BlockThreat - Week 21, 2026
Another bloody week with 11 incidents and $7.7M stolen. Three attack vectors auditors should be hunting and defenders managing before attackers do.
$7.7M was stolen across 11 incidents this week as the 10+ exploits per week trend from bloody April becomes the new baseline. This edition focuses on one emerging attack vector and two painfully familiar ones that DeFi projects and security auditors be prioritizing immediately. These threats are showing up in multiple incidents this week and giving attackers repeatable paths into protocols that should have seen them coming.
We also cover the latest phishing, malware, and supply chain campaigns, vulnerability case studies for bug hunters, and new security research to help you spot the next failure mode before it turns into another post-mortem.