hodler

31 Jan 2026, 18:22

Solana DeFi platform step finance hit by $27 million treasury hack as token price craters

The platform's governance token (STEP) plummeted over 80% following the announcement amid a wider crypto market drawdown.

31 Jan 2026, 11:57

Scam Alert: Ethereum Whales Lose Millions to Copy-Paste Error

An Ethereum whale has suffered a massive loss with millions drained in a rare address poisoning exploit.

31 Jan 2026, 11:07

Crypto trader loses over $12 million in ‘painful’ mistake

A cryptocurrency trader has lost more than $12 million worth of Ethereum ( ETH ) after mistakenly sending funds to a fraudulent wallet address, in what blockchain data suggests was a successful address-poisoning attack. On-chain records show the victim address, identified as 0xd674, had an established pattern of transferring large sums of ETH to a Galaxy Digital deposit wallet, according to insights shared by Lookonchain on January 31. A victim (0xd674) lost 4556 $ETH ($12.4M) due to a copy-paste address mistake. Victim 0xd674 frequently transfers funds to Galaxy Digital via 0x6D90CC…dD2E48. The attacker generated a poison address with the same first and last 4 characters as Galaxy Digital's deposit address… pic.twitter.com/oXI3exESzE — Lookonchain (@lookonchain) January 31, 2026 This repeated behavior appears to have been exploited by an attacker who generated a malicious address designed to closely resemble Galaxy Digital’s legitimate deposit address, matching the same opening and closing characters. Transaction history indicates the attacker repeatedly sent small-value transfers to the victim’s wallet over time. To this end, the dust transactions caused the poisoned address to appear alongside legitimate destinations in the wallet’s recent activity, increasing the likelihood of confusion during future transfers. Approximately 11 hours before the loss was detected, the trader initiated another Ethereum transfer intended for Galaxy Digital. Failure to verify address Instead of manually verifying the destination, the address was copied directly from the transaction history. As a result, 4,556 ETH, valued at around $12.4 million at the time of the transaction, was sent to the attacker-controlled wallet. Notably, the transfer was executed in a single outbound transaction, with the funds leaving the victim’s wallet immediately and no subsequent corrective transactions recorded. The poisoned address successfully received the Ethereum, and there has been no indication of recovery efforts or fund reversal, consistent with the irreversible nature of blockchain settlements. Overall, the incident highlights the growing prevalence of address-poisoning attacks, where malicious actors exploit visual similarities in wallet addresses rather than vulnerabilities in smart contracts or protocols. Such attacks rely on user error rather than technical exploits, making even experienced traders vulnerable when handling high-value transfers. Featured image via Shutterstock The post Crypto trader loses over $12 million in ‘painful’ mistake appeared first on Finbold .

31 Jan 2026, 10:30

Flow burns 87.4B counterfeit tokens tied to December $3.9M breach

The Flow Foundation has confirmed the permanent, onchain destruction of 87.4 billion counterfeit FLOW tokens. The project regarded the token burn as the final step in the remediation process that began in response to the security incident from December 27 and was executed by the Community Governance Council. Flow commits to moving on from December hack An official post from the Flow Foundation confirmed the permanent destruction of the counterfeit $FLOW tokens. The burning of the counterfeit tokens completely removes all seized counterfeits from circulation and completes the final mechanical step of Flow’s isolated recovery plan as outlined in the December technical post-mortem . Network operations returned to normal after validators deployed a security patch within 24 hours of the incident, complete with extra security safeguards implemented across the protocol to prevent a repeat of such in the future. As for exchange and infrastructure services, those continue to be restored through active coordination with partners. The post claims Kraken, Gate, and Coinbase have already fully resumed $FLOW deposits and withdrawals, while additional exchange services are completing reconciliation processes and are expected to resume imminently. The network is also back to full operational health, with ongoing ecosystem activity back to over 3 million transactions in a single week. Its core DeFi protocols too are fully operational, and developer activity as well as protocol deployments have returned to pre-incident levels. Now that the security remediation is complete, Flow turns its attention to continued ecosystem growth and product development. The network’s recent protocol upgrades introduce ongoing deflationary pressures via transaction fee mechanisms, aligning tokenomics with long-term network sustainability. Flow takes steps to avoid repeat exploit The Flow network experienced an exploit in December 2025 when a hacker capitalized on a type confusion vulnerability in the Cadence runtime. This allowed them to create counterfeit tokens without minting new ones or draining user wallets. No legitimate user balances were compromised as a result, but the hacker was able to bridge out and realize about $3.9M in value using venues like Celer and deBridge, before validators halted the network. The hacker would have gotten away with far more; the total duplicated supply was around 88B FLOW, with over a billion tokens moved to centralized exchanges. Thanks to the prompt response from cooperative exchanges, the larger volumes of counterfeit tokens were contained. The remaining were isolated onchain via restrictions and the Isolated Recovery Plan. The plan was chosen over a full chain rollback, which faced significant pushback as it would not preserve history or minimize disruption to bridges/exchanges, as reported by Cryptopolitan. The Foundation has committed to several guarantees to strengthen network security and resilience to prevent a repeat in the future. These guarantees have seen runtime type validation boundaries hardened and covered by regression tests, while supply anomaly detection and execution-layer monitoring were expanded to surface similar conditions earlier. Elevated recovery permissions for the Community Governance Council introduced during remediation will reportedly be revoked following completion of all recovery phases. There has also been a review of the bug-bounty program, which led to an increase in rewards to align more closely with the increased TVL. The Foundation has also decided to enhance the security procedure to provide timely and accurate communication with all partners and establish feedback channels early on. Lastly, the Foundation will ensure that future incident responses clearly distinguish between proposals under consideration and finalized decisions. A process to align with all stakeholders and converge on a decision. If you're reading this, you’re already ahead. Stay there with our newsletter .

31 Jan 2026, 09:15

OFAC targets crypto platforms tied to Iran-linked exchanges

The United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has designated two cryptocurrency exchanges registered in the United Kingdom for operating in Iran’s financial sector. According to the agency, both exchanges have been aiding the country by processing its crypto transactions. The detailed report from the OFAC revealed that the exchanges, Zedcex Exchange Ltd. and Zedxion Exchange Ltd., have also been providing several financial services to the Islamic Revolutionary Guard Corps ( IRGC ). The action marks the first time that OFAC has specifically designated crypto exchanges for operating in the financial sector of Iran. According to the agency, the platforms have carried out significant volumes of transactions for the IRGC. OFAC designates exchanges linked to Iran’s financial operations In the report shared by Chainalysis, Zedcex Exchange was registered in August 2022, and the exchange has reportedly processed more than $94 billion in transactions since it was established. On the other hand, Zedxion Exchange, which was registered in May 2021, initially had Iranian businessman Babak Morteza Zanjani listed as one of its directors. Both exchanges appear to be part of a network helping the country evade sanctions. In addition, the network has also been fingered as the main avenue where funds are laundered for Iranian state interests, especially the IRGC. The connection between the exchanges and Babak Morteza Zanjani also provides another interesting angle to the OFAC action. In 2013, he was designated by the OFAC for acting as a financial facilitator for the IRGC, but was delisted under Joint Comprehensive Plan of Action (JCPOA)-related designation removals in 2016. In 2016, Zanjani was sentenced to death in Iran for embezzling billions of dollars from Iran’s National Oil Company. However, his sentence was reduced in 2024, and by the following year, he was back as a financial backer of one of Iran’s largest railway investments. OFAC describes him as an “Iranian businessman and sanctions evader.” They claimed he was active in multiple sectors, including hospitality, transportation, technology, financial services, and oil exports. OFAC also claimed that his connection to the designated crypto exchanges establishes a pattern of a network of operations attempting to use digital assets to evade sanctions. Speaking about the update, Secretary of the Treasury Scott Bessent noted the Iranian regime’s use of digital assets to evade sanctions. “Like rats on a sinking ship, the regime is frantically wiring funds stolen from Iranian families to banks and financial institutions around the world,” he added. Who and what were designated by OFAC? In its designation of Zedcex Exchange, OFAC included seven Tron addresses, which interestingly overlapped with wallets identified by Israel’s NBCTF in September 2025 as controlled by the IRGC. The OFAC action is a move against a growing pattern of Iranian state actors and their affiliates using digital assets to evade sanctions and carry out illicit activities. In the past few years, OFAC has designated several individuals linked with the country involved in crypto-related sanctions evasion. The designation of the exchanges is part of a broader action targeting Iranian officials responsible for human rights abuses. OFAC also designated six Iranian officials associated with the IRGC and Law Enforcement Forces (LEF) for their roles in the violent suppression of protesters. These individuals include Minister of Interior Eskandar Momeni Kalagari, who is in charge of the LEF and multiple IRGC commanders responsible for provinces where security officials killed protesters, including children. The action from OFAC introduces new compliance considerations for crypto businesses globally. The designation of exchanges registered in the UK with ties to Iran shows the importance of proper know-your-customer (KYC) procedures, improved transaction monitoring, especially when dealing with exchanges with exposure to illicit wallets. Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.

31 Jan 2026, 00:40

The DAO’s Remarkable Return: $220M Pledge to Fortify Ethereum Security After a Decade

BitcoinWorld The DAO’s Remarkable Return: $220M Pledge to Fortify Ethereum Security After a Decade In a stunning development for the cryptocurrency world, The DAO—the infamous decentralized autonomous organization whose 2016 collapse fundamentally reshaped Ethereum—has announced a dramatic return. A decade after the hack that led to Ethereum’s historic hard fork, the project now pledges over $220 million to bolster the very network it once threatened. This extraordinary move, revealed by spokesperson Griff Green, aims to transform dormant assets from the past into a powerful security fund for Ethereum’s future. The initiative seeks to establish Ethereum as a resilient cornerstone of global finance. The DAO’s Return and Its $220M Security Mission According to reports from DL News, crypto entrepreneur Griff Green officially announced the return of The DAO. Significantly, the project now operates as The DAO Security Fund. This fund controls a substantial treasury of over 75,000 ETH, valued at approximately $220 million. These assets originate from a unique and poignant source: unclaimed funds belonging to investors who never recovered their Ethereum after the 2016 exploit. Consequently, the fund’s custodians have devised a forward-thinking strategy. They plan to stake this massive ETH holding to generate consistent yield. Subsequently, they will reinvest the returns directly into projects and initiatives that enhance the overall security of the Ethereum ecosystem. This plan represents a profound shift in narrative. Essentially, resources frozen in time by one of crypto’s greatest crises will now actively fund its defense. The stated goal is unambiguous. The DAO Security Fund intends to help fortify Ethereum against future threats. Moreover, it aims to support the network’s maturation into reliable, global financial infrastructure. This move has immediately sparked intense discussion across blockchain forums and social media. Many veterans recall the original saga with vivid clarity. Ethereum’s Defining Crisis: The 2016 Hack and Hard Fork To understand the magnitude of this return, one must revisit the pivotal summer of 2016. The DAO launched as a groundbreaking experiment in decentralized venture capital. It quickly raised an unprecedented 12.7 million ETH, worth about $150 million at the time. However, a critical vulnerability in its smart contract code allowed an attacker to drain roughly one-third of its funds. This event triggered a monumental crisis for the fledgling Ethereum community. The community faced a brutal dilemma. Leaders could accept the theft and allow the attacker to keep the funds, upholding the “code is law” principle. Alternatively, they could intervene by rewriting the blockchain’s history. After a fierce and divisive debate, the majority chose intervention. Therefore, in July 2016, Ethereum executed a contentious hard fork. This technical maneuver effectively reversed the hack and returned the stolen ETH to original investors. Nonetheless, a minority faction rejected this fork, arguing it violated blockchain immutability. They continued on the original chain, creating Ethereum Classic (ETC). This schism remains a foundational chapter in crypto history. The Hard Fork: Created two separate blockchains: Ethereum (ETH) and Ethereum Classic (ETC). Immutability Debate: Forced the ecosystem to confront the tension between principle and pragmatism. Investor Aftermath: Many investors received refunds, but a portion of ETH remained unclaimed in recovery contracts. From Crisis to Catalyst: Ethereum’s Post-DAO Evolution The hard fork, while controversial, ultimately allowed Ethereum to survive and thrive. The returned capital helped fuel the subsequent Initial Coin Offering (ICO) boom of 2017. Furthermore, the crisis served as a brutal but effective lesson in smart contract security. It spurred the creation of more rigorous auditing practices and formal verification tools. Over the following decade, Ethereum evolved from a simple smart contract platform into the backbone of decentralized finance (DeFi) and non-fungible tokens (NFTs). Its market capitalization soared into the hundreds of billions. Now, The DAO’s return with a security-focused mandate brings the story full circle. The funds that once caused instability are being mobilized to prevent it. Mechanics of the DAO Security Fund: Staking and Reinvestment The operational plan for The DAO Security Fund leverages Ethereum’s modern proof-of-stake consensus mechanism. Staking involves locking up ETH to help validate transactions and secure the network. In return, stakers earn rewards, typically ranging from 3-5% annually. For a fund of 75,000 ETH, this generates a substantial yearly yield—potentially thousands of ETH worth millions of dollars. Projected Annual Yield from The DAO Security Fund (Approximate) Total ETH ETH Value (Approx.) Annual Staking Reward (at 4%) Annual Value (Approx.) 75,000 ETH $220 Million 3,000 ETH $8.8 Million Griff Green’s announcement specifies that these rewards will not be distributed to individuals. Instead, they will be systematically reinvested. Potential recipients include security auditing firms, bug bounty programs, core protocol development teams, and educational initiatives. This creates a sustainable, self-funding engine for ecosystem security. Importantly, the fund’s governance will likely involve a decentralized structure, though specific details remain forthcoming. This approach aligns with the broader trend of decentralized autonomous organizations funding public goods within the crypto space. Expert Perspectives on the Fund’s Potential Impact Blockchain security experts note the strategic timing of this announcement. Ethereum continues to face sophisticated threats from hackers and exploiters. In 2023 alone, DeFi protocols lost over $1 billion to hacks and scams. A dedicated, well-funded security initiative is therefore a welcome development. Analysts suggest the fund could prioritize several key areas: Smart Contract Audits: Funding for comprehensive, multi-firm audits of major DeFi protocols. Client Diversity: Supporting the development of alternative execution and consensus clients to reduce systemic risk. Research Grants: Financing academic and practical research into novel cryptographic security solutions. Education: Creating resources to help developers write more secure code from the start. By providing non-dilutive funding, The DAO Security Fund can address market gaps that venture capital often overlooks. Its enduring, yield-generating model offers a promising template for long-term ecosystem stewardship. Conclusion The return of The DAO marks a remarkable moment of redemption and strategic foresight in cryptocurrency history. A decade after its collapse triggered Ethereum’s great schism, the project re-emerges not as a venture fund but as a guardian. Its pledge of $220 million to bolster Ethereum security represents a powerful commitment to the network’s resilience. By staking dormant assets and reinvesting the yields, The DAO Security Fund aims to create a perpetual engine for protection and innovation. This initiative underscores Ethereum’s continued evolution and the community’s capacity to transform past crises into future strength. Ultimately, the fund’s success will be measured by its tangible contributions to making the Ethereum network safer, more robust, and truly ready for global adoption. FAQs Q1: What exactly was The DAO in 2016? The DAO was a pioneering decentralized autonomous organization launched on Ethereum. It functioned as a investor-directed venture capital fund. Unfortunately, a vulnerability in its code led to a massive hack, resulting in the loss of millions of dollars worth of Ethereum and forcing a historic network split. Q2: Where is the $220 million for the new security fund coming from? The funds originate from unclaimed Ethereum that belonged to investors in the original 2016 DAO. After the hard fork refund process, a significant amount of ETH was never reclaimed. These dormant assets now form the treasury of the new DAO Security Fund. Q3: How will the DAO Security Fund actually improve Ethereum’s security? The fund plans to stake its 75,000 ETH to earn rewards. It will then reinvest those rewards (estimated at several million dollars annually) into security-focused initiatives. This includes funding for audits, bug bounties, core development, client diversity, and security research. Q4: What is the difference between Ethereum and Ethereum Classic? Ethereum (ETH) is the blockchain that resulted from the 2016 hard fork, which reversed the DAO hack. Ethereum Classic (ETC) is the original chain that continued without the fork, upholding the principle of “code is law.” They are now two separate cryptocurrencies with independent development paths. Q5: Who is managing the DAO Security Fund and how is it governed? Crypto entrepreneur Griff Green is the official spokesperson who announced the fund. While specific governance details are still emerging, such funds typically use a decentralized governance model. This likely involves token-based voting by fund participants or a designated multi-signature council of trusted community figures to decide on funding allocations. This post The DAO’s Remarkable Return: $220M Pledge to Fortify Ethereum Security After a Decade first appeared on BitcoinWorld .