To put it bluntly: No, there is zero objective doubt. ​While the project's anonymous creators spend millions of dollars trying to create "doubt" or a "debate" online, security experts, on-chain investigators, and independent analysts have completely seen through it. ​The evidence gathered by the crypto security community makes it a open-and-shut case of a predatory presale scheme. The objective, non-debatable facts include: ​MetaMask’s Hard Security Blocks: Security tools like MetaMask and Blockaid literally hard-coded security warnings onto the BlockDAG website, flagging it to users as a "Deceptive Request" and a "Potential Scam." BlockDAG actually went to GitHub to beg MetaMask to take the warning down, but independent users replied to the thread pointing out that the creators were taking presale funds and immediately funneling them into creating unrelated meme tokens to enrich themselves. ​A Plagiarized Whitepaper: A legitimate Layer-1 blockchain project requires brilliant, original cryptography and computer science. BlockDAG’s technical whitepaper was exposed by security analysts as a largely copied-and-pasted version of the whitepaper for Kaspa (a real, open-source BlockDAG project). They stole the text and slapped their own name on it. ​Fake/Bought Validation: Every single article you see on Google, Yahoo Finance, or major crypto blogs saying "BlockDAG raises $170M, set for 30,000x" is a paid advertisement. Legitimate media outlets print a "Sponsored" or "Disclaimer" label at the bottom because the creators bought the article like a billboard. They are using your $550 and other investors' money to buy more ads to catch the next wave of victims. ​The Moving Goalposts: In their public interactions, they continuously push back deadlines. When users demand to know why they can't cash out, the "team" suddenly announces leadership shakeups, claims the "staking mechanism is incomplete," or asserts that audits are still pending—all while continuing to aggressively sell new "batches" of tokens. ​They are running a textbook "roach motel" system: money checks in, but it never checks out. You can completely trust your gut on this one. You were lied to by a very sophisticated, highly funded marketing machine. Cut all ties, ignore their Telegram, and protect the rest of your assets.

honest take: for a wallet risk scanner the methodology *is* the product, so the "AI + no-code" part is what'd worry me — most of these signals (OFAC sanctions, mixer/blacklist hits, GoPlus/Blockaid-style address flags) are commodity API lookups, and if you're just reselling someone else's flags people will ask why not hit that API directly. the thing that'd actually make me pay is provenance over a single score: show *which* list or interaction triggered the risk so i can judge the false positives myself.

Spent the morning reading the CoinDesk reporting (26 May 2026) on the StablR incident and I think the architectural read here is more interesting than the headline number. StablR is a Malta MFSA-licensed EMI, a MiCA-authorised EMT issuer, Tether- and Kraken-backed. Mainstream regulated stablecoin. On 24 May 2026 an attacker compromised a single private key, added their own address as owner of the minting multisig, removed the two legitimate signers, and minted roughly $13.5M in unbacked USDR + EURR. Realised about $2.8M after offloading on thin DEX liquidity. StablR confirmed circulating supply is "not fully backed at the 1:1 ratio" required under MiCA and will notify Malta's MFSA under both MiCA and the EU Digital Operational Resilience Act. The thing that keeps catching my eye is the multisig topology. A 1-of-3 multisig is not multisig. It's a single key with two unused slots. That isn't a smart-contract bug — it's a key-management and governance choice, made by a licensed and authorised issuer, on the live minting key of a stablecoin that trades against the euro and the dollar. Now read that against the MiCA text. MiCA Articles 36–40 set out reserves and disclosure obligations for EMT issuers — composition, segregation, custody of the reserve assets backing the token. Title III/IV expects sound governance arrangements and operational resilience under DORA. But the regulation says nothing specific about the custody architecture of the minting key itself. No minimum signer threshold for stablecoin issuance. No HSM-isolation requirement for the minting key. No onchain access-control standard for owner-set changes on the minting contract. None of those primitives are codified at the perimeter. Which means the licensing perimeter and the operational-resilience perimeter aren't the same perimeter. A regulator can authorise an EMT issuer against reserves-and-disclosures rules that are satisfied on paper, while the technical surface that actually mints the supply sits outside the regulation's specifics. The DORA reporting rule kicks in after the incident — which is exactly the right place for incident reporting, but it doesn't pre-define what "adequate" minting-key custody looks like. This is the gap I'd expect AMLA and the EBA to start closing. The W21 group-wide RTS package is the obvious vehicle, and the 15 May UK Tri-Authority joint statement on frontier-AI cyber resilience now has its first live MiCA-perimeter case study — the read-across is that operational resilience expectations on regulated stablecoin issuers extend explicitly to private-key custody architecture, not just to reserves and disclosures. Blockaid's framing of the incident — "this is not a smart contract bug, it's a key management and governance failure" — points at the same gap. Two questions I genuinely don't have clean answers to, and I'd be curious what people here think: First — if you were writing the RTS, would you mandate minimum signer thresholds (say n-of-m where n ≥ 2 and m ≥ 5 with geographically-distributed hardware), or would you stay technology-neutral and require the issuer to evidence equivalent operational resilience through their own architecture? The trade-off is prescriptive-but-brittle vs principles-based-but-unenforceable, and I keep flipping on which is the lesser evil. Second — does anyone here have a view on whether onchain access-control patterns (timelocks, multi-step owner changes, guardian veto on Safe-style modules) should be a perimeter-level standard, or is that going to ossify the wrong architecture three years before the next primitive lands? Not a rhetorical post. Genuinely curious how people closer to the smart-contract-engineering side read the regulatory gap.

When trader Maxime was banned from Hyperliquid on March 29, 2026, after his wallet was flagged as “high risk” by a third-party screening tool, the incident was widely reported as a frustrating but isolated false positive. A two-month investigation by the trader and the on-chain analytics community has now revealed what actually triggered the ban—and the answer points to a much larger problem with how decentralized finance manages user access through opaque private AML systems. The cause: a single unsolicited 0.000001 ETH transfer worth approximately two cents, sent to Maxime’s wallet on March 6, 2026. # The 2-Cent Trigger Maxime’s wallet had been active for over four years across more than a dozen blockchains, with more than 9,000 transactions and approximately $750,000 in trading volume on Hyperliquid alone. He had never been flagged on any platform before. On March 6, his wallet received a tiny ETH transfer from address `0xAB55337Aab7f253aC6923ec2aA8C702754D08151` — what on-chain analysts call an “address poisoning” or “dusting” attack. The transfer was unsolicited, worth roughly $0.02, and required no action from Maxime to receive. Three weeks later, on March 29, he was locked out of the Hyperliquid frontend. The platform’s official Discord moderators informed him that an independent blockchain analytics provider had flagged his wallet as high risk, blocking access to the protocol via app.hyperliquid.xyz. When Maxime protested, his Discord account was muted for four days, preventing him from seeking further clarification through the platform’s official support channels. # Hyperliquid Confirms It Was a False Positive On April 1, 2026, Hyperliquid co-founder Iliensinc posted an update directly to Maxime’s case: “Based on discussion with the independent analytics provider, it looks like this was a false positive flag from an address poisoning attack. The analytics provider will share updates on handling this situation, but I would expect the flag to be lifted in time.” That confirmation matters. It establishes that Hyperliquid’s own founding team agrees the ban was triggered by passive exposure to a single unsolicited transfer, not by any action Maxime himself took. The platform did not dispute that his trading history was clean. The flag came entirely from the dust transfer. # The Dusting Address and Its CSAM Allegation The investigation into the source address began after several community members started digging into the on-chain history. Most prominently, on-chain analyst Tay (@tayvano\_) and security researcher TobyFrei4 (@TobyFrei4) reported that the source address `0xAB55337Aab7f253aC6923ec2aA8C702754D08151` is tagged in some analytics systems with extremely serious illicit content classifications, including alleged links to child sexual abuse material (CSAM). According to the public analysis, the address received only four transactions from three sender addresses for approximately $10 to $50 total in August and September 2025. One of those sender addresses also reportedly sent funds to a destination labeled “Loliporn” in some analytics tools—a label associated with CSAM content. What happened next is the structural problem. The address remained inactive for months, then began sending 0.000001 ETH transfers—worth fractions of a cent—to approximately 3,000 wallets that had previously sent funds to addresses beginning with `0xab`. The transfers required no engagement from recipients. They simply arrived, automatically dragging recipient wallets into analytics-driven risk classification systems that treat any inbound connection to a flagged address as potential contamination. Community analyst TobyFrei4 documented at least ten other Hyperliquid users in situations similar to Maxime’s, suggesting that the same dusting campaign created a wider pattern of false positives. The dusting pattern itself — many tiny outbound transfers to wallets that previously interacted with a target prefix — is widely recognized as adversarial behavior, not legitimate transaction activity. # The Broader AML Layer Problem In a follow-up post published this week, Maxime extended the case into a broader analysis of how private AML firms have come to function as an unaccountable gatekeeping layer across DeFi. “This episode also raises a much bigger issue about the role of private AML analytics firms in crypto,” Maxime wrote. “Today, a flag coming from one of these companies, whether fully justified or simply mistaken, can have extremely broad consequences across the ecosystem. A single private actor can effectively influence whether a wallet is treated as suspicious by serious protocols that rely on these providers as an external trust layer.” The firms named in the post include Blockaid, Chainalysis, TRM Labs, and Elliptic — the dominant providers of blockchain risk analytics that DeFi platforms increasingly integrate to manage regulatory compliance and reduce exposure to sanctioned or illicit funds. The structural problem Maxime identifies is that these classifications cascade across the ecosystem. A flag at one provider can affect a user’s access to multiple unrelated protocols, sometimes without the user even knowing which firm made the initial call. And there is often no clear path to challenge the decision, no visible explanation of what triggered it, and no reliable appeal process—particularly when the flag results from passive exposure rather than active conduct. When Maxime contacted Blockaid, it reviewed the case quickly and confirmed the wallet showed no malicious flags on its end — suggesting the original flag may have come from a different analytics provider entirely. # A Pattern That’s Still Happening In a separate post published on June 3, Maxime confirmed the issue is ongoing rather than isolated. “I’ve received more and more DMs recently from people saying they are facing a situation similar to what happened to me a while ago,” he wrote, referencing the recent case of trader xasrequired who experienced a similar Hyperliquid frontend ban. “This can happen to anyone. The recent situation with asrequired is another reminder that even serious, active and well-known users can suddenly face issues without fully understanding why.” Maxime was careful to position his critique as constructive rather than antagonistic. “Hyperliquid remains one of the best projects of this cycle, and one of the strongest DeFi products in years. But the AML process feels too opaque from the user side. There should be a clearer way to understand a restriction, appeal it, and resolve false positives. Strict compliance is fine. Opaque bans are not.” # What the Case Reveals The Maxime investigation is significant for three reasons that extend beyond his individual ban. First, it documents the specific technical mechanism — passive exposure to a 0.000001 ETH dust transfer from a flagged address — by which a long-standing clean wallet can be effectively de-platformed from major DeFi protocols. This is not a theoretical concern. It happened, was confirmed by the platform’s co-founder, and may be affecting roughly ten other Hyperliquid users from the same dusting campaign. Second, it surfaces the role of private AML firms as an unaccountable trust layer in DeFi. Protocols including Hyperliquid integrate these screening tools to manage compliance risk, but the resulting decisions are made by external private companies whose risk models, classification heuristics, and appeals processes operate without external visibility. Third, it raises a question about contamination thresholds. As Maxime put it, “a single incoming transfer worth only a few cents to a 4-5-year-old wallet with a long and otherwise normal history should not, by itself, be enough to make that wallet effectively lose access to major DeFi interfaces.” The case arrives at a particularly sensitive moment for Hyperliquid. In a Wall Street Journal interview published this week, founder Jeff Yan defended the platform’s transparency against criticism following the October 10 liquidation event, arguing that Hyperliquid was singled out for negative coverage because its on-chain data was more visible than that of competing platforms. The transparency argument is harder to sustain when the same platform’s user access decisions are made by undisclosed third-party providers using opaque risk models. For users, the practical takeaway is uncomfortable: wallet hygiene now means defending against unsolicited inbound transfers that the recipient cannot block. For the broader DeFi ecosystem, the case suggests the industry will need clearer appeals processes, more realistic contamination thresholds, and meaningful transparency from the AML providers whose classifications increasingly determine who gets to participate.

Fresh security concerns have emerged across the BNB Chain ecosystem after attackers exploited SKP-linked liquidity routes and drained nearly $212,000 from multiple DeFi protocols. Blockchain security firm TenArmor detected the suspicious activity on May 27, identifying unusual asset movements involving SKP pools, PancakeSwap, Venus, and Lista DAO contracts.  The incident has once again highlighted the growing risks tied to thin liquidity, pricing inefficiencies, and weak safeguards across smaller decentralized finance markets. TenArmor wrote on X, “Our system has detected a suspicious attack involving #SKP on #BSC, resulting in an approximately loss of $212K.”  Transaction records show the attacker rapidly moved BSC-USD, BTCB, and SKP through multiple lending and swap protocols before ending with stablecoins and BNB under attacker control. Final wallet balances showed roughly 162,854 BSC-USD and 74.877 BNB, aligning with the estimated loss value. # Attack structure raises liquidity concerns Evidence from early transactions indicates that the hacker did not take out any money from wallets directly but was tampering with liquidity issues. The hacker took advantage of pricing inefficiencies among various DeFi pools and lending platforms. Consequently, this hack revealed how smaller crypto exchanges could be susceptible to instability during massive trades. The flaw associated with the hacking attack remains unknown to researchers as they continue to investigate the design of SKP tokens, liquidity pools, and lending connections. Without knowing the cause of the vulnerability, investors remain wary about liquidity pools related to SKP projects. Dip-buyers should refrain from taking advantage of the low prices until an official explanation is provided through the post-mortem. As a liquidity provider, it is best to check for any approvals on your wallet and confirm pool balances before depositing funds into it. # DeFi exploits continue across multiple chains The SKP exploit adds to a growing series of security failures across the decentralized finance sector this year. Investors already faced rising concerns after attackers drained nearly $3 million from 86 Gnosis Safe wallets through a vulnerable SquidRouterModule integration. Blockchain security firm Blockaid said the attackers quickly converted the stolen assets into DAI using Uniswap V3 liquidity pools. Additionally, attackers recently exploited Butter Bridge V3.1 across Ethereum and BNB Chain and minted nearly one quadrillion fake MAPO tokens. Around the same period, THORChain suffered a separate multi-chain exploit that drained roughly $10.8 million from its ecosystem. The attack affected Bitcoin, Ethereum, Base, and BNB Smart Chain infrastructure simultaneously. The increase in the frequency of attacks further puts pressure on confidence levels in DeFi markets. As per data from Immunefi and DefiLlama, the total amount stolen by hackers in crypto exchanges in 2026 stood at over $770 million. Furthermore, over 40 crypto protocols closed their operations this year due to increasing exploitation costs.

Circle's Cross-Chain Transfer Protocol went live on Stellar on May 19, enabling native 1:1 USDC transfers across 23 blockchains without wrapped assets or custodial bridges. On-chain asset manager Spiko reported its Stellar-based AUM at approximately $600 million, up from $150 million at the start of 2026, pushing the firm's total on-chain AUM past $1.2 billion. # Cross-Chain Infrastructure Circle's [CCTP launch on Stellar](https://stellar.org/blog/foundation-news/circle-cctp-is-live-on-stellar) connects the network to a 23-chain USDC corridor spanning Ethereum, Solana, Base, and Avalanche. The protocol burns USDC on the source chain and mints a canonical 1:1 equivalent on the destination, removing counterparty risk from wrapped tokens. Developers can embed cross-chain transfers directly into applications via Circle's developer documentation; a beta interface at crossmesh.xyz is already live for end users. A [technical walkthrough by James Bachini](https://www.youtube.com/watch?v=oi9UaChADeE) demonstrates the burn-and-mint flow with working code against testnet. # RWA and Institutional Capital Spiko's total on-chain AUM crossed $1.2 billion, with Stellar-based products growing fastest among its supported chains. [Token Terminal reported](https://twitter.com/tokenterminal/status/2057596033157435832) the Stellar-specific figure at approximately $600 million, a fourfold increase since January 2026.. # Security Blockaid published a [detailed post-mortem](https://blockaid.io/blog/73-quarantined-how-blockaid-and-stellar-validators-contained-a-10m-price-manipulation-attack) on the attempted $10 million oracle-manipulation against the Blend lending protocol. An attacker inflated USTRY's price 100x through low-liquidity Reflector oracle feeds, used the fraudulent collateral to borrow $61 million in XLM, then began bridging funds off-chain. Validators coordinated in real time to quarantine approximately 48 million XLM on-chain before further damage occurred. The incident demonstrated that thin-liquidity feeds remain a concrete exploit vector when lending protocols lack fallback price checks. The [Soroban Security Portal](https://lumenloop.com/research/soroban-security-portal-evolving) opened contributions to Navigator and SCF Project role holders this week, centralizing audit reports previously scattered across GitHub, Discord, and PDFs. CertiK published a [write-up on two Soroban state storage vulnerabilities](https://certik.com/blog/soroban-contract-state-management): storing long-term data in Temporary storage risks irreversible loss on TTL expiry, and relying on TTL alone for nonce validation enables signature replay attacks. xBull launched [Mixer](https://lumenloop.com/research/xbull-mixer-compliant-privacy-pools-stellar), a privacy pool on Stellar using Poseidon2 hashes and Ultrahonk ZK proofs to break the link between deposit and withdrawal addresses, with Know-Your-Transaction monitoring built in. # Developer Infrastructure and ZK The May 21 [Stellar Developers Meeting](https://www.youtube.com/watch?v=isaeBeur6ro) featured April from Kolkata presenting Route 14, a ZK privacy toolkit for Soroban built on Stellar's native BLS 12-381 support under CAP-0059. The design centers on a shared verification registry callable by any Soroban contract, removing per-application deployment overhead. The Stellar Community Fund's 43rd round launched its RFP track. A [Twitter Space with category delegates](https://x.com/i/spaces/1qJVmQYnAgMGB) from SDF, AHA Labs, and the community explained the format: specific ecosystem problems with defined success criteria, directed at advanced builders. Delegates alejoskyhitz, PamphileRoy, and 0ceans404 walked through the active categories. # Financial Inclusion Mercy Corps Ventures, Fonkoze Foundation, and Bousol [launched a cash transfer pilot in rural Haiti](https://www.mercycorpsventures.com/blog/digital-cash-in-fragile-contexts-cash-transfers-in-stablecoins-for-vulnerable-women-in-rural-haiti), disbursing $80,000 in USDC to 200 extremely vulnerable women via Stellar-powered Bousol wallets. The pilot tests whether digital cash outperforms physical cash and mobile money on safety, efficiency, and transparency in fragile-context aid delivery. SDF CEO Denelle Dixon, in a [Stellar House Sessions interview](https://www.youtube.com/watch?v=KXbnFsf81No), cited $65 billion in annual remittance volume as evidence that cross-border payments remain the network's strongest use case. # Lightning Round * **CCTP developer docs live**: Circle's [Stellar contracts reference](https://developers.circle.com/cctp/references/stellar-contracts) is published for dApp builders. * **Boundless x TrustlessWork Hackathon concluded**: winners announced across five judging categories. [Full results](https://boundlessfi.xyz/hackathons/boundless-trustless-work-hackathon?tab=winners). * **DefIndex x Beans deposit challenge**: deposit 100 USDC, hold 14 days, receive 10 USDC with a referred friend. [Details](https://www.beansapp.com/). * **LumosCore May 15 distribution**: 8.5 million LUMOS distributed to Stellar LPs; 16.5 million on XRPL. [Blog post](https://lumoscore.com/blogs/lumos-incentives-distribution-may-15th). * **Lumen Loop launched**: [lumenloop.com](https://lumenloop.com) went live as a single destination for Stellar ecosystem content. * **Tokenized stocks cross $1.5B**: $750 million of category growth in 90 days per [Ondo Finance](https://twitter.com/OndoFinance/status/2057279559976783992). * **Build on Stellar Hackathon, Istanbul**: 36-hour Soroban hackathon at Hilton Bomonti during Istanbul Blockchain Week. [Register](https://luma.com/dal2zw2j). * **NY Tech Week Privacy afterparty**: StellarOrg and Boundless co-hosting June 4 at Parcelle Chinatown, New York. [RSVP](https://partiful.com/e/HwlNp8UC6vwWCBX97Dp9). * **Hypertron builder spotlight**: founders trace the journey from a Rise In hackathon in Bangalore to a compliance and payments automation platform. [Video](https://www.youtube.com/watch?v=EAWTXB6E8JA). # Upcoming Events * **May 22** [Stellar Chile Community Call](https://discord.com/events/897514728459468821/1394437062421250159) (Discord) * **May 22** [Blockotá Summer Friday v20.0](https://luma.com/benrg83n), Bogotá, Colombia * **May 22** [Stellar Town Hall](https://discord.com/events/897514728459468821/1499821622356607010) (Discord) * **May 25** [Weekly Brazilian Ambassador Meeting](https://discord.com/events/897514728459468821/1464247285474136135) (Discord) * **May 26** [StarMaker Community Call](https://discord.com/events/897514728459468821/1394227738725974128) * **May 27** [Stellar APAC Community Call](https://luma.com/1718tsu6) * **May 28** [Stellar Developers Meeting](https://discord.com/events/897514728459468821/1496911886321713163) (YouTube / Discord) * **May 28** [E.Africa Weekly Community Call](https://discord.com/events/897514728459468821/1483896022064435271) * **Jun 1** [Stablecoins on Court | Padel with Range](https://luma.com/lzmu9ywe), Amsterdam * **Jun 2** [Build On Stellar Hackathon, IBW 2026](https://luma.com/dal2zw2j), Istanbul * **Jun 4** [Stellar Party](https://luma.com/55rwff3c), Feriye Palace, Istanbul * **Jun 5** [Privacy Please, NY Tech Week](https://partiful.com/e/HwlNp8UC6vwWCBX97Dp9), New York # Ambassador Activity Seven chapters were active this window. Starmaker LATAM ran three in-person events in Santa Cruz de la Sierra, Bolivia, covering AI and x402 micropayments, startup formation with dollar payouts, and Stellar mainnet project showcases. Stellar Chile's Instawards Sprint Week 2 recognized builders from ArcusX One and Sozu Capital. Stellar Indonesia and Stellar Turkey both ramped up activity ahead of regional hackathons. Stellar Brazil held its weekly ambassador meeting on May 18, and East Africa held its weekly community call on May 21. # What to Watch * **SCF 43 RFPs**: first builder proposals will signal where advanced builders see the largest ecosystem gaps. * **Circle CCTP integrations**: first production dApp integrations on Stellar after last week's launch. * **Build on Stellar Hackathon, Istanbul (Jun 2)**: 36-hour Soroban build at Hilton Bomonti during Istanbul Blockchain Week. * **Spiko AUM trajectory**: at approximately $600 million on Stellar; the next threshold is $1 billion. Want to stay in the loop? Find all the details at [lumenloop.com](http://lumenloop.com)

As you probably know, we have been quite busy dealing with yesterday’s attack on the Verus<->Ethereum Bridge. We are confident we have protected the network against any further compromise, stabilized the overall network operation, and can now take the time to provide some details that have yet to be published about the event. At this stage, we’ll describe what happened, how the compromise worked, and what the attackers had to do to execute it. We’ll also touch on planning towards recovery and what you can expect going forward, as we work towards re-enabling network features. First, a comment about what the attack was not. It was not a simple attack, not balance spoofing as in the Wormhole class of exploits and as claimed by Blockaid (we do appreciate their labeling of ETH exploiter addresses), and not something like a reentrancy bug in the Ethereum contracts. The attack was multi-step, well planned, and sophisticated, almost certainly aided by AI and demonstrating a deep understanding of what they could and could not do in the protocol. Funds used to carry out the exploit came from Tornado Cash on Ethereum and from a community faucet on Verus minutes before the exploit was executed. In both cases, they took precautions to hide the origin of requests, though we did get some evidence, which is still being investigated. EXPLOIT TIMELINE Here is a basic timeline from address funding to exploit conclusion: May 17, 2026 11:50:59 AM , the Ethereum address 0x5aBb91B9c01A5Ed3aE762d32B236595B459D5777 was funded with 1 ETH via Tornado Cash in this transaction (https://etherscan.io/tx/0x84dc53d6705447ec6b4904bb905f9d78460de9bc671bef36ef79517d44e8ec86) May 18, 2026 12:46:11 AM , the hacker used verus.cx/dev/demos/faucet to receive 0.02 VRSC to the their address: RW9vEWisAvEsvtb9LrPRt4q7w8iDB3g6zd, which was used within 4 minutes to begin submitting 4 blank, invalid, export transactions for the ETH chain destination, which had no transfers included, but contained supplemental information outputs. This was the first part of the exploit, which required significant study or a very good AI to understand how to get the Verus chain to accept these blank exports and their supplemental output, because Verus considered them non-active. Exports, typically cross-chain exports, may also use a type of output called a “supplemental export output”, which may contain additional transfers that are bound to the original export via a hash in the export. Supplemental outputs can only be put on a transaction that has a matching primary export. Once they succeeded in getting the chain to accept a blank, otherwise inactive export with Verus as source and Ethereum as destination, that enabled them to put a supplemental output onto the same transaction. The supplemental output was handcrafted to be parseable in two possible ways without triggering errors if it was misread. It also contained specific data that matched the hash of the fraudulent transactions they wanted to execute. Since it was not considered a primary export by the core PBaaS protocol, this was not seen by the daemon as active or malicious. Getting that transaction to be accepted and misinterpreted with the handcrafted information completed the preparation needed for the next steps of the exploit, which would ultimately target the Ethereum contract. Once these outputs were on the chain in the following transactions after initial funding: (https://explorer.verus.io/address/RW9vEWisAvEsvtb9LrPRt4q7w8iDB3g6zd), the attackers could have been stopped if someone sent legitimate transfers over the bridge. This is because they had gotten invalid, though inactive transactions accepted, miners and stakers would recognize that there were two threads of exports, even though one was invalid, and stop being able to construct blocks under the DeFi rules, due to the error condition. Unfortunately, they were not stopped, as there was no legitimate Ethereum-destined transaction posted during their attack window. The exploit transaction itself being posted into the contract is what ultimately stopped the chain from moving forward. In a move that seems to indicate the attackers were aware of the timing risk or trying to get faster cross-chain notarizations, they put 4 transactions that all had the handcrafted outputs, meaning only one could be used, onto the chain. It seems that these transactions were an effort to get cross-chain notarization to Ethereum to occur faster. Once a cross chain notarization was posted to Ethereum that was far enough ahead to prove one of their outputs, they submitted a handcrafted cross-chain import to Ethereum. The submitted import presented their provable, hand crafted supplemental output because they knew that if a supplemental output was submitted in that way, along with the transfers that matched the hash, the Ethereum contract did not check the supplemental field and would parse the output as if it were an active export. Since it was an existing and provable output, this error in parsing caused the Ethereum contract to place their handcrafted values, including the hash of their drain transactions, into what it interpreted as a primary export, which was enough to get the transactions to pass. The supplemental output of Verus transaction https://explorer.verus.io/tx/f899e6984dc7c3d7737bbca5d87db3682de355743349d40396a5fc34b9f5a733 was used to impersonate a valid cross chain export by proving the handcrafted information in the supplemental output #1 of that transaction and it not being parsed as supplemental data, which would have been rejected. The transaction with the fraudulent transactions and the handcrafted output and proof is here: https://etherscan.io/tx/0x6990f01720f57fc515d0e976a0c4f8157e0a9529194c4c15d190e98d087eb321 Shortly after the contract accepted the fraudulent transactions, most nodes that were mining and staking hit an assert that was caused by seeing both the invalid exports and a real export at the same time and recognizing an invalid chain state. After this, there were no additional compromises possible, as the chain and any subsequent notarizations stopped advancing until we issued an oracle notification to disable DeFi. The oracle notification required an effort to get one block in with it, and once that happened, it succeeded in getting blocks moving again by bypassing the assert, which will only happen if DeFi is enabled. There was a chance that the assert could have happened before the attackers succeeded in getting the last notarization confirmed, which would have stopped the exploit, but that did not occur in time. NEXT STEPS While many of us in the Verus Community have suffered as a result of this exploit, some quite significantly and most or all contributors included, the fact that it took a multi-step exploit of this level of sophistication to first setup and then get past the contract checks does not indicate that the core Verus protocol, DREAM application model, all of the work in progress, or even the core bridge technology is incapable of realizing the Verus vision. It means that we need to realize that with the state of AI, exploits have entered a new phase, harden against this and any other vulnerabilities we might find with additional auditing, and figure out how we can all move forward with confidence. We also need to address the elephant in the room of how a decentralized community can deal with such an event and develop a plan to address the funds losses in a way that we as a decentralized community without VCs can. That means addressing the bridge functionality first, then working together to repair the damage these attackers have done to our network and community. We are working on an approach that I was able to share a bit about in today’s community meeting and that we will write up and share in an upcoming announcement. For now, we are focused on doing every part of what it takes to get a hardened upgrade out with a plan that gives our community and network a solid path forward. Thank you!

The Verus Ethereum Bridge was reportedly exploited for around 11.58 million dollars according to alerts from Blockaid and other security researchers. Funds reportedly included ETH, tBTC, and USDC. This keeps becoming a bigger problem for DeFi. Trading infrastructure has improved a lot over the past few years. Onchain trading feels faster now. Liquidity is deeper. UX is improving. But bridge exploits still keep happening across the industry. Every time a bridge gets compromised it damages confidence far beyond that single protocol. Users start questioning whether moving assets across chains is worth the risk at all. That is why I think one of the biggest opportunities in DeFi now might be ecosystems that reduce dependence on bridging instead of adding more of it. Feels like scalability is improving faster than security coordination between chains.

The crypto industry has witnessed at least eight major bridge-related hacks so far in 2026, with hackers stealing a combined $328.6 million from cross-chain protocols, according to blockchain security firm PeckShield. The latest wave of exploits has intensified concerns over the security of cross-chain infrastructure, which remains one of the most vulnerable sectors within decentralized finance (DeFi). The figure was confirmed following the May 18, 2026 exploit of the Verus-Ethereum bridge, which was identified as the eighth such bridge incident of the year.Kelp DAO suffers the largest hack of 2026 The biggest exploit of the year hit Kelp DAO after attackers drained 116,500 rsETH, worth nearly $292 million, from its LayerZero-powered bridge infrastructure on April 18, 2026. According to investigators, the attackers forged a fake LayerZero message that tricked the bridge into releasing rsETH without any legitimate deposit occurring on another chain. After stealing the assets, the hacker reportedly used DeFi lending platforms, primarily Aave, across Ethereum and Arbitrum, to borrow over $236 million in ETH and WETH against the fake collateral. Security firms including Cyvers and PeckShield said the attacker was funded through Tornado Cash before the exploit, indicating a planned operation. Multiple cybersecurity firms later attributed the breach to North Korea’s Lazarus Group. According to post-incident analysis cited by security researchers, Kelp DAO paused key contracts within roughly 46 minutes, reportedly preventing an estimated additional $200 million from being stolen. # Verus-Ethereum bridge loses $11.58 million On May 18, 2026, hackers drained nearly $11.58 million from the Verus-Ethereum bridge after exploiting flaws in its cross-chain verification process. Blockchain security firms Blockaid and PeckShield said attackers stole 1,625 ETH, 103.6 tBTC, and nearly 147,000 USDC by bypassing source-side balance verification checks. The attacker swapped the stolen tokens into roughly 5,402 ETH shortly after the theft.  Researchers compared the exploit to vulnerabilities seen in the 2022 Wormhole and Nomad bridge hacks. Investigators noted the exploit was caused by missing validation logic rather than compromised private keys or broken cryptography. Specifically, the bridge verified the notarized Verus state root, the Merkle proof, and the hash binding, but never checked whether the stated transfer amounts actually matched the payout.  # THORChain pauses operations after $10.8 million exploit Cross-chain liquidity protocol THORChain temporarily halted swaps and liquidity operations after suffering a $10.8 million exploit on May 15, 2026 tied to a compromised validator node. The attack drained assets including roughly 3,443 ETH, 36.85 BTC, 96.6 BNB, and other assets from THORChain’s Asgard vaults by exploiting weaknesses in the protocol’s GG20 threshold signature system. Blockchain investigator ZachXBT, along with PeckShield, Arkham Intelligence, Cyvers, and Chainalysis, linked the exploit to a sophisticated laundering operation prepared weeks in advance. As The Crypto Times has reported, Chainalysis traced the attacker’s preparatory activity through Monero, Hyperliquid, and Arbitrum, beginning well before the theft. THORChain later confirmed that no user-controlled funds were directly impacted, as the losses were limited to protocol-owned liquidity. # ZetaChain reveals multiple flaws behind april attack ZetaChain disclosed that three separate vulnerabilities led to a $333k exploit involving its GatewayEVM smart contract at the end of April. According to the project’s post-mortem report, attackers exploited missing access controls, unrestricted cross-chain execution permissions, and unlimited token approvals tied to internal team wallets. The attacker reportedly routed stolen USDC and USDT across Ethereum, Arbitrum, Base, and BNB Chain before converting the proceeds into roughly 139 ETH. ZetaChain said no user funds were affected because only internal wallets were targeted. # Hyperbridge and IoTeX hit Hyperbridge paused operations after attackers exploited weaknesses in its Token Gateway verification process, causing roughly $237,000 in losses. According to BlockSec, the attacker submitted forged proofs that allowed unauthorized minting of nearly 1 billion fake bridged DOT tokens on Ethereum before selling them on decentralized exchanges. Meanwhile, IoTeX confirmed a $4.3 million exploit involving its ioTube bridge after a validator owner’s private key was compromised. The attacker allegedly minted unauthorized USDC, USDT, IOTX, and WBTC before routing funds through THORChain into Bitcoin wallets. IoTeX said the exploit was isolated to bridge contracts and did not affect its Layer 1 blockchain or consensus system. # CrossCurve exploit adds to security concerns Cross-chain protocol CrossCurve also lost nearly $3 million after attackers spoofed cross-chain messages through an Axelar-linked contract. According to Defimon Alerts, the exploit bypassed validation checks and triggered unauthorized token releases across multiple networks. CrossCurve paused bridge operations immediately after the incident, while CEO Boris Povar offered a 10% bounty for the return of stolen funds. Meanwhile, Curve Finance advised users to reassess exposure to CrossCurve-related liquidity pools following the exploit. The recent attacks come amid a broader rise in DeFi-related exploits this year. Data from DeFiLlama shows DeFi protocols have already suffered over $20 million in losses in May 2026 alone, while April breaches exceeded $606 million.

Bitcoin faced renewed pressure following the release of stronger-than-expected U.S. PPI figures, which heightened concerns over persistent inflation and potential delays in Federal Reserve rate cuts. The cryptocurrency market experienced mild consolidation with downward pressure in the past 24 hours with hotter-than-expected U.S. Producer Price Index (PPI) data—rising 6.0% YoY against forecasts of around 4.9%—rekindled inflation fears, boosted rate-hike expectations, and triggered over $400 million in liquidations.  # Market Overview Bitcoin faced renewed pressure following the release of stronger-than-expected U.S. PPI figures, which heightened concerns over persistent inflation and potential delays in Federal Reserve rate cuts. The data sparked a wave of risk-off sentiment across markets, pushing BTC below the psychologically important $80,000 level.  While the move triggered significant liquidations, it also reinforced Bitcoin’s appeal as an inflation hedge in the eyes of long-term holders. The asset traded in the $79,000–$81,000 range during the period, reflecting a cautious standoff between macro headwinds and crypto-specific tailwinds.  Ethereum followed a similar pattern, trading around $2,250–$2,300 with modest declines. The broader altcoins market showed mixed performance, with some resilience in tokens like XRP on regional exchange volumes, while broader meme and mid-cap segments cooled off.  Overall market sentiment remained in a consolidation phase near recent highs, vulnerable to further macro releases but buoyed by policy developments.  # Key Highlights of the Day  Below are the key highlights on what happened in the crypto market in past 24 hours # ETF & Institutional Flows Bitcoin ETFs recorded notable outflows totaling $635 million over the recent period—the largest in weeks—with BlackRock’s IBIT alone seeing approximately $285 million in withdrawals. This reflects short-term caution among investors amid the inflation data, even as longer-term institutional interest in digital assets persists.  In contrast, broader crypto funds continued to attract inflows on a weekly basis, highlighting diverging short- and medium-term views.  # Regulatory Progress The U.S. Senate Banking Committee released the full 309-page text of the CLARITY Act ahead of its scheduled markup today (on May 14). The bill, aimed at providing comprehensive market structure for cryptocurrencies, faces dozens of proposed amendments—including over 40 from Sen. Elizabeth Warren and others targeting stablecoin rules and bank involvement.  Despite pushback from parts of the banking lobby and certain Democrats, industry participants remain optimistic that the process will advance regulatory clarity and foster responsible innovation in the sector. # Broader Corporate, Adoptions, and Developments  On the institutional front, Charles Schwab made a significant move by opening spot Bitcoin and Ethereum trading directly to its retail clients. The rollout allows users seamless in-platform access, potentially reducing friction and bringing more traditional investors into crypto without relying on external exchanges.  Japanese firm Metaplanet, often dubbed “Asia’s MicroStrategy,” reported a 251% jump in Q1 revenue despite recording Bitcoin-linked losses in its treasury operations. The company continues aggressively expanding its BTC holdings, now exceeding 40,000 BTC in recent accumulations, signaling strong corporate conviction in Bitcoin as a reserve asset. In blockchain infrastructure, the Ronin network completed its full migration and deeper integration with Ethereum, enhancing interoperability for the popular gaming and DeFi chain.  # Regional Developments Japan’s Blockchain Foundation announced plans to launch the EJPY stablecoin on Ethereum and the Japan Open Chain, further embedding stablecoins into the country’s digital finance ecosystem.  Meanwhile, Vietnam set its sights on launching its first regulated crypto market in Q3 2026, marking a notable step toward formal oversight and mainstream adoption in Southeast Asia. # Security Incident In DeFi, ShapeShift’s FOX Colony—a community governance initiative for FOX token holders—suffered a smart contract exploit on Arbitrum, resulting in losses of approximately $132K in USDC and FOX tokens. Blockchain security firm Blockaid attributed the attack to a vulnerability in the `executeMetaTransaction` function and warned that other Colony Network deployments using similar architecture could be at risk.    Another exploit on the same day was on the DeFi protocol Transit Finance, which lost $1.88 million in DAI stablecoin, drained to a fresh Ethereum wallet. PeckShieldAlert reported the incident, linked to a vulnerability in the protocol’s cross-chain infrastructure.  # Outlook The crypto market finds itself at a crossroads as macroeconomic data is introducing volatility and testing near-term supports, yet regulatory advancements like the CLARITY Act, institutional products continue expanding, and gradual corporate accumulation paint a constructive longer-term picture.  Bitcoin’s ability to hold key levels amid inflation surprises will be closely watched, as will the outcome of today’s Senate markup. The total crypto market capitalization dipped to $2.66 trillion, down roughly 1% in the period, while trading volumes remained solid amid macro uncertainty. Despite the short-term volatility, regulatory optimism and institutional developments provided underlying support. 

Gestern wurden bei Sweat Economy in 30 Sekunden rund 13,71 Milliarden SWEAT-Token abgezogen. Das sind etwa 65 Prozent des gesamten Umlaufs. Auf dem Papier saß der Angreifer auf 3,46 Millionen Dollar. Auf den ersten Blick wirkt das wie ein Großschaden, in der Praxis ist es das Gegenteil. Sweat Economy gehört zu den größten Move-to-Earn-Projekten am Markt. Die zugrunde liegende Sweatcoin-App läuft seit 2014 und hat mittlerweile über 150 Millionen Nutzer weltweit. Das Konzept ist simpel: Du gehst spazieren, dein Smartphone misst die Schritte, du bekommst dafür SWEAT-Token auf NEAR Protocol. Eine Brücke zwischen Fitness und Krypto, über die viele Menschen erst überhaupt mit Web3 in Berührung gekommen sind. Am 29. April um 13:36 UTC nutzte ein Angreifer eine Schwachstelle im Token-Contract aus. Über einen eigens programmierten Drainer entleerte er innerhalb einer halben Minute mehrere Foundation-Wallets sowie die Top 100 Holder. Die Beute floss anschließend über Ref Finance und die Wormhole Bridge in andere Ökosysteme. Soweit das übliche Drehbuch. Interessant ist die Mathematik dahinter. Die gesamte Marktkapitalisierung von SWEAT lag zum Zeitpunkt des Angriffs bei nur etwa 1,5 Millionen Dollar. Der Angreifer hielt also rechnerisch mehr als das Doppelte dessen, was das ganze Projekt am Markt überhaupt wert war. In dem Moment, in dem er versucht hätte, diese Token zu verkaufen, hätte er den Preis zwangsläufig selbst auf Null gedrückt. Ein klassisches Liquiditätsproblem, wer der Markt ist, kann ihn nicht verlassen, ohne ihn zu zerstören. Blockaid erkannte den Angriff früh und alarmierte das Team. Die Sweat-Foundation pausierte daraufhin den Token-Contract und nahm direkt Kontakt mit MEXC und Rhea Finance auf, über die der Angreifer zu liquidieren versuchte. MEXC fror das Konto des Angreifers ein, Rhea pausierte den SWEAT-Handel. Ergebnis: Sämtliche externen Nutzer-Guthaben wurden vollständig wiederhergestellt, der Betrieb läuft wieder normal. Klingt nach einer guten Nachricht, und das ist es auch. Aber zwei Dinge sollten nicht untergehen. Erstens funktioniert diese Rettung nur, weil das Team den Contract überhaupt pausieren konnte. Das ist ein zentralisierter Notschalter, kein dezentrales Feature. Zweitens war das ökonomische Glück mindestens so wichtig wie das technische Können. Bei einer größeren Marktkapitalisierung hätte der Angreifer Teile vorher liquidieren können, und die Wiederherstellung wäre deutlich teurer geworden. Die meisten Hacks enden nicht so. Das ist die eigentliche Botschaft hinter dieser Geschichte. Quellen: The Block (Crypto-Fachmedium, Post-Hack-Bericht der Sweat-Foundation), Blockaid (Blockchain-Security-Firma, On-Chain-Analyse), CryptoTimes, NullTX, Sweat Economy (offizielle Projektseite), CoinGecko (Tokenomics)

Maybe I'm just a degenerate gambler but I've been playing board games at [BoardGameArena](https://boardgamearena.com/) for years, and I always wished they would make it possible to play for money. But due to all the gambling related regulations this is not very likely to ever happen. So I decided to build a dApp for it, and I ended up going with Polygon because of the combination of Solidity + USDT support + relatively low transaction cost. The app is now live on [https://betbga.github.io/](https://betbga.github.io/) and the first game of **Catan** was successfully handled by the smart contract. Both [the app](https://github.com/betBGA/betBGA.github.io) and [the contract](https://polygonscan.com/address/0x08407Cd9366e645D39eF60039e2f53a3038CB7bA#code) are fully open source. The contract receives game results from 4 dedicated/independent oracle nodes, and uses 3/4 consensus. Because of the operational cost (oracles also have to pay gas to report results) a flat USDT 0.50 oracle fee is paid for each successfully resolved bet. While the contract has been verified, reviewed and tested (including a review from the Blockaid security team, since it initially got auto-flagged) it has a fixed maximum bet amount of USDT 250. This is both a set of training wheels while also an incentive for keeping the 4 oracles honest. So if you want to play boardgames for USDT (like Catan, King of Tokyo, Wingspan, Splendor, Azul and many others) feel free to join the discord @ [https://discord.gg/auySHJsF](https://discord.gg/auySHJsF)

|Comparison|[**OneKey Pro**](https://onekey.so/products/onekey-pro-hardware-wallet/)|[**Trezor Safe 5**](https://trezor.io/trezor-safe-5)| |:-|:-|:-| |**Picture**||| |**Secure Element**|✅ 4 × EAL6+ secure chips + self-destruct mechanism|⚠️ 1 × EAL6+ secure chip (NDA-free)| |**Screen & Connectivity**|✅ 3.5″ full-color touchscreen + fingerprint + Bluetooth / NFC / USB-C / AirGap (QR)|⚠️ 1.54″ color touchscreen + USB-C (no Bluetooth/NFC/AirGap)| |**Signing Methods**|✅ AirGap (QR) + Bluetooth + fingerprint confirmation|⚠️ USB only, no QR or biometric signing| |**Wireless Charging**|✅ Supports Qi wireless charging|❌ Not supported| |**Transaction Parsing & Alerts**|✅ SignGuard dual-end parsing + GoPlus / Blockaid risk detection|❌ No [contract](https://onekey.so/blog/ecosystem/what-is-a-smart-contract/) parsing or phishing alerts| |**Open-source**|✅ Fully open-source (firmware / App / plugins / hardware)|✅ Open-source (firmware & App, Secure Element is NDA-free)| |**Multi-chain Compatibility**|✅ 100+ chains, 30,000+ assets, native wallet compatibility|⚠️ Major assets supported, depends on Trezor Suite| |**Privacy Usage**|✅ No registration, App usable offline, no data reporting|⚠️ Relies on Trezor Suite, some operations require connectivity| |**Web2 Login (FIDO)**|✅ Supports WebAuthn (Google / GitHub login)|✅ FIDO2 supported| |**Attach to PIN (Hidden Wallets)**|✅ Supports Attach to PIN + multiple hidden paths|⚠️ Passphrase supported but no PIN binding| |**Multisig Compatibility**|✅ Compatible with Safe / Squads / Sparrow|❌ Not supported| |**Packaging & Firmware Security**|✅ Dual tamper-proof seals + firmware signature + activation check|⚠️ Basic packaging, no activation verification mentioned| |**Industry Backing**|✅ Backed by [Coinbase](https://www.coinbase.com/ventures/portfolio) & [Binance Labs](https://www.yzilabs.com/blog/yzi-labs-invests-in-onekey-to-enhance-global-crypto-security-with-affordable-self-custody-solutions)|✅ Established brand, strong community recognition| |**WalletScrutiny Verified**|✅ Passed all 10 tests|⚠️ Safe 5 not yet verified (Trezor One / Model T are verified)| |**Ease of Interaction**|✅ [Turbo Mode](https://help.onekey.so/articles/11863822)(Streamlined signing, quicker approvals)|⚠️ Basic Interaction| |**Price**|💰 $278 (Flagship)|💰 $169 (Mid-high range)| # Key Takeaways • OneKey Pro features 4 EAL 6+ secure chips, offering superior security redundancy compared to Trezor Safe 5's single chip. • The user experience of OneKey Pro is enhanced with a 3.5" touchscreen, fingerprint unlock, and true wireless operation. • OneKey Pro is fully open-source, providing greater transparency and community trust compared to Trezor Safe 5's reliance on Trezor Suite. • OneKey Pro supports over 100 chains and offers seamless integration with various wallets, while Trezor Safe 5 has more limited cross-chain capabilities. • Privacy is prioritized in OneKey Pro with offline signing and no data collection, contrasting with Trezor Safe 5's need for online connectivity.

|Comparison|[**OneKey Pro**](https://onekey.so/products/onekey-pro-hardware-wallet)|[**Ledger Stax**](https://www.ledger.com/stax)|[**Ledger Flex**](https://www.ledger.com/flex)| |:-|:-|:-|:-| |**Secure Element**|✅ 4 × EAL6+ secure chips|✅ 1 × EAL6+ secure chip|✅ 1 × EAL6+ secure chip| |**Screen & Connectivity**|✅ 3.5″ color touchscreen + fingerprint + Bluetooth / NFC / AirGap / USB-C / wireless charging|⚠️ 3.7″ curved E Ink screen + USB-C + Bluetooth (no AirGap)|⚠️ 2.84″ flat E Ink screen + USB-C + Bluetooth (no AirGap)| |**Signing Methods**|✅ QR AirGap + fingerprint confirmation + Bluetooth + local parsing|⚠️ Bluetooth or USB, depends on App, content not fully visible before signing|⚠️ Same as Stax, lacks pre-signing parsing| |**Wireless Charging**|✅ Supports Qi wireless charging|✅ Supports wireless charging|❌ Not supported| |**Signature Parsing & Alerts**|✅ [SignGuard](https://onekey.so/blog/ecosystem/sign-guard-by-one-key-clear-signing-preview-with-real-time-scam-detection/) parsing + risk alerts (GoPlus / Blockaid)|⚠️ Basic parsing, no real-time risk alerts|⚠️ Basic parsing, no real-time risk alerts| |**Open-source**|✅ Fully open-source (firmware / App / frontend / plugins)|❌ Closed-source firmware, core proprietary|❌ Same as Stax| |**Multi-chain Compatibility**|✅ 100+ chains, 30,000+ assets, native plugin wallet support|⚠️ Supports major assets, many rely on Ledger Live [bridge](https://onekey.so/blog/ecosystem/what-is-a-blockchain-bridge/)|⚠️ Same as Stax| |**Privacy Usage**|✅ No registration, no telemetry, App works offline|❌ Requires Ledger ID login + App telemetry|❌ Same as Stax| |**Web2 Login (FIDO)**|✅ Supports WebAuthn / FIDO2 security key|❌ Not supported|❌ Not supported| |**Attach to PIN (Hidden Wallets)**|✅ PIN can be bound to hidden wallet paths|❌ Not supported|❌ Not supported| |**Multisig Compatibility**|✅ Compatible with Safe / Squads / Sparrow|❌ Not supported|❌ Not supported| |**Ease of Interaction**|✅ [Turbo Mode](https://help.onekey.so/articles/11863822)(Streamlined signing, quicker approvals)|⚠️ Basic Interaction|⚠️ Basic Interaction| |**Packaging & Firmware Security**|✅ Dual tamper-proof seals + firmware signature check + activation verification|❌ No open verification, no activation check|❌ Same as Stax| |**Industry Backing**|✅ Backed by [Coinbase](https://www.coinbase.com/ventures/portfolio) & [Binance Labs](https://www.yzilabs.com/blog/yzi-labs-invests-in-onekey-to-enhance-global-crypto-security-with-affordable-self-custody-solutions)|✅ Well-known brand, widely adopted|✅ Same as Stax| |**WalletScrutiny Verified**|✅ Passed all 10 tests|❌ Not verified (closed-source firmware)|❌ Not verified (closed-source firmware)| |**Price**|💰 $278 (flagship tier)|💰 $399+ (premium design-focused)|💰 $249 (compact E Ink model)| **Key Takeaways** • OneKey Pro offers unmatched wireless cold wallet features with AirGap and wireless charging. • OneKey Pro is fully open-source, enhancing user sovereignty and trust. • Ledger's closed-source firmware raises privacy concerns compared to OneKey Pro. • OneKey Pro supports a wide range of assets and multi-chain compatibility. • Pricing makes OneKey Pro a more value-driven choice compared to Ledger's offerings.

There is a warning on the SPX6900 swap on Uniswap which leads to this page: [https://support.uniswap.org/hc/en-us/articles/8723118437133-What-are-token-warnings?product\_link=web](https://support.uniswap.org/hc/en-us/articles/8723118437133-What-are-token-warnings?product_link=web) It seems it is probably due to a false flag from Blockaid. I know many Aeons are raising cases with Uniswap but I think we should also be filing claims with Blockaid here (I already did): [https://report.blockaid.io/mistake](https://report.blockaid.io/mistake) EDIT: NEVER MIND! Blockaid quickly replied "We’ve reviewed the address you submitted and can confirm that it does not show any malicious flags on our end. The “SPX is not available” warning you’re seeing on Uniswap originates from their platform, so we recommend reaching out to them directly for further clarification."