News linked to this event type.
According to threat intelligence released by the SlowMist security team (@SlowMist_Team), its threat intelligence system MistEye has received community reports identifying an active social engineering attack targeting cryptocurrency users. Attackers contact victims under the pretext of project collaboration and lure them into using a counterfeit “Harmony Voice” application (domain: harmony-voice[.]app) for so-called real-time translation—when in fact it is malicious software. SlowMist has already synchronized the relevant threat intelligence (IOCs) to its enterprise customers.
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
According to Cointelegraph, stablecoin issuer Circle faces a class-action lawsuit in the U.S. District Court for the District of Massachusetts for failing to freeze stolen funds during the Drift Protocol hack on April 1. Plaintiffs allege that attackers transferred approximately $230 million worth of USDC from Solana to Ethereum via Circle’s cross-chain transfer protocol (CCTP) within hours—and that Circle failed to intervene. The lawsuit accuses Circle of aiding and abetting conversion and of negligence. Cryptocurrency analytics firm Elliptic previously suspected the attack may be linked to North Korea–backed hackers; the stolen funds were subsequently converted into ETH and laundered through Tornado Cash.
Paolo Ardoino, CEO of Tether, tweeted that Tether has frozen 3.29 million USDT in the hacker’s address associated with Rhea Finance. Earlier reports indicated that Rhea Finance was attacked via a fake token contract, resulting in approximately $7.6 million stolen.
Arkham monitoring shows that a U.S. government address has just transferred $606,470 worth of Bitcoin to Coinbase Prime. This Bitcoin was previously seized by the U.S. government from Ilya Lichtenstein, the Bitfinex hacker. It remains unclear whether this batch of stolen Bitcoin will be sold on Coinbase.
According to The Block, Grinex—a Russia-linked cryptocurrency exchange—suspended withdrawals and trading on Thursday after suffering a hack reportedly worth approximately $15 million. Blockchain analytics firm Elliptic stated that the stolen funds consisted of USDT, which were subsequently moved across the Tron and Ethereum networks and swapped for TRX and ETH to reduce the risk of being frozen by Tether. Grinex said its wallet infrastructure was hit by a “large-scale cyberattack,” resulting in losses exceeding 1 billion rubles—approximately $13.1 million. Reports indicate Grinex is widely regarded as one of the successor platforms to sanctioned exchange Garantex, which U.S. authorities targeted last year for facilitating hundreds of millions of dollars in illicit fund flows.
According to security firm CertiK (@CertiKAlert), the DeFi protocol Rhea Finance has been attacked. The attacker created a fake token contract and injected liquidity into a new liquidity pool, apparently aiming to mislead oracles and the verification layer, ultimately withdrawing approximately $7.6 million in assets.
According to on-chain analytics platform Lookonchain (@lookonchain), the U.S. government deposited 8.2 BTC (approximately $606,000) into Coinbase Prime; these funds originated from assets previously seized in connection with the Bitfinex hack.
The Ethereum Foundation announced that its jointly launched ETH Rangers program has completed its six-month run. The program aims to fund independent researchers who make public security contributions to the Ethereum ecosystem. Seventeen grantees achieved multiple accomplishments in areas including vulnerability research, security tool development, threat intelligence, and incident response—such as recovering or freezing over $5.8 million in funds, reporting or documenting 785+ vulnerabilities and client issues, identifying approximately 100 attackers, delivering security education content reaching over 209,000 users, and handling 36+ security incidents. Additionally, the program engaged over 800 teams in security challenges, produced over 80 technical talks and training sessions, and developed or improved seven or more open-source security tools. The Ethereum Foundation stated that these outcomes demonstrate that decentralized networks require “decentralized defense” to effectively enhance the overall security and resilience of the Ethereum ecosystem.
According to CoinDesk, Drift Protocol—the largest decentralized perpetual futures exchange on Solana—announced it has secured up to $147.5 million in funding from Tether and its partners (including $127.5 million from Tether and $20 million from other partners) following a hack that stole over $270 million. The funds will be used to restore user assets and relaunch the protocol. The attack was carried out on April 1 by a North Korea–linked group that had posed as a quantitative trading firm and infiltrated the protocol for approximately six months, causing the DRIFT token’s value to plummet roughly 70%. The funding structure combines revenue-linked credit, ecosystem subsidies, and market-maker loans, aiming to cover approximately $295 million in user losses. Upon relaunch, the protocol will replace USDC with USDT as its core settlement layer; Tether will simultaneously provide fee waivers, user incentives, and liquidity support.
Odaily News Drift announced on its official website that Drift Protocol has received support from Tether and other partners. Tether intends to contribute $127.5 million, while other partners plan to contribute $20 million, collectively supporting user recovery efforts following the April 1st attack. This support package includes a $100 million revenue-linked credit line, ecosystem grants, and loans provided to market makers. Drift will establish a dedicated user recovery pool, aiming to gradually address the $295 million in outstanding user losses as trading revenue grows. Additionally, Drift will issue independent recovery tokens to affected users, which represent a claim on the recovery pool and are transferable. Drift is currently in the process of restarting the protocol, having engaged Ottersec and Asymmetric for audits, and is migrating its settlement layer from USDC to USDT. The previous attack resulted in the theft of assets worth approximately $295 million, while the insurance fund assets remained unaffected.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
According to Decrypt, Blockstream CEO Adam Back stated at Paris Blockchain Week that he supports advancing Bitcoin’s quantum resistance upgrade on an opt-in basis, opposing proposals to forcibly freeze quantum-vulnerable addresses. He emphasized that “preparation well in advance is far safer than scrambling to respond during a crisis,” and noted that the Bitcoin community possesses strong coordination capabilities to rapidly address critical vulnerabilities. Previously, developer Jameson Lopp and five others proposed BIP-361 (“Post-Quantum Migration and Legacy Signature Sunset”), which advocates phasing out quantum-vulnerable addresses over five years and ultimately freezing coins held in unmigrated addresses—including approximately 1.7 million bitcoins held by Satoshi Nakamoto.
According to Cointelegraph, Jean-Didier Berger, representative of France’s Minister of the Interior, stated at Paris Blockchain Week that France is preparing new measures to protect cryptocurrency holders. He revealed that authorities have launched a preventive platform, which has already attracted thousands of registrants, and are jointly developing a more robust response plan with Interior Minister Laurent Nuñez—expected to be implemented within the coming weeks. Against this backdrop, 41 crypto-related kidnappings have occurred in France in 2026—averaging one every 2.5 days. Globally, such “wrench attacks” rose 75% year-on-year in 2025, with France being the most severely affected country worldwide, accounting for approximately 40% of all such incidents in Europe.
According to CoinDesk, Adam Back, CEO of Blockstream, stated at Paris Blockchain Week that Bitcoin developers should move forward early with optional post-quantum upgrades—even though practical quantum computers remain far from realization. He noted that Taproot’s flexible design supports integrating new post-quantum signature schemes without affecting existing users. Previously, Jameson Lopp and others proposed BIP-361, aiming to phase out quantum-vulnerable addresses over five years and freeze bitcoins in addresses that fail to complete the migration. Adam Back believes the Bitcoin community can rapidly coordinate a response in an emergency—without needing to predefine freezing arrangements.
Odaily News U.S. President Trump and Federal Reserve Chair Powell are set to face off over a key question: whether the incumbent Powell has the right to remain in his position if Trump fails to secure timely confirmation for his chosen successor, Kevin Warsh. Warsh is scheduled to appear before the Senate Banking Committee hearing next Tuesday, but he may struggle to obtain congressional approval before Powell's term as Chair expires on May 15.Trump stated on Wednesday that he would fire Powell if the Fed Chair does not step down "on time," and the likelihood of a direct confrontation between Trump and Powell will increase if Warsh cannot be confirmed soon. This controversy arises as Trump has repeatedly criticized Powell for not yielding to his demands for interest rate cuts, calling the Fed Chair an "idiot" and a "stubborn mule" for refusing to lower borrowing costs.Analysts suggest that as the possibility of Powell remaining as a Fed Governor rises following Trump's latest attack, Trump's strategy could potentially undermine Warsh's efforts to reshape the central bank. (Financial Times)
BitMEX Research published an article proposing an alternative soft fork to BIP-361, suggesting that dormant bitcoins vulnerable to quantum attacks be frozen only upon confirmed existence of a quantum computer capable of stealing bitcoins. The proposal introduces a “canary fund” mechanism: a special bitcoin address whose private key is unknown but theoretically crackable by a sufficiently powerful quantum computer; users may donate BTC to this address as a bounty. If funds are spent from this address, it signals confirmed quantum threat and automatically triggers the freezing mechanism. BitMEX Research states that this proposal serves as a less contentious alternative to the more controversial BIP-361.
CoW Swap announced on X that it has regained control of the cow.fi domain and has been operating normally on cow.finance for some time, with a gradual transition back to the original domain now underway. The official statement explained that on April 14, attackers deceived the DNS registrar with forged documents to seize control of the cow.fi domain. They then deployed a highly realistic phishing site in two stages: first, luring users into signing malicious transactions via a wallet drainer; second, stealing seed phrases and passwords through fake wallet pop-ups. This attack targeted the domain registrar—not CoW Swap’s own infrastructure or private key security. Affected users should revoke all approvals using tools such as Revoke.cash and consider transferring funds to a new wallet.
Odaily News Anthropic has decided to restrict the public release of its Mythos model due to its highly automated cyber attack capabilities. Reports indicate that during internal testing, the model was already capable of independently completing vulnerability discovery and exploitation processes, and generating multi-step attack plans.Informed sources stated that in early testing, Mythos could autonomously build intrusion tools targeting Linux systems and, with guidance, execute complex vulnerability chain attacks. These capabilities were assessed as potentially posing risks to global infrastructure.Anthropic's management ultimately positioned Mythos as a cyber defense tool and opened it for testing to select institutions in a restricted manner. Industry insiders pointed out that similar models could significantly enhance the efficiency of cyber offense and defense, while also potentially introducing new security challenges. (Bloomberg)
Odaily News Bitcoin Core developer Jameson Lopp stated that compared to potential future quantum computing attacks, he would prefer to "freeze" approximately 5.6 million long-dormant BTC from the network rather than letting them be acquired by attackers. These bitcoins have not moved for over 10 years and may be permanently lost, valued at around $420 billion at current prices. If future breakthroughs in quantum computing lead to the private keys of old addresses being cracked, these assets could be transferred again, potentially triggering severe market volatility or even a crisis of confidence. Although the community recently proposed BIP-361, the proposal is still in its early stages and is not a formally promoted solution, but rather more like a contingency plan for an "extreme risk." (CoinDesk)