s Financial Intelligence Unit (FIU), an agency operating under the Financial Services Commission, and representatives from major cryptocurrency exchanges. According to a report by SBS News, the FIU gathered industry feedback on proposed amendments to the enforcement decree of the Act on Reporting and Using Specified Financial Transaction Information. The feedback session, held yesterday, appears to have directly influenced the FIU’s stance, signaling a more collaborative approach between regulators and the crypto industry. Under the current framework, exchanges are required to report all large or suspicious transactions to the FIU. The new proposal, however, would task exchanges with conducting their own due diligence and risk assessments for transfers exceeding the 10 million won threshold, rather than automatically flagging them to authorities. This is intended to streamline regulatory burdens while still maintaining oversight of high-value flows. Implications for Crypto Exchanges and Users For South Korean exchanges, the change represents a significant operational shift. They will need to invest in more sophisticated AML compliance systems capable of evaluating transaction patterns, wallet risk scores, and counterparty due diligence. Smaller exchanges, in particular, may face challenges in building the necessary infrastructure without clear regulatory guidance. For users, the policy could mean more friction when sending large amounts to overseas wallets or foreign platforms. Exchanges may request additional documentation or impose delays on transactions they deem high-risk. However, the policy also potentially reduces the frequency of automatic reporting, which some in the industry viewed as overly burdensome and privacy-invasive. Why This Matters for the Global Crypto Market South Korea is one of the world’s most active cryptocurrency markets, with a high proportion of retail traders and significant capital flows to and from overseas exchanges. Any shift in its AML framework has ripple effects across global crypto liquidity and compliance practices. The move also aligns with broader international trends, such as the Financial Action Task Force (FATF) ‘Travel Rule,’ which requires VASPs to share transaction information for transfers above a certain threshold. By allowing exchanges to manage their own AML risks rather than relying solely on government reporting, South Korea is testing a model that other jurisdictions may watch closely. If successful, it could reduce the administrative load on regulators while increasing the accountability of exchanges. If not, it could lead to gaps in monitoring that bad actors might exploit. Conclusion The FIU’s decision to delegate AML responsibility to exchanges for large crypto transfers represents a pragmatic evolution of South Korea’s regulatory approach. It balances the need for oversight with the operational realities of a fast-moving industry. As the enforcement decree amendments are finalized, the crypto community in South Korea and abroad will be watching closely for the specific compliance requirements and any potential enforcement actions that follow. FAQs Q1: What is the new threshold for crypto transfers that will require exchange-managed AML checks in South Korea? Transfers of 10 million won (approximately $7,300) or more to overseas exchanges or personal wallets will be subject to exchange-managed anti-money laundering risk assessments under the proposed rules. Q2: Why is South Korea changing its crypto AML reporting rules? The FIU is shifting from a uniform reporting requirement to a risk-based approach, allowing exchanges to conduct their own due diligence. This follows industry feedback and aims to reduce regulatory burden while maintaining effective oversight. Q3: How will this affect ordinary crypto users in South Korea? Users sending large amounts may face additional verification steps or delays as exchanges assess transaction risk. However, the change could also reduce the frequency of automatic government reporting, potentially offering more privacy for compliant transactions. This post South Korea Shifts AML Burden to Crypto Exchanges for Large Transfers first appeared on BitcoinWorld .
4 Jun 2026, 23:45
UXLINK Hacker Moves $6.4M in WBTC to ETH, Channels Funds Through Tornado Cash

BitcoinWorld UXLINK Hacker Moves $6.4M in WBTC to ETH, Channels Funds Through Tornado Cash The hacker responsible for the recent UXLINK exploit has executed a significant fund movement, swapping 92 Wrapped Bitcoin (WBTC) valued at approximately $6.4 million for 3,248 Ether (ETH). The transaction was flagged by blockchain security firm PeckShield, which reported the activity on X (formerly Twitter) on Sept. 26, 2025. Funds Directed Through Privacy Mixer Following the swap, the perpetrator deposited 1,500 ETH into Tornado Cash, a cryptocurrency mixing service known for its privacy-enhancing features. This move is a common tactic used by attackers to obfuscate the trail of stolen funds, making it more difficult for law enforcement and blockchain analysts to trace the assets. The remaining ETH from the swap remains under observation in wallets linked to the hacker. The latest transaction is part of a broader effort to launder the proceeds from the UXLINK exploit, which occurred on Sept. 22, 2025. During the initial breach, attackers drained approximately $44 million in various assets from the UXLINK protocol, a decentralized identity and social networking platform built on the blockchain. Timeline of the Exploit On Sept. 22, UXLINK confirmed a security incident involving unauthorized access to certain smart contract functions. The project paused operations and urged users to revoke contract approvals. PeckShield and other security firms immediately began tracking the stolen funds, which included a mix of ETH, stablecoins, and other tokens. The hacker’s decision to convert WBTC into ETH is a strategic move, as ETH offers greater liquidity and is more easily moved through privacy tools like Tornado Cash. Why This Matters for Crypto Users This incident highlights the persistent risks associated with DeFi protocols and the importance of timely security audits. For UXLINK users, the exploit serves as a reminder to monitor wallet approvals and use hardware wallets for long-term storage. The use of Tornado Cash also underscores ongoing regulatory debates about privacy tools, which have been subject to sanctions and scrutiny by authorities in the United States and other jurisdictions. As of press time, UXLINK has not announced any recovery plans or compensation for affected users. The project’s native token has experienced volatility since the breach, though trading volumes remain active. Conclusion The movement of $6.4 million in WBTC to ETH and subsequent deposit into Tornado Cash represents a significant step in the hacker’s laundering process. Blockchain analysts continue to monitor the remaining wallets, while the broader crypto community watches for any further developments in the case. The incident adds to a growing list of high-profile DeFi exploits in 2025, reinforcing the need for enhanced security measures across the ecosystem. FAQs Q1: What is UXLINK? UXLINK is a decentralized identity and social networking protocol built on the blockchain. It allows users to manage digital identities and social connections in a decentralized manner. Q2: How much was stolen in the UXLINK exploit? Approximately $44 million in various cryptocurrencies was stolen on Sept. 22, 2025, according to initial reports from the project and security firms. Q3: Why did the hacker swap WBTC for ETH? ETH offers greater liquidity and is more commonly accepted by privacy mixing services like Tornado Cash, making it easier to launder stolen funds compared to WBTC. Q4: What is Tornado Cash? Tornado Cash is a cryptocurrency mixing service that enhances transaction privacy by breaking the on-chain link between source and destination addresses. It has been a target of regulatory action in the U.S. Q5: Can the stolen funds be recovered? Recovery is challenging once funds enter a mixer like Tornado Cash. However, law enforcement and blockchain analytics firms continue to track wallet addresses and may identify the perpetrator over time. This post UXLINK Hacker Moves $6.4M in WBTC to ETH, Channels Funds Through Tornado Cash first appeared on BitcoinWorld .








































