리서치

The Telegram escrow market has gradually evolved into an underground service ecosystem that integrates escrow matching, fund settlement, merchant management, and traffic distribution, showing clear signs of “platformization” and network-based development.

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

On 10 March 2026, the Movie Token (MT) contract was exploited for approximately $242,000 due to a critical flaw in its 'sell' logic. The vulnerability stemmed from a double-counting error: when a user sold MT tokens, the contract simultaneously transferred them to the liquidity pair for the swap and added that same balance to a pendingBurnAmount variable. When distributeDailyRewards() subsequently burned those pending tokens, it created an artificial supply shock, inflating the MT price and allowing the attacker to drain value from the pool.

OpenClaw is an open-source, self-hosted personal AI agent platform designed to run on a user’s local machine or server. It supports long-term memory, autonomous operation, integration with mainstream LLMs, and remote control through messaging platforms like Telegram.

In February 2026 two separate exploits occurred on the BNB Smart Chain (BSC), affecting SOF and LAXO tokens, leveraging the same class of vulnerability: a flawed token burn mechanism that allowed price manipulation within a single transaction.

On 30 January 2026, Gyroscope announced via their X account that they had paused liquidity pools due to an issue with their cross-chain contract. The issue led to losses of 6M Gyro Dollar (GYD) tokens with approximately $807k of liquidity extracted by the attacker.

On 20 January 2026, DeFi protocol MakinaFi suffered an exploit resulting in the theft of 1,299 ETH, valued at approximately $4.13 million.

On 08 January 2026 Truebit was exploited for ~$26.6M due to an overflow issue. A malicious actor minted tokens for zero ETH that they then sold for ~$26.4M in the same transaction. The exploit was followed up by a second attacker who was able to extract a further ~$224k.

CertiK이 2025 Skynet Hack3D 보안 보고서를 발표했습니다. 본 보고서는 블록체인 및 스마트 컨트랙트 보안을 규정하는 주요 공격 사례, 취약점, 그리고 트렌드를 심층적으로 분석합니다. 또한 개별 사건에 대한 상세 분석과 기술적 인사이트는 물론, Web3 업계 전반의 해킹·사기·취약점 악용 사례에 대한 가장 포괄적인 통계가 담겨 있습니다.

On 3 November 2025, Balancer and its forks Beets and Bex were exploited, resulting in a combined initial loss of approximately $130M.

On 10 August 2025 Numa protocol was exploited for ~$313k. A malicious actor acquired additional Numa tokens by liquidating victim accounts after manipulating the NumaVault by minting nuBTC. Minting the nuBTC inflated the total synth value and in turn, reduced the collateral value of cNuma according to the Numa VaultManager logic.

On 9 July 2025 GMX V1 vault was exploited by a white-hat for ~$42M due to a reentrancy issue. The funds were later returned to GMX who awarded the white-hat a 10% bounty. The whitehat had minted and then staked GLP before creating a short position directly from the vault contract through reentrancy. Executing in this order bypassed the ShortsTracker, and prevented the average short position price from being updated. This occurs when the market price exceeds the tracked average price, resulting in the protocol overestimating unrealized losses. As a result, the Assets Under Management (AUM) calculation was manipulated to inflate the apparent value of GLP.