News linked to this event type.
1inch announced on X that it has taken note of the reports concerning TrustedVolumes and confirmed that neither 1inch nor any of its protocols are involved in this incident. The 1inch system, infrastructure, and user funds remain unaffected. TrustedVolumes operates independently as a liquidity provider and is utilized by multiple protocols across the industry—not exclusively by 1inch.
1inch posted on X platform, stating it has taken note of reports concerning TrustedVolumes and confirmed that neither 1inch nor any of its protocols are involved in the incident. The 1inch system, infrastructure, and user funds remain unaffected. TrustedVolumes operates independently as a liquidity provider and is utilized by multiple protocols within the industry, not exclusively by 1inch. 1inch will continue to monitor the situation and actively assist relevant security parties as appropriate.
According to on-chain data platform Santiment (@SantimentData), as Bitcoin’s price reclaimed the $80,000 level, the ratio of bullish-to-bearish comments on social media rose to 1.37:1.00—the highest in nearly four months—signaling a notable surge in market optimism. However, Santiment cautions that historically, sharp increases in bullish sentiment often serve as warning signs rather than buy signals. When retail FOMO dominates social media discussions, traders tend to enter positions late in the trend, raising the likelihood of local tops, profit-taking, and sudden price volatility. Santiment notes that peak market euphoria frequently coincides with the onset of waning momentum. By comparison, following the Kelp DAO vulnerability incident in mid-April, social sentiment plunged into deeply bearish territory; the exit of “weak-handed investors” instead laid a healthier foundation for the current rally. With sentiment now having reversed dramatically, Santiment advises traders to remain vigilant against potential risks stemming from excessive leverage and overly concentrated positions.
According to The Block, a U.S. federal court sentenced Marlon Ferro of California—known online as “GothFerrari”—to 78 months in prison, three years of supervised release, and $2.5 million in restitution. Ferro participated in a nationwide social engineering fraud scheme spanning from late 2023 to early 2025, involving over $250 million worth of cryptocurrency assets. The criminal group employed a range of tactics—including database breaches, fraudulent phone calls, money laundering, and residential burglaries—specifically targeting victims holding large amounts of cryptocurrency assets. Ferro carried out two residential burglaries to steal hardware wallets and assisted in laundering illicit funds. U.S. prosecutors stated that this sentence sends a clear message: cryptocurrency fraud is a serious criminal offense and will result in federal imprisonment.
According to PeckShieldAlert’s monitoring, TrustedVolumes was attacked, resulting in losses of approximately $5.9 million, including $3.02 million in ETH, $1.37 million in WBTC, and $1.47 million in stablecoins; the attacker has exchanged the stolen funds for 2,513 ETH.
According to CertiK Alert, an attacker stole approximately $5.87 million. The attacker exploited a public function to register as an AllowedOrderSigner and then executed orders to transfer pre-approved funds from victims’ addresses. CertiK urges users to immediately revoke approvals for the vulnerable contract and remain vigilant.
Aave stated that, per the previously disclosed technical recovery plan, the attacker’s rsETH positions on Ethereum and Arbitrum have been liquidated on Aave, and the associated collateral assets have now been transferred to the Recovery Guardian address designated by the AIP. Aave noted that this action did not impact other users, nor did it affect the Umbrella mechanism, and emphasized that this step is a critical milestone in the overall recovery roadmap, with further recovery efforts continuing as planned.
Aave has announced the completion of the liquidation of the remaining rsETH position belonging to the Kelp DAO attacker. The related collateral assets will be transferred to the Recovery Guardian multi-signature wallet managed by DeFi United, to be used for restoring rsETH reserves and compensating affected users.This liquidation is part of the recovery plan following the previous $292 million attack incident. Aave had previously passed a governance vote to temporarily adjust the rsETH oracle price in order to create bad debt in the attacker's position and trigger liquidation. The relevant parameters will be restored upon completion of the liquidation. Previously, the attacker exploited the Kelp DAO cross-chain bridge based on LayerZero to forge 116,500 unbacked rsETH and borrowed ETH from protocols such as Aave and Compound. Currently, the recovery funds managed by DeFi United have exceeded $320 million.
According to Cointelegraph, Coinbase has been sued in a U.S. federal court in California over frozen funds linked to a $55 million DAI phishing theft that occurred in 2024. The plaintiffs allege that some traceable stolen funds—after being mixed via Tornado Cash—were deposited into Coinbase retail user accounts and remain frozen. Coinbase states it can only release the assets after a court rules on their ownership. The complaint also links the theft to the malicious wallet drainer platform Inferno Drainer. Victims had engaged Zero Shadow and Five Stones Intelligence to track the stolen funds.
: Bitcoin Core developers have disclosed a high-risk vulnerability numbered CVE-2024-52911, affecting versions 0.14.1 through 28.4. Attackers can exploit this vulnerability by constructing a special block to remotely crash other nodes and execute code. The vulnerability was discovered and privately reported by developer Cory Fields in November 2024. The fix was merged in December 2024 and officially launched in the v29 release in April 2025.Currently, support for the last vulnerable version in the 28.x series ended on April 19, 2026. However, since upgrading Bitcoin nodes is voluntary, it is estimated that approximately 43% of nodes are still running vulnerable old versions, posing a potential security risk.
Kelp DAO has announced the migration of its restaking token rsETH to Chainlink CCIP, citing enhanced security as the reason for this move. Previously, a cross-chain bridge built by Kelp DAO on LayerZero was attacked on April 18, with hackers stealing approximately 116,500 rsETH, valued at around $292 million, and using the assets as collateral to borrow WETH on Aave v3.Regarding the cause of the vulnerability, LayerZero previously stated that the issue stemmed from Kelp DAO using a single DVN verification path configuration rather than multiple independent verifications. Kelp DAO responded that this configuration was the default setting and that LayerZero had confirmed its security without flagging any related risks. LayerZero CEO Bryan Pellegrino subsequently denied this claim, stating that Kelp DAO had proactively modified the default multi-DVN configuration. Both parties continue to dispute responsibility for the incident. (Cointelegraph)
According to security firm Blockaid (@blockaid_), Ekubo Protocol’s v2 custom extension contract on Ethereum is under an ongoing attack, resulting in losses of approximately $1.4 million so far. The root cause lies in the IPayer.pay callback within this extension, which fails to properly restrict the origin of its parameters—enabling attackers to control the payer, token, and amount parameters and thereby arbitrarily transfer authorized tokens. Users of Ekubo’s core protocol remain unaffected; however, users who have authorized the v2 contract (0x8CCB1ffD5C2aa6Bd926473425Dea4c8c15DE60fd) as a token spender face direct risk. Blockaid recommends that affected users immediately revoke their approvals.
慢雾创始人余弦于 X 平台发文表示,“Ekubo 有关合约被恶意利用。原因是如果用户之前将相关代币授权给:0x8CCB1ffD5C2aa6Bd926473425Dea4c8c15DE60fd;如这位用户 0x765DEC 的这笔 WBTC 无限授权(158 天前):攻击者可指定已授权用户作为 payer,在 payCallback 中让该合约调用 WBTC transferFrom(victim, Ekubo Core, amount),再通过 Ekubo Core(0xe0e0e08A6A4b9Dc7bD67BCB7aadE5cF48157d444) 的 withdraw/pay 平账流程把资产转给攻击者。这个操作执行了 85 次,每次 0.2 WBTC,最终用户 0x765DEC 损失 17 WBTC。建议用户尽快安装官方提醒检查以下合约授权:0x8ccb1ffd5c2aa6bd926473425dea4c8c15de60fd (V2)0x4f168f17923435c999f5c8565acab52c2218edf2 (V3)Arbitrum: 0xc93c4ad185ca48d66fefe80f906a67ef859fc47d (V3)。”
Ekubo Protocol officially stated on the X platform that an active security incident has been identified in the Ekubo Swap Router contract on EVM chains. The impact is limited to EVM chains, with LPs unaffected; Starknet is also unaffected. The team is investigating the scope of the issue, but as a safety precaution, users are advised to revoke all approvals.
According to Decrypt, an anonymous cryptocurrency whale filed a lawsuit against Coinbase this week in the U.S. District Court for the Northern District of California, accusing the exchange of refusing to return over $55 million worth of DAI stablecoins stolen in a phishing attack in 2024. The plaintiff claims to have engaged multiple on-chain investigation firms to trace the funds, ultimately identifying that the stolen assets flowed into a Coinbase account. Coinbase confirmed in December 2024 that it had frozen the relevant assets but refused to return them, citing the need for a court order. As of today—more than a year and a half after the incident—the victim has still not recovered the assets and has therefore turned to litigation. The attack was carried out by hackers using the “Inferno Drainer” tool to spoof the DeFi Saver login page; after the victim inadvertently interacted with the fake page, their wallet was fully compromised by the attackers.
The study suggests that AI’s currently observable applications in crime are primarily concentrated on low-barrier, high-frequency activities such as mass-produced SEO spam content, romance scams, voice cloning, image generation, and low-cost AI-powered nude image generation services.
According to the official disclosure by Drift Protocol, all affected wallets impacted by the April 1 attack will receive Recovery Tokens—representing their verified losses and proportional claims against the Recovery Pool—where each Recovery Token corresponds to $1 of verified loss. The Recovery Pool’s initial funding is approximately $3.8 million, sourced from converting the protocol’s remaining assets into USDT. It will be further replenished through a portion of quarterly net exchange revenue, partner contributions, and up to $127.5 million in matching deployment from Tether. Once the Recovery Pool exceeds $5 million, users may begin redeeming Recovery Tokens; the redemption price will be calculated as the Recovery Fund’s value divided by the outstanding supply of Recovery Tokens. Drift stated that the Insurance Fund was unaffected by the attack; any release of related funds requires governance proposals and DAO voting. The exchange plans to relaunch in Q2 2026, focusing primarily on perpetual contracts and a select set of markets. Additionally, it will replace its programs and addresses, rotate keys, reconstruct its community multisig, remove durable nonces and the Earn product, and implement operational security upgrades.
According to CoinDesk, Angus Fletcher, Head of Digital Assets at State Street, stated at Consensus Miami that recent DeFi attack incidents highlight traditional financial institutions’ need for blockchain asset security and risk management frameworks. He emphasized that before trillions of dollars worth of real-world assets (RWAs) are tokenized, the industry must urgently address cross-chain interoperability, legal ownership, and security safeguards.
According to Odaily, Drift Protocol has released a user recovery plan for the approximately $295 million security vulnerability incident on April 1, which was attributed to a North Korean-backed hacker group. Under the plan, Drift will issue receipt tokens representing users' verified losses, with each token corresponding to $1 in losses, allowing holders to gradually redeem based on the recovery pool's funding size.Currently, the recovery pool has initial funding of approximately $3.8 million. Subsequent funding sources include up to $127.5 million from exchange revenue, Tether-backed funds, and up to $20 million from partner contributions, aiming to cover total losses of approximately $295.4 million. Drift has frozen approximately $3.36 million in USDC and has established a public bounty program offering 10% of recovered assets. It is expected to relaunch the exchange in a "security-first" model during the second quarter. (CoinDesk)
According to The Block, Kelp DAO will abandon LayerZero and adopt Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its cross-chain infrastructure, along with Chainlink’s Cross-Chain Token (CCT) standard. Previously, in April, Kelp DAO suffered a cross-chain bridge attack totaling approximately $292 million; the attackers are suspected to be linked to North Korea’s Lazarus Group and exploited the single-validator configuration of the LayerZero-powered OFT cross-chain bridge to steal 116,500 rsETH. Chainlink states that its CCIP requires at least 16 independent node operators to validate cross-chain transactions.