News linked to this event type.
Odaily News Cryptography engineer Filippo Valsorda wrote an article pointing out that the impact of quantum computing on current cryptographic systems is mainly concentrated on asymmetric algorithms (such as ECDSA, RSA, etc.), while its effect on symmetric encryption (like AES, SHA series) is limited. Grover's algorithm does not significantly weaken the security of 128-bit keys in practical scenarios.Although Grover's algorithm can theoretically accelerate brute-force attacks, it is difficult to parallelize, making the actual attack cost extremely high. Even under ideal quantum computing conditions, the resources required to break AES-128 are far greater than the cost of using Shor's algorithm to attack elliptic curve encryption.Furthermore, standards bodies including the National Institute of Standards and Technology (NIST) unanimously agree that AES-128 still meets post-quantum security requirements and does not need to be upgraded to 256-bit keys. Industry views suggest that focusing resources on replacing asymmetric encryption schemes vulnerable to quantum attacks is a more urgent task at present.
According to an official Dune disclosure, following the KelpDAO hack, Dune conducted a security configuration analysis of LayerZero’s DVN (Decentralized Verification Network) for nearly 90 days of active OApps. The data shows that among approximately 2,665 distinct OApp contracts, 47% adopted the 1-of-1 DVN security threshold—the lowest level—45% adopted 2-of-2, and roughly 5% adopted 3-of-3 or higher configurations; KelpDAO’s rsETH resides at the 1-of-1 tier, the minimum security level.
Vercel has released an analysis of a security incident, stating that certain internal systems were accessed without authorization. The breach originated from a third-party AI tool, Context.ai, used by an employee, which was compromised. Attackers leveraged this to take over the employee’s Google Workspace account and access some environment configuration data. Preliminary impact assessment indicates that a small number of customers’ environment variables—unmarked as “sensitive” (e.g., API keys, tokens)—may have been exposed. Affected users have been notified and advised to immediately rotate their credentials. At present, there is no evidence that data explicitly marked as “sensitive” or the supply chain (e.g., npm packages) has been tampered with. Vercel notes that the attackers demonstrated a high level of technical sophistication. The company is collaborating with Mandiant and multiple security organizations to investigate the incident and has filed a report with law enforcement. Vercel also confirms that its platform services remain fully operational. Users are advised to enable multi-factor authentication, comprehensively rotate potentially exposed environment variables, and review account activity logs and deployment records to mitigate further risk.
Michael Egorov (@newmichwill), founder of Curve Finance, posted that recent security incidents in the DeFi space—triggered by centralized failure points—have occurred frequently and severely damaged the industry’s reputation. Citing examples such as Aave users being unable to withdraw funds following the rsETH exploit and the LayerZero cross-chain bridge hack, he emphasized that problems must be prevented *before* they occur—not addressed only after damage is done. He called on the industry to jointly establish DeFi security standards, proposing that the Ethereum Foundation and Solana Foundation take the lead in collaborating with projects across ecosystems, auditing firms, and risk-assessment teams to develop principles and specifications for secure system design—and suggesting that lessons could be drawn from traditional finance’s approaches to safeguarding centralized nodes.
Aave risk service provider LlamaRisk has released an incident report: On April 18, 2026, the attacker exploited a vulnerability in Kelp’s LayerZero V2 Unichain-to-Ethereum rsETH routing (a 1-of-1 DVN configuration flaw), forged inbound packets, and illicitly released 116,500 rsETH from the Ethereum-side adapter. Of these, 89,567 rsETH were deposited as collateral into multiple Aave V3 markets—including Ethereum Core and Arbitrum—enabling the borrowing of approximately 82,650 WETH (valued at ~$191 million) and 821 wstETH. Currently, only 40,373 rsETH remain in the adapter, while the total claimable rsETH on the remote chain stands at 152,577—creating a substantial shortfall. Depending on the loss allocation methodology, Aave faces two potential bad-debt scenarios: - Scenario 1 (global pro-rata allocation): Estimated bad debt of ~$123.7 million, with Ethereum Core bearing the greatest pressure; - Scenario 2 (loss confined to L2s): Estimated bad debt of ~$230.1 million, with Mantle facing a WETH reserve shortfall of up to 71.45% and Arbitrum facing a 26.67% shortfall. Following the incident, Aave Protocol Guardians and Risk Administrators immediately froze rsETH/wrsETH reserves across all 11 affected markets.
Odaily News Kelp DAO officially posted on X regarding the follow-up on the theft incident, stating that the cause was the compromise of two RPC nodes hosted by LayerZero, while the third RPC node suffered a DDoS attack. This was an attack targeting LayerZero's infrastructure; Kelp's own systems were not involved in the construction or operation of this infrastructure.The 1/1 DVN configuration is the scheme documented in LayerZero's documentation and is the default setting for all new OFT deployments. Kelp has been operating on LayerZero's infrastructure since January 2024 and has maintained open communication with the LayerZero team. During Kelp's expansion to Layer2, the DVN configuration was discussed, and the default configuration was explicitly confirmed as appropriate at that time.Kelp's current top priority is to protect user interests and prevent risks from spreading within the DeFi ecosystem. The team is collaborating with various parties in the ecosystem to analyze the impact, seek support, and explore all possible mitigation solutions.
According to 23pds (@im23pds), Chief Information Security Officer (CISO) at SlowMist, Anthropic’s Claude Desktop application writes a special file to all Chromium-based browsers on a user’s computer during installation—without the user’s knowledge or consent. This file effectively functions as a pre-authorized backdoor; when combined with a specific browser extension, attackers can gain full control over the user’s browser.
Odaily News Lido posted on platform X stating that on April 18th, the Kelp cross-chain bridge was attacked, resulting in the theft of approximately 116,500 rsETH (worth about $292 million). Subsequently, the related assets were frozen on lending markets such as Aave.Its treasury product EarnETH has approximately a 9% risk exposure (about $21.6 million) through leveraged rsETH/ETH positions on Aave. Meanwhile, rising borrowing utilization is creating cost pressure on other strategies. The team is advancing deleveraging and reducing overall risk.Lido pointed out that the final impact of the rsETH positions depends on the subsequent handling by Kelp, LayerZero, and Aave, including loss sharing, asset recovery, and bad debt processing.Regarding risk mitigation, EarnETH can, if necessary, activate a $3 million "first-loss protection mechanism" (provided by the DAO treasury) to cover losses. The specific scale of its use is still pending further evaluation. Currently, the treasury has suspended deposits and withdrawals to ensure fairness and complete loss assessment. If the handling process is slow, redemption channels may be reopened based on the worst-case loss expectations.The official emphasized that stETH and wstETH are unaffected, and the core staking protocol was not involved in this incident.
According to an official Lido tweet, on April 18, 2026, attackers stole 116,500 rsETH (approximately $292 million) from the Kelp cross-chain bridge. Lending platforms including Aave subsequently froze the rsETH market. Lido’s EarnETH treasury holds approximately 9% exposure to rsETH (roughly $21.6 million) via leveraged positions on Aave; deposits and withdrawals are currently suspended. The EarnETH team is actively reducing leverage and mitigating risk; the final loss amount will depend on subsequent decisions by Kelp, LayerZero, and Aave. The Lido DAO treasury has a $3 million “first-loss protection mechanism,” which may be activated—via burning DAO treasury shares—as needed. Lido’s core staking protocol, as well as stETH and wstETH, remain unaffected by this incident.
According to CoinDesk, Kelp DAO will dispute LayerZero’s explanation of the $290 million rsETH cross-chain bridge vulnerability, stating that the compromised single-validator configuration relied on LayerZero’s own infrastructure and that this setup was part of LayerZero’s default integration—rather than a custom choice by Kelp DAO violating recommended practices. The attacker stole approximately 116,500 rsETH by compromising the servers LayerZero used to verify cross-chain transactions and disrupting its fallback nodes. Kelp DAO emphasized that the incident affected only the LayerZero-based bridging layer, leaving its core liquidity re-staking contracts unimpacted. LayerZero subsequently responded by announcing it would cease signing messages for any applications using a single-validator configuration and would mandate secure migration.
According to DL News, Russian cryptocurrency exchange Grinex announced last Wednesday that it would cease operations after suffering a cyberattack that resulted in the theft of over 1 billion rubles—approximately $13 million. The report states that Grinex had processed nearly $100 billion in trading volume for the sanctioned stablecoin A7A5 in 2025. Its shutdown is expected to weaken Russian companies’ ability to convert rubles into usable international currencies and deliver a severe blow to Russia’s shadow financial system designed to circumvent sanctions. Grinex was viewed as the successor to Garantex, which had previously been sanctioned and shut down. Both Grinex and Old Vector—the issuer of A7A5—were sanctioned in August 2025 by the United States, the European Union, and the United Kingdom.
According to an official announcement, in response to the security incident involving the frontend platform Vercel and related supply-chain security risks, Binance’s security team immediately initiated an emergency response, conducted a comprehensive risk assessment across all frontend products within the Binance ecosystem, and directly contacted Vercel to verify each point individually. Binance stated that its platform and user assets are not affected by this incident.
According to an official announcement, in response to the recent Vercel platform security incident, Jupiter (@JupiterExchange) stated that it has received no notifications or indications of impact, and its jup.ag frontend does not store any sensitive information. Jupiter has proactively implemented all security measures recommended by Vercel, completed rotation of all keys, and conducted a comprehensive review of system logs—no suspicious activity was found. Monitoring remains ongoing.
According to monetsupply.eth, Spark’s Strategy Lead, in a post on X, Spark has long maintained a relatively high borrowing interest rate cap for its SparkLend ETH market. Although this policy caused many users to migrate to Aave—resulting in substantial loss of business and revenue—the current market liquidity crisis has validated the prudence of this strategy. Presently, Aave is experiencing severe liquidity shortages across multiple chains—including Ethereum Mainnet, Arbitrum, Polygon Plasma, Mantle, and Base—with ETH borrowing utilization reaching 100%. This has prevented depositors from withdrawing funds and hindered normal liquidation of ETH collateral. He warns that if the current liquidity crunch persists, a 15–20% drop in ETH’s price could expose Aave to widespread bad debt—compounded by the potential impact of the rsETH vulnerability incident.
According to an analysis by SlowMist founder Yu Xian (@evilcos), the core of the recent KelpDAO hack—resulting in approximately $290 million stolen—was a targeted poisoning attack against the downstream RPC infrastructure of LayerZero’s DVN (Decentralized Validator Network). The specific attack steps were as follows: First, the attackers obtained the list of RPC nodes used by LayerZero’s DVN; second, they compromised two independent RPC clusters and replaced their op-geth binary files; third, using selective spoofing techniques, they returned forged malicious payloads exclusively to the DVN while serving legitimate data to all other IPs; fourth, they launched DDoS attacks against uncompromised RPC nodes, forcing the DVN to fail over to the poisoned nodes; finally, after the forged messages were validated, the malicious binary self-destructed and erased its logs. As a result, LayerZero’s DVN signed validations for transactions that “never occurred.”
Currently, the LayerZero Labs DVN has resumed operations and announced that it will no longer sign or verify messages for applications still using the 1/1 configuration. LayerZero has collaborated with multiple law enforcement agencies worldwide and is actively assisting in tracking the stolen funds.
According to on-chain analytics platform Lookonchain (@lookonchain), an OTC whale previously purchased 163,405 ETH (approximately $440 million) and 4,000 cbBTC (approximately $296 million). Due to the KelpDAO rsETH cross-chain bridge vulnerability, this whale was unable to withdraw ETH normally from Aave and was forced to discount-swap 7,438 aEthWETH (approximately $16.83 million) for 1,930 stETH and 5,272 ETH, incurring a loss of approximately 237 ETH (about $540,000). The whale has since withdrawn 98,032 wstETH (approximately $272 million) and 3,000 cbBTC (approximately $221.6 million) from Aave, leaving 10,000 ETH (approximately $22.8 million) still deposited in Aave.
Odaily News France has become a hotspot for wrench attacks, with at least 41 cryptocurrency-related kidnappings and home invasions reported this year, averaging one incident every 2.5 days. Jean-Didier Berger, the Deputy Minister of the Interior, stated that a series of new measures are being prepared with Interior Minister Laurent Nuñez to address this issue.A wrench attack refers to the use of physical violence to force victims to transfer crypto assets. Data from Certik and Jameson Lopp shows that globally, there were 72 verified cases of physical coercion in 2025, a 75% year-on-year increase, with cases involving physical assaults rising by 250%. Ledger co-founder David Balland was kidnapped in France in January 2025. Security researchers point out that attackers are shifting from targeting wallets to hunting individuals, using social media and leaked data to identify targets. Due to the irreversible nature of crypto transactions, attackers often convert illicit proceeds into stablecoins and transfer them across chains to evade tracking. Experts recommend using tools such as multi-signature wallets, withdrawal delays, and spending limits to reduce the risk of attack.
According to official news, the Polygon team has been actively monitoring the rsETH vulnerability: neither the Polygon Chain, Agglayer, nor the broader ecosystem including Katana and Vaultbridge have been affected by this incident.
According to a post by 0xngmi, founder of DefiLlama, following the hack of KelpDAO, Aave is facing severe pressure in handling bad debt. Currently, there are three potential solutions: First, socializing the loss across all users—this would result in an 18.5% impairment for users, generating approximately $216 million in bad debt. Aave’s Umbrella Insurance could cover $55 million, and the treasury could contribute an additional $85 million, leaving a shortfall of roughly $76 million. Second, executing a “rug pull” on rsETH holders on L2 chains—this would generate approximately $341 million in bad debt, with Arbitrum, Mantle, and Base markets suffering the heaviest losses. Third, returning assets to holders based on a pre-attack snapshot—but this approach is extremely operationally challenging, and even after Umbrella Insurance coverage, an estimated $91 million in losses would remain. Additionally, some suggest confiscating the hacker’s collateral to offset part of the bad debt. Meanwhile, Aave’s OG Security Module still holds approximately $300 million worth of AAVE tokens; applying a 20% reduction would provide an additional ~$60 million in loss coverage.