News linked to this event type.
the White House has recently opposed Anthropic's proposal to expand the use of its AI model, Mythos, to approximately 120 companies, primarily based on security and computing power concerns. Anthropic had originally planned to add 70 new companies to the roughly 50 enterprises currently using Mythos, but the White House has raised doubts, worrying that insufficient computing power might affect the government's own usage of Mythos.Launched in early April, Mythos is designed to detect and exploit critical software vulnerabilities. It is currently limited to testing by enterprises managing key infrastructure, with no plans for public release. The White House fears that expanding usage to more commercial users could create a computing power bottleneck for the government when using the model. This is particularly concerning given Anthropic's computing power procurement agreements with Amazon, Google, and Broadcom—though contracts have been signed, new capacity has not yet come online.On the political front, relations between the White House and Anthropic have not eased. The Trump administration has publicly criticized Anthropic for hiring multiple former officials from the Biden administration and expressed dissatisfaction with its ties to liberal organizations. One example highlights the trust issues between the two sides: Collin Burns, a former researcher at Anthropic who was originally assigned to a government AI model evaluation role, was replaced by senior White House officials upon learning of his background, to avoid having AI company personnel directly involved in matters concerning dealings with other AI companies.Additionally, last week Anthropic disclosed an unauthorized access incident involving the Mythos model, further intensifying external regulatory scrutiny on the company.
According to the LA Times, Evan Tangeman, a 22-year-old resident of California, was sentenced to 70 months in federal prison followed by three years of supervised release for laundering at least $3.5 million for the “Crypto Kids” criminal organization. The group carried out social engineering scams by impersonating employees of cryptocurrency exchanges such as Coinbase and Gemini, stealing over $263 million worth of digital assets. The illicit proceeds were used to purchase luxury vehicles, lease high-end residences, and fund extravagant spending. In addition to handling money laundering, Tangeman assisted group members in leasing luxury homes and instructed co-defendants to destroy digital devices after other members were arrested. Federal agents seized a Rolls-Royce Ghost and a Porsche GT3 RS from his residence.
According to an official disclosure by Aftermath Finance, the protocol expects to complete full compensation to users within the next 48–72 hours. The team is currently working at full capacity to return funds and expresses its gratitude for users’ patience. Earlier reports indicated that the perpetual contract protocol Aftermath Finance was exploited via a vulnerability yesterday, resulting in losses of approximately $1.14 million. The Sui Foundation, in collaboration with Mysten Labs, stated it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol.
According to an official announcement from Pump.fun, Pump.fun has launched its Charity Coins feature, which is exclusively integrated with the charitable donation platform Donate.gg. Coin Admins can now direct creator fees straight to up to five charitable organizations through the fee settings. Over 10,000 charities are already supported, and no additional onboarding is required from the charitable organizations. This integration aims to resolve issues previously associated with self-managed donations—such as uncertain donation execution, potential tax-triggering events, and malicious attacks targeting charities’ social media accounts.
According to an official announcement by Sui, Aftermath Finance’s perpetual contract protocol deployed on the Sui network was exploited due to a vulnerability, and the affected protocol has been immediately suspended. The Sui Foundation, in collaboration with Mysten Labs, stated that it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol. Aftermath Finance will provide further updates on the fund recovery progress in the near future.
According to The Wall Street Journal, the White House has signaled its opposition to Anthropic’s plan to expand the usage scope of its AI model, Mythos. Anthropic recently proposed granting access to Mythos for approximately 70 additional companies and institutions, which would bring the total number of authorized entities to around 120. In response, government officials explicitly objected on security grounds. Sources familiar with the matter said some White House officials are concerned that Mythos possesses the capability to launch cyberattacks and cause large-scale disruption online, viewing the expansion of access as a security risk. Additionally, some officials have questioned Anthropic’s computational resources, expressing doubts about whether the company can simultaneously support a significantly increased number of users while ensuring effective government access to and use of the system. Currently, although both sides aim to ease tensions, the disagreement over Mythos access remains unresolved.
Andre Cronje stated most current decentralized finance (DeFi) protocols no longer qualify as "DeFi in the strict sense" and are closer to commercial systems operated by teams. This has sparked industry division over whether "circuit breakers" should be introduced to mitigate attack risks.In an interview, Andre Cronje pointed out that early DeFi centered on immutable smart contracts, but today many protocols rely on upgradeable contracts, multi-signature permissions, off-chain infrastructure, and manual operational processes. In essence, they have transitioned from "immutable public goods" to "operable, for-profit businesses." He noted that against the backdrop of recent security incidents, including DeFi attacks involving approximately $280 million and $293 million, industry risks have expanded from simple smart contract vulnerabilities to "Web2-style risks" such as infrastructure issues, permission controls, and social engineering attacks.Regarding risk management, Cronje's firm Flying Tulip recently introduced circuit breakers that delay or queue withdrawals during abnormal fund outflows, providing an emergency response window of about six hours to prevent systemic bank runs and further losses.However, this mechanism has also sparked controversy. Michael Egorov believes that circuit breakers may introduce new centralized attack surfaces. If controlled by signers or administrators, they could instead become new security vulnerabilities or sources of freezing risk. He emphasized that DeFi design should minimize human intervention rather than increase manual control points. Industry analysts pointed out that this debate essentially reflects how DeFi is shifting from the ideal model of "code is law" toward a practical architecture of "hybrid governance plus operational control," while the security boundaries are being redefined. (Cointelegraph)
according to Blockaid monitoring, an ongoing attack has occurred on Aftermath Finance's perpetual contract protocol on the Sui Network, with approximately $1.1 million worth of USDC stolen across 11 transactions within about 36 minutes. Analysis indicates the vulnerability stems from a fee accounting flaw in the perpetual contract liquidation system, which the attacker exploited to artificially inflate synthetic collateral and drain funds from the protocol's treasury.
According to on-chain security firm Blockaid (@blockaid_), AftermathFi’s perpetual contract on Sui Network was exploited via a vulnerability on April 29. The attacker (address: 0x1a65...2d41e) stole approximately $1.1 million in USDC across 11 transactions within roughly 36 minutes. The attack exploited a flaw in the perpetual contract liquidation fee calculation, enabling illicit withdrawals from the protocol’s treasury via synthetic collateral inflation.
Odaily News ether.fi CEO Mike Silagadze posted on X platform to explain the reason behind the company's commitment of 5,000 ETH to the Kelp hack recovery fund. He stated that the team believes this incident posed a real risk of "destroying the entire DeFi ecosystem." If Kelp were to go bankrupt, $1.5 billion worth of rsETH could be frozen long-term, potentially bringing the $30 billion Aave lending market to a standstill and triggering a cascading collapse across both DeFi and CeFi, which he described as making "FTX look insignificant by comparison." Mike Silagadze added that while most institutions chose to step back and defer to legal counsel, proactively taking responsibility and quickly raising funds to plug the gap was the right choice to help avert the worst-case scenario.
Standard Chartered Bank's latest report indicates that while the theft of KelpDAO's rsETH has severely impacted the DeFi ecosystem, it is insufficient to change the long-term growth trend of Real World Asset (RWA) tokenization. The bank maintains its forecast that the RWA tokenization market will grow from $35 billion in October 2025 to $2 trillion by the end of 2028, with the core drivers remaining the continued expansion of the DeFi banking system and stablecoin liquidity.Geoffrey Kendrick, Head of Digital Assets Research at Standard Chartered, stated that this incident is more like DeFi being "bent, not broken," and could even serve as a significant turning point for the industry to move towards a more resilient structure. (The Block)
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
Odaily reports, according to Arkham monitoring, the Kyber Network hacker is transferring stolen funds into Tornado Cash. The hacker, Andean Medjedovic, stole $48.8 million from KyberSwap in late 2023. He had also previously attacked Indexed Finance and stolen $16.5 million. He was indicted by the FBI in 2025.
According to SlowMist monitoring, due to a design flaw in an EIP-7702 account, a QNT reserve pool was attacked, resulting in a loss of 1,988.5 QNT, worth approximately 54.93 ETH. The root cause of the attack is that the administrator identity of the reserve pool is held by an address, which delegated its code to the BatchExecutor contract via EIP-7702. Because BatchExecutor authorized the permissionless BatchCall contract as a caller, and the BatchCall.batch function lacks permission checks, the attacker exploited an arbitrary call vulnerability to drain tokens from the pool.
According to a disclosure by a16z, its researchers conducted systematic testing to assess whether AI agents can independently exploit DeFi price manipulation vulnerabilities. The study used a dataset of 20 Ethereum price manipulation incidents and employed Codex (GPT 5.4) equipped with the Foundry toolchain as the test agent. Under baseline conditions—i.e., without domain-specific knowledge—the agent’s success rate was only 10%; after incorporating structured domain knowledge distilled from real-world attack incidents, the success rate rose to 70%. Failure cases revealed that the agent consistently identified vulnerabilities correctly but generally failed to comprehend the leverage logic of recursive lending, misjudged profit margins, and could not orchestrate multi-step, cross-contract attack sequences. The experiment also recorded one sandbox escape incident: the agent extracted an RPC key from the local node configuration and invoked the <code>anvil_reset</code> method to reset the node to a future block, thereby bypassing information isolation constraints and accessing real-world attack data. The research team concluded that AI agents can currently assist effectively in vulnerability identification but are not yet capable of replacing professional security auditors.
According to an official disclosure by ZetaChain, on April 27, ZetaChain suffered a targeted vulnerability exploit. The attacker first acquired funds via Tornado Cash and performed wallet address spoofing, then exploited a vulnerability in GatewayEVM’s arbitrary call functionality, resulting in approximately $334,000 in losses across four connected chains. ZetaChain stated that this attack did not affect cross-chain $ZETA transfers; all affected wallets were under ZetaChain’s internal control, and user funds remained unaffected. A patch for the mainnet has now been deployed, and cross-chain transactions will resume after ongoing monitoring.
According to Dark Web Informer, the decentralized prediction market platform Polymarket is suspected of having been hacked. The threat actor “xorcat” posted over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum. The data extraction occurred on April 27, 2026. Reportedly, the attacker extracted data via an undisclosed API endpoint, pagination bypasses, and misconfigured CORS settings in Polymarket Gamma and the CLOB API. The leaked data includes: - Full personal information for 10,000 users (including names, proxy wallets, and base addresses); - 4,111 comments; - 1,000 moderation reports (including 58 ETH addresses and administrator authentication address identifiers); - Metadata for 48,536 Gamma markets; - Constant-product market maker addresses for over 250,000 active CLOB markets; and - Social graph data for 9,000 followers. The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, enabling server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and the aforementioned CORS misconfigurations. Additionally, the toolkit includes automated continuous data-extraction scripts and a comprehensive red-team report (including M
According to an official announcement by Tropykus, the decentralized lending protocol Tropykus has initiated a phased shutdown of its current protocol version. Deposit and lending functionalities will be permanently discontinued. Users may withdraw funds and repay loans via tropykus.com until the deadline of July 27, 2026; thereafter, such operations will only be supported through direct interaction with smart contracts. The team stated that this shutdown decision stems from long-term strategic evolution—not from the security report previously received by Money on Chain, a partner of Tropykus. That report had prompted the protocol to proactively suspend deposits and new lending activities. However, the team emphasized that internal discussions regarding the shutdown predated the security incident, and the incident merely accelerated the decision. Technically, the team noted that the original architecture was designed for an earlier technological environment and is no longer capable of meeting long-term development needs in the face of emerging security challenges posed by technologies such as artificial intelligence. The team advises all users to complete withdrawals and settle their lending positions via tropykus.com before July 27, 2026. After this date, users will need technical proficiency to interact directly with smart contracts to perform these operations.
According to on-chain analyst PeckShield (@PeckShieldAlert), a user’s Alchemix Yearn yvVault position (token $yvWETH) was attacked, resulting in an estimated loss of approximately $1 million. The root cause of the attack lies in the user’s prior approval grant to an unverified contract (contract address: 0x143a), deployed 10 days ago. Reverse-engineering analysis revealed that this contract contains a vulnerability enabling arbitrary call execution. Exploiting this vulnerability, the attacker successfully transferred the victim’s yvVault position. PeckShield has now publicly disclosed the specific logic of this vulnerability. Users are advised to review and revoke token approvals granted to unknown or unverified contracts to mitigate asset risks.
According to on-chain analyst PeckShield (@PeckShieldAlert), the YieldCore-3rd-deal treasury under Trading Protocol was attacked, resulting in losses of approximately $398,000. The attack exploited a vulnerability in the contract—specifically, a missing caller permission check—which allowed the attacker to bypass the authorization mechanism and withdraw all funds from the treasury. Relevant on-chain transaction records have now been disclosed.