ChainCatcher message, Cetus officially released a report on the theft incident stating that on May 22, Cetus encountered a sophisticated smart contract attack targeting the CLMM liquidity pool. Cetus took immediate measures to mitigate the impact.The attacker exploited an undiscovered vulnerability in an open-source library, lowering the pool price to build positions in the high-price area, and utilized an overflow check flaw to inject inflated liquidity with very few tokens. Subsequently, they repeatedly executed liquidity removal operations to extract assets from the pool, continuously exploiting unverified calculation functions to carry out the attack, ultimately successfully stealing funds.To jointly maintain the maximum interests of the entire ecosystem, with the support of most Sui validator nodes, Cetus urgently froze two Sui wallet addresses of the attacker, which contained the majority of the stolen funds. The remaining stolen funds have been exchanged by the hacker and cross-chain transferred to the Ethereum mainnet.Cetus is collaborating with the Sui security team and several auditing firms to re-examine the contracts and conduct a multi-party joint audit to ensure the safe restoration of CLMM services after verification is completed. At the same time, Cetus will strengthen on-chain monitoring, initiate additional audits, and regularly publish security reports. To compensate affected LPs, Cetus is working with ecosystem partners to develop a recovery plan and is calling on Sui validators to support on-chain voting to expedite the return of user assets and rebuild confidence. While legal proceedings continue, Cetus is also providing the attacker with a white hat return opportunity. Cetus will soon issue a final ultimatum to them. Any updates will be transparently communicated to the community by Cetus.

ChainCatcher message, Aptos officials confirm that the attack vulnerability encountered by Cetus DEX is limited to the Sui network, and the Aptos network itself, user funds, and its DeFi partners have not been affected.Currently, the Aptos security and engineering team has initiated a comprehensive audit and is closely monitoring the progress of the incident, collaborating with DeFi partners to ensure network security and stability.

ChainCatcher news, according to official sources, the AI-driven trading protocol COPX.AI has announced the successful completion of a comprehensive security audit conducted by the Web3 security auditing firm CertiK.It is reported that this audit covered the core smart contracts of COPX.AI, including token distribution, linear release mechanisms, and trading mining logic, ensuring their security and functional integrity. The COPX.AI team stated that this audit further enhances the protocol's transparency and security, and they will continue to optimize the smart contracts and explore more decentralized governance solutions in the future.

ChainCatcher message, Safe states that the Safe{Wallet} team has been working with Mandiant over the past few days to conduct a comprehensive forensic investigation and security audit regarding the Bybit hacking incident. Safe emphasizes that its team is committed to transparency. Mandiant's preliminary report results will be published next week.

ChainCatcher news, the decentralized exchange Uniswap has officially announced the launch of its latest version v4 on its official website. This version has been deployed on 10 chains, including Ethereum, Polygon, Arbitrum, OP Mainnet, Base, BNB Chain, Blast, World Chain, Avalanche, and Zora Network.Uniswap v4 introduces the Hooks feature, allowing developers to build custom logic for liquidity pools, trades, fees, and LP positions. Over 150 Hooks have already been developed. Additionally, the v4 version has also made significant optimizations in gas fees, with the cost of creating new liquidity pools potentially reduced by up to 99.99%.In terms of security, Uniswap v4 has completed 9 independent audits, hosted the largest security competition in history, and offered a $15.5 million bug bounty program. Users can now provide liquidity through the Uniswap web application, and trading features will gradually open in the coming days.

ChainCatcher news, according to official sources, the L2 network project OpenZK has announced the successful completion of a comprehensive security audit conducted by the Web3 security audit company Hashlock.It is reported that as the mainnet and airdrop activities approach, OpenZK will conduct more rounds of audits to ensure network security.

ChainCatcher message, the L1 blockchain Initia built on Cosmos SDK, tweeted that its mainnet release code has been officially frozen and is currently undergoing a security audit.

ChainCatcher message, Pump Science stated on X, "Safety is a top priority, and the plan includes consulting and competitive audits of the Pump Science application and smart contracts.The focus for the remainder of this year will be on URO and RIF, with plans to launch a mouse experiment before the new token is introduced. There will be no new token launched on Pump Science for the time being; once the full audit is completed, the new token will be launched on Pump Science next year."

ChainCatcher news, Bitcoin Ordinals browser Ord.io posted on social media X that there are rumors indicating that insiders at Coinbase have revealed that the exchange is conducting an internal security audit and regulatory compliance assessment of the Runes protocol. These claims have not yet been independently verified.

ChainCatcher news, the European Securities and Markets Authority (ESMA) stated on Wednesday that cryptocurrency companies should be required to undergo external audits of their network defenses, and urged lawmakers in Brussels to amend the region's flagship regulatory framework for the crypto industry to better protect consumers.The agency believes that stricter cybersecurity rules are an important component of the EU's regulation of the crypto asset market (MiCA), which will come into full effect in December.ESMA has been advocating for the inclusion of a requirement for cryptocurrency companies to have their ability to withstand cyberattacks audited by a third party, as the agency works to finalize the implementation of these rules. These rules were passed by EU lawmakers last year.However, the European Commission opposed this move, stating that ESMA is overstepping its authority and going beyond the legislative mandate. Both sides declined to comment.

ChainCatcher message, Ronin announced on social media that the cross-chain bridge, after experiencing a security vulnerability incident and undergoing a comprehensive audit, is now ready to reopen.Previously, due to a critical configuration error, the cross-chain bridge was hacked for 12 million dollars and was suspended to prevent further financial loss. All funds have now been safely recovered, and the white hat hackers received a bounty of 500,000 dollars.Currently, the proposal for the reopening of the cross-chain bridge has been submitted for operator voting, and services are expected to resume within 10 days, with no further updates planned for the time being.

ChainCatcher news, according to The Block, blockchain security audit provider Zellic has acquired the smart contract auditing platform Code4rena. This is its first acquisition, aimed at providing clients with more comprehensive security review services.The CEO of Code4rena stated that it will continue to operate independently.

ChainCatcher news indicates that according to Optimism governance information, OP Labs protocol engineer Mofi has released an upgrade proposal called Granite Network Upgrade. This proposal aims to address security vulnerabilities identified in a series of third-party security audits conducted by Spearbit, Cantina, and Code4 rena. The related vulnerabilities have not been exploited, and user assets have never been at risk. The proposal states that this upgrade will include a series of smart contract upgrades to fix the vulnerabilities found in the audits, as well as an L2 hard fork to enhance the stability and performance of the error prevention system. A permissioned rollback mechanism has been initiated as a precaution to avoid any potential instability during the vulnerability patching process.If the proposal is approved by vote, the Granite Network Upgrade is scheduled to take place on September 10 at 16:00 UTC. This upgrade has been coordinated with Base and Conduit to launch on the internal development network and Sepolia Superchain.

ChainCatcher message, according to monitoring by the blockchain security audit company Beosin Alert, the Ronin Bridge project has exhibited abnormal behavior in extracting cross-chain assets. According to the Beosin security team analysis, the root cause of this abnormal behavior lies in the project team's failure to properly initialize the operator weights required for cross-chain transaction confirmation when upgrading the contract, resulting in the minimumVoteWeight parameter in the contract being zero, allowing any signature to pass cross-chain verification.Currently, the Ronin bridge has lost 3,996 ETH, with funds stored at an address starting with 0xc6a (this address is an MEV bot, so it is speculated that it may be a white hat action). Beosin is currently collaborating with the project team to address this incident.

ChainCatcher news, regarding "why $7.6 million was raised, and TGE just started a few weeks ago, ZKX announced it would cease operations," ZKX founder Eduard responded, stating that the $7.6 million funding was raised from 2021 to 2024 to support a 30-person team developing a dedicated blockchain to scale perpetual contracts. Eduard mentioned that this funding covers multiple code audits with Nethermind, TGE listing fees, AWS cloud service expenses (high L3 costs), and developer promotion activities for Cairo programming.He emphasized that all user funds have been fully returned, over 80% of users have withdrawn from the protocol, and the main wallet is self-custodied. The core founders did not sell any tokens, but four years of effort and life achievements have gone to waste. Additionally, Eduard noted that the DeFi team faced immense community pressure, vulnerabilities, scams, and hacking attacks. He stated that the team did its best to protect customer funds, and Binance is aware of the identities of some attackers. Finally, he reflected that choosing a full-chain smart contract protocol instead of L3 and other strategic decisions might have been financially wiser, and expressed that the team has learned lessons from this painful experience.Earlier, ChainCatcher reported that the Starknet ecosystem DEX ZKX would cease operations and advised users to withdraw funds before September.

ChainCatcher news, according to The Block, blockchain security company Veridise reports that the likelihood of finding critical issues in zero-knowledge project audits is twice that of other types of audits.Veridise analyzed 1,605 vulnerabilities found in the most recent 100 audits, with an average of about 16 issues discovered per audit, while ZK audits had a slightly higher average of 18 issues. When focusing on critical vulnerabilities, Veridise found that 55% (11 out of 20) of ZK audits contained critical issues, compared to 27.5% (22 out of 80) for other audits, including smart contracts, wallet integrations, blockchain implementations, and relayers.

ChainCatcher news, MakerDAO announces a partnership with Sherlock to launch a security audit competition with a total prize pool of up to $1.35 million. This is the largest audit competition in the field's history, set to kick off on July 8 and run until August 5.

ChainCatcher news, the L1 blockchain Sei indicates that Sei v2 has passed the security audit by the security company Zellic, and a full report will be released afterwards.