Monday, February 2, 2026

Trust assumptions are breaking faster than code, founders are discovering silence as a strategy, and the biggest failures still start outside the contract.

This week:

• SagaEVM minted $7M from fake cross-chain deposits after its bridge accepted forged messages, turning shared infrastructure bugs into real collateral losses.

• Trove Markets’ token lost 95% in ten minutes as deployment funds were sold and liquidity was paper-thin, proving a protocol can implode without a single line being hacked.

• Ethereum is accelerating post-quantum security, forming a dedicated team to harden wallets, signatures, and consensus.

When protocols trust messages and founders trust silence, crypto doesn’t explode. It leaks value slowly, then pretends nothing happened.

• SagaEVM printed $7M from fiction via its IBC bridge. An attacker abused Ethermint’s EVM precompile to feed forged cross-chain messages that looked like real deposits. The bridge never verified the source, so Saga Dollar was minted without collateral, redeemed for real assets, bridged to Ethereum, and swapped into 2,000+ ETH. The stablecoin depegged to $0.75, TVL collapsed from $37M to $13.6M, and Cosmos Labs later confirmed the bug lived in shared Ethermint code. (Read more)

• Trove Markets turned an $11.5M ICO into a live-fire credibility test. Investors paid for a Hyperliquid-native collectibles perp DEX. Days later, the team pivoted to Solana, sold the HYPE tokens meant for deployment, retained over 80% of the raise, and launched a token with $50K liquidity at a $20M FDV. TROVE lost 95% in ten minutes while wallets tied to the raise dumped assets, hit casinos, and denied control in public as selling continued on-chain. No exploit contract. No hack. Just governance theater, wallet gymnastics, and a collapse that looked exactly like the incentives. (Read more)

2025 Web3 Cybersecurity Report | Resonance Security (48 min read)
A month by month autopsy of 2025’s biggest blowups, mapped across CeFi, DeFi, bridges, wallets, and the human layer. The report’s throughline is brutal and consistent: the “how” changes, but the root cause keeps rhyming with key custody failures, privilege mistakes, and infrastructure assumptions that collapse under pressure. If you want a fast way to spot repeatable exploit patterns before they show up in your own post mortem, this is the cheat sheet.

Provenance Security Best Practices for Cosmos Ecosystems (42 min read)
Provenance chains don’t usually fail because of flashy exploits, they fail when reality drifts from what the chain believes is true. This piece breaks down how provenance systems on Cosmos actually break in practice: nondeterministic logic that desyncs validators, oracles that faithfully record bad data, metadata that can be quietly altered off-chain, and “safe” modules that become dangerous when misconfigured.

Top 10 RWA Attack Vectors Every Developer & Auditor Must Watch (15 min read)
Real-world assets don’t fail like DeFi. They fail in the seams between contracts, custodians, guardians, and humans. This deep dive distills a year of RWA audits into ten repeatable failure modes - from token splits that double-charge value, to recovery flows that never fully reset, to NAV oracles that blindly trust off-chain inputs.

Evolution of Fraud: From Crime of Opportunity to Scam-Industrial Complex to AI Automation (6 min read)
KK Park showed what fraud looks like when it’s industrialized: compounds, coerced labor, and $100M in stablecoins flowing out. AI is making that model obsolete. Scams no longer need buildings, people, or borders - just models, wallets, and automation. As payments move to stablecoins, fraud shifts from a user problem to a systemic one, and institutions that don’t build defenses at the transaction layer will be left cleaning up losses they can no longer explain or absorb.

Explained: The SagaEVM Hack (January 2026) (3 min read)
SagaEVM didn’t get hacked by a clever new exploit - it got wrecked by code it inherited and never fully interrogated. A flaw in Ethermint’s EVM precompile let an attacker fake collateral deposits, mint unlimited Saga Dollars, and drain $7M before bridging out to Ethereum and laundering the proceeds. The stablecoin depegged to $0.75 not because markets failed, but because validation logic did. It’s the oldest supply-chain lesson in DeFi: forked code ships with forked liabilities, whether you audit them or not.

Infostealer malware just dumped crypto users at scale. A 149M-credential leak exposed hundreds of thousands of exchange logins after malware quietly scraped passwords from infected devices.

A US government crypto wallet may have been drained from the inside. ZachXBT alleges tens of millions were siphoned from wallets holding seized Bitfinex funds and links the theft to the son of a CEO at a firm contracted to custody government crypto. The claims aren’t proven in court, but the on-chain trail points to a failure of custody, not a hacker breach.

Matcha Meta users lost $13.5M to a poisoned route. A compromised SwapNet integration abused unlimited token approvals, letting an attacker drain user wallets without touching Matcha’s core contracts. Another reminder that in DeFi, approvals are blast radii, not conveniences.

Ethereum is preparing for the quantum threat now. The Ethereum Foundation elevated post-quantum security to a top priority, forming a dedicated team and moving from research to active engineering to future-proof wallets, signatures, and consensus before quantum timelines compress.

Chinese Telegram laundering networks are becoming a parallel financial system. Chainalysis estimates Chinese-language Telegram-based groups routed roughly $16B in illicit crypto in 2025 alone, accounting for about 20% of global laundering activity, as criminals increasingly bypass exchanges and DeFi controls through escrow-style “guarantee” platforms and cross-chain flows.

• Hacken audited Tokenize's tokenized cap-table and secondary swap contracts, reviewing its allowlist-gated ERC-20, fee configuration logic, and peer-to-peer TokenSwap marketplace. The assessment reported 8 total findings with no critical or high-severity issues, highlighting centralization and upgradeability risks around admin roles, unlimited mint allowances, and mutable swap parameters.

• Halborn audited EA Finance’s StakeUSD multi-chain staking and bridging system, covering the wCC token, staking rewards pool, and BridgeController contracts. The two-day review reported 5 total findings with no critical, high, or medium issues, flagging only low and informational risks around reward timing validation, decimal mismatches, ownership transfer flow, and mint request checks.

• Cantina audited yield.xyz’s vault contracts, reporting no critical or high-severity vulnerabilities and 7 low-risk plus informational and gas-optimization findings primarily related to ERC-4626 compliance nuances, harvest access control bypass via dust deposits, preview/redeem accounting accuracy, pause-state handling, and minor whitelist and fee-calculation logic issues.

• Hacken audited Acecoin’s multi-chain subscription staking system, identifying 36 total findings including 2 high-severity issues, primarily around reward accounting logic, staking capacity loss, fee-calculation assumptions, and subscription state management. Thirty issues were resolved and six accepted, with the final report confirming no unresolved critical risks but flagging centralization and admin-key control as ongoing structural concerns alongside moderate test coverage.

• Nethermind audited OpenCover’s yield vault, reviewing more than 900 lines of code and reporting zero critical, high, or medium issues, with only 2 low-severity bugs and several informational or best-practice findings, most of which were fixed. The final assessment confirmed solid role segregation, upgrade safety, and extensive test coverage, with remaining notes focused on rounding precision, UX edge cases, and ownership-transfer hardening rather than fund-loss risks.

Two years ago, DeFi learned that rounding errors and share math are not edge cases, they are attack surfaces. Abracadabra just proved the lesson never stuck. A known debt accounting flaw in Cauldron-style lending was abused to inflate share prices, drain $6.5M in MIM from multiple cauldrons, and shove a “stable” coin off its peg in minutes. Flash loans, vault donations, borrow-repay loops, and a familiar ERC-4626-style inflation trick did the rest. Different cycle, same magic trick: when financial math gets hand-waved as harmless precision loss, it eventually turns into real money disappearing on-chain.

He built El Chapo an unbreakable internet and then sold it out from the inside. A 21 year old dropout created a private encrypted network that made the cartel invisible before secretly turning it into a live FBI wiretap. Betrayal, backdoors, and a criminal empire listening to its own downfall.

Skip the bots, hit the brains.

Get your message in front of the sharpest, most battle-tested crowd in crypto.

If they notice you, the whole space will. [Partner with us]

We provide an anonymous platform for whistleblowers and DeFi detectives to present their information to the community. All authors remain anonymous. 
We are all rekt.