Decentralized leverage trading platform Futureswap on Arbitrum reportedly lost about $395,000 in a suspected exploit, according to blockchain security firm BlockSec. The incident adds to a series of Arbitrum-based DeFi security events in early 2026.
Truebit’s TRU collapsed roughly 99%, falling from $0.16 to $0.0000000029 after the protocol disclosed a security breach and on-chain analysts traced the stolen Ether. The exploit is reported at about $26 million, leaving the token effectively worthless.
Blockchain security firm Cyvers flagged a suspicious on-chain transaction that appears to have targeted the Truebit Protocol, estimating losses near $26 million. The incident was reported on Jan. 8, 2026 and is under investigation.
Binance has removed the FLOW/BTC trading pair and flagged the FLOW token after the Flow Foundation disclosed a $3.9 million exploit. The exchange said the moves follow the project’s security incident and are precautionary for users.
Flow has moved into “phase two” of its recovery on EVM after a $3.9 million exploit, abandoning a prior rollback proposal. The team says the new approach accelerates restoration but signals elevated risks for exchanges and custodians.
Unleash Protocol reported unauthorized multisig activity that allowed withdrawal and transfer of user funds. CertiK analysis indicates the exploited Ethereum was later deposited into Tornado Cash.
Gnosis executed a hard fork Monday after most validators had already adopted a soft fork in an effort to reclaim roughly $116 million stolen in a November Balancer exploit. The intervention aims to restore stolen assets but raises governance and immutability concerns for GNO and BAL holders.
A newly reported React vulnerability is being exploited to install malware and crypto-miners, risking token theft and potential wallet interception on thousands of sites.
A sophisticated exploit allowed attackers to mint 98 million USPD and drain more than $1 million from the USPD stablecoin protocol. The breach raises immediate concerns for peg stability and liquidity providers.
Cybersecurity firm Blockaid says the official Pepe memecoin website was compromised with malicious scripts tied to the Inferno Drainer toolkit, warning users not to connect wallets. The front-end injection risks token approvals and fund drainage.