News linked to this event type.
According to the anonymous on-chain detective Wazz, hundreds of wallets on the ETH mainnet have been drained by the same address, with several of these wallets remaining inactive for over 7 years. The incident is suspected to be a novel real-time exploit attack. Crypto user Capitulation commented, suggesting that the most likely vulnerability stems from storing seed phrases in LastPass secure notes during 2020/21.
North Korean spies spent months conducting multiple in-person meetings with Drift Protocol employees before executing one of the largest social engineering attacks against a crypto protocol, stealing $285 million. According to TRM Labs data, losses attributed to North Korean hackers accounted for 76% of total crypto hack losses in 2026. (CoinDesk)
DeFi project Carrot announced it will cease operations due to the significant operational impact caused by the Drift vulnerability exploit. Carrot has set May 14 as the deadline for users to withdraw remaining funds from Boost, Turbo, and CRT. Following this, the platform will begin deleveraging its system—reducing all leverage to zero—to free up liquidity for CRT redemptions. Carrot stated that user-deposited funds remain the property of users; should Drift pursue any subsequent recovery measures, related funds will still be distributed per prior announcements.
Wasabi Protocol stated that the Wasabi smart contracts on Solana are secure and unaffected by this vulnerability. The vulnerability is limited to Wasabi’s EVM deployments. The team is collaborating with leading security firms and has contacted law enforcement and the FBI. Further updates will be shared as they become available.
: Arbitrum DAO has initiated a governance vote to release the previously frozen 30,766 ETH to support DeFi United, a recovery plan following the Kelp DAO attack.These assets, worth approximately $71.1 million, were frozen by the Arbitrum Security Council on April 20. They were originally funds transferred to the Arbitrum network by the attacker. If the proposal passes, it will become the largest single source of funding for the DeFi United plan.In the early stage of voting, 16.9 million ARB have already been cast in support. Currently, there are no opposing votes. The voting is set to continue until May 7.
Syndicate Labs disclosed a security incident: an attacker compromised the system through a private key leak and maliciously upgraded the cross-chain bridge contracts on two chains, leading to the transfer of approximately 18.5 million SYND and about $50,000 in user assets. The attack originated from a compromised development endpoint. The attacker exploited production environment permissions to upgrade the bridge contracts to a malicious version, but other chains were unaffected. The losses include:Commons Bridge: Approximately 18.5 million SYND were transferred and sold, worth roughly $330,000.Another Appchain: Approximately $50,000 in user assets were transferred.Syndicate Labs stated that affected SYND holders will receive full compensation, along with additional excess compensation, leaving their overall holdings higher than before the incident. Affected users on the Appchain will also be fully reimbursed for their losses.
the U.S. Air Force has agreed to purchase an undisclosed number of interceptor drones from a company backed by the son of President Trump. As the war between the U.S. and Iran enters its third month, this move deepens the ties between the U.S. military and defense contractors associated with the Trump family. Powerus co-founder Veljkovic stated that the company will sell these drones to the Pentagon following a demonstration in Arizona. This is Powerus' first contract to sell such weapons to the U.S. military. The company declined to disclose the terms or scale of the deal, but such transactions are common when the military evaluates new weapon systems. This move aligns with the U.S. strategy of using low-cost interceptor drones, rather than expensive missiles, to counter Iranian attack drones. Reports indicate that the U.S. military has already deployed 10,000 AI-equipped Merops interceptor drones, developed in Ukraine, to the Middle East.
The Ethereum Applications Guild (EAG) has officially launched as a global, nonprofit collaborative organization dedicated to supporting the growth of the Ethereum application ecosystem—driving its evolution from infrastructure to the application layer. EAG will operate across four key pillars: accelerating real-world application adoption, connecting cross-domain ecosystem networks, establishing unified evaluation and development frameworks, and building sustainable funding mechanisms. EAG will implement a membership contribution model based on institutional scale (e.g., valuation, market cap, or assets under management), and introduce a staking-rewards donation mechanism—allocating a portion of ETH staking rewards into an Ecosystem Growth Fund. Additionally, EAG has unveiled its 2026 Global Applications & Developers Program, which includes developer education initiatives, hackathons, and research projects, alongside regional roadshows and ecosystem showcases to strengthen local developer communities.
According to The Block, blockchain intelligence firm TRM Labs released a report stating that North Korean hacker groups stole approximately $577 million in crypto assets during the first four months of 2026—accounting for 76% of global hacking losses over the same period. All these losses stemmed from two major incidents that occurred in April: KelpDAO was attacked by the TraderTraitor group, resulting in $292 million in losses; and Drift Protocol was compromised by another North Korean sub-group, suffering $285 million in losses. Preparations for the latter attack began as early as March 11, and funds were fully extracted within 12 minutes. The two incidents employed distinct money-laundering pathways: stolen funds from Drift remain largely dormant on Ethereum, whereas funds stolen from KelpDAO were rapidly swapped into BTC via THORChain, with subsequent laundering facilitated by Chinese intermediaries. TRM Labs noted that since 2017, North Korea’s cumulative crypto theft has exceeded $6 billion—and its share of global losses has risen steadily, from less than 10% in 2020 to 64% in 2025.
According to CertiK Alert (@CertiKAlert), cryptocurrency security incidents in April 2026 resulted in total losses of approximately $651 million, of which around $3.5 million stemmed from phishing attacks. This marks the highest monthly loss since March 2022 (approximately $715 million), second only to the Bybit hack in February 2025 (excluded from comparison).
Odaily, Berachain Foundation issued a warning on the X platform, stating that the Wasabi Protocol experienced a cross-chain security incident due to a deployer's private key leak, which has impacted multiple blockchains including Berachain. To prevent the risk from spreading, Berachain has suspended and blacklisted all affected Wasabi Reward Vaults within its network, immediately halting the distribution of BGT staking rewards to the compromised contracts and blocking the flow of new BGT into the affected vaults.The official team requires all users who have previously interacted with Wasabi on Berachain to immediately revoke token approvals for the specified contracts to avoid the risk of asset theft. Berachain also emphasized that the BGT reward funds within the native Reward Vaults remain secure and users can claim them normally; this incident does not affect core ecosystem interests.
Wasabi Protocol announced on X that it has become aware of an issue with the protocol and is actively investigating. As a precautionary measure, users are advised not to interact with the protocol’s smart contracts until further notice. Updates on the security incident will be shared as soon as more information becomes available. Earlier reports indicated that Wasabi Protocol was hacked, resulting in the theft of approximately $2.9 million.
According to blockchain security firm CertiK (@CertiKAlert), Wasabi Protocol (@wasabi_protocol) has suffered a security breach, with approximately $2.9 million stolen so far. Preliminary investigations indicate that the attacker gained privileged access after compromising a wallet deployed by Wasabi, enabling the attack. The stolen funds are currently distributed across the following addresses: 0xb8Bb...70dB (approximately $677,000) and 0x6244...f906 (approximately $1.1 million). The incident remains under active investigation.
the White House has recently opposed Anthropic's proposal to expand the use of its AI model, Mythos, to approximately 120 companies, primarily based on security and computing power concerns. Anthropic had originally planned to add 70 new companies to the roughly 50 enterprises currently using Mythos, but the White House has raised doubts, worrying that insufficient computing power might affect the government's own usage of Mythos.Launched in early April, Mythos is designed to detect and exploit critical software vulnerabilities. It is currently limited to testing by enterprises managing key infrastructure, with no plans for public release. The White House fears that expanding usage to more commercial users could create a computing power bottleneck for the government when using the model. This is particularly concerning given Anthropic's computing power procurement agreements with Amazon, Google, and Broadcom—though contracts have been signed, new capacity has not yet come online.On the political front, relations between the White House and Anthropic have not eased. The Trump administration has publicly criticized Anthropic for hiring multiple former officials from the Biden administration and expressed dissatisfaction with its ties to liberal organizations. One example highlights the trust issues between the two sides: Collin Burns, a former researcher at Anthropic who was originally assigned to a government AI model evaluation role, was replaced by senior White House officials upon learning of his background, to avoid having AI company personnel directly involved in matters concerning dealings with other AI companies.Additionally, last week Anthropic disclosed an unauthorized access incident involving the Mythos model, further intensifying external regulatory scrutiny on the company.
According to the LA Times, Evan Tangeman, a 22-year-old resident of California, was sentenced to 70 months in federal prison followed by three years of supervised release for laundering at least $3.5 million for the “Crypto Kids” criminal organization. The group carried out social engineering scams by impersonating employees of cryptocurrency exchanges such as Coinbase and Gemini, stealing over $263 million worth of digital assets. The illicit proceeds were used to purchase luxury vehicles, lease high-end residences, and fund extravagant spending. In addition to handling money laundering, Tangeman assisted group members in leasing luxury homes and instructed co-defendants to destroy digital devices after other members were arrested. Federal agents seized a Rolls-Royce Ghost and a Porsche GT3 RS from his residence.
According to an official disclosure by Aftermath Finance, the protocol expects to complete full compensation to users within the next 48–72 hours. The team is currently working at full capacity to return funds and expresses its gratitude for users’ patience. Earlier reports indicated that the perpetual contract protocol Aftermath Finance was exploited via a vulnerability yesterday, resulting in losses of approximately $1.14 million. The Sui Foundation, in collaboration with Mysten Labs, stated it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol.
According to an official announcement from Pump.fun, Pump.fun has launched its Charity Coins feature, which is exclusively integrated with the charitable donation platform Donate.gg. Coin Admins can now direct creator fees straight to up to five charitable organizations through the fee settings. Over 10,000 charities are already supported, and no additional onboarding is required from the charitable organizations. This integration aims to resolve issues previously associated with self-managed donations—such as uncertain donation execution, potential tax-triggering events, and malicious attacks targeting charities’ social media accounts.
According to an official announcement by Sui, Aftermath Finance’s perpetual contract protocol deployed on the Sui network was exploited due to a vulnerability, and the affected protocol has been immediately suspended. The Sui Foundation, in collaboration with Mysten Labs, stated that it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol. Aftermath Finance will provide further updates on the fund recovery progress in the near future.
According to The Wall Street Journal, the White House has signaled its opposition to Anthropic’s plan to expand the usage scope of its AI model, Mythos. Anthropic recently proposed granting access to Mythos for approximately 70 additional companies and institutions, which would bring the total number of authorized entities to around 120. In response, government officials explicitly objected on security grounds. Sources familiar with the matter said some White House officials are concerned that Mythos possesses the capability to launch cyberattacks and cause large-scale disruption online, viewing the expansion of access as a security risk. Additionally, some officials have questioned Anthropic’s computational resources, expressing doubts about whether the company can simultaneously support a significantly increased number of users while ensuring effective government access to and use of the system. Currently, although both sides aim to ease tensions, the disagreement over Mythos access remains unresolved.
Andre Cronje stated most current decentralized finance (DeFi) protocols no longer qualify as "DeFi in the strict sense" and are closer to commercial systems operated by teams. This has sparked industry division over whether "circuit breakers" should be introduced to mitigate attack risks.In an interview, Andre Cronje pointed out that early DeFi centered on immutable smart contracts, but today many protocols rely on upgradeable contracts, multi-signature permissions, off-chain infrastructure, and manual operational processes. In essence, they have transitioned from "immutable public goods" to "operable, for-profit businesses." He noted that against the backdrop of recent security incidents, including DeFi attacks involving approximately $280 million and $293 million, industry risks have expanded from simple smart contract vulnerabilities to "Web2-style risks" such as infrastructure issues, permission controls, and social engineering attacks.Regarding risk management, Cronje's firm Flying Tulip recently introduced circuit breakers that delay or queue withdrawals during abnormal fund outflows, providing an emergency response window of about six hours to prevent systemic bank runs and further losses.However, this mechanism has also sparked controversy. Michael Egorov believes that circuit breakers may introduce new centralized attack surfaces. If controlled by signers or administrators, they could instead become new security vulnerabilities or sources of freezing risk. He emphasized that DeFi design should minimize human intervention rather than increase manual control points. Industry analysts pointed out that this debate essentially reflects how DeFi is shifting from the ideal model of "code is law" toward a practical architecture of "hybrid governance plus operational control," while the security boundaries are being redefined. (Cointelegraph)