This is the second BtcTurk exploit, following an approximately $55 million theft in June 2024.
BtcTurk apparently hacked again, for $49 million
The Turkish cryptocurrency exchange BtcTurk has apparently been hacked again, as various blockchain security firms observed suspicious withdrawals estimated at around $49 million. BtcTurk later acknowledged it had experienced "unusual activity" in its hot wallets, and had suspended deposits and withdrawals. They did not provide any more details about the scale of the attack.
Odin.fun bitcoin memecoin launchpad exploited for more than $7 million
Odin.fun, a bitcoin-based memecoin launchpad sort of like the popular pump.fun, was exploited for 58.2 BTC (~$7 million). The attacker had apparently manipulated the price of various tokens, then withdrew bitcoin based on the inflated prices.
A team member suggested they were unsure of the total amount stolen, "but as of right now, our company treasury isn't big enough to cover the losses".
Monero faces 51% attack
Monero, a privacy-focused blockchain network, has been undergoing an attempted 51% attack — an existential threat to any blockchain. In the case of a successful 51% attack, where a single entity becomes responsible for 51% or more of a blockchain's mining power, the controlling entity could reorganize blocks, attempt to double-spend, or censor transactions.
A company called Qubic has been waging the 51% attack by offering economic rewards for miners who join the Qubic mining pool. They claim to be "stress testing" Monero, though many in the Monero community have condemned Qubic for what they see as a malicious attack on the network or a marketing stunt.
Though Qubic has claimed to have achieved 51% of the Monero hashrate, these claims have been disputed. However, they do appear to be very close if not there already, and there have been multiple chain reorganizations — including a 6-block reorganization — suggesting that Qubic has established significant control over Monero mining.
Memecoin promoters allegedly responsible for throwing sex toys at WNBA games
A group of crypto enthusiasts promoting a memecoin have claimed responsibility for a string of incidents in which neon green sex toys were thrown onto professional women's basketball courts during at least six WNBA games since July 29. The group described the stunts as coordinated "pranks" intended to draw attention to the coin, in an ecosystem where memecoin prices are often heavily tied to virality.
The incidents have been widely condemned as both dangerous and misogynistic by players, coaches, and the league, which has since implemented penalties including immediate ejection, a minimum one-year ban, and possible felony charges for offenders.
"It's super disrespectful," said Chicago Sky player Elizabeth Williams. "The sexualization of women is what's used to hold women down, and this is no different," stated coach Cheryl Reeve of the Minnesota Lynx. "The intent is to sexualize and demean the women players because they are women," wrote Glamour.
"This is empowering to every fucking crypto community to start thinking outside the box. Get creative and fucking do something that makes people actually laugh," said a member of the memecoin community, cheering the incidents for their virality and the subsequent impact on the coin price. The meme was even amplified by Donald Trump Jr., who posted to Instagram a photoshopped image of President Trump dropping one of the green sex toys off the roof of the White House and onto a group of women playing basketball below.
Traders lose $1 million to malicious "trading bot" software
Scammers using AI-generated YouTube videos to promote supposedly profitable crypto bot software have convinced crypto users to deploy what is, in reality, malicious code that allows scammers to siphon funds from their wallets. The free software supposedly allows anyone to run MEV bots to profit from arbitrage strategy, but the obfuscated code people are encouraged to download and deploy is actually malicious.
Researchers at Sentinel Labs have estimated that more than $1 million has been drained from various wallets via these malicious contracts.
Credix vanishes after $4.5 million exploit
The defi lending protocol Credix lost $4.5 million to an exploit after a hacker gained control of an admin wallet and used it to mint tokens and drain liquidity pools.
Credix subsequently announced they had negotiated with the thief, who they said agreed to return the funds "in return for money fully paid by the credix treasury". They did not disclose how much they paid to the hacker.
However, shortly after this announcement, the company deleted its social media accounts and disappeared, leading some to wonder if the "hack" may have in fact been a rug pull by insiders. The promised reimbursements have not yet materialized.
Crypto lender Abra pauses withdrawals for international customers
The Abra cryptocurrency lender sent an email to customers announcing that "Abra Earn international services are currently paused, effective immediately", attributing the decision to "broader risk management efforts" and saying it was "influenced by external circumstances outside of our control". This has raised concern among Abra customers, and carries troubling echoes of the wave of crypto lenders pausing withdrawals before they collapsed during the 2022 "crypto winter".
This isn't the first sign of shakiness at Abra, which was alleged to be insolvent by the Texas state securities regulator in 2023. The company wound down its US operations in mid-2023 and refunded $82 million to US customers, after reaching a settlement with 25 state regulators. Abra also faced a lawsuit from the US federal securities regulator in 2024, which they settled in August of that year.
$731,000 stolen in SuperRare hack
Customers of WOO X lose $14 million after exchange compromise
Attackers who compromised devices belonging to a WOO X employee stole $14 million from users of the Taiwanese WOO X cryptocurrency exchange. The phishing attack on the employee gave the hackers access to a development environment, according to statements from WOO X, and the hackers were then able to make withdrawals from customer accounts.
WOO X temporarily froze withdrawals, before reopening accounts after a security review. They offered a 10% "bounty" to the thief.
CoinDCX hacked for $44 million
The Indian cryptocurrency exchange CoinDCX was hacked, with attackers stealing around $44 million. The company announced the breach the following day, attributing it to a "sophisticated server breach" and claiming that only company funds were impacted.
BigONE hacked for over $27 million
The BigONE cryptocurrency exchange was hacked for more than $27 million, which the hacker quickly swapped for various other tokens. The attacker compromised one of the exchange's hot wallets after gaining access to the company's production network. BigONE stated they would fully cover the loss.
Blockchain security researcher zachxbt responded to the hack by saying, "I do not feel bad for the team as this CEX processed a good bit of volume from pig butchering, romance, investment scams." Elsewhere he suggested that hacks of "sketchy offshore exchanges" would be a positive for the crypto industry, serving as a "natural cleanse".
Arcadia Finance exploited for $3.5 million
The Arcadia Finance defi margin protocol was exploited for $3.5 million after an attacker found a vulnerability in a project smart contract. The attacker quickly swapped the stolen tokens and bridged them from Base to the Ethereum mainnet. The attacker stole the funds in two separate transactions that were more than four hours apart.
Arcadia is backed by Coinbase Ventures. The project acknowledged the hack, encouraging users to revoke permissions.