re @bankrbot hack, ~$170K drained so far, here's my best guess as to what happened (with the help of Caddie) TLDR - multiple Bankr user wallets drained on May 19, 2026. looks like the attacker had direct signing access to Privy-managed embedded wallets — doesn't appear to be an approval exploit or smart contract bug. tokens were transferred out via direct transfer() calls, swapped to ETH, bridged Base → Ethereum mainnet, then distributed across multiple wallets - warning: not 100% certain Hypothesis 1/ Bankr uses Privy as a provider (Privy has sign-in with X) - session keys held on Bankr's backend, private keys compromised - Bankr-bot saying funds are safe isn't reassuring — they're likely just checking balances, unless they know exactly which keys got hit Hypothesis 2/ Privy itself - Privy is rock solid, I don't think it's them. more likely H1 what users should do. err on the side of caution - check your wallet for unauthorized transfers, you can do so on Basescan or using B3OS by talking to Caddie, just copy/paste your wallet into Caddie - report to Bankr Discord - move assets to fresh EOAs when withdrawals enable welcome any/all other theses!

Crazy — another hack just happened! According to @dcfgod, @EchoProtocol_ on Monad was exploited. The hacker: minted 1,000 $eBTC ($76.64M) on Monad; deposited 45 $eBTC ($3.45M) into Curvance; borrowed 11.3 $WBTC ($867K) from Curvance; bridged the 11.3 $WBTC to Ethereum and swapped it for 385 $ETH ($821K); then deposited the 385 $ETH into Tornado Cash to launder the funds. The hacker still holds 955 $eBTC ($73.2M).

Update about the Yuzo Hack: Around 6pm EST Sunday, 141M $NUTKIN tokens were stolen from the @yuzodotxyz liquidity mining rewards pool and swapped for 1.86 BTC. Based on our initial analysis, the incident appears to be related to a compromise of a Yuzo developer’s computer and keys, not a conventional smart contract hack. The staked LP tokens remain safe, but we urge users to withdraw LP tokens from Yuzo’s mining contract. This incident is isolated to Yuzo products. The swap, LP funds, and related BRC2.0 infrastructure are not affected and continue operating safely. We are continuing our analysis and expecting a detailed report from the Yuzo team.