News linked to this event type.
According to the Wall Street Journal, algorithm development company MicroAlgo Inc. has announced the launch of a quantum technology–based blockchain architecture that enhances transaction security and transparency by integrating cyclic Quantum Secure Channels (QSC) with Quantum Key Distribution (QKD). The architecture features a four-layer design: a quantum communication layer, a blockchain core layer, a smart contract layer, and an application layer. QKD enables highly secure key generation and distribution, while quantum encryption safeguards transaction data against theft and tampering—and remains resistant to attacks from quantum computers.
According to monitoring by on-chain analyst Specter, the Wasabi Protocol attacker has deposited all stolen funds into Tornado Cash, moving approximately $5.9 million into Tornado Cash. Additionally, North Korean hacking groups have also used Tornado Cash to launder stolen funds from KelpDAO and LayerZero. Their process involved first cross-chaining the assets to Bitcoin, then routing them through Wasabi Mixer, extracting and cross-chaining back to Ethereum, depositing into Tornado Cash, subsequently withdrawing to new wallets and dispersing across multiple addresses. The new wallets then deployed tokens, used the stolen funds to buy in, removed liquidity from the deployment wallet, cross-chained to Tron (USDT), held for several hours or days, and finally sent to OTC-related wallets.
According to CoinDesk, Ripple announced on Monday that it will share its internal intelligence on North Korean hackers with Crypto ISAC, a threat intelligence-sharing organization for the cryptocurrency industry, to help businesses identify coordinated intrusion campaigns. This move comes amid a recent shift in attack patterns targeting the cryptocurrency sector. The April theft of $285 million from the Drift protocol was not a traditional smart-contract vulnerability exploit; instead, North Korean hackers spent months building relationships with Drift contributors and installing malware on their devices before stealing private keys. Ripple stated: “The strongest crypto security posture is a shared one. A threat actor rejected by one company after background screening may submit resumes to three other companies the same week. Without shared intelligence, each company starts from scratch.”
According to Cointelegraph, DeFi protocol Aave filed an emergency motion in New York on Monday seeking to vacate a restraining notice issued by U.S. law firm Gerstein Harrow LLP, which prevents the Arbitrum DAO from transferring 30,766 ETH to victims of the Kelp exploit. Gerstein Harrow LLP served the restraining notice on the Arbitrum DAO last Friday, asserting that its client is entitled to over $877 million in damages under a default judgment against North Korea. The firm claims that the North Korean hacking group behind the April 18 Kelp exploit previously held these tokens and that its client therefore holds a legal claim to the relevant ETH.
the Compound Foundation stated on X platform that, in coordination with the Kelp and Aave teams, and to avoid disrupting broader DeFi recovery efforts, the Comet markets for WETH and wstETH on Ethereum have resumed trading. It also noted that depending on the specific timing of Kelp's thawing of rsETH, temporary suspensions may still occur in relevant markets during the liquidation window for vulnerability-related positions. Specific arrangements have yet to be determined.
Aave LLC has submitted an emergency motion requesting the dismissal of the asset freeze notice issued against ArbitrumDAO on May 1, 2026. The notice involves approximately $71 million worth of ETH, assets belonging to users affected by the attack on April 18. Aave stated that stolen assets do not grant legal ownership through theft, and the relevant funds were originally intended for restitution to affected users; the freeze instead hinders the compensation process.Aave has requested an emergency hearing from the court to temporarily lift the freeze measure, while stating that it will continue to collaborate with the Arbitrum community and DeFiUnited to advance user compensation efforts.
North Korea has denied allegations of its involvement in cryptocurrency theft, calling the claims "absurd slander" and a "political tool." The statement, issued by state-run media, emphasized that necessary measures will be taken to safeguard national interests. However, data from blockchain analytics firm TRM Labs shows that in the first four months of 2026, hacker groups linked to North Korea have stolen approximately $577 million, accounting for about 76% of global crypto theft losses during the same period. This includes two major attacks on KelpDAO (approximately $292 million) and Drift Protocol (approximately $285 million).TRM pointed out that the attacks are primarily associated with the Lazarus Group and its sub-organizations. Since 2017, the cumulative scale of crypto theft linked to North Korea has exceeded $6 billion.U.S. and international agencies widely believe that such funds are used to support military and missile programs. Meanwhile, the U.S. Treasury Department has recently imposed sanctions on relevant individuals and entities, targeting approximately $800 million in illicit fund flows in 2024. (The Block)
According to Cointelegraph, U.S. law firm Gerstein Harrow LLP has filed an application with the U.S. District Court for the Southern District of New York seeking a temporary restraining order and three writs of execution to prevent the Arbitrum DAO from transferring 30,766 ETH (valued at approximately $73 million) frozen following the Kelp vulnerability. The firm argues that its clients obtained default judgments against North Korea in U.S. courts in 2010, 2015, and 2016, entitling them to roughly $877 million in compensation—and contends that the stolen ETH constitutes North Korean-linked assets that should be used to satisfy those judgments. Kelp DAO suffered a $292 million hack on April 18; the attacker was identified as TraderTraitor, a subgroup of the North Korean state-sponsored hacking group Lazarus Group. Aave Labs previously proposed unfreezing the seized funds and transferring them into the “DeFi United” fund to compensate rsETH holders—but this legal action by Gerstein Harrow may significantly delay compensation for victims. Members of the Arbitrum DAO community have criticized the move, arguing it shifts the burden of North Korea’s debts onto another set of victims, thereby exacerbating the original harm. Gerstein Harrow had previously pursued litigation related to the 2023 Heco Bridge hack involving Teth
"on-chain detective" ZachXBT posted on X platform, stating that PolyArb is a fake prediction market product with a wallet drainer on its website. Additionally, the product's account posted controversial replies under multiple tweets from well-known prediction markets to drive traffic and lure users into participating.
On-chain investigator ZachXBT replied that PolyArb is a fake prediction market product whose website contains a wallet-stealing script. Previously, PolyArb claimed on X that the Hyperliquid HIP-4 outcome market achieved $6.15 million in daily BTC trading volume within 48 hours. William LeGate, Head of User Growth, questioned its claims regarding Polymarket’s fee structure. ZachXBT warned that replying to the relevant account could generate further exposure and increase the number of potential victims.
Odaily Odaily PaperImperium, the head of MegaETH, disclosed on X platform that documents from the U.S. District Court for the Southern District of New York show that a U.S. court has issued an injunction against the Arbitrum DAO, prohibiting it from transferring approximately $71 million in ETH assets that were previously frozen during the KelpDAO hacking incident. In response, on-chain detective ZachXBT posted on X platform, stating that certain U.S. law firms are using his investigative work and on-chain forensics to help victims of some hacking incidents file legal claims. However, this practice may actually slow down or hinder victims from receiving compensation or recovering funds.ZachXBT added that in previous hacking incidents involving the Lazarus Group, such law firms often stepped in after on-chain fund tracking or freezing was completed, proposing subsequent legal actions that were weakly related to the crypto incidents themselves. Similar "free-riding claims" strategies were used in events like Harmony and Bybit. He called on the crypto community to establish a DAO to resist such practices.
: MegaETH lead PaperImperium disclosed on X platform a court document from the U.S. District Court for the Southern District of New York, showing that a U.S. court has issued an injunction against the Arbitrum DAO, prohibiting it from transferring approximately $71 million worth of ETH assets that were previously frozen in the KelpDAO hacking incident. The plaintiffs are attempting to use these funds to enforce outstanding judgment compensation in cases related to North Korea's involvement in terrorism, kidnapping, and other matters spanning several years. They have also filed a motion to serve legal notice to the Arbitrum DAO via alternative means, treating it as an accountable "partnership." The court document further notes that the Arbitrum DAO has a Security Council governed by ARB holders, which has the authority to take action in emergencies. As a result, relevant members who refuse to comply may face legal consequences such as contempt of court. Market observers believe that this case could set an important precedent for the U.S. judicial system to directly constrain DAO governance structures, further highlighting the compliance pressure faced by DeFi protocols under real-world legal frameworks.
Wasabi Protocol announced a security incident update on X, stating that users can now safely interact with the protocol’s contracts to withdraw remaining funds. The team said it is working behind the scenes to the best of its ability to address the issue; however, as the investigation remains ongoing, no further details can be disclosed at this time. The team will share the latest updates with the community as soon as conditions permit.
According to Cointelegraph, the Arbitrum Committee voted to unfreeze $71 million worth of Ethereum to mitigate the $290 million loss caused by the Kelp DAO vulnerability.
SolanaFloor posted on X platform, stating that a suspected MEV bot turned $0.22 USDC into $696,000 USDC in a single transaction by executing an MEV-style price manipulation attack on Meteora's ANB pool. The ANB token dropped 99%.
Within less than three weeks, 12 protocols were hacked for over $606 million. The Drift incident resulted in losses of $285 million, and the Kelp DAO incident caused $292 million in losses—these two attacks together accounted for approximately 95% of the total losses.
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.
: Iran has submitted a new proposal to Washington aimed at ending the war, which shows signs of compromise and is intended to restart negotiations to resolve the deadlock that is exacting a heavy toll on its economy. According to sources, Iran's new proposal moves a step closer to the US: it suggests discussing Tehran's conditions for reopening the Strait of Hormuz simultaneously with the US commitment to cease attacks and lift the blockade on Iranian ports. Previously, Iran had demanded that the US lift the blockade as a prerequisite for starting negotiations and required the US to agree on terms for ending the war before discussing the future management of the strait and nuclear program. The sources also noted that the new proposal then suggests discussing issues related to Iran's nuclear program in exchange for the US implementing sanctions relief. Iran has informed mediators that if Washington is open to this new proposal, Iran is prepared to travel to Pakistan for talks early next week. (The Wall Street Journal)
Paradigm researcher Dan Robinson proposed a new scheme called PACT (Prove Address Control with Timestamp), aimed at protecting long-dormant Bitcoin, including Satoshi Nakamoto's early addresses, from future quantum computing attacks.The mechanism allows users to prove control over an address via a timestamp without transferring assets or exposing on-chain activity. Should a future quantum attack occur, assets can be recovered based on this proof within a quantum-resistant version of the Bitcoin network.Compared to mandatory migration schemes such as BIP-361, PACT avoids the privacy exposure issues caused by proactively transferring assets, offering long-term holders a more flexible proactive protection path.
Purrlend announced that it suffered a security incident on April 25 on HyperEVM and MegaETH, resulting in losses of approximately $1.52 million. The attacker compromised the team’s 2-of-3 multisig wallet and granted the malicious EOA permissions—including BRIDGE_ROLE—enabling the minting of unbacked pUSDm and pUSDC via the `mintUnbacked` function, which were then used as collateral to borrow assets from the lending pool. Purrlend stated it has suspended the protocol, revoked the compromised permissions, and is collaborating with security teams, law enforcement agencies, and cross-chain bridge partners to trace and attempt recovery of the stolen funds.