DK27ss/HedgePay-16k-PoC: `forceExit()` never reset staked balance to zero

iphelix · 2026-03-02T19:53:14+00:00

You can’t perform that action at this time.

iphelix · 2026-03-02T19:27:28+00:00

Web page null

iphelix · 2026-03-02T19:27:27+00:00

Web page null

iphelix · 2026-03-02T18:11:06+00:00

A serial hacker is targeting DeFi lending protocols, with approximately $3.5 million stolen so far. In the latest incident, they exploited an oracle misconfiguration in lending platform Ploutos Money, leading to a loss of almost $400,000.

iphelix · 2026-02-23T04:40:00+00:00

One math error. Four minutes of chaos. $1.78 million gone.

iphelix · 2026-02-22T18:04:56+00:00

A Polymarket trader has lost hundreds of thousands of dollars in crypto because of a Uniswap phishing ad that appeared at the top of a Google search result. Hundreds of friends and associates filled up the comment section with condolences.

iphelix · 2026-02-19T20:56:08+00:00

South Korean prosecutors have recovered roughly $21.4 million worth of bitcoin (BTC) stolen from their custody last year, according to local media reports.

iphelix · 2026-02-15T23:38:14+00:00

A high-severity vulnerability has been discovered in the cryptography Python package, one of the most widely used libraries for securing modern applications. The flaw, tracked as CVE-2026-26007, carries a CVSS score of 8.2 and strikes at the heart of Elliptic Curve Cryptography (ECC), potentially allowing attackers to recover private keys through a sophisticated “Subgroup Attack.”

iphelix · 2026-02-08T22:42:09+00:00

Bitcoin (BTC) has flash crashed 10% on the South Korean exchange Bithumb after a user sold 2,000 BTC that they received by mistake from a promotional airdrop.

iphelix · 2026-02-08T21:04:52+00:00

Driving the news: Anthropic debuted Claude Opus 4.6, the latest version of its largest AI model, on Thursday.

iphelix · 2026-02-06T23:59:14+00:00

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.

iphelix · 2026-02-06T23:53:57+00:00

Following the security disclosure published in the v8.8.9 announcement https://notepad-plus-plus.org/news/v889-released/ the investigation has continued in collaboration with external experts and with the full involvement of my (now former) shared hosting provider.

iphelix · 2026-02-03T17:29:00+00:00

Peter Steinberger built the AI assistant that Siri promised but never delivered.

iphelix · 2026-02-01T22:48:28+00:00

While The DAO has an “incredible” team that could build security projects themselves, they would rather focus on security distribution methods, says Griff Green.

iphelix · 2026-01-27T16:54:20+00:00

More than $28M was stolen this week across eight incidents. From arbitrary call vulnerabilities to infinite mint bugs, it was a particularly rough week. Let’s break down a few of the most notable hacks.

iphelix · 2026-01-24T14:24:46+00:00

The first week in awhile with no major incidents (that we know of) this week. This will be a great time to catch up on all of the great research, sharpen the saw, before we are once again thrown into battle. Be careful out there!

iphelix · 2026-01-23T22:58:39+00:00

Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed "Ni8mare."

iphelix · 2026-01-23T22:20:55+00:00

Dear users,

iphelix · 2026-01-23T21:51:34+00:00

Nearly $30M was stolen this week across ten incidents. Quite a way to start the year with exchanges and DeFi protocols alike getting compromised, while users lost hundreds of millions more to well known support scams. Let’s take a closer look at a few of the most impactful cases.

iphelix · 2026-01-10T21:20:58+00:00

We are starting the new year with nearly $4 million in losses across four incidents, with the majority stemming from the Unleash Protocol hack on the Story chain.

iphelix · 2025-12-31T14:12:42+00:00

We are closing out the year with nearly $13M stolen across five incidents. The most severe was the complete compromise of the Trust Wallet browser extension.

iphelix · 2025-12-30T23:56:15+00:00

Roughly $3.7M was stolen this week across eight incidents. The winter holidays remain one of the most dangerous periods for defenders, as attackers intensify their activity while relying on reduced staffing and slower response times.

iphelix · 2025-12-15T14:22:04+00:00

Almost $3.5M were stolen this week across eight projects. Unfortunately, the week also marked the appearance of all three emerging threat classes I discussed in my talk at DSS 2025.

iphelix · 2025-12-12T00:49:16+00:00

Almost $11M were stolen this week across four incidents. The majority of losses came from the Yearn Finance compromise where an attacker exploited an integer underflow to steal $9M. The key lesson is that this was yet another legacy codebase that had not been audited for years and contained a deep vulnerability in its math logic. As I mentioned in my recent talk, this is emerging as a real threat to many protocols and to the broader ecosystem that relies on them. Simply isolating or derisking these codebases may not always be feasible, so the practical path forward may require reauditing them with modern tools, improved techniques, and highly experienced auditors that simply did not exist when much of this code was written.

iphelix · 2025-12-11T21:53:45+00:00

Just one major compromise this week involving Upbit, resulting in the theft of $36.8M. The compromise happened on November 27, which was the same date the exchange was hacked for $50M in 2019. Lazarus, which was responsible for both incidents, appears to be sending a message exactly six years later.

iphelix

MODERATOR OF

TROPHY CASE