A series of exploits this spring combined protocol governance failures, supply‑chain compromises and social engineering to drain substantial cryptocurrency holdings.

Drift protocol multisig exploit

Drift protocol lost funds after a paper multisig process enabled an unauthorized admin transfer and subsequent asset extraction.

An original signer created a new multisig and initiated an admin transfer while not joining the new key set.

The replacement required 2/5 signatures and had a zero-second timelock, allowing immediate execution after two approvals.

One insider approved the change and a hacker provided the second signature, enabling immediate control of admin privileges.

The attackers then minted a worthless token, inflated its valuation to $480 M, and leveraged it to borrow $270 M.

Comments on the incident list the specific assets taken and outline the sequence of transfers used to withdraw funds.

Supply‑chain compromise via Axios maintainer

A maintainer account for the Axios library was compromised, and malicious code was injected into an official package update.

Projects that update may inadvertently expose private keys, and investigators report initial victims while the attack continues to spread.

The incident illustrates a supply‑chain risk where dependency trust and single maintainer credentials create systemic vulnerability.

8662 ETH wallet breach

A wallet holding 8662 ETH was emptied through social engineering that targeted the owner rather than exploiting on-chain code.

After the theft, funds moved via THORChain, a cross‑chain liquidity protocol without KYC, and ultimately appeared on HitBTC.

Hong Kong victim lost $840 000

A 66-year-old Hong Kong resident lost a total of $840 000 across three separate payments to scammers.

The victim first invested funds, then paid for a promised refund, and later sent money for a supposed double compensation.

Police describe the pattern as a multi-stage extortion scheme where scammers disappear immediately after receiving transfers.

Chainalysis to integrate blockchain AI agents

Chainalysis plans to integrate blockchain-based AI agents into its platform to enable users to conduct their own investigations.

The company says these agents will assist analysts by automating common tracing tasks while preserving on-chain evidence trails.

Combined incidents highlight governance, supply‑chain and human factors as primary risk vectors for cryptocurrency holders.