hodler

26 Jan 2026, 15:55

Data Breach Nightmare: 149 Million Login Credentials Leaked, Including 420,000 Binance Accounts

BitcoinWorld Data Breach Nightmare: 149 Million Login Credentials Leaked, Including 420,000 Binance Accounts A staggering cybersecurity incident has sent shockwaves through the digital world, exposing the login credentials for nearly 149 million user accounts from major platforms. Discovered in early 2025, this massive data breach notably includes sensitive information for 420,000 accounts from the global cryptocurrency exchange Binance, raising urgent questions about data security practices and user vulnerability. Anatomy of the Massive Data Breach Cybersecurity researcher Jeremiah Fowler first identified the exposed database, according to reports from the Helsinki Times. The repository was publicly accessible on the internet without any form of password protection or encryption. Consequently, anyone with an internet connection could potentially view and download the vast trove of personal data. The owner of this database remains unidentified, adding a layer of mystery and concern to the incident. This situation highlights a critical failure in basic data security protocols. The scale of this login credentials leak is immense. The database contained information from some of the world’s most popular online services. Specifically, the exposed data included credentials linked to 48 million Gmail accounts, 17 million Facebook accounts, 6.5 million Instagram profiles, four million Yahoo accounts, and 3.4 million Netflix subscriptions. The inclusion of Binance, the world’s largest crypto exchange by trading volume, introduces significant financial security risks for affected users. Implications for Cryptocurrency and Financial Security The exposure of 420,000 Binance account credentials represents a particularly severe facet of this data breach. Cryptocurrency exchanges are high-value targets for cybercriminals due to the direct financial assets they hold. Unlike social media accounts, a compromised exchange account can lead to immediate and irreversible theft of digital assets. This incident underscores the persistent security challenges within the cryptocurrency ecosystem, even for its most established players. Historically, the crypto industry has faced numerous security incidents. For instance, the 2014 Mt. Gox hack resulted in the loss of 850,000 bitcoins. Similarly, the 2022 Ronin Network breach saw over $600 million in crypto assets stolen. While this current leak involves credentials rather than a direct platform hack, it creates a direct pathway for such thefts if users employ the same passwords across multiple sites. Therefore, the real-world impact hinges on user security habits. Expert Analysis on Credential Stuffing Attacks Cybersecurity experts consistently warn about the dangers of credential reuse. “A leak of this magnitude is a bonanza for credential stuffing attacks,” explains a veteran information security analyst. In these attacks, automated bots test username and password combinations from one breach across thousands of other websites. If a user employed the same password for their Netflix account and their Binance account, attackers could gain unauthorized access to both. The chain reaction from a single leaked password can be catastrophic for an individual’s digital life. Broader Cybersecurity Context and Trends This event is not an isolated one. It fits into a troubling pattern of large-scale data exposures. For example, the 2021 Facebook data leak impacted 533 million users. Similarly, the 2023 Twitter data breach exposed 200 million email addresses. These incidents often stem from misconfigured databases, inadequate access controls, or insecure application programming interfaces (APIs). The 2025 leak’s root cause—an unsecured, publicly accessible database—is a depressingly common and preventable error. The regulatory landscape is evolving in response. Legislation like the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) mandate strict rules for data handling and breach notification. Companies failing to protect user data face severe financial penalties. This legal framework aims to incentivize better security practices, though enforcement remains a global challenge. Immediate Steps for User Protection If you suspect your data was part of this or any breach, immediate action is crucial. Follow these steps to secure your accounts: Change Your Passwords Immediately: Start with your most critical accounts—email, financial services, and cryptocurrency exchanges. Use a unique, complex password for every single account. Enable Two-Factor Authentication (2FA): This adds a critical second layer of security. Use an authenticator app (like Google Authenticator or Authy) instead of SMS-based 2FA where possible, as SIM-swapping attacks can bypass SMS codes. Use a Password Manager: These tools generate and store strong, unique passwords for all your accounts, eliminating the need to remember them or reuse them. Monitor Your Accounts: Regularly check your financial and crypto exchange statements for any unauthorized transactions. Consider using credit monitoring services. Verify Breach Exposure: Use reputable services like ‘Have I Been Pwned’ to check if your email address appears in known data breaches. The Role of Companies in Data Stewardship This incident places a spotlight on corporate responsibility. Companies collecting user data have a fundamental duty to protect it with robust security measures. Basic steps include encrypting databases at rest and in transit, implementing strict access controls, and conducting regular security audits. Furthermore, transparent communication with users during a crisis is non-negotiable. Users deserve timely, clear information about what data was exposed and what the company is doing to remediate the situation. The identity of the database owner in this case remains unknown. This ambiguity complicates the response and remediation efforts. It raises questions about whether this was a centralized aggregation of data from previous, smaller breaches or a new, previously unknown compromise. The cybersecurity community continues to investigate the source and scope of the exposure. Conclusion The leak of 149 million login credentials, including those for 420,000 Binance accounts, serves as a stark reminder of the fragile state of digital security in 2025. This massive data breach underscores the catastrophic consequences of simple security failures and the critical importance of individual cyber hygiene. While companies must be held accountable for safeguarding data, users must proactively defend themselves by adopting unique passwords and multi-factor authentication. Ultimately, collective vigilance is our best defense in an increasingly interconnected and vulnerable digital landscape. FAQs Q1: What should I do if I think my Binance account was part of this data breach? A1: Immediately log into your Binance account and change your password to a new, strong, and unique one. Then, enable two-factor authentication (2FA) using an authenticator app. Finally, review your account activity and API keys for any suspicious actions. Q2: How can a leaked password from Netflix or Facebook lead to my crypto being stolen? A2: Through a technique called “credential stuffing.” Attackers use automated software to try the leaked username and password combinations on hundreds of other websites, including cryptocurrency exchanges. If you reused the same password, they can gain access. Q3: What does “publicly accessible database without password protection” mean? A3: It means the digital storage server holding all this user data was connected to the open internet. Furthermore, it had no login gate or encryption barrier. Anyone who knew the server’s address or found it through a scan could access, view, and download all the information inside. Q4: Why is the owner of the leaked database unknown? A4: Cybersecurity researchers often find exposed data through scans of internet-connected systems. Determining the legal owner requires forensic investigation of server metadata, registration records, and the data’s origin, which can be intentionally obscured or difficult to trace. Q5: Are password managers safe to use, and do they help in this situation? A5: Reputable password managers are highly secure and are one of the best defenses against breaches. They store your passwords in an encrypted vault and generate strong, unique passwords for every site. This means a breach of one site’s password does not compromise your other accounts. This post Data Breach Nightmare: 149 Million Login Credentials Leaked, Including 420,000 Binance Accounts first appeared on BitcoinWorld .

26 Jan 2026, 14:03

Security alert raised as Chrome security support ends for old iPhones and Macs

Apple and Google have both issued warnings to millions of iPhone and Mac users, saying they could be exposed to security risks for using the Chrome web browser. The alerts center on operating system compatibility and recently discovered vulnerabilities that affected Apple’s software ecosystem. According to Apple, users of older Mac computers, iPhones, and iPads, and those running outdated operating systems, are at risk of being hacked. The warnings follow weeks of security advisories and software update notices on Apple’s hardware lineup and Google’s Chrome browser support policies. Both companies are urging users to update their devices to the latest software to avoid exposure to cyberattacks, including sophisticated spyware. Browser warnings and the end of Chrome support for old iOS devices Apple has been messaging iOS users about browser privacy and security, telling them that Safari is a safer option than Google Chrome on their devices. In a user-facing privacy message, Apple stated, “Unlike Chrome, Safari truly helps protect your privacy.” At the same time, Google has confirmed that millions of Mac users will soon stop receiving updates to its native browser. The change applies to devices running macOS 12 (Monterey). Google announced that Chrome 150 will be the final version compatible with that operating system, since Apple had already stopped supporting Monterey in mid-2024. “Chrome 150 is the last version of Chrome that will support macOS 12 (Monterey). Chrome 151 (tentatively scheduled for release on July 28, 2026) is the first version of Chrome that requires macOS 13 Ventura or later. You’ll need to ensure your device is running macOS 13 or later to continue receiving future Chrome releases,” the smartphone operating system developer said. Those who cannot upgrade their Mac to macOS Ventura or newer will be left on an unsupported browser version. “Older versions of Chrome will continue to work, but there will be no further updates released for users on this operating system,” the company continued, also adding that only those who upgrade to newer macOS versions will “continue to receive the latest security updates and Chrome features.” Security researchers warn that running an unpatched browser significantly raises an internet user’s exposure to hackers. Web browsers are targets for attackers because they process untrusted content from the Internet daily. Almost two weeks ago, Google had to rush out updates after a vulnerability was disclosed that could expose applications to attack. Soon after, on January 13, Google Chrome’s Srinivas Sista issued a notice revealing that 10 new vulnerabilities had been identified. “The Chrome team is delighted to announce the promotion of Chrome 144 to the stable channel for Windows, Mac, and Linux,” Sista said. However, the statement also noted that the update would “roll out over the coming days/weeks.” Apple devices hit by WebKit flaws Apple has also been working to address security weaknesses in its own software. Over recent weeks, the company sent alerts about a flaw that could impact half of all iPhone users if their devices are not updated . Apple disclosed two vulnerabilities in WebKit, the browser engine that powers Safari and all browsers on iOS. The iPhone manufacturer found flaws in several malicious websites that, when visited, could trick devices into executing harmful code without the user realizing. Once compromised, attackers could take control of the device, steal login credentials, or access financial information. The vulnerabilities were discovered and reported by Apple Security Engineering and Architecture and Google’s Threat Analysis Group. Apple credited Google’s team with identifying CVE-2025-43529. Third-party browsers such as Chrome, Edge, and Firefox on Apple mobile devices were also affected at the engine level. Apple released patches for the vulnerability on several versions, including iOS 26.2 and iPadOS 26.2 for newer iPhones and iPads, iOS 18.7.3 and iPadOS 18.7.3 for slightly older supported models. On the Mac side, fixes were included in macOS Tahoe 26.2; on Apple TV, in tvOS 26.2; on Apple Watch, in watchOS 26.2; and on the Vision Pro headset, in visionOS 26.2. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

26 Jan 2026, 11:33

Matcha Meta Breach Drains $16.8M via SwapNet Exploit — Users Urged to Revoke Access

A security breach tied to decentralized exchange aggregator Matcha Meta has resulted in the theft of roughly $16.8 million in crypto assets, adding to a growing list of smart-contract exploits that continue to test the safety assumptions of DeFi users. The incident unfolded on Sunday and was traced not to Matcha’s core infrastructure, but to SwapNet, one of the liquidity providers integrated into the platform. Matcha Meta disclosed the issue publicly in a post on X, saying users who had disabled its “One-Time Approval” feature and instead granted direct token allowances to individual aggregator contracts may have been exposed. We are aware of an incident with SwapNet that users may have been exposed to on Matcha Meta for those who turned off One-Time Approvals We are in contact with the SwapNet team and they have temporarily disabled their contracts The team is actively investigating and will provide… — Matcha Meta (@matchametaxyz) January 25, 2026 The protocol urged affected users to immediately revoke approvals connected to SwapNet’s router contract, warning that failure to do so could leave wallets vulnerable to further unauthorized transfers. $17M Vanishes in Seconds: How Matcha Hackers Slipped Funds Onto Ethereum Blockchain security firms quickly began tracking the exploit as funds moved on-chain. PeckShield reported that approximately $16.8 million had been drained in total, with the attacker swapping around $10.5 million in USDC for roughly 3,655 ETH on the Base network before starting to bridge assets to Ethereum. #PeckShieldAlert Matcha Meta has reported a security breach involving SwapNet. Users who opted out of "One-Time Approvals" are at risk. So far, ~$16.8M worth of crypto has been drained. On #Base , the attacker swapped ~10.5M $USDC for ~3,655 $ETH and has begun bridging funds to… https://t.co/QOyV4IU3P3 pic.twitter.com/6OOJd9cvyF — PeckShieldAlert (@PeckShieldAlert) January 26, 2026 CertiK independently flagged suspicious transactions, identifying one wallet that siphoned about $13.3 million in USDC on Base and converted the funds into wrapped Ether. Both firms pointed to a vulnerability in the SwapNet contract that allowed arbitrary calls, enabling the attacker to transfer tokens that users had previously approved. 1/ The vulnerability seems to be in arbitrary call in @0xswapnet contract that let attacker to transfer funds approved to it. ( https://t.co/B7ux5zzMLS ) The team have temporarily disabled their contracts is actively investigating. https://t.co/NBNvzxHCRw Please revoke approval… — CertiK Alert (@CertiKAlert) January 26, 2026 Matcha later clarified that the incident was not connected to 0x’s AllowanceHolder or Settler contracts, which underpin its One-Time Approval system. The team noted that users who interacted with Matcha using One-Time Approvals were not affected, as this design limits how much access a third-party contract can retain. After reviewing with 0x's protocol team, we have confirmed that the nature of the incident was not associated with 0x's AllowanceHolder or Settler contracts. Users who have interacted with Matcha Meta via One-Time Approval are thus safe. Users who have disabled One-Time… https://t.co/VQVmj4LL0F — Matcha Meta (@matchametaxyz) January 25, 2026 The exposure, the team said, applied only to users who opted out of that system and granted ongoing allowances directly to aggregator contracts. In response, Matcha has removed the option for users to set such direct approvals going forward. Old Token Approvals Emerge as a Persistent DeFi Weak Spot The breach highlights a recurring tension in DeFi between flexibility and safety. Token approvals, while necessary for interacting with smart contracts, have long been a weak point, particularly when permissions remain active long after a transaction is completed. In this case, previously granted allowances became the pathway for the exploit once the SwapNet contract was compromised. The incident arrives amid continued concerns over smart-contract security across the crypto sector. SlowMist’s year-end report shows that vulnerabilities in smart contracts accounted for just over 30% of crypto exploits in 2025, making them the leading cause of losses. Source: SlowMist Researchers have also warned that advances in artificial intelligence are accelerating how quickly attackers can identify and exploit weaknesses in on-chain code. While overall crypto losses declined in December , falling about 60% month-on-month to roughly $76 million, security firms cautioned that the drop did not reflect a structural improvement. Crypto-related losses from hacks and cybersecurity exploits fell sharply in December, dropping 60% month-on-month to about $76 million. #Crypto #Hack https://t.co/mke6K8sLVQ — Cryptonews.com (@cryptonews) January 2, 2026 PeckShield noted that a single address-poisoning scam accounted for $50 million of December’s losses, showing how concentrated and severe individual incidents can be even during quieter periods. January has already seen several notable exploits. IPOR Labs confirmed a $336,000 attack on its USDC Fusion Optimizer vault on Arbitrum, while Truebit disclosed a smart-contract incident that on-chain analysts estimate drained more than 8,500 ETH, triggering a near-total collapse in the project’s token price. Last week, Layer-1 network Saga paused its SagaEVM chain after an exploit moved close to $7 million in assets to Ethereum. The post Matcha Meta Breach Drains $16.8M via SwapNet Exploit — Users Urged to Revoke Access appeared first on Cryptonews .

26 Jan 2026, 09:30

Matcha Meta confirms hack after $16.8M loss

The swap and bridge aggregation platform built by 0x, Matcha Meta, has lost $16.8 million in digital assets due to a SwapNet security breach, according to Web3 security platform PeckShield. Matcha Meta disclosed on Monday that it suffered a security exploit over the weekend, where attackers swindled tokens from an external aggregator integrated into Matcha Meta’s interface called SwapNet. The platform said users who disabled its “One-Time Approvals” feature and granted direct token permissions to individual aggregators were at risk of losing their funds. We are aware of an incident with SwapNet that users may have been exposed to on Matcha Meta for those who turned off One-Time Approvals We are in contact with the SwapNet team and they have temporarily disabled their contracts The team is actively investigating and will provide… — Matcha Meta 🎆 (@matchametaxyz) January 25, 2026 In the swap aggregator’s statement on X, MM said it became aware of suspicious activity after records of large, unauthorized token movements from SwapNet’s router contract appeared on transactional records. The platform confirmed it had contacted the SwapNet team, which “temporarily disabled its contracts” to prevent more losses. Matcha Meta hacker swapped 3k Ether coins from victims According to the blockchain security firm PeckShield , the attacker drained funds via token approvals and swaps. They moved approximately 10.5 million USDC from victim addresses on the Base, an Ether layer-2 blockchain, then swapped the stablecoins for 3,655 Ether, consolidating value into a more liquid asset. After completing the swaps, the attacker began bridging the Ether from Base to the Ethereum mainnet to hide any transaction trails. Bridging is the process of transferring assets between blockchains using smart contracts or intermediary protocols. Although it is considered “legitimate” in most cases, hackers use it because it makes it nearly impossible to track their operations. The perpetrator had previously granted token allowances to move funds without the user’s signature, which grants permission for a smart contract to spend their tokens. If an allowance is set to unlimited, a malicious or compromised contract can drain funds until the balance is depleted. Matcha Meta said users who interacted with the platform using its One-Time Approval system were not impacted. That feature routes token permissions through 0x’s AllowanceHolder and Settler contracts, limiting a trader’s exposure by granting approvals for a single transaction. “After reviewing with 0x’s protocol team, we have confirmed that the nature of the incident was not associated with 0x’s AllowanceHolder or Settler contracts,” Matcha Meta wrote on X later on. The company added that users who disabled One-Time Approvals and set direct allowances on aggregator contracts “assume the risks of each aggregator.” After reviewing with 0x's protocol team, we have confirmed that the nature of the incident was not associated with 0x's AllowanceHolder or Settler contracts. Users who have interacted with Matcha Meta via One-Time Approval are thus safe. Users who have disabled One-Time… https://t.co/VQVmj4LL0F — Matcha Meta 🎆 (@matchametaxyz) January 25, 2026 The DEX swap platform removed the function for users to set direct allowances on aggregators through its interface, while asking the community to revoke any existing permissions on SwapNet’s router contract. DeFi smart contract hacks persist in 2026 The Matcha Meta incident comes just six days after Makina Finance, a decentralized finance protocol with automated execution features, suffered a network breach that drained its DUSD/USDC liquidity pool on Curve. As reported by Cryptopolitan, hackers extracted about 1,299 Ether from Makina’s Curve stablecoin pool, worth $4.13 million at the time. The breach involved non-custodial liquidity providers connected to an on-chain pricing oracle, a data feed used by smart contracts to determine asset values. Per the blockchain analytics firm Elliptic, much of today’s dark web money laundering involves coin swap services, including instant exchanges that run through standalone websites or Telegram channels. Last year, the decentralized exchange aggregator CoWSwap reported a breach that resulted in losses of more than $180,000. About $180,000 worth of DAI was stolen through CoWSwap’s trade execution GPv2Settlement smart contract. The platform said the compromised contract had access only to protocol fees collected over one week, stemming from the exploitation of a solver account. In CoWSwap’s model, users sign trade intents that are passed to third-party solvers, which compete to provide the best prices and store collected fees. The smartest crypto minds already read our newsletter. Want in? Join them .

26 Jan 2026, 08:10

Matcha Meta Exploit: Devastating $16.8M DEX Aggregator Hack Exposes SwapNet Flaw

BitcoinWorld Matcha Meta Exploit: Devastating $16.8M DEX Aggregator Hack Exposes SwapNet Flaw In a significant blow to decentralized finance security, the prominent DEX aggregator Matcha Meta has suffered a major exploit resulting in the loss of $16.8 million. The incident, which occurred on March 21, 2025, underscores the persistent vulnerabilities within complex DeFi integrations. According to an initial report by The Block, the attacker leveraged a critical flaw in a SwapNet smart contract to drain pre-approved user funds. Consequently, this event has sent shockwaves through the cryptocurrency community, raising urgent questions about audit processes and the security of cross-chain asset bridges. Anatomy of the Matcha Meta Exploit The Matcha Meta exploit unfolded through a sophisticated attack vector targeting its integration with SwapNet. Initially, the attacker identified a vulnerability in a specific SwapNet smart contract. This flaw allowed unauthorized access to funds that users had pre-approved for trading operations. Subsequently, the hacker executed a series of rapid transactions to capitalize on this weakness. The attacker first swapped approximately $10.5 million in USDC for 3,655 ETH on the Base layer-2 network. Following this conversion, they immediately bridged the stolen Ethereum to the main Ethereum blockchain. This swift movement of assets across chains complicated initial tracking efforts. Forensic analysis by blockchain security firms suggests the exploit was a logical flaw rather than a simple coding error, allowing the bypass of standard authorization checks. Attack Vector: Smart contract vulnerability in SwapNet integration. Primary Action: Drainage of pre-approved user funds. Asset Movement: USDC to ETH swap on Base, followed by bridging to Ethereum mainnet. Total Loss: $16.8 million in digital assets. Context and Impact of the DEX Aggregator Hack The Matcha Meta breach represents one of the larger DeFi exploits of early 2025. DEX aggregators like Matcha Meta serve a crucial function by sourcing liquidity from multiple decentralized exchanges to offer users the best possible trading rates. However, their complex architecture, which involves interacting with numerous external protocols and smart contracts, inherently expands the attack surface . This incident follows a concerning trend of exploits targeting the connective tissue between DeFi protocols rather than the core protocols themselves. Immediate impacts were felt across the ecosystem. Firstly, user confidence in similar aggregator platforms temporarily wavered. Secondly, the native token of the affected platform experienced notable volatility. Furthermore, the exploit has triggered renewed calls from regulators and industry bodies for enhanced security standards, particularly for protocols handling cross-chain transactions. The event highlights a critical challenge: as DeFi composability increases, so does the potential for cascading failures through integrated smart contracts. Expert Analysis on Smart Contract Security Security experts emphasize that exploits of this nature often stem from integration risks . A protocol may be secure in isolation, but its connection to another protocol can introduce unforeseen vulnerabilities. According to common practices cited by auditing firms, the flaw likely involved an assumption about how the SwapNet contract would handle approval calls. The hacker manipulated this assumption to withdraw funds without proper user consent. The response timeline is also critical. Matcha Meta’s team, upon detecting anomalous outflows, reportedly initiated emergency procedures. These procedures included pausing certain contract functions and collaborating with blockchain analytics firms to trace the stolen funds. Historically, the success of fund recovery in such cases remains low, often depending on the hacker’s willingness to negotiate a bounty. This exploit serves as a stark reminder that comprehensive security audits must extend beyond a protocol’s own code to include all integrated third-party components and their interaction patterns. Broader Implications for DeFi Security The $16.8 million loss from the Matcha Meta platform carries significant implications for the entire decentralized finance sector. Primarily, it reinforces the need for continuous, proactive security measures rather than one-time audits. Protocols are now encouraged to implement real-time monitoring and anomaly detection systems that can flag suspicious transaction patterns as they occur. Additionally, the industry may see accelerated adoption of decentralized insurance products to mitigate user losses from such events. Moreover, the exploit places a spotlight on the security of cross-chain bridges. The attacker’s ability to quickly move 3,655 ETH from Base to Ethereum demonstrates both the utility and the risk of these bridging solutions. While they enable liquidity flow, they can also be used to obfuscate the trail of stolen funds. Consequently, future security frameworks will likely require stricter delay mechanisms or multi-signature controls for large bridge transactions originating from aggregators. Recent Major DEX & Aggregator Exploits (2024-2025) Platform Date Approx. Loss Attack Method Matcha Meta March 2025 $16.8M SwapNet Contract Vulnerability AggregatorX Nov 2024 $11.2M Price Oracle Manipulation SwapStream Aug 2024 $7.5M Flash Loan Attack Conclusion The devastating Matcha Meta exploit, resulting in a $16.8 million loss, is a pivotal event for DeFi security in 2025. It clearly illustrates how vulnerabilities in ancillary services like SwapNet can jeopardize even established platforms. The incident underscores the non-negotiable requirement for rigorous, holistic smart contract auditing that covers all integrated systems. Furthermore, it highlights the critical need for robust incident response plans and the potential value of decentralized insurance. As the DeFi ecosystem evolves, the industry’s collective response to breaches like the Matcha Meta hack will fundamentally shape its resilience, trustworthiness, and long-term adoption. FAQs Q1: What is a DEX aggregator like Matcha Meta? A DEX aggregator is a platform that scans multiple decentralized exchanges (DEXs) to find the best possible exchange rate and lowest fees for a user’s trade. Matcha Meta executes the trade across these liquidity sources in a single transaction. Q2: How did the hacker steal funds in the Matcha Meta exploit? The attacker exploited a vulnerability in a smart contract from SwapNet, a service integrated with Matcha Meta. This flaw allowed them to withdraw user funds that had been pre-approved for trading without proper authorization. Q3: Were user wallets directly compromised in this hack? No, individual user wallets were not directly breached. The exploit targeted funds that users had already approved the Matcha Meta platform to access for trading purposes, which were held within the protocol’s smart contracts. Q4: What has been done since the exploit was discovered? The Matcha Meta team likely initiated emergency measures, which can include pausing vulnerable contracts, launching an investigation with security firms, and tracing the stolen funds. They would also be communicating with users and relevant authorities. Q5: What does this mean for the future of DeFi security? This exploit emphasizes that security must extend beyond a single protocol’s code to include all integrated partners and bridges. It will likely accelerate the adoption of more sophisticated monitoring tools, insurance products, and stricter audit standards for cross-protocol interactions. This post Matcha Meta Exploit: Devastating $16.8M DEX Aggregator Hack Exposes SwapNet Flaw first appeared on BitcoinWorld .

26 Jan 2026, 07:38

ZachXBT Alleges Son of US Government Crypto Custodian CEO Behind Wallet Theft

Blockchain investigator ZachXBT has alleged that the person responsible for a multimillion-dollar theft of cryptocurrency from US government-controlled wallets is the son of the chief executive of a firm contracted to safeguard seized digital assets. Key Takeaways: ZachXBT alleges a multimillion-dollar crypto theft from US government wallets is linked to the son of a federal crypto custody contractor’s CEO. The funds were traced to wallets connected to assets seized in the 2016 Bitfinex hack. The claims remain unproven in court, and no charges have been filed as of publication. In a series of posts detailing his findings , ZachXBT claimed that an individual known online as “Lick,” whose real name he identified as John Daghita, siphoned tens of millions of dollars in crypto from wallets linked to the US government. He further alleged that Daghita is the son of Dean Daghita, president and chief executive of Command Services & Support (CMDSS), a company contracted by the US Marshals Service to handle certain seized cryptocurrencies. CMDSS Awarded US Marshals Contract to Handle Non-Mainstream Seized Crypto Public records show that CMDSS, based in Haymarket, Virginia, was awarded a contract in October 2024 to assist the Marshals Service with the custody and disposal of so-called “Class 2–4” digital assets. These include tokens that are not supported by major centralized exchanges and often require bespoke handling. The allegations have not been tested in court, and no criminal charges have been announced. CMDSS did not respond to requests for comment at the time of publication. ZachXBT’s claims expand on an investigation he published on Jan. 23, which linked the same online persona to more than $90 million in suspected illicit crypto activity. That probe traced funds back to a U.S. government wallet associated with assets seized from the 2016 Bitfinex hack. The investigation gained traction after a recorded dispute in a Telegram group chat between “Lick” and another individual. Update: The CMDSS company X account, website, & LinkedIn were all just deactivated pic.twitter.com/nvN6u5XMPq — ZachXBT (@zachxbt) January 25, 2026 The exchange, described as a “band-for-band” argument, involved both parties attempting to demonstrate control over large crypto balances. During the exchange, “Lick” screen-shared an Exodus wallet displaying a Tron address holding roughly $2.3 million, followed by a live transfer of about $6.7 million in ether. By the end of the session, approximately $23 million had been consolidated into a single wallet. By tracing transactions backward, ZachXBT linked that wallet to an address that received $24.9 million from a US government-controlled wallet in March 2024. The government address was tied to funds seized in the Bitfinex case. ZachXBT had previously flagged unusual activity in October 2024, when around $20 million was drained from similar government wallets. Most of those funds were returned within 24 hours , though roughly $700,000 routed through instant exchanges was not recovered. CMDSS Contract Faced Prior Scrutiny as GAO Rejected Protest CMDSS’s role as a government contractor has drawn scrutiny before. After losing the Marshals Service contract, Wave Digital Assets filed a protest with the Government Accountability Office, arguing that CMDSS lacked proper regulatory registrations and raising concerns over potential conflicts of interest involving a former Marshals Service official. The GAO ultimately denied the protest . Questions around crypto custody have also been raised more broadly. A February 2025 CoinDesk report said the Marshals Service struggled to account for its digital asset holdings, citing weak inventory controls and an inability to estimate its bitcoin reserves. As reported, illicit cryptocurrency addresses received a record $154 billion in 2025 , a sharp increase from the year before. The post ZachXBT Alleges Son of US Government Crypto Custodian CEO Behind Wallet Theft appeared first on Cryptonews .