News linked to both this project and an event.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
According to an official announcement by Tropykus, the decentralized lending protocol Tropykus has initiated a phased shutdown of its current protocol version. Deposit and lending functionalities will be permanently discontinued. Users may withdraw funds and repay loans via tropykus.com until the deadline of July 27, 2026; thereafter, such operations will only be supported through direct interaction with smart contracts. The team stated that this shutdown decision stems from long-term strategic evolution—not from the security report previously received by Money on Chain, a partner of Tropykus. That report had prompted the protocol to proactively suspend deposits and new lending activities. However, the team emphasized that internal discussions regarding the shutdown predated the security incident, and the incident merely accelerated the decision. Technically, the team noted that the original architecture was designed for an earlier technological environment and is no longer capable of meeting long-term development needs in the face of emerging security challenges posed by technologies such as artificial intelligence. The team advises all users to complete withdrawals and settle their lending positions via tropykus.com before July 27, 2026. After this date, users will need technical proficiency to interact directly with smart contracts to perform these operations.
According to an official announcement, ZetaChain stated that its GatewayEVM contract was attacked today, with the impact limited solely to internal wallets controlled by the ZetaChain team. The official statement confirmed that the attack vector has been blocked and no further funds are currently at risk. As a precautionary measure, ZetaChain has suspended cross-chain transactions. Meanwhile, the investigation remains ongoing; according to the official statement, no user funds have been affected by this incident, and a detailed post-mortem report will be released upon completion of the investigation.
SlowMist CISO 23pds (@im23pds) disclosed that the Bitwarden CLI version 2026.4.0 was subjected to a Checkmarx supply-chain attack between 17:57 and 19:30 ET on April 22. During this window, attackers abused a GitHub Action within Bitwarden’s CI/CD pipeline to briefly distribute a malicious package via npm. The official statement confirmed that Vault data was not compromised and production systems remained unaffected; only users who installed this specific version via npm during the aforementioned time window were impacted. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials—including API tokens and SSH keys—investigate anomalous activity in GitHub and CI environments, and upgrade to the patched version 2026.4.1.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
According to official news, the Polygon team has been actively monitoring the rsETH vulnerability: neither the Polygon Chain, Agglayer, nor the broader ecosystem including Katana and Vaultbridge have been affected by this incident.
According to an official announcement by Orca, Vercel—the frontend hosting provider for Solana’s liquidity protocol Orca—recently experienced a security incident involving unauthorized access to its internal systems. Orca stated that, as a precautionary security measure, it has proactively rotated all keys and deployment credentials potentially compromised in the incident. Orca emphasized that this incident affected only the frontend hosting layer; the on-chain protocol and user funds remain unaffected. The team is currently monitoring the situation closely and will provide timely updates.
According to an official announcement from Curve Finance, due to a hacker attack on the rsETH LayerZero infrastructure, Curve Finance has suspended its LayerZero infrastructure for security reasons, pending further investigation into the root cause before resuming operations. This suspension affects the following: cross-chain bridging of CRV tokens from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava (chains using native bridges remain unaffected), as well as the crvUSD fast bridge functionality (the L2 slow bridge remains fully operational). Meanwhile, KelpDAO is also reported to have suffered a vulnerability exploit involving approximately $291 million; the exact extent of losses is still under investigation.
Axelar Network stated that the hacker attack and theft of funds undermine users’ overall trust in blockchain systems and slow down the adoption of the global ledger it envisions. Axelar expressed its support for the LayerZero team in navigating this difficult situation and rebuilding trust. Regarding this approximately $290 million attack, Axelar emphasized that—pending final forensic findings—the incident once again highlights the need for multi-layered security in cross-chain bridge construction. This includes ensuring operational security for bridge operators, validators, and validating nodes; providing proper incentives and training; and removing validators whose technical capabilities are not adequately demonstrated. Additionally, operators must be sufficiently numerous, structurally heterogeneous, diverse, and geographically distributed to prevent ultimate control by a single entity.
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
According to GlobeNewswire, eToro, a trading and investment platform, announced it has signed an agreement to acquire Zengo, a leading self-custodial crypto wallet provider. This acquisition aims to deepen eToro’s digital asset capabilities and accelerate its strategic initiative to bridge traditional finance with on-chain infrastructure. Founded in 2018, Zengo builds its keyless wallet architecture on Multi-Party Computation (MPC) cryptographic technology. It currently serves over 2 million users across more than 180 countries and regions, and has never experienced a wallet breach since its inception. Following the acquisition, eToro will leverage Zengo’s technological expertise to further support decentralized trading use cases—including tokenized assets, prediction markets, and perpetual contracts. The transaction is subject to customary closing conditions.
Decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridge contract was attacked. The team promptly disconnected the affected contract and, in collaboration with major exchanges, blacklisted the hacker’s wallet, limiting losses to under $90,000. Earlier, blockchain security firm PeckShield estimated losses at $400,000. The attacker exploited Aethir’s cross-chain smart contract, AethirOFTAdapter, to transfer stolen funds from BNB Chain to Tron. Aethir stated that its Ethereum mainnet ATH token supply remains unaffected. It plans to release a detailed compensation plan and incident analysis next week and will collaborate with exchanges including Binance, Upbit, and Bithumb to freeze funds. Web3 security platform ZeroShadow is assisting with the investigation. In 2025, Aethir achieved $127.8 million in revenue and deployed over 440,000 GPU containers globally.
U.S. law firm Gibbs Mura has launched a class-action litigation investigation into the April 1, 2026, hack of Drift Protocol, reviewing potential investor claims against Circle Internet Financial. The attack resulted in the theft of approximately $280–285 million in assets. The attacker subsequently used Circle’s Cross-Chain Transfer Protocol (CCTP) to bridge over $230 million worth of USDC to Ethereum—Circle took no action to freeze the funds throughout the incident. Notably, just nine days prior, Circle had voluntarily frozen 16 business wallets in a separate civil dispute. Blockchain analytics firm Elliptic suspects the attack was carried out by a North Korea–backed hacking group. As a result of the breach, Drift Protocol’s total value locked (TVL) plummeted from $550 million to below $250 million, the DRIFT token price dropped more than 40%, and at least 20 DeFi protocols suffered indirect losses.