News linked to both this project and an event.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
According to The Block, Visa has partnered with WeFi—a “blockchain-based bank” founded by Reeve Collins, former CEO of Tether—to enable users to hold digital assets in self-custodial wallets and spend them directly across the global Visa acceptance network, without depositing assets into centralized exchanges. Maksym Sakharov, Co-Founder and CEO of WeFi, stated that stablecoins are natively embedded into the underlying infrastructure, with settlements processed automatically in the background, delivering a user experience indistinguishable from conventional payments. This partnership will initially launch in select markets across Europe, Asia, and Latin America, with further expansion contingent upon regulatory approvals.
According to an official announcement, ZetaChain stated that its GatewayEVM contract was attacked today, with the impact limited solely to internal wallets controlled by the ZetaChain team. The official statement confirmed that the attack vector has been blocked and no further funds are currently at risk. As a precautionary measure, ZetaChain has suspended cross-chain transactions. Meanwhile, the investigation remains ongoing; according to the official statement, no user funds have been affected by this incident, and a detailed post-mortem report will be released upon completion of the investigation.
A research report released by a16z Crypto states that stablecoins have evolved from niche trading tools into the foundational layer of a new global financial infrastructure, giving rise to a new generation of “Banking-as-a-Service” (BaaS) models. Unlike the previous wave of BaaS, this new model is built on onchain infrastructure and integrates account management, payments, foreign exchange, and credit functions via self-custodial wallets—significantly reducing reliance on traditional intermediaries. The report classifies blockchains into three categories: general-purpose public chains (e.g., Solana and Ethereum), purpose-built chains optimized for payment use cases (e.g., Stripe’s Tempo and Circle’s Arc), and compliance-focused networks designed for regulated institutions (e.g., Canton). On the regulatory front, following the passage of the GENIUS Act, stablecoin issuers are competing aggressively for national trust charters from the Office of the Comptroller of the Currency (OCC), aiming to gain direct access to the Federal Reserve’s payment rails and secure a central position within the payments stack. The report also notes that stablecoins have made significant progress in the “middle mile” of cross-border payments; however, liquidity bottlenecks between stablecoins and local fiat currencies remain unresolved in emerging markets. Looking ahead, as stablecoin scale grows, the onchain credit market is poised to become the next major opportunity after payments—providing capital to borrowers underserved by traditional financial systems. Moreover, the widespread adoption of stablecoins is expected to further reinforce the U.S. dollar’s global dominance.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
According to Caixin, the Monetary Authority of Singapore (MAS) released a consultation paper on April 17, 2026, proposing more accommodating regulatory capital guidelines for crypto assets on permissionless blockchains (i.e., public blockchains) ahead of implementing the Basel Committee’s new capital requirements for crypto assets. The current Basel framework is viewed as overly stringent in its classification of public blockchain-based assets, potentially stifling banking-sector innovation. MAS plans to abandon a “one-size-fits-all” classification approach and instead allow public blockchain-based crypto assets that meet a set of principle-based criteria to be classified as Group 1 crypto assets—carrying lower risk weights and less stringent prudential requirements—to achieve regulatory technology neutrality.
U.S. SEC Chairman Paul Atkins delivered a speech marking his first anniversary in office at the Economic Club of Washington, D.C. The SEC is advancing reforms to its digital asset regulatory framework, integrating them into its “A-C-T” strategy—modernizing regulation, clarifying regulatory boundaries, and reshaping the rulemaking system. Regarding crypto assets, the SEC has released a classification framework for crypto tokens, categorizing digital assets into five types—four of which are not considered securities. Atkins stated that the SEC will soon introduce an “Innovation Exemption” mechanism, providing a limited, compliant framework for market participants to conduct tokenized securities transactions on-chain. The SEC has also launched Project Crypto to adapt securities rules and the regulatory system to the growing trend of capital markets moving on-chain. Additionally, last month the SEC signed a Memorandum of Understanding (MOU) with the CFTC to harmonize key definitions, clarify regulatory jurisdictions, and coordinate oversight of shared regulatory matters—including digital assets. Atkins further noted that the U.S.’s prior approach to crypto asset regulation had driven innovation overseas.
According to an official announcement by USDT0 (@USDT0_to), the USDT0 cross-chain bridging infrastructure resumed normal operations today. System integrity and risk exposure remain unaffected, and all pending transactions submitted prior to the suspension have been safely settled. Previously, on April 19, USDT0 proactively suspended its OFT bridging service as a precautionary measure pending the conclusion of the KelpDAO rsETH incident investigation. USDT0 emphasized that it bears no risk exposure related to this incident, and all USDT0 tokens remain fully backed 1:1 by USDT.
According to an official announcement from Curve Finance, due to a hacker attack on the rsETH LayerZero infrastructure, Curve Finance has suspended its LayerZero infrastructure for security reasons, pending further investigation into the root cause before resuming operations. This suspension affects the following: cross-chain bridging of CRV tokens from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava (chains using native bridges remain unaffected), as well as the crvUSD fast bridge functionality (the L2 slow bridge remains fully operational). Meanwhile, KelpDAO is also reported to have suffered a vulnerability exploit involving approximately $291 million; the exact extent of losses is still under investigation.
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Odaily News Ripple announced a partnership with South Korea's major insurance institution, Kyobo Life Insurance, to explore government bond tokenization settlement based on the Ripple Custody platform. The goal is to compress the T+2 settlement cycle for South Korean government bonds to near real-time execution. Both parties stated that they will focus on evaluating the technical and regulatory feasibility of tokenized government bond settlement. Specific transaction scale, launch timeline, and bond types involved have not been disclosed yet, and the overall initiative is still in the pilot exploration phase. Additionally, Kyobo Life will also explore stablecoin-based payment solutions, but specific currencies and implementation timelines have not been clarified. (CoinDesk)
According to Cointelegraph, the blockchain payment network XRP Ledger (XRPL) has partnered with zero-knowledge infrastructure provider Boundless to integrate its zero-knowledge technology into the underlying network, aiming to enable confidential and compliant on-chain transactions for banks and asset management firms. Shiv Shankar, CEO of Boundless, stated that the solution protects sensitive information—including transaction size, frequency, and counterparty details—through selective disclosure and role-based access control, while ensuring regulatory authorities can audit related activities. This integration is expected to drive adoption across multiple institutional use cases on public blockchains, including cross-border corporate payments, treasury management, over-the-counter (OTC) trading, tokenized asset issuance, and decentralized finance (DeFi). Industry observers believe that striking a balance between privacy and compliance is becoming a key factor in driving institutional adoption of public blockchains.
Decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridge contract was attacked. The team promptly disconnected the affected contract and, in collaboration with major exchanges, blacklisted the hacker’s wallet, limiting losses to under $90,000. Earlier, blockchain security firm PeckShield estimated losses at $400,000. The attacker exploited Aethir’s cross-chain smart contract, AethirOFTAdapter, to transfer stolen funds from BNB Chain to Tron. Aethir stated that its Ethereum mainnet ATH token supply remains unaffected. It plans to release a detailed compensation plan and incident analysis next week and will collaborate with exchanges including Binance, Upbit, and Bithumb to freeze funds. Web3 security platform ZeroShadow is assisting with the investigation. In 2025, Aethir achieved $127.8 million in revenue and deployed over 440,000 GPU containers globally.
U.S. law firm Gibbs Mura has launched a class-action litigation investigation into the April 1, 2026, hack of Drift Protocol, reviewing potential investor claims against Circle Internet Financial. The attack resulted in the theft of approximately $280–285 million in assets. The attacker subsequently used Circle’s Cross-Chain Transfer Protocol (CCTP) to bridge over $230 million worth of USDC to Ethereum—Circle took no action to freeze the funds throughout the incident. Notably, just nine days prior, Circle had voluntarily frozen 16 business wallets in a separate civil dispute. Blockchain analytics firm Elliptic suspects the attack was carried out by a North Korea–backed hacking group. As a result of the breach, Drift Protocol’s total value locked (TVL) plummeted from $550 million to below $250 million, the DRIFT token price dropped more than 40%, and at least 20 DeFi protocols suffered indirect losses.