보고서

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

OpenClaw is an open-source, self-hosted personal AI agent platform designed to run on a user’s local machine or server. It supports long-term memory, autonomous operation, integration with mainstream LLMs, and remote control through messaging platforms like Telegram.

암호화폐 ATM 사기는 미국에서 가장 빠르게 증가하고 있는 금융 범죄 유형 중 하나로 자리 잡았습니다. 범죄 조직들은 암호화폐 키오스크의 빠른 거래 속도와 가명성(pseudonymity)을 악용해 취약한 계층으로부터 자금을 갈취하는 활동을 점점 더 빠른 속도로 확대하고 있습니다. Skynet 암호화폐 ATM 사기 보고서에서는 암호화폐 ATM 공격의 유형, 글로벌 통계, 공격자 프로파일, 주요 법 집행 사례, 탐지 및 대응 전략, 그리고 이러한 사기로부터 보호하기 위한 권고 사항을 다룹니다.

In February 2026 two separate exploits occurred on the BNB Smart Chain (BSC), affecting SOF and LAXO tokens, leveraging the same class of vulnerability: a flawed token burn mechanism that allowed price manipulation within a single transaction.

Prediction markets crossed into the mainstream in 2025, with annual trading volume growing 4x and a small number of dominant platforms emerging. Kalshi, Polymarket, and Opinion now control the vast majority of global volume, each pursuing distinct regulatory and technical strategies.

On 30 January 2026, Gyroscope announced via their X account that they had paused liquidity pools due to an issue with their cross-chain contract. The issue led to losses of 6M Gyro Dollar (GYD) tokens with approximately $807k of liquidity extracted by the attacker.

In 2025, wrench attacks unfortunately crossed a critical threshold. What was once treated as an edge-case risk has become a structural threat to digital asset ownership. Attackers are no longer acting opportunistically; they are operating as organized, transnational groups that combine OSINT-driven targeting, social engineering, and extreme physical violence to extract private keys.

On 20 January 2026, DeFi protocol MakinaFi suffered an exploit resulting in the theft of 1,299 ETH, valued at approximately $4.13 million.

On 08 January 2026 Truebit was exploited for ~$26.6M due to an overflow issue. A malicious actor minted tokens for zero ETH that they then sold for ~$26.4M in the same transaction. The exploit was followed up by a second attacker who was able to extract a further ~$224k.

CertiK이 2025 Skynet Hack3D 보안 보고서를 발표했습니다. 본 보고서는 블록체인 및 스마트 컨트랙트 보안을 규정하는 주요 공격 사례, 취약점, 그리고 트렌드를 심층적으로 분석합니다. 또한 개별 사건에 대한 상세 분석과 기술적 인사이트는 물론, Web3 업계 전반의 해킹·사기·취약점 악용 사례에 대한 가장 포괄적인 통계가 담겨 있습니다.

This report summarizes the legal mechanics, market-structure impacts, and operational requirements of this new regime. It also examines the remaining fragmentation at the state level (the ‘Preemption Gap’) and shows how a de facto ‘Universal Baseline’ of cybersecurity and AML/CFT expectations now governs multi-state operators.