BoostHook on Ethereum was exploited on 2026-05-13 in transaction `0xb45cc4d9c13c2c24b4bbf71db9e6f52ed24d174ad23ed2622a290289cebd3811` at block `25080848`. The attacker used a 120 WETH Morpho flash loan to push the ETH/PERP Uniswap v4 pool price upward, opened nine leveraged long positions through `BoostHook.openLong()` while the pool was temporarily overpriced, then reversed the price move and […]

On May 12, 2026 at 10:11:11 UTC, the SQ protocol on BNB Chain was exploited for 346,137.034345 USDT after the attacker abused a hardcoded owner backdoor in the verified `Staking` contract at `0x404404a845fff0201f3a4d419b4839fc419c99f7`. The attacker sent a type- `0x4` transaction with an `authorizationList` entry that delegated their EOA to helper […]

During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains the second-highest Q1 on record at 117% above Q1 2024 (977 […]

INK Finance’s Workspace Treasury on Polygon was exploited on 2026-05-11 at block 86711192. The attacker used an address-control / authorization design flaw in the workspace payroll claim path: a freshly deployed CREATE2 contract at `0xd7c643517f98f58d3f9ba91de05d4f62620cfd10` was accepted as an eligible claim actor and triggered the treasury’s authorized transfer path. The […]

On May 11, 2026 at 14:19:25 UTC, three deprecated Huma Finance V1 `BaseCreditPool` proxy deployments on Polygon were drained by an attacker-controlled borrower contract. The exploit was a credit-lifecycle logic error with an access-control component: an open `requestCredit(…, preApproved=false)` path created `Requested` credit records, then an unrestricted `refreshAccount(address)` call advanced […]

On May 10, 2026 at 08:27:23 UTC, Renegade Dark Pool Proxy 1 on Arbitrum ( `0x30bd8eab29181f790d7e495786d4b96d7afdc518`) was drained through an access-control failure in its initialization path. The attacker EOA `0x777253f28adc29645152b7b41be5c772a9657777` created an orchestrator contract, deployed malicious delegatecall logic, then called the proxy’s `initialize(…)` function with attacker-controlled addresses. The trace proves […]

CVE-2026-30815 An os command injection vulnerability exists in the Openvpn configuration restore client_connect functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

CVE-2026-30815 An os command injection vulnerability exists in the Openvpn configuration restore script_security functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

CVE-2026-30817 An external config control vulnerability exists in the Openvpn configuration restore route_up functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary file reading. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

# White Eagle withdraw drain via spot-price-based WEGL payout On 2026-05-07 08:14:47 UTC, the White Eagle withdrawal contract on BNB Chain was exploited through a spot-price manipulation logic flaw in its withdrawal path. The attacker used an orchestrator plus 11 helper contracts to call `withdraw()` repeatedly, then sold each WEGL […]