TL;DR
Zero CISOs at the wheel: Six crypto neobanks raised $200M this quarter, yet none have hired security leadership.
AI for Formal Verification: Vitalik argues that AI-assisted bug finding doesn't kill trustless systems; it makes formal verification cheap enough to secure core logic.
Major Drains: Over $23M lost across the Verus-Ethereum bridge ($11.58M) and THORChain ($11M), plus a $440k prompt injection attack on Bankr's AI agent.
Policy Pushback: Consensys formally challenged the FDIC’s GENIUS Act stablecoin draft, arguing against broad bans on yield and broker-dealer treatment for self-hosted wallets.
AI Exploitation Benchmarks: New research (ExploitGym, ExploitBench) shows models like GPT-5.5 successfully chaining exploits for arbitrary code execution on real browser engines and kernels.
Subscribe
Six Crypto Neobanks Raised $200M in 90 Days None Have a CISO
QuillAudits reports that six crypto neobanks collectively raised $200M in under 90 days in early 2026, yet none has appointed a Chief Information Security Officer. The piece argues that security leadership is being treated as optional infrastructure at the precise moment these platforms are accumulating the largest attack surfaces in Web3's history. (QuillAudits)
Vitalik Buterin on AI-assisted Formal Verification for Ethereum
Vitalik Buterin’s May 18 essay treats formal verification as machine-checkable mathematical proofs, often written in Lean alongside low-level implementations such as the evm-asm RISC-V EVM project. He argues AI lowers the cost of generating code and proofs together, which makes end-to-end verification more practical for STARKs, ZK-EVMs, post-quantum signatures, and consensus. The post rejects the idea that better AI bug-finding makes trustless systems impossible, but stresses limits: wrong specifications, partly unverified components, and hardware side channels. His model is a small, heavily verified secure core with sandboxed, higher-risk edge software around it.
I have a much more optimistic take, and AI-assisted formal verification is a major part of the reason why:
vitalik.eth.limo/general/2026/0…
Runtime Verification: The Risk of Open Source Code and What History Still Teaches
Runtime Verification revisits historical open source vulnerabilities to argue that lessons from well-known past incidents remain underapplied in modern Web3 development. The piece contends that dependency risk and supply chain exposure are systemic properties of open source ecosystems, not one-off events, and that formal verification offers a structural answer to a structural problem. (runtime verification)
Stacy Muur Expands On Practical Web3 Security Tooling
Stacy Muur quoted Faycy_crypto's “50+ security tools” list and added her own stack: Safe multisig, Etherscan’s approval checker, Tenderly simulation, Token Sniffer, ishoneypot, GoPlus, Chainabuse, DeFi scanner, Blockaid, and Blowfish (now part of Phantom). (Stacy Muur on X)
ChainPatrol: 10 Essential Security Practices for Web3 Users in 2026
Umar Ahmed of ChainPatrol catalogues 10 security practices Web3 users should adopt in 2026, covering wallet hygiene, phishing recognition, hardware key use, approval management, and the emerging threat of AI-assisted social engineering. The piece is framed around the observation that attacks on crypto users have matured into a structured industry with tooling, playbooks, and measurable returns on investment for attackers. (ChainPatrol)
Fireblocks Powers Agentic Payments Future for PSPs and Fintechs
Fireblocks' product update introduces an Agentic Payments Suite designed for payment service providers and fintechs. The announcement reflects the company's view that AI agents are already transacting on users' behalf across real financial rails, and that infrastructure for autonomous wallet-connected agents must be purpose-built rather than adapted from existing custody tools. (Fireblocks)
Elliptic Integrates With Kaia to Reach 250 Million Users Across Asia
Elliptic announced on May 20 an integration with Kaia — the blockchain powering KakaoTalk and LINE's Web3 applications — bringing Elliptic's transaction monitoring and compliance tooling to a network that serves approximately 250 million users across Asia. The partnership extends Elliptic's footprint into a consumer blockchain segment that has historically operated with limited compliance infrastructure. (Elliptic)
LayerZero Publishes KelpDAO Post-mortem with Mandiant and CrowdStrike
LayerZero completed a post-mortem on the April 18 KelpDAO rsETH incident with Mandiant and CrowdStrike, publishing an executive summary and full report. The company describes working with hundreds of partners over four weeks to review DVN and RPC posture, attributes the operation to DPRK-linked TraderTraitor (UNC4899), and argues the core protocol was not exploited while 1-of-1 DVN setups created unacceptable risk. (LayerZero)
Community Pushback on LayerZero's Report
Kelp and researchers dispute that 1-of-1 DVN was Kelp’s reckless choice alone; LZ previously admitted fault for allowing its DVN as sole verifier for high-value apps; ~47% of OApps reportedly shared 1-of-1 DVN; open question whether Kelp downgraded from 2-of-2. (CoinDesk, LayerZero, OAK)
Bankr AI Agent Drained via Prompt Injection on Base
The AI-powered crypto trading platform Bankr on Base suffered a social engineering attack via prompt injection, using malicious Morse code inputs to trick the Grok-powered agent into executing unauthorized transactions. Fourteen user wallets were compromised, with approximately $440,000 stolen. Bankr suspended affected functionality and pledged full reimbursement from its treasury. (SlowMist)
Verus–Ethereum Bridge Drained for $11.58M
Blockaid said its exploit detection system flagged an ongoing drain on the Verus–Ethereum bridge at roughly $11.58M. PeckShield sized the take at 103.6 tBTC, 1,625 ETH, and 147,000 USDC swapped into about 5,402 ETH sitting in 0x65Cb8b128Bf6e690761044CCECA422bb239C25F9. PeckShield also flagged abnormal outflows to Verus from bridge contract 0x71518580f36FeCEFfE0721F06bA4703218cD7F63. Investigators describe a source–destination economic binding gap: exports can commit to payout data without matching reserves, in the same class as Wormhole and Nomad-style failures. Blockaid has pointed to missing source-amount validation in checkCCEValues as a fix. (Blockaid on X)
THORChain Pauses After $11M Asgard Vault Drain
TRM Labs reported that an attacker drained more than $11M from THORChain in a single coordinated event across at least nine chains: Bitcoin, Ethereum, BSC, Base, Avalanche, Dogecoin, Litecoin, Bitcoin Cash, and XRP. That figure is slightly higher than the ~$10.7M–$10.8M cited elsewhere because TRM counts additional native-chain outflows, not only the BTC/ETH/BNB/Base bundle ZachXBT and PeckShield highlighted first. (TRM)
TrustedVolumes Loses $5.87M to Broken Authorization Check
A permissionless signer function and broken authorization check in TrustedVolumes' closed-source RFQ swap proxy contract allowed an attacker to drain $5.87 million in a single transaction. The team had not posted publicly in over a year prior to the incident. 1inch confirmed its protocol and user funds were unaffected. A bug bounty line remains open. (Rekt)
Transit Finance Loses $1.88M via Deprecated 2022 TRON Contract
The stolen funds are currently sitting in the following address in $DAI: 0x8a634DfA2609358849D7D65FFA270C8A57a8abA5
Official Follow Up from Transit
Transit AnnouncementRegarding a recent incident related to historical legacy risks, we would like to share the following update:
Cause of the IncidentThe issue was related to an early-version smart contract previously deployed on TRON. Although this legacy contract had
Total 2026 hack events: 115
The total amount of money lost this year: $865,071,984
Consensys Urges FDIC to Narrow GENIUS Act Stablecoin Rules
Consensys filed its formal FDIC comment on payment stablecoin rules under the GENIUS Act, alongside earlier OCC and Treasury filings on state “substantial similarity.” Bill Hughes’s team argues the draft overreaches on yield: a rebuttable presumption against “related third parties” would ban ordinary distribution and brand deals Congress left out of the statute, and Consensys proposes a four-part agency test instead. The letter asks the FDIC to keep non-custodial wallets outside broker-dealer treatment when users earn DeFi protocol yield on their own, preserve supervisory discretion (including multi-brand issuance) rather than cliff-edge mandatory penalties like the OCC draft, and use technology-neutral definitions for ledgers and smart contracts while judging cross-chain stablecoins by the holder’s legal claim, not the bridge mechanism. Consensys frames the comment as the opening move in a decade-long federal stablecoin framework.
This filing, alongside our OCC and Treasury comments, marks the start of a broader conversation with federal banking agencies on getting the GENIUS Act rules right.
Consensys files comment on FDIC's GENIUS Act proposal | Consensys
Consensys files new comment letter on the FDIC's proposed GENIUS Act rule, addressing yield prohibitions, non-custodial wallet carve-outs, supervisory discretion, and crosschain definitions.
Foundation Devices Raises $6.4M for Passport Prime and AI Authorization
Foundation closed $6.4 million led by Fulgur Ventures with Arche Capital, bringing total funding to $16.5 million, and opened general sales for Passport Prime plus wider KeyOS SDK access. The pitch is hardware-enforced “human authority” for high-stakes decisions, including AI agent authorization, beyond Bitcoin custody alone. (Foundation)
Cycles Raises $6.4M Seed for Private Crypto Clearing
Cycles raised $6.4 million led by Blockchange Ventures, with Coinbase Ventures, Compound VC, and Primitive Ventures, to net obligations across venues before settlement. The pitch is collateral stuck across exchanges and OTC desks. Security work shifts toward clearing membership, surveillance, and settlement finality rather than on-chain bridge logic alone. (Cycles)
ExploitGym Tests Whether Agents Can Turn PoVs into Working Exploits
The ExploitGym gives agents proof-of-vulnerability inputs and asks for flag-capturing exploits across 898 real-world instances in userspace, Google's V8 JavaScript engine, and the Linux kernel. With standard defenses off, Claude Mythos Preview with Claude Code solved 157 instances and GPT-5.5 with Codex CLI solved 120 within two hours; turning defenses on cut rates but did not eliminate wins. (arXiv)
ExploitBench Ranks LLMs on Browser-engine Exploitation
ExploitBench scores models on a ladder from crashing WebAssembly bugs through arbitrary code execution on V8-class targets. Only GPT-5.5 reached full arbitrary code execution on one public Wasm bug under the primary setup; a non-public Mythos Preview reference hit that bar on 18 of 41 bugs. Wasm type-confusion progress is ahead of JIT compiler cases, a useful split when prioritizing which engine bug classes still resist automated chaining. (arXiv)