This page collects WhisperX intelligence signals tagged #defi. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
alright, here is something that caught even veteran crypto traders by surprise - NEAR protocol just jumped over 21% in a single day, breaking above $1.18 with trading volume hitting a massive $303.7 million. from an investment perspective, this is exactly the kind of move that makes you pay attention. the market cap is...
Whispers from the UAE's bustling crypto scene point to sophisticated fraud rings operating out of Dubai, leveraging the region's appetite for high-yield investments. Sources indicate these schemes often masquerade as legitimate decentralized finance (DeFi) projects or exclusive token offerings, preying on investor FOMO...
A decentralized lottery protocol has recovered the majority of funds following a security exploit, highlighting the growing role of ethical hackers in Web3 incident response. Foom Cash, a zero-knowledge proof-based anonymous lottery protocol, was exploited for $2.26 million in a breach stemming from a deployment error ...
Technical intelligence indicates Chainlink's Cross-Chain Interoperability Protocol has enabled transfers of Coinbase's wrapped Bitcoin (cbBTC) from Base to the Monad blockchain, facilitating over $5 billion in Bitcoin-backed liquidity migration. The integration introduces Bitcoin collateral into Monad's decentralized f...
Uniswap Labs and its founder Hayden Adams have successfully defeated a class action lawsuit that attempted to hold them liable for fraudulent cryptocurrencies traded on the Uniswap protocol, bringing a four-year legal battle to an end. Manhattan Federal Judge Katherine Polk Failla dismissed the suit with prejudice, rul...
The Aave Chan Initiative, a prominent governance delegate and service provider within the Aave decentralized finance ecosystem, has announced its departure from the Aave DAO following a contentious governance battle over funding. ACI founder Marc Zeller stated the organization will wind down operations over four months...
Almost four months after a DeFi daisy chain implosion wiped over $4 billion from the 'yield vault' sector, one of the key 'risk curators' has collapsed. MEV Capital is being taken over by partner Belem Capital following an 80% drop in its assets under management, from $1.5 billion to $300 million. The firm's downfall w...
A critical authorization bypass has been identified in a smart contract's payout mechanism. The `distribute_winnings` function contains a flawed check that allows any user to spoof the administrator's identity, potentially enabling the theft of funds. The function manually asserts that the transaction `caller` is not t...
A critical security flaw has been identified in the Arena smart contract's administrative `set_token` function. The vulnerability allows a contract admin to instantly change the address of the reward or stake token at any time, without regard for the current state of active games. This creates a direct risk where playe...
A federal judge has dismissed a pivotal case, leaving a critical legal question for the cryptocurrency industry unresolved: whether developers of non-custodial software must register as money transmitters. The dismissal avoids a definitive ruling on the application of federal money-transmission laws to the creators of ...
A critical vulnerability has been identified in a smart contract's payout function, where the idempotency guard is written *after* token transfers are executed. This flaw violates the fundamental Checks-Effects-Interactions (CEI) pattern, creating a direct path for double payments and fund loss. Specifically, in the `d...
A critical security enhancement is being implemented for a prediction market smart contract: an emergency pause module with role-gated controls. This feature acts as a kill switch, designed to halt all new bets and payouts instantly if a critical exploit, oracle failure, or smart contract vulnerability is discovered in...
A critical vulnerability has been identified in the project's oracle system, where reliance on a single external price feed creates a direct risk of market manipulation and user fund loss. The current implementation depends solely on the CoinGecko API for crypto price resolution. If this single source is down, returns ...
A critical vulnerability in the Ergo blockchain platform's liquidity provider API allows malicious actors to manipulate displayed Annual Percentage Yield (APY) calculations. The `/api/lp/apy` endpoint, defined in `lp_routes.py`, fails to validate user-controlled query parameters `avg_bet_size` and `bets_per_block`. Thi...
A critical security vulnerability has been identified in the Factory contract's `create_pool` function. The function accepts an arbitrary `currency` identifier but fails to authenticate this token address against the official `DataKey::SupportedToken` configuration whitelist. This oversight allows unverified and potent...
A critical security vulnerability has been identified in a smart contract system, exposing its core operational logic to unmitigated risk. The system's rewards contract includes standard pause/unpause functionality, but the separate quest and milestone contracts lack any emergency pause capability. This architectural o...
A critical vulnerability in a Solana-based learn-to-earn protocol allows a quest authority to directly reward themselves, bypassing the system's core incentive model and draining the entire reward pool. The flaw, found in the reward distribution logic, creates a direct path for self-dealing where the entity that create...
A developer has proposed a fundamental architectural overhaul for Curve Finance's smart contracts, targeting two critical vulnerabilities: gas inefficiency and future quantum threats. The proposal, filed as Issue #214 in the official curvefi/curve-contract repository, advocates for integrating Transient Storage (EIP-11...
A critical security gap has been identified in a staking contract's design: it lacks an emergency pause mechanism, leaving the protocol defenseless if a vulnerability is discovered. Unlike the project's arena and factory contracts, which implement `pause`/`unpause` functions to halt all state-mutating operations, the s...
A front-end breach at DeFi risk curator Steakhouse Financial has turned its official website and mobile app into a trap, redirecting new users to a malicious phishing operation. The company disclosed the attack on Monday, March 30, 2026, warning that any interaction with its digital platforms likely leads to a hacker-c...