News linked to both this project and an event.
: The U.S. Department of Justice (DOJ) announced that a 22-year-old California man, Evan Tangeman, has been sentenced to 70 months (approximately 5 years and 10 months) in prison, followed by 3 years of supervised release, for his involvement in a criminal organization that stole approximately $263 million in crypto assets through social engineering fraud and home invasions.According to court documents, Tangeman pleaded guilty in December 2025, admitting to helping the criminal network launder at least $3.5 million in illicit funds.The criminal group allegedly used the stolen funds for lavish spending, including multi-million dollar nightclub bills, Lamborghini sports cars, and high-end assets like Rolex watches.U.S. District Attorney for the District of Columbia, Jeanine Pirro, stated in a release that the organization "built a criminal system based on nearly absurd greed," emphasizing that Tangeman not only participated in money laundering but also destroyed evidence after his accomplices were arrested, demonstrating clear criminal intent.This sentencing comes as data shows that the crypto industry suffered $482 million in losses from scams and hacks in the first quarter of 2026, with social engineering fraud and physical violent robberies on the rise. (Cointelegraph)
the Lido team has initiated a proposal, planning to allocate up to 2,500 stETH (approximately $5.8 million) from the DAO to cover the rsETH asset shortfall resulting from the recent attack on Kelp DAO.Lido noted that the LayerZero-based exploit has led to insufficient rsETH reserves, triggering a chain reaction across the DeFi ecosystem, including rising interest rate pressure, tightening lending markets, and certain leveraged strategies facing passive liquidation risks.The proposal emphasizes that these funds will only be used as part of a complete recovery solution, provided that the overall shortfall can be fully addressed.Previously, the approximately $292 million attack on Kelp DAO had already impacted Aave, leading to bad debt issues, and its total value locked (TVL) once declined by nearly $8 billion.
According to Decrypt, OpenAI CEO Sam Altman stated that Anthropic is promoting its AI model Claude Mythos through “fear-based marketing,” using narratives about security risks to justify its limited-open strategy. Claude Mythos has recently drawn attention for its ability to autonomously discover software vulnerabilities and perform complex cybersecurity operations. The report notes that Mozilla previously disclosed that the model identified 271 vulnerabilities in the Firefox browser during testing. Meanwhile, discussions surrounding the model’s potential offensive cybersecurity risks continue to intensify. Altman also emphasized that OpenAI will not scale back its infrastructure investments and will continue expanding its computational capabilities.
Ledger Chief Technology Officer Charles Guillemet pointed out that the development of post-quantum cryptography has entered a critical stage. Although the timeline for a practical quantum computer remains unclear, a full-scale migration of the encryption systems across the industry is an inevitable trend. Led by NIST, the traditional sector plans to phase out high-risk algorithms by 2030 and completely ban them by 2035, with government and enterprise institutions expected to complete their migration layouts by 2029. Encryption and key exchange will adopt ML-KEM to defend against quantum decryption attacks on harvested data, with digital signatures becoming the core of blockchain transformation. The traditional industry prefers ML-DSA hybrid schemes, while the blockchain sector favors the more secure and robust SLH-DSA hash-based signature. Both schemes have their respective advantages and disadvantages. The compatibility challenges of post-quantum algorithms with MPC and threshold signatures remain a key risk that the industry urgently needs to address.
TechFlow News, April 22: According to a Jefferies report cited by Bloomberg, a hacker attack over the weekend resulted in nearly $300 million in losses for a small crypto project and triggered an outflow of approximately $10 billion from the largest decentralized lending platform—potentially dampening Wall Street’s interest in blockchain technology. Andrew Moss, a member of Jefferies’ digital assets research team, noted that banks, asset management firms, and payment companies have spent the past year developing products based on similar technological systems. However, this attack—allegedly carried out by North Korean hackers—may prompt traditional financial institutions to pause their related initiatives and reassess associated risks.
The Economic Daily published an article titled “Leveraging China’s Token Advantages,” which points out the need to clearly recognize potential risks associated with tokens, including identity theft due to token leakage, unauthorized access and theft of sensitive data through forged permissions, and user exploitation via agent-based commission schemes. Some lawbreakers have begun targeting tokens, setting up consumer traps disguised as “discounted token packages” or “token agents.” It is essential to continuously improve policy frameworks, regulations, and standards, and to standardize token trading秩序 by cracking down on price monopolies, false advertising, and illegal financial activities. Illegal and non-compliant activities—including speculative “hoarding for appreciation” and over-the-counter trading—must be resolutely curbed, guiding tokens back to their fundamental roles in technical services, value settlement, and rights transfer.
According to Cointelegraph, DefiLlama data shows that there have been 518 hacking incidents in the crypto space over the past decade, resulting in cumulative losses exceeding $1.7 billion. A significant portion of these losses stemmed from private key leaks, phishing attacks, and other credential-based attacks. As smart contract security continues to improve, attackers are increasingly shifting their focus toward wallet security, signature infrastructure, development tools, and user operations. Recently, Kelp DAO’s rsETH cross-chain bridge was attacked, with approximately 116,500 rsETH tokens stolen—valued at roughly $290–293 million at the time of the incident.
According to 23pds (@im23pds), Chief Information Security Officer (CISO) at SlowMist, Anthropic’s Claude Desktop application writes a special file to all Chromium-based browsers on a user’s computer during installation—without the user’s knowledge or consent. This file effectively functions as a pre-authorized backdoor; when combined with a specific browser extension, attackers can gain full control over the user’s browser.
Odaily News Lido posted on platform X stating that on April 18th, the Kelp cross-chain bridge was attacked, resulting in the theft of approximately 116,500 rsETH (worth about $292 million). Subsequently, the related assets were frozen on lending markets such as Aave.Its treasury product EarnETH has approximately a 9% risk exposure (about $21.6 million) through leveraged rsETH/ETH positions on Aave. Meanwhile, rising borrowing utilization is creating cost pressure on other strategies. The team is advancing deleveraging and reducing overall risk.Lido pointed out that the final impact of the rsETH positions depends on the subsequent handling by Kelp, LayerZero, and Aave, including loss sharing, asset recovery, and bad debt processing.Regarding risk mitigation, EarnETH can, if necessary, activate a $3 million "first-loss protection mechanism" (provided by the DAO treasury) to cover losses. The specific scale of its use is still pending further evaluation. Currently, the treasury has suspended deposits and withdrawals to ensure fairness and complete loss assessment. If the handling process is slow, redemption channels may be reopened based on the worst-case loss expectations.The official emphasized that stETH and wstETH are unaffected, and the core staking protocol was not involved in this incident.
According to CoinDesk, Kelp DAO will dispute LayerZero’s explanation of the $290 million rsETH cross-chain bridge vulnerability, stating that the compromised single-validator configuration relied on LayerZero’s own infrastructure and that this setup was part of LayerZero’s default integration—rather than a custom choice by Kelp DAO violating recommended practices. The attacker stole approximately 116,500 rsETH by compromising the servers LayerZero used to verify cross-chain transactions and disrupting its fallback nodes. Kelp DAO emphasized that the incident affected only the LayerZero-based bridging layer, leaving its core liquidity re-staking contracts unimpacted. LayerZero subsequently responded by announcing it would cease signing messages for any applications using a single-validator configuration and would mandate secure migration.
According to a post by 0xngmi, founder of DefiLlama, following the hack of KelpDAO, Aave is facing severe pressure in handling bad debt. Currently, there are three potential solutions: First, socializing the loss across all users—this would result in an 18.5% impairment for users, generating approximately $216 million in bad debt. Aave’s Umbrella Insurance could cover $55 million, and the treasury could contribute an additional $85 million, leaving a shortfall of roughly $76 million. Second, executing a “rug pull” on rsETH holders on L2 chains—this would generate approximately $341 million in bad debt, with Arbitrum, Mantle, and Base markets suffering the heaviest losses. Third, returning assets to holders based on a pre-attack snapshot—but this approach is extremely operationally challenging, and even after Umbrella Insurance coverage, an estimated $91 million in losses would remain. Additionally, some suggest confiscating the hacker’s collateral to offset part of the bad debt. Meanwhile, Aave’s OG Security Module still holds approximately $300 million worth of AAVE tokens; applying a 20% reduction would provide an additional ~$60 million in loss coverage.
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.
Odaily News On-chain data indicates that Kelp DAO's rsETH bridge protocol based on LayerZero is suspected of being exploited by hackers, resulting in a loss of 116,500 rsETH, valued at approximately $292 million.
According to Elastic Security Labs, threat actors impersonated venture capital firms and lured targets into opening malicious Obsidian note vaults via LinkedIn and Telegram. This attack leveraged Obsidian’s Shell Commands plugin to execute malicious payloads without exploiting any vulnerabilities when victims opened the note vaults. The PHANTOMPULSE malware discovered in this campaign is a previously undocumented Windows Remote Access Trojan (RAT) that uses Ethereum transaction data to achieve blockchain-based C2 communication. The macOS payload employs an obfuscated AppleScript dropper and uses a Telegram channel as a fallback C2. Elastic Defend detected and blocked the PHANTOMPULSE execution before it could run.
Odaily News Bitcoin contributor Jameson Loop and other cryptographers have proposed an initiative that could force Bitcoin holders to migrate their tokens to new quantum-resistant addresses, otherwise their tokens would be permanently frozen by the network itself. In this scenario, holders would technically still "own" the coins but would lose the ability to transfer them. This is known as Bitcoin Improvement Proposal BIP-361, which was updated in Bitcoin's official proposal repository on Tuesday under the title "Post-Quantum Migration and Legacy Signature Deprecation".BIP-361 builds upon the BIP-360 proposal introduced in February. BIP-360 introduced a soft fork (a network upgrade) designed to enable a new transaction type called "Pay-to-Merkle-Root" (P2MR). This method draws from Bitcoin's Taproot (P2TR) framework but removes the key-based spending path, thereby eliminating an element widely considered to be at risk in the quantum era.The BIP-361 proposal divides the migration into three phases. Phase A begins three years after activation, prohibiting anyone from sending new Bitcoin to legacy, quantum-vulnerable addresses. You can still spend from these addresses but cannot receive any coins.Phase B begins five years after activation, rendering legacy signatures (ECDSA and Schnorr) completely invalid. The network will reject any attempts to spend coins from quantum-vulnerable wallets. Essentially, your coins will be frozen.Finally, there is Phase C, a still-under-research rescue plan: holders of frozen wallets may be able to prove ownership via zero-knowledge proofs (a method of proving knowledge of a secret without revealing the secret itself). If successful, coins frozen in Phase B could be recovered. (CoinDesk)