News linked to this event type.
Lido has released an update regarding the Kelp security incident, stating that its Earn-series vaults are working with the management team to address the issue, focusing on two key risk areas: rsETH exposure and tightening liquidity in lending markets. Lido emphasizes that its core staking protocol remains unaffected, and both stETH and wstETH remain secure and stable. Currently, only the EarnETH vault holds approximately 9% of its TVL in rsETH exposure; related deposits and withdrawals have been suspended by the management team pending resolution. Of the ~$70 million in ETH stolen in the earlier attack, roughly $70 million has already been recovered; asset recovery and loss allocation efforts are ongoing. To mitigate liquidity pressure, the management team has reduced leverage and optimized position structures, significantly decreasing wETH debt exposure. Should losses ultimately materialize, EarnETH will activate its $3 million “first-loss protection mechanism,” funded by the DAO. Other vaults remain unaffected: DVV and EarnUSD are operating normally. The GGV sub-vault is currently experiencing negative yields due to a combination of recursive staking strategies and rising borrowing rates, but active adjustments are underway. Users’ previously submitted withdrawal requests will be processed at pre-incident valuations.
According to Decrypt, U.S. Representatives Thomas Massie and Lauren Boebert jointly introduced the AI surveillance bill titled the “Surveillance Accountability Act,” which would require U.S. federal agencies to obtain a judicial warrant before using artificial intelligence for data analysis and surveillance. The bill aims to close a loophole in the “third-party doctrine”—a legal framework originating from 1970s court rulings that permits the U.S. government to access users’ data held by third-party platforms (e.g., banks and telecommunications providers) without a warrant. The bill’s sponsors argue that, in the internet and AI era, this doctrine has been excessively expanded, thereby weakening protections for citizens’ privacy.
, Anthropic and OpenAI have experienced security incidents in succession, drawing market attention to the security of AI models themselves. Currently, Anthropic is investigating a possible case of unauthorized user access to its Claude Mythos model. Almost simultaneously, OpenAI was also reported to have accidentally opened access to several unreleased models within its Codex application.Analysts believe that such incidents highlight that even AI model providers focused on cybersecurity capabilities still face significant security challenges. While AI is increasingly used for cyber defense, platform security and access control are becoming critical risk points.Industry insiders point out that these vulnerability incidents have intensified scrutiny over the security governance capabilities of AI companies, and also reflect that the security systems of current AI technology still need improvement amid rapid development. (The Information)
According to Decrypt, OpenAI CEO Sam Altman stated that Anthropic is promoting its AI model Claude Mythos through “fear-based marketing,” using narratives about security risks to justify its limited-open strategy. Claude Mythos has recently drawn attention for its ability to autonomously discover software vulnerabilities and perform complex cybersecurity operations. The report notes that Mozilla previously disclosed that the model identified 271 vulnerabilities in the Firefox browser during testing. Meanwhile, discussions surrounding the model’s potential offensive cybersecurity risks continue to intensify. Altman also emphasized that OpenAI will not scale back its infrastructure investments and will continue expanding its computational capabilities.
Spark announced on X that the total staked native token SPK has just surpassed 500 million tokens, reaching 509,969,466 tokens according to its displayed data. Users staking SPK can now participate in Season 4 of the Spark Points Program and earn points rewards. Previously, due to the rsETH security incident, funds continuously flowed out of Aave, while Spark absorbed some of the capital withdrawn by large whales/institutions from Aave.
Ledger Chief Technology Officer Charles Guillemet pointed out that the development of post-quantum cryptography has entered a critical stage. Although the timeline for a practical quantum computer remains unclear, a full-scale migration of the encryption systems across the industry is an inevitable trend. Led by NIST, the traditional sector plans to phase out high-risk algorithms by 2030 and completely ban them by 2035, with government and enterprise institutions expected to complete their migration layouts by 2029. Encryption and key exchange will adopt ML-KEM to defend against quantum decryption attacks on harvested data, with digital signatures becoming the core of blockchain transformation. The traditional industry prefers ML-DSA hybrid schemes, while the blockchain sector favors the more secure and robust SLH-DSA hash-based signature. Both schemes have their respective advantages and disadvantages. The compatibility challenges of post-quantum algorithms with MPC and threshold signatures remain a key risk that the industry urgently needs to address.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
Vercel CEO Guillermo Rauch (@rauchg) announced that Vercel is conducting an in-depth investigation into the April 2026 security incident. The investigation revealed that the attackers initially breached Vercel’s systems via Context.ai’s account—a startup—but their activities extended far beyond this initial intrusion. Threat intelligence indicates that the attackers distributed malware to steal Vercel account credentials and API keys from other service providers, then used those keys to rapidly and extensively enumerate non-sensitive environment variables. To trace the root cause, Vercel has processed nearly 1 petabyte of network and API logs. Vercel is collaborating with industry partners—including Microsoft, AWS, and Wiz—to respond jointly and has proactively notified other potentially affected parties, urging them to rotate credentials and adopt security best practices.
23pds, Chief Information Security Officer of SlowMist Technology, retweeted a post from the dark web intelligence account Dark Web Intelligence (@DailyDarkWeb), stating that the hacker group ShinyHunters claims to have breached internal systems related to Anthropic’s Mythos model and has shared screenshots—including those of the user management panel, AI experiment dashboard, and model performance and cost analysis. As of now, Anthropic has not officially confirmed the authenticity of this claim. Given that numerous enterprises have already applied for trial access to the relevant models, if this report proves true, it could pose indirect security risks to leading technology firms and crypto-related businesses.
According to on-chain analyst Yujin (@EmberCN), the KelpDAO hacker, over a period of approximately one and a half days, has converted nearly all 75,700 ETH (valued at roughly $175 million) on Ethereum into BTC—primarily via the cross-chain protocol THORChain. This money-laundering activity generated approximately $800 million in trading volume and $910,000 in platform fees for THORChain.
Odaily News According to public records from the New York Criminal Court, Believe founder Benjamin Pasternak was arrested on suspicion of second-degree strangulation and assault, with a court appearance scheduled for June 11. He was previously accused of involvement in a token exit scam scheme involving millions of dollars. The platform's native token BELIEVE is currently trading at approximately $0.00075, down over 99% from its all-time high of $0.3569 set in May 2025.
Odaily News: The UK Financial Conduct Authority (FCA), in collaboration with HM Revenue & Customs and the South West Regional Organised Crime Unit, recently conducted raids on eight locations across the UK suspected of engaging in illegal P2P cryptocurrency trading. Officials issued prohibition orders on-site, requiring the operators to cease activities immediately and gathered relevant evidence. The UK FCA pointed out that currently, no P2P cryptocurrency traders or platforms are registered with the regulator in the UK. Furthermore, in the recent multi-agency Operation Atlantic, law enforcement agencies froze $12 million in assets linked to cryptocurrency scams and traced over $45 million in stolen cryptocurrency. The UK FCA has now launched a consultation on its guidelines for the cryptocurrency regulatory framework set to take effect in 2027.
According to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech. The attack employs a social engineering technique called “ClickFix” to trick victims into pasting commands into their Mac Terminal, thereby granting attackers access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims detect it, complicating attribution and detection. Additionally, attackers have already carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.
According to on-chain analyst PeckShield (@PeckShieldAlert), the KelpDAO attacker has transferred ETH from Ethereum to Arbitrum via the Across Protocol, swapped it for USDT, and then routed the funds to TRON DAO via LayerZero.
TechFlow News, April 22: According to a Jefferies report cited by Bloomberg, a hacker attack over the weekend resulted in nearly $300 million in losses for a small crypto project and triggered an outflow of approximately $10 billion from the largest decentralized lending platform—potentially dampening Wall Street’s interest in blockchain technology. Andrew Moss, a member of Jefferies’ digital assets research team, noted that banks, asset management firms, and payment companies have spent the past year developing products based on similar technological systems. However, this attack—allegedly carried out by North Korean hackers—may prompt traditional financial institutions to pause their related initiatives and reassess associated risks.
According to Cointelegraph, the widespread adoption of AI is driving up the number of submissions to cryptocurrency industry bug bounty programs—but a flood of low-quality “AI spam” reports has also emerged, placing a heavy burden on protocol teams for triaging. Barry Plunkett, Co-CEO of Cosmos Labs, stated that submission volume to its platform surged 900% year-on-year, with 20–50 reports received daily; Kadan Stadelmann, CTO of Komodo Platform, likewise noted a marked rise in low-quality and false-positive reports, attributing the root cause primarily to AI’s drastic reduction in the cost of generating reports. Daniel Stenberg, creator of the open-source tool curl, has already shut down his bug bounty program outright due to being overwhelmed. In response, industry insiders recommend that teams deploy defensive AI systems to automatically triage reports and adopt stricter submission criteria—reducing the volume of invalid reports and ensuring genuine vulnerabilities receive timely attention.
According to an official post by Umbra (@UmbraCash), the privacy payment protocol Umbra was used to transfer funds related to a recent hacking incident, involving 349 ETH (approximately $800,000). Umbra stated that, as its privacy address system primarily protects the recipient’s identity—not the sender’s—it offers limited practical assistance to hackers attempting to obscure the origin of stolen funds. All stolen funds remain identifiable and traceable. The team has been in active communication and collaboration with security researchers. Umbra also noted that the protocol is powered entirely by autonomous smart contracts; thus, the team cannot prevent anyone from using the contracts or self-hosted frontend versions. In support of fund recovery efforts, the team placed the hosted frontend into maintenance mode at 6:45 a.m. ET on April 21. Access will be restored once it is confirmed that doing so will not impede the recovery process. The protocol itself continues operating normally, and all funds held within privacy addresses remain secure.
Odaily News: Privacy protocol Umbra has shut down its hosted frontend website to prevent attackers from using the protocol to transfer stolen funds from a recent security incident. Umbra stated that approximately $800,000 in funds were transferred through its protocol, but the protocol only hides the recipient's identity, and the related transactions can still be tracked on-chain. This measure follows the attack on the Kelp protocol, which resulted in losses exceeding $280 million. Umbra said it will restore frontend services after confirming it does not affect asset recovery efforts, but it cannot prevent users from continuing to use the protocol via smart contracts or self-hosted frontends. (Cointelegraph)
Odaily News SuiLend posted on the X platform stating that all platform functions are currently operating normally, including deposits, lending, withdrawals, and repayments, and user funds remain unaffected. Simultaneously, the team is closely monitoring the progress of the previous Volo Protocol security incident and will continue to provide subsequent updates.
According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a hearing before the Senate Armed Services Committee that Bitcoin is a “valuable computer science tool,” and that its proof-of-work technology holds significant applications in cybersecurity—increasing attackers’ costs and enabling the protection of data, information, and command signals, thereby supporting U.S. national security interests. Paparo noted: “Beyond the economic dimension, it has extremely important computer science applications in cybersecurity.” Earlier, in 2023, Jason Lowery of the U.S. Space Force expressed a similar view.