0xCERTReport incident
‹ all advisories
0xCERT-2026-0141High2026-05-19

Front-end takeover of a top-50 DEX via compromised CDN bucket

Attackers replaced bundle.js to inject a wallet drainer for ~3.5 hours. Affected users were re-routed to a malicious permit2 signer. IOCs published.

Published 2026-05-19 · last updated 2026-06-19. Verify advisory authenticity against the 0xCERT PGP key.