Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime
Also: TrustedVolumes, Wasabi Protocol and Ekubo Hacks

Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, Bitcoin Core revealed a memory safety flaw, hackers exploited TrustedVolumes, Wasabi Protocol and Ekubo, Bithumb suspension paused, sentencing in U.S. theft case, prosecutors sought a 20-year sentence for Delio CEO and North Korea denied that it’s a crypto thief.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Bitcoin Core Reveals First-Ever Memory Safety Flaw
Developers behind Bitcoin Core, the main software used to run bitcoin network nodes, disclosed the project’s first known memory safety vulnerability after fixing the issue months earlier.
The high-severity flaw, tracked as CVE-2024-52911, affected Bitcoin Core versions released between 2017 and early 2025. Researchers said attackers could have used specially crafted invalid blocks to remotely crash other users’ nodes. In rare circumstances, the flaw might also have allowed remote code execution, meaning attackers could potentially run malicious code on affected systems.
The bug involved a use-after-free error, a memory management flaw that occurs when software continues to access data after it has been deleted from memory. Such bugs can create openings for crashes or security exploits.
Bitcoin Core developers said the attack was unlikely to happen in practice because any miner attempting it would need to spend significant computing power creating invalid bitcoin blocks that would earn no financial reward.
Cory Fields of MIT’s Digital Currency Initiative privately reported the issue in November 2024. Developer Pieter Wuille introduced a fix days later under a misleading software update description designed to avoid drawing attention from attackers. The patched code was officially included in Bitcoin Core version 29.0, released in April 2025.
Developers publicly disclosed the vulnerability only after older software versions reached end-of-life support. Estimates suggest roughly 43% of bitcoin nodes may continue running vulnerable versions.
TrustedVolumes Hack Drains Nearly $6.7M
TrustedVolumes, a liquidity provider that works with decentralized exchange aggregator 1inch, said a cyberattack drained about $6.7 million in cryptocurrency from its systems.
Blockchain security firm Blockaid reported the exploit, saying the attack targeted TrustedVolumes’ resolver contract on the ethereum blockchain. Resolver contracts help process and complete trades on DeFi platforms.
Blockaid said the stolen funds included wrapped ether, bitcoin-linked tokens, stablecoins such as USDT and USDC, and other crypto assets. The firm said the attacker appears to be the same entity behind a March 2025 exploit targeting 1inch Fusion V1, which resulted in losses of about $5 million. But researchers said this latest breach involved a different weakness tied to a custom trading system controlled by TrustedVolumes.
Crypto trading platform 1inch said its own systems, infrastructure and customer funds were not affected. The company said that TrustedVolumes operates independently and provides liquidity services to several protocols across the crypto industry.
Wasabi Protocol Hack Drains More Than $5M
Hackers stole more than $5 million from decentralized finance platform Wasabi Protocol after gaining control of a privileged administrator account, said blockchain security firms.
Researchers from PeckShield said the attack affected multiple blockchain networks, including ethereum, Base, Berachain and Blast. Security companies BlockAid and CertiK said the attackers compromised an admin key to gain control. Using that access, the attackers upgraded core contracts and drained funds from user vaults.
Blockaid warned that LP-share tokens, which are digital tokens representing users’ pooled investments, should now be considered unsafe because the assets backing them may already be gone or are vulnerable. Investigators from BlockSec said accounts funded through Tornado Cash appeared to receive administrative privileges before the attack.
Cyvers said the hackers stole several crypto assets, including ether, stablecoins and meme tokens, then converted much of the loot into ether and moved it across multiple addresses.
The security experts said the incident was not caused by faulty code, but by weak operational security. Wasabi urged users not to interact with its contracts while investigations continue.
Ekubo Exploit Drains $1.4M
Hackers stole about $1.4 million in cryptocurrency from DeFi platform Ekubo Protocol after exploiting a flaw in its ethereum-compatible trading contracts, according to blockchain security researchers.
Ekubo, a decentralized exchange originally built on the Starknet blockchain, later expanded to ethereum and arbitrum. The attack targeted the platform’s swap router contracts, which help process token trades across networks.
Security firm Blockaid said the flaw involved weak access controls in a payment callback function. Essentially, the contracts accepted transaction instructions from external data without properly checking whether the wallet owner had approved the transfer. Attackers used this weakness to move funds from wallets that had previously granted permissions, known as token approvals, to the affected contracts.
The researchers said the attackers carried out the theft through around 85 rapid transactions. One victim reportedly lost about 17 wrapped bitcoin. The stolen assets were later converted into other cryptocurrencies, including wrapped ether and DAI, a stablecoin pegged to the U.S. dollar.
Ekubo warned users about the ongoing security incident and urged them to immediately revoke token approvals through the revoke.cash service. The platform said liquidity providers and its main Starknet deployment were not affected.
Since the affected contracts are immutable, meaning they cannot be modified after deployment, Ekubo will likely need to launch new contracts to fix the issue.
Court Pauses Bithumb Suspension in South Korea
A South Korean court temporarily blocked a six-month suspension imposed on cryptocurrency exchange Bithumb, allowing the company to continue operating while the case moves through the courts, reported Yonhap News Agency.
The Seoul Administrative Court approved Bithumb’s request to pause the penalty, which regulators had planned to enforce from March 27. South Korea’s Financial Intelligence Unit, the country’s anti-money laundering regulator, accused the exchange of failing to properly verify customer identities in about 6.65 million cases.
The regulator ordered Bithumb to suspend external cryptocurrency deposits and withdrawals for new customers and imposed a fine of 36.8 billion won or $25 million. Authorities also launched proceedings against CEO Lee Jae-won.
Anti-money laundering rules require financial companies to confirm customer identities and monitor suspicious transactions to prevent crimes such as fraud and money laundering.
Bithumb challenged the punishment in court, arguing that the suspension would damage its business and slow customer growth. The court’s decision keeps the restrictions on hold until it issues a final ruling.
California Man Gets 6.5 Years in Theft Case
A U.S. federal court sentenced California resident Marlon Ferro, known online as GothFerrari, to 78 months in prison for his role in a nationwide crypto theft operation that stole more than $250 million in digital assets. The 20-year-old must also complete three years of supervised release and repay $2.5 million to victims.
Prosecutors said the criminal group primarily used social engineering, and when online scams and hacking attempts failed, investigators said Ferro physically broke into victims’ homes to steal hardware wallets.
Authorities said the group targeted wealthy cryptocurrency holders through hacked databases, fake phone calls, money laundering and burglaries between late 2023 and early 2025. In one case, Ferro allegedly traveled to Texas in February 2024 and stole a hardware wallet containing about 100 bitcoin worth more than $5 million at the time. He later allegedly broke into another home in New Mexico searching for crypto storage devices.
Police arrested Ferro in May 2025 after surveillance footage linked him to the crimes. Officers found firearms and fake identification documents in his possession. Ferro pleaded guilty in October 2025 to participating in a criminal organization involved in fraud and theft.
Prosecutors Seek 20-Year Prison Sentence for Delio CEO
South Korean prosecutors sought to sentence Delio CEO Jeong Sang-ho to 20 years in prison over allegations tied to the collapse of the crypto deposit platform, reported Yonhap News Agency.
Prosecutors made the request during closing arguments at the Seoul Southern District Court, accusing Jeong of violating South Korea’s law on major financial crimes.
Authorities allege that Jeong misused about 250 billion won – or $168.8 million – in cryptocurrency assets belonging to nearly 2,800 customers between August 2021 and June 2023. Delio suddenly suspended customer withdrawals in June 2023, leaving users unable to access their funds.
The case is linked to wider disruptions in South Korea’s crypto sector following the collapse of crypto exchange FTX. Prosecutors previously sought an arrest warrant for a figure identified only as Bang, a major shareholder in B&S Holdings. Investment firm Haru Invest had blamed B&S Holdings for financial problems that contributed to service suspensions, claiming losses of 350 billion won or $236 million tied to FTX’s failure.
Prosecutors also accused Jeong of misleading customers and refusing to cooperate during the investigation. While Jeong’s defense team said it would work to compensate customers if he is acquitted, affected users have urged the court to hand down a harsh sentence. The court will issue its ruling on July 16.
North Korea Asserts It’s Not a Crypto Thief
North Korea asserted it’s not a crypto thief even as blockchain investigators say hacking groups linked to the country stole about $577 million in digital assets during the first four months of 2026.
A spokesperson for North Korea’s Foreign Ministry chalked up its reputation as the world’s foremost flincher of digital assets to “U.S. government organs, reptile media organs and plot-breeding organizations.”
The wildly unbelievable statement comes as blockchain intelligence firm TRM Labs reported a sharp rise in North Korea-linked crypto theft. TRM said groups tied to the regime accounted for 76% of global cryptocurrency hack losses between January and April 2026. Two major attacks in April drove most of the losses: a $292 million exploit involving KelpDAO and a $285 million breach targeting Drift Protocol (see: North Korean Hackers Stole Three Quarters of All Hack Value So Far This Year).
TRM linked the KelpDAO attack to TraderTraitor, a hacking operation associated with the Lazarus Group, which Western authorities have long connected to North Korea. Since 2017, North Korean-linked actors have allegedly stolen more than $6 billion in cryptocurrency.
The stolen funds help finance North Korea’s nuclear weapons and ballistic missile programs.
