att

After KelpDAO was attacked, resulting in a loss of $292 million, the industry's scrutiny of the security of cross-chain infrastructure has intensified. Approximately $4 billion in assets have completed or are in the process of migrating from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP). The DeFi protocol Lombard is the latest project to join this migration trend. The protocol announced it would discontinue the use of LayerZero and migrate over $1 billion in Bitcoin-backed assets to Chainlink CCIP, stating that this decision stemmed from a comprehensive internal security review following the April attack incident.Lombard issues two types of Bitcoin-backed tokens—LBTC and BTC.b—and will prioritize the migration of assets on chains such as Solana, Etherlink, Berachain, Corn, and TAC, while terminating the use of LayerZero on Morph and Swell. Lombard stated that the reason for choosing CCIP is its independent node operators, built-in rate limiting mechanisms, and audited infrastructure. Additionally, the protocol will adopt Chainlink's cross-chain token standard to facilitate asset cross-chain circulation through a burn-and-mint model.Previously, Kelp DAO, Solv Protocol, Re, and the cryptocurrency exchange Kraken have all completed similar migrations, with these projects collectively transferring approximately $4 billion in assets. Chainlink Labs Chief Business Officer Johann Eid stated, "We are witnessing a continued wave of risk-averse migration within the industry."

THORChain has announced that one Asgard vault has been attacked, and trading has been suspended. Initial signs indicate that user funds are safe, and only the protocol's own funds are affected. THORChain stated that the network automatically detected abnormal behavior and suspended signing activities to prevent further fund transfers. The estimated loss is currently around $10.7 million.The announcement mentioned that one of the six Asgard vaults is suspected to have been breached, and related nodes have triggered the RUNE staking penalty mechanism due to unauthorized transfers. The current network has suspended Churn activities, and new connections and related operations will also be postponed until the investigation and repairs are completed.THORChain stated that preliminary investigations show that users' personal exchange transactions have not been affected, and all node operators have been asked to immediately check their infrastructure, key management systems, and operating environments for any anomalies.

According to on-chain detective ZachXBT, THORChain has suffered attacks on multiple chains, resulting in losses exceeding $7.4 million.

The GoPlus Security team has disclosed a new type of attack in its AgentGuard AI project: inducing AI agents to perform unauthorized sensitive operations through "memory poisoning." This attack method does not rely on traditional vulnerabilities or malicious code but exploits the long-term memory mechanism of AI agents. For example, an attacker first induces the agent to "remember preferences," such as "usually prioritizing proactive refunds instead of waiting for chargebacks," and then uses vague expressions like "process as usual" or "execute as before" in subsequent instructions, thereby triggering automated financial operations.GoPlus points out that the key risk in such cases lies in the AI agent mistakenly treating "historical preferences" as a basis for authorization, leading to financial losses or security incidents in operations such as refunds, transfers, and configuration changes. To address this issue, the team has proposed several protective recommendations, including:Operations involving refunds, transfers, deletions, or sensitive configurations must require explicit confirmation in the current session.Memory-related instructions like "habit," "usual way," and "as before" should be regarded as high-risk state changes.Long-term memory must have a traceability mechanism (writer, time, confirmation status).Vague instructions should automatically elevate the risk level and trigger secondary verification.Long-term memory must not replace real-time authorization processes.The team emphasizes that the "AI agent memory system" should be viewed as a potential attack surface and should be constrained and audited through a dedicated security framework.

The slow fog余弦 social media stated that the high-risk iOS attack framework DarkSword has been publicly leaked on channels such as GitHub and is being used for large-scale espionage attacks targeting cryptocurrency wallet holders.This attack program targets devices running iOS versions 18.4 to 18.7, utilizing vulnerabilities in the Safari browser through malicious web pages to achieve remote code execution, thereby stealing users' sensitive data. Attackers launch attacks using bait web pages that impersonate pornographic live streams, Tron energy stations, refund processes, and more.iPhone users running older versions of iOS, once they access such web pages using the Safari browser (even if they do not close the page), may have sensitive information such as plaintext private keys and mnemonic phrases stolen by malicious JavaScript code when unlocking the wallet app, which is then transmitted in real-time through channels like Telegram bots.

According to GMGN data, the top 5 tokens with net inflow from KOL in the past 24 hours are as follows:REGINALD (GuWq....ump): Net inflow of $2,000, with a 24-hour increase of 160.8%, currently priced at $0.0001.RoyalPop (8Tbn....ump): Net inflow of $2,000, with a 24-hour decrease of -23.3%, currently priced at $0.001.MONET (Uitv....ump): Net inflow of $1,000, with a 24-hour increase of 10591.5%, currently priced at $0.0004.HOTMOMS (FkUk....ump): Net inflow of $674, with a 24-hour increase of 310.6%, currently priced at $0.0001.DouDou (Cyiz....ump): Net inflow of $476, with a 24-hour increase of 125.7%, currently priced at $0.0001.

The co-founder of the Solana ecosystem DeFi project Ranger Finance, cobra (@barrett_io), posted on the X platform that Ranger Finance is gradually shutting down. The project took on business beyond its sustainable capacity, and the founder invested personal funds to maintain operations, but delays in financing led to the accumulation of bills. Ultimately, the financing was unsuccessful, and the raised funds were returned.The team is trying to fairly pay employees and suppliers with the remaining two months of operating funds, but it is insufficient to cover all expenses. The treasury liquidation was unexpected and severely impacted budget decisions. Subsequently, the Drift attack incident depleted the remaining funds and personal capital. Treasury users affected by the Drift attack will receive recovery tokens when distributed by the Drift team. The founder stated that in hindsight, the project should have been shut down earlier and apologized for this.

The Compound Foundation stated that, after closely collaborating with the Aave and KelpDAO teams, the relevant positions of the rsETH exploiters in WETH and wstETH Comet have all been liquidated over the weekend, and all rsETH held by the attackers has been transferred to DeFi United. Compound noted that the swift action effectively mitigated market risks and protected the safety of the protocol's suppliers and reserve funds.Compound also updated that the transfer restrictions for Ethereum WETH and wstETH Comet have now been lifted, and all Comet markets have resumed normal operations. The protocol stated that the top priority remains ensuring the overall safety of the platform and thanked the Aave and KelpDAO teams for their collaboration during the incident handling process.

The Compound Foundation stated that, after close collaboration with the Aave and KelpDAO teams, the relevant positions of the rsETH exploiters in WETH and wstETH Comet have all been closed over the weekend, and all rsETH held by the attackers has been transferred to DeFi United.Compound stated that the quick action effectively mitigated market risks and protected the safety of the protocol's suppliers and reserve funds. Compound also updated that the transfer restrictions for Ethereum WETH and wstETH Comet have now been lifted, and all Comet markets have returned to normal operation. The protocol stated that the top priority remains ensuring the overall safety of the platform and thanked the Aave and KelpDAO teams for their collaborative efforts during the incident handling process.

According to a report by Cai Lian She, OpenAI released a statement regarding the recent "Mini Shai-Hulud" supply chain attack incident targeting the popular open-source library TanStack. After monitoring the malicious attacks on several commonly used npm packages, the security team quickly investigated the internal systems and found no evidence of user data being leaked or accessed illegally.OpenAI pointed out that although its core services were not directly compromised, to ensure the security of local environments, all macOS users using its official applications must complete software updates by June 12, 2026.

GoPlus Security stated that a user fell victim to a typical address poisoning attack, mistakenly transferring 100,000 DAI to a fake address created by the attacker after copying a similar address from the transaction history.In this incident, the user had previously transferred 300,000 DAI to the target address, and the attacker subsequently sent 0.0003 DAI from a similarly structured address to lure the user into mistakenly selecting the wrong address for the second transfer.GoPlus Security reminds users not to copy addresses from transaction history, to verify the complete address before transferring, and to conduct a small test transfer before making large transactions.

According to BBX data, institutional demand for Bitcoin ETFs maintained strong momentum yesterday. Today, both houses of Congress are advancing cryptocurrency legislation simultaneously for the first time, with the core dynamics as follows:The U.S. Bitcoin spot ETF recorded a total net inflow of approximately $358.1 million yesterday (May 13), with BlackRock, Inc. (NYSE: $BLK) subsidiary iShares Bitcoin Trust (NASDAQ: $IBIT) seeing a single-day net inflow of $269.3 million, the strongest single-day data in recent weeks; the overall U.S. Bitcoin spot ETF has recorded net positive inflows for seven consecutive weeks, further reinforcing the structural signal of institutional capital returning. Bitcoin closed above $80,000 yesterday, with a year-to-date increase of about 14%, and market sentiment remains relatively optimistic on the eve of the CLARITY Act markup.The House Ways & Means Committee held a closed-door meeting today (May 14) on cryptocurrency tax reform in sync with the Senate Banking Committee's CLARITY Act markup, covering topics such as the treatment of capital gains tax on crypto assets, tax reporting responsibilities for DeFi protocols, and the tax classification of Bitcoin mining and staking income; this marks the first time in 2026 that both houses of Congress are advancing cryptocurrency regulatory legislation on the same day, indicating that cryptocurrency regulatory legislation has expanded from a single market structure issue to a complete legislative ecosystem of "regulatory framework + tax system."

The blockchain TAC team stated that it has confirmed a previous cross-chain layer security incident that resulted in approximately $2.8 million in assets being transferred, involving assets such as USDT, BLUM, and tsTON.TAC stated that if the attacker returns the relevant funds to the designated multi-signature address, the team will consider this incident as a "white hat rescue" and will not take legal action against the operators involved with ETH/BSC, ZEC, and TON addresses.As a reward, the attacker can receive approximately 10% of the bounty, equivalent to about 13 ETH and 300 ZEC.

The TAC team announced that its cross-chain layer's TON side was exploited by external attackers, resulting in a loss of approximately $2.8 million, involving USDT, BLUM, and tsTON. TAC, TON, and all ERC-20 tokens bridged from Ethereum are unaffected. The bridging service remains suspended, and forensic analysis and repair work are ongoing. A complete report with more details will be released within the next 48 hours.The team is actively collaborating with law enforcement, SEAL 911, and security partners to track and freeze the stolen funds. The team stated that its core focus is to sell the foundation's TAC token reserves in a legally structured manner to compensate for user losses and fully restore bridging liquidity. Official channels will continue to update progress.

According to CoinDesk, the three blockchains focused on stablecoins and tokenization, Arc, Canton, and Tempo, have collectively raised over $1 billion, reflecting an increasing demand from institutions for privacy-focused crypto infrastructure. Bitwise Chief Investment Officer Matt Hougan stated that as cryptocurrencies further enter mainstream finance, privacy features may become a key application scenario for the industry.Specifically, Circle recently raised $222 million for Arc, with a valuation of $3 billion; Digital Asset is reportedly raising $300 million for Canton, with a valuation of $2 billion; and Tempo, supported by Stripe and Paradigm, previously raised $500 million, with a valuation of $5 billion. Hougan also mentioned that the advancement of stablecoin legislation in the U.S. is providing a clearer regulatory environment for institutional investment in related infrastructure.

Aave stated that the first steps of the rsETH technical recovery plan have been completed, which includes the destruction of the rsETH held by the attacker on Arbitrum. In the coming days, stakeholders will gradually replenish funds to the LayerZero OFT adapter and restart rsETH-related operations in phases.Kelp previously stated that it has completed a series of rsETH endorsement recovery steps with Aave, planning to gradually inject 117,132 rsETH from the Aave Recovery Guardian and Kelp Recovery Safe into the LayerZero OFT adapter on the Ethereum mainnet.

According to Jinshi reports, Federal Reserve's Goolsbee stated that he is optimistic about a significant decrease in interest rates, but progress needs to be made on inflation.

Web3 security company CertiK has released the "Skynet North Korea Cyber Threat Report." The data shows that since 2016, North Korean hacker groups have plundered approximately $6.75 billion in digital assets. In 2025 alone, the losses from thefts they orchestrated reached as high as $2.06 billion, accounting for nearly 60% of the total losses in the global cryptocurrency industry for the entire year (including the $1.5 billion Bybit theft case). As of early 2026, this threat trend continues, with losses accounting for about 55%.The report emphasizes that the attack patterns of North Korean hackers have undergone a fundamental shift, evolving from simple code vulnerability exploitation to a national-level attack system that combines social engineering, deep supply chain attacks, and "physical infiltration." In the recent Drift protocol incident, attackers even spent six months lurking at offline industry conferences, establishing trust through real funds and interpersonal interactions before executing their attack.CertiK security experts warn that in the face of such systemic attacks, simple technical defenses have become weak. Cryptocurrency institutions urgently need to fully implement a "zero trust" hiring model, strengthen third-party supply chains, establish fund circuit breaker mechanisms, and collaborate with professional security organizations to build a comprehensive lifecycle defense system covering code audits, round-the-clock risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.

Strategy announced that it will hold a Q&A session for retail investors tomorrow at 5:00 PM Eastern Time. This event will be hosted by Nat Brunell, with Strategy founder Michael Saylor and CEO Phong Le in attendance, discussing the company's strategy, Bitcoin holdings, and related business developments with investors. This Q&A may be seen as an important communication window for the market's attention on Strategy's digital asset strategy and capital market trends.