Defimon Alerts

💬 Onchain Message: Hi - 324 ETH redeemable via Opyn v2 Controller (0x4ccc2339f87f6c59c6893e1a678c2266ca58dc72). You hold oWETHUSDC/WETH-22JUL22-1400C oTokens. Call operate(Redeem,...) - URGENT, pool only has ~379 ETH and others draining. Verify https://t.co/QCPf7ePWkU. -researcher https://t.co/Tm3Yk8WQCN

💬 Onchain Message: This message is directed at the individual responsible for the recent vsdCRV exploit. Law enforcement and on-chain tracking firms are involved in this matter, and significant identification data have been gathered. Stake DAO Association offers you the opportunity to return 35.021 ETH to 0x5DA07af8913A4EAf09E5F569c20138b658906c17 on Ethereum, and keep the remainder as a 20% white-hat bounty. At reception of the funds, Stake DAO Association will drop civil charges and pursuits. This offer is valid for 72 hours (until June 4th 2026, 5:00:00 PM UTC). Should you want to reach out, you can do it via Blockscan Chat to this address, which natively verifies wallet ownership. https://t.co/55FtPjOEXk

💬 Onchain Message: To the individual responsible for the Alephium bridge exploit: We are prepared to treat this incident as a white hat disclosure under the following terms: 1. Return 90% of the drained assets to: 0x238640C0F74A95485e986Fa26D434fF7B216D058 within 72 hours of this message. 2. You may retain 10% of the returned assets as a white hat bounty. Upon receipt of the 90%, Alephium will consider the matter resolved and will publicly acknowledge your cooperation. Contact [email protected] with a message signed by one of the addresses involved in the exploit for further communication. We would prefer to resolve this matter quickly and cooperatively for the benefit of affected users. Alephium Team https://t.co/neFjYBp0uQ

🚨 LegendaryMoneyMon (MON) - Loss ~$85.5K (2026-05-28) Token: $MON (Moneymon) — swapped out to USDT MC: micro-cap (500K MON total supply, illiquid PancakeV3 pool) Type: Broken Signature Verification / Uninitialized Admin LegendaryMoneyMonNft.cliamRewred() relies on verify() which checks recoverSigner(...) == admin. The contract's admin is set to address(0), so ecrecover returning 0 on any malformed signature passes the check. Attacker called cliamRewred with a junk signature (v=27, r=s=0), drained 24,306 MON from the NFT reward contract, and swapped them via PancakeV3 SwapRouter for ~85,519 USDT. TX: https://t.co/4Td2ps5d06 Victim: https://t.co/TkOFMrVf9U Token: https://t.co/N99BCh5mMU

💬 Onchain Message: Security researcher here. Your MEV bot (proxy 0x8A1Ba3d) extracted 0.297 WETH from my swap on 2026-05-27 (tx 0x5fbe7638). I have fully decompiled your implementation (23K bytes, Solidity 0.8.34) and analyzed all 5 helper contracts. Your V3 callbacks lack CREATE2 validation but the tload(0) guard saves you. Requesting good-faith return of funds to 0x4056ebdCdD0D8b9Fe04F9ef918A948369f154a37. Happy to discuss a bounty arrangement for the vulnerability report. Contact: send 0-value tx back to my address with your preferred comm channel. https://t.co/O8tBwbSJRX

🚨 Fractal Protocol - Loss ~$13.7K (2026-05-22) Token: $USDF (receipt token, no liquid market) TVL: $97.27K (pre-hack) Type: Logic Error / Price Manipulation Attacker (0xe2acec13) used an Aave V3 USDC.e flash loan, looped through a chain of Balancer V2 batchSwap callbacks, and recursively hit Fractal's Vault deposit (0xb6b55f25) / withdraw on 0x80e1a981 (impl 0x038c8535) and the USDF receipt token 0xae48b7c8 (impl 0xf8a13864). Each callback minted USDF at the configured tokenPrice and burned it back, extracting ~$13.7K of USDC.e from the vault by exploiting the deposit/withdraw accounting (tokenPrice/share-rounding) inside the recursive Balancer→Vault flow. Vault uses a fixed daily-accrued tokenPrice (~1.27 USDC/USDF) with only a 30-day catch-up in _compute(), and no proper invariant check between depositAmount and withdrawalAmount across re-entered swap callbacks. TX: https://t.co/pCRvQDEOJ1 Victim Vault: https://t.co/mx01V2SGNh USDF Token: https://t.co/cfhgYLH6vn

💬 Onchain Message: To the Verus<->Ethereum Bridge Exploiter: Members of the Verus community and its developers have discussed a set of terms, detailing the size of the bounty, obligations from your side and ours, and how the funds can be returned. 1. We have agreed that the bounty amount will be 1350 ETH. If you adhere to these terms, we will consider these 1350 ETH a reward for your exposing of a vulnerability, and we would publicly request to all interested parties that the 1350 ETH be considered your legitimate bounty. 2. If the funds are returned to the address 0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74, minus 1350 ETH, meaning a total return of 4052.4 ETH within 24 hours after this post, Verus community members and developers, and everyone we currently know to be involved in investigating the event, will halt any existing investigations into you to the best of our ability, and we will not press charges or pursue extralegal consequences. We will consider the address that holds 1350, either as change or if still in the source as the bounty address. If you return a total of 4052.4 ETH to the address 0xF9AB28cB7b72B518e6a351FbdaBe69362cBC1A74 within the 24 hours specified above, we will understand that as your agreement to these terms, and we will uphold our stated agreement to cease further investigation into you, not initiate new investigation of you, not press charges, and not seek additional consequences. We will also post a public acknowledgement, referencing the 1350 ETH and publicly state that we consider those funds to be your bounty. If further communication is required to come to an agreement, please refer to the following contact points, as mentioned in previous messages: email: [email protected] z-address on Verus (for encrypted memo communication): zs1wl6e6qe8z8n8t8jp4qxek5ey53t9xajzwxc75gj72wrcwuq6ha4mdg0v8p6z8wpkz2fhxrqlayc To verify the authenticity of this offer, you can also see the same message posted on the Verus discord in the announcements channel, and on the Verus community's X account at https://t.co/VIFHskjOzO. https://t.co/hGjZ4JK7m5