An attacker used a compromised Ostium oracle signer to push future-dated prices through the protocol's PriceUpKeep forwarder on July 15, draining $18–24M from the OLP vault.
Arkham data shows ~3,800 BTC and 30,007 ETH — from the Ryan Farace, BTC-e and Brian Krewson cases — reached Coinbase Prime on July 13, testing the Strategic Bitcoin Reserve no-sell posture.
A flash-loaned donation to Summer.fi's Ark inflated FleetCommander.totalAssets() and let an attacker redeem $70.9M from a $64.8M deposit. Lazy Summer vaults paused; funds are moving to Tornado Cash.
OFAC added 134 wallets tied to ISIS-K to the SDN list on July 1: 131 TRON, 3 Monero. Tether froze the TRON balances within hours; the Monero side stays out of reach.
A poisoned JS dependency on Polymarket's frontend drained ~$3.1M in PUSD from 11+ wallets on June 25, swapped into ~1,893 ETH. Contracts untouched; refunds promised.
On June 26 the on-chain investigator said the BitMax-era exchange's known hot wallets on Arkham and TRM lack large-cap reserves. AscendEX has not responded.
Taiko's chain state verification was compromised on June 22; proposers stopped producing blocks, the ERC20 Vault on Ethereum was drained for an estimated $1.7M, and all bridges are flagged unsafe.
Attacker farmed approvals from Ethereum's largest sandwich bot using 66 fake WETH/USDC/USDT tokens, then swept ~1,474 WETH, 2.87M USDC and 2M USDT in a single sweep tx.
On June 14, an attacker exploited a numRealTxs vs decoded_slots gap in Aztec Connect's immutable rollup contract and drained 909 ETH, 270,513 DAI and 167.89 wstETH.
An attacker minted a counterfeit LP token, called withdraw on Raydium's deprecated AMM V3 program, and drained 150,177 RAY, 5,603 SOL and 893,700 USDC from 5 Serum-era pools.
Researcher 0xFlorent_ found an integer-overflow path in the HongCoin admin function and unlocked 1,003.62 ETH (~$2M) trapped in the 2016 ICO refund contract for nine years.