hodler

30 Jan 2026, 18:29

Shiba Inu Leader Shytoshi Kusama Finally Speaks: 'Sunday Will Be Ultra Important'

Shiba Inu's lead ambassador Shytoshi Kusama has returned to social media after weeks of limited activity. The prominent figure announced plans for an extended discussion this Sunday, describing it as ”ultra important” for the community. The announcement comes after a challenging period for the Shiba Inu ecosystem. Kusama's recent activity marks his first substantial engagement on X since early December. Difficult Period for Shiba Inu The final months of 2025 tested the Shiba Inu project significantly. September brought the Shibarium hack, which resulted in financial losses for several users. The incident triggered widespread concern within the community. Questions about the project's direction dominated discussions. Community members sought clarity on recovery plans and future security measures. Kusama briefly addressed speculation about his involvement during this time. He confirmed his continued work alongside the development team. The lead ambassador maintained minimal public presence throughout this period. His silence sparked questions from community members accustomed to regular updates. Previous statements from Kusama emphasized his preference for speaking when circumstances warranted meaningful communication. Community Calls for Transparency X user Ruggrat publicly addressed Kusama's absence in a recent post. The message called for increased transparency and regular communication with the Shiba Inu community. Ruggrat referenced the recent challenges facing the ecosystem. The user stressed the need for steady leadership during difficult times. ”In moments like this, even a few grounded words of leadership matter so much: clarity, encouragement, accountability, a calm path forward,” Ruggrat wrote. Kusama responded with a cryptic message about strategy. ”Sometimes silence is a weapon for quiet war,” he stated. He directed attention toward Sunday as a significant date for the community. His response included an analogy about addressing issues methodically. ”One bandage. Take off. Fix. Put on. One at a time,” Kusama added. The statement suggested a systematic approach to resolving current challenges.

30 Jan 2026, 18:25

Address Poisoning Attack: Devastating $12.3M Ethereum Theft Exposes Critical Crypto Vulnerability

BitcoinWorld Address Poisoning Attack: Devastating $12.3M Ethereum Theft Exposes Critical Crypto Vulnerability A sophisticated address poisoning attack has resulted in a catastrophic loss of $12.3 million in Ethereum (ETH), starkly revealing the persistent and evolving threats within the cryptocurrency ecosystem. Blockchain security firm Cyvers Alerts reported this major theft on social media platform X, detailing how a single user was meticulously tricked into sending a fortune to a fraudulent, look-alike wallet address. This incident underscores the critical need for enhanced vigilance and security protocols for all digital asset holders. Anatomy of the $12.3M Address Poisoning Attack On-chain data reveals a carefully executed scam. The victim intended to transfer funds to a legitimate address beginning with the characters `0x6D90CC8C`. However, a malicious actor had previously sent a tiny, worthless transaction from a poison address starting with `0x6d9052b2`. This tactic, known as address poisoning, relies on creating confusion. The attacker’s address mimicked the first and last several characters of the real destination, a common strategy to exploit hurried users who only glance at these identifiers. Consequently, when the victim later initiated their large transaction, they mistakenly copied the fraudulent address from their transaction history, sending 4,851 ETH to the hacker’s wallet. Cyvers Alerts noted the initial probing transaction occurred 37 hours before the final theft, indicating a patient and calculated approach. Understanding Address Poisoning and Its Mechanics Address poisoning is a social engineering attack specific to blockchain networks. Unlike hacking smart contracts, it preys directly on human error. The process follows a clear, malicious pattern. First, the attacker monitors the public blockchain for high-value wallets. Then, they generate a new wallet address designed to closely resemble the target’s frequent transaction partners, often matching the beginning and ending characters. Subsequently, they send a trivial amount of crypto or a zero-value transaction from this poison address to the target. This action places the fake address in the target’s transaction history. Finally, they rely on the victim mistakenly selecting this fraudulent address for a future, legitimate transfer. The attack’s success hinges entirely on inattentiveness during the copy-paste process. The Critical Role of Transaction History and Verification Most cryptocurrency wallets automatically populate a list of previously used addresses for user convenience. This feature, while helpful, becomes the attack vector. Security experts consistently stress that users must verify every single character of a destination address before confirming any transaction, especially for large sums. Relying on memory or a quick visual check of the first and last few characters is insufficient. Furthermore, using address book features or saved contacts within a wallet, where possible, provides a safer alternative to manual entry. The immutable nature of blockchain means that once a transaction is broadcast to the network, it cannot be reversed, making prevention the only viable defense. The Broader Impact on Cryptocurrency Security and Trust This multi-million dollar heist sends shockwaves beyond a single victim. It erodes user confidence in the security of self-custodied assets, a foundational principle of decentralized finance. High-profile thefts often lead to increased regulatory scrutiny, as lawmakers point to such events to justify stricter oversight of crypto markets. Moreover, they highlight the asymmetry of security responsibility; while blockchain technology itself is secure, the endpoints—the users and their practices—remain vulnerable. The industry faces mounting pressure to develop more intuitive safety tools, such as transaction confirmation screens that highlight address differences or systems that flag potentially fraudulent destination addresses. Comparative Analysis of Common Crypto Scams To understand the unique threat of address poisoning, it is useful to compare it with other prevalent cryptocurrency scams. Scam Type Method Target User Action Required Address Poisoning Sends fake look-alike address to history User’s inattention Mistakenly copies wrong address Phishing Fake websites/emails steal login keys Private Keys/Seed Phrases Entering credentials on a malicious site Smart Contract Exploit Code vulnerability drains connected wallet Flawed contract code Signing a malicious transaction Rug Pull Developers abandon project, take liquidity Project investors Buying into a fraudulent token As shown, address poisoning is distinct because it requires no interaction with a malicious website or contract. It simply exploits a moment of carelessness during a routine action. Essential Protective Measures for Every Crypto User Proactive defense is the only effective strategy against address poisoning. Users must adopt rigorous security habits. First, always verify the entire wallet address character-by-character before sending any transaction. Second, utilize wallet address books for frequent transfers to trusted parties. Third, consider sending a small test transaction first when dealing with a new or unverified address. Additionally, be wary of unsolicited transactions in your history, as they may be poisoning attempts. Finally, leverage blockchain explorers to check the reputation and transaction history of any unfamiliar address. Implementing these steps can dramatically reduce risk. Full Verification: Manually check every character of the destination address. Use Saved Addresses: Bookmark trusted addresses in your wallet’s contact list. Test Transactions: Send a minimal amount first to confirm receipt. Stay Alert: Scrutinize unexpected $0 transactions in your history. Double-Check Sources: Confirm addresses via multiple communication channels. Conclusion The devastating $12.3 million address poisoning attack serves as a sobering reminder of the human-factor vulnerabilities in cryptocurrency. While blockchain technology offers transparency and immutability, it also demands unparalleled personal responsibility for security. This incident reinforces that the greatest threats are often not complex code exploits but simple acts of deception. As the digital asset space evolves, user education and the development of foolproof verification tools must keep pace. Ultimately, protecting one’s assets requires constant vigilance, meticulous verification, and a deep understanding of tactics like address poisoning. FAQs Q1: What exactly is an address poisoning attack? An address poisoning attack is a crypto scam where a hacker sends a tiny transaction from a fake wallet address that looks similar to one you use. The fake address appears in your history, hoping you’ll accidentally copy it later and send large funds to the hacker. Q2: Can I recover funds lost to an address poisoning scam? Typically, no. Blockchain transactions are irreversible. Once crypto is sent to a fraudulent address, only the person controlling that private key can return it. Law enforcement may be notified, but recovery is extremely rare. Q3: How can I tell if an address in my history is a poisoning attempt? Look for unsolicited, very small or zero-value transactions from addresses you don’t recognize. Check if the sender’s address closely resembles one of your saved contacts by matching the first and last few characters. Q4: Do hardware wallets protect against address poisoning? Hardware wallets secure your private keys but do not automatically verify destination addresses. They protect against remote key theft, but you can still manually approve a transaction to a poisoned address, so vigilance is still required. Q5: Are some blockchains more susceptible to this attack than others? The risk exists on any blockchain where addresses are long, complex strings of characters (like Ethereum, Bitcoin, etc.). Networks with human-readable addresses (like some newer chains offer) could potentially reduce this risk by making addresses easier to verify accurately. This post Address Poisoning Attack: Devastating $12.3M Ethereum Theft Exposes Critical Crypto Vulnerability first appeared on BitcoinWorld .

30 Jan 2026, 15:00

Bybit Regains Ground In 2025 After Historic Hack, CoinGecko Finds

Bybit’s return to heavy trading was one of the stranger comeback stories of last year. Reports say the exchange moved back toward the top of the leaderboard after a massive security breach , and traders kept coming. That did not happen by accident. Quick decisions and public reassurances played a big role. Bybit Bounces Back According to CoinGecko , Bybit handled $1.5 trillion in trades during 2025 and ended the year with about 8% of total market share. That is a solid showing given what happened in February, when attackers made off with $1.5 billion worth of Ether after finding a hole in the exchange’s cold wallet setup. The theft has been linked to North Korean actors by several sources, and it stands as one of the largest losses in crypto history. Many firms that face breaches do not recover. Reports note nearly eight out of 10 projects hit by hacks never fully bounce back. Bybit’s choice to keep withdrawals open and to honor user balances changed the math. That move reduced panic and kept liquidity flowing. Market Movers And Volume Gains Trading volumes rose across multiple venues in 2025. CoinGecko’s research points out that six of the top 10 exchanges grew their yearly volume, and the total extra trades equaled about $1.3 trillion. MEXC jumped sharply, reportedly rising 90% over the prior year, a gain blamed largely on aggressive zero-fee spot trading that pulled in high-frequency traders and new retail users. Bullish price action for Bitcoin and several altcoins also pushed activity up; several coins reached fresh all-time highs during the year, which always sparks more trading and more headlines. For some platforms, promotions and fee policies had more immediate effect than brand reputation. How Bybit Handled The Crisis The exchange’s leadership was visible. Ben Zhou, Bybit’s CEO, addressed customers on camera and promised the platform would cover losses and secure additional liquidity quickly. Some of those promises were acted on behind the scenes, where external support was arranged to shore up funds. Trust was not rebuilt overnight. It was rebuilt in small steps, transaction by transaction, and in public statements that reassured users their capital was safe. The combination of keeping services running and having clear communication changed investor behavior. Binance And Rival Trends Binance stayed the largest by a wide margin, with CoinGecko estimating about $7.3 trillion in annual volume. That massive figure hides a small drop from the prior year — a 0.5% decline — which analysts tied to a major liquidation event on October 10 that rattled markets. Still, Binance’s user base was said to be over 300 million, and its ecosystem handles a vast range of products beyond spot trading. Featured image from Pexels, chart from TradingView

30 Jan 2026, 12:04

Canadian Hacker Steals $65M, Disappears From Custody — What Happened?

A 22-year-old Canadian crypto hacker who allegedly defrauded two DeFi protocols of $65 million has vanished from custody after being arrested in Serbia. Andean Medjedovic, a Hamilton native with a master’s degree in pure mathematics earned at age 18, now faces charges in multiple jurisdictions, with his whereabouts remaining unknown. This week, a criminal indictment was unsealed against Andean Medjedovic, a Canadian national who allegedly manipulated two decentralized finance protocols to obtain about $65 million in illicit funds from the protocols’ investors. https://t.co/peirBeNDJ3 pic.twitter.com/YHkoGmq9vk — FBI (@FBI) February 5, 2025 Medjedovic’s four-year evasion ended with his August 2024 arrest in Belgrade, only for him to slip away again from authorities pursuing extradition. Math Genius Turned Criminal: The $65M Double Heist Medjedovic’s alleged crimes began in October 2021 when he manipulated Indexed Finance’s index pools using borrowed cryptocurrencies, draining over $16.5 million from investors. The following year, he conspired with an unnamed accomplice to launder the stolen funds through fraudulent exchange accounts and crypto mixers. His most brazen heist occurred in November 2023, when he allegedly exploited KyberSwap’s code to artificially manipulate prices in the protocol’s liquidity pools. “Medjedovic then calculated precise combinations of trades that would cause the KyberSwap AMM to ‘glitch,’ in his words, allowing him to steal tens of millions of dollars in cryptocurrency from the liquidity pools,” the United States Attorney’s Office states. Medjedovic withdrew funds from KyberSwap. | Source: TRM Labs . The Vietnam-based platform lost $48.8 million in the attack. Shortly after the heist, the attacker sent a public message : “Negotiations will start in a few hours when I am fully rested. Thank you.” KyberSwap offered a standard 10 percent bug bounty, but Medjedovic rejected it outright. Instead, he demanded complete control of the Kyber platform and offered to return just 50 percent to investors. The KyberSwap team has been in contact with the owners of the frontrun bots that extracted about $5.7M* worth of funds from KyberSwap pools on Polygon and Avalanche during the exploit. We have negotiated with the owners of the frontrun bots to return 90% of the users’ funds taken… — Kyber Network (@KyberNetwork) November 26, 2023 According to CBC reports , Dutch authorities traced the hack to a hotel in The Hague, where Medjedovic allegedly checked in using a fake Slovak passport. Two weeks after his flight departed Amsterdam for Kuwait via Istanbul in late November 2023, Dutch authorities issued a European arrest warrant, followed by an Interpol Red Notice. Court documents reveal Medjedovic spent those intervening years traveling extensively. He visited Brazil, Dubai, Spain, Bosnia, and Serbia while attempting to maintain his lavish lifestyle on stolen crypto. Arrested in Belgrade, Then Vanished — Where Is He Now? Medjedovic’s run ended on August 9, 2024, when he arrived in Belgrade using the alias “Lorenzo” to book an apartment. Interpol Belgrade immediately contacted Dutch authorities upon his arrest. During extradition proceedings at the Belgrade Higher Court, Medjedovic denied all accusations. “I do not wish to go to the Netherlands,” he stated, adding that “I would like to have children in Serbia and to achieve some more things here.” He claimed he had been in Dubai for 4 months and had visited the Netherlands for 3 months “ on a tourist trip. ” Despite being Canadian, Medjedovic told the court he holds only a Bosnian passport. Fake Passport. | Source: Balkan Insight The U.S. indictment revealed Medjedovic maintained detailed files documenting his schemes, including one titled “ moneyMovementSystem ” with step-by-step instructions for laundering cryptocurrency through mixers. He allegedly wrote notes to “ make a new bank account under a fake ID ” and “ order documents online (Russian + Brazilian + American citizen) .” His Next Move: Return the Funds or Rot in Prison As of publication, Medjedovic has disappeared from Serbian custody, and the stolen $65 million remains dormant in crypto wallets. “He needs to be perfect from here until eternity in obfuscating the proceeds of this exploit, which are being tracked,” said Kyle Armstrong, a former FBI agent at blockchain intelligence firm TRM Labs. Ari Redbord, TRM’s global head of policy, noted that modern digital tracking makes prolonged evasion increasingly difficult. “Everything is tracking to the overall growth of the crypto ecosystem,” says Ari Redbord ( @ARedbord ) of @trmlabs , telling @RemyBlaireNews as he discusses rising illicit crypto volumes and why they remain a small share of total activity. pic.twitter.com/09Z0UcRElK — FINTECH.TV (@FintechTvGlobal) January 16, 2026 “The reality is that at some point you come in and you fall on your sword and potentially do everything you can to ultimately help the government,” he said. If Medjedovic refuses to cooperate by returning funds and taking responsibility, he could face more than 10 years in prison . The post Canadian Hacker Steals $65M, Disappears From Custody — What Happened? appeared first on Cryptonews .

30 Jan 2026, 10:50

Unclaimed DAO ETH to Power New Ethereum Security Fund

Ethereum supporter Griff Green has revealed that unclaimed Ethereum from the 2016 DAO hack will be redirected to a new fund focused on improving the network’s security.

30 Jan 2026, 09:46

Ethereum’s $100M Ghost Fund Rises From the 2016 DAO Collapse — This Time Different?

Nearly a decade after one of crypto’s most defining crises, unclaimed Ether from the 2016 hack of The DAO is being repurposed to support Ethereum’s security, reviving a project whose collapse once threatened the network’s survival. This time, its backers say, the goal is not experimentation but strengthening Ethereum’s defenses using resources left behind by the event that first exposed its vulnerabilities. This week, Ethereum developer and longtime communal member Griff Green announced that hundreds of millions of dollars in Ether that went unclaimed following The DAO hack will be initiated into a new security-centered funding initiative. Source: Unchained In an appearance on the Unchained podcast, Green asserted that huge amounts of ETH are trapped in contracts that were made to compensate victims of the exploit, but they never actually claimed them. Instead, he said, that money will now be used to generate a staking income and fund security work throughout the Ethereum ecosystem. Inside the DAO Hack and Ethereum’s Historic Fork In early 2016, the DAO was initiated as a decentralized venture capital, which permitted tokenholders to make decisions on a shared basis about the allocation of capital. It collected over $150 million in ETH, the biggest crowdfunding project at the time. In June 2016, an attacker used a vulnerability in its smart contracts, called a reentrancy vulnerability , to empty its smart contracts of around 3.6 million ETH into a second contract. The hack caused an existential crisis in Ethereum and a controversial hard fork that refunded most of the stolen money to the investors. That ruling divided the community and formed two blockchains: Ethereum and Ethereum Classic. While the fork restored the majority of funds, the recovery process was not clean. Green said around $6 million was set aside to handle complex cases involving investors who were unable to claim their ETH through standard mechanisms. He joined a multisignature wallet established to manage those cases. Over time, more than 80% of that balance was claimed, but the remainder, now worth around $200 million at current prices, was left untouched. DAO Hack Era Funds Revived for Network Security According to Green, those unclaimed funds will form the backbone of what is being called The DAO Security Fund. The plan involves roughly 70,500 ETH held in an ExtraBalance Withdrawal contract, along with about 4,600 ETH and DAO tokens from the original curator multisig. The capital will be staked, with yield directed toward funding security efforts rather than distributed as a one-time payout. The initiative is being coordinated alongside the Ethereum Foundation and aligns with its broader “ Trillion Dollar Security” push. Green said the fund will operate using decentralized allocation methods rather than top-down grants. Proposed mechanisms include quadratic funding, retroactive public goods funding, ranked-choice voting, and other DAO-style distribution models. Oversight will involve well-known figures from the Ethereum security community, including Vitalik Buterin, MetaMask co-founder Taylor Monahan, Jordi Baylina, and members of the SEAL 911 response group. Giveth, a public goods funding platform co-founded by Green, is also expected to play a role in administering allocations. Ethereum’s Long Road From Early Hacks to Billion-Dollar DAOs The move comes as Ethereum security has become a central concern for both developers and institutions. The DAO hack itself helped give rise to the modern smart contract audit industry , which barely existed before 2016. Ethereum Smart Contract Framework Updated to Combat Security Concerns Ethereum sees significant exchange outflows as investors potentially eye long-term holds. #CryptoNews #news https://t.co/39LzGh5vMy — Cryptonews.com (@cryptonews) December 18, 2023 Since then, Ethereum has grown into the backbone of decentralized finance, NFTs, and tokenized assets, with billions of dollars regularly secured by smart contracts. The revival of the DAO name also reflects how far decentralized governance has evolved since its early days. By 2025, decentralized organizations collectively managed more than $24 billion in treasury assets, with major protocols like Uniswap, Arbitrum, and Optimism overseeing billion-dollar balances. The post Ethereum’s $100M Ghost Fund Rises From the 2016 DAO Collapse — This Time Different? appeared first on Cryptonews .