News
22 May 2026, 14:38
Stolen 4,052 ETH returned after $11.3M Verus bridge hack

🛑 Nearly 4,052 ETH worth about $8.5 million in $ETH was returned after the $11.3 million Verus bridge hack. The attacker agreed to keep 1,350 ETH as a white hat bounty in return for most of the funds. 🚨 Key point: Cross-chain bridges remain a prime target for hackers in decentralized finance. Continue Reading: Stolen 4,052 ETH returned after $11.3M Verus bridge hack The post Stolen 4,052 ETH returned after $11.3M Verus bridge hack appeared first on COINTURK NEWS .
22 May 2026, 13:06
Polymarket Vice President Denies Contract Hack, Confirms User Funds Are Safe

Polymarket VP Josh Stevens shuts down hack rumors, confirming all user funds are safe after a $520,000 legacy key compromise.
22 May 2026, 13:05
Polymarket confirms 6-year-old private key hack leads to a $700,000 loss

Polymarket, the largest web3-based prediction market platform, reported a compromise of its 6-year-old internal private key used for top-ups and rewards on May 22, 2026. As of press time, Polymarket had lost roughly $700,000, drained through the Polygon ( P O L ) network, according to on-chain metrics from Polygonscan analyzed by Finbold. The stolen funds were split across 16 addresses and routed through several crypto exchanges, including HTX, KuCoin, and ChangeNow. Transfers by Polymarket exploiter. Source: Polygonscan The incident was first reported by ZachXBT, an on-chain sleuth, who raised the alarm that Polymarket’s Universal Market Access (UMA) Conditional Token Framework (CTF) Adapter contract on Polygon was likely exploited. However, Josh Stevens, Polymarket’s Vice President of Engineering, confirmed that no internal contracts were exploited, but rather an old private key. As such, Stevens stated that users’ funds remain safe and the platform can be used as usual. “This was in the internal top-up config, which is why funds were being sent to it. We have rotated this key, revoked all prod permissions, and are moving all PKs to KMS keys from now on,” Stevens noted . What’s the market implication of the Polymarket attack? The successful attack on Polymarket, which managed to siphon funds for the first time, raised concerns among users. Moreover, Polymarket is heavily used by automated trading bots, which could lead to significant fund losses if the contracts were compromised. private key hygiene matters more than contracts — PolyBot (@TradePolyBot) May 22, 2026 Additionally, the notable security risk could be an advantageous edge for its competitors, led by the Kalshi prediction platform. Furthermore, this platform has amassed a significant user base in the recent past due to its deep on-chain liquidity backed by institutional investors. However, the severity of the recent attack may be minimal, as no user funds were stolen. The post Polymarket confirms 6-year-old private key hack leads to a $700,000 loss appeared first on Finbold .
22 May 2026, 13:00
Verus Hacker Returns $8.5M in ETH After Accepting Bounty Deal

The exploiter kept 1,350 ETH, valued at around $2.8 million, as part of the agreement after Verus proposed treating the remaining funds as a white hat reward if most of the stolen assets were returned within 24 hours. The exploit targeted the Verus-Ethereum bridge through a forged cross-chain transfer vulnerability, and only added to concerns around DeFi security and bridge-related attacks in the crypto sector. Verus Exploiter Returns Most Stolen ETH The attacker behind the recent Verus bridge exploit returned the majority of the stolen funds after reaching an agreement with the project team. According to blockchain security firm PeckShield, the exploiter transferred 4,052 ETH back to the Verus team wallet, which is valued at approximately $8.5 million. In exchange, the attacker kept 1,350 ETH, worth roughly $2.8 million, as part of a negotiated bounty arrangement that was offered by the project. The agreement was made shortly after Verus publicly proposed a settlement to the attacker. The team stated that if 4,052.4 ETH was returned within 24 hours, the remaining funds would be considered a legitimate white hat bounty rather than stolen assets. The exploiter ultimately accepted the proposal, which allowed the project to recover around 75% of the total funds lost during the attack. The exploit itself targeted the Verus-Ethereum bridge through what has been described as a forged cross-chain transfer vulnerability. Cross-chain bridges have become one of the most common attack vectors in the decentralized finance sector because they manage large amounts of liquidity while connecting separate blockchain ecosystems. Exploits involving bridges have repeatedly resulted in multimillion-dollar losses over the past several years. The Verus incident happened during a time where DeFi-related security breaches are still a major concern for the cryptocurrency industry. According to data from DefiLlama, decentralized finance hacks reached approximately $634 million in stolen funds during April alone. Monthly exploit totals (Source: DeFiLlama) Two of the largest incidents included the $280 million exploit affecting Drift Protocol and the $293 million exploit involving Kelp. Although losses in May have dropped to around $38 million so far, security vulnerabilities still damage confidence in decentralized platforms. These ongoing attacks are some of the biggest barriers preventing mainstream adoption of blockchain technology. As more value flows into DeFi protocols and cross-chain infrastructure, the pressure on projects to strengthen smart contract security, auditing standards, and bridge protections intensifies.
22 May 2026, 12:58
Verus recovers 4,052 ETH after $11.5 million bridge hack

🚨 4,052 ETH has been recovered in $ETH after the Verus bridge hack. The attacker returned the funds following a 1,350 ETH reward deal. Continue Reading: Verus recovers 4,052 ETH after $11.5 million bridge hack The post Verus recovers 4,052 ETH after $11.5 million bridge hack appeared first on COINTURK NEWS .
22 May 2026, 12:23
Polymarket Hit By ‘Internal Top-Up’ Wallet Exploit, $700K Drained

User funds remain safe after the incident, the prediction market platform said, with contracts and core infrastructure unaffected.













































