News linked to this event type.
According to CoinDesk, the North Korean hacking group Lazarus Group has launched a new macOS-targeted campaign dubbed “Mach-O Man,” aimed at executives and institutions within high-value sectors such as cryptocurrency and fintech. The attack employs a social engineering technique called “ClickFix” to trick victims into pasting commands into their Mac Terminal, thereby granting attackers access to corporate systems, SaaS platforms, and financial resources. CertiK researchers stated that “Mach-O Man” is a modular macOS malware toolkit developed by Lazarus Group, now also adopted by other cybercriminal groups. It often self-deletes before victims detect it, complicating attribution and detection. Additionally, attackers have already carried out this campaign by hijacking DeFi project domains and replacing legitimate Cloudflare messages with fake ones.
According to on-chain analyst PeckShield (@PeckShieldAlert), the KelpDAO attacker has transferred ETH from Ethereum to Arbitrum via the Across Protocol, swapped it for USDT, and then routed the funds to TRON DAO via LayerZero.
TechFlow News, April 22: According to a Jefferies report cited by Bloomberg, a hacker attack over the weekend resulted in nearly $300 million in losses for a small crypto project and triggered an outflow of approximately $10 billion from the largest decentralized lending platform—potentially dampening Wall Street’s interest in blockchain technology. Andrew Moss, a member of Jefferies’ digital assets research team, noted that banks, asset management firms, and payment companies have spent the past year developing products based on similar technological systems. However, this attack—allegedly carried out by North Korean hackers—may prompt traditional financial institutions to pause their related initiatives and reassess associated risks.
According to Cointelegraph, the widespread adoption of AI is driving up the number of submissions to cryptocurrency industry bug bounty programs—but a flood of low-quality “AI spam” reports has also emerged, placing a heavy burden on protocol teams for triaging. Barry Plunkett, Co-CEO of Cosmos Labs, stated that submission volume to its platform surged 900% year-on-year, with 20–50 reports received daily; Kadan Stadelmann, CTO of Komodo Platform, likewise noted a marked rise in low-quality and false-positive reports, attributing the root cause primarily to AI’s drastic reduction in the cost of generating reports. Daniel Stenberg, creator of the open-source tool curl, has already shut down his bug bounty program outright due to being overwhelmed. In response, industry insiders recommend that teams deploy defensive AI systems to automatically triage reports and adopt stricter submission criteria—reducing the volume of invalid reports and ensuring genuine vulnerabilities receive timely attention.
According to an official post by Umbra (@UmbraCash), the privacy payment protocol Umbra was used to transfer funds related to a recent hacking incident, involving 349 ETH (approximately $800,000). Umbra stated that, as its privacy address system primarily protects the recipient’s identity—not the sender’s—it offers limited practical assistance to hackers attempting to obscure the origin of stolen funds. All stolen funds remain identifiable and traceable. The team has been in active communication and collaboration with security researchers. Umbra also noted that the protocol is powered entirely by autonomous smart contracts; thus, the team cannot prevent anyone from using the contracts or self-hosted frontend versions. In support of fund recovery efforts, the team placed the hosted frontend into maintenance mode at 6:45 a.m. ET on April 21. Access will be restored once it is confirmed that doing so will not impede the recovery process. The protocol itself continues operating normally, and all funds held within privacy addresses remain secure.
Odaily News: Privacy protocol Umbra has shut down its hosted frontend website to prevent attackers from using the protocol to transfer stolen funds from a recent security incident. Umbra stated that approximately $800,000 in funds were transferred through its protocol, but the protocol only hides the recipient's identity, and the related transactions can still be tracked on-chain. This measure follows the attack on the Kelp protocol, which resulted in losses exceeding $280 million. Umbra said it will restore frontend services after confirming it does not affect asset recovery efforts, but it cannot prevent users from continuing to use the protocol via smart contracts or self-hosted frontends. (Cointelegraph)
Odaily News SuiLend posted on the X platform stating that all platform functions are currently operating normally, including deposits, lending, withdrawals, and repayments, and user funds remain unaffected. Simultaneously, the team is closely monitoring the progress of the previous Volo Protocol security incident and will continue to provide subsequent updates.
According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a hearing before the Senate Armed Services Committee that Bitcoin is a “valuable computer science tool,” and that its proof-of-work technology holds significant applications in cybersecurity—increasing attackers’ costs and enabling the protection of data, information, and command signals, thereby supporting U.S. national security interests. Paparo noted: “Beyond the economic dimension, it has extremely important computer science applications in cybersecurity.” Earlier, in 2023, Jason Lowery of the U.S. Space Force expressed a similar view.
According to Decrypt, Mozilla recently revealed that Anthropic’s latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser; all related vulnerabilities were patched this week. For comparison, a previous Anthropic model had detected only 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities fell within the scope of what top human researchers could identify. Claude Mythos was officially launched in March 2026 and is Anthropic’s most powerful model to date for reasoning, coding, and cybersecurity. It is currently available exclusively to vetted partners—including Amazon, Apple, and Microsoft—under Anthropic’s “Project Glasswing” initiative.
According to on-chain analyst Ai Yi's monitoring, the Venus attacker transferred 2,301 ETH (approximately $5.32 million) to address 0xa21…23A7f 11 hours ago. Subsequently, the funds were laundered in batches via Tornado Cash. Currently, there is still $17.45 million worth of ETH remaining on-chain.
The Economic Daily published an article titled “Leveraging China’s Token Advantages,” which points out the need to clearly recognize potential risks associated with tokens, including identity theft due to token leakage, unauthorized access and theft of sensitive data through forged permissions, and user exploitation via agent-based commission schemes. Some lawbreakers have begun targeting tokens, setting up consumer traps disguised as “discounted token packages” or “token agents.” It is essential to continuously improve policy frameworks, regulations, and standards, and to standardize token trading秩序 by cracking down on price monopolies, false advertising, and illegal financial activities. Illegal and non-compliant activities—including speculative “hoarding for appreciation” and over-the-counter trading—must be resolutely curbed, guiding tokens back to their fundamental roles in technical services, value settlement, and rights transfer.
Odaily News Wall Street investment bank Jefferies' analysis indicates that the approximately $293 million attack on Kelp DAO on April 18 exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes the attacker triggered market sell-offs and liquidity stress by minting unbacked tokens and borrowing across platforms. The incident is suspected to be potentially linked to the Lazarus Group and also highlights the single point of failure in the validation mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), related risks may cause some banks and asset management firms to temporarily pause deployments, prioritizing a review of system security. Especially in scenarios reliant on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Against the backdrop of regulatory progress and continuous infrastructure improvement, use cases like stablecoins still hold growth potential. However, the industry as a whole is still in its early development stage and requires time to enhance system robustness. (CoinDesk)
According to an official announcement by Volo, a security vulnerability occurred today on the Sui network involving Volo—a BTCFi and LST protocol—resulting in the theft of approximately $3.5 million in assets (including WBTC, XAUm, and USDC) from three specific vaults. Immediately after the incident, the team notified the Sui Foundation and ecosystem partners and froze all vaults to prevent further losses. Volo stated that the vulnerability affected only these three vaults; the remaining vaults are not exposed to the same attack vector, and the other ~$28 million in TVL remains secure. The official announcement emphasized that Volo will bear the loss entirely and will not pass it on to users. A comprehensive post-mortem report and remediation plan will be released upon completion of the investigation.
According to on-chain analyst Yu Jin, the KelpDAO hacker began laundering and transferring ETH yesterday afternoon, and by now should have laundered 34,500 ETH (worth $80 million).Most of this ETH was cross-chain swapped into BTC via THORChain, which consequently earned a significant amount in "toll fees":1. THORChain's trading volume surged to $360 million over the past 24 hours, compared to an average daily volume of only $20 million previously.2. THORChain's platform fee revenue reached $420,000 over the past 24 hours, whereas its daily fee income was only $5,000 before.
According to on-chain analyst Specter (@SpecterAnalyst), the North Korean hacking group TraderTraitor began laundering stolen funds from KelpDAO at approximately 3 a.m. Beijing time today—just three hours after the Arbitrum Council froze 30.7 ETH (approximately $71 million). The attackers split the remaining funds across three wallets, holding roughly 25,000 ETH (~$57.6 million), 25,700 ETH (~$59.2 million), and 25,000 ETH (~$57.9 million), respectively. The third wallet immediately initiated laundering operations and now holds only about 3,800 ETH (~$8 million). The majority of the funds were bridged to the Bitcoin network via THORChain, with approximately 99% flowing through this protocol. As a result, THORChain’s daily trading volume surged to $211 million—more than ten times its 30-day average—and generated roughly $189,000 in fees. During this laundering process, the illicit proceeds were also commingled with funds stolen in the BTC Turk (2025) and Bybit (2025) hacks. To date, approximately 442 BTC (~$33 million) linked to these incidents have been traced on the Bitcoin network, and over 400 addresses have been utilized throughout the entire laundering operation.
Odaily News Trump's pick for Fed Chair, Powell, went all out during his confirmation hearing: refusing to answer whether Trump lost the election, being angrily called a "puppet" by Warren; countering by blasting the Fed for "losing its way and playing politics"; and repeatedly denying promising low interest rates to the President. Nick Timiraos, often referred to as the "Fed's mouthpiece," wrote that Massachusetts Democratic Senator Elizabeth Warren, in her opening statement, characterized Powell as both Trump's "puppet" and an opportunist. Warren's argument was that a Fed Chair who wouldn't even dare state a simple fact that might displease the President who nominated him would not stand up to that President at critical moments. This theme ran throughout the hearing, with Democrats returning to it multiple times.Powell also stated that the Fed needs "fundamental policy reform," including a new inflation framework, new tools, and new communication methods. While Powell sidestepped Trump's public attacks on the Fed, he repeatedly denied to senators from both parties that Trump had ever sought any promises on interest rates. "The President never asked me to pre-determine, promise, commit to, or decide on any interest rate decision, not in any of our discussions, and I would never agree to do so." (WSJ)
Bybit’s Security Operations Center has identified a multi-stage malware campaign targeting macOS users of Claude Code, an AI-powered search and development tool. Attackers used search engine optimization (SEO) poisoning to push malicious domains to the top of Google search results, luring users to counterfeit installation pages. Once installed, the malware steals browser credentials, macOS Keychain data, Telegram sessions, VPN configurations, and cryptocurrency wallet information. Bybit stated that the malware can also establish persistent access via backdoor functionality and attempts to target over 250 browser wallet extensions and multiple desktop wallet applications. This malicious infrastructure was identified on March 12, and related analysis, mitigation, and detection measures were completed the same day.
According to Cointelegraph, DefiLlama data shows that there have been 518 hacking incidents in the crypto space over the past decade, resulting in cumulative losses exceeding $1.7 billion. A significant portion of these losses stemmed from private key leaks, phishing attacks, and other credential-based attacks. As smart contract security continues to improve, attackers are increasingly shifting their focus toward wallet security, signature infrastructure, development tools, and user operations. Recently, Kelp DAO’s rsETH cross-chain bridge was attacked, with approximately 116,500 rsETH tokens stolen—valued at roughly $290–293 million at the time of the incident.
Security researcher Doyeon Park announced on X that he discovered and disclosed a high-severity CVSS 7.1 zero-day vulnerability in the Cosmos consensus layer (CometBFT). This vulnerability could cause network nodes to stall during block synchronization, thereby affecting system operation—but it cannot directly lead to asset theft. Doyeon Park stated that he made every effort to follow the Coordinated Vulnerability Disclosure (CVD) process; however, due to the project team’s lack of cooperation and “irresponsible decisions,” he ultimately chose to publicly disclose the vulnerability details, adding that any resulting security risks would be borne by the relevant project teams.
Odaily News According to monitoring by crypto analyst Ai Yi @ai_9684xtpa, the KelpDAO attacker has transferred 50,700 ETH to 2 new addresses, valued at approximately $118 million.