theft

Taiko officially stated on X: "We have identified the root cause of this attack and are currently developing a fix to restore the blockchain's online operation as soon as possible. At the same time, we are working closely with major exchanges and security partners to track and freeze the hacker's assets. The remaining funds in the cross-chain bridge are currently safe, and we will announce the next steps in our upcoming updates. To focus on fixing the vulnerabilities and protecting user assets, we will pause updates for a few hours."Previously, it was reported that the Taiko cross-chain bridge was attacked, with losses potentially reaching up to $1.7 million.

The leaders of the G7 countries issued a statement at the G7 summit held in Évian-les-Bains, France, once again calling for a joint effort to combat North Korea's cryptocurrency theft and cybercrime. United Nations security researchers have linked North Korea's cryptocurrency theft to the funding of the country's weapons program.Previously, attacks suspected to be related to North Korean hackers included a $285 million attack on Drift Protocol in April and a $36 million breach of Humanity Protocol in June. According to Chainalysis data, North Korean hackers have stolen at least $2 billion in cryptocurrency in 2025, bringing their total historical theft to at least $6.75 billion.

According to SlowMist's YuXian monitoring, Aztec is suspected to have been hacked again, with its Private Rollup Bridge 0x737...A2ba showing three suspicious transactions, totaling approximately $2.15 million, involving 1,158 ETH, 150,000 DAI, and 0.46963295 renBTC.

According to CryptoSlate, the U.S. Congress is pushing to rebuild the Department of Justice's cryptocurrency crime task force. Previously, the Department of Justice disbanded the National Cryptocurrency Enforcement Team in April 2025 and stopped its "law enforcement as regulation" strategy targeting the cryptocurrency industry. The new bill was proposed by Representatives Lance Gooden and Josh Gottheimer, aiming to establish a federal cryptocurrency theft task force within the Department of Justice, responsible for coordinating investigations and prosecutions of cases involving cryptocurrency theft, hacking, fraud, and more.The task force's responsibilities include developing best practices for evidence collection, digital evidence analysis, asset tracking, and victim outreach, providing technical assistance and training to state and local law enforcement agencies, and coordinating international cross-border case cooperation. The bill explicitly excludes the cryptocurrency market, financial institutions, and financial products from the task force's regulatory scope, without changing the existing regulatory framework and criminal law. An FBI report indicates that in 2025, there were 181,565 complaints involving cryptocurrency, with reported losses exceeding $11 billion. The bill has not yet clarified details regarding funding, staffing, and victim response mechanisms.

According to CoinDesk, bipartisan members of the U.S. House of Representatives introduced a bill on Thursday to establish a federal cryptocurrency theft task force led by the Attorney General, aimed at coordinating and leading investigations into cryptocurrency theft, fraud, and hacking.The bill was jointly initiated by Republican member Lance Gooden of the House Judiciary Committee and Democratic member Josh Gottheimer of the House Financial Services Committee.The task force will encompass multiple federal agencies, including the Department of Justice, the Federal Bureau of Investigation, the Department of Homeland Security, and the Department of the Treasury, aiming to address the $11 billion theft and fraud issues caused last year and provide a unified federal response mechanism for victims.

Regarding the incident of "Humanity being stolen over 31 million dollars," on-chain detective ZachXBT stated, "It's unclear whether this is a hacker theft or malicious behavior from the project team. From the K-line chart, given the concentration of supply, the H team is likely collaborating with an active market maker. However, all H tokens were sold on decentralized exchanges (on-chain), not centralized exchanges."

According to a report by Knews, on June 7, the Supreme People's Procuratorate disclosed a new type of virtual currency theft case. A man from Shandong, Zhang, had long assisted an acquaintance, Feng, in handling virtual currency transactions. After gaining Feng's trust, he proactively suggested that Feng switch to a more convenient digital wallet. The asset mnemonic (key) of this type of wallet is generated by randomly selecting 12 combinations from 2048 commonly used English words, which is the core password for storing virtual currency.Taking advantage of the moment when Feng was copying the mnemonic, Zhang memorized 11 complete words solely by sight and strong memory, and also noted the first letter of the last word. That night, relying on fragmented memory to repeatedly test and combine, he successfully unlocked Feng's digital wallet and transferred 107 bitcoins, later selling them for an illegal profit of 660,000 yuan. The court ultimately sentenced him to ten years and nine months in prison for theft and imposed a fine of 100,000 yuan.

According to the "Procuratorial Daily," Lin, Zeng, and Dai conspired to use virtual currency trading as a pretext. During the trading process, they secretly filmed the victim's digital wallet private key and, after the virtual currency was credited, secretly logged into the victim's wallet to reverse the transaction, transferring the related virtual currency back to their controlled accounts. The three committed the crime three times, causing the victim a total economic loss of 660,000 yuan.The first-instance court held that in the absence of a clear judicial interpretation regarding the valuation method of virtual currency and sentencing standards, it was inappropriate to directly determine the amount involved as particularly huge based on the victim's purchase amount of 660,000 yuan. Therefore, they sentenced the three based on "other serious circumstances," imposing prison terms ranging from eight years to five years and six months, along with fines. The Hanyang District Procuratorate of Wuhan City in Hubei Province subsequently filed an appeal, which was supported by the Wuhan City Procuratorate.The prosecution argued that the first-instance court applied the law incorrectly and imposed an excessively light sentence. Prosecutor Dai Wentao of the Wuhan City Procuratorate stated that in the case where the victim had a clear loss amount to refer to, it was contradictory and legally erroneous to claim that the value of virtual currency could not be determined. In judicial practice, using the resale price and transaction price as the basis for determining the amount of theft has become mainstream, and determining the value of virtual currency based on the actual cost paid by the victim has factual, legal, and practical basis.The Intermediate Court of Wuhan accepted the prosecution's opinion in the second instance, revoked the corresponding content of the original judgment, and changed the determination of the theft amount to particularly huge. It sentenced the principal offender Lin to ten years and six months in prison for theft, and sentenced the accomplices Zeng and Dai to eight years in prison each, along with fines.

According to Jinshi reports, Russian President Putin stated that the "theft" of Russian assets has affected the US dollar and the euro.

According to Fortune, California cryptocurrency executive Adam Iza admitted on Monday to orchestrating a failed kidnapping attempt against the parents of Veer Chetal.The case is related to the $245 million Bitcoin theft that Veer Chetal was previously involved in. 25-year-old Adam Iza, also known as Ahmed Faiq, previously ran the cryptocurrency trading company Zort and referred to himself as the "Godfather." Veer Chetal and two others involved impersonated Google and cryptocurrency exchange technical support personnel to steal 4,100 Bitcoins from a Washington resident, which was worth approximately $245 million at the time.Adam Iza and his accomplices attempted to obtain part of the stolen funds by kidnapping Veer Chetal's parents. Additionally, Adam Iza admitted to stealing over $37 million by fraudulently accessing Meta's business manager accounts and credit lines between 2020 and 2022. Federal prosecutors are seeking at least 14 years of imprisonment during his sentencing.

According to Shandong Legal News, a Bitcoin theft case prosecuted by the Li Cang District Prosecutor's Office in Qingdao has been sentenced. The defendant, Zhang, was sentenced to 10 years and 9 months in prison for theft and fined 100,000 yuan.In the early hours of a certain day in 2024, the virtual currency wallet of the victim, Feng, was quietly accessed, and 107 Bitcoins were transferred, equivalent to over 22.54 million yuan at the market price on that day. It was found that Feng had entrusted an acquaintance, Zhang, to assist with the operation. During the process of registering the wallet on behalf of Feng, Zhang obtained the mnemonic phrase, and after multiple attempts in the early morning, he cracked the wallet and transferred the Bitcoins. After being apprehended, Zhang claimed that his actions were a "protective takeover" to prevent the Bitcoins from being stolen by others. The prosecution traced the funds and found that the stolen Bitcoins were transferred multiple times and exchanged for over 660,000 yuan, exposing his lies.The prosecution determined that Bitcoin has economic value and exclusive control, meeting the core characteristics of "property" in criminal law, and can be the object of theft. The actual proceeds from the sale of the stolen Bitcoins, amounting to over 660,000 yuan, were used as the basis for the theft amount. After the defendant appealed, in November 2025, the Qingdao Intermediate People's Court ruled to dismiss the appeal and upheld the original sentence. This case is a typical example of Qingdao's legal punishment of crimes in the virtual currency field, clearly conveying the judicial stance: activities related to virtual currency must be conducted within the legal framework, and stealing others' virtual property also constitutes a crime.

Blockchain security company CertiK's latest data shows that in May 2026, losses in the crypto industry due to hacking, exploitation of vulnerabilities, and fraud amounted to approximately $68.3 million, a decrease of nearly 90% compared to over $650 million in losses in April, making it the third month this year with losses below $100 million.CertiK stated that approximately $2.6 million in losses during May came from phishing attacks. In contrast, in April, significant attacks on Drift Protocol and KelpDAO's infrastructure resulted in losses of approximately $285 million and $292 million, respectively, with these two incidents accounting for about 95% of the total losses for that month, making April one of the worst months for losses since March 2022.Despite the reduction in large-scale attacks at the protocol level, CertiK warns that risks such as phishing attacks, social engineering scams, deepfakes, and credential leaks continue to grow. Researchers point out that an increasing number of attackers are targeting employees, operational systems

Recently, the People's Procuratorate of Licang District, Qingdao City, Shandong Province, China, handled a Bitcoin theft case. The defendant, Zhang, obtained the mnemonic phrase while assisting an acquaintance in registering a virtual currency wallet, and later transferred 107 BTC in multiple transactions, equivalent to over 50 million yuan at current market prices. Zhang argued that his actions were a "protective takeover," but the prosecution found that he transferred the stolen BTC through multiple trading platforms and exchanged it for over 660,000 yuan. The Licang District Court sentenced Zhang to 10 years and 9 months in prison for theft and imposed a fine of 100,000 yuan; the second instance upheld the original judgment.Reports indicate that the prosecutor handling the case strictly adhered to laws and judicial policies, and after in-depth analysis, concluded that although China's regulatory policies deny the legal currency status of virtual currencies, they do not negate their property attributes, nor do they prohibit citizens from legally holding and circulating them. Bitcoin requires investment in computing power, funds, and other costs to acquire, which gives it economic value; rights holders can achieve exclusive control and management through private keys and mnemonic phrases, aligning with the core characteristics of "property" in criminal law, making it a target for theft. In determining the amount, since virtual currencies have no official pricing, the Licang District Procuratorate discarded market price estimates and used the actual proceeds from the crime of over 660,000 yuan as the amount for theft, ensuring accurate conviction, appropriate sentencing, and unity of guilt and punishment.

On-chain security analysis account Eye stated that the BNB Chain project launch platform DxSale is suspected of exploiting a hidden backdoor to siphon off funds from an old liquidity pool locked in 2021, involving over 1,400 LPs and an amount of approximately $7.3 million. The analysis indicates that this attack includes operations such as "silent ownership transfer" and over 80 wallet hops.After the LP was drained, the attack address received over 1,200 BNB (approximately $763,000), with the funds believed to come directly from multiple stolen LP pools. More concerning is that this address had previously been dormant for a long time but has a direct on-chain association with a wallet marked as related to the DxSale team; this address is also one of the important funding inflow addresses for the DxSale smart contract.Subsequently, the attack address transferred about 3,400 BNB (approximately $1.2 million) to multiple wallets and completed the fund transfer through several Binance deposit addresses. Eye stated that if the related accusations are true, it implies that the DxSale team may have reserved a backdoor for the platform years ago and ultimately carried out the attack themselves. They also called for Binance to freeze the related funds, believing that these assets essentially belong to the project investors who had previously financed through DxSale. DxSale was one of the most well-known launchpads and LP locking infrastructure on the BNB Chain, with projects like SAFEMOON having used its services.

A man in Florida, USA, was arrested for allegedly stealing approximately $1.9 million worth of Bitcoin by using the mnemonic phrase of his former employer's hardware wallet. Police stated that the unauthorized transfer of the stolen funds occurred in 2020, when the suspect still had access to critical security information.

Security company Socket Security disclosed that a cryptocurrency theft operation named TrapDoor is launching active supply chain attacks in package repositories such as npm, PyPI, and Crates.io. A total of 34 malicious packages and 384 versions and components have been identified, with attackers continuously pushing new versions across various ecosystems.TrapDoor primarily targets developers in the cryptocurrency, DeFi, AI, and security fields, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys. Socket detected that the median detection time for malicious versions was 5 minutes and 27 seconds, with the fastest detection occurring 58 seconds after release.

According to GoPlus analysis, the stablecoin protocol StablR had security issues with its multi-signature contract settings on Ethereum (multi-signature threshold of 1), and the holder's private key was stolen, resulting in StablR $EURR and $USDR stablecoins being depegged by 20%. The attacker has profited approximately $2.8 million.

The Fuzhou City Cangshan District People's Procuratorate disclosed that a man was sentenced to 12 years and 7 months in prison for theft after stealing 4 Bitcoins from others and illegally profiting about 900,000 yuan, with a fine of 300,000 yuan. The second instance upheld the original verdict.The case shows that at the end of 2020, Wang entrusted Lin to assist in cashing out the Bitcoins he held. During the process of accessing Wang's Bitcoin wallet hard drive and computer, Lin stole the wallet's "private key" and related data, transferring 4 Bitcoins into his own name, and subsequently sold them for profit. In 2024, after Wang discovered abnormal asset activity, he reported it to the police, and Lin was subsequently arrested.The procuratorial authority stated that although current regulations clearly indicate that virtual currencies do not have the status of legal tender, Bitcoins possess value, manageability, and transferability, meeting the general characteristics of "property" in criminal law, and are subject to property crime. Relevant infringement actions will also be held criminally accountable.

Slow Fog's Yu Xian posted on the X platform stating that the reason for the Verus theft may be that the attacker constructed a forged Merkle proof, which passed the verification of the Verus Ethereum bridge (not open source), thus successfully withdrawing funds (ETH/tBTC/USDC). Specific details need to be further verified.

"On-chain detective" ZachXBT stated that the hacker "Dritan Kapplani Jr" transferred approximately $2.59 million in assets, including 1.99 million DAI and 259 ETH. The related funds were transferred from address 0x4487...bba6 to address 0x67ec...125d, and the stolen funds are currently in a stagnant state.ZachXBT indicated that it released an investigation report on May 12, detailing the connections between Dritan Kapplani Jr and Trenton (Trent) Johnson in a social engineering theft case involving 185 bitcoins (approximately $13 million).