Duc Cuong
859 posts





How safe is Web3 today? Join our YouTube Live with @ducnst, founder of @ThemisLabs, as we discuss the biggest cybersecurity challenges facing crypto. 🛡️ 📅 Jul 14, 12:00 PM (UTC) 👉Join LIVE: youtube.com/live/aP4JsUTj-…








Superteam Vietnam now runs on a team of two - @LynnWWins and @dieubui2522. Today, meet the second half! Daphne is our Operations Lead, focused on community programs, ecosystem partnerships, and helping local builders plug into Solana. With over 5 years across traditional brand marketing and digital assets, plus growth leadership at Saros, Viction, and Coin98, she brings a hands-on, builder's approach to scaling in fast-moving markets. She genuinely believes Vietnam has a real role to play in the global builder ecosystem, and she's the type to let the work do the talking. Welcome, Daphne 🇻🇳






Themis is now a verified security vendor on @HackenProof Marketplace! This means projects looking for smart contract audits and DeFi governance security can find us directly through one of Web3's most trusted platforms 🤝 🔗 Learn more: themislabs.xyz


We are investigating a potential exploit affecting Aztec Connect. ~$2.1m was transferred from the immutable smart contract in transaction: etherscan.io/tx/0x074ec9317… Aztec Connect was deprecated 3 years ago. Aztec Labs holds no admin keys or control over the system; it cannot be paused or upgraded by us. We will share further updates in due course.


Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021. No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since their deprecation. Raydium’s SDK and DAPP do not support mainnet interactions with legacy AMM V3 pools. The exploiter’s address is: 4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVk There were 5 pools affected: Sollet USDT - RAY Sollet ETH - RAY SRM - RAY USDC - RAY RAY - SOL An initial review of exploited assets of value are: ~150,177 RAY ~5,603 SOL ~893,700 USDC The market value of assets exploited is ~$1.34m. Full compensation will be handled by Raydium’s treasury. Legacy AMM V3 was previously only enabled to use deposited funds to place orders on the Serum order book. The program did not provide swap functionality and following the deprecation of Serum, the associated liquidity remained idle. For proportion checks, the program relied on the LP token supply. The vulnerability stemmed from insufficient validation of the LP mint. Because the program did not properly verify the LP mint address, an attacker was able to create a new mint and use it as the LP token, bypassing the intended proportion checks. By contrast, all other Raydium mainnet programs use a virtual supply mechanism for proportion checks and correctly verify the LP mint along with all other relevant account information, preventing this class of vulnerability. It is important to note that the vulnerability was caused by a self-contained logic flaw, not a key compromise or authority-level issue, so there is no propagation risk. Raydium's current programs are unaffected by this exploit. @Raydium core contributors are conducting a security review on all mainnet programs.






We are building a public index so users know how risky a protocol is before they interact with it. 91 is indexed, any protocol you scan (free) will be indexed too. themislabs.xyz/protocols



🚨 Raydium drained of ~$1.3M (reported by @PeckShieldAlert / Specter) Attacker funded from KuCoin → bridged Solana to ETH → laundered 810 ETH via Tornado Cash + 7 ETH to FixedFloat. Tracing the on-chain flow now. 👇







CÁC VỤ HACK THÁNG 5 VẪN ĐANG TIẾP DIỄN Tháng 5/2026 tiếp tục chứng kiến nhiều vụ exploit nhắm vào cross-chain bridge và DeFi protocol, với Verus-Ethereum bridge và THORChain là hai ví dụ nổi bật nhất. 1. Verus-Ethereum Bridge Hack (18/5/2026) - Thiệt hại: Khoảng 11.58 – 11.6 triệu USD. Tài sản bị drain: 103.6 tBTC, 1.625 ETH, ~147.000 USDC (sau đó swap thành ~5.402 ETH). - Cơ chế: Attacker giả mạo cross-chain transfer message (forged message), khai thác lỗ hổng validation trên bridge. Không có kiểm tra xác thực đầy đủ nên bridge tự động chuyển tài sản từ reserve ra ví attacker - Tình trạng: Exploit vẫn đang active khi được phát hiện bởi Blockaid và PeckShield. Attacker chuẩn bị qua Tornado Cash trước đó vài giờ. 2. THORChain (THORSwap/Asgard Vault) Exploit (15/5/2026) - Thiệt hại: Khoảng 10 – 10.8 triệu USD (một số báo cáo ban đầu ~7.4M, sau cập nhật lên cao hơn). - Tài sản: 36.75 BTC (~3M USD) + ~7M USD các token EVM (USDT, USDC, WBTC, DAI… trên Ethereum, BSC, Base, Avalanche, DOGE, Litecoin, Bitcoin Cash, XRP). - Cơ chế: Malicious node (mới churned) khai thác Asgard vaults, thực hiện unauthorized outbound transactions trên ít nhất 9 chain cùng lúc. Nghi ngờ liên quan đến threshold signature scheme (GG20). - Tình trạng: THORChain ngay lập tức halt trading để bảo vệ các vault còn lại. Đội ngũ xác nhận exploit, mở compensation portal ~10M USD cho victim (không phải toàn bộ loss). RUNE dump mạnh ~12-15%. => Đây là vụ lớn thứ 2 của THORChain trong năm (trước đó có incident nhỏ hơn năm 2025). 3. Các vụ hack nhỏ hơn khác trong tháng 5/2026 (theo DefiLlama hacks database ) *Những vụ này nhỏ hơn nhưng vẫn đáng chú ý vì diễn ra liên tục: - TrustedVolumes (7/5): ~6.7 triệu USD – Forged RFQ orders (protocol logic). - Ekubo (5/5): 1.4 triệu USD – Improper access control. - Renegade (10/5): 209K USD – Unprotected initializer. - INK Finance (11/5): 140K USD – Whitelisted address impersonation. - SmartCredit (4/5): 72K USD – Flashloan exploit. - SharwaFinance (1/5): ~33K USD – Oracle price manipulation. => Hầu hết các vụ gần đây đều khai thác bridge/cross-chain messaging (forged message, validation bypass) hoặc operational compromise (malicious node, social engineering). Bridge vẫn là “điểm yếu chí mạng” của DeFi. => Các bác hết sức lưu ý khi sử dụng các bridge nhé!

