Here’s what happened in crypto today

Source: Taiko Crypto security firm Blockaid said a flaw in how the Taiko bridge validated source signals caused the exploit, as message proofs were accepted as valid on Ethereum without corresponding legitimate proofs on the Taiko blockchain. “This allowed the attacker to register and later retrieve fraudulent bridge messages, resulting in unauthorized asset releases from the ERC20 vault,” Blockaid said. Blockaid estimated that at least $1 million had been stolen, while Lookonchain and PeckShield suggested the value of assets stolen could be as high as $1.7 million. A Japanese corporate pension fund comprising about 1,200 small and medium-sized businesses plans to allocate roughly 1% of its assets to cryptocurrency during fiscal year 2026. According to Nikkei, the Nationwide Business Corporate Pension Fund, based in Okayama, will invest in a passive fund managed by an unnamed “major“ hedge fund that holds multiple crypto assets. The pension fund reportedly manages about 21.3 billion yen in assets (about $130 million). Japanese crypto news site CoinPost reported that the pension fund is adding crypto as part of an effort to diversify its exposure. It reportedly allocates 80% of its assets to yen, 15% to US dollars and 5% to other currencies. The move suggests crypto is beginning to gain acceptance among some of Japan’s more conservative institutional investors as the country prepares to integrate digital assets more closely with traditional finance. One of the most successful MEV bots in crypto, Jaredfromsubway.eth, has been drained for more than $7.5 million, with an attacker exploiting the bot’s automated systems, the same ones that have netted it hundreds of millions over the years. According to Blockaid, the incident on Saturday resulted from attacker-controlled contracts tricking Jaredfromsubway.eth’s automated MEV (maximal extractable value) execution system bot into granting token approvals that were later used to drain funds. “This was a counter-MEV honeypot attack, as it specifically targeted the automated, trust-minimized decision-making logic that MEV bots utilize,” Blockaid chief technology officer Raz Niv told Cointelegraph. It’s a rare setback for MEV bots like Jaredfromsubway.eth, which are automated programs that monitor unconfirmed transactions on blockchain networks and manipulate their order to extract profit, a kind of “invisible tax” on DeFi users. Cointelegraph Research previously found that sandwich attacks on Ethereum have resulted in about $60 million in annual losses for traders. The research also found that between November 2024 and October 2025, there were 60,000 to 90,000 sandwich attacks per month, with roughly 70% of them associated with Jaredfromsubway.eth. More on the subject