News linked to this event type.
Odaily News Trump's pick for Fed Chair, Powell, went all out during his confirmation hearing: refusing to answer whether Trump lost the election, being angrily called a "puppet" by Warren; countering by blasting the Fed for "losing its way and playing politics"; and repeatedly denying promising low interest rates to the President. Nick Timiraos, often referred to as the "Fed's mouthpiece," wrote that Massachusetts Democratic Senator Elizabeth Warren, in her opening statement, characterized Powell as both Trump's "puppet" and an opportunist. Warren's argument was that a Fed Chair who wouldn't even dare state a simple fact that might displease the President who nominated him would not stand up to that President at critical moments. This theme ran throughout the hearing, with Democrats returning to it multiple times.Powell also stated that the Fed needs "fundamental policy reform," including a new inflation framework, new tools, and new communication methods. While Powell sidestepped Trump's public attacks on the Fed, he repeatedly denied to senators from both parties that Trump had ever sought any promises on interest rates. "The President never asked me to pre-determine, promise, commit to, or decide on any interest rate decision, not in any of our discussions, and I would never agree to do so." (WSJ)
Bybit’s Security Operations Center has identified a multi-stage malware campaign targeting macOS users of Claude Code, an AI-powered search and development tool. Attackers used search engine optimization (SEO) poisoning to push malicious domains to the top of Google search results, luring users to counterfeit installation pages. Once installed, the malware steals browser credentials, macOS Keychain data, Telegram sessions, VPN configurations, and cryptocurrency wallet information. Bybit stated that the malware can also establish persistent access via backdoor functionality and attempts to target over 250 browser wallet extensions and multiple desktop wallet applications. This malicious infrastructure was identified on March 12, and related analysis, mitigation, and detection measures were completed the same day.
According to Cointelegraph, DefiLlama data shows that there have been 518 hacking incidents in the crypto space over the past decade, resulting in cumulative losses exceeding $1.7 billion. A significant portion of these losses stemmed from private key leaks, phishing attacks, and other credential-based attacks. As smart contract security continues to improve, attackers are increasingly shifting their focus toward wallet security, signature infrastructure, development tools, and user operations. Recently, Kelp DAO’s rsETH cross-chain bridge was attacked, with approximately 116,500 rsETH tokens stolen—valued at roughly $290–293 million at the time of the incident.
Security researcher Doyeon Park announced on X that he discovered and disclosed a high-severity CVSS 7.1 zero-day vulnerability in the Cosmos consensus layer (CometBFT). This vulnerability could cause network nodes to stall during block synchronization, thereby affecting system operation—but it cannot directly lead to asset theft. Doyeon Park stated that he made every effort to follow the Coordinated Vulnerability Disclosure (CVD) process; however, due to the project team’s lack of cooperation and “irresponsible decisions,” he ultimately chose to publicly disclose the vulnerability details, adding that any resulting security risks would be borne by the relevant project teams.
Odaily News According to monitoring by crypto analyst Ai Yi @ai_9684xtpa, the KelpDAO attacker has transferred 50,700 ETH to 2 new addresses, valued at approximately $118 million.
Odaily Seer Channel monitoring shows that Polymarket has launched a new market: "When will the next cryptocurrency hack exceeding $100 million in losses occur". This market primarily references the Rekt News leaderboard as the adjudication source, and can also use publicly recognized reliable reports as a basis. Currently, this prediction market has set four time nodes: April 30, June 30, September 30, and December 31.The event contract rules are: This is a market regarding whether any crypto project or exchange suffers an attack or hack valued at a minimum of $100 million equivalent between the market creation and 11:59 PM Eastern Time on the date specified in the title. Otherwise, this market will ultimately resolve to "No". Hacks on decentralized exchanges and lending protocols will be counted.Odaily Seer Channel continues to monitor prediction markets, seeing changes before they are priced in.
On-chain investigator ZachXBT updated that funds related to the KelpDAO attack have begun moving: approximately $1.5 million has been cross-chained from Ethereum Mainnet to the Bitcoin network via Thorchain, and roughly $78,000 has been transferred via Umbra. The attacking address initially sourced its funds from Tornado Cash, and fund laundering and cross-chain transfers are ongoing.
According to PeckShield’s monitoring, the KelpDAO attacker has transferred 75,700 ETH to two new addresses.
Odaily News KelpDAO stated in a post on X platform that it will continue to explore all feasible avenues to support rsETH holders and mitigate the impact of the related security incident on the DeFi ecosystem.It mentioned that over the past two days, the team has collaborated with the Arbitrum Security Council and multiple ecosystem participants, providing context on the incident and assisting with the assessment efforts, while also expressing gratitude for the coordination and support from teams like SEAL 911. Previously, the Arbitrum Security Council had frozen approximately 30,700 ETH, involving assets related to the KelpDAO attacker.
The mother of an ASTEROID-related creator posted that her social media account had been compromised, and that multiple accounts—including her phone, email, and Facebook—were attacked that evening. She emphasized that the cryptocurrency-related content circulating recently was not posted by her.
Odaily News According to on-chain analyst Yu Jin's monitoring, the Arbitrum chain project team has frozen the 30,766 ETH ($70.97 million) that the KelpDAO hacker had placed on the Arbitrum chain. Through technical means, they transferred these 30,766 ETH from the hacker's wallet to the address 0x0000000000000000000000000000000000000da0, which is controlled by the Arbitrum chain. After the recovery of these 30,766 ETH, the hacker still holds 75,700 ETH ($175 million) on the Ethereum chain.
According to an official Arbitrum announcement, the Arbitrum Security Council took emergency action at 11:26 PM ET on April 20, successfully freezing and transferring 30,766 ETH held at addresses associated with the KelpDAO vulnerability. This operation was conducted with assistance from law enforcement agencies, and the funds have been moved to an intermediate frozen wallet—rendering the original addresses unable to access the funds. The subsequent disposition of these funds will be coordinated by the Arbitrum governance mechanism in collaboration with relevant stakeholders. The Security Council stated that the entire operation had no impact whatsoever on any other on-chain state or Arbitrum users.
According to monitoring by PeckShield, the Kelp DAO attacker transferred 30,765 ETH (approximately $70.92 million) to a special address starting with 0x00000, suspected to be a burning action.
Odaily News Cryptography engineer Filippo Valsorda wrote an article pointing out that the impact of quantum computing on current cryptographic systems is mainly concentrated on asymmetric algorithms (such as ECDSA, RSA, etc.), while its effect on symmetric encryption (like AES, SHA series) is limited. Grover's algorithm does not significantly weaken the security of 128-bit keys in practical scenarios.Although Grover's algorithm can theoretically accelerate brute-force attacks, it is difficult to parallelize, making the actual attack cost extremely high. Even under ideal quantum computing conditions, the resources required to break AES-128 are far greater than the cost of using Shor's algorithm to attack elliptic curve encryption.Furthermore, standards bodies including the National Institute of Standards and Technology (NIST) unanimously agree that AES-128 still meets post-quantum security requirements and does not need to be upgraded to 256-bit keys. Industry views suggest that focusing resources on replacing asymmetric encryption schemes vulnerable to quantum attacks is a more urgent task at present.
According to an official Dune disclosure, following the KelpDAO hack, Dune conducted a security configuration analysis of LayerZero’s DVN (Decentralized Verification Network) for nearly 90 days of active OApps. The data shows that among approximately 2,665 distinct OApp contracts, 47% adopted the 1-of-1 DVN security threshold—the lowest level—45% adopted 2-of-2, and roughly 5% adopted 3-of-3 or higher configurations; KelpDAO’s rsETH resides at the 1-of-1 tier, the minimum security level.
Vercel has released an analysis of a security incident, stating that certain internal systems were accessed without authorization. The breach originated from a third-party AI tool, Context.ai, used by an employee, which was compromised. Attackers leveraged this to take over the employee’s Google Workspace account and access some environment configuration data. Preliminary impact assessment indicates that a small number of customers’ environment variables—unmarked as “sensitive” (e.g., API keys, tokens)—may have been exposed. Affected users have been notified and advised to immediately rotate their credentials. At present, there is no evidence that data explicitly marked as “sensitive” or the supply chain (e.g., npm packages) has been tampered with. Vercel notes that the attackers demonstrated a high level of technical sophistication. The company is collaborating with Mandiant and multiple security organizations to investigate the incident and has filed a report with law enforcement. Vercel also confirms that its platform services remain fully operational. Users are advised to enable multi-factor authentication, comprehensively rotate potentially exposed environment variables, and review account activity logs and deployment records to mitigate further risk.
Michael Egorov (@newmichwill), founder of Curve Finance, posted that recent security incidents in the DeFi space—triggered by centralized failure points—have occurred frequently and severely damaged the industry’s reputation. Citing examples such as Aave users being unable to withdraw funds following the rsETH exploit and the LayerZero cross-chain bridge hack, he emphasized that problems must be prevented *before* they occur—not addressed only after damage is done. He called on the industry to jointly establish DeFi security standards, proposing that the Ethereum Foundation and Solana Foundation take the lead in collaborating with projects across ecosystems, auditing firms, and risk-assessment teams to develop principles and specifications for secure system design—and suggesting that lessons could be drawn from traditional finance’s approaches to safeguarding centralized nodes.
Aave risk service provider LlamaRisk has released an incident report: On April 18, 2026, the attacker exploited a vulnerability in Kelp’s LayerZero V2 Unichain-to-Ethereum rsETH routing (a 1-of-1 DVN configuration flaw), forged inbound packets, and illicitly released 116,500 rsETH from the Ethereum-side adapter. Of these, 89,567 rsETH were deposited as collateral into multiple Aave V3 markets—including Ethereum Core and Arbitrum—enabling the borrowing of approximately 82,650 WETH (valued at ~$191 million) and 821 wstETH. Currently, only 40,373 rsETH remain in the adapter, while the total claimable rsETH on the remote chain stands at 152,577—creating a substantial shortfall. Depending on the loss allocation methodology, Aave faces two potential bad-debt scenarios: - Scenario 1 (global pro-rata allocation): Estimated bad debt of ~$123.7 million, with Ethereum Core bearing the greatest pressure; - Scenario 2 (loss confined to L2s): Estimated bad debt of ~$230.1 million, with Mantle facing a WETH reserve shortfall of up to 71.45% and Arbitrum facing a 26.67% shortfall. Following the incident, Aave Protocol Guardians and Risk Administrators immediately froze rsETH/wrsETH reserves across all 11 affected markets.
Odaily News Kelp DAO officially posted on X regarding the follow-up on the theft incident, stating that the cause was the compromise of two RPC nodes hosted by LayerZero, while the third RPC node suffered a DDoS attack. This was an attack targeting LayerZero's infrastructure; Kelp's own systems were not involved in the construction or operation of this infrastructure.The 1/1 DVN configuration is the scheme documented in LayerZero's documentation and is the default setting for all new OFT deployments. Kelp has been operating on LayerZero's infrastructure since January 2024 and has maintained open communication with the LayerZero team. During Kelp's expansion to Layer2, the DVN configuration was discussed, and the default configuration was explicitly confirmed as appropriate at that time.Kelp's current top priority is to protect user interests and prevent risks from spreading within the DeFi ecosystem. The team is collaborating with various parties in the ecosystem to analyze the impact, seek support, and explore all possible mitigation solutions.
According to 23pds (@im23pds), Chief Information Security Officer (CISO) at SlowMist, Anthropic’s Claude Desktop application writes a special file to all Chromium-based browsers on a user’s computer during installation—without the user’s knowledge or consent. This file effectively functions as a pre-authorized backdoor; when combined with a specific browser extension, attackers can gain full control over the user’s browser.