CVE-2024-52911: Bitcoin Core's first memory safety flaw
Bitcoin Core developers disclosed what they described as the project's first known memory safety vulnerability — tracked as CVE-2024-52911 — after fixing the bug months earlier. The defect, a use-after-free error, affected Bitcoin Core releases from 2017 through early 2025 and could be triggered by specially crafted invalid blocks that crash nodes; in rare circumstances researchers said it might allow remote code execution.
Developers characterized the attack as unlikely in practice because an attacker would need to expend significant computing power to create invalid blocks that would yield no financial reward. The issue was privately reported in November 2024 by Cory Fields of MIT's Digital Currency Initiative; Pieter Wuille introduced a fix days later under a deliberately misleading update description intended to avoid attracting attackers. The patched code was included in Bitcoin Core version 29.0, released in April 2025. Public disclosure only followed after older versions reached end-of-life support; estimates cited in the report suggest roughly 43% of bitcoin nodes may still be running vulnerable versions.
TrustedVolumes: $6.7 million drained from a resolver contract
TrustedVolumes, a liquidity provider serving decentralized exchange aggregator 1inch, said about $6.7 million in cryptocurrency was drained after attackers targeted its resolver contract on the ethereum blockchain. Blockchain security firm Blockaid reported that the stolen assets included wrapped ether, bitcoin-linked tokens, and stablecoins such as USDT and USDC.
Blockaid noted similarities between this exploit and a March 2025 attack on 1inch Fusion V1 that cost roughly $5 million, but said the TrustedVolumes breach exploited a different weakness tied to TrustedVolumes' custom trading system. 1inch itself said its systems, infrastructure and customer funds were not affected, stressing that TrustedVolumes operates independently and provides liquidity services to multiple protocols.
Wasabi Protocol: admin key compromise and LP-share token risk
Multiple firms reported more than $5 million stolen from Wasabi Protocol after attackers gained control of a privileged administrator account. PeckShield, BlockAid, CertiK and BlockSec said the intruders compromised an admin key, upgraded core contracts and drained funds from user vaults across ethereum, Base, Berachain and Blast networks.
Blockaid warned that LP-share tokens — tokens representing pooled user investments — should be considered unsafe because the assets backing them may already be gone or vulnerable. BlockSec investigators said accounts funded through Tornado Cash appeared to receive administrative privileges before the attack. Cyvers reported the attackers converted much of the loot into ether and moved funds across multiple addresses. Wasabi urged users not to interact with its contracts while investigations continue and attributed the incident to weak operational security rather than faulty code.
Ekubo exploit: immutable swap contracts and immediate user steps
Ekubo Protocol lost about $1.4 million after attackers exploited weak access controls in ethereum-compatible swap router contracts, according to Blockaid. The vulnerable payment callback function accepted external transaction instructions without properly verifying wallet-owner approvals, allowing attackers to move funds from wallets that had previously granted token approvals to the affected contracts.
Researchers said the theft was executed in roughly 85 rapid transactions; one victim reportedly lost about 17 wrapped bitcoin. Stolen assets were later converted into wrapped ether and DAI. Ekubo warned users to immediately revoke token approvals using the revoke.cash service, noted that liquidity providers and its main Starknet deployment were not affected, and observed that because the vulnerable contracts are immutable the platform will likely need to deploy new contracts to remediate the issue.
South Korea legal actions: Bithumb suspension paused; Delio CEO faces prison request
A Seoul court temporarily blocked a six-month suspension that South Korea's Financial Intelligence Unit had imposed on cryptocurrency exchange Bithumb, allowing the exchange to keep operating while the case proceeds. Regulators had accused Bithumb of failing to properly verify customer identities in about 6.65 million cases, and ordered a suspension of external crypto deposits and withdrawals for new customers plus a fine of 36.8 billion won (about $25 million). Authorities also launched proceedings against CEO Lee Jae-won. The court's decision keeps the restrictions on hold until a final ruling.
Separately, prosecutors asked a Seoul court to sentence Delio CEO Jeong Sang-ho to 20 years in prison over allegations tied to the collapse of the crypto deposit platform. Prosecutors allege Jeong misused about 250 billion won (roughly $168.8 million) belonging to nearly 2,800 customers between August 2021 and June 2023; Delio suspended customer withdrawals in June 2023. The case is tied to broader disruptions in South Korea’s crypto sector after the FTX collapse: prosecutors previously sought an arrest warrant for a person identified only as Bang, a major shareholder in B&S Holdings, following claims by Haru Invest that B&S caused losses of 350 billion won (about $236 million) linked to FTX. Jeong's defense said it would work to compensate customers if he is acquitted; the court will issue its ruling on July 16.
North Korea denial amid TRM Labs attribution of $577 million in 2026 thefts
North Korea's Foreign Ministry denied responsibility for alleged cryptocurrency thefts even as TRM Labs reported hacking groups linked to the country stole about $577 million in digital assets in the first four months of 2026. A ministry spokesperson blamed “U.S. government organs, reptile media organs and plot-breeding organizations” for the country's reputation.
TRM said North Korea-linked actors accounted for 76% of global cryptocurrency hack losses between January and April 2026, with two April attacks — a $292 million exploit against KelpDAO and a $285 million breach of Drift Protocol — driving most losses. TRM linked the KelpDAO attack to TraderTraitor, an operation associated with the Lazarus Group; TRM further reported that since 2017 North Korean-linked actors have allegedly stolen more than $6 billion in cryptocurrency and that stolen funds help finance the country’s nuclear weapons and ballistic missile programs.
