Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions. The cyberattack comes shortly after Israel launched air strikes on Iran.
Israeli-linked hackers steal and destroy $90 million from Iranian Nobitex exchange
The Iran-based Nobitex cryptocurrency exchange suffered a $90 million hack, and the attacker has also promised to imminently release data and source code from the platform. The hacking group appears to have burned the crypto assets, effectively destroying them rather than taking them for their own profits.
Meta Pool exploited
An attacker exploited a vulnerability in the staking contract for Meta Pool, which is a liquid staking project. This allowed them to mint 9,700 mpETH, the project's liquid staking token, which is notionally worth $27 million. However, very low liquidity for the token meant that the attacker was only able to swap 10 ETH (~$25,000) of tokens.
Meta Pool acknowledged the theft in a post shortly after the exploit was noticed by a blockchain security firm, and announced that the team had paused the project's smart contract.
ALEX Lab exploited again
ALEX Lab lost $8.3 million in various currencies after an attacker exploited a flaw in the project's smart contracts that allowed them to create a malicious token. They drained a number of pools on the protocol, amounting to around $8.3 million.
ALEX announced they would reimburse stolen user funds.
This is the second exploit affecting ALEX Labs, after a thief stole around $2 million in May 2024.
Crypto exchange BitoPro belatedly discloses $11.5 million hack
The Taiwanese cryptocurrency exchange BitoPro disclosed that they had suffered a theft from one of their hot wallets, which they said occurred during a system upgrade in which they were transferring assets between wallets.
The theft was originally noticed by crypto sleuth zachxbt, who observed a suspicious transfer of around $11.5 million in crypto assets on May 8. The funds sold on decentralized exchanges and then laundered through various cryptocurrency mixing services.
BitoPro originally only told customers that the platform was offline for "maintenance", but disclosed the theft on June 2 after zachxbt published his findings.
- Telegram post by zachxbt [archive]
- Telegram announcement by BitoPro (in Chinese) [archive]
Cork Protocol exploited for $12 million
Cork Protocol, a defi project aimed at "tokenizing the risk of depeg events for stablecoins and liquid (re)staking tokens", suffered a $12 million loss after an attacker exploited a bug in how the project's smart contract calculated exchange rates. The attacker stole around 3,762 wrapped staked ETH (wstETH), which they exchanged for ETH. The project announced that they were investigating the theft and had paused markets.
Cork had been audited in whole or in part by four different security firms. The project's funders include Andreessen Horowitz, OrangeDAO, and Steakhouse Financial, and Cork is a part of Andreessen Horowitz's Crypto Startup Accelerator.
Cetus DEX exploited for $223 million; some funds "paused"
An attacker stole $223 million from the Sui-based Cetus Protocol. The project announced shortly after that $163 million of the funds had been frozen, leaving around $60 million unaccounted for.
This led some to question how decentralized the project truly is if the funds can be frozen in such a way.
Sui validators later voted to return the frozen assets to the Cetus project. Cetus also announced that users would be fully compensated, and that they would cover the $60 million gap with project treasury funds and a loan from the Sui Foundation.