CertiK recently released the CertiK Hack3D: H1 2026 Report, a data-driven analysis of Web3 security incidents from January through June 2026. Across 344 incidents, the ecosystem lost $1.3 billion, ...
The 15 biggest crypto exploits of H1 2026 revealed. See how hackers stole nearly $1B using compromised keys and cloud breaches.
CertiK's H1 2026 Hack3d report finds $1.32B lost across 344 incidents — down 47% on paper, but roughly 28% higher than H1 ...
The $292 million KelpDAO bridge exploit in April and the Humanity Protocol private key theft in June were already suspected ...
Nightmare Eclipse Zero-Days: Three zero-day vulnerabilities disclosed by Nightmare Eclipse, complete with exploit code, were patched in the June 2026 update. RoguePlanet Release: Nightmare Eclipse ...
Sell ECHO. The attacker minted ~$77M of synthetic eBTC via compromised admin credentials (not a code bug), then drained value through Curvance and bridged to Ethereum. This is a governance/security ...
For decades, the gap between finding a software vulnerability and weaponizing it has been one of the quiet stabilizers of the internet. Skilled researchers might spend weeks converting a bug report ...
LayerZero acknowledged it “made a mistake” by allowing its own verifier network to secure high-value assets in a risky configuration, reversing weeks of blaming Kelp DAO for a $292 million hack tied ...
After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a new ...
Bryan Pellegrino, LayerZero’s founder, denies KelpDAO’s claim that it approved the insecure setup. The dispute centers on a risky single-verifier bridge configuration used before the $292M exploit.
Add Decrypt as your preferred source to see more of our stories on Google. Kelp says LayerZero approved the setup tied to a $292 million exploit, which LayerZero disputes. The protocol is redesigning ...
Web3 security incidents revealed that apps rarely interact with chains directly, but rely on RPC data. The data layer may be flawed or censored, leading to a disparity between an app’s data and ...