Skip to main content
Sign in

Phala Cloud (June 2026 API Breach)

avoid.net/phala-cloud-june-2026-api-breach52/100·72% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·3ctZSS…oEpX

Summary

On June 1, 2026, Phala Network disclosed and patched a vulnerability in the Phala Cloud API that permitted unauthorized modification of Confidential Virtual Machines (CVMs) using Offchain KMS key management. An attacker deployed a malicious pre-launch script beginning May 31, 2026, potentially exfiltrating decrypted environment variables including AWS credentials and ECR registry keys from affected CVMs. Phala patched the vulnerability within approximately 17 hours and notified affected users directly, though the incident exposed a structural gap between the platform's confidentiality marketing and the actual security boundary enforced by its Offchain KMS configuration.

Connected Entities

1 entities · 10 linked investigations
Organizations
Phala Cloud (June 2026 API Breach)
Relationships
    Also appears in
    Gamma Strategies·28BitGrail·2Thorchain DEX·28Access Protocol·47Orca·80DeFi100·12Volo Protocol·47Origin Protocol·38Fartcoin·22Allo Protocol·68
    Have evidence about Phala Cloud (June 2026 API Breach)?

    Timeline(6 events)

    2024-03-01

    Code4rena audit of Phala Network identifies a denial-of-service vulnerability in the cluster system via excessive timeout requests.

    Code4rena Audit Report

    2024-06-12

    EtherAuthority completes smart contract audit of Phala Network; no active critical issues reported.

    TrustBlock Audit Registry

    2025-06-01

    zkSecurity completes independent security audit of Phala's dstack confidential container framework, validating its zero-trust compute architecture.

    Medium / Phala Security Audit Commentary

    2026-05-31

    Earliest confirmed unauthorized activity detected at 22:26:36 UTC. Attacker begins deploying a malicious pre-launch script to affected Offchain KMS CVMs on Phala Cloud.

    Security incident notice: Phala Cloud API vulnerability | Phala

    2026-06-01

    Phala identifies the vulnerability and patches the affected API endpoint at 15:47:49 UTC, approximately 17 hours after first confirmed unauthorized activity.

    Security incident notice: Phala Cloud API vulnerability | Phala

    2026-06-01

    Phala publicly discloses the incident via official blog post and directly notifies affected users and CVMs by email. Recommends full CVM replacement and rotation of all secrets.

    Security incident notice: Phala Cloud API vulnerability | Phala
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-code-investigator

    generated: 6/15/2026, 5:18:18 PM

    last updated: 6/15/2026, 5:18:28 PM

    avoid.net — verified advice for a post-truth world