Invest ideasNews
9 May 2026, 22:47
Bengaluru hacker caught after seven years in crypto heist probe
India’s Enforcement Directorate (ED) arrested the main suspect in a long running Bitcoin theft case on Saturday, pulling in two associates with him in Bengaluru. The ED arrested Srikrishna, who goes by Sriki, along with Robin Khandeval and Sunish Hegde. They’re facing accusations tied to a cryptocurrency fraud worth Rs 11.5 crore, ~$1.3 million, according to local media outlets. A special court gave the ED 10 days of custody to dig deeper. The hack started in 2017 This scam goes back to 2017. That’s when Sriki and his crew allegedly broke into national and international websites and made off with Bitcoin. The stolen coins included a haul from a Dubai exchange, investigators think. The crypto then got funneled to people with political ties in Karnataka. Sriki first landed on law enforcement’s radar in November 2020. He got arrested for allegedly buying hydro ganja on the dark web using Bitcoin. India’s ED has been chasing this Bitcoin scam for years now. The police are investigating illegal crypto transactions, hacking, and various financial irregularities. The case kicked up a lot of political noise in Karnataka. On April 20, the ED raided 12 locations linked to the accused and their associates. Among the targets, places connected to Mohammed Haris Nalapad and Omar Farook Nalapad, sons of Shantinagar MLA N.A. Haris. Mohammed Hakeeb Khan, grandson of former Union Minister K. Rehman Khan, also had his residence searched. The ED thinks Mohammed Haris and Omar Farook ended up with proceeds from the crime. Investigators claim the hacked Bitcoin moved from the Dubai exchange to the Nalapads. The agency’s been tracing the digital trail. Suspicious money transfers through Hakeeb Khan’s bank accounts triggered searches at his place too. Transactions between Khan and Sriki are still under investigation as part of the wider probe. The case got passed around between Indian authorities Bengaluru’s Central Crime Branch handled the Bitcoin scam initially. Then it got transferred to Karnataka’s Criminal Investigation Department. The ED eventually took over, using the Prevention of Money Laundering Act to track proceeds across crypto wallets and traditional banking channels. In a separate case, the Himachal Pradesh High Court recently denied bail to Abhishek Sharma. He’s accused of running a crypto MLM scheme that allegedly ripped off +80,000 investors for Rs 500 crore, or ~$3.6 million, Cryptopolitan previously reported . The court called economic offenses “grave” because they hit the economy. Globally, crypto fraud losses keep climbing. The FBI’s latest annual report recorded $11.4 billion in cryptocurrency losses across the United States in 2025. This is a 22% jump from the prior year, according to Cryptopolitan’s coverage of the report . Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
9 May 2026, 22:00
Aave stabilizes liquidity after rsETH exploit – Are risks fully contained now?
How are the efforts to reshape market confidence going?
9 May 2026, 22:00
Linux kernel flaws put crypto exchanges, validators, and custody systems on alert
Security researchers are currently reacting to two Linux kernel vulnerabilities, which are forcing crypto infrastructure operators into urgent security reviews. On April 29, researchers publicly disclosed a critical local privilege escalation flaw dubbed CVE-2026-31431 or “Copy Fail” in the Linux kernel’s crypto API. Copy Fail reportedly affects every distribution made from 2017. Copy Fail was confirmed active and immediately added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog on May 1. Less than two weeks later, even before many organizations completed mitigation work for Copy Fail, another Linux privilege escalation chain called “Dirty Frag” hit the wild. Dirty Frag was publicly disclosed on May 7. It reportedly combines CVE-2026-43284 and CVE-2026-43500 to obtain root privileges through Linux kernel memory-management flaws. Researchers report that Dirty Frag can manipulate memory allocation patterns to overwrite privileged kernel objects and eventually gain root-level execution. Unlike Copy Fail, Dirty Frag had no available patches at the time of disclosure. Why crypto firms are particularly exposed to the Linux vulnerabilities The crypto space is exposed to the Copy Fail and Dirty Frag vulnerabilities, as most core crypto infrastructure runs on Linux. Crypto exchanges use Linux servers to manage wallets and execute trades. Some of the cn-chain validators on PoS blockchains, like Ethereum and Solana, usually operate on Linux-based environments. The same goes for crypto custodians. Due to this, researchers view Copy Fail and Dirty Frag as a risk to crypto platforms. Copy Fail already has patches available. However, deploying kernel updates across live crypto infrastructure is rarely simple. Dirty Frag presents the biggest risk, given that there are currently no official patches to deploy. At the time of writing, no major crypto exchange or custody provider has publicly disclosed a breach tied to either vulnerability. Both Copy Fail and Dirty Frag are currently featured on the latest alert list of the Canadian Cyber Centre. In one of the reports, the Cyber Center recommends that organizations concerned should disable vulnerable kernel modules until vendor patches are available. It also recommended restricting local and remote access to affected systems, particularly in shared or multi-tenant environments. “Monitor authentication, system, and kernel logs for signs of privilege escalation or abnormal activity,” the Cyber Center adds, among other safety measures. Your bank is using your money. You’re getting the scraps. Watch our free video on becoming your own bank
9 May 2026, 17:49
Hacker Drains $5.9M From Ethereum Liquidity Provider TrustedVolumes
TrustedVolumes, a liquidity provider on the Ethereum blockchain, lost about $5.9 million in funds to a hacker on Thursday. The attacker was able to exploit a vulnerability within the custom trading system used by the platform and managed to withdraw the funds, which included ETH, WBTC, as well as USDT and USDC stablecoins. What Happened According to blockchain security firm Blockaid, which caught the exploit as it was happening, the stolen funds included 1,291 WETH, around 16.9 WBTC, roughly 206,000 USDT, and just under 1.27 million USDC. The attack worked by abusing a design flaw in TrustedVolumes’ custom order-settlement system, known as a Request for Quote (RFQ) proxy. GoPlus Security posted a breakdown showing that the attacker registered themselves as an authorized “order signer” using a function called “registerAllowedOrderSigner()” that was publicly accessible. The function allows anyone to designate their own address as a valid signer for trades they controlled, and while normally that would be harmless enough, the settlement function had a separate problem: it checked authorization against one address while actually pulling funds from a different one. As detailed in a technical report posted by security researcher Defi Nerd, the attacker used that gap to execute four drain transactions against the TrustedVolumes resolver contract, which had previously given the proxy permission to move its tokens. According to them, each time, the proxy pulled assets from the resolver and sent only a single raw USDC unit back. Then the attacker converted the stolen WETH back into ETH and forwarded everything to their own wallet. TrustedVolumes confirmed the exploit and publicly posted three wallet addresses holding the stolen funds, asking the hacker to get in touch about a “bug bounty and a mutually acceptable resolution.” 1inch Distances Itself as DeFi Hacks Continue Because TrustedVolumes functions as a liquidity provider and market maker on 1inch, some early reports framed the incident as a 1inch exploit. However, that is not accurate, and both 1inch and Blockaid put out statements clarifying that the protocol itself was not compromised and no user funds on 1inch were affected. TrustedVolumes operates independently across multiple platforms, not exclusively on 1inch. The attack occurred during an especially difficult period for the DeFi ecosystem since it followed a catastrophic month of April, where more than $650 million worth of crypto was stolen from different projects. KelpDAO and Drift Protocol were the most affected, having $292 million and $285.2 million taken away from them. So at $5.9 million, this latest exploit is smaller in scale. But the technical sophistication of the approach, deploying a helper contract, abusing self-service signer registration, and exploiting a maker/funding-source mismatch in a single transaction, puts it in a different category from a simple bug or misconfiguration. The post Hacker Drains $5.9M From Ethereum Liquidity Provider TrustedVolumes appeared first on CryptoPotato .
9 May 2026, 13:53
LayerZero says it ‘made a mistake’ in $292 Million Kelp exploit
After initially framing the exploit as a developer configuration failure, LayerZero said it “owns” the decision to let its own verifier secure high-value transfers in a vulnerable setup.
9 May 2026, 13:32
LayerZero Labs open letter attempts to explain failures around KelpDAO hack
LayerZero Labs released an open letter explaining its failures in communication and operations following the KelpDAO hack by the Lazarus Group. The cyberattack did not affect LayerZero Labs’ protocol but did affect its internal systems, leading the firm to acknowledge mistakes in previous operations. LayerZero Labs released its apology letter on May 8, 2026. LayerZero admits to past multisig misuse Around April 19, 2026, the Lazarus Group attacked LayerZero Labs’ internal RPC nodes, which were used by their DVN network. The attackers corrupted the source of truth for these internal RPCs and simultaneously launched a DDoS attack against LayerZero Labs’ external RPC provider. LayerZero clarified that the LayerZero protocol was not affected during this incident. As reported by Cryptopolitan , the hack affected only a single application, which is 0.14% of all LayerZero apps and 0.36% of the total value of assets bridged on the platform. The breach led to the $300 million rsETH exploit targeting KelpDAO. In the apology , LayerZero Labs also commented on another security issue that occurred three and a half years ago. In one instance, a signer used the hardware wallet intended for multisig transactions for an individual transaction for McPepes memecoin trading on Uniswap using their personal wallet. A signer was replaced, wallets were swapped, and measures were put in place to prevent similar occurrences in the future. This was in direct contradiction to previous public statements by LayerZero co-founder Bryan Pellegrino, who had referred to such activities as standard “OFT testing” less than 24 hours earlier. Some users pointed out the discrepancy, noting that the memecoins involved had been observed in many transactions from the same multisig wallet for quite some time. As reported by Cryptopoltan, LayerZero clarified that their multisig mechanism only allows control over Endpoint functionality, including chain addition and test default updates. LayerZero pushes developers to do a better security job LayerZero has reiterated its foundational architecture, designed to eliminate single points of failure common in traditional bridges. Every application can independently own its end-to-end security without relying on LayerZero Labs. The company advised developers to take concrete steps: pin all configurations to avoid default settings controlled by LayerZero Labs; increase block confirmations on each chain to minimize reorganization risks; configure DVNs with at least two (preferably three to five) independent parties; and consider operating their own required DVN. The company has also listed some assumptions about trust and liveness. LayerZero Labs’ default applications and DVN that rely on a single verifier rely on all the trust from LayerZero Labs’ multisig. Gas relaying services, such as Essence and LayerZero executors, affect only liveness. After the event, LayerZero Labs no longer supports DVN in the 1/1 configuration; instead, pathway defaults have been upgraded to either 5/5 or 3/3 configurations, where possible, and development of a DVN client in Rust is underway. DeFi implications from the LayerZero breach The response to the attack was met with immediate criticism for its initial attempt to deflect responsibility onto its partners. KelpDAO and Solv Protocol have already switched their systems to Chainlink, and Beefy, Ethena, BitGo, Lombard, and many others are reconsidering their integrations. There are concerns about reduced bridged transaction volumes, Stargate earnings, and $ZRO token buybacks. LayerZero can't be saved anymore? After the ~$300M rsETH exploit, @LayerZero_Core blamed its partners instead of owning it, and they felt the consequences immediately. @KelpDAO & @SolvProtocol have already left, both migrating to @Chainlink . Not only that, the projects below… pic.twitter.com/hkKHCHXGou — Winter Soldier ❄️🙋🏻♂️ (@WinterSoldierxz) May 9, 2026 LayerZero Labs pledged 5,000 ETH to the DeFi United rescue plan and another 5,000 ETH to maintain Aave’s liquidity pools in response to the attack. Nevertheless, the incident sparked a wider discussion about security in cross-chain protocols, despite the expressed apology and the promise to improve the multisig threshold, which is set at 7/10 using OneSig. LayerZero Labs maintains that the protocol remains an essential instrument for conducting safe and sizable transactions, but it will be necessary to wait until the next few weeks to see how developers and organizations move. Your bank is using your money. You’re getting the scraps. Watch our free video on becoming your own bank
