Advisories
Coordinated disclosure, made public.
Numbered advisories for vulnerabilities affecting smart contracts, wallets, RPC providers, bridges, and node software. Subscribe via Atom or JSON feed.
0xCERT-2026-0142
2026-05-22
Reentrancy via fallback in cross-chain settlement adapter
An unchecked external call in a widely deployed settlement adapter allows attacker-controlled tokens to re-enter and double-spend settlement messages. Patched in v2.4.7.
0xCERT-2026-0141
2026-05-19
Front-end takeover of a top-50 DEX via compromised CDN bucket
Attackers replaced bundle.js to inject a wallet drainer for ~3.5 hours. Affected users were re-routed to a malicious permit2 signer. IOCs published.
0xCERT-2026-0140
2026-05-15
Phishing campaign abusing legitimate ENS subdomains
Coordinated phishing campaign using purchased ENS subdomains pointing to drainer kits. Domain list distributed to wallet vendors.