News
8 Jun 2026, 20:54
Bored Ape Maker Yuga Labs Rescues Dozens of Ethereum NFTs From Exploit

The Bored Ape Yacht Club creator now holds more than 60 rescued NFTs in its custody as it works to return them to their rightful owners.
8 Jun 2026, 18:25
Aave faces $8.45 billion outflow after $292 million hack

🚨 $8.45 billion exited from Aave within 48 hours after a $292 million KelpDAO hack. 💸 Emergency support of 30,000 ETH helped stabilize $AAVE during the crisis. 🔍 Attackers used infrastructure vulnerabilities, fueling criticism of DeFi security. Continue Reading: Aave faces $8.45 billion outflow after $292 million hack The post Aave faces $8.45 billion outflow after $292 million hack appeared first on COINTURK NEWS .
8 Jun 2026, 16:10
Aave Founder’s ‘Resilience’ Claim After KelpDAO Hack Masks Deeper Protocol Flaws

BitcoinWorld Aave Founder’s ‘Resilience’ Claim After KelpDAO Hack Masks Deeper Protocol Flaws In the wake of the April KelpDAO hack, Aave founder Stani Kulechov publicly championed the resilience of decentralized finance. However, a deeper examination of the incident, as detailed by CoinDesk, reveals that the event exposed significant structural weaknesses in the lending protocol’s risk management framework, raising questions about the true state of DeFi security. The $292 Million Exploit and the $8.45 Billion Bank Run The attack on KelpDAO, executed through a LayerZero bridge, resulted in the theft of approximately $292 million in cryptocurrency. This event triggered a severe crisis of confidence in Aave, leading to a rapid and massive withdrawal of funds. Over a 48-hour period, users pulled $8.45 billion from the protocol, effectively creating a modern-day bank run within the decentralized finance ecosystem. The scale of the outflow demonstrated a fragility that contradicted the narrative of a robust, self-correcting system. A $300 Million Emergency Bailout and Limited Resilience Aave ultimately managed to stabilize the situation, but not through its own automated mechanisms. The protocol required a $300 million emergency bailout to restore liquidity and prevent a complete collapse. While Kulechov framed this as a testament to the community’s ability to rally, critics argue that reliance on an ad-hoc bailout is antithetical to the core principles of DeFi, which are supposed to be trustless and autonomous. The event highlighted a gap between the theoretical resilience of smart contracts and the practical fragility of liquidity pools under extreme stress. Systemic Risk and the V4 Upgrade The KelpDAO incident underscored a critical vulnerability: the interconnectedness of DeFi protocols. A flaw in one bridge or lending market can cascade through the entire system. In response, Aave has announced plans to address these systemic risks with its upcoming V4 upgrade. However, the specifics of how V4 will prevent a similar scenario—such as enhanced oracle mechanisms, dynamic risk parameters, or isolated liquidity pools—remain under development. The upgrade represents a necessary but unproven step toward hardening the protocol against future attacks. Conclusion Stani Kulechov’s characterization of the post-hack recovery as a display of resilience is, at best, incomplete. The KelpDAO incident revealed that Aave’s risk management systems were ill-equipped to handle a coordinated attack on a connected protocol. The $300 million bailout, while effective in the short term, exposed a reliance on human intervention that contradicts the promise of decentralized, automated finance. As Aave moves toward its V4 upgrade, the true test will be whether it can implement structural safeguards that make such emergency measures unnecessary. FAQs Q1: What exactly happened in the KelpDAO hack? The attacker exploited a vulnerability in KelpDAO’s LayerZero bridge to steal $292 million in cryptocurrency. This triggered a liquidity crisis on Aave, leading to a $8.45 billion bank run. Q2: How did Aave recover from the crisis? Aave was stabilized through a $300 million emergency bailout, which restored confidence and liquidity. However, this was a manual intervention, not an automated DeFi function. Q3: What is the Aave V4 upgrade expected to change? Aave V4 is intended to address systemic risk by improving risk management parameters, potentially including better oracle systems and isolated liquidity pools, though specific details are still being finalized. This post Aave Founder’s ‘Resilience’ Claim After KelpDAO Hack Masks Deeper Protocol Flaws first appeared on BitcoinWorld .
8 Jun 2026, 15:17
Aave chief defends protocol's 'resilience' after $8.45 billion bank run

The founder of the largest DeFi platform blamed "third-party” entities for decentralized finance’s vulnerabilities, while independent data highlights severe gaps in Aave’s own risk architecture.
8 Jun 2026, 15:14
Yuga Labs Just Pulled Off A $500,000 Crypto Heist — Against These Hackers

Yuga Labs, the company behind Bored Ape Yacht Club and CryptoPunks, completed a covert whitehat operation on June 8 to rescue 68 blue-chip NFTs — worth more than $500,000 — from an active exploit targeting Flooring Protocol, deploying its own funds and acting before additional attackers could drain assets that included some of the most valuable tokens in NFT history. Yuga Labs CEO Michael Figge (@mfigge) announced the successful operation on X, publishing a full inventory of the rescued assets now held in the company’s custody: 29 Bored Ape Yacht Club NFTs, four Mutant Apes, one Bored Ape Kennel Club token, two CryptoPunks, one Azuki, two Elementals, 26 Captains, one Moonbird, and two Doodles. “We’ve just finished a whitehat operation on an exploit discovered in Flooring Protocol,” Figge wrote, noting that Yuga Labs VP of Blockchain 0xQuit (@0xQuit) led the on-chain recovery effort. The operation was funded through GrailsOTC, Yuga Labs’ over-the-counter trading desk — which Figge said he “quietly instructed” to front the capital and NFTs needed to pull the at-risk assets out of the protocol before additional bad actors could act on the same vulnerability. The company plans to return all 68 NFTs to their original owners once a technical fix has been deployed and verified. How The Crypto Exploit Worked The mechanics of the attack, explained in a technical thread by 0xQuit on X, reveal a sophisticated vulnerability embedded in Flooring Protocol’s core accounting logic. A malicious actor turned a dust amount of WETH — a negligible quantity — into a near-infinite fpToken balance by exploiting an edge case in how the protocol handled token ownership records. The attacker then used the inflated balance to drain Flooring pools, with a subsequent opportunist scooping up the now-depleted pool tokens and exchanging them for the underlying NFTs. The deeper vulnerability, per 0xQuit’s post, came from packed ownership and indexing logic — a technical design choice where a malicious token ID could make ownership verification checks pass while downstream accounting recorded a different result entirely, creating what he described as “ghost ownership.” An unchecked balance update then caused an arithmetic underflow, handing the attacker a balance far larger than legitimately entitled. Once that inflated balance was in place, token prices could be pushed near zero and liquidity extracted from the pool at will. After reviewing the initial attack path, Yuga Labs’ team identified a second, broader vulnerability that exposed additional NFT pools not yet touched by the original attacker. That discovery triggered the emergency whitehat operation — the team moved to pull all at-risk assets before another actor could find and exploit the same second path independently. The Protocol Behind The Incident Flooring Protocol’s architect, @0xFreeLunch, acknowledged on X that the vulnerability originated in gas-saving bit-level code design — a class of optimization where developers reduce computational costs by packing multiple values into shared storage slots. Despite multiple security reviews, the flaw went undetected, per his post. The admission is notable: gas optimization trade-offs that appear safe in isolation can create exploitable surface area when token IDs fall outside expected ranges. Flooring Protocol had already been winding down its consumer-facing NFT services since September 2025 — the platform advised FPv2 token holders to redeem assets and exit fractional positions before October of that year. Yet its smart contracts remained live with user assets inside, creating exactly the kind of legacy exposure that attackers increasingly target in aging DeFi infrastructure. 0xQuit warned on X that some NFTs remain under attacker control and urged all users to avoid depositing additional NFTs into Flooring Protocol until a verified fix is deployed. CryptoPunks — two of which were among the rescued assets — currently carry a floor price of approximately 32.7 ETH, or roughly $54,612 per token, while BAYC NFTs sit around 9.16 ETH, per CoinGecko data. This development marks a pivotal and unusual moment for the nascent sector’s approach to DeFi security. A blue-chip NFT company deploying its own balance sheet to rescue third-party assets from an active exploit — unprompted, at speed, and at cost — is a form of ecosystem responsibility the space rarely sees. The question the industry will now ask is how many other aging protocols still carry similar vulnerabilities in their legacy contracts, waiting for the attacker who finds the second path before anyone else does. Cover image from Grok, ETHUSD chart from Tradingview
8 Jun 2026, 13:00
Yuga Labs Rescues $500K in NFTs After Flooring Protocol Exploit

The rescued assets included NFTs from major collections like Bored Ape Yacht Club and CryptoPunks. Yuga Labs CEO Michael Figge confirmed that the NFTs are being held in custody until a return process is finalized. The incident affected Flooring Protocol as the platform was already winding down parts of its NFT business after liquidity challenges and organizational changes. Yuga Labs Saves 68 NFTs Yuga Labs-affiliated developers successfully recovered 68 non-fungible tokens (NFTs) after an exploit targeting Flooring Protocol placed several high-value digital collectibles at risk. The recovered assets included NFTs from some of the most valuable collections in the industry, like Bored Ape Yacht Club (BAYC) and CryptoPunks. Yuga Labs CEO Michael Figge confirmed that the recovered NFTs are currently being held in the company’s custody. According to Figge, the assets will remain secured until a suitable solution is finalized to facilitate their return to their rightful owners. The recovery effort was also mentioned by Yuga Labs’ pseudonymous vice president of blockchain, known as 0xQuit, who estimated that the rescued NFTs were worth more than $500,000. The incident occurred against the backdrop of a cooling NFT market, although some blue-chip collections still boast impressive valuations. At press time, CryptoPunks maintained a floor price of approximately 33.9 ETH, which is equivalent to around $54,600, while Bored Ape Yacht Club NFTs traded at a floor price of roughly 9.16 ETH. The exploit impacted Flooring Protocol, a platform that already began winding down portions of its NFT-focused operations. In September of 2025, the project announced that its Web3 consumer services would enter sunset mode and advised FPv2 token holders to redeem their NFTs and exit any fractionalized positions before mid-October. The platform’s challenges reportedly stemmed from liquidity constraints and organizational changes that left parts of its NFT division without active management. Former Flooring Protocol CEO FreeLunchCapital stated that they continued providing liquidity to support users exiting positions and left some personal NFT assets on the platform. These assets ultimately became one of the primary targets during the exploit. FreeLunchCapital also revealed ongoing discussions with the parent organization behind the management team in an effort to regain control of the protocol. While NFT trading activity is still well below the sector’s peak levels that were reached during the market boom, the industry still represents billions of dollars in value. Recent market data showed that total NFT market capitalization climbed to approximately $2 billion in late April and early May before declining to around $1.4 billion. Total NFT market cap over the past 3 months (Source: CoinGecko)















































