BlockThreat - Week 8, 2026

Thirteen incidents resulted in more than $17M in losses this week. The biggest losses came from a market manipulation exploit of YieldBlox on Stellar (~$10.86M) and the $4.4M IoTeX ioTube bridge hack. Detailed root cause analysis and postmortems are in the Hacks section below.

This week I published a deep dive report on Defending DeFi in the Age of AI Offensive Tooling, focused on front running the bad security decisions panicked DeFi projects and audit firms are already making in response to AI. I highly recommend adopting these ideas in your security programs and audit workflow.

Before we dive into the latest incidents, phishing techniques, research, and AI auditing skills, let’s start with five trends you need to watch. This week alone we saw an emerging supply chain attack hit at least four DeFi projects, multiple rare compiler and consensus bugs surface across major ecosystems, and continued evidence that attackers are successfully using newer AI powered exploitation tooling against weaker targets. If you are responsible for audits, monitoring, or incident response, these are the trends that watch: