News
14 May 2026, 14:14
OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices

OpenAI has admitted that two employee devices were compromised through malicious versions of TanStack npm packages. The company is insisting that no evidence that user data, production systems, or intellectual property were tampered with was found. Was OpenAI hacked? OpenAI has confirmed that malicious actors breached two of its employee devices as part of a massive software supply chain campaign called “Mini Shai-Hulud.” OpenAI previously deployed controls to limit supply chain attack exposure after an incident with Axios, but the two affected employee devices had not yet received the updated configurations that would have blocked the malicious package download. The attack targeted TanStack , an open-source library used by millions of developers. The attackers published 84 malicious versions across 42 npm packages, including the popular @tanstack/react-router, which is downloaded over 12 million times weekly. An external researcher working for StepSecurity detected the malicious packages within roughly 20 minutes of publication and notified npm security directly. This attack exploited the trust users have in automated build systems. The malicious code was published using TanStack’s own legitimate publishing keys, making it look like an official update. Mini Shai-Hulud is a self reproducing malware that steals credentials like GitHub tokens, cloud keys, and SSH keys once a developer or CI/CD system installs it. The malware then attempts to republish to other packages the victim maintains. Security researchers report that the campaign has compromised packages across the npm and PyPI ecosystems. Beyond OpenAI and TanStack, the attack has affected code belonging to Mistral AI, UiPath (NYSE: PATH), OpenSearch and Guardrails AI. Researchers note that the payload installs a persistent daemon that acts as a “dead-man’s switch.” If a victim revokes a stolen GitHub token, the malware can trigger a command to wipe the user’s home directory. Was OpenAI’s user data compromised? Following the attack, OpenAI enlisted a third-party forensics firm to assist with the investigation. The company said it found no evidence that its user data was accessed or that its production systems, intellectual property or software were compromised. However, the attackers still managed to extract some credential material from internal code repositories that those devices had access to. This included code-signing certificates for macOS apps. Now, Mac users must update their ChatGPT Desktop, Codex, and Atlas apps latest by June 12, 2026, or the software will be blocked by macOS security protections. OpenAI said it has found no evidence of malicious software signed with its certificates and no unauthorized modifications to published applications. The company noted that new notarization with the old certificates has already been blocked, meaning any fraudulent app attempting to use them would lack Apple’s notarization and be stopped by macOS security protections by default. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
14 May 2026, 11:04
Transit Finance promises user repayments as May exploit losses climb

Transit Finance has pledged to compensate all affected users after an attacker drained approximately $1.88 million from a deprecated smart contract. Security monitoring platform PeckShield flagged Transit Finance’s breach, stating that the stolen funds are currently parked in a $DAI address. In an onchain message sent by Transit Finance to the attacker’s wallet, the attacker was informed that they may get a certain percentage of reward as a bug bounty if they are willing to cooperate in returning the assets. Transit Finance has sent a message with its hacker. Source: Etherscan . Transit Finance has set a 48-hour window for the attacker to respond, while adding that it will be providing further details on compensation through its official channels in another post. What went wrong with Transit Finance? Transit Finance attributed the breach to an early-version smart contract previously deployed on the TRON network. In a statement posted to X , the protocol said the contract had been deprecated since 2022 but that “historical vulnerabilities within it were recently exploited, affecting a limited number of users.” The team stated that it has carried out investigation, isolation, and mitigation measures upon discovery, followed by remediation on May 12. The protocol informed its users that they do not need to perform any further actions on their part. It also stated that the current smart contract version remains unaffected and has been operating securely for over four years, with ongoing security audits and monitoring in place. Crypto exploits in May Transit Finance is not an isolated case, as security platform GoPlus Security announced on May 12 that it had flagged two private key compromise incidents over the preceding 36 hours, resulting in a combined loss of $238,000. One involved trader @0xUnihax0r, lost $200,000 in what GoPlus linked to materials uploaded in connection with a trading bot and Telegram. The second compromised address was tied to a prior large-scale private key leakage event involving 574 addresses, suggesting the same exposure vector continues to claim victims weeks after the original incident. Also on May 12, blockchain security company Blockaid issued a community alert on Aurellion Labs, a tokenized real-world asset protocol on Arbitrum. Blockaid wrote on X, “An unverified EIP-2535 Diamond proxy on Arbitrum was exploited a few minutes ago for ~$456K because of uninitialized Diamond / unprotected initialize().” Taken together, the incidents of the first two weeks of May, Transit Finance, Aurellion Labs, and the GoPlus-flagged private key compromises, point to a month already accumulating losses across multiple vulnerability classes. Can May be worse than April’s crypto exploit record? The crypto space saw over $710 million in losses in April, with DeFi losing more than $609 million to cyberattacks . Major crypto hacks in April 2026. Source: CertiK . The KelpDAO exploit on April 19, which experienced a loss of $293 million from its LayerZero-powered bridge, was the largest DeFi incident of 2026. It was closely followed by Drift Protocol’s loss of $285 million, which occurred on April 1. Drift Protocol’s hack was attributed to a long-running social engineering campaign by North Korean-affiliated actors, which came a close second. May’s incidents are still considered smaller on an individual scale, as nothing so far approaches the nine-figure losses that defined April. However, the frequency of the attacks is rising, and the month’s early cadence does not suggest that the sector has meaningfully addressed the conditions enabling these losses. If you're reading this, you’re already ahead. Stay there with our newsletter .
14 May 2026, 09:00
Judge seeks more evidence on Aave’s $71 million ETH freeze

🚨 A New York judge paused Aave's $71 million ETH release request. Legal wrangling continues after the $293 million Kelp DAO hack shook the $ETH market. 📊 Critical data: Parties must submit more evidence before next month’s hearing. Continue Reading: Judge seeks more evidence on Aave’s $71 million ETH freeze The post Judge seeks more evidence on Aave’s $71 million ETH freeze appeared first on COINTURK NEWS .
14 May 2026, 07:25
US Court Orders Aave and Creditors to Submit New Briefs Over $71M Frozen ETH

BitcoinWorld US Court Orders Aave and Creditors to Submit New Briefs Over $71M Frozen ETH A federal court in the Southern District of New York has directed the decentralized finance protocol Aave and the law firm Gerstein Harrow to file supplemental briefs regarding the ownership of $71 million in Ethereum (ETH) that was frozen following a security breach at Kelp DAO. Judge Margaret Garnett set a deadline of May 22 for both parties to submit additional materials, with a rehearing scheduled for June 5. The court’s order signals a deepening legal battle over assets that may be tied to the North Korean Lazarus Group. Court Questions Aave’s Justification for Freeze Judge Garnett expressed concern that Aave had not adequately explained the potential for further financial losses if the freeze on the Ethereum is maintained. The court requested clarification on six specific legal issues, including the legal nature of the stolen assets under U.S. law and the priority of creditor claims. This development comes after a May 9 ruling that permitted the transfer of the funds from the Arbitrum network to an Aave-controlled wallet, though Aave is prohibited from using or distributing the assets until a final judgment is reached. Background: The Kelp DAO Hack and Creditor Claims The frozen Ethereum was originally stolen during a hack of Kelp DAO, a liquid restaking protocol. Gerstein Harrow represents creditors who secured an uncollected $877 million judgment in a separate lawsuit against North Korea for state-sponsored acts of terrorism. The firm now asserts a claim on the $71 million in ETH, alleging that the funds are traceable to the Lazarus Group, a North Korean cybercriminal organization known for large-scale crypto thefts. This case highlights the complex intersection of crypto asset recovery, international sanctions, and creditor rights in U.S. courts. Why This Matters for the Crypto Industry The outcome of this case could set a precedent for how U.S. courts handle frozen digital assets linked to state-sponsored hacking. For DeFi protocols like Aave, the ruling may clarify legal obligations when holding contested funds. For creditors and victims of hacks, it underscores the challenges of recovering assets that pass through decentralized platforms. The case also raises questions about the legal status of crypto assets in cross-border disputes involving sanctioned entities. Conclusion As the June 5 rehearing approaches, the court’s demand for detailed briefs indicates that the ownership of the frozen Ethereum is far from settled. Both Aave and Gerstein Harrow will need to present compelling legal arguments on the nature of the assets and the priority of claims. The crypto community will be watching closely, as this case could influence future legal strategies for asset recovery and the treatment of funds linked to illicit actors. FAQs Q1: Why did the court request more information from Aave? Judge Garnett found that Aave did not sufficiently explain the potential for increased losses if the freeze on the $71 million in Ethereum is maintained. She also sought clarification on legal issues such as the nature of the stolen assets and creditor priority. Q2: Who is Gerstein Harrow and why are they involved? Gerstein Harrow is a law firm representing creditors who won an $877 million judgment against North Korea for terrorism. They claim the frozen Ethereum is linked to the Lazarus Group and are seeking to recover the funds as part of that judgment. Q3: What happens next in this case? Both parties must submit supplemental briefs by May 22. A rehearing is scheduled for June 5, where the court will consider the new arguments before making a final ruling on the ownership and distribution of the frozen Ethereum. This post US Court Orders Aave and Creditors to Submit New Briefs Over $71M Frozen ETH first appeared on BitcoinWorld .
14 May 2026, 06:18
Ripple CTO Emeritus Issues Urgent Warning About XRP Scams

The undeniable growth of the overall cryptocurrency industry over the past decade has, unfortunately and expectedly, led to an increasing number of scammers trying to exploit unsuspecting victims in various ways. Ripple and its broader ecosystem are no exception, as they have often been targeted by such fraudsters. The latest warning came from the company’s CTO Emeritus. Stay Safe, XRP Family David ‘JoelKatz’ Schwartz issued the warning to his over 700,000 followers on X, indicating that there has been a “huge escalation lately in airdrop and giveaway scams targeting XRPL users.” Airdrop scams typically mean that victims are prompted to enter their blockchain wallets with the promise of receiving new (and free) tokens. Although there are numerous legit airdrops in crypto, they go through the official channels. Ripple has never actually completed such initiatives, so Schwartz warned that “any such posts you see are likely scams.” Giveaway scams work similarly. The bad actors urge users to send a certain amount of tokens to an address operated by them, promising to return twice the amount. In general, they promote the alleged giveaways with some promotion or celebration. It does sound lucrative and promising, perhaps that’s why a lot of users have fallen victim, but there’s no free lunch, and people who have sent tokens do not get anything in return. Schwartz emphasized that if someone is pretending to be him on social media, they are “likely a scammer.” SCAM ALERT: There has been a huge escalation lately in airdrop and giveaway scams targetting XRPL users lately. Any such posts you see are likely scams. Anyone claiming to be me on Instagram, Telegram, or almost anywhere else is likely a scammer. Stay safe XRP fam. — David ‘JoelKatz’ Schwartz (@JoelKatz) May 14, 2026 Not the First As mentioned above, this is not the first time the XRP community has been targeted by bad actors. CryptoPotato reported in July last year that scammers used YouTube as their main platform to impersonate Ripple’s official account and execs to promote various frauds, including giveaways and airdrops. Months later, the company’s official X account alerted that such fraudsters had started fake Ripple or XRP livestreams and even deepfake videos, trying to scam viewers out of their tokens. The firm’s CEO, Brad Garlinghouse, warned before the 2025 holiday season that bad actors are likely to intensify their efforts, and praised a website that provides more information on how users can protect themselves. The post Ripple CTO Emeritus Issues Urgent Warning About XRP Scams appeared first on CryptoPotato .
14 May 2026, 05:30
Aptos Deploys Formal Verification System to Shield Blockchain from AI-Powered Attacks

BitcoinWorld Aptos Deploys Formal Verification System to Shield Blockchain from AI-Powered Attacks Aptos (APT) has become the first major Layer 1 blockchain to integrate a formal verification system designed to defend against the growing threat of AI-driven attacks. The project announced the deployment on its official X account, marking a significant step in proactive blockchain security. Move Prover: A Formal Barrier Against AI Threats The verification method is implemented through the Move Prover, a proofing tool developed with AI assistance to analyze code written in the Move programming language. Unlike traditional security audits that rely on manual review or heuristic scanning, formal verification mathematically proves the correctness of smart contract code. This approach is particularly relevant as attackers increasingly use generative AI to craft sophisticated exploits that can bypass conventional detection methods. By embedding formal verification directly into the development pipeline, Aptos aims to prevent vulnerabilities before they are deployed on the mainnet. The Move Prover automatically checks for common security flaws such as integer overflows, access control violations, and logical inconsistencies, providing developers with a rigorous safety net. Why This Matters for the Broader Blockchain Ecosystem The timing of Aptos’ announcement aligns with a broader industry trend: the rise of AI-generated malware and automated exploit scripts targeting decentralized finance (DeFi) protocols. According to multiple security reports, the number of AI-assisted attacks on blockchain networks has increased significantly in 2025, with attackers using large language models to generate novel attack vectors at scale. Formal verification offers a mathematical guarantee of code correctness, which is fundamentally different from standard auditing. While audits identify known patterns of vulnerability, formal verification can detect unknown or novel exploits that an auditor might miss. For institutional investors and enterprises considering blockchain adoption, this level of assurance could be a deciding factor. Implications for Developers and Users For developers building on Aptos, the integration of the Move Prover means they can now verify their smart contracts automatically during the development process, reducing the risk of costly post-deployment bugs. For end users, it translates to a more secure environment for transacting and interacting with decentralized applications. Aptos’ move also puts pressure on competing Layer 1 networks to adopt similar formal verification tools. As AI capabilities continue to evolve, the blockchain industry may need to shift from reactive security patches to mathematically provable defenses as a baseline standard. Conclusion Aptos’ adoption of formal verification via the Move Prover represents a forward-looking approach to blockchain security in an era of AI-powered threats. By prioritizing mathematical proof over traditional auditing, the network is setting a new benchmark for proactive defense. Whether this becomes an industry standard will depend on adoption rates and the evolving sophistication of AI-driven attacks. FAQs Q1: What is formal verification in blockchain? Formal verification is a mathematical method used to prove that a smart contract’s code behaves exactly as intended, eliminating entire classes of bugs and vulnerabilities before deployment. Q2: How does the Move Prover work? The Move Prover is a tool that analyzes Move language code and automatically checks for logical errors, security flaws, and invariants. It provides developers with a proof that their code is correct under all possible conditions. Q3: Why is this important against AI attacks? AI-generated attacks can create novel exploit patterns that traditional security audits may not recognize. Formal verification provides a mathematical guarantee of correctness that is not dependent on recognizing known attack patterns. This post Aptos Deploys Formal Verification System to Shield Blockchain from AI-Powered Attacks first appeared on BitcoinWorld .













































