TonBit

🚨 On-Chain Forensics | Ink Finance @inkfinance @0xPolygon On May 11, 2026, an attacker drained $165,162 USDT0 from Ink Finance's Treasury — by impersonating a "legitimate" claimer and walking right through claimPayroll(3). Net profit: ~$140K. Cost to attacker: a flash loan and a fake interface. Full breakdown 🧵👇

Two upgrades shipping on Claw Wallet 🐾 🔀 Smarter routing — swap & bridge auto-routes across Li.Fi / OKX / Uniswap on EVM and Jupiter on Solana, with automatic fallback when a path fails. ⛽ Gasless by default — on most EVM chains + Sui + Solana, no need to prep native gas. A dedicated sponsor service handles estimation, validation and execution. Pay fees in stablecoins, or nothing at all. Less manual switching. More reliable fills. Smoother first-tx for every new user. Join us 👇 🌐 clawwallet.cc 💬 t.me/clawwalletcc

🔬 New from BitsLab Research Balancer V2 deployed ONE contract to hold every token across every pool. Looks like a single point of failure. It's actually why: → Cross-pool arbitrage moves zero tokens → Flash loans tap the entire protocol's liquidity → A 2-token swap completes in just ONE SSTORE We spent weeks dissecting the Vault contract line by line. Part 1 of our 3-part Balancer V2 deep dive is live — covering every gas trick, every safety check, and the trade-off no one talks about (the Aug 2023 Boosted Pool incident wasn't an accident of architecture). If you're building a DeFi protocol, auditing one, or investing in one — this one's worth 15 minutes. 📖 Read Part 1 ↓ linkedin.com/pulse/balancer… Part 2 (Pool math) and Part 3 (real vulnerability post-mortems) coming next.

It took one character to break it. `|` — that's all an attacker needs to bypass nanobot's Channel allowlist and slip into the Agent Loop with full access to whatever tools the deployment exposes. CVE-2026-31977. The first vuln BitsLab found in nanobot. Read on ↓

🌍 New Partnership: Claw Wallet × TagAI We are excited to announce our collaboration with TagAI @TagAIDAO! By integrating Claw Wallet’s secure, AI-native infrastructure with TagAI's social prediction-driven community layer, we are setting a new standard for the AI Agent ecosystem. Together, we’re making on-chain AI interactions more seamless, secure, and social. 🛡️ Proudly building the future of AI Agents together on @BNBCHAIN ! 🟡 #ClawWallet #TagAI #Web3AI #AIAgents #Crypto #TagClaw #BNBChain #BuildOnBNB

🎉 We’re excited to share that MoveBit will be presenting today at the Web3 Scholars Conference 2026 in Hong Kong. web3scholar.org Our presentation: “Beyond Guesswork: LLM Driven Semantic Distillation to Fuzz and Exploit Smart Contracts” 🏆 Presenting on site today: Ziqiao Kong and Wanxu Xia Authors: Ziqiao Kong (Nanyang Technological University) Wanxu Xia (Beihang University) Borui Li (Jilin University) Yi Lu (MoveBit) Pan Li (BitsLab) Yang Liu (Nanyang Technological University) Proud to contribute to smart contract security research at the intersection of LLMs, fuzzing, DeFi semantics, and vulnerability discovery. See you at #Web3Scholars2026 in Hong Kong. @DRK_Lab #MoveBit #BitsLab #SmartContractSecurity #BlockchainSecurity #DeFiSecurity #Web3

🚨 Incident Analysis: Volo Protocol (Sui) Vault Exploit On 2026-04-21, Volo Protocol on Sui suffered a vault theft resulting in ~$3.27M in direct losses, plus ~$230K in LP share-ratio collapse — combined impact of ~$3.5M. BitsLab's post-incident analysis below. 👇

$292M vanished in a single transaction. Not from a complex zero-day. Not from a reentrancy bug. From one number set wrong in a config file. Here's what happened to Kelp DAO's rsETH bridge — and why it matters for every cross-chain protocol.

Claw Wallet 🤝 TagClaw We are excited to announce our collaboration with TagClaw @TagClaw! 🦀 TagClaw is an on-chain Social & Collaborative Network for AI Agents. By integrating TagClaw’s skills into Claw Wallet, we are setting a new standard for the AI Agent ecosystem—enabling smarter coordination and modular capabilities for digital entities. 🔥We are honoured to be building this future together on BNB Chain @BNBCHAIN. Let’s push the boundaries of decentralised AI! #BNBChain #Crypto #AI #AIAgents #TagClaw #ClawWallet #TagAI

🤝 Claw Wallet x GoPlus Security Safeguarding the Future of the AI Agent Economy We are proud to announce a strategic partnership with @GoPlusSecurity, marking a pivotal milestone in building the foundational security layer for the #AIAgent era. 🌐 Redefining the Agent Infrastructure: 🔹 SafuSkill Integration: Revolutionising how AI capabilities are valued by turning "Skills" into tokenised on-chain assets with sustainable revenue streams for creators. 🔹 AgentGuard Protection: Deploying industry-leading security intelligence to provide real-time scanning and risk visualisation for every autonomous interaction. Together, we aren't just building a wallet—we are securing the next evolution of decentralised intelligence. 🛡️ #Web3 #ArtificialIntelligence #AI #CryptoSecurity #FutureTech #ClawWallet #GoPlus

🔒 Bitcoin Depot Security Incident Analysis On March 23, 2026, Bitcoin Depot @Bitcoin_Depot suffered a cyberattack that resulted in the theft of 50.903 BTC (~$3.665M) from its digital asset settlement accounts. The incident was disclosed via SEC 8-K filing on April 8. Our team at BitsLab has completed a full breakdown 👇

⚠️ Attention OpenClaw Builders & Developers! A sophisticated phishing scam is targeting our community via GitHub. According to a security news by Coindesk, scammers are using fake $CLAW airdrops to drain wallets. 🛡️ Here is our breakdown of the attack and how to stay safe: 🚩 The Hook: It starts with a GitHub tag, issue, or discussion notification. You’ll be told you’ve been “selected” for an exclusive $CLAW airdrop or contributor allocation. 🔗 The Trap: They lead you to a high-quality spoofed website. These sites are designed to trick you into signing malicious transactions, revealing private keys, or downloading malware. 🚨 Red Flags: Be highly suspicious of any message about “airdrops,” “rewards,” or “allocations,” especially if it creates urgency. Scammers often use this kind of language to pressure people into acting before they verify. ⚠️ ✅ Stay Safe: Never connect your wallet to unverified links. Always cross-check via official OpenClaw documentation and verified social channels. Don't let your hard work be stolen. Read the full details of this ongoing attack here: coindesk.com/tech/2026/03/1… #OpenClaw #Web3Security #GitHub #PhishingAlert #CryptoSafety

Is your AI Agent an assistant or a security liability? 🤖🛡️ When AI gains shell execution and network permissions, it's no longer just a "chatbot"—it's an operator. We’ve released the Nanobot User Security Practice Guide to help you build a three-layer defence. Read our latest deep dive: 🔗 movebit.xyz/blog/post/Bits… #BitsLab #AISecurity #CyberSecurity #Web3 #Nanobot #AI #ZeroTrust

UniswapV4Router04 Exploit Analysis On March 3, 2026, the swap(bytes,uint256) function of #UniswapV4Router04 on ETH was exploited. By bypassing authorisation checks, the attacker transferred 42,606.96 USDC from authorised addresses and swapped it for approximately 21.198 ETH (~$42,607). Attack tx: etherscan.io/tx/0xfe34c4bee… This attack does not require the victim's private key. It only requires that the victim has previously granted a high or infinite USDC allowance to this Router. Detailed principle analysis below 👇

Only 2 days to go until the Decentralised AI Builders Meetup in SF! 🌆 Register now🔗 luma.com/yzmp69am 🔥 Our official agenda is finally here! Join us to explore cutting-edge topics, including AI Security for Digital Assets, Autonomous AI Systems on Open Networks, and AI as an Economic Actor. Spaces are filling up fast—grab your spot now! 🏃‍♂️💨 🤝 Meet the Builders at our site! #bitsLab @AEON_Community @CipherOwl @LangrenusFund @TechTrendsWeb3 @Virgo_Global @WalletV_io #SafeNAI, #InnovatorCoffeePodcast, @OnePieceLabs,#BerkeleyEmergingTechnologyAsscociation, @pinai_io @yzilabs #KiteAI @Nevermined_ai @namefi_io @D3ServeLabs #Superpower See you in SF! 🌉 #BitsLab #DecentralizedAI #Web3AI #SanFrancisco #AI #Blockchain #AutonomousAgents #AWSBuilderLoft #TechMeetup #SFEvents

🚀 Join us in San Francisco for the Decentralised AI Builders Meetup! 🔗 RSVP NOW: luma.com/yzmp69am 📅 Wednesday, March 4 | 5:00 PM - 8:30 PM PST 📍 AWS Builder Loft | 525 Market Street, SF, CA LLMs generate. Agents act. Blockchains own. 🤖⛓️ For true autonomy, AI agents need verifiable identity and permissionless payments—not platform accounts. Join us to explore the future of AI + Crypto ecosystems! 🤝 Meet the Builders: Host: #bitsLab Co-hosts: AEON, CipherOwl, Langrenus Fund, Tech Trends @AEON_Community @CipherOwl @LangrenusFund @TechTrendsWeb3 Sponsors: Virgo, Wallet V @Virgo_Global @WalletV_io Community Partners: #SafeNAI, #InnovatorCoffeePodcast, OnePiece Labs @OnePieceLabs, #BerkeleyEmergingTechnologyAsscociation, PIN AI @pinai_io See you in SF! 🌉 #DeAI #Web3AI #GenAI #SFEvents #CryptoBuilders