News
26 May 2026, 17:50
New Zealand Dollar Struggles for Traction Ahead of RBNZ Decision: BNY

BitcoinWorld New Zealand Dollar Struggles for Traction Ahead of RBNZ Decision: BNY The New Zealand Dollar is entering the Reserve Bank of New Zealand’s (RBNZ) upcoming monetary policy decision on a soft footing, according to a recent analysis from BNY. The assessment highlights growing headwinds for the currency as markets price in a potential rate cut and global risk sentiment remains fragile. Market Positioning and RBNZ Expectations BNY’s note points to a combination of factors weighing on the Kiwi. Domestically, slowing economic growth and easing inflation pressures have fueled expectations that the RBNZ may adopt a more dovish stance. Market pricing currently reflects a significant probability of a rate reduction at the next meeting, which has kept the NZD under pressure against major counterparts like the US Dollar and Australian Dollar. The analysis underscores that the currency’s recent weakness is not solely a domestic story. Global factors, including persistent uncertainty around China’s economic recovery—a key export market for New Zealand—and shifting expectations for US Federal Reserve policy, have added to the NZD’s vulnerability. BNY notes that the NZD has struggled to maintain any upward momentum, with rallies being sold into. Implications for Traders and the Economy For forex traders, the RBNZ decision represents a critical near-term catalyst. A rate cut, particularly a larger-than-expected move, could trigger further NZD downside. Conversely, a hawkish hold or a smaller cut might provide temporary relief, though BNY’s analysis suggests the underlying soft footing could persist. The broader economic implications are significant. A weaker NZD can boost export competitiveness for New Zealand’s dairy and tourism sectors, but it also raises the cost of imports, potentially feeding into inflation. The RBNZ must balance these competing pressures carefully. What to Watch in the RBNZ Statement Beyond the rate decision itself, markets will scrutinize the RBNZ’s accompanying statement for forward guidance. Key areas include updated economic forecasts, commentary on inflation trends, and any signals about the pace of future policy easing. BNY’s analysis suggests the tone will be crucial in determining whether the NZD’s soft footing turns into a steeper decline or stabilizes. Conclusion The New Zealand Dollar enters a pivotal week with limited support from both domestic and external factors. BNY’s assessment reinforces the view that the currency faces a challenging path ahead, with the RBNZ’s decision likely to set the tone for the near-term outlook. Traders and businesses exposed to NZD movements should prepare for potential volatility. FAQs Q1: Why is the New Zealand Dollar considered on a ‘soft footing’? BNY cites expectations for an RBNZ rate cut, slowing domestic growth, easing inflation, and global risk aversion as key factors weakening the NZD. Q2: What is the main event for the NZD this week? The Reserve Bank of New Zealand’s (RBNZ) monetary policy decision, where markets are pricing in a potential interest rate cut. Q3: How could the RBNZ decision affect the NZD? A rate cut could push the NZD lower, while a hawkish hold might offer temporary support. The accompanying statement and forward guidance will be equally important. This post New Zealand Dollar Struggles for Traction Ahead of RBNZ Decision: BNY first appeared on BitcoinWorld .
26 May 2026, 14:55
Ripple News: Squid Raised $6 Million With Ripple Backing, Then Lost Half of It to a Hack Less Than 24 Hours Later

Ripple News: Squid Crypto closed a $6 million strategic funding round led by North Island Ventures with participation from Ripple on May 25, 2026, and within less than 24 hours, an attacker drained $3 million from the protocol. The exploit hit a third-party liquidity aggregation module integrated into Squid’s cross-chain swap infrastructure, not the audited core contracts. Squid’s official response has been to distance itself from the breach entirely, stating the team does not know who deployed the specific module responsible for the drain. Blockaid detected an ongoing exploit targeting the SquidRouterModule on Ethereum and Base. 86 Gnosis Safes drained for ~$3M in ~2 hours. All stolen tokens swapped to DAI via attacker-controlled Uniswap V3 pools. More details in — Blockaid (@blockaid_) May 25, 2026 Squid operates as a meta-DEX and chain-abstraction protocol, routing cross-chain swaps across multiple networks through aggregated liquidity layers. The $6M raise was positioned as a catalyst for expanding that interoperability infrastructure, with Ripple’s involvement framed as a strategic alignment with its broader cross-chain and payments roadmap. That narrative collapsed inside a single news cycle. Source: Cryptorank Discover: The Best Crypto to Diversify Your Portfolio Ripple News: How the Squid Crypto Exploit Worked: The Third-Party Module Vulnerability The attack vector was a peripheral liquidity aggregation module that Squid had recently integrated to facilitate cross-chain swap routing, a component sitting outside the protocol’s audited core contract suite. The attacker exploited manipulated price feeds or misconfigured access permissions within this module to siphon assets directly, bypassing the security controls that governed Squid’s primary contracts. Drain Tx / Source: Etherscan This is a structural pattern that has surfaced repeatedly across DeFi exploit history: audits cover submitted components, not the full dependency tree. The module in question was a third-party integration layer, meaning its trust assumptions, permission logic, and oracle dependencies were never subjected to the same scrutiny as Squid’s native code. This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable… https://t.co/I3gGmdBvE9 — squid (@squidrouter) May 25, 2026 Squid Router’s ResponseSquid Router quickly issued a statement distancing itself from the exploit. The team clarified that the drained funds came from a third-party Gnosis Safe module called SquidRouterModule, which was neither built, deployed, nor operated by them. They emphasized that their core router contract remained unaffected and that all standard Squid users and integrators were safe. The team noted the module had integrated with Squid alongside other protocols without any direct involvement from Squid, and urged the community to avoid conflating the two due to similar naming. No action was required from Squid users. Discover: The Best Token Presales The post Ripple News: Squid Raised $6 Million With Ripple Backing, Then Lost Half of It to a Hack Less Than 24 Hours Later appeared first on Cryptonews .
26 May 2026, 13:57
Scammers exploit Google Ads route to steal $400K+ from Uniswap users

Fraudsters have successfully stolen $400,000+ by using sponsored Google ads to push fake websites ahead of the real platform. The scam is designed so that anyone searching for Uniswap on Google sees the false ad first. Users who have clicked the near-clones of Uniswap’s interface, connected their wallets, and approved just one transaction have lost everything. How the Uniswap phishing op bypassed Google’s safeguards As reported by Cryptopolitan , scammers managed to secure Google Ads slots for the keyword “Uniswap” and placed fraudulent websites as the top sponsored results. The phishing pages perfectly mimicked the UI of the legitimate site with deceptive URLs that appeared quite credible at first glance. ⚠️ALERT: $400K+ STOLEN: Scammers are buying @GoogleAds to rank FAKE @Uniswap sites ABOVE the real one When you search "Uniswap" – the TOP results are now phishing traps designed to drain your wallet @Google phishing attacks have EXPLODED since March according to onchain… pic.twitter.com/Jczz0nRSZ6 — Cryptopolitan (@CPOfficialtx) May 26, 2026 Sometimes, the fake copies were hosted on subdomains such as sites.google.com. The scammers avoided automatic moderation by using a valid URL in the ad preview and loading malware through a hidden secondary iframe. This was not caught by any Google verification tools. The traffic was then redirected to the servers of the attackers. Once the users logged into their wallets and confirmed the transaction, the fund drainer contract withdrew all tokens in a single irreversible blockchain operation. Sadly, the hardware wallet did not provide any protection since the malicious code was signed by the victims. According to blockchain data , two addresses held 146 ETH, valued at about $306,000 at the time of reporting. According to the Security Alliance (SEAL), there was a surge in Google phishing attacks with duplicate ads from March 13 to March 30, 2026. This led to the blocking of more than 356 malicious URLs, resulting in a total loss of $1.27 million. The phishing campaign has been around for over a year, with hackers moving to new domains after each takedown. In January 2026, over $370 million was lost due to crypto scams and exploits. Crypto traders struggle with verification tools The first community alert about the scam was shared by on-chain analyst b-block on May 25, 2026. The attacker’s web addresses and wallet addresses were identified, and users were advised to use only the official URLs for transactions and to cross-check them using DeFiLlama. The founder of Web3 marketing, Stacy Muur , highlighted the concern, saying, “It is insane that Google has been ignoring this problem for so long when fake links keep pushing real links, and users get drained.” To address this problem, DeFiLlama offered its LlamaSearch product, which maintains thousands of secure crypto web domains, as a Chrome extension and at search.defillama.com . Hayden Adams, the creator of Uniswap, has responded directly to this concern on X, and it is more about placing the blame on search engine platforms rather than on end users. Uniswap’s Hayden Adam calls for the end of the ad economy. Source: X According to analysts, the solution does not exist, as Google benefits from ad revenue but fails to be proactive in moderating such promotions. The community suggests three ways to address the situation: bookmark the legitimate Uniswap domain using its legitimate X account, avoid clicking sponsored links for any DeFi project, and validate each transaction approval. Uniswap’s expansion vote lies in wait Uniswap’s DAO has launched Proposal 96, which seeks to enable the UNIfication protocol fee collection and UNI token burn function to operate on three other highly trafficked chains—BNB Chain, Polygon, and Celo. This is in addition to the Ethereum mainnet, where it has already operated successfully since being rolled out at the end of December 2025. Vote: https://t.co/nA0bOlnmmU — Hayden Adams 🦄 (@haydenzadams) May 22, 2026 As reported by Cryptopolitan, Proposition 96, known as “Protocol Fee Expansion: Vote 3,” leverages the streamlined governance process set forth in the context of UNIfication. The proposal does not follow the request-for-comment (RFC) process; instead, it skips the 5-day snapshot vote and goes straight to an on-chain vote. Upon acceptance, the updates will be implemented using TokenJar contracts to collect protocol fees from newly added chains and distribute them via Firepit contracts for burning UNIs. The new expansion will bring the number to 11, beyond Ethereum’s mainnet, where protocol fees are active. Previous expansions included those on Arbitrum, Base, OP Mainnet, Soneium, X Layer, Worldchain, Zora, and an initial (but later corrected) Celo chain. If you're reading this, you’re already ahead. Stay there with our newsletter .
26 May 2026, 12:20
StablR Halts USDR and EURR Services Following $13.5 Million Exploit

BitcoinWorld StablR Halts USDR and EURR Services Following $13.5 Million Exploit European stablecoin issuer StablR has suspended issuance and redemption services for its USDR and EURR tokens following a security breach that led to the unauthorized minting of approximately $13.5 million in uncollateralized tokens. The incident, which occurred yesterday, has raised fresh concerns about the security of multi-signature wallet configurations in the rapidly evolving stablecoin market. The Exploit and Immediate Aftermath According to on-chain analyst ZachXBT and blockchain security firm GoPlus, the attacker exploited a vulnerability in StablR’s 1-of-3 multisig setup. By gaining administrative privileges through a single compromised key, the attacker was able to mint approximately 8.35 million USDR and 4.5 million EURR without proper collateral backing. The exploit caused an immediate and severe market reaction. Both USDR and EURR depegged from their intended 1:1 value by as much as 50%. At the time of reporting, EURR was trading at approximately $0.548, well below its parity target. The depegging highlights the fragility of stablecoin mechanisms when the underlying collateral or minting controls are compromised. Regulatory and Market Implications StablR has publicly acknowledged that its token reserves no longer meet the 1:1 collateral ratio required under the European Union’s Markets in Crypto-Assets (MiCA) regulation. The company has formally requested that exchanges halt trading and suspend deposits and withdrawals for both affected tokens. This situation serves as a critical test case for MiCA’s enforcement mechanisms, as regulators now face the challenge of overseeing a post-exploit recovery while protecting consumer interests. The incident also underscores a broader vulnerability in the crypto industry: the reliance on multi-signature wallets for critical administrative functions. While multisig setups are generally considered more secure than single-key systems, the 1-of-3 configuration—where only one key is needed to authorize transactions—offers minimal protection against a single point of failure. Security experts have long warned that such configurations are dangerously centralized in practice. What This Means for Stablecoin Users For holders of USDR and EURR, the immediate concern is the potential for significant financial loss. The depegging has already resulted in a 50% reduction in value for those unable to exit their positions before trading was suspended. Furthermore, the suspension of redemption services means that even at the depegged price, liquidity is effectively frozen. This event serves as a reminder that stablecoins are only as reliable as the security infrastructure supporting them. Users should scrutinize the custody and administrative control mechanisms of any stablecoin they hold, particularly those with non-standard multisig configurations. The incident may accelerate calls for stricter security audits and mandatory insurance coverage for stablecoin issuers operating under regulatory frameworks like MiCA. Conclusion The StablR hack is a significant event in the European crypto landscape, exposing critical weaknesses in stablecoin operational security and regulatory compliance. As investigations continue and recovery efforts unfold, the industry will be watching closely to see how MiCA responds to this first major test. For now, the priority for StablR is to secure its systems, assess the full extent of the damage, and work with regulators and exchanges to chart a path forward for affected token holders. FAQs Q1: How did the StablR hack happen? A1: The attacker exploited a 1-of-3 multisig vulnerability, meaning only one of three authorized keys was needed to gain administrative control. This allowed the attacker to mint uncollateralized tokens. Q2: What is the current status of USDR and EURR tokens? A2: Both tokens have depegged by approximately 50%. StablR has suspended issuance and redemption services and has asked exchanges to halt trading and suspend deposits and withdrawals. Q3: Does this affect StablR’s compliance with MiCA regulations? A3: Yes. StablR has stated that its token reserves no longer meet the 1:1 collateral ratio required under MiCA. The company is working with regulators to address the situation. This post StablR Halts USDR and EURR Services Following $13.5 Million Exploit first appeared on BitcoinWorld .
26 May 2026, 11:05
Nine Wallets Hold Decisive Power Over Polymarket Dispute Outcomes, Report Finds

BitcoinWorld Nine Wallets Hold Decisive Power Over Polymarket Dispute Outcomes, Report Finds A concentrated group of just nine wallets controls the majority of voting power in the UMA oracle system, which settles disputes on the prediction market Polymarket, according to a Bloomberg report. This small cluster effectively holds the final say on the outcome of high-stakes bets, raising serious questions about fairness and decentralization on one of the industry’s most prominent platforms. How a Handful of Wallets Steers the System The UMA oracle system is designed to resolve disagreements over market outcomes by relying on a decentralized vote among token holders. However, an analysis of more than 6,400 addresses that have participated in votes over the past three years reveals a stark concentration of power. Just nine wallets account for half of the total voting power, and these same wallets have been on the winning side of nearly every dispute they participated in. In April 2026 alone, approximately 230 contracts with a combined trading volume exceeding $1 billion were sent to dispute resolution. In every single case, the outcome was determined by this small minority. The system’s design incentivizes voters to align with the expected majority rather than with objective factual truth, creating a structural vulnerability that can be exploited. The Conflict of Interest at the Core The most troubling implication of this concentration is the potential for a direct conflict of interest. Large-scale investors, or ‘whales,’ can place significant bets on a particular market outcome while simultaneously wielding the voting power to steer the final judgment in their favor. This creates a scenario where the entity resolving the dispute may also be the one with the most to gain from a particular result. Risk Labs, the organization that operates both Polymarket and UMA, had previously committed to reforming the governance process to address these concerns. According to the Bloomberg report, those plans are now on indefinite hold, leaving the platform’s dispute resolution mechanism in its current, highly centralized state. Why This Matters for Users and the Market For everyday users of Polymarket, this concentration of power undermines the fundamental promise of decentralized, trustless betting. If a small group can effectively determine the outcome of disputes, the platform’s integrity is compromised. This could lead to a loss of user confidence, reduced participation, and potential regulatory scrutiny. The situation also highlights a broader challenge in the DeFi space: the tension between the ideal of decentralization and the practical reality of concentrated token ownership. Conclusion The Bloomberg report serves as a critical case study in the governance risks inherent in many decentralized systems. While Polymarket and UMA have grown rapidly, the concentration of dispute resolution power in just nine wallets represents a fundamental flaw that the platform’s operators have yet to address. Until meaningful governance reforms are implemented, the platform remains vulnerable to manipulation by a small, powerful minority, a fact that users and regulators alike are likely to scrutinize closely. FAQs Q1: What is the UMA oracle system and why does it matter for Polymarket? The UMA oracle is a decentralized voting mechanism used to settle disputes on Polymarket when users disagree on the outcome of a bet. Token holders vote on the correct outcome, and the majority vote determines the final result. Its importance lies in its role as the final arbiter of truth on the platform. Q2: How can a small group of whales influence dispute outcomes? Because the UMA system is based on token-weighted voting, wallets holding large amounts of UMA tokens have proportionally more influence. The report found that just nine wallets control half of the total voting power, allowing them to consistently determine the outcome of disputes, especially when they coordinate or vote as a bloc. Q3: What are the potential consequences for Polymarket users? If whales can manipulate dispute outcomes to favor their own bets, ordinary users may face unfair losses. This erodes trust in the platform, potentially leading to lower trading volumes, user attrition, and increased attention from regulators concerned about market integrity and consumer protection. This post Nine Wallets Hold Decisive Power Over Polymarket Dispute Outcomes, Report Finds first appeared on BitcoinWorld .
26 May 2026, 08:30
Squid Clarifies Role After $3.2M Gnosis Safe Exploit

The project clarified that the vulnerable contract was not built, deployed, or operated by Squid, despite early reports linking the exploit to its protocol. According to the team, the compromised module independently integrated with Squid among other protocols, while Squid’s core router infrastructure was unaffected throughout the attack. Gnosis Safe Exploit Drains $3.2M A third-party module connected to the Gnosis Safe ecosystem was exploited across the Ethereum and Base networks, which resulted in approximately $3.2 million being drained from 86 different Safes in a matter of two hours. Blockchain security firms Blockaid and PeckShield were among the first to report details surrounding the incident. The vulnerable contract was verified on Basescan under the name “SquidRouterModule,” which initially led to confusion due to its association with Squid. However, Squid quickly clarified that the contract was not built, deployed, or operated by the project itself. Pseudonymous Squid co-founder Fig stated in a post on X that the compromised module was unrelated to Squid’s core infrastructure. According to the team, the protocol’s main router architecture stayed completely separate and was not affected by the exploit at all. The attack was reportedly made possible because the module accepted a caller-supplied constant string as proof that a transaction message was secure. By passing this value, attackers were allegedly able to bypass signature verification mechanisms and execute arbitrary call data from victim wallets. Squid explained that this flaw effectively gave attackers the ability to spend tokens held in affected Safes without requiring legitimate wallet approvals. Security researchers said the exploit relied on Foundry-based exploit contracts that targeted the module’s DelegateBundler execution path. According to Blockaid , the attackers impersonated authorized delegates tied to each Safe and initiated arbitrary token swaps through Uniswap V3 liquidity pools. The stolen assets were converted into an attacker-created worthless token known as “u” through specially seeded liquidity pools controlled by the exploiter. After routing the assets through these pools, the attacker reportedly removed liquidity and consolidated the proceeds into approximately 3.07 million DAI. PeckShield stated that the funds are currently being held in a wallet beginning with “0xa447...54859.” Squid criticized early public reporting that incorrectly connected the exploit directly to its protocol. The team explained that the vulnerable contract merely shared the Squid name and independently integrated with several protocols, including Squid, without direct involvement from the project itself.










































