⚠️ WEEKLY RESEARCH REPORT – May 17-24 2026 🔥

🥇 1. $76M Echo Protocol Exploit on Monad Hacker minted 1000 eBTC worth $76M on Echo Protocol. Part of funds laundered via Tornado Cash.


🥈 2. Polymarket Private Key Compromise Attackers drained over $520K from Polymarket ops wallet on Polygon using 6-year-old key. User funds safe, $164K frozen.


🥉 3. ZachXBT Doxxing Thread Drops New account exposed @zachxbt real name Zachary Wolk, Texas background, and court history. Sparked backlash over privacy risks.


@analyze⚡️

⚠️ JUST IN: Blockaid detects ongoing exploit targeting SquidRouterModule on Ethereum and Base.

86 Gnosis Safes drained for around 3 million dollars in roughly 2 hours.

All stolen tokens swapped to DAI via attacker controlled Uniswap V3 pools.

@analyze⚡️

⚠️ JUST IN:
ZachXBT exposes entity linked to LAB multisig signer and RIVER manipulation.

The signer address 0xcea722a1a812ebdfa5bbd8130531cf1d1956ebc9 received funding from an insider tied to RIVER.

The same pattern connects to Sablier vesting for multiple tokens including ESPORTS and LIGHT.

@analyze⚡️

⚠️ JUST IN: U.K. sanctions Huobi Global S.A.
The United Kingdom has added Huobi Global S.A. the entity behind the HTX exchange to its Russia related sanctions list.

This marks one of the first times the UK has applied banking style sanctions to a major crypto exchange.

The move requires UK firms to freeze any related assets and prohibits dealings with the platform due to its alleged ties to Russian sanctions evasion networks including A7 and Garantex.

@analyze⚡️

⚠️ JUST IN: South Korean prosecutors arrest five individuals behind Solana CATFI rug pull.

The group caused around 585k dollars in losses to 256 investors through market manipulation and fake promotions.

Main suspect posed as influencer Eth Father on social media while the team profited roughly 260k dollars.

@analyze⚡️

⚠️ JUST IN: Degen trader Jelitics reports losing $5M in one hour after a $3M blackjack win.

The trader publicly shared multiple screenshots of the intense gambling session.

He explained that the heavy loss came right after riding a strong winning streak.

He noted he is still up around $15M overall with his crypto fully cashed out.

He now plans to shift focus toward capital preservation going forward.

@analyze⚡️

⚠️ JUST IN: Trainwreck flexes insane 5.7 billion dollar wager stats on Stake.

The popular streamer revealed over 768k total bets with 704k losses in his gambling account.

He highlighted the massive volume while responding to critics during the live stream.

@analyze⚡️

⚠️ JUST IN:
Argentina submits bill to Congress banning crypto asset providers from unlicensed online gambling platforms.

BCRA and CNV to coordinate enforcement.

Move aims to prevent gambling addiction linked to crypto.

@analyze⚡️

⚠️ JUST IN: Circle blacklists Zama Confidential USDC contract on Ethereum freezing 12.6 million dollars in user funds.

ZachXBT reported that the privacy protocol’s cUSDC contract was restricted 7 hours ago locking tokens for users.

Contract address 0xe978F22157048E5DB8E5d07971376e86671672B2 is now frozen by Circle.

@analyze⚡️

⚠️ JUST IN: Blockaid detects major exploit on Alephium TokenBridge on Ethereum.

815K dollars drained in 7 minutes after attackers compromised 3-of-4 guardian keys to sign forged VAAs.

This enabled minting of 13.76 million unbacked wrapped ALPH plus unlocking of USDT USDC WBTC and WETH.

Exploiter still holds the funds.

Address: 0x6681ebC82551fE52fDB48E65872e85a3ae06921d

@analyze⚡️

⚠️ JUST IN: U.S. government seizes approximately 1 billion dollars in Iranian crypto assets.

Treasury Secretary Scott Bessent announced the action on May 29 as part of Operation Economic Fury.

The seizures involved grabbing linked crypto wallets to cut off funding channels for Tehran.

@analyze⚡️

⚠️ WEEKLY RESEARCH REPORT – May 24-31 2026 🔥

🥇 1. US Government Seizes $1B in Crypto U.S. government seizes approximately 1 billion dollars in Iranian crypto assets. The seizures involved grabbing linked crypto wallets to cut off funding channels for Tehran.


🥈 2. Major Alephium TokenBridge Exploit Blockaid detects major exploit on Alephium TokenBridge on Ethereum. 815K dollars drained in 7 minutes after attackers compromised guardian keys to sign forged VAAs, enabling minting of millions in unbacked wrapped tokens.


🥉 3. South Korean Arrests in CATFI Rug South Korean prosecutors arrest five individuals behind Solana CATFI rug pull. The group caused around 585K dollars in losses to 256 investors through market manipulation and fake promotions. Main suspect posed as influencer Eth Father.

@analyze⚡️

⚠️ JUST IN: Massive Instagram exploit allowed anyone to hijack accounts using Meta AI support.

The flaw let users request password resets for any account without proper verification or 2FA checks.

The exploit has since been patched.

@analyze⚡️

⚠️ JUST IN: TON officially rebrands to Gram.

The transition will take around 3 weeks with no token swap or technical changes for holders while TON remains the blockchain name.

@analyze⚡️

⚠️ JUST IN: $TSR token completely wiped out after reported 2.5M dollar exploit on BNB Chain.

Exploiter dumped 99M TSR tokens before swapping the stolen funds for 2.5M USDT.

The proceeds were then bridged to Ethereum and 1285 ETH routed through Tornado Cash.

@analyze⚡️

⚠️ JUST IN: 2 month old wallet drained of 316k USDC in single attack.

Victim wallet shows mostly DEX swap activity prior to loss.

Attacker quickly converted stolen USDC to ETH across two transactions totaling around 316k.

@analyze⚡️

⚠️ FUNNY: A man threatens to kill goldfish unless his pump.fun coin hits $1M market cap.

@analyze ⚡️

⚠️ JUST IN: ~243K dollar exploit on ATM token on BSC.

TransferFrom logic swaps 20% of amount to BSC USD allowing repeated extra swaps by attacker.

Same EOA linked to multiple token contract exploits since 2025.

Attacker address: 0x7e7C1f0D567c0483f85e1d016718E44414CdBAFE

@analyze⚡️

⚠️ JUST IN: Gravity Bridge exploiter deposits another 1180 ETH worth around 2.06M into Tornado Cash.

Over 2020 ETH of the total 2.6K ETH stolen has now been sent to Tornado Cash across two EOAs.

Remaining funds dispersed to centralized exchanges.

@analyze⚡️

⚠️ JUST IN: Ethereum MEV bot accidentally sends 167 ETH (~$300K) to a random user.

The bot's error resulted in a substantial unintended transfer caught onchain.

Such MEV incidents highlight ongoing risks in automated trading protocols.

@analyze⚡️