hodler

27 Feb 2026, 07:50

22 BTC Lost in South Korea: Seed Phrase Scandal

South Korean police lost the 22 BTC they had seized, two arrests. Seed phrase violation, linked to 2021 hack. BTC 67.481 USD, downtrend continues. Technical levels and security lessons.

27 Feb 2026, 07:05

XRP Ledger Critical Security Vulnerability Patched

XRP Ledger Foundation patched a critical signature verification vulnerability. Cantina AI detected it, funds are safe. XRP price $1.41 (-%2.33), S1 support $1.3967 strong. Read for details and tech...

27 Feb 2026, 06:02

Critical XRP Ledger Bug in Batch Amendment Could Have Drained User Wallets

A major logic flaw within the XRP Ledger (XRPL) codebase has been narrowly averted, preventing an exploit that would have enabled unauthorized fund transfers and account deletions..

27 Feb 2026, 04:25

IoTeX CIOTX Hack Triggers Drastic Proposal: Ending Support Across All Networks After $4.4M Devastation

BitcoinWorld IoTeX CIOTX Hack Triggers Drastic Proposal: Ending Support Across All Networks After $4.4M Devastation In a decisive move following a crippling security breach, the IoTeX blockchain has formally proposed terminating all support for its CIOTX token across every major network. This drastic governance proposal, designated IIP-56, comes directly after a hacker illicitly minted 410 million CIOTX and drained $4.4 million in bridged assets, marking a pivotal moment for cross-chain security in early 2025. IoTeX CIOTX Hack Exposes Critical Cross-Chain Vulnerabilities The IoTeX network recently confirmed a devastating exploit originating from a validator key compromise. Consequently, an attacker gained unauthorized access and minted a massive quantity of CIOTX tokens. Subsequently, the hacker bridged these assets and converted them into Bitcoin and Ethereum, resulting in a total loss of $4.4 million. This incident immediately triggered an internal security review and crisis response from the IoTeX core team. The breach highlights persistent risks within multi-chain token ecosystems, especially concerning bridge security and validator infrastructure. Furthermore, it underscores the complex challenges projects face when managing wrapped or synthetic asset versions across disparate blockchains like Ethereum, Solana, and BSC. Understanding the IIP-56 Proposal and Its Network-Specific Plan The IoTeX Improvement Proposal 56 (IIP-56) outlines a structured termination process for CIOTX. Importantly, the plan acknowledges varying levels of impact across different chains. For instance, the proposal details specific steps for Ethereum, Base, Solana, Binance Smart Chain, Polygon, and the IoTeX mainnet itself. Each network will follow a tailored procedure based on the extent of the damage and the technical mechanisms involved. The IoTeX team emphasizes that this measured approach aims to ensure an orderly wind-down while protecting remaining user assets. Moreover, the proposal will enter a formal community discussion phase before progressing to a binding governance vote, demonstrating a commitment to decentralized decision-making. The Technical and Market Impact of the $4.4 Million Exploit Analysts point to the exploit’s mechanism as a classic example of a supply attack. By minting tokens illegitimately and then draining liquidity from bridges, the hacker exploited the inherent trust in cross-chain messaging protocols. This event has immediately impacted CIOTX liquidity and cast a shadow over IoTeX’s broader DeFi integrations. Market data shows increased volatility for IOTX, the native token, as investors assess the long-term implications. The incident also renews focus on the security models of blockchain bridges, which have been a frequent target for hackers in recent years. Industry experts consistently warn that bridges represent concentrated points of failure in the multi-chain landscape. Comparative Analysis of Cross-Chain Security Incidents in 2024-2025 The IoTeX situation is not an isolated event. The following table compares recent significant cross-chain exploits, providing context for the scale and response of the CIOTX hack. Project/Protocol Date Approx. Loss Primary Cause Key Response IoTeX (CIOTX) Early 2025 $4.4 Million Validator Key Theft IIP-56 Proposal to End Support Multichain Mid-2023 $130+ Million Private Key Compromise Protocol Effectively Shut Down Wormhole Bridge 2022 $325 Million Signature Verification Flaw Funds Replaced by Backer Ronin Bridge 2022 $625 Million Compromised Validator Nodes Network Hard Fork & Reimbursement This comparative view illustrates that while the IoTeX hack’s financial scale is smaller, the proposed response—completely ending support for an asset—is a notably drastic governance action. It reflects a growing trend where projects choose to sunset compromised assets rather than attempt complex and risky recoveries. The Governance Pathway: From Community Discussion to Final Vote IoTeX has committed to a transparent governance process for IIP-56. The proposal will first undergo extensive discussion on forums and social platforms. Key stakeholders, including token holders, validators, and ecosystem developers, will debate the merits and consequences. Critical discussion points will likely include: User Asset Protection: How to safeguard legitimate CIOTX holders during the wind-down. Technical Execution: The specific smart contract calls and network updates required for each blockchain. Precedent Setting: The long-term implications for IoTeX’s reputation and future multi-chain initiatives. Alternative Solutions: Whether a token redenomination or snapshot-and-replace model was feasible. Following this discourse, a formal snapshot vote will determine the proposal’s fate. This process underscores the real-world application of decentralized governance in crisis management. Expert Insights on Validator Security and Future Precautions Security researchers emphasize that validator key management remains a paramount concern. The IoTeX incident reportedly stemmed from a single point of failure. Consequently, experts advocate for more robust key distribution mechanisms, such as Multi-Party Computation (MPC) or distributed validator technology (DVT). These systems eliminate single points of compromise by splitting key authority across multiple parties or machines. Furthermore, the event will likely accelerate audits of other cross-chain asset representations within the IoTeX ecosystem. The broader industry may see increased insurance demands for bridge protocols and more conservative liquidity provisioning as a direct result of this hack. Conclusion The IoTeX CIOTX hack and the subsequent IIP-56 proposal represent a critical case study in blockchain crisis response. The $4.4 million exploit has forced a fundamental reevaluation of the asset’s viability across six major networks. IoTeX’s path forward—centered on community governance and a potentially terminal solution for CIOTX—highlights the severe and lasting impact of security failures in the interconnected world of decentralized finance. This event serves as a stark reminder of the persistent security challenges in cross-chain architecture as the industry moves further into 2025. FAQs Q1: What is CIOTX and how is it different from IOTX? CIOTX is a cross-chain representation of the native IOTX token, allowing it to be used on other blockchains like Ethereum and Solana. IOTX is the primary token on the IoTeX mainnet, while CIOTX is a bridged, wrapped version. Q2: What does the IIP-56 proposal actually mean for CIOTX holders? If passed, IIP-56 would initiate a process to permanently end support for CIOTX tokens across all supported networks. Legitimate holders would likely be given a specific timeframe and procedure to redeem or exchange their CIOTX for native IOTX or other assets before support ceases. Q3: How did the hacker manage to steal $4.4 million? The attacker compromised a validator’s private key, which granted the authority to mint new CIOTX tokens illegitimately. The hacker then minted 410 million CIOTX, bridged them, and swapped the assets for Bitcoin and Ethereum on various decentralized exchanges. Q4: Will the IoTeX network itself be affected by this proposal? The IoTeX mainnet and its native IOTX token continue to operate independently. The proposal specifically targets the cross-chain CIOTX representations. However, the network’s reputation and cross-chain interoperability efforts may experience short-term negative impact. Q5: What happens if the IIP-56 governance vote fails? If the community rejects the proposal, the IoTeX core team and community would need to devise an alternative solution to manage the exploited CIOTX supply and restore trust. This could involve a token redenomination, a buyback scheme, or another technical remediation, but continuing with the compromised status quo is highly unlikely. This post IoTeX CIOTX Hack Triggers Drastic Proposal: Ending Support Across All Networks After $4.4M Devastation first appeared on BitcoinWorld .

27 Feb 2026, 03:15

Crypto CEO Arrested: Shocking Twist as Executive Steals 22 BTC from Police Custody After Reporting Hack

BitcoinWorld Crypto CEO Arrested: Shocking Twist as Executive Steals 22 BTC from Police Custody After Reporting Hack SEOUL, South Korea – In a stunning reversal that exposes critical vulnerabilities in digital asset security protocols, authorities have arrested a cryptocurrency CEO for allegedly stealing 22 Bitcoin from police custody – the same coins he originally reported as stolen in a 2020 hack. This unprecedented case, first reported by Yonhap News, reveals how executives exploited law enforcement systems during financial distress, creating a complex web of deception that ultimately unraveled through forensic blockchain analysis. Crypto CEO Arrested in Elaborate Police Evidence Heist South Korean investigators have uncovered what they describe as one of the most audacious cryptocurrency crimes in recent memory. According to police documents obtained from the Seoul Metropolitan Police Agency, two men in their 40s – identified as the CEO and de facto operator of a local cryptocurrency firm – orchestrated the theft of digital assets worth approximately 1 billion won ($750,000) from the Gangnam Police Station’s evidence storage facility. The investigation determined the men accessed the Bitcoin while it was under official police protection, converting the cryptocurrency through sophisticated laundering techniques. Furthermore, forensic accountants traced the movement of funds across multiple exchanges. Consequently, they established a clear paper trail connecting the executives to the stolen assets. This case represents a significant breach of institutional trust. Additionally, it highlights growing concerns about insider threats within the cryptocurrency industry. Police have charged both individuals with multiple offenses including: Embezzlement of digital assets from police custody Fraudulent reporting of a fictional hack Obstruction of justice through false testimony Money laundering across international exchanges The Original 2020 Hack Report: Fabricated Crisis Authorities now believe the executives’ initial 2020 police report contained entirely fabricated claims. According to financial records reviewed by investigators, the company filed reports stating that “billions of won worth” of their proprietary tokens had disappeared through a sophisticated cyberattack. However, blockchain forensic analysis conducted by Chainalysis and local cybersecurity firm S2W revealed contradictory evidence. The table below compares the reported versus actual events: Reported Event (2020) Actual Event (2025 Investigation) External hackers breached company wallets Executives transferred funds to controlled addresses Loss of proprietary tokens worth billions Bitcoin assets secretly maintained under different keys Random criminal targeting Premeditated internal scheme during financial crisis Moreover, the investigation uncovered financial statements showing the company faced severe liquidity problems throughout 2019-2020. Police suspect the executives created the false hack narrative to explain missing funds to investors while secretly maintaining control of the assets. The Bitcoin remained accessible through private keys that never left the executives’ possession, despite being officially reported as stolen and surrendered to police evidence. Forensic Blockchain Analysis Unravels the Scheme Digital forensic specialists employed sophisticated tracing methodologies to connect the stolen police evidence to the executives’ personal accounts. According to Dr. Kim Jae-won, a blockchain security expert at Korea University, “The investigation required analyzing thousands of transactions across multiple blockchains. Eventually, pattern recognition software identified distinctive wallet clustering that pointed directly to the executives’ known addresses.” This technical breakdown reveals how modern cryptocurrency investigations combine traditional financial forensics with cutting-edge blockchain analytics. Additionally, exchange compliance officers provided crucial Know Your Customer (KYC) data that matched the executives’ identities to withdrawal requests. International cooperation through the Financial Action Task Force (FATF) protocols enabled tracking across jurisdictions. The recovered evidence shows the executives converted portions of the Bitcoin through: Peer-to-peer exchanges with minimal identification requirements Small transactions across multiple platforms to avoid detection thresholds Conversion to privacy-focused cryptocurrencies before cashing out Traditional banking channels once converted to fiat currency Broader Implications for Cryptocurrency Regulation and Security This case has triggered immediate policy reviews within South Korea’s financial regulatory framework. The Financial Services Commission (FSC) announced enhanced evidence handling protocols for digital assets following the security breach at the Gangnam Police Station. Specifically, authorities will implement multi-signature wallet requirements for all seized cryptocurrency, ensuring no single officer can access assets without multiple approvals. These measures address the vulnerability exploited in this case. Furthermore, cryptocurrency exchanges operating in South Korea now face stricter reporting requirements for large transactions connected to legal proceedings. The Korea Financial Intelligence Unit (KoFIU) has expanded its monitoring of judicial-related cryptocurrency movements. Industry experts warn that such incidents could undermine institutional adoption of digital assets. Jane Lee, a regulatory compliance specialist at Bithumb, notes, “This case demonstrates why robust custody solutions and independent auditing remain essential for mainstream cryptocurrency acceptance.” Historical Context: Evolving Cryptocurrency Crime Patterns This police evidence theft represents an evolution in cryptocurrency-related crimes. Initially, most incidents involved external hackers targeting exchanges or individual wallets. However, recent years show increasing instances of insider threats and institutional vulnerabilities. The 2022 FTX collapse revealed how executives could manipulate internal systems, while this Seoul case demonstrates how even law enforcement evidence storage faces sophisticated targeting. Comparative analysis shows distinct patterns emerging in Asian cryptocurrency markets where regulatory frameworks remain in development phases. South Korean authorities have prosecuted several high-profile cryptocurrency cases recently, including the 2023 V Global exchange scam that defrauded investors of approximately $1.8 billion. However, this police evidence theft represents a novel attack vector that bypasses traditional security measures. The table below illustrates the progression of major South Korean cryptocurrency crimes: Year Case Method Amount 2018 Coinone employee bribery Exchange listing manipulation $2.4 million 2020 Bitcoin savings fraud Ponzi scheme targeting retirees $18 million 2023 V Global exchange Multi-level marketing scam $1.8 billion 2025 Police evidence theft Insider access to custody $750,000 Conclusion The arrest of this crypto CEO for stealing Bitcoin from police custody represents a watershed moment for digital asset security and regulatory oversight. This case exposes vulnerabilities in institutional handling of cryptocurrency evidence while demonstrating the sophisticated forensic tools now available to investigators. As blockchain technology continues evolving, so too must the security protocols protecting digital assets – whether in private wallets or police evidence rooms. The Seoul investigation ultimately succeeded through international cooperation, advanced blockchain analytics, and traditional financial forensics, providing a template for future cryptocurrency crime investigations worldwide. FAQs Q1: How did the crypto CEO access Bitcoin in police custody? Investigators believe the executives maintained control of private keys despite surrendering the Bitcoin to police. The Gangnam Police Station stored the digital assets in a standard evidence locker without implementing multi-signature security protocols, creating a vulnerability the executives exploited during financial audits. Q2: What happened to the stolen Bitcoin after the theft from police evidence? Forensic analysis shows the executives converted the 22 Bitcoin through multiple cryptocurrency exchanges using sophisticated laundering techniques. They employed peer-to-peer platforms, divided transactions to avoid detection thresholds, and eventually converted portions to fiat currency through traditional banking channels. Q3: How did investigators connect the stolen Bitcoin to the executives? Blockchain forensic firms analyzed transaction patterns across multiple addresses, identifying wallet clustering that connected the stolen funds to known addresses controlled by the executives. Exchange KYC data and international cooperation through FATF protocols provided additional evidence linking the individuals to withdrawal requests. Q4: What security changes are South Korean authorities implementing after this incident? The Financial Services Commission announced enhanced evidence handling protocols including mandatory multi-signature wallets for all seized cryptocurrency, stricter access controls, and regular independent audits of digital asset evidence storage systems. Q5: How does this case affect cryptocurrency regulation in South Korea? This incident has accelerated regulatory discussions about institutional custody standards and evidence handling procedures. Exchanges now face stricter reporting requirements for transactions connected to legal proceedings, while police departments are implementing specialized digital evidence training programs. This post Crypto CEO Arrested: Shocking Twist as Executive Steals 22 BTC from Police Custody After Reporting Hack first appeared on BitcoinWorld .

26 Feb 2026, 23:30

'Upgraded Tornado Cash' Foom.Cash faces almost $2.3M loss in exploit

Foom.Cash, an Ethereum-based privacy protocol that positioned itself as an evolution of the sanctioned mixer Tornado Cash, has reportedly lost approximately $2.26 million in tokens after an attacker exploited a flaw in its cryptographic verification system, according to alerts issued by multiple blockchain security firms. The attack, which struck contracts on both the Ethereum and Base networks, drained 24,283,773,519,600 FOOM tokens, the platform’s native asset, in what security researchers have described as a copycat exploit replicating a near-identical vulnerability targeted in a separate protocol just days earlier. A single transaction on the Base network accounted for approximately $427,000 in losses attributed directly to the malicious actor. Transactions on Ethereum totaling around $1.83 million appear to have been part of a white-hat rescue operation. How did the exploit happen? BinanceLabs-led Web3 security network, GoPlus Security , flagged the attack, reporting that an incorrect verification key configuration allowed the attacker to forge zkSNARK proofs. This allowed them to fabricate cryptographic credentials that the protocol accepted as valid and then extract large volumes of tokens from the compromised contracts. Blockchain security platform, Certik, wrote on X , “The root cause may be the delta2==gamma2 setting of the Groth16 verifier at 0xc043865fb4D542E2bc5ed5Ed9A2F0939965671A6. This enables the exploiter to compute ‘pC’ needed for different ‘nullifierHash’ while all other inputs are the same, and repeatedly collect ZOOM tokens.” In short, a protocol whose marketing emphasized the near-impossibility of reversing its cryptographic protections was undone by a misconfiguration. BlockSec’s Phalcon monitoring system, which detected suspicious transactions across both networks in real time, stated that the incident appeared to be an imitation attack. The firm noted that the attack exploited the same root cause previously identified in the Veil Cash breach, which happened a few days prior. Although it is worth mentioning that the Veil Cash breach was more limited in scale, with losses contained to a small number of ETH, reportedly 2.9 ETH. What is Foom.Cash? Foom.Cash positions itself as a “ZKProof-powered Private Lottery Protocol” that combines the anonymity of Zcash, which operates as a standalone privacy chain, the accessibility of Ethereum’s DeFi ecosystem, and a built-in randomized reward mechanism. It is touted as an upgrade to Tornado Cash and an alternative to Zcash on Ethereum. Tornado Cash was sanctioned by the US Treasury in 2022, but the department lifted its sanctions on the platform in March 2025. According to the platform, it processes more daily transactions than Tornado Cash, boasts over eight million dollars in liquidity, and generates annual returns of 50 to 80% for liquidity providers. Privacy in DeFi has been experiencing renewed interest, with Zcash registering a significant price increase in recent months, and Foom.Cash sought to capitalize on that trend by offering privacy natively within Ethereum’s existing infrastructure. The platform used a specific variant called zkSNARKs, which is one of the key ingredients behind privacy guarantees in well-established protocols such as Zcash. What is Foom.Cash doing to recover funds and resolve the exploit? So far, the only mention of a recovery is tied to the second transaction of about $1.83 million, which security firms report to have been part of a white-hat rescue operation. However, the Foom.Cash team has yet to mention or acknowledge the hack. So, as of the time of writing, there is no information on the extent of the impact from the protocol or what the protocol is doing to mitigate future attacks. The whitehat recovery hints that the team may be working behind the scenes to recover the funds and resolve the underlying issues. Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.