compensation

According to a notice from Transit Finance, a security incident recently occurred in the project due to historical vulnerabilities in an old version of the smart contract deployed on TRON, which was deprecated in 2022, affecting a small number of users after being exploited.The team stated that after discovering the issue, they urgently completed investigation, isolation, and repair, and on May 12, further auditing and rectification were carried out. The currently used contract version has not been affected, has been running safely for over four years, and continues to undergo security audits and monitoring.Transit stated that affected users will receive full compensation, and specific plans will be announced through official channels. They also reminded users to be wary of counterfeit official messages and not to disclose private keys or mnemonic phrases.

CoW DAO announced that its domain registrar was subjected to a social engineering attack on April 14, during which the attacker briefly controlled the official domain for about 4.5 hours and directed users to a phishing website, thereby inducing them to sign malicious transactions. The project team emphasized that the CoW Protocol itself was not compromised, but some user assets were affected during that time window.In response to this incident, the CoW DAO community governance proposal CIP-86 has been approved, establishing a discretionary compensation fund to reimburse affected users for their losses. The official reminder states that eligible users must submit their claims by May 14, including affected wallet addresses, asset information, transaction hashes, and names, and apply via email at help@cow.fi, with the email subject clearly stating "Discretionary Grant Claim for".

The AI infrastructure platform B.AI has released a history of Credits consumption record optimization and compensation explanation. With the continuous upgrade of the Credits billing system and display dimensions, the platform has recently conducted a comprehensive review of historical consumption records. During this process, it was found that for certain requests made between May 1, 2026, 00:00 and May 3, 2026, 03:00 (SGT), the consumption details displayed on the front end did not fully present all cost components. This was mainly due to the underlying cache-related fees not being displayed on the page, causing users to typically only see input/output token consumption, leading to a misunderstanding of the overall Credits consumption.To address the above issues, the platform has now completed data corrections and realigned with historical records. Additionally, based on more cautious and user-friendly rules, Credits compensation will be automatically issued to affected accounts (valid for 30 days from the date of receipt) without any action required from users. Please pay attention to account balance updates. In the future, B.AI will continue to upgrade the Credits display system to further enhance long-term transparency and user experience.

Syndicate stated on platform X that regarding the latest developments of the Syndicate bridge security incident, all affected SYND holders on the Commons Chain have received full compensation, along with an additional 15% of the total losses as compensation.The relevant amounts have been directly sent to the affected users' Base chain wallets, with the Gas fees covered by Syndicate Labs. The total compensation amounts to 12.901 million SYND, and no action is required through any claim page.

Wasabi Protocol released a security incident update, stating that attackers exploited a configuration vulnerability in the Spring Boot Actuator within its AWS infrastructure to steal the private keys controlling EVM smart contracts, resulting in the theft of approximately $4.8 million in user funds and $900,000 in protocol treasury funds, with total losses amounting to about $5.7 million.The attack chain began with a public server used for analysis, whose Actuator heap dump was not properly password protected, allowing attackers to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident only affected EVM deployments, including certain treasuries on Ethereum, Base, Blast, and Berachain, while Solana deployments and Prop AMM were not affected.There has not yet been a final update on the user compensation plan, but "ensuring all affected users are compensated" remains the team's top priority, and updates on the investigation progress will be released in the Discord community in the future.

According to Cointelegraph, the U.S. law firm Gerstein Harrow LLP has applied to the court for an injunction to prevent Arbitrum DAO from transferring frozen Ethereum assets related to the Kelp attack.The law firm claims that its clients have obtained default judgments in three cases against North Korea, totaling approximately $877 million (including punitive damages and interest), and assert a right to claim the related assets.Previously, Kelp DAO was attacked on April 18, resulting in losses of about $292 million, which is believed to be related to the North Korean hacker group Lazarus Group. Subsequently, the Arbitrum security committee urgently froze approximately 30,766 Ether (about $73 million).The incident has sparked controversy. Some community members believe that if the injunction takes effect, it will delay the return of funds to the victimized users and shift the North Korean-related debts onto secondary victims. Previously, Aave Labs had proposed to unfreeze the funds and inject them into a compensation fund to restore the damaged assets.It is worth noting that Gerstein Harrow has previously filed claims regarding assets stolen by North Korean-related hackers and frozen by cryptocurrency platforms, including the 2023 Heco Bridge incident. Industry analysts believe that this case may have a demonstrative impact on the disposal of DAO assets and the definition of cross-jurisdictional claims.

According to official news, a recent agreement was attacked due to a lack of verification mechanisms, resulting in approximately 11 BTC being stolen, mainly involving altcoin trading. The attackers exploited a negative miner fee vulnerability to transfer funds to their own accounts through multi-signature transactions.Currently, Bisq is discussing compensation plans, and victims can choose compensation in Bitcoin or BSQ tokens, but it must be implemented after a DAO vote, which is expected to be determined after the DAO cycle ends on May 25.Bisq stated that the vulnerability has been fixed and plans to release a patch update while strengthening the security review of the codebase, focusing on preventing vulnerabilities that may affect wallets. In addition, Bisq reminds users to temporarily reduce the amount of BTC stored in their wallets. The officials believe that although this incident is serious, it is controllable, and they hope to provide a security warning for other projects.

According to official news, Syndicate Labs disclosed that its cross-chain bridge contract was maliciously upgraded on two chains due to a private key leak. The attacker transferred and sold approximately 18.5 million SYND (about $330,000) and around $50,000 worth of user tokens. The incident only affected specific chains, while others were not impacted.Syndicate Labs stated that this attack involved multi-stage reconnaissance, infrastructure mapping, and careful execution, demonstrating a high level of technical complexity, and ruled out the involvement of internal personnel. The root cause was that the private key was stored in a password management tool without an additional layer of encryption, and the upgrade process did not utilize multi-signature or hardware signature mechanisms, nor did it have early warning and circuit breaker measures for contract upgrades.Syndicate Labs announced that it will fully compensate all affected users, including returning 18.5 million SYND and providing additional compensation, while also fully compensating affected application chain clients. The company has initiated security upgrade measures, including strengthening private key encryption, tightening access permissions, and plans to introduce hardware or multi-signature mechanisms and upgrade path monitoring to prevent similar incidents from occurring again.

The Sui liquid staking protocol Aftermath Finance's social media stated that it expects users to receive full compensation within the next 48 to 72 hours.Previously, it was reported that the Sui Foundation and Mysten Labs will ensure the Aftermath protocol continues to operate and recover user funds.

Texas man Robert Dunlap was sentenced to 23 years in federal prison for his involvement in a cryptocurrency scam exceeding $20 million and was ordered to pay restitution to nearly 1,000 victims.Prosecutors stated that Dunlap operated a cryptocurrency project and sold Meta - 1 Coin, falsely claiming that the token was backed by $44 billion in gold and approximately $1 billion in artwork, including works by Pablo Picasso, Vincent van Gogh, and Salvador Dalí, and that the assets had been audited. A jury had found him guilty of mail fraud last year.

The U.S. Department of Justice has announced that it has initiated a compensation program for victims of the OneCoin cryptocurrency fraud case, with over $40 million in forfeited assets available for payout.The program is aimed at investors who purchased OneCoin and incurred net losses between 2014 and 2019. U.S. prosecutors stated that this move is intended to return some of the illicit proceeds to the victims. OneCoin was initiated by Ruja Ignatova and Karl Greenwood, with the related fraud exceeding $4 billion. Ignatova has been missing since 2017, and Greenwood was sentenced to 20 years in prison in 2023.

According to official news, the decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridging contract was attacked. The team promptly disconnected the affected contract and worked with major exchanges to blacklist the hacker's wallet, limiting the losses to under $90,000.Previously, blockchain security company PeckShield estimated the losses to be $400,000. The attacker exploited Aethir's cross-chain smart contract AethirOFTAdapter to transfer the stolen funds from the BNB Chain to Tron.Aethir stated that its Ethereum mainnet ATH token supply was unaffected and plans to announce a detailed compensation plan and incident analysis next week, collaborating with exchanges such as Binance, Upbit, and Bithumb to freeze funds. The Web3 security platform ZeroShadow is participating in the investigation. Aethir aims to achieve revenue of $127.8 million by 2025, with over 440,000 GPU containers deployed globally.

Backpack officials posted on platform X stating that regarding the witch determination issue for Backpack, the team has had in-depth communication with the anti-witch leader. Due to the enforcement level's insistence on the compliance bottom line of "one person, one account," some Chinese-speaking users have been affected.Armani and the core team are ready to immediately open an appeal channel and establish "Guideline No. 3": Any user who has operated 3 or fewer accounts on one device and has been determined to be a witch will have more than 50% of their points returned after manual appeal verification. In addition, the Backpack team will launch a special program in the coming days to compensate eligible users by repurchasing tokens in the secondary market.

Analysts say that the IoTeX private key may have been leaked, resulting in asset losses of approximately 4.3 million dollars; IoTeX officials reported on-chain attack losses of about 2 million dollars.

According to the Financial Times, victims of investment fraud in China are challenging a compensation arrangement involving approximately 61,000 bitcoins in a UK court. Representatives of the victims have filed an application with the High Court of England, seeking to overturn the proposal for compensation through the Chinese compensation mechanism, arguing that this plan may allow UK authorities to retain significant asset appreciation gains.These bitcoins were seized by the UK police during a money laundering investigation in London and are currently valued at around £3.2 billion (approximately $4.3 billion). It is reported that the law firm Candey represents about 5,700 victims in opposition, claiming that the current compensation scheme fails to ensure fair compensation.The fraud case is led by Qian Zhimin and involves over 128,000 Chinese investors, with the proceeds of the fraud converted into bitcoins and transferred overseas between 2014 and 2017. The UK prosecution has stated that some claims may result in a few victims and litigation funders receiving compensation exceeding their actual losses.

According to GoPlus monitoring, the account abstraction solution Holdstation suffered a supply chain attack, where the attacker stole developer session tokens, bypassed two-factor authentication, and injected malicious code into application updates, resulting in the theft of user funds.The attack resulted in a loss of 462,000 USDT, with the attacker's address being 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. The Holdstation team has suspended services, committed to 100% compensation for affected users, and is working with security teams to investigate the incident, while also posting messages on-chain, hoping to encourage the attacker to return the funds through a bug bounty program.

The IoTeX Foundation has announced the latest tracking and full compensation plan regarding the ioTube cross-chain bridge security incident. The team stated that they have completed a full-chain tracking of the stolen funds, with most CIOTX already frozen on-chain, and the remaining assets mainly converted to approximately 2,183 ETH and transferred to the Bitcoin network. The related BTC addresses are currently under monitoring.The foundation promises 100% compensation for all users who held USDC, USDT, ETH, and WBTC bridged from Ethereum to IoTeX at the time of the incident: users with losses of $10,000 or less can receive a full one-time payout; users with losses exceeding $10,000 will receive an immediate payout of the first $10,000, while the excess amount will be distributed over four quarters, along with an additional 10% compensation issued in the form of 12-month staked IOTX. The platform will open the official recovery address and Claims Portal on February 27, and users need to consolidate the affected assets and transfer them in one go, submitting on-chain transaction information to complete the verification and compensation process.

IoTeX announced on platform X that after suffering a hacker attack due to a suspected private key leak, L1 has resumed online operations and completed an upgrade. The new version v2.3.4 includes an automatic filtering feature for malicious EOA addresses in the default blacklist to enhance network security. A comprehensive compensation plan for the affected bridging users will be announced within 24 hours.

Due to an oracle configuration error resulting in approximately $1.78 million in bad debt, the DeFi lending protocol Moonwell released an event handling update on the X platform, stating that the recovery plan has now been published on the governance forum, which includes integrating the Moonwell Apollo (MFAM) community into the Moonwell ecosystem (WELL).The Moonwell Apollo Treasury will immediately initiate partial compensation, with ongoing compensation to follow through protocol revenue. Additionally, MFAM holders and stkWELL stakers are set to receive compensation at a ratio of 1:1.5 (MFAM:stkWELL).