Dutch Knaken crypto platform collapses

The Dutch cryptocurrency platform Knaken (not to be confused with the American Kraken platform) abruptly went offline in early June, leaving roughly 30,000 customers unable to access their funds. The company was unable to secure a license under the EU's MiCA regulations, which it said forced them to shut down. Though they claim to be winding down the company in an orderly fashion, they have reportedly stopped paying customer withdrawals, and have asked customers to stop filing claims.

Dutch prosecutors have asked courts to declare the platform bankrupt, which would install a court-appointed trustee to oversee the process of extracting assets from the company to return to customers. The country's Fiscal Information and Investigation Service has also opened a criminal investigation into the platform.

Polymarket customers lose $2.97 million, company blames third-party vendor

Polymarket customers have lost around $2.97 million to an attacker who then swapped stolen Polymarket USD (pUSD) to ETH.

Polymarket, a crypto-based prediction markets platform, quickly made an announcement to claim that a third-party vendor had been compromised to allow an attacker to inject a malicious script into the website frontend. Polymarket has said it will refund affected customers.

Users of the SecondFi Cardano wallet lose $2.4 million in series of hacks

Users of the Cardano wallet SecondFi (formerly Yoroi) have lost a cumulative 16 million ADA (~$2.4 million) across three attacks targeting a vulnerability in the project's wallet generation code.

After the attacks commenced, SecondFi "rescued" another 129 million ADA (~$19.4 million) by moving the assets to a third party entity. They have announced that an external accounting firm will verify the funds and process user claims.

Taiko bridge exploited

The Taiko bridge, which allows assets to be transferred between the Ethereum mainnet and the Taiko Ethereum layer-2 chain, was exploited for at least $1.7 million before the network was halted, limiting losses. An attacker was able to forge withdrawal requests to appear as though they matched real deposits. Crypto security firm BlockSec said that the attacker may have gained access to a signing key that had been exposed on GitHub.

Highly active MEV bot known as jaredfromsubway.eth drained for $7.7 million

On blockchains like Ethereum, a strategy known as "MEV" (short for "maximal extractable value") allows intermediaries to profit from manipulating the structure of blocks added to the chain — often reordering or "sandwiching" transactions in ways that extract profits. Automated software known as MEV bots make a business out of this strategy, and one of the most active is a bot called jaredfromsubway.eth — likely so named after one-time Subway spokesman and convicted sex offender Jared Fogle because of its strategy of "sandwiching" transactions by placing trades on both sides, causing the original trader to pay more.

On June 20, an attacker used a series of contracts to cause the bot to grant token approvals that were later used to drain 4,427 ETH ($7.7 million). Some of the funds were then laundered through Tornado Cash.