Connect with us

Financial

BonkDAO Loses $20M in BONK Token Governance Attack

Published

on

Solana’s most recognized memecoin community woke up to a serious problem on July 6. BonkDAO confirmed through its official X account that a governance attack had drained an estimated $20 million worth of BONK tokens from the protocol’s treasury — the first major security incident in the project’s history since its December 2022 launch.

The mechanics were straightforward and damaging. An attacker exploited BonkDAO’s proposal system to push through a fraudulent governance proposal, authorizing a treasury withdrawal. Once the transaction was approved on-chain, there was no reversing it. The stolen BONK began moving toward exchanges immediately, where it could be converted into other assets before any coordinated response was possible.

How the Attack Played Out

Governance attacks of this type exploit a vulnerability that exists in almost every DAO structure — the proposal and voting mechanism itself. Rather than cracking smart contract code, the attacker worked within the system’s own rules, submitting a proposal designed to authorize fund access and seeing it through to execution. The specifics of how the fraudulent proposal cleared the protocol’s approval thresholds haven’t been fully disclosed, but the outcome was unambiguous: an on-chain transaction approved by the governance system drained a significant portion of the treasury.

Once the stolen tokens hit exchange wallets, they created immediate sell pressure. A stolen asset moving toward a liquid market in large size rarely produces orderly price action — and BONK’s response confirmed that. The token fell more than 9% on July 6 as the attacker’s wallets pushed supply onto exchanges without any buyer-side activity large enough to absorb the volume.

Upbit Suspends BONK Deposits and Withdrawals

South Korean exchange Upbit posted a notice on July 6 confirming it had temporarily suspended all BONK deposits and withdrawals in response to the incident. No timeline was given for when access would be restored. The suspension is a standard precautionary measure — exchanges typically halt a token’s deposit and withdrawal functionality when large volumes of potentially stolen funds are known to be circulating toward their wallets, both to protect users and to comply with any law enforcement requests that may follow.

For BONK holders using Upbit as their primary venue, the suspension adds an operational headache on top of the price decline — an inability to exit, hedge, or add to positions through that platform until normal service resumes.

Where Recovery Efforts Stand

BonkDAO confirmed it has notified law enforcement and is working with relevant parties to identify the attacker and recover the stolen funds. No specific details were offered on the progress of that process, which is typical at this stage — public disclosures during active investigations tend to be limited to avoid interfering with recovery efforts or alerting the attacker to specific tracing activity.

The reality of governance attack recoveries in crypto is sobering. When stolen funds move to exchanges quickly and are converted into other assets, the trail fragments rapidly. Recovery depends heavily on exchange cooperation in freezing accounts, on-chain analytics firms tracing wallet flows, and law enforcement moving faster than the attacker can launder the proceeds.

BONK launched in December 2022 through one of the more memorable community airdrops in Solana’s history, distributing tokens broadly to Solana NFT holders and developers at a time when the broader crypto market was reeling from the FTX collapse. It subsequently built genuine trading volume, secured exchange listings across major platforms, and was included in several crypto ETFs — a trajectory that made it one of the more legitimate memecoin projects in the space.

The July 6 attack doesn’t erase that history. But it exposes a governance infrastructure gap that the community will now need to address directly — because a treasury that can be drained through a fraudulent proposal is a structural risk that persists until the mechanism is redesigned.

Continue Reading

Blockchain

Upbit to List OpenGradient (OPG) for KRW Trading on July 7

Published

on

OpenGradient is heading to one of the most influential crypto markets in the world. South Korean exchange Upbit has confirmed it will list OPG for trading against the South Korean won, with the OPG/KRW pair going live at 6:30 a.m. UTC on July 7. Deposits and withdrawals will open shortly before trading begins.

For a token that’s already had a strong few weeks following its Binance listing and trading competition, a Upbit KRW listing adds a different dimension entirely — one that has historically produced some of the most aggressive price moves in the crypto space.

Why a KRW Pair Is Different From a Standard Listing

Most exchange listings open USD or USDT pairs, giving traders stablecoin-denominated exposure. A KRW trading pair on Upbit is a fundamentally different kind of listing. South Korea has one of the most active and concentrated retail crypto markets globally, and Korean won pairs on Upbit connect a token directly to a buyer base that operates with its own sentiment cycles, its own liquidity dynamics, and a well-documented history of premium pricing relative to global averages.

The so-called “Kimchi premium” — where tokens on Korean exchanges trade above international prices due to local demand dynamics — doesn’t appear on every listing, but it appears often enough that traders globally watch Upbit’s new additions closely as leading indicators of near-term price pressure.

What OPG’s Upbit Listing Signals Regulatorily

South Korean financial regulators have significantly tightened their oversight of digital asset listings over the past two years. Exchanges operating in Korea are required to conduct thorough due diligence on any token before it goes live — covering the project’s team, technical documentation, token distribution, and risk factors. A listing on Upbit is therefore not just a commercial decision but a regulatory signal: OpenGradient has cleared a review process that filters out a meaningful percentage of projects that apply.

For a relatively recently launched AI infrastructure token, that kind of regulatory validation in a major jurisdiction adds a layer of credibility that secondary exchange listings on less regulated platforms can’t replicate.

OpenGradient’s Position Going Into the Listing

The timing of the Upbit listing is notable. OPG recently completed a Binance Alpha listing alongside a 3 million OPG trading competition that drove a 357% single-day volume spike. That event introduced the token to a global retail audience. The Upbit listing now channels a concentrated, highly engaged Korean retail market into the same asset — with the listing date of July 7 coinciding with today’s date, meaning price discovery is beginning right now.

As a reminder of what OpenGradient is building: the protocol hosts over 4,500 AI models and has processed more than 2 million verifiable AI inferences, using zero-knowledge machine learning proofs and trusted execution environments to deliver verifiable on-chain AI computation. OPG serves as both the utility token for inference requests and the governance asset across the ecosystem — backed by a16z Crypto and Coinbase Ventures.

Only around 19% of the 1 billion total OPG supply is currently circulating, meaning the token carries significant future supply considerations that traders entering around this listing should factor into their positioning. New listings on high-volume Korean exchanges typically see elevated volatility in the first few hours as global arbitrageurs and local retail buyers simultaneously discover price equilibrium.

Traders should monitor the OPG/KRW pair closely at the 6:30 a.m. UTC open and watch for spread dynamics between Upbit and other venues where OPG already trades.

Continue Reading

Crypto

Tria Launches Tria FC, Turning the World Cup Into a Live Financial Experience

Published

on

Most financial companies treat the FIFA World Cup as a marketing opportunity — a backdrop for sweepstakes, giveaways, and branded campaigns designed to capture attention during one of the world’s most-watched events. Tria is doing something structurally different.

The self-custodial neofinance platform launched Tria FC on June 16, a tournament-length prediction competition built directly into the Tria app that runs through the World Cup final on July 19. The product integrates match predictions with real financial activity — card spending, trading, referrals — and ties all of it to a live leaderboard and a $15,000 prize pool.

The distinction matters. This isn’t a raffle attached to a sporting event. It’s the sporting event embedded into the financial product itself.

How Tria FC Actually Works

Users earn Tria Points through two parallel tracks: predicting match outcomes correctly and engaging with the Tria ecosystem through everyday financial activity. That dual structure is deliberate — the competition is designed so that prediction accuracy alone isn’t enough to reach the top of the leaderboard. Participants must meet a minimum points threshold generated through platform activity to qualify for the major prizes.

The $15,000 prize pool is distributed across three categories: overall leaderboard rankings, most correct match predictions, and a social sharing competition. The tiered structure gives different types of users — active traders, frequent card spenders, and community sharers — a meaningful path to rewards based on how they already use the platform.

Tria FC runs alongside Season 3 of the company’s broader rewards program, which includes Mystery Boxes, referral incentives, membership tiers, and enhanced cashback for Tria Card holders. The World Cup competition adds a time-limited engagement layer on top of a rewards structure that was already running.

What Neofinance Looks Like in Practice

Tria co-founder Vijit Katta framed the launch around a simple observation — that financial companies have historically treated major sporting events as marketing backdrops rather than product opportunities. Tria FC is the argument that those two things don’t have to be separate.

The broader category Tria is building toward is what it calls neofinance — a unified platform that combines trading, payments, yield, spending, and rewards under a single self-custodial experience. Users retain control of their own funds and private keys throughout, which separates it from the traditional neobank model where the platform holds assets on the user’s behalf.

The World Cup is a useful forcing function for that vision. It concentrates user attention, creates a natural reason for daily app engagement over a five-week window, and generates the kind of social competition that tends to drive referral activity organically. All three of those dynamics feed directly into the platform metrics that matter for a growing neofinance ecosystem.

A $15,000 prize pool against the backdrop of billions of viewers may sound modest in isolation. But as a product launch — one that demonstrates how financial activity and entertainment can be woven together without separating the user from their assets — Tria FC makes a clearer case for what the platform is building than any marketing campaign would.

The competition runs through July 19 and is available to eligible users through the Tria mobile application.

Continue Reading

Crypto

Zcash: Anthropic’s Claude Mythos Detects No Major Flaw After Requested Audit

Published

on

For a few tense days, Zcash faced the kind of uncertainty that rattles even seasoned crypto holders. A serious vulnerability had been uncovered in its privacy infrastructure, triggering an emergency response from developers and raising uncomfortable questions about the protocol’s integrity. The mood has since shifted considerably — and for good reason.

An audit requested by Shielded Labs and conducted by Claude Mythos, Anthropic’s AI model specialized in identifying complex software vulnerabilities, found no additional major flaws in the Zcash protocol. For a privacy-focused network where trust is the entire value proposition, that outcome matters enormously.

How the Vulnerability Was Found

The story starts with independent researcher Taylor Hornby, who — with the assistance of Claude Opus 4.8 — identified a critical flaw in Zcash’s Orchard private pool. The vulnerability had been sitting dormant for roughly four years before being discovered. Its potential consequences were severe: if exploited, it could have allowed an attacker to mint an unlimited quantity of counterfeit ZEC within the Orchard pool, entirely undetected.

Zcash founder Zooko Wilcox didn’t downplay the severity. He confirmed publicly that the flaw represented a genuine threat to the protocol’s monetary integrity, while also noting — critically — that no exploitation had been detected on the main network. No ZEC was illegally created, and user privacy remained intact throughout. Developers moved quickly, temporarily suspending Orchard transactions before deploying a corrective patch.

The AI Audit That Followed

Once the patch was applied, Shielded Labs commissioned a comprehensive follow-up audit — less emergency surgery, more thorough post-operative review. Claude Mythos was the tool of choice. The result: no other serious vulnerabilities identified in the Zcash protocol.

Wilcox acknowledged Anthropic’s contribution publicly, thanking the team for its role in protecting network security. He also confirmed that security reinforcement work was continuing methodically, without any rushed decisions that might introduce new risks.

The scope of what Mythos is capable of is itself worth noting. Anthropic has indicated the model has identified more than 10,000 critical vulnerabilities across software considered strategically important to global digital infrastructure — a number that speaks to both the power of AI-assisted code review and the sheer scale of vulnerabilities quietly embedded in widely used systems.

The Double-Edged Sword AI Represents for Crypto Security

The Zcash episode arrives in the middle of a much larger conversation about what AI means for cybersecurity in crypto. The same capabilities that allowed Claude Opus 4.8 to help discover this flaw — and Claude Mythos to verify the protocol afterward — are equally available to malicious actors looking to find exploitable weaknesses before defenders do.

Mitchell Amador, CEO of Immunefi, has described the proliferation of advanced AI models as shifting the cybersecurity playing field toward attackers, warning of a “vulnerability apocalypse” that is driving a resurgence of DeFi hacks. The data gives that warning real weight. According to DefiLlama, crypto hacks reached $634 million in April alone — the worst single month recorded since the Bybit attack in February 2025.

For Zcash specifically, the outcome of this audit is a meaningful positive. The vulnerability was found, patched, and independently verified before any damage occurred. That’s the best-case scenario for a privacy protocol facing this kind of discovery. Whether the broader industry can keep pace with AI-assisted attackers using the same tools in the opposite direction is a question that has no clean answer yet.

Continue Reading

Trending