News
1 Jun 2026, 18:20
KelpDAO Hacker Moves $220M Through Tornado Cash, Funds on Arbitrum Frozen

BitcoinWorld KelpDAO Hacker Moves $220M Through Tornado Cash, Funds on Arbitrum Frozen The hacker responsible for the $293 million exploit of decentralized finance protocol KelpDAO has successfully laundered the vast majority of stolen funds, with only a portion remaining frozen on the Arbitrum network, according to reports from Cointelegraph. Approximately $220 million was moved through the cryptocurrency mixer Tornado Cash, effectively placing the funds beyond practical recovery. Details of the Laundering Operation Blockchain investigators tracked the movement of the stolen assets as they were funneled through Tornado Cash, a decentralized mixing service designed to obscure transaction trails. The use of such mixers is a common tactic among cybercriminals seeking to sever the link between stolen funds and their wallets. In this case, the speed and scale of the operation indicate a highly organized effort to liquidate and anonymize the proceeds before law enforcement or protocol teams could intervene. Frozen Funds on Arbitrum and Legal Proceedings The remaining $71 million, which was initially frozen on the Arbitrum network through a coordinated effort between KelpDAO and blockchain security firms, has since been transferred to a multisig wallet associated with the lending protocol Aave. The funds are now subject to a court decision, which will determine whether they can be returned to KelpDAO or distributed to affected users. This legal avenue represents a rare potential recovery path in an otherwise grim outcome for the protocol’s stakeholders. Implications for DeFi Security and Asset Recovery This incident underscores the persistent vulnerability of decentralized finance platforms to sophisticated attacks and the challenges of asset recovery once funds enter privacy-focused mixers. The ability to freeze funds on layer-2 networks like Arbitrum demonstrates a growing coordination between protocols and security teams, but the success of the laundering operation highlights the limitations of current countermeasures. For investors and users, the case serves as a stark reminder of the risks inherent in the DeFi ecosystem, where smart contract exploits can lead to total loss of capital. Conclusion The KelpDAO hack stands as one of the largest DeFi exploits of the year, with the hacker now having successfully laundered nearly all of the stolen value. The frozen $71 million on Arbitrum, now held in an Aave multisig wallet, represents the only remaining hope for partial recovery. The outcome of the court case will be closely watched by the broader crypto community as a precedent for legal recourse in blockchain-based theft. FAQs Q1: What is Tornado Cash and why is it used by hackers? Tornado Cash is a decentralized cryptocurrency mixer that breaks the on-chain link between sender and recipient addresses, making it extremely difficult to trace stolen funds. Hackers use it to launder assets because it provides a high degree of anonymity. Q2: Can the frozen $71 million on Arbitrum be recovered? Recovery is possible but not guaranteed. The funds are held in an Aave multisig wallet pending a court decision. If the court rules in favor of KelpDAO, the funds could be returned to the protocol and potentially redistributed to affected users. Q3: What does this mean for the future of DeFi security? The KelpDAO exploit highlights ongoing security gaps in smart contract design and the difficulty of recovering funds once they enter privacy mixers. It is likely to accelerate calls for better auditing, real-time monitoring, and faster response mechanisms within the DeFi space. This post KelpDAO Hacker Moves $220M Through Tornado Cash, Funds on Arbitrum Frozen first appeared on BitcoinWorld .
1 Jun 2026, 15:15
Radiant Capital to Shut Down After Failing to Recover From $53 Million Hack

BitcoinWorld Radiant Capital to Shut Down After Failing to Recover From $53 Million Hack Radiant Capital (RDNT), a decentralized finance protocol built on the Arbitrum and BNB Chain ecosystems, has announced it is beginning the process of ceasing operations. The decision comes after an 18-month recovery effort following a devastating $53 million exploit in October 2024. Failed Recovery and Loss of Viability In an official statement, the Radiant team confirmed that despite sustained efforts to recover stolen funds or secure new capital, neither goal was achieved. “The conditions to operate the protocol responsibly no longer exist,” the team wrote, signaling the end of the project’s operational runway. The protocol will now transition into a maintenance mode. While the front-end interface will remain functional, and smart contracts will continue to operate on-chain, no new development or growth initiatives will be pursued. Users can still withdraw deposits, repay loans, and manage existing positions through the platform. What Happens to Users and the Recovery Portal For victims of the October 2024 hack, the recovery portal will remain active. Any future assets recovered through ongoing legal or investigative efforts will be returned directly to affected users. The team emphasized that no new funds will be locked, and existing user positions are not at immediate risk of loss due to the shutdown. According to CoinMarketCap, RDNT is currently trading at $0.001465, down 3.65% on the day, reflecting the market’s reaction to the announcement. Broader Implications for DeFi Radiant Capital’s closure underscores the persistent challenges facing decentralized finance protocols, particularly around security and post-exploit recovery. The $53 million hack in October 2024 was one of the larger exploits of the year, and the inability to recover funds or attract rescue capital highlights the fragility of even well-known DeFi projects. The case also serves as a cautionary tale for users and investors in the DeFi space. While smart contracts offer transparency and autonomy, they also expose users to irreversible losses when vulnerabilities are exploited. Radiant’s failure to secure a bailout or insurance payout raises questions about the sustainability of protocols that lack robust contingency planning. Conclusion Radiant Capital’s shutdown marks the end of a project that once held promise in the cross-chain lending space. The team’s decision to maintain a functional interface for withdrawals and loan repayments offers some relief to users, but the loss of $53 million in user funds remains a stark reminder of the risks inherent in DeFi. As the industry matures, the ability to recover from exploits and maintain user trust will likely become a key differentiator between protocols that survive and those that do not. FAQs Q1: Can I still withdraw my funds from Radiant Capital? Yes. The protocol’s front-end and smart contracts remain operational in maintenance mode, allowing users to withdraw deposits, repay loans, and manage their positions. Q2: Will victims of the October 2024 hack ever get their money back? The recovery portal remains active, and any future assets recovered will be returned to affected users. However, the team has stated that no funds have been recovered so far, and there is no guarantee of future recovery. Q3: What caused Radiant Capital to shut down? The protocol suffered a $53 million exploit in October 2024. After 18 months of unsuccessful recovery efforts and an inability to attract new capital, the team determined that the conditions to operate responsibly no longer existed. This post Radiant Capital to Shut Down After Failing to Recover From $53 Million Hack first appeared on BitcoinWorld .
1 Jun 2026, 14:03
Crypto Hacks Drop 87% in May to $81.7 Million But Cross-Chain Bridges Remain the Industry’s Most Exploited Target

After one of the most brutal months on record, the crypto security picture improves dramatically in May 2026. Total losses from hacks and exploits fall to somewhere between $68 million and $81.7 million depending on the measuring firm, either way, a decline of roughly 87 to 90 percent compared to the approximately $647 to $650 million stolen in April. The numbers offer genuine relief. But buried inside them is a pattern that refuses to go away: cross-chain bridges are still getting hit harder than anything else, and the list of protocols losing tens of millions to exploits is long enough to keep the industry honest about how much work remains. May’s Total Losses and What The Decline Actually Means #PeckShieldAlert In May 2026, the crypto space saw 40 major hacks totaling $81.7M – an 87.4% MoM decrease from April ($647M). Cross-chain protocols remained a primary target – with 8 significant #bridge & #crosschain exploits accounting for $33.28M (41%) of the month's total… pic.twitter.com/Q1vrqXZJt8 — PeckShieldAlert (@PeckShieldAlert) June 1, 2026 PeckShield counts 40 major hacks in May 2026 with total losses reaching $81.7 million, representing an 87.4% month-over-month decrease from April’s $647 million. CertiK’s parallel accounting lands at $68.3 million, arriving at a similar conclusion through a slightly different methodology, either way, the directional story is the same. May is significantly safer than April was. #CertiKStatsAlert Combining all the incidents in May we’ve confirmed ~$68.3M lost to exploits with ~$2.6M of the total attributed to phishing. After a particularly bad April, May is now the third month of 2026 to record losses under 100M$. More details below pic.twitter.com/GSWTLKXWDH — CertiK Alert (@CertiKAlert) May 31, 2026 That improvement is worth acknowledging. April 2026 was by several measures the worst month for crypto security in recent memory, with near-daily exploits and losses accumulating at a pace that shocked even veteran observers of the space. Coming off that baseline, an 87 to 90 percent decline is not a rounding error, it is a material shift, and CertiK reads it as a signal of improved security practices beginning to take hold across the industry. The honest caveat is that one relatively quiet month does not constitute a trend. May’s figure still represents $68 to $81 million in stolen funds across 40 incidents. Framed against the horror of April, that looks like progress. Framed against any reasonable standard of what a maturing financial infrastructure should tolerate, it is still a significant number. Cross-Chain Bridges Take The Hardest Hits Again Eight significant bridge and cross-chain exploits account for $33.28 million of May’s total losses, 41 percent of the month’s damage concentrated in a single category of infrastructure. That figure lands not as a surprise but as a confirmation of a pattern the industry has been watching build for years. Bridges are the most reliably exploited structures in crypto, and May does nothing to disturb that reputation. #PeckShieldAlert In May 2026, the crypto space saw 40 major hacks totaling $81.7M – an 87.4% MoM decrease from April ($647M). Cross-chain protocols remained a primary target – with 8 significant #bridge & #crosschain exploits accounting for $33.28M (41%) of the month's total… pic.twitter.com/Q1vrqXZJt8 — PeckShieldAlert (@PeckShieldAlert) June 1, 2026 The structural reasons for this concentration of risk are well understood at this point. Cross-chain bridges hold large pools of collateral in custody on one chain while minting mirror assets on another. They advertise their addresses publicly, they process high-value transfers continuously, and their security model almost always depends on some combination of smart contract logic, validator sets, and cryptographic key management, any one of which, if compromised, can drain the entire pool. May’s bridge exploits run the gamut of these failure modes, from key compromises to validator coordination failures to contract vulnerabilities. The Top Ten Exploits That Defined The Month The full breakdown of May’s ten largest hacks] reveals both the scale and the diversity of the attacks. SUPERFORTUNE888 leads the list with $15.18 million in losses, taking the month’s largest single exploit. The Verus-Ethereum Bridge follows at $11.58 million, a notable entry on the list because those funds are subsequently refunded, making it one of the rare cases where an exploit results in recovery rather than permanent loss. THORChain absorbs $10 million, continuing a difficult year for a protocol that has faced repeated security challenges. DxSale loses $7.3 million, while Trusted Volumes suffers $5.9 million in losses. Gravity Bridge, which draws significant community attention after investigators flag the mechanics of its key compromise, is drained for $5.4 million, with a substantial portion of those funds remaining in the attacker’s wallet at the time of reporting. SquidRouter Module loses $3 million, StablR Euro suffers $2.8 million, TAC’s cross-chain layer on the TON side loses another $2.8 million, and RetoSwap rounds out the top ten at $2.7 million. Taken together, these ten incidents account for the overwhelming majority of May’s total losses and span multiple chains, bridge architectures, and exploit vectors. Why Bridges Keep Absorbing The Damage The persistence of bridge exploits at the top of every monthly security report is not a coincidence, and it is not bad luck. It is a structural consequence of how cross-chain infrastructure is currently built and operated. Bridges concentrate value in identifiable locations, they depend on key management practices that vary enormously in quality across projects, and they often operate with validator sets small enough that compromising a small number of signers translates directly into full control over the custody pool. The Gravity Bridge and Verus-Ethereum Bridge incidents in May both reflect versions of this problem. When three out of four guardian keys are compromised on a Wormhole fork, the quorum math delivers full bridge authority to the attacker instantly. When validator coordination fails during a key rotation, the window of vulnerability opens faster than any monitoring system can close it. These are not exotic attack scenarios requiring sophisticated zero-day exploits, they are known failure modes being exploited repeatedly because the underlying architectural decisions that create them have not been sufficiently addressed across the industry. What The April-to-May Decline Suggests About Security Progress The 87 percent drop from April to May invites a question worth sitting with: is this genuine improvement, or is it regression to the mean after an unusually catastrophic month? The honest answer is probably some of both. April’s losses were inflated by several very large individual exploits, KelpDAO’s $300 million loss and Drift’s $200 million loss contributed an enormous share of that month’s total, and months with losses at that scale are statistical outliers even in crypto’s difficult security environment. At the same time, CertiK’s assessment that the decline reflects improved security measures is not without basis. The industry has been investing more heavily in formal verification, third-party auditing, bug bounty programs, and real-time on-chain monitoring than at any previous point in its history. Those investments do not produce overnight results, but they accumulate over time, and the May figures may be beginning to reflect some of that accumulated effort. The Road Ahead For Crypto Security Forty exploits in a single month, even a relatively good month, is a number that demands continued attention. The improvement from April is real and meaningful, but the structural vulnerabilities that made April possible have not been eliminated. Bridge architecture remains dangerously concentrated. Guardian sets remain undersized on many cross-chain protocols. Key management practices remain inconsistent across the industry. And the financial incentive to attack these structures, which scales directly with the value they hold, is not diminishing. The $33.28 million lost to bridge and cross-chain exploits in May represents 41 percent of the month’s total damage from a category of infrastructure that the industry already knows is its weakest point. That knowledge has not yet translated into the architectural changes required to make bridges meaningfully harder to attack. Until it does, the monthly security reports will keep telling the same story, with the numbers moving up and down around an average that remains far too high for an industry that wants to be taken seriously as financial infrastructure. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
1 Jun 2026, 13:00
XRP Ledger Targets Flash Loan Attacks With New DeFi Security Proposal

The growth of Decentralized Finance (DeFi) on the XRP Ledger is bringing increased attention to one of the industry’s most persistent challenges. While new financial applications create opportunities for growth and innovation, they also introduce potential vulnerabilities that can be exploited if adequate safeguards are not in place. A newly proposed XRPL upgrade aimed at mitigating flash loan attacks signals a growing commitment to building a more secure foundation for the network’s expanding DeFi ecosystem. How The Proposed Safeguards Could Protect Liquidity Pools The XRP Ledger is taking steps to address one of decentralized finance’s most persistent security challenges. Crypto analyst CryptoSensei revealed on X that a new XRPL proposal aims to reduce the risk of flash loan attacks, a type of exploit that has already cost DeFi protocols hundreds of millions of dollars across the industry. Related Reading: XRP’s Latest Move To DeFi: What This Upgrade Will Mean For Users And Investors Flash loans allow attackers to borrow large amounts of capital within a single transaction, and are often used to manipulate prices and liquidity pools. The proposal introduces safeguards designed to make such attacks significantly harder to execute. However, as DeFi activity continues to expand on the Ledger, security improvements are becoming increasingly important. Stronger protections are essential for attracting developers, users, and institutional capital to the ecosystem. As lending, trading, tokenization, and other DeFi applications continue to expand on the XRPL, security will become a much bigger priority. According to CryptoSensei, every new feature creates new opportunities, but the innovation can also introduce new attack vectors if the infrastructure is not well prepared. The challenge is no longer just building DeFi, but building DeFi that institutions, developers, and users can trust to operate securely and reliably at scale is a completely different one. David Schwartz Explains XRP Ledger Defense Against State-Level Threats One of the XRP Ledger’s most overlooked strengths is the ability to remain operational under extreme conditions. Analyst Chloe has noted that the XRPL network was designed for the worst-case scenarios. Former Ripple Chief Technology Officer (CTO), David Schwartz, recently outlined how the XRP Ledger can withstand even state-level attacks targeting its validator network. Related Reading: XRP’s Utility Narrative Extends Beyond Conventional Market Cap Metrics Among the features highlighted are the ability for validators to operate anonymously through privacy-preserving networks such as Tor and 12P, as well as systems that allow reserve operators to replace targeted nodes as necessary. The XRPL Negative Unique Node List (UNL) mechanism is also designed to help maintain consensus running even during periods of disruptions. Chloe argues that while many blockchain networks emphasize decentralization in theory, XRPL is designed to survive censorship, coordinated attacks, and hostile operating environments. This level of resilience is what institutions, banks, and governments need for mission-critical financial infrastructure. Featured image from Adobe Stock, chart from Tradingview.com
1 Jun 2026, 12:55
Gnosis Pay Exploit: Team Confirms Full User Compensation as Investigation Unfolds

BitcoinWorld Gnosis Pay Exploit: Team Confirms Full User Compensation as Investigation Unfolds Gnosis, the blockchain infrastructure company behind the GNO token, has confirmed that its payment service, Gnosis Pay, was hit by an exploit targeting a delay module within its smart contract architecture. The company has pledged to fully compensate all affected users, though the total amount stolen, the number of impacted accounts, and the precise root cause of the vulnerability remain undisclosed at this time. Initial Confusion and Corrective Action Martin Köppelmann, co-founder of Gnosis, initially took to social media to advise users to withdraw their funds from Gnosis Pay as a precautionary measure. Shortly after, he retracted that recommendation, explaining that most users were unable to execute withdrawals due to the nature of the exploit. He clarified that the team is actively working to contain the breach and prevent further damage, reiterating that all user losses will be covered by the company. This type of rapid, evolving response is not uncommon in decentralized finance incidents, where initial public statements often shift as technical teams gain a clearer understanding of the attack vector. The delay module — a smart contract component designed to introduce time locks or multi-signature requirements — was the entry point for the exploit, though specifics on how it was bypassed have not been released. Implications for Gnosis Pay and the Broader DeFi Ecosystem Gnosis Pay is a non-custodial payment card service that allows users to spend their crypto assets at traditional merchants. The service relies on smart contracts to manage fund flows and transaction approvals. An exploit in a delay module raises questions about the security auditing processes for such infrastructure components, which are often considered lower risk than core transaction logic. For Gnosis, which has built a reputation as a reliable infrastructure provider in the Ethereum ecosystem, this incident represents a reputational challenge. The decision to fully compensate users — rather than pursuing a partial recovery or token-based restitution — signals a commitment to maintaining user trust. However, the lack of transparency regarding the exploit’s mechanics and the total funds at risk may draw scrutiny from regulators and security researchers. What Users Should Know Now Users who held funds in Gnosis Pay should monitor official Gnosis communication channels for updates. The company has not yet announced a timeline for the resumption of normal services or for the compensation process. Given that the exploit targeted a specific module, funds held in other Gnosis products — such as the Gnosis Safe or Gnosis Chain — are not believed to be affected, though users are advised to exercise caution and verify independently. Conclusion The Gnosis Pay exploit serves as a reminder that even well-audited DeFi protocols can harbor vulnerabilities in auxiliary smart contract components. The company’s swift pledge to make users whole is a positive signal for affected customers, but the incident underscores the importance of ongoing security vigilance. As the investigation continues, the broader crypto community will be watching for detailed post-mortem reports that could help prevent similar attacks across the ecosystem. FAQs Q1: What was the Gnosis Pay exploit? A: The exploit targeted a delay module in the Gnosis Pay smart contract system. The delay module is designed to introduce time locks or multi-signature requirements for certain transactions. The attacker found a way to bypass or manipulate this module to drain user funds. Q2: Will Gnosis compensate all affected users? A: Yes. Co-founder Martin Köppelmann has publicly stated that Gnosis will fully compensate all users who suffered losses from the exploit. The compensation mechanism and timeline have not yet been announced. Q3: Are other Gnosis products affected? A: Based on current information, the exploit is isolated to the Gnosis Pay delay module. Other Gnosis products, including the Gnosis Safe multi-signature wallet and the Gnosis Chain, are not believed to be impacted. However, users should verify this through official Gnosis channels. This post Gnosis Pay Exploit: Team Confirms Full User Compensation as Investigation Unfolds first appeared on BitcoinWorld .
1 Jun 2026, 09:51
Exploit Alert: Gnosis Under Active Attack, Users Urged to Withdraw Funds

Gnosis could be under attack, as users are being urged to withdraw funds actively.










































