Recent Crypto Hacks Expose Platform Vulnerabilities

- The Polymarket exploit stemmed from a flaw in its off-chain and on-chain data synchronization, where attackers manipulated nonces to cancel on-chain transactions while off-chain records still showed them as valid. This allowed the attackers to profit from the bots' exposed positions without risk. - A previous, separate security breach on Polymarket in December 2025 was caused by a vulnerability in a third-party authentication provider, Magic Labs, which allowed hackers to drain user funds even when two-factor authentication was enabled. - The Moonwell protocol loss was attributed to a critical oracle configuration issue that drastically undervalued Coinbase Wrapped Staked ETH (cbETH) at about $1.12 instead of its actual market price of nearly $2,200. This price discrepancy triggered a wave of liquidations, which the attackers exploited. - Scrutiny following the Moonwell incident revealed that some of the vulnerable code had been co-authored by Anthropic's AI model, Claude Opus 4.6, sparking debate about the risks and oversight required for AI-assisted development in DeFi. - In addition to the direct loss of approximately $1 million, the Moonwell hack left the protocol with about $3.7 million in bad debt. - The "stealth" bitcoin address swaps involve a social engineering campaign where users are lured by promises of high-profit arbitrage opportunities on the Swapzone exchange. Attackers trick users into running malicious JavaScript code in their browser, which then swaps the legitimate deposit address for one controlled by the hacker. - This address swapping technique is a novel application of "ClickFix-style" mechanics, which typically target operating systems, to manipulate web pages for direct cryptocurrency theft. The malicious script also alters the displayed exchange rates to create the illusion that the arbitrage scheme is working.