News
22 May 2026, 18:21
Verus Bridge Exploiter Returns $8.5M, Keeps $2.8M as Bounty Reward

The exploiter who drained the Verus-Ethereum bridge of over $11 million has returned $8.5 million to the project’s team, while keeping $2.8 million as a white-hat bounty. This comes barely a day after the Verus community and its developers offered the reward in exchange for the hacker meeting a set of terms. Hacker Accepts $2.8 Million Bounty The incident took place on May 17, with the hacker taking advantage of a missing validation step on one of its cross-chain bridge contracts, which allowed them to drain approximately 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Following the hack, the project’s team decided to stop its block-producing nodes to prevent further transfers and issued an emergency patch. Verus later said on social media that it was offering the Ethereum bridge exploiter a 1,350 ETH bounty in exchange for returning 4,052 ETH within 24 hours, adding that it would stop any investigations and not pursue charges if the conditions were met. “If you return a total of 4052.4 ETH to the address 0xF9AB…C1A74 within 24 hours specified above, we will understand that as your agreement to these terms, and we will uphold our stated agreement to cease further investigation of you,” wrote the team. Blockchain security firm PeckShieldAlerts has since reported that the hacker transferred 4,052 ETH back to the team’s address, recovering 75% of the stolen funds while retaining a 25% bounty of 1.350 ETH. However, Verus has yet to issue a formal acknowledgment of the recovery on their platforms as stipulated in their initial statement. Developer Flags Possible AI Use in Hack The update comes as the crypto sector is dealing with a rise in the number of bridge exploits, with the Verus incident being the eighth of this kind this year. According to PeckShield, attackers have made off with a total of $328.6 million from several cross-chain protocols like THORchain, ZetaChain, KelpDAO, HyperBridge, CrossCurve, Squid Router, and IoTeX.io as of Mid-May. But the Verus case is notable because the complexity of the exploit suggests hackers are using AI to help execute it. The protocol’s lead developer, Mike Toutonghi, explained in an article how the technology might have helped them understand the system’s rules closely enough to design transactions that bypassed checks and tricked the Ethereum contract into accepting the malicious cross-chain transfer. Elsewhere, Vitalik Buterin shared insights on how AI can still be used to strengthen security instead of breaking it. Responding to community concerns about the technology creating non-stop exploitation opportunities, the Ethereum co-founder countered by saying that AI-assisted formal verification could be used as a strong defense against security failures in the crypto industry. The post Verus Bridge Exploiter Returns $8.5M, Keeps $2.8M as Bounty Reward appeared first on CryptoPotato .
22 May 2026, 18:15
U.S. House Committee on Oversight and Government Reform is probing Polymarket and Kalshi over suspected insider trading

The House Committee on Oversight and Government Reform is probing Polymarket and Kalshi over alleged insider trading. Committee Chair James Comer notes that internal records held by prediction markets are the only means to identify and determine platform compliance. The congressional probe focuses on whether traders on prediction markets exploit nonpublic, classified government data to profit from event contracts. Chairman Comer announced the investigation on CNBC’s “Squawk Box.” He also revealed that formal information request letters have been sent to Polymarket CEO Shayne Coplan and Kalshi CEO Tarek Mansour. The House Oversight Committee has mentioned several suspicious trading incidents, including allegations that a U.S. Army sergeant used classified information to earn $409,000 in profits on Polymarket. Additionally, Kalshi recently penalized three congressional candidates for betting on their own electoral races. Mark Moran, Matt Klein, and Ezekiel Enriquez were slapped with 5-year bans and fines. Kalshi’s move is proof that prediction markets can regulate their own platforms. However, the committee demands that both Kalshi and Polymarket submit internal documents and compliance data regarding user verification, geographic restrictions, and surveillance systems to help detect insider trading. Kalshi supports ban on Congress members from trading Kalshi explained in a May 20 statement that it had taken the enforcement action after launching new safety measures. Kalshi executives and board members have publicly supported legislation that would ban members of Congress from trading. The move aligns the platform with the Oversight Committee’s objectives rather than fighting them. Kalshi also emphasizes that it employs a dedicated surveillance team of about 20 people to monitor for manipulation. It also employs “Know Your Customer” (KYC) checks to screen out government officials. The platform is likely to present these data points in its June 5 submission. Polymarket is also responding by using technology to promise sweeping transparency that traditional markets cannot match. The platform recently partnered with Chainalysis to directly counter claims of insider trading. The partnership aims to scan transactions in real time and flag potential insider activity (especially from whales). Polymarket creates a digital paper trail that can be shared with regulators. Polymarket’s response to the House Oversight Committee’s document request also emphasizes that all its transactions are publicly available on the blockchain. However, although the platform may lack the traditional internal memos Comer requested, it can offer a complete ledger of every trade ever made. That offers more visibility than traditional finance. Comer emphasizes that Congressional action may be necessary House Oversight Committee Chair James Comer emphasizes that Congressional action may be necessary due to increasing insider trading activity on prediction markets. Elizabeth Diana, Kalshi’s head of communications, recently stated that prediction platforms are looking forward to engaging with the Committee and its members about systems and processes that have been built over the years. “Specifically, we are examining the adequacy of company safeguards to prevent access to offshore sites to circumvent compliance with applicable U.S. federal regulations governing prediction market platforms…The Committee requests documents and information to better understand how [Polymarket and Kalshi] implement identity verification for domestic and international account holders…” James Comer , Chairman of the House Oversight Committee A recent investigation by the New York Times has revealed that over 80 Polymarket users placed suspiciously timed wagers. There are also rumors of exact betting ahead of military strikes. Some of the bets were made hours before the U.S.-Israeli military operations against Iran happened. These bets are worrying because safety across prediction markets may not be sufficient. Chairman Comer has also noted that the growth of these platforms may have accidentally created conditions that bad actors can exploit. The focus is on individuals with national security clearance. The rapid global expansion of these prediction markets is also concerning because internationally placed event contracts may not be subject to the same identity verification and insider trading bans as domestic event contracts. Comer points out that bipartisan members of Congress have introduced bills that they intend to use to rein in prediction markets. A letter from seven Democratic lawmakers, led by Rep. Chris Pappas of New Hampshire, also calls on the Oversight Committee chair to subpoena the prediction platforms. The American public has a legitimate interest in knowing whether individuals entrusted with classified national security information can use that access for personal financial gain. The smartest crypto minds already read our newsletter. Want in? Join them .
22 May 2026, 15:10
Glassnode Maps Bitcoin’s Quantum Vulnerability, Reveals Massive Exposure

Glassnode researchers explained in a new report that quantum computers raise the question of Bitcoin security: ‘Which coins are exposed at rest?’
22 May 2026, 15:09
THORChain network restart goes to the polls as node operators vote on ADR028

THORChain has opened a governance vote for node operators on its path to restarting operations after the May 15 exploit that drained approximately $10.7 million from a single vault. The proposal, which was called ADR-028 lays out how the network would absorb losses and resume operations. Which vulnerabilities led to the THORChain exploit? A malicious actor had reportedly joined the network as a node operator two days before the attack. They then went on to exploit a flaw in THORChain’s GG20 threshold signature scheme (TSS), a cryptographic system that distributes vault key control across multiple independent nodes so no single operator ever holds the full private key. Only one out of five vaults was affected, with security firm PeckShieldAlert estimating the haul at roughly $10 million, which was split between 36.75 BTC (around $3 million at the time) and approximately $7 million in assets across Ethereum, BNB Chain, and Base. THORChain’s own post-incident analysis put the figure at $10.7 million. The protocol stated that the attack was spotted within minutes and chain-level trading halts were triggered with node operators staking manual pauses through its governance system, leading to total lockdown of the network within roughly two hours of the alarm. RUNE, THORChain’s native token, dropped more than 21% in the days following the breach. It currently trades around $0.44 according to CoinMarketCap data . What does ADR-028 propose? ADR-028 was published by THORChain on GitLab with a vote opening for node operators. The protocol’s post on X stated the recovery plan would have THORChain “absorb the loss first through Protocol-Owned Liquidity,” adding that the rest of the loss would be spread across synth holders. This means that the protocol-owned liquidity will be reduced to zero, and THORChain states that “the ADR proposes to redirect a portion of system income to replenish it over time.” It stated that GG20 has been patched and upgraded, adding that nodes that are not linked to the attacker but affected by it due to being in the same vault would not be slashed. It also proposes that the attacker be offered 10% of the bounty to return the funds. On GitLab, a commenter using the handle gave their feedback on the proposal, raising two points. One of them was to strip the attacker bounty section from the ADR, stating that it should be handled through forensics and law enforcement. The second point pushed for a permanent allocation of system revenue toward external security audits, adversarial review of the TSS layer, and a funded bug bounty program with release gates tied to it. “As written, the plan rebuilds one vault’s liquidity but does not yet fund anything against recurrence,” the commenter wrote on the GitLab snippet. “Worth fixing the cause alongside the balance sheet.” The attacker’s trail Blockchain analytics firm Chainalysis published on-chain evidence on May 16 connecting the attacker to wallets that were funded weeks before the theft. The firm traced the attacker’s movements through Monero, Hyperliquid, and THORChain itself. One wallet deposited XMR through a Hyperliquid-Monero privacy bridge in late April, swapped the resulting position for USDC, then withdrew to Arbitrum and bridged to Ethereum. An intermediary then forwarded 8 ETH into the attacker’s receiving wallet just 43 minutes before stolen funds arrived, per Chainalysis. What will happen to THORChain now? The node operator’s vote on ADR-028 will determine whether THORChain restarts under the proposed recovery framework or requires further revisions. THORChain had already identified a more modern signature scheme called DKLS as its long-term replacement for GG20 and had engaged Silence Labs in November 2025 to build a custom implementation, with delivery targeted for Q1 or Q2 2026, according to the exploit report. If you're reading this, you’re already ahead. Stay there with our newsletter .
22 May 2026, 15:04
Polymarket Suffers $700K Breach After Internal Admin Wallet is Compromised

Blockchain investigator ZachXBT first pointed to a possible hack, indicating that $520K were drained so far. Polymarket acknowledged the security event and stressed that it was taking action after the compromise of an alleged private key, explaining that user funds were safe. Polymarket Faces Security Event: No User Funds Affected Polymarket, one of the largest
22 May 2026, 14:43
Polymarket Hit by $520K Exploit and House Probe; Binance Disputes Iran Report

Crypto News The House Oversight Committee opened a formal investigation Friday into prediction-market giants Kalshi and Polymarket, citing concerns over insider trading and wagers placed on classif...














































