Crypto Hacks Soar: May’s $647M Meltdown, Cork Protocol Drama & June’s Biggest Breaches
May 2025 saw crypto hacks explode to $647M, led by Cetus AMM's $223M disaster. Cork Protocol’s controversial $12M breach sparks audit debates, while Nobitex and Resupply Protocol kick off June.
While you were busy trying to get those Taylor Swift tickets, crypto hacks hit a scorching $647 million in May alone. Smart contracts and hot wallet hacks led the damage parade, with Cetus AMM becoming the month’s biggest loser at a stunning $223 million due to a spoof token exploit. Cork Protocol’s recent $12 million hack also stirred major buzz among Web3 auditors, sparking intense debate about the security of DeFi protocols and audit practices.
The chaos spilled into June, too—highlighted by the $82 million hot wallet hack on Nobitex and a $9.6 million oracle manipulation at Resupply Protocol. Hackers even picked on security-focused platforms, compromising Hacken Token’s private keys for $250,000.
Protocols are ditching legacy tools for Guardrail's real-time, Web3-native security solution.
Why Guardrail? Less noise, fully customizable monitoring, rapid threat detection, and managed incident response that scales seamlessly.
Book your free Guardrail demo now
🔥 Big Headlines
Silo Finance ($546K): Borrow exploit hit the silo.borrow() logic.
ForceBridge ($3.9M): Rust-based access control loophole exposed due to supply chain attack vector.
ALEX Protocol ($8.37M): Malicious
transfer()drained funds via the Clarity language.Dexodus Finance ($300K): Price manipulation wiped out balances.
Zunami Protocol ($500K): Fell victim (again!) with a
withdrawStuckToken()law.
2024 Crypto Crime Report: $8.3 Billion Lost
In 2024, crypto crimes resulted in losses of $8.3 billion across 519 incidents, with scams causing the majority of the damage. Hacks (293 incidents) and phishing also contributed heavily, but recoveries reached a record $426.7 million through improved tracking and industry cooperation.
Crime never sleeps...
Cork Protocol’s $12M exploit: A flawed governance mechanism led to a massive loss, sparking intense debate among Web3 auditors about the reliability of protocol audits.
Bitrue hacker resurfaces: Years after a $22M exploit, the attacker moved over 1,000 ETH through Tornado Cash, reminding the community that old threats can re-emerge.
Cebu YouTuber exposes $800K scam: In a bold move, a YouTuber hacked into a fraudulent AI Bitcoin operation, leaking live CCTV footage and exposing the scam to the public.
INTERPOL's global crackdown: Over 20,000 malicious IPs and domains were taken down, disrupting numerous cybercriminal operations worldwide.
M&S cyberattack disrupts operations: A significant cyberattack forced Marks & Spencer to suspend online orders, affecting in-store operations and potentially hitting profits by £300 million.
Qantas data breach affects 6 million: A cyberattack on a third-party call center compromised the personal data of millions of Qantas customers, highlighting supply chain vulnerabilities.
UNFI cyberattack impacts Whole Foods: United Natural Foods, a primary distributor for Whole Foods, suffered a cyberattack disrupting deliveries and leading to potential product shortages across North America.
Mark your calendars:
Coinfest Asia: August 21–22, 2025
Blockchain Life 2025: October 28–29, 2025
Devconnect: November 17–22, 2025
📌 Expert Insights and Commentary
Immunebytes: Blockchain Hacks Overview (May–June 2025), lessons from recent exploits and security best practices.
Spearbit: The Frontline of Crypto Scams in 2025: Social Engineering.
Code4rena: Code4rena will run audit contests for free as public goods.
Adevar Labs: Real supply chain attacks in Solana and how to defend against them.
PeckShield: Meta Pool staking contract has a critical bug that allows for free mint of mpETH.
Three Sigma XYZ: Advanced Foundry Cheatcodes Series: Part 1—Foundry Foundations, Why Foundry Over Hardhat?
0xWizzdom: Confidential Stablecoin Transfers on Plasma, a zk-SNARK-Based Shielded Pool Design
Privacy & Scaling Explorations: zkPDF, a new library for making PDFs verifiable with zero-knowledge proofs.
Officer CIA: Due Diligence & Web3
Windhustler: Interoperability Protocol Security Checklist
Ottersec: Sample public audit reports
Detecting and Countering Malicious Uses of Claude: March 2025
Farouk Ubermensh: Under the Hood of Solana Program Execution: From Rust Code to SBF Bytecode
Practice Challenges 🚀
Web3 Phishing Challenge including Simulations
SANS Challenge Coins
Security Boulevard Challenges
Stay vigilant, informed, and secure in the fast-moving world of Web3!
./Happy_hacking