News linked to this event type.
Vercel CEO Guillermo Rauch (@rauchg) announced that Vercel is conducting an in-depth investigation into the April 2026 security incident. The investigation revealed that the attackers initially breached Vercel’s systems via Context.ai’s account—a startup—but their activities extended far beyond this initial intrusion. Threat intelligence indicates that the attackers distributed malware to steal Vercel account credentials and API keys from other service providers, then used those keys to rapidly and extensively enumerate non-sensitive environment variables. To trace the root cause, Vercel has processed nearly 1 petabyte of network and API logs. Vercel is collaborating with industry partners—including Microsoft, AWS, and Wiz—to respond jointly and has proactively notified other potentially affected parties, urging them to rotate credentials and adopt security best practices.
23pds, Chief Information Security Officer of SlowMist Technology, retweeted a post from the dark web intelligence account Dark Web Intelligence (@DailyDarkWeb), stating that the hacker group ShinyHunters claims to have breached internal systems related to Anthropic’s Mythos model and has shared screenshots—including those of the user management panel, AI experiment dashboard, and model performance and cost analysis. As of now, Anthropic has not officially confirmed the authenticity of this claim. Given that numerous enterprises have already applied for trial access to the relevant models, if this report proves true, it could pose indirect security risks to leading technology firms and crypto-related businesses.
According to on-chain analyst Yujin (@EmberCN), the KelpDAO hacker, over a period of approximately one and a half days, has converted nearly all 75,700 ETH (valued at roughly $175 million) on Ethereum into BTC—primarily via the cross-chain protocol THORChain. This money-laundering activity generated approximately $800 million in trading volume and $910,000 in platform fees for THORChain.
Odaily News According to public records from the New York Criminal Court, Believe founder Benjamin Pasternak was arrested on suspicion of second-degree strangulation and assault, with a court appearance scheduled for June 11. He was previously accused of involvement in a token exit scam scheme involving millions of dollars. The platform's native token BELIEVE is currently trading at approximately $0.00075, down over 99% from its all-time high of $0.3569 set in May 2025.
Odaily News: The UK Financial Conduct Authority (FCA), in collaboration with HM Revenue & Customs and the South West Regional Organised Crime Unit, recently conducted raids on eight locations across the UK suspected of engaging in illegal P2P cryptocurrency trading. Officials issued prohibition orders on-site, requiring the operators to cease activities immediately and gathered relevant evidence. The UK FCA pointed out that currently, no P2P cryptocurrency traders or platforms are registered with the regulator in the UK. Furthermore, in the recent multi-agency Operation Atlantic, law enforcement agencies froze $12 million in assets linked to cryptocurrency scams and traced over $45 million in stolen cryptocurrency. The UK FCA has now launched a consultation on its guidelines for the cryptocurrency regulatory framework set to take effect in 2027.
According to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech. The attack employs a social engineering technique called “ClickFix” to trick victims into pasting commands into their Mac Terminal, thereby granting attackers access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims detect it, complicating attribution and detection. Additionally, attackers have already carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.
According to on-chain analyst PeckShield (@PeckShieldAlert), the KelpDAO attacker has transferred ETH from Ethereum to Arbitrum via the Across Protocol, swapped it for USDT, and then routed the funds to TRON DAO via LayerZero.
TechFlow News, April 22: According to a Jefferies report cited by Bloomberg, a hacker attack over the weekend resulted in nearly $300 million in losses for a small crypto project and triggered an outflow of approximately $10 billion from the largest decentralized lending platform—potentially dampening Wall Street’s interest in blockchain technology. Andrew Moss, a member of Jefferies’ digital assets research team, noted that banks, asset management firms, and payment companies have spent the past year developing products based on similar technological systems. However, this attack—allegedly carried out by North Korean hackers—may prompt traditional financial institutions to pause their related initiatives and reassess associated risks.
According to Cointelegraph, the widespread adoption of AI is driving up the number of submissions to cryptocurrency industry bug bounty programs—but a flood of low-quality “AI spam” reports has also emerged, placing a heavy burden on protocol teams for triaging. Barry Plunkett, Co-CEO of Cosmos Labs, stated that submission volume to its platform surged 900% year-on-year, with 20–50 reports received daily; Kadan Stadelmann, CTO of Komodo Platform, likewise noted a marked rise in low-quality and false-positive reports, attributing the root cause primarily to AI’s drastic reduction in the cost of generating reports. Daniel Stenberg, creator of the open-source tool curl, has already shut down his bug bounty program outright due to being overwhelmed. In response, industry insiders recommend that teams deploy defensive AI systems to automatically triage reports and adopt stricter submission criteria—reducing the volume of invalid reports and ensuring genuine vulnerabilities receive timely attention.
According to an official post by Umbra (@UmbraCash), the privacy payment protocol Umbra was used to transfer funds related to a recent hacking incident, involving 349 ETH (approximately $800,000). Umbra stated that, as its privacy address system primarily protects the recipient’s identity—not the sender’s—it offers limited practical assistance to hackers attempting to obscure the origin of stolen funds. All stolen funds remain identifiable and traceable. The team has been in active communication and collaboration with security researchers. Umbra also noted that the protocol is powered entirely by autonomous smart contracts; thus, the team cannot prevent anyone from using the contracts or self-hosted frontend versions. In support of fund recovery efforts, the team placed the hosted frontend into maintenance mode at 6:45 a.m. ET on April 21. Access will be restored once it is confirmed that doing so will not impede the recovery process. The protocol itself continues operating normally, and all funds held within privacy addresses remain secure.
Odaily News: Privacy protocol Umbra has shut down its hosted frontend website to prevent attackers from using the protocol to transfer stolen funds from a recent security incident. Umbra stated that approximately $800,000 in funds were transferred through its protocol, but the protocol only hides the recipient's identity, and the related transactions can still be tracked on-chain. This measure follows the attack on the Kelp protocol, which resulted in losses exceeding $280 million. Umbra said it will restore frontend services after confirming it does not affect asset recovery efforts, but it cannot prevent users from continuing to use the protocol via smart contracts or self-hosted frontends. (Cointelegraph)
Odaily News SuiLend posted on the X platform stating that all platform functions are currently operating normally, including deposits, lending, withdrawals, and repayments, and user funds remain unaffected. Simultaneously, the team is closely monitoring the progress of the previous Volo Protocol security incident and will continue to provide subsequent updates.
According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a hearing before the Senate Armed Services Committee that Bitcoin is a “valuable computer science tool,” and that its proof-of-work technology holds significant applications in cybersecurity—increasing attackers’ costs and enabling the protection of data, information, and command signals, thereby supporting U.S. national security interests. Paparo noted: “Beyond the economic dimension, it has extremely important computer science applications in cybersecurity.” Earlier, in 2023, Jason Lowery of the U.S. Space Force expressed a similar view.
According to Decrypt, Mozilla recently revealed that Anthropic’s latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser; all related vulnerabilities were patched this week. For comparison, a previous Anthropic model had detected only 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities fell within the scope of what top human researchers could identify. Claude Mythos was officially launched in March 2026 and is Anthropic’s most powerful model to date for reasoning, coding, and cybersecurity. It is currently available exclusively to vetted partners—including Amazon, Apple, and Microsoft—under Anthropic’s “Project Glasswing” initiative.
According to on-chain analyst Ai Yi's monitoring, the Venus attacker transferred 2,301 ETH (approximately $5.32 million) to address 0xa21…23A7f 11 hours ago. Subsequently, the funds were laundered in batches via Tornado Cash. Currently, there is still $17.45 million worth of ETH remaining on-chain.
The Economic Daily published an article titled “Leveraging China’s Token Advantages,” which points out the need to clearly recognize potential risks associated with tokens, including identity theft due to token leakage, unauthorized access and theft of sensitive data through forged permissions, and user exploitation via agent-based commission schemes. Some lawbreakers have begun targeting tokens, setting up consumer traps disguised as “discounted token packages” or “token agents.” It is essential to continuously improve policy frameworks, regulations, and standards, and to standardize token trading秩序 by cracking down on price monopolies, false advertising, and illegal financial activities. Illegal and non-compliant activities—including speculative “hoarding for appreciation” and over-the-counter trading—must be resolutely curbed, guiding tokens back to their fundamental roles in technical services, value settlement, and rights transfer.
Odaily News Wall Street investment bank Jefferies' analysis indicates that the approximately $293 million attack on Kelp DAO on April 18 exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes the attacker triggered market sell-offs and liquidity stress by minting unbacked tokens and borrowing across platforms. The incident is suspected to be potentially linked to the Lazarus Group and also highlights the single point of failure in the validation mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), related risks may cause some banks and asset management firms to temporarily pause deployments, prioritizing a review of system security. Especially in scenarios reliant on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Against the backdrop of regulatory progress and continuous infrastructure improvement, use cases like stablecoins still hold growth potential. However, the industry as a whole is still in its early development stage and requires time to enhance system robustness. (CoinDesk)
According to an official announcement by Volo, a security vulnerability occurred today on the Sui network involving Volo—a BTCFi and LST protocol—resulting in the theft of approximately $3.5 million in assets (including WBTC, XAUm, and USDC) from three specific vaults. Immediately after the incident, the team notified the Sui Foundation and ecosystem partners and froze all vaults to prevent further losses. Volo stated that the vulnerability affected only these three vaults; the remaining vaults are not exposed to the same attack vector, and the other ~$28 million in TVL remains secure. The official announcement emphasized that Volo will bear the loss entirely and will not pass it on to users. A comprehensive post-mortem report and remediation plan will be released upon completion of the investigation.
According to on-chain analyst Yu Jin, the KelpDAO hacker began laundering and transferring ETH yesterday afternoon, and by now should have laundered 34,500 ETH (worth $80 million).Most of this ETH was cross-chain swapped into BTC via THORChain, which consequently earned a significant amount in "toll fees":1. THORChain's trading volume surged to $360 million over the past 24 hours, compared to an average daily volume of only $20 million previously.2. THORChain's platform fee revenue reached $420,000 over the past 24 hours, whereas its daily fee income was only $5,000 before.
According to on-chain analyst Specter (@SpecterAnalyst), the North Korean hacking group TraderTraitor began laundering stolen funds from KelpDAO at approximately 3 a.m. Beijing time today—just three hours after the Arbitrum Council froze 30.7 ETH (approximately $71 million). The attackers split the remaining funds across three wallets, holding roughly 25,000 ETH (~$57.6 million), 25,700 ETH (~$59.2 million), and 25,000 ETH (~$57.9 million), respectively. The third wallet immediately initiated laundering operations and now holds only about 3,800 ETH (~$8 million). The majority of the funds were bridged to the Bitcoin network via THORChain, with approximately 99% flowing through this protocol. As a result, THORChain’s daily trading volume surged to $211 million—more than ten times its 30-day average—and generated roughly $189,000 in fees. During this laundering process, the illicit proceeds were also commingled with funds stolen in the BTC Turk (2025) and Bybit (2025) hacks. To date, approximately 442 BTC (~$33 million) linked to these incidents have been traced on the Bitcoin network, and over 400 addresses have been utilized throughout the entire laundering operation.