Security

The privacy protocol Umbra temporarily closed its front-end website after hackers exploited its funds, prompting renewed debate within the marketplace about the extent of controllability in decentralized systems.

Drawing on the large-scale Bybit thefts of 2025–2026, the latest findings from Chainalysis and TRM Labs, the rollout of Hong Kong’s stablecoin licensing, and ongoing MiCA regulatory progress, this article offers a comprehensive breakdown of Private Key management, Approval and Signature practices, DeFi protocol filtering, and AI-driven phishing defenses. It delivers a clear, actionable on-chain Assets security checklist and emergency response procedures tailored for everyday users.

The Aave crisis has prompted a coordinated rescue across the DeFi sector. This article breaks down DeFi United’s funding structure, risk transmission mechanisms, and governance challenges, examining whether regular users will end up shouldering the final burden.

Arbitrum has frozen around $72 million in hacker assets, igniting debate over the boundaries between decentralization and governance. This article examines the reconstruction of DeFi trust structures through the lens of the Kelp DAO attack, cross-chain risks, on-chain governance mechanisms, and marketplace reactions.

DeFi has suffered losses exceeding $600 million in the past three weeks, as the Kelp DAO incident set off a liquidity chain reaction, driving TVL down to its lowest point in a year. This article breaks down risk transmission, structural challenges, and the broader impact on the industry.

In April 2026, the KelpDAO Bridge was attacked, with the attacker using abnormally minted rsETH as collateral on Aave to borrow a significant amount of WETH. This led to roughly $200 million in bad debt discussions and liquidity stress. This article provides an objective review of the event sequence and structural takeaways from the perspectives of mechanism, marketplace response, and governance framework.

Since 2026, DeFi security incidents have demonstrated concurrent patterns involving protocol vulnerabilities, front-end hijacking, and approval phishing. Drawing on this year's notable security cases, this article provides a systematic overview of Wallet layering, approval management, signature verification, and emergency response procedures, enabling regular users to build a practical and reusable on-chain security risk control system.

To strengthen blockchain application security, the Ethereum Foundation has introduced a new audit grant program. Through financial support and partnerships with professional institutions, the program reduces the cost threshold for Developers to perform security audits. In this article, you'll learn how the program works, the criteria for participation, and its broader implications for the crypto industry.

CoW Swap has suspended its services following a DNS hijacking incident targeting its frontend website. While the core protocol remains unaffected, this event underscores the persistent security risks facing DeFi frontends. In this article, we will examine the attack mechanism, the scope of its impact, and recommended preventive strategies.

Recently, an address contamination attack has targeted Squads multi-signature Wallet users. While no Assets have been lost, the attack could mislead users through interface manipulation and prompt incorrect actions.

With the ongoing growth of the Solana ecosystem, security concerns are becoming more critical. In response, the Solana Foundation has launched several new security programs, such as the STRIDE security framework and the SIRN incident response network. Additionally, developers are being offered security tools and support to strengthen the ecosystem's overall defense and transparency.

The Solana Foundation has introduced two comprehensive security frameworks, STRIDE and SIRN, encompassing protocol evaluation, around-the-clock threat monitoring, incident emergency response, and formal verification. This article offers a thorough analysis of how these initiatives influence the Solana DeFi ecosystem, security governance, and the path toward institutional adoption.

Aave is entering a new phase of node restructuring. With Aave V4 going live, Horizon progressing, and core service providers being replaced one after another, Aave is not simply undergoing a protocol upgrade; it is experiencing a comprehensive system overhaul focused on governance, Risk Control, and institutional capabilities. This article breaks down the critical variables that will define Aave’s future.

The essence of this attack lies in the creation of the market (soToken), where the attacker performed the first collateral minting operation with a small amount of the underlying token, resulting in a very small "totalSupply" value for the soToken.

In this in-depth research, we will examine recent high-profile events, get to the bottom of this sneaky attack, and provide you with the knowledge you need to protect your digital assets.