A wave of smart-contract exploits and abuse on Polygon has heightened concern that deeper vulnerabilities could threaten DeFi liquidity and MATIC-linked assets. Developers and users are being urged to monitor contracts, bridges and oracle feeds closely.
A sophisticated social‑engineering operation stole over $282 million in BTC and LTC, with the proceeds quickly routed through Monero to obscure the trail.
Ethereum co-founder Vitalik Buterin said the protocol should be built to operate for decades without constant upgrades and must be resilient against future quantum computers. He urged early integration of quantum-resistant cryptography to avoid disruptive emergency fixes.
Decentralized leverage trading platform Futureswap on Arbitrum reportedly lost about $395,000 in a suspected exploit, according to blockchain security firm BlockSec. The incident adds to a series of Arbitrum-based DeFi security events in early 2026.
Truebit’s TRU collapsed roughly 99%, falling from $0.16 to $0.0000000029 after the protocol disclosed a security breach and on-chain analysts traced the stolen Ether. The exploit is reported at about $26 million, leaving the token effectively worthless.
Blockchain security firm Cyvers flagged a suspicious on-chain transaction that appears to have targeted the Truebit Protocol, estimating losses near $26 million. The incident was reported on Jan. 8, 2026 and is under investigation.
Coinbase’s head of global investment research warned that quantum computing could seriously threaten Bitcoin’s cryptographic security. The alert raises pressure on exchanges, custodians and wallet developers to accelerate post-quantum planning.
Bitcoin Core developers have disclosed a critical bug in versions 30.0 and 30.1 that affects migration from legacy wallets to descriptor (modern) wallets. Users are advised to pause migrations and follow official guidance until a fix is released.
Trust Wallet says it will reimburse a subset of users affected by a security breach tied to its Chrome extension that saw roughly $7 million drained. The company has faced criticism for downplaying the incident and offering limited compensation.
A sophisticated phishing campaign is impersonating two-factor authentication prompts to trick MetaMask users into disclosing their wallet recovery phrases. Security teams warn the fake flow is highly convincing and spreads via cloned sites and deceptive pop-ups.