exploit

The GoPlus Security team has disclosed a new type of attack in its AgentGuard AI project: inducing AI agents to perform unauthorized sensitive operations through "memory poisoning." This attack method does not rely on traditional vulnerabilities or malicious code but exploits the long-term memory mechanism of AI agents. For example, an attacker first induces the agent to "remember preferences," such as "usually prioritizing proactive refunds instead of waiting for chargebacks," and then uses vague expressions like "process as usual" or "execute as before" in subsequent instructions, thereby triggering automated financial operations.GoPlus points out that the key risk in such cases lies in the AI agent mistakenly treating "historical preferences" as a basis for authorization, leading to financial losses or security incidents in operations such as refunds, transfers, and configuration changes. To address this issue, the team has proposed several protective recommendations, including:Operations involving refunds, transfers, deletions, or sensitive configurations must require explicit confirmation in the current session.Memory-related instructions like "habit," "usual way," and "as before" should be regarded as high-risk state changes.Long-term memory must have a traceability mechanism (writer, time, confirmation status).Vague instructions should automatically elevate the risk level and trigger secondary verification.Long-term memory must not replace real-time authorization processes.The team emphasizes that the "AI agent memory system" should be viewed as a potential attack surface and should be constrained and audited through a dedicated security framework.

According to a notice from Transit Finance, a security incident recently occurred in the project due to historical vulnerabilities in an old version of the smart contract deployed on TRON, which was deprecated in 2022, affecting a small number of users after being exploited.The team stated that after discovering the issue, they urgently completed investigation, isolation, and repair, and on May 12, further auditing and rectification were carried out. The currently used contract version has not been affected, has been running safely for over four years, and continues to undergo security audits and monitoring.Transit stated that affected users will receive full compensation, and specific plans will be announced through official channels. They also reminded users to be wary of counterfeit official messages and not to disclose private keys or mnemonic phrases.

SolanaFloor posted on platform X, stating that a suspected MEV bot conducted an MEV-style price manipulation attack on the ANB pool of Meteora, converting 0.22 USD USDC into 696,000 USD USDC in a single transaction. The ANB token dropped by 99%.

According to market news, attackers exploited a flawed EIP-7702 account to steal 1,988.5 QNT (approximately 54.93 ETH) from the QNT reserve pool. The root cause is that the reserve pool administrator EOA delegated the code to the BatchExecutor contract via EIP-7702, and this contract set the permissionless BatchCall contract as the authorized caller.Since the BatchCall.batch() function did not have any permission checks set, any external caller could invoke it, ultimately leading to the depletion of the reserve pool assets.

The decentralized prediction market platform Polymarket is suspected to have been hacked, with the threat actor xorcat posting over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum.It is reported that the attacker extracted data through undisclosed API endpoints, pagination bypass, and CORS misconfigurations in Polymarket Gamma and CLOB API. The leaked content includes: 10,000 users' complete personal information (including names, proxy wallets, and base addresses), 4,111 comments, 1,000 reports (including 58 ETH addresses and administrator verification address identifiers), 48,536 Gamma market metadata, over 250,000 active CLOB market fixed product market maker addresses, and 9,000 social graph data of followers.The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, which can trigger server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and CORS misconfigurations. Additionally, the toolkit includes automated continuous pull scripts and a complete red team report.

According to Cointelegraph, Robinhood users have recently encountered a phishing attack. The attackers exploited the Gmail feature that ignores the "." in email usernames, along with a vulnerability in the Robinhood account creation process, to register accounts that are very similar to the target email addresses. This allowed them to send fake reminder emails with phishing links to the victims' inboxes from the Robinhood official mail server.Cybersecurity researcher Alex Eckelberry stated that the email could pass SPF, DKIM, and DMARC verification, appearing to come from an official address. Robinhood stated that this incident did not involve a system or customer account breach, and that user funds and personal information were not affected, but advised users to delete the related emails and not to click on suspicious links.

Slow Fog stated that ZetaChain was exploited in an attack. Preliminary analysis shows that the root of the vulnerability lies in the lack of access control and input validation in the GatewayZEVM contract's call function. Attackers can use this to initiate malicious cross-chain calls and execute arbitrary operations to transfer funds on the target chain through a relay mechanism.Slow Fog mentioned that the attackers triggered the relayer to execute malicious calls by forging cross-chain events, thereby completing the theft of funds. Relevant attack transactions have now been disclosed.

According to monitoring by Pidun, 1 billion DOT tokens were abnormally minted and sold on the Ethereum chain.On-chain data shows that about 1 hour ago, the attacker transferred the contract control to a malicious address by tampering with administrator permissions, subsequently minting 1 billion DOT and immediately selling them, causing the coin price to plummet from $1.22 to nearly zero.The incident is still unfolding, and Polkadot's official response has not yet been released. The target of this attack was bridging assets on Ethereum, not the native Polkadot chain.

According to monitoring by Arkham, Drift exploiters are transferring funds, and they have just transferred $14,800 worth of SOL to a new wallet.

The Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China has monitored and found that attackers are using exploit tools targeting Apple Inc.'s terminal products to carry out cyber attack activities, which can lead to serious harms such as information theft and system control. The affected range includes Apple terminal products such as iPhone and iPad running iOS 13 to 17.2.1.Attackers induce users to use the Safari browser to visit web pages containing malicious code through methods such as SMS, email, or web poisoning, comprehensively utilizing security vulnerabilities present in the terminal devices to implant remote control Trojans into the victim's terminal products, stealing sensitive user information, gaining maximum privileges, and taking control.It is recommended that users of Apple terminal products conduct risk assessments, and promptly fix vulnerabilities through version upgrades and patch installations (refer to the Apple Security Updates). Pay attention to system update notifications and the latest security update announcements released by Apple, upgrade to the latest secure version in a timely manner, strengthen security awareness, avoid clicking on unknown links, and prevent the risk of cyber attacks.

Drift Protocol disclosed that the execution process of this security incident began with a test withdrawal transaction initiated from its insurance fund. About one minute later, the attacker took over administrative privileges and executed subsequent operations through two pre-signed durable nonce transactions.The project team stated that this attack was caused by multiple factors, including the delayed execution of pre-signed transactions and the compromise of multi-signature approval, which may be related to targeted social engineering attacks or transaction misdirection. Drift is currently collaborating with several security agencies to investigate the causes and is working with cross-chain bridges, exchanges, and law enforcement agencies to track and freeze related funds. A detailed review report will be published later.

According to market news, the security platform OX Security has disclosed that the developers of the AI agent project OpenClaw are becoming targets of cryptocurrency phishing activities.Attackers create fake GitHub accounts, initiate topics in repositories controlled by them, and @ dozens of developers, claiming they have won a $5000 CLAW token reward, leading them to a clone website that is almost identical to openclaw.ai. This phishing site includes a "Connect Wallet" button, aimed at stealing the assets of connected wallets. Malicious code is hidden in deeply obfuscated JavaScript files, featuring a "nuke" function that clears browser local storage data to hinder forensic analysis, and encodes information such as wallet addresses and transaction values to send back to the C2 server. Researchers identified a suspected cryptocurrency wallet address used to receive stolen funds. The related accounts were created last week and deleted within hours, with no confirmed victims at this time. OpenClaw has become a target for scammers due to its high visibility, and its Discord community has previously encountered a large amount of cryptocurrency spam. Earlier reports indicated that OpenClaw's founder warned to be cautious of cryptocurrency scam emails sent in the name of OpenClaw.

According to Cointelegraph, Google's Threat Analysis Group recently disclosed a new iOS exploit kit named "Coruna," which is being used for cryptocurrency theft targeting iPhone users. This kit primarily targets devices running iOS versions 13 to 17.2.1 and includes 23 exploit scripts and 5 complete attack chains, some of which are previously unknown vulnerabilities.It can carry out attacks through counterfeit cryptocurrency-related websites. Reportedly, when users access these malicious sites using vulnerable iOS devices, the attack code automatically runs, scanning for sensitive information on the device, particularly text containing keywords such as mnemonic phrases, backup phrases, and bank account details, and attempts to steal assets from cryptocurrency applications like Uniswap and MetaMask.Google researchers strongly recommend that iPhone users immediately update their devices to the latest iOS version. If updating is not possible, they should enable Apple's "Lockdown Mode" to enhance protection.

The Ploutus protocol's liquidity pool on the Ethereum chain (0xD060...945D2) was attacked due to a misconfiguration of the oracle, resulting in a loss of approximately $390,000.Analysis shows that the pool incorrectly pointed the USDC price to Chainlink's BTC/USD feed, causing a significant price deviation. The attacker exploited this vulnerability, borrowing 187 ETH with only 8 USDC as collateral. On-chain data indicates that the attack transaction occurred in the next block after the configuration change was confirmed, suggesting that the attacker was monitoring in real-time and quickly took advantage of the parameter update.

According to BlockSec Phalcon monitoring, an unknown USDC-OCA liquidity pool on the BSC chain was attacked, resulting in approximately 422,000 USDC being withdrawn.The attacker exploited a deflationary sellOCA() logic vulnerability of the OCA token, which allowed them to remove an equivalent amount of OCA from the liquidity pool each time they called the swap OCA token, artificially raising the token price within the pool.The attack was completed through three transactions: the first executed the attack operation, while the latter two were mainly used to pay additional block builder bribes. The attacker paid a total of approximately 43 BNB plus 69 BNB to 48club-puissant-builder, with an estimated profit of around $340,000. Another transaction in the same block failed at position 52, suspected to have been front-run by the attacker.

Step Finance released an update on the hacking incident on platform X, disclosing that several of its funding wallets were breached by an attacker last night. The initial assessment indicates that the attack was carried out through a certain attack vector. Remedial measures have been taken, and the company is closely collaborating with security experts. Relevant authorities have also been notified, and further updates on the incident will be provided.According to previous reports, the treasury and fee wallets of Step Finance were compromised. On-chain data shows that approximately 261,854 SOL tokens were unstaked and transferred during the attack, amounting to about 30 million dollars.

According to Arkham data, between 22:52 and 22:57, UXLINK Exploiter received multiple WBTC transfers, totaling 140.54 WBTC (approximately $127 million), all from CoW Protocol.At 22:52, 31.38 WBTC (worth approximately $26.13 million) was transferred from CoW Protocol to UXLINK Exploiter.At 22:54, 24.09 WBTC (worth approximately $20.07 million) was transferred from CoW Protocol to UXLINK Exploiter.At 22:55, 24.06 WBTC (worth approximately $20.04 million) was transferred from CoW Protocol to UXLINK Exploiter.At 22:54, 24.09 WBTC (worth approximately $20.06 million) was transferred from CoW Protocol to UXLINK Exploiter.At 22:53, 36.43 WBTC (worth approximately $30.35 million) was transferred from CoW Protocol to UXLINK Exploiter.

According to market news, an unknown contract on the BSC chain was exploited, and the hacker executed two reverse transactions through a flaw in the "burn pair" mechanism, ultimately resulting in a loss of approximately $100,000.The attacker first drained PGNLZ, then triggered the destruction of PGNLP and manipulated the price, thereby siphoning off most of the USDT from the liquidity pool.

According to Cointelegraph, researchers from the cybersecurity company Group-IB have discovered a ransomware called "DeadLock" that is using Polygon smart contracts to hide itself and rotate proxy addresses.This ransomware was first identified in July last year, and it dynamically updates the command and control infrastructure addresses used to communicate with victims by invoking specific smart contracts. Once a victim is infected and data is encrypted, DeadLock issues a ransom note threatening to sell the stolen data if demands are not met.Researchers pointed out that storing proxy addresses on-chain makes its infrastructure extremely difficult to dismantle, as there is no central server that can be shut down, and blockchain data is permanently retained across global nodes. This method of abusing smart contracts to relay proxy addresses is highly variable. Although DeadLock currently has low exposure and a limited number of known victims, its novel attack techniques still pose a potential threat to organizations that do not take it seriously.