리서치

On 01 June 2026 an attacker drained dozens of GnosisPay Safes on Gnosis Chain. The attack vector was a signature-verification flaw in the GnosisPay Delay module.

This report examines how future fault-tolerant quantum computers may compromise blockchain cryptography, and what protocols, validators, custodians, and ecosystem participants must do to migrate before the window closes.

The Telegram escrow market has gradually evolved into an underground service ecosystem that integrates escrow matching, fund settlement, merchant management, and traffic distribution, showing clear signs of “platformization” and network-based development.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

OpenClaw is an open-source, self-hosted personal AI agent platform designed to run on a user’s local machine or server. It supports long-term memory, autonomous operation, integration with mainstream LLMs, and remote control through messaging platforms like Telegram.

In February 2026 two separate exploits occurred on the BNB Smart Chain (BSC), affecting SOF and LAXO tokens, leveraging the same class of vulnerability: a flawed token burn mechanism that allowed price manipulation within a single transaction.

On 30 January 2026, Gyroscope announced via their X account that they had paused liquidity pools due to an issue with their cross-chain contract. The issue led to losses of 6M Gyro Dollar (GYD) tokens with approximately $807k of liquidity extracted by the attacker.

On 20 January 2026, DeFi protocol MakinaFi suffered an exploit resulting in the theft of 1,299 ETH, valued at approximately $4.13 million.

On 08 January 2026 Truebit was exploited for ~$26.6M due to an overflow issue. A malicious actor minted tokens for zero ETH that they then sold for ~$26.4M in the same transaction. The exploit was followed up by a second attacker who was able to extract a further ~$224k.

CertiK이 2025 Skynet Hack3D 보안 보고서를 발표했습니다. 본 보고서는 블록체인 및 스마트 컨트랙트 보안을 규정하는 주요 공격 사례, 취약점, 그리고 트렌드를 심층적으로 분석합니다. 또한 개별 사건에 대한 상세 분석과 기술적 인사이트는 물론, Web3 업계 전반의 해킹·사기·취약점 악용 사례에 대한 가장 포괄적인 통계가 담겨 있습니다.

On 3 November 2025, Balancer and its forks Beets and Bex were exploited, resulting in a combined initial loss of approximately $130M.