DeFi Exploits Mount, BONK Treasury Wallet Deposits to Binance as 2026 Losses Run Below 2025
Key Takeaways
- In the last 24 hours, reported DeFi incidents included losses of $61,300 (FCOW on BSC), $580,000 (DeFiTuna lending pools), and about 1.34 million USDC (Cascade CLS vault).
- The wallet that lawfully acquired 4.426 trillion BONK began selling, sending 1.19 trillion BONK ($4.11 million) to Binance; the address still holds about 3.2 trillion BONK ($10.85 million), raising selling-pressure concerns.
- Despite more frequent attacks in 2026, total losses stood at $1 billion as of July 2026—less than half of the $2.135 billion stolen over the same period in 2025.
DeFi risk stayed front and center over the past day as nearly five different exploits drew attention and a large BONK holder moved to sell on exchange. Reported incidents included losses of $61,300 tied to FCOW on BNB Smart Chain, $580,000 linked to DeFiTuna’s lending pools, and about 1.34 million USDC drained from Cascade’s CLS vault. At the same time, the wallet that lawfully purchased 4.426 trillion BONK from the treasury deposited 1.19 trillion BONK ($4.11 million) to Binance, with roughly 3.2 trillion BONK ($10.85 million) still in the address—activity that has raised concerns about additional selling pressure on the token. Against that backdrop, DeFiLlama data noted that as of July 2026, total losses were $1 billion, less than half the $2.135 billion stolen during the same timeframe in 2025.
Market Movement
Security alerts and on-chain traces dominated market attention. Web3 security firm TenArmor first flagged a suspicious on-chain transaction involving FCOW on BNB Smart Chain that culminated in an estimated $61,300 loss. Separately, DeFiTuna reported that an attacker exploited its lending pools, leading to an estimated $580,000 loss and leaving its USDC pool with a similar deficit; the team said it identified the attack vector and introduced safeguards while the investigation remained ongoing. Cascade disclosed an exploit that affected its CLS vault, with around 1.34 million USDC stolen, according to a warning cited from a blockchain security company.
Post-exploit flows added to risk perceptions. The warning indicated the Cascade attacker bridged the stolen assets from Arbitrum to Solana, then moved them to Ethereum via Relay Protocol and converted them to DAI. Separately, blockchain security researchers observed renewed activity by the Resolv Labs exploiter who stole about $25.9 million in March; in recent hours, this actor moved 580 ETH (about $1.09 million) and used cryptocurrency mixing services to channel the funds.
Beyond exploits, token-specific supply dynamics were in focus. The wallet that lawfully purchased 4.426 trillion BONK (about $21.2 million) from the treasury started selling, sending 1.19 trillion BONK ($4.11 million) to Binance in a move that suggests a possible sale. Despite the outflows, the wallet still holds about 3.2 trillion BONK ($10.85 million). The transfers have raised concerns that more sales and deposits could increase selling pressure on BONK.
Key Levels and Technical Context
The source material did not provide specific price levels or chart-based support and resistance. Instead, the structural focus was on the sizes and directions of flows that can influence order books and liquidity. Three data points stand out for traders monitoring potential supply overhangs and risk transfer:
- FCOW (BSC): an estimated $61,300 loss tied to a yet-unspecified exploit method.
- DeFiTuna lending pools: an estimated $580,000 loss with the USDC pool left with a similar deficit; the team said it identified the vector and implemented safeguards.
- Cascade CLS vault: about 1.34 million USDC stolen, followed by cross-chain bridging and a swap path to DAI as described in the warning.
For BONK, the wallet’s exchange-bound transfer—1.19 trillion BONK ($4.11 million) to Binance—coupled with a remaining balance of about 3.2 trillion BONK ($10.85 million) underscores the immediate and residual supply that could weigh on order books if further deposits occur. The activity has already raised concerns that selling pressure may increase.
Trading Activity and Liquidity
Cross-chain movement by exploiters shaped much of the liquidity discussion. In the Cascade incident, the attacker bridged funds from Arbitrum to Solana, then to Ethereum through Relay Protocol and converted the assets to DAI. These multi-hop flows can complicate traceability and accelerate the distribution of stolen funds across venues and assets, fragmenting liquidity and potentially affecting slippage dynamics when law-abiding market participants rebalance positions or when protocols pause operations during forensics.
On the venue side, exchange deposits from the BONK wallet are a clear signal of potential sell-side activity. The transfer of 1.19 trillion BONK to Binance suggests a possible sale, and the remaining 3.2 trillion BONK in the wallet represents a measurable overhang that market participants are monitoring in case further deposits materialize. While no spot or derivatives volumes were provided, such concentrated holdings and exchange-bound transfers are commonly watched by active traders for their near-term impact on available liquidity and spreads.
On-Chain and Derivatives Data
The developments in the past day were primarily identified via on-chain monitoring and security alerts. TenArmor first reported the FCOW incident on BNB Smart Chain. A warning cited from a blockchain security company outlined the Cascade attack path and subsequent bridging from Arbitrum to Solana and then to Ethereum via Relay Protocol, with conversion to DAI. Researchers tracking the Resolv Labs exploiter observed movement of 580 ETH (about $1.09 million) alongside the use of cryptocurrency mixing services. For BONK, on-chain wallet data showed a 1.19 trillion BONK deposit to Binance and a remaining balance of about 3.2 trillion BONK in the address.
No derivatives positioning, funding rates, or open interest figures were included in the source material. The market read-through here is based on the direction and magnitude of token flows, exchange-bound deposits, and cross-chain movement, all of which are material to short-term liquidity conditions even in the absence of explicit derivatives data.
Why This Matters for Traders
For active investors, three threads tie these developments to trade execution and risk management:
- Protocol-specific risk: The FCOW, DeFiTuna, and Cascade incidents highlight ongoing smart contract and vault risks across chains, including BNB Smart Chain, Arbitrum, and Solana. Even when absolute losses are modest on a per-incident basis, paused functionality, forensic work, or subsequent risk controls can affect access to liquidity and settlement timing.
- Cross-chain settlement complexity: The described bridging path—Arbitrum to Solana to Ethereum via Relay Protocol with conversion to DAI—demonstrates how quickly stolen assets can migrate across ecosystems, complicating recovery efforts and creating uncertainty for protocols and counterparties interacting with affected pools.
- Supply overhang and exchange flows: The BONK wallet’s 1.19 trillion deposit to Binance suggests a possible sale, and the remaining 3.2 trillion holding represents potential future supply. The source explicitly notes concerns that more sales and deposits may soon increase selling pressure on the token.
Broader Market Context
While exploit frequency has increased in 2026, aggregate losses have trended lower relative to last year. DeFiLlama reported $1 billion in losses as of July 2026, less than half the $2.135 billion stolen during the same period in 2025. That aligns with commentary from Haseeb Qureshi, Managing Partner at Dragonfly: “Median hack size by year is also declining, showing that we’re moving more toward smaller hacks of smaller protocols.” Even so, 2025 still remains the year with maximum exploits.
The day’s tally—losses of $61,300, $580,000, and about 1.34 million USDC across three exploits—sits within that broader pattern of smaller but more frequent incidents. For traders, this mix means the headline flow risk remains elevated even as event sizes moderate on average, keeping attention on real-time monitoring of protocol updates, cross-chain bridges, and exchange-bound token movements.
Outlook
Near-term focus rests on three items. First, clarity around the FCOW method on BNB Smart Chain may shape how quickly confidence returns to the token’s users; the exploit method has not yet been made public. Second, DeFiTuna’s investigation continues, with the team noting it identified the vector and introduced safeguards—market participants will watch for any additional disclosures and whether further losses are contained. Third, monitoring of exchange and cross-chain flows will remain front of mind following the Cascade incident and the Resolv Labs exploiter’s renewed movement of 580 ETH (about $1.09 million) through mixing services.
On token supply dynamics, flow watchers will track the BONK wallet’s next steps after the 1.19 trillion deposit to Binance. With about 3.2 trillion BONK still in the address, the source noted concerns that more sales and deposits may soon increase selling pressure. Absent new information, traders will likely continue to treat large, identifiable exchange-bound transfers as near-term signals for liquidity and depth conditions.
At the market-wide level, the DeFiLlama read-through—that 2026 losses total $1 billion as of July 2026 versus $2.135 billion over the same period in 2025—suggests that while vigilance is still warranted, the typical damage per incident has moderated. That view echoes Qureshi’s point about a shift toward smaller hacks affecting smaller protocols. Even so, headline risk from exploits and opportunistic token sales remains an active driver of intraday sentiment until investigations close and wallets stop moving size on exchange.

