The decentralized exchange Bunni released a post-mortem report, revealing a loss of $8.4 million due to a vulnerability attack. The attacker exploited a rounding error in the withdrawal function of the smart contracts to manipulate the trading pool with Flash Loans, resulting in a significant decrease in Liquidity. Bunni has updated the code and paused certain functionalities, is tracking the funds, and is offering a bounty.

PANews August 18 news, the Gnosis Chain core team proposed to pay a one-time bounty of $10,000 to researchers who discover consensus vulnerabilities. According to the proposal GIP-132, the vulnerability was disclosed by cergyk on February 25, 2025, and could lead to a chain split. The issue was fixed on March 17 through an update from Nethermind. If the vulnerability is exploited, it will cause Nethermind and Erigon to handle transactions inconsistently, which may trigger a chain fork.

Odaily News The Infini team stated that they have requested the attacker to return approximately 49.5 million USD of stolen funds by 20:00 (GMT+8) on August 13, 2025. If returned on time, the attacker may keep all profits as a white hat bounty, and the team will not take further legal action, providing a written statement of leniency.

Lido released a security disclosure on the X platform, reporting and fixing vulnerabilities related to CSM and validator withdrawal contracts. The vulnerability was not exploited, and CSM nodes and stETH holders were not affected. The fix was implemented by disabling the bond destruction feature and through a DAO voting proposal, and a bounty was paid to the white hat hacker who reported the issue.

PANews news on July 21 reported that BigONE has officially launched a hacker bounty program with a total amount of $8.1 million in response to recent incidents of stolen encryption assets, calling on white hat hackers around the world to assist in tracking the stolen funds and identifying the attackers' identification. BigONE stated that security experts are welcome to participate in promoting the recovery of stolen assets and the resolution of the case.

Jinse Finance reported that Sumit Gupta, co-founder of the Indian cryptocurrency exchange CoinDCX, which was disclosed to have encountered a hacker attack by the "on-chain detective" ZachXBT, reiterated on the X platform that customer funds are safe. All user assets are stored in isolated Cold Wallets, and the incident is limited to a single operational Liquidity providing account, with trading and withdrawals proceeding normally. CoinDCX is working with law enforcement to recover the stolen funds and is about to launch a recovery Bounty Program.

PANews, July 11 news, according to monitoring by Lookonchain, the GMX protocol previously suffered a hacker attack. The hacker has chosen to return the stolen assets of $42 million and accepted a $5 million white hat bug bounty. So far, $10.49 million in FRAX has been returned. Meanwhile, the hacker has exchanged an additional $32 million in assets for 11,700 ETH, currently valued at about $35 million, with a profit of about $3 million. It is still unclear whether the hacker will return all 11,700 ETH (worth $35 million) or sell ETH to return $32 million while keeping a profit of $3 million.

Gate News bot message, the GMX hacker has initiated the return of stolen assets worth $42 million in exchange for a $5 million white-hat bug bounty. According to the latest data, $10.49 million in FRAX tokens has already been returned. The remaining $32 million was previously converted into 11,700

Golden Finance reports that the GMX hacker sent a message to the GMX deployer's Address on-chain, stating that they will return the funds later. According to previous reports, on July 9, GMX stated in an on-chain message to the hacker that it acknowledged the GMXVl vulnerability and was willing to provide a 10% white hat bounty. If the remaining 90% of the funds are returned within 48 hours, it promised not to take further legal action.

Odaily News Texture officially announced on the X platform that approximately two hours ago, the hacker returned 90% of the stolen funds and claimed the previously proposed 10% "grey hat bounty" by the team. Texture stated that they will not pursue further accountability. The team is currently completing code fixes and reviews with the auditors, and the contract will be redeployed soon. The official also thanked the community for their support during the incident and promised to release a post-incident review report as soon as possible. Previously, Texture experienced a security vulnerability, resulting in the theft of approximately $2.2 million in USDC user funds.

Golden Finance reported that NOYA.ai released a report on a Hacker attack incident, which occurred due to an unauthorized access to the Wallet by a developer who had the ability to add connectors to the protocol, resulting in a total loss of approximately 14.5 ETH. The malicious connector has been removed, and the contract ownership has been updated to protect the funds, and the Address of the attacker has been reported to the Centralized Exchange. In the follow-up, an external security auditor will be hired for a comprehensive review, introducing latency/timelock connectors and launching a bug bounty program, as well as a thorough audit of all access control functions.

PANews, June 25 - Gate officially launched the "Red Bull Racing Tour" on June 12, and so far, the total Futures Trading volume has surpassed 10 billion USD. The total prize pool for this event has reached 5,000 GT, which has now been fully unlocked. Participants are competing fiercely, with a chance to win on-site tickets to the F1 Grand Prix worth over ten thousand USD. It is reported that the event features three major competition leaderboards, including the Champion Driver Trading Leaderboard, with a maximum win of 3,500 GT, F1 tickets, and exclusive limited-edition merchandise; the Champion Driver Earnings Leaderboard, with a maximum win of 1,000 GT; and the Bounty Driver Leaderboard, where users can share a 500 GT reward by completing tasks. This event comprehensively covers user paths from professional trading to light participation. New users can receive a 10 USDT trial coupon upon registration.

PANews June 23 news, according to the 1inch official blog, 1inch announced the official launch of five bug bounty programs covering core products such as smart contracts, Wallet, developer portal, dApp, and platform infrastructure. This bounty program offers a maximum reward of up to $500,000, aiming to encourage the community to assist in identifying and disclosing potential security vulnerabilities, thereby enhancing platform security.

According to official sources, 1inch announced the launch of five bug bounty programs to encourage responsible vulnerability disclosure by the community, mainly for 1inch smart contracts ($500,000 reward), 1inch wallet ($100,000 reward), 1inch developer portal ($100,000 reward), dApp ($50,000 reward), and infrastructure ($20,000 reward).

Odaily News According to official news, 1inch announced the launch of five bug bounty programs to encourage the community to responsibly disclose vulnerabilities, mainly targeting the 1inch smart contracts ($500,000 rewards), 1inch Wallet ($100,000 rewards), 1inch Developer Portal ($100,000 rewards), dApp ($50,000 rewards), and infrastructure ($20,000 rewards).

PANews, June 16 news, according to The Block report, Interchain Labs has confirmed that an individual, later identified as being associated with North Korea, was employed by a former maintainer during the period from 2022 to 2024 and contributed to the Cosmos codebase. This individual had limited access to the cosmos/IAVL and cosmos/cosmos-sdk codebases, and most of their contributed code has been deprecated or excluded from the roadmap, with independent audits finding no security vulnerabilities. To support transparency, ICL will offer a month of double rewards on the Cosmos HackerOne page for discovering vulnerabilities related to this participant's GitHub account. After ICL took over core stack development, new security protocols were implemented to prevent further contributions, and the individual was rejected when reapplying for a position. ICL has addressed all Co

BlockBeats news, on June 14, the Echo Protocol, which focuses on Bitcoin liquidity re-staking and yield layers, officially announced that its wallet holding 2515.648579 uBTC (currently valued at over 266 million USD) has suffered a highly complex supply chain attack and has been maliciously breached. The team has initiated an emergency investigation and will release an event review report as soon as possible. Currently, the collateralization rate of the platform's treasury has dropped to 20%. To ensure system security, all withdrawal operations will be suspended from midnight Eastern Time. Echo Protocol stated that it is working closely with auditing firms and security experts to handle this incident and will later announce a bounty program to encourage those with information to assist in tracking the stolen assets.

BlockBeats News, on June 10, Anome officially confirmed that it was attacked in the early morning of the 10th. As a full-chain platform with a cumulative interaction of 130,000 addresses and more than 100,000 daily transactions, almost all kinds of such incidents have not been breached. This attack is during the replacement of the old and new official contracts, and the attackers mainly attack the part of the contract that has not been upgraded in version 1.0. This incident did not cause any loss of users' assets, only part of the liquidity. In addition to jointly establishing a defense mechanism with Certik and Manwu, a white hat bounty mechanism has also been set up to assist in the detection of the business layer. At present, the platform has entered the countdown to the launch of 2.0, and the liquidity is replenished by the treasury, so users can use it with confidence. The official will further increase the amount of trading liquidity pool funds in the near future!

BlockBeats News, on June 9, Gate officially launched the "Red Bull Racing Tour", bringing the passion of F1 to the Web3 world. Users sign up to participate in trading races and mission challenges for a chance to win seats in the F1 Grand Prix worth over 10,000 yuan and share a dynamic prize pool of up to 5,000 GT, achieving a triple experience of "watching the race, winning big prizes, and earning profits"! It is reported that this event has three tracks: the Champion Driver Trading List, the Champion Driver Income List, and the Bounty Driver List, which comprehensively cover the user path from professional trading to light participation. New users can receive a 10 USDT trial fund coupon, which is limited to 500 per day on a first-come, first-served basis.

According to Gate News bot, the Sui-based DEX Cetus team, which was previously hacked, recently said that the team is moving towards full open source and has launched a new "white hat bounty program" to "encourage collective technical and security contributions". As part of the protocol reboot, the team has fixed the software vulnerabilities that led to the hack, restored the pool data to the correct pricing, and conducted a security audit of all code fixes and contract upgrades. The affected liquidity pool has been replenished with $7 million in cash reserves, a $30 million USDC loan from the Sui Foundation, and some of the assets recovered from the attackers. However, not all compromised pools have fully recovered, with the current recovery rate ranging from 85% to 99%, depending on the extent of the pool's losses during the attack.

Golden Finance reports that Cetus Protocol, a Sui-native decentralized exchange that suffered a large-scale attack of $220 million in May, is advancing its open source plan after recently restarting. On May 22, an attacker exploited a pricing mechanism vulnerability to withdraw tokens from Cetus's main liquidity pool. The protocol successfully froze $162 million of the stolen funds shortly after the attack occurred. Before the attack occurred, Cetus's trading volume had been on the rise, exceeding $5 billion in April and also reaching $5 billion in May, despite pausing operations after May 22. In a Medium post on June 7, the Cetus team stated a day before the relaunch that they were working towards full Open Source development and were launching a new white paper bounty program to "encourage collective contributions in technology and security." As a restart

Gate News bot message, the Sui official announced an upgrade to its bug bounty program. Although the current bug bounty program mainly focuses on the core infrastructure of Sui and does not cover protocols, applications, or smart contracts built on it, the bounty scope will be expanded in the next six months to pay additional bounties for any protocol with a TVL exceeding 50 million USD, helping to incentivize bounty hunters to identify errors in the code of large protocols like Cetus built on Sui, in order to prevent such security incidents in the future.

According to Gate News bot, Sui announced that they will take comprehensive security enhancement measures in response to the incident caused by a mathematical library vulnerability at Cetus. Although this incident was not caused by a security flaw in Sui or Move, considering the losses suffered by users, Sui will invest 10 million dollars in security projects such as audits, bug bounty, and Formal Verification. These specific measures will be implemented through consultation with the developer community. At the same time, Sui will also provide explanations for the existing security measures.

Gate News bot message, on-chain detective ZachXBT expressed his views on the $5 million bounty plan proposed by Cetus. He pointed out that the structure, which only pays a reward upon successfully locating the hacker, has issues. "No competent company would accept such a fee structure." ZachXBT suggested a hybrid model that combines hourly billing with success commissions to better incentivize professional teams to participate in the investigation. He also mentioned that objective factors such as the difficulty of law enforcement and the hacker's location constrain the possibility of fund recovery. Source of information: Wu Says

The article notes that on-chain detective ZachXBT has criticized the practice of offering a $5 million bounty only if it successfully helps find the hacker, arguing that this fee structure is unfair and does not incentivize people to participate. He argues that a fair compensation structure should be adopted, with both time-based and outcome-based commissions, to better motivate participants. In addition, he mentioned the possible unfairness of the bounty system, such as the poor legal environment in the location of the attacker, and the inability of law enforcement to recover all the funds after arrest.

According to Gate News bot reports, Cetus has announced a $5 million bounty program to find key information that can confirm the Hacker's identification and assist in the arrest, including name, Address, and related evidence. This operation is supported by the Sui Foundation and is in collaboration with Inca Digital. Cetus also stated that it has not yet received a response from the Hacker regarding its white hat negotiation proposal. If the Hacker chooses to cooperate and agrees to return the funds, the team will cancel accountability actions, including the bounty. The final bounty payment matters will be adjudicated by the Sui Foundation.

Gate News bot message, the Sui ecosystem DEX project Cetus has proposed a bounty of 2,324 ETH (approximately 6 million USD) to the attacker via an on-chain white hat protocol, requesting the return of the stolen funds and promising not to pursue further liability.

ChainCatcher news, Cetus announced that it has fixed the vulnerabilities from the earlier attack incident, and has collaborated with longer to track funds, label hacker Wallets, and communicate with law enforcement agencies. It has proposed a "white hat reconciliation plan" to the hacker: return assets within a specified time to receive a bounty of 2324 ETH (approximately 6 million dollars), with no accountability. The community's primary goal remains to recover the assets.

The Cetus team has confirmed the hacker's Ethereum wallet address and proposed a high bounty scheme, contingent on the return of the stolen funds to avoid legal action. The team has taken several measures to prevent fund loss, including contract locking, fund tracking, vulnerability fixes, and negotiation assistance. They are committed to continuing the recovery of funds and will release a full incident report.

The Cetus team has confirmed the Ethereum Wallet Address controlled by hackers in the latest progress on handling the attack incident and proposed a white-hat reconciliation plan. They have identified and fixed the source of the vulnerability, and are tracking funds and collaborating. The team will offer the hacker a bounty reward of 2,324 ETH, and if the remaining assets are returned within the deadline, they will not pursue legal liability. The community is currently focused on recovering the damaged assets, and a complete report will be released later.

ChainCatcher message, Polkadot Marketing Bounty has announced its expenditure situation, with marketing services and infrastructure accounting for 26.9%, ranking first. During the same period, platform expenditure was 20.7%, innovation expenditure was 17%, media and content creation expenditure was 10.8%, digital advertising expenditure was 7.8%, KOL expenditure decreased to 7.6%, salary expenditure was 4%, and community building expenditure was 2.5%.  

According to the Gate.io News bot, it was reported by Wu that Loopscale's official announcement stated they have contacted the attacker, who agreed to return the stolen funds through the Bounty Program. Loopscale will soon announce the withdrawal recovery plan and a complete post-incident analysis report. Earlier at 11:30 AM Eastern Time, the pricing function of the RateX PT token on the Loopscale platform was manipulated, resulting in losses of approximately 5.7 million USDC and 1,200 SOL for the platform, accounting for 12% of the platform's total funds.

The Loopscale team has sent a message to the Hacker, indicating a collaboration with the longer to monitor and freeze the stolen funds, and offering a white hat protocol to recover 90% of the stolen funds. The Hacker can retain 10% of the bounty, totaling 3947 SOL, and will be exempt from related liabilities. If there is no response within 24 hours, legal action will be taken.

According to ChainCatcher news, ZKsync has issued an announcement on the X platform and the Ethereum network, calling for the return of 90% of the stolen funds (44,687,278.5988 ZK Tokens, 1,021.3 ETH, and 766 ETH), and offering a 10% bounty as a reward for cooperation. Funds must be sent to the designated ZKsync Era and Ethereum address within 72 hours. Full refunds confirmed publicly and closed before the return deadline will be honored; otherwise, it will be handed over to law enforcement for criminal investigation.

ZKsync announced that it is offering a 10% bounty to the hacker, requiring the return of the stolen ZK and ETH within 72 hours. If the funds are not returned, they will report to the police and initiate a criminal investigation. ZKsync confirmed that the theft was due to the leak of the admin account's Private Key.

The KiloEx Hacker Incident Root Cause Analysis Report points out vulnerabilities in smart contracts, exploited by attackers in a multi-chain attack. The attack occurred on April 14, and as per the agreement, 10% is set as a bounty, while the remaining assets have been returned to the project party. The platform has fixed the vulnerabilities and is operating normally.

BlockBeats news, on April 15, KiloEx stated on social media, "With the assistance of law enforcement agencies, cybersecurity institutions, and multiple trading platforms and cross-chain bridges protocol, we have obtained key information regarding the hacker activities. We are monitoring the activities of certain Addresses in real-time and are ready to freeze the stolen funds at any time. To resolve this matter, the following proposal is made: return 90% of the stolen funds to the platform Address, and the hacker can keep 10% as a white hat bounty. A statement will be released via social media acknowledging the cooperation and no further action will be taken."

The RWA project Zoth has released an update regarding the theft, and has initiated an active investigation in collaboration with experts to trace the stolen funds. 73% of the TVL is secured, and an investigation is being conducted in partnership with Crystal Blockchain BV. A bounty of $500,000 has been established, and a detailed report will be shared in the coming weeks. Zoth experienced a security breach leading to the theft of funds, which were exchanged for 4,223 ETH.

The RWA project ZOTH has released a theft update on platform X, and the team has initiated an investigation and is collaborating with professionals to track the funds. 73% of the TVL has been secured, and a public bounty of $500,000 has been established to assist in recovering the funds. The hacker has exchanged 8.8 million USDO++ for 8.3 million DAI, then converted it into 4,223 ETH and deposited it into a specific Address.

The RWA project ZOTH has released a stolen update on the X platform, and the team has launched an investigation and is collaborating with professionals to track the funds. 73% of the TVL is secured, and a public bounty of $500,000 has been established to assist in recovering the funds. The hacker has exchanged 8.8 million USDO++ for 8.3 million DAI, and then converted it into 4,223 ETH deposited into a specific Address.

The RWA project Zoth has released an update regarding the theft, and the team is actively investigating and collaborating with professionals to trace the stolen funds. 73% of the TVL is secured, and a public bounty of $500,000 has been established. The attacker has converted the stolen funds into 4,223 ETH.

PANews reported on March 9 that according to Decurity's report, after 1inch negotiated with hackers, most of the $5 million stolen by the attack has been returned, and the hackers have retained some as bug bounties. Previously, 1inch found that there was a vulnerability in the Fusion v1 parser smart contract, and although user funds were not affected, some of the parsers using this version were attacked. The incident resulted in a loss of about 2.4 million USDC and 1,276 WETH, totaling more than $5 million.

After negotiating with the hackers, 1inch managed to recover most of the stolen funds, leaving a portion as a bug bounty. The attack originated from the Fusion v1 smart contract vulnerability, which mainly affected users who used outdated parsers, and ordinary users were not compromised. 1inch has identified and called on the parser to audit the contract to avoid similar incidents.