A third-party vendor compromise discovered Thursday allowed attackers to inject a malicious script into Polymarket’s frontend, affecting multiple users.

Blockchain analyst Specter said the malicious script appeared to facilitate a phishing attack that drained an estimated $2.94 million from at least 11 Polymarket user wallets.

Polymarket said on X that the compromise has been contained and that the affected dependency has been removed. It added that users would be fully refunded.

Cointelegraph has approached Polymarket for comment but did not receive a response before publication.

The attack was the 89th reported crypto security breach of the second quarter, according to DefiLlama data, extending the most-hacked quarter on record by incident count.

Source: Specter

Crypto exploit losses reach $74.9M across 29 June incidents

Crypto exploit losses climbed to $74.9 million across 29 reported incidents in June, surpassing May’s $60.5 million total but remaining far below April’s $644 million, according to DefiLlama data.

Total value hacked by monthly sum, 1-year chart. Source: DefiLlama.

The largest June incidents included the $36 million Humanity Protocol exploit, the $4.7 million Secret Network bridge exploit, two separate Aztec exploits worth $2.1 million each and a $1.7 million bridge exploit on Taiko.

Related: About 60% of World Cup bettors on Polymarket are first-time crypto users

Over the past 30 days, private key compromises accounted for 43% of reported exploit losses, making them the leading attack vector, according to DefiLlama. Fake proof exploits accounted for 10%, followed by reverse MEV honeypots at 8%, which present deceptive trading opportunities to lure and manipulate automated trading bots.

About a month before Polymarket’s latest attack, the prediction market disclosed a separate $600,000 exploit that was traced to a six-year-old private key used for internal top-up operations. Josh Stevens, Polymarket’s vice president of engineering, said the platform’s contracts and user funds remained safe and that all permissions tied to the key had since been revoked.

Total value hacked by technique over the past 30 days. Source: DefiLlama

Polymarket currently holds over $450 million in total value locked, up 301% from $112 million a year ago, according to DefiLlama.

Magazine: Should users be allowed to bet on war and death in prediction markets?

Critics had questioned how MemeCore maintained a multi-billion dollar valuation despite insiders allegedly controlling 90% of supply.

It’s been a difficult 24 hours for several digital assets, including MemeCore’s M token, which dropped 76%, and viral altcoin Audiera (BEAT), which shaved off 32% of its value, making them the two worst performers in that period according to CoinGecko data.

Meanwhile, Magic Internet Money (MIM) also fell to about $0.50 after losing its dollar peg, triggering a scramble by the Abracadabra team behind it to stop it from falling further.

MIM Depeg and MemeCore Sell-Off

MIM, which is supposed to hold a $1.00 value, dropped to around $0.50 according to blockchain security firm Peckshield, with data from CoinMarketCap showing it went as low as $0.46 at one point. At the same time, trading volume jumped nearly 375% as holders rushed to exit, although the token’s market cap was still sitting at just over $52 million at the time of writing, a fraction of its fully diluted value of $351 million.

Abracadabra, the group behind the token, acknowledged the situation in a post on X, saying:

“We are acutely aware of the $MIM depeg and are taking emergency actions to remedy the situation.”

Some of the actions it has taken include raising interest rates across all of its Cauldron lending markets, even those that had already been deprecated, to push borrowers to repay the MIM-denominated debt. The logic is that if you borrowed MIM at $1.00 and can buy it back at $0.50, you have a strong financial reason to close that debt now. This repayment would reduce the total MIM in circulation and, in theory, help the price recover.

The team also said that it was pausing direct incentives and Curve liquidity bribes until the peg returns.

“Our priority is simple: restore confidence, improve market structure, and return $MIM to a healthy (and liquid) peg,” they wrote.

Meanwhile, BEAT, which only yesterday was the best-performing cryptocurrency among the top 100, jumping 40% to reach the $2.40 level, but today saw most of that gain slip away, with CoinGecko data showing the asset dropping almost 32% in the last 24 hours. But MemeCore was hit even harder, plunging roughly 76% in the same period. It recorded a new all-time high just two months ago in late April, meaning it has lost about 85% of its peak value, with the market cap dropping from a high of around $6 billion to just under $950 million.

You may also like:

Manipulation Allegations

Previously, blockchain investigator ZachXBT had openly questioned MemeCore’s valuation and token distribution. In posts published in April, he asked how a token with a $6 billion market cap could maintain such a valuation while insiders allegedly controlled more than 90% of its supply.

The same concern was raised just recently when the SIREN token lost over 96% after a wallet linked to its biggest holder sold most of the circulating supply, according to blockchain watchers Spot On Chain and Lookonchain.

The team said that funding gaps made the project unsustainable despite the early support it received during launch.

Strobe Finance, the only native decentralized lending protocol on the XRP Ledger’s EVM Sidechain, has announced that it is winding down and has given users until July 13 to repay their loans.

The users also have until July 20 to withdraw their deposits before the front end closes permanently.

That shutdown will leave the XRPL EVM Sidechain without a functioning lending market and has raised pointed questions about whether the network can support retail-focused DeFi projects at all.

What Happened, and What Users Need to Know

In a post on X published late Tuesday, the Strobe team bluntly laid out their reason for shutting down. According to them, while the project launched with enough funding to reach mainnet, it had not been able to secure additional support through grants, angel investors, or venture capital. And as total value locked (TVL) fell, the fees the protocol was earning were eventually not enough to cover monthly running costs.

The team also noted that the price of XRP had dipped by about 60% from the level it had been at when Strobe launched, making the funding gap even worse. Furthermore, the XRPL EVM Sidechain, which had been central to Strobe’s original design, is no longer a primary focus within the wider Ripple ecosystem.

“Throughout all of this, our team has contributed hundreds of hours, unpaid, to keep Strobe running,” they wrote. “We have done so gladly, but it is no longer sustainable.”

For those still using the protocol, the timeline is tight, as new deposits and borrowings have been disabled as of the announcement. In addition, anyone with an open loan has been asked to repay it before July 13, when Strobe will start liquidating unpaid positions to protect lenders as liquidity drains out. And since standard liquidation fees will apply, the team pointed out that repaying voluntarily is the better option.

From July 13 to July 20, the app will remain open for withdrawals only, and after the 20th, users will have to interact directly with Strobe smart contracts, which the project said it will publish a step-by-step guide for, although it stressed that using the app before that date would be far simpler.

You may also like:

“To put it plainly: out before 13 July is best; out before 20 July is essential,” it stated.

A Niche That No One Else Filled

There have been some disappointed reactions from several community members, including crypto commentator Shen, who wrote on X that Strobe was “a genuinely unique product within the XRP ecosystem” that had brought decentralized lending to the XRPL mainnet through the EVM Sidechain.

“If innovative products with no local ecosystem competition can’t survive on the XRPL long-term, what kind of projects can?” they asked.

They also called for major changes in how the chain supports retail-focused projects.

Another commentator, Krippenreiter, said they had lent money through the protocol and called its closure “really really bad.”

Ripple itself has been pushing the XRPL in a different direction. Earlier this month, it launched an AI starter kit that positioned XRP and its RLUSD stablecoin as tools for autonomous payment applications and machine-to-machine transactions. That institutional and developer-focused pitch is a long way from the retail lending product that Strobe was trying to build.

THORChain has resumed activity after over a month of security verifications and upgrades, following a $10.7 million exploit that prompted a trading halt on May 15.

In a Tuesday X post, THORChain said it restored its network, including trading, signing, swaps and liquidity provider actions.

On Sunday, the protocol said it had confirmed the safety of most of its vaults through the KeyVerify protocol and retired the remaining legacy vaults as part of a migration to a new set of vaults. THORChain called the upgrade the “most significant milestone” in its recovery process. It also said it completed verification of every node’s keyshare on Friday.

THORChain is one of the crypto industry’s largest cross-chain trading protocols, enabling swaps between networks such as Bitcoin and Ethereum. The protocol has drawn scrutiny from blockchain investigators because hackers have used it to move stolen funds between blockchains.

Source: THORChain

THORChain ships security upgrades and migrates old vaults

THORChain attributed the exploit to a vulnerability in its GG20 threshold signature scheme, which is used to secure protocol vaults by distributing key control across multiple node operators. According to the protocol, the flaw allowed a malicious node operator to reconstruct a full private key through what it described as “progressive key material leakage,” enabling the theft of $10.7 million.

Related: Kelp DAO exploiter launders nearly all 75,700 in stolen ETH through THORchain

The protocol implemented an emergency patch on May 20 to protect the remaining vaults before releasing an upgrade on June 9, which included a fix for the exploited vulnerability. A follow-up upgrade was rolled out on June 11 with additional stability improvements and fixes to the KeyVerify protocol.

THORChain network overview, node upgrades. Source: THORChain Explorer

With the recovery process largely complete, THORChain has also outlined plans for new network integrations.

THORChain said it will launch native swaps and vaults for privacy-preserving cryptocurrency Zcash (ZEC) within the next two weeks, followed by Monero (XMR).

It also plans to launch support for the Bittensor (TAO) token in about six weeks after the network’s restart.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express  

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

The second quarter of 2026 has already become the most-hacked quarter on record by incident count, with 83 exploits targeting cryptocurrency protocols, according to analysis by market insights platform Unfolded based on DefiLlama data.

However, the $755.3 million stolen during the quarter so far is significantly lower than the $3.56 billion lost in the fourth quarter of 2020, which remains the costliest quarter on record for crypto hacks.

KelpDAO’s $293 million hack and Drift Protocol’s $280 million exploit were the largest incidents of the quarter.

The figures suggest hacking activity is becoming more frequent, even as total losses remain below previous record levels.

Cryptocurrency hacks by monthly sum, all-time chart. Source: DefiLlama

The rising incident count and lower aggregate losses may reflect a smaller pool of value available to attackers, according to Dmytro Tarasiuk, product director at risk intelligence platform CORE3 and crypto security rating platform CER.live. He noted that total value locked in DeFi has fallen from $164 billion before the Oct. 10 liquidation event to about $73 billion at press time.

The industry’s most pressing vulnerability remains that protocols are re-engineered faster than their underlying risk management complexity, which often means that projects “declare a [three-of-six] multisig [and] store [three] keys on one laptop,” leading to more operational vulnerabilities, he told Cointelegraph.

Bridge exploits emerged as the leading attack vector in Q2 2026

Cross-chain bridge exploits emerged as the biggest attack vector of the quarter, with $351 million in value hacked from bridges alone.

The LayerZero OFT bridge exploit, which led to the $293 million KelpDAO hack, accounted for more than 38% of the value stolen during the quarter. Compromised admin attacks and fake token price manipulation accounted for 37% of losses, while private key compromises represented 5.66%.

Total hacked by technique in Q2 2026. Source: DefiLlama

Ethereum layer-2 blockchain Taiko was the latest network to suffer an exploit on one of its bridge protocols, as hackers stole $1.7 million by compromising Taiko’s chain state verification mechanism.

Related: Humanity Protocol’s $36M loss tied to suspected North Korean hackers: Quantstamp

Other notable incidents of the past quarter include the $36 million stolen from Humanity Protocol on June 8 and the $10.7 million exploit on THORChain on May 15.

Other recent incidents include two exploits on Aztec Connect’s abandoned smart contracts, each resulting in $2.1 million stolen and $1.3 million stolen from decentralized exchange Raydium earlier in June.

The incidents add to the ongoing debate about whether the development of new artificial intelligence models has reshaped the crypto industry’s security landscape, concerns that arose from the series of exploits in April.

During a recent interview, Mitchell Amador, the CEO of bug bounty platform Immunefi, told Cointelegraph that the proliferation of new AI models has shifted the cybersecurity playing field in favor of attackers, causing a “vulnerability apocalypse” that led to the resurgence in exploits.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why

One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years. 

According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV (maximal extractable value) execution system bot into granting token approvals that were later used to drain funds.

“This is not a classic phishing attack and not a traditional smart-contract vulnerability in the victim contract,” Blockaid said on X.

It’s a rare setback for MEV bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users. 

Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth.

How Jaredfromsubway.eth was exploited

“This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize,” Blockaid chief technology officer Raz Niv told Cointelegraph.

Over several weeks, the attacker deployed 66 fake token contracts that mimicked the names and interfaces of Wrapped ETH (WETH), USDC (USDC), and USDt (USDT) and then paired that with fake liquidity pools, said Niv. 

The fakes were designed to look like profitable trades, the kind MEV bots are programmed to chase. This lulled Jaredfromsubway’s bot into doing what it was designed to do, approving certain attacker-controlled helper contracts to spend real money on its behalf. 

“Ironically, in the process, it provided the attacker the keys to millions in the bot’s treasury,” he added. 

“And then in a single transaction, the attacker called all 66 backdoors and swept all the ETH, USDC, and USDT at these addresses, amounting to millions of dollars.”

Some of the stolen funds have already been sent to crypto mixing service Tornado Cash, according to onchain data.

In May, Ethereum co-founder Vitalik Buterin was sandwich attacked by Jaredfromsubway.eth while swapping 26,544 DigitalBits (worth $2.11 at the time of writing). The losses were minimal, but they show that even the smallest transactions can be a target for MEV bots.

“We shouldn’t be happy about this; no one should celebrate … but if you’ve ever been sandwiched by this … I’m pretty sure you’re not upset about this news,” crypto investor and commentator David Gokhshtein said.

Magazine: The end of anon? AI could unmask crypto’s hidden identities

Malta’s financial regulator has issued a discussion paper outlining a potential legal framework for decentralized finance (DeFi), including recognition of decentralized autonomous organizations (DAOs), as European policymakers continue to grapple with how to regulate blockchain-based financial services.

On June 12, the Malta Financial Services Authority (MFSA) opened a public consultation on DeFi under the European Union’s Markets in Crypto-Assets (MiCA) regulation. The paper invites industry feedback through July 10 and proposes a new legal category for so-called “software-based organizations,” which would encompass DAOs and other software-governed DeFi entities.

Rather than treating DAOs as a standalone legal concept, the MFSA suggests recognizing them as a type of software-based organization, separating the legal framework governing the organization itself from the rules governing the underlying protocol and software.

The discussion paper builds on Malta’s long-standing role in the digital asset industry, having introduced one of the region’s first comprehensive crypto regulatory frameworks in 2018. While stressing that fully decentralized services generally fall outside MiCA’s scope, the regulator argues that many DeFi projects retain centralized features that complicate claims of decentralization and raise questions about regulatory accountability.

“MiCA excludes fully decentralised models from its regulatory scope, meaning that projects without intermediaries or central control may not need to comply with MiCA,” the paper states.

The MFSA outlines the scope of the DeFi discussion paper. Source: MFSA

Related: DAOs may need to ditch decentralization to court institutions

EU regulators increasingly turn attention to DeFi

Malta’s discussion paper comes amid a broader push across the European Union to clarify how decentralized finance and decentralized autonomous organizations should be treated under MiCA.

In March, a European Central Bank working paper found that governance and control across four major DeFi protocols remained highly concentrated, suggesting many projects may struggle to qualify as “fully decentralized” and therefore fall outside MiCA’s scope.

The debate continued in May, when the European Commission launched a targeted review of MiCA seeking feedback on issues including stablecoin interest payments, the treatment of DeFi and whether gaps in the framework warrant additional regulation.

However, not everyone believes a new DeFi rulebook is necessary. Speaking to Cointelegraph at the WAIB Summit Monaco earlier this month, European Commission adviser Peter Kerstens said policymakers should prioritize integrating tokenization into a broader digital asset framework rather than pursuing a second version of MiCA focused on DeFi.

European Commission adviser Peter Kerstens (right) speaks with Cointelegraph’s Zoltan Vardai. Source: WAIB Summit 2026

Related: Crypto firms face July 1 EU cutoff as MiCA grace period ends

A stress test that showed both strengths and weaknesses

When large sums leave a financial system quickly, hidden weaknesses often become visible. In traditional finance, such situations often lead to emergency lending programs, withdrawal limits or government-backed bailouts.

Decentralized finance (DeFi) works differently.

Aave is one of crypto’s biggest lending platforms. In April 2026, users withdrew about $8.45 billion from the protocol after the KelpDAO rsETH bridge exploit raised concerns across DeFi markets.

Aave’s own smart contracts were not compromised. The pressure came from an external rsETH bridge incident that affected Aave through collateral, borrowing and liquidity channels. The protocol’s core logic continued to function, but the episode was not smooth. Some markets came under severe liquidity pressure, and emergency controls were used to contain the damage.

That made the outcome more complicated. Aave avoided a full breakdown, but the event also showed how quickly stress can spread when assets, collateral and liquidity are closely connected.

For Aave founder Stani Kulechov, the event showed that DeFi had become more mature. But independent analysts reviewing the same data took a more cautious view.

While Aave survived, many questioned whether surviving the event was enough to answer concerns about the real strength of DeFi lending protocols.

What led to the $8.45B in withdrawals

The pressure did not begin with a hack on Aave itself. It began with the KelpDAO rsETH bridge exploit in April 2026.

Attackers stole about $292 million worth of rsETH from KelpDAO’s LayerZero bridge. That raised concerns about whether some rsETH tokens were fully backed. The concern quickly spread because rsETH was used across DeFi, including as collateral in Aave markets.

This created a direct problem for Aave. If collateral tied to rsETH lost trust or value, lenders could face bad-debt risk. Users began withdrawing funds as they tried to reduce their exposure before conditions became worse.

The withdrawals then added pressure to Aave’s liquidity. As more users pulled funds, some markets became highly utilized. In simple terms, most of the available liquidity had already been borrowed or withdrawn, making it harder for some users to exit immediately.

The incident showed how an external asset problem can still affect a lending protocol. In DeFi, assets often move across bridges, lending markets and other protocols. A problem in one part of the system can quickly affect another.

That is what made the episode look like a DeFi bank run. Users were not waiting for branches to open or banks to approve transfers. They could react in real time. But the event also showed an important limit: users can try to withdraw at any time, but actual withdrawals still depend on available liquidity and protocol conditions.

Did you know? The largest bank runs in history often unfolded over days or weeks. In DeFi, similar events can happen within hours because blockchain protocols never close, and users can move funds instantly from anywhere in the world.

Stani Kulechov’s view: The system held firm

Kulechov framed the incident as evidence of Aave’s resilience. In his view, the core protocol worked as designed, even during a period of heavy stress.

That distinction matters. Aave did not suffer a protocol exploit, but the markets around it still came under pressure. 

As withdrawals increased, some markets reached full utilization. That meant liquidity became limited in those markets, making it harder for some users to withdraw immediately. Aave’s risk managers also had to use built-in controls, including emergency freezes and changes to risk parameters, to contain the damage.

Seen this way, Aave did pass an important real-world stress test, but not without strain. Supporters of the platform point to several features that set DeFi apart from traditional finance.

Collateral is visible on-chain.Risk settings are publicly available.Liquidations follow smart contract rules.Anyone can inspect protocol activity in real time.

These features can reduce some of the information gaps that have contributed to banking crises in the past. But they do not remove every risk. DeFi lending protocols can still face problems from external assets, bridges, liquidity shortages and fast-moving user behavior.

To supporters, Aave’s survival showed that open, rule-based systems can keep operating under heavy pressure. To critics, the incident showed that transparency alone is not enough. DeFi can still require emergency action when liquidity stress spreads across connected markets.

Survival does not mean safety

Critics warn against treating the outcome as full proof that Aave’s design is safe. The protocol survived, but that does not mean every part of the system worked perfectly.

Stress events can be read in different ways. Strong design may explain part of Aave’s performance, but favorable market conditions may have also helped.

External analysts noted that large exposure remains concentrated across many DeFi platforms. When a small group of users controls very large positions, their actions can affect the stability of the whole protocol.

Concentration risk has long been a concern in traditional finance. The same concern applies to DeFi.

If several major borrowers close their positions at the same time during market stress, the impact could be bigger than current risk models expect.

Avoiding a crisis this time does not guarantee the same result next time.

Did you know? Aave first launched in 2017 under the name ETHLend. It later rebranded and grew from a peer-to-peer lending marketplace into one of the largest liquidity pool-based lending protocols in crypto.

How Aave manages risk

Aave is more than a basic lending platform. Over time, it has added several layers of protection to help reduce wider risks.

Borrowers on Aave can take loans only within set loan-to-value limits. Liquidation thresholds decide when collateral can be sold. Supply caps limit how much exposure can build around certain assets. Borrow caps limit how much users can borrow.

Isolation Mode helps limit the impact of higher-risk collateral. Efficiency Mode, known as E-Mode, uses special settings for assets that usually move together. Governance, supported by expert risk advisers, adjusts these settings when needed.

During the recent withdrawal surge, these safeguards generally worked as planned. Core protocol functions continued, but some markets came under strain. Utilization reached 100% in major pools, limiting withdrawals for some users.

Still, observers argue that DeFi risk management needs to keep improving. Governance decisions can still take time, and risk models may not adjust quickly enough during fast-moving events.

Stress tests often rely on past events, which may miss new types of spillover risk. The real task is not only to avoid earlier problems. It is also to prepare for threats that have not appeared yet.

The hidden risk of connected DeFi platforms

One of DeFi’s biggest strengths is also one of its biggest risks. The same connections that make it useful can also make it fragile.

Composability allows applications to connect and work together. Funds placed in one protocol can support activity in another. This helps new products grow faster and can make the system more efficient. But it also creates more links between platforms.

A loan on one platform may depend on collateral from another. That collateral may then be tied to leveraged positions across other systems. Over time, this can create a complex financial network.

In normal market conditions, composability opens up possibilities that are difficult to find in traditional finance. But during stressful periods, it can increase the risk of problems spreading from one platform to another.

A platform’s strength cannot be judged in isolation. The condition of the wider DeFi system also matters.

Did you know? Traditional banks carry out regular stress tests under regulatory supervision. In DeFi, stress tests often happen unexpectedly in live markets, with real users, real assets and no chance to rehearse.

What users should take away

For depositors and investors, the episode is an important reminder. A protocol’s size and reputation should not be confused with complete safety. Users need to understand the assets supporting the protocols they use.

Governance proposals also deserve close attention because they decide the protections around deposited funds. Diversification still matters, even in DeFi.

For builders, the takeaway is just as clear. They should design for extreme conditions and keep testing their basic assumptions. They also need to recognize that transparency alone does not remove wider risks.

The incident shows that strength is best judged through repeated performance across several tests, not one event. One stress test provides evidence, but it does not provide certainty.

Aave passed this test, but questions remain

Aave’s ability to handle roughly $8.45 billion in withdrawals deserves attention. The protocol kept working during one of the largest liquidity shocks DeFi has faced.

The result is important, but it should not be treated as the final word on Aave’s risk profile.

Supporters see it as proof that open and transparent systems can survive panic without bailouts or emergency measures. Critics, however, see it as a sign that hidden weaknesses may still exist beneath the surface.

Both views have some truth.

Aave showed that DeFi can withstand heavy pressure. The bigger challenge is making sure that strength holds when the next crisis arrives in an unexpected way.

Deprecated Aztec infrastructure has suffered a second exploit within days, adding to concerns about the security of abandoned smart contract infrastructure.

Aztec’s private rollup bridge was exploited on Thursday for 1,158 Ether (ETH), 150,000 Dai (DAI) and 0.46 renBTC (RENBTC), totaling about $2.15 million, according to Cos, the co-founder of cybersecurity company SlowMist.

His preliminary analysis found that the attacker used a false rollup proof to trick the protocol into releasing assets from its reserves to the attacker’s address.

Aztec Labs confirmed the exploit, adding that about $2 million was transferred from an immutable smart contract of a payment product deprecated in 2022, for which Aztec Labs held no admin keys or ability to pause transactions.

Aztec Labs said the incident is separate from the $2.1 million stolen from Aztec Connect’s smart contract on Sunday. Aztec Connect was a privacy-focused rollup that was deprecated in March 2023, with the team halting deposits and shifting resources to the next-generation Aztec Network.

Cointelegraph reached out to Aztec Labs for additional details about the vulnerability but had not received a response by publication.

Etherscan record of the Thursday exploit transaction. Source: Etherscan

Related: AI models led to a ‘vulnerability apocalypse’ in crypto security: Immunefi CEO

Old smart contracts raise new security concerns

The two Aztec exploits, along with the $1.3 million stolen from decentralized exchange Raydium earlier in June, renewed concerns about deprecated smart contracts, as the three incidents stemmed from vulnerabilities in abandoned infrastructure.

“Old contracts continue to be bug bounties available to any hackers. With protocols removing their responsibility to maintain them, they can become even more tempting,” wrote risk analysis platform Blockful in a Tuesday X post.

Despite Aztec Connect being deprecated, the attacker extracted over $2.1 million in the initial exploit as the immutable contract was still holding legacy user assets, wrote SlowMist in a post-mortem analysis of the incident.

First Aztec exploit, attack overview. Source: SlowMist

For protocols with deprecated smart contracts that still hold legacy assets, SlowMist advised an orderly asset migration to eliminate the risks of ongoing cybersecurity exposure.

Magazine: The legal battle over who can claim DeFi’s stolen millions 

Hyperliquid’s perpetual futures open interest recently exceeded $10 billion as the platform expanded into equity-linked products, commodities and synthetic pre-IPO trading.

Hyperliquid is now the third-largest perpetual futures exchange, with growth driven primarily by crypto assets and supported by expanding trading in equities, commodities and indexes through Hyperliquid Improvement Proposal-3 (HIP-3), according to digital asset infrastructure provider Talos.

Talos said in a Tuesday report that about $4 billion of open interest is attributable to HIP-3 builder-deployed perpetual markets.

The report highlighted oil, the Nasdaq 100 and technology stock-linked contracts as some of the most actively traded products, while pre-IPO markets drew more than $250 million in open interest on Friday ahead of SpaceX’s expected public listing. Nearly half of S&P 500 perpetual volume and more than 60% of oil perpetual volume occurred outside traditional US market hours.

HIP-3 perpetuals, daily volume by asset class. Source: Talos

Hyperliquid’s growth reflects a broader push by crypto trading venues to expand beyond digital assets and offer exposure to traditional financial markets through blockchain-based derivatives.

Related: SpaceX tokenized IPO campaign draws $557M on Binance ahead of debut

Hyperliquid’s rise draws TradFi attention

Hyperliquid’s growth has also drawn attention from traditional financial firms exploring round-the-clock trading.

On May 27, Jeffrey Sprecher, the CEO of Intercontinental Exchange, the parent company of the New York Stock Exchange (NYSE), urged regulators to create a “level playing field” for launching 24/7 onchain perpetual futures contracts, arguing that regulators are “prohibiting us from doing this when it’s already happening.”

Sprecher’s comments came after discussions with Hyperliquid, which he cited as an example of a crypto-native platform enabling around-the-clock derivatives trading. A day earlier, Hyperliquid launched canonical prediction markets for offchain events, adding another product category to its trading ecosystem.

Top DeFi protocols by weekly fees. Source: DefiLlama

Hyperliquid is also one of the crypto’s largest fee-generating protocols. The platform generated more than $15.6 million in fees during the past week, making it the third-largest protocol by weekly fees behind the industry’s stablecoin issuers Tether and Circle, according to DefiLlama data.

Magazine: Can Robinhood or Kraken’s tokenized stocks ever be truly decentralized?