Date: June 9, 2026

Affected module: Haedal Vault

Status: Related Vault contracts paused; remediation in progress

1. Summary

On June 9, 2026, the Haedal team detected an unusual liquidity decline across several Haedal Vault pools. As a precautionary measure, the related Vault contracts were paused before the situation further deteriorated while the team investigated the root cause.

The issue was only limited to Haedal Vault. All other Haedal products, modules and assets remain fully secure and unaffected.

The total direct loss is estimated at approximately $915,179 based on asset-by-asset accounting of attacker deposits and Vault withdrawals.

2. Affected Scope

Attacker Addresses

Two attacker addresses were identified:

• 0x15dc1cc8b53774559fb04babc01f91ee540d3a0a928e2135416474cc16b386c1
• 0xbcec4942fe70bbadc211137c617517fcb1d28fba023b78a7e352152b1fd8438e

A total of 206 related transactions were identified from these two addresses.

Related Package Versions

The exploit path involved callable entrypoints across different versions of the Haedal Vault package:

• v1: 0xfbc91f75397ce25b3b1b01cab2bf494d2e3f9b9e89c97545d88bd616cbbfcc37
• v2: 0xc2e2473f27a8c3f6bc398c181c3fe95a23847d53fa89cdf1339bb24086120f58
• v3: 0x4893ee6665ad7b1a83810c16e0151b9500a7296bba85f2571ba9e79115ce1a83

The v3 package was published on December 23, 2025 at 09:23 UTC.

Related shared version object: