GMX offered a 10% "bug bounty" to the hacker if they returned the funds. As of 24 hours after the theft, the hacker had not acknowledged the offer, and had begun swapping the stolen tokens.
GMX exchange hacked for $42 million
Resupply stablecoin lender exploited for $9.3 million
Resupply announced the theft shortly afterwards, and stated that they had paused the vulnerable contract.
Resupply is a fairly new project, having officially launched on March 20 — about three months before the exploit.
Self Chain fires founder after $50 million scam allegations
Aza Ventures was initially hesitant to name the scammer, hoping they could pressure the scammer to return the stolen funds, but later reports quickly named Self Chain founder Ravindra Kumar as the alleged culprit. Kumar posted on June 19, "I've been accused of serious wrongdoing, which is completely false."
On June 23, Self Chain announced that they had terminated Kumar as CEO "due to recent developments that diverge from the founding vision".
New York scammer "daytwo" steals $4 million from Coinbase users, blows most of it gambling
zachxbt noted that Nieves seems to have a gambling problem, depositing much of the stolen funds into crypto gambling websites. "You’ll see onchain how casino deposits get smaller as he loses funds," wrote zachxbt. "Recently this escalated to the point where he started stealing cuts from accomplices." He also appears to have used some of the stolen funds on luxury goods, including a Corvette and expensive watches.
- Tweet thread by zachxbt [archive]
Hacken token crashes after private key leak
Israeli-linked hackers steal and destroy $90 million from Iranian Nobitex exchange
Gonjeshke Darande (also "Predatory Sparrow"), a hacking group with links to Israel, claimed responsibility for the theft, accusing the platform of serving as a "key regime tool" to finance terror and violate sanctions. The cyberattack comes shortly after Israel launched air strikes on Iran.
Meta Pool exploited
Meta Pool acknowledged the theft in a post shortly after the exploit was noticed by a blockchain security firm, and announced that the team had paused the project's smart contract.
ALEX Lab exploited again
ALEX announced they would reimburse stolen user funds.
This is the second exploit affecting ALEX Labs, after a thief stole around $2 million in May 2024.
Crypto exchange BitoPro belatedly discloses $11.5 million hack
The theft was originally noticed by crypto sleuth zachxbt, who observed a suspicious transfer of around $11.5 million in crypto assets on May 8. The funds sold on decentralized exchanges and then laundered through various cryptocurrency mixing services.
BitoPro originally only told customers that the platform was offline for "maintenance", but disclosed the theft on June 2 after zachxbt published his findings.
- Telegram post by zachxbt [archive]
- Telegram announcement by BitoPro (in Chinese) [archive]
Cork Protocol exploited for $12 million
Cork had been audited in whole or in part by four different security firms. The project's funders include Andreessen Horowitz, OrangeDAO, and Steakhouse Financial, and Cork is a part of Andreessen Horowitz's Crypto Startup Accelerator.