News linked to both this project and an event.
TAC stated that its cross-chain layer on the TON side was exploited by external attackers, resulting in approximately $2.8 million in losses involving USDT, BLUM, and tsTON. TAC confirmed that the TAC token, TON, and all ERC-20 tokens bridged from Ethereum remain unaffected. The bridge has been temporarily suspended, and the team is conducting forensic analysis and implementing fixes. Additionally, the team plans to legally structure a sale of the foundation’s TAC token treasury reserves to restore bridge liquidity and compensate affected users. A post-mortem report and further details will be released within the next 48 hours.
Sky (formerly MakerDAO) announced on X that the cross-chain bridging of USDS OFT on the Solana network, which was suspended due to the security review of the rsETH vulnerability incident, has resumed operation.Sky emphasized that during the review, its USDS-related contracts and the protocol itself were not affected. USDS has always maintained a fully overcollateralized state as designed, which can be verified in real-time on-chain. The suspension was a precautionary security measure. Currently, the bridging function on the Solana side has been reopened, while the Avalanche-related bridging will resume after further review is completed.
Syndicate announced on X platform that, regarding the latest developments in the Syndicate bridge security incident, all affected SYND holders on Commons Chain have been fully compensated, and have received an additional 15% payout on top of their total losses. The relevant funds have been sent directly to the affected users' Base chain wallets, with gas fees covered by Syndicate Labs. This compensation totals 12.901 million SYND, and no claim page operation is required.
Ekubo Protocol officially stated on the X platform that an active security incident has been identified in the Ekubo Swap Router contract on EVM chains. The impact is limited to EVM chains, with LPs unaffected; Starknet is also unaffected. The team is investigating the scope of the issue, but as a safety precaution, users are advised to revoke all approvals.
According to The Block, Kelp DAO will abandon LayerZero and adopt Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its cross-chain infrastructure, along with Chainlink’s Cross-Chain Token (CCT) standard. Previously, in April, Kelp DAO suffered a cross-chain bridge attack totaling approximately $292 million; the attackers are suspected to be linked to North Korea’s Lazarus Group and exploited the single-validator configuration of the LayerZero-powered OFT cross-chain bridge to steal 116,500 rsETH. Chainlink states that its CCIP requires at least 16 independent node operators to validate cross-chain transactions.
Syndicate Labs disclosed a security incident: an attacker compromised the system through a private key leak and maliciously upgraded the cross-chain bridge contracts on two chains, leading to the transfer of approximately 18.5 million SYND and about $50,000 in user assets. The attack originated from a compromised development endpoint. The attacker exploited production environment permissions to upgrade the bridge contracts to a malicious version, but other chains were unaffected. The losses include:Commons Bridge: Approximately 18.5 million SYND were transferred and sold, worth roughly $330,000.Another Appchain: Approximately $50,000 in user assets were transferred.Syndicate Labs stated that affected SYND holders will receive full compensation, along with additional excess compensation, leaving their overall holdings higher than before the incident. Affected users on the Appchain will also be fully reimbursed for their losses.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
According to an official announcement by Tropykus, the decentralized lending protocol Tropykus has initiated a phased shutdown of its current protocol version. Deposit and lending functionalities will be permanently discontinued. Users may withdraw funds and repay loans via tropykus.com until the deadline of July 27, 2026; thereafter, such operations will only be supported through direct interaction with smart contracts. The team stated that this shutdown decision stems from long-term strategic evolution—not from the security report previously received by Money on Chain, a partner of Tropykus. That report had prompted the protocol to proactively suspend deposits and new lending activities. However, the team emphasized that internal discussions regarding the shutdown predated the security incident, and the incident merely accelerated the decision. Technically, the team noted that the original architecture was designed for an earlier technological environment and is no longer capable of meeting long-term development needs in the face of emerging security challenges posed by technologies such as artificial intelligence. The team advises all users to complete withdrawals and settle their lending positions via tropykus.com before July 27, 2026. After this date, users will need technical proficiency to interact directly with smart contracts to perform these operations.
According to an official announcement, ZetaChain stated that its GatewayEVM contract was attacked today, with the impact limited solely to internal wallets controlled by the ZetaChain team. The official statement confirmed that the attack vector has been blocked and no further funds are currently at risk. As a precautionary measure, ZetaChain has suspended cross-chain transactions. Meanwhile, the investigation remains ongoing; according to the official statement, no user funds have been affected by this incident, and a detailed post-mortem report will be released upon completion of the investigation.
SlowMist CISO 23pds (@im23pds) disclosed that the Bitwarden CLI version 2026.4.0 was subjected to a Checkmarx supply-chain attack between 17:57 and 19:30 ET on April 22. During this window, attackers abused a GitHub Action within Bitwarden’s CI/CD pipeline to briefly distribute a malicious package via npm. The official statement confirmed that Vault data was not compromised and production systems remained unaffected; only users who installed this specific version via npm during the aforementioned time window were impacted. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials—including API tokens and SSH keys—investigate anomalous activity in GitHub and CI environments, and upgrade to the patched version 2026.4.1.
According to Natalie Newson, Senior Blockchain Investigator at CertiK, real-time deepfakes, phishing attacks, supply-chain compromises, and cross-chain vulnerabilities will be the primary drivers of cryptocurrency hacks in 2026. So far this year, the industry has lost over $600 million to hacking incidents—including the $293 million Kelp DAO exploit and the $280 million theft from Drift Protocol in April—both linked to a North Korean hacker group. Newson warns that the accelerated advancement of AI will make attack methods increasingly sophisticated, including more realistic deepfakes, autonomous attack agents, and “agent AIs” capable of automatically scanning smart contracts for vulnerabilities. However, AI can also serve as a defensive tool. CertiK advises investors to verify URL authenticity and store assets in cold wallets to mitigate risk.
According to official news, the Polygon team has been actively monitoring the rsETH vulnerability: neither the Polygon Chain, Agglayer, nor the broader ecosystem including Katana and Vaultbridge have been affected by this incident.
According to an official announcement by Orca, Vercel—the frontend hosting provider for Solana’s liquidity protocol Orca—recently experienced a security incident involving unauthorized access to its internal systems. Orca stated that, as a precautionary security measure, it has proactively rotated all keys and deployment credentials potentially compromised in the incident. Orca emphasized that this incident affected only the frontend hosting layer; the on-chain protocol and user funds remain unaffected. The team is currently monitoring the situation closely and will provide timely updates.
According to an official announcement from Curve Finance, due to a hacker attack on the rsETH LayerZero infrastructure, Curve Finance has suspended its LayerZero infrastructure for security reasons, pending further investigation into the root cause before resuming operations. This suspension affects the following: cross-chain bridging of CRV tokens from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava (chains using native bridges remain unaffected), as well as the crvUSD fast bridge functionality (the L2 slow bridge remains fully operational). Meanwhile, KelpDAO is also reported to have suffered a vulnerability exploit involving approximately $291 million; the exact extent of losses is still under investigation.
Axelar Network stated that the hacker attack and theft of funds undermine users’ overall trust in blockchain systems and slow down the adoption of the global ledger it envisions. Axelar expressed its support for the LayerZero team in navigating this difficult situation and rebuilding trust. Regarding this approximately $290 million attack, Axelar emphasized that—pending final forensic findings—the incident once again highlights the need for multi-layered security in cross-chain bridge construction. This includes ensuring operational security for bridge operators, validators, and validating nodes; providing proper incentives and training; and removing validators whose technical capabilities are not adequately demonstrated. Additionally, operators must be sufficiently numerous, structurally heterogeneous, diverse, and geographically distributed to prevent ultimate control by a single entity.
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
According to GlobeNewswire, eToro, a trading and investment platform, announced it has signed an agreement to acquire Zengo, a leading self-custodial crypto wallet provider. This acquisition aims to deepen eToro’s digital asset capabilities and accelerate its strategic initiative to bridge traditional finance with on-chain infrastructure. Founded in 2018, Zengo builds its keyless wallet architecture on Multi-Party Computation (MPC) cryptographic technology. It currently serves over 2 million users across more than 180 countries and regions, and has never experienced a wallet breach since its inception. Following the acquisition, eToro will leverage Zengo’s technological expertise to further support decentralized trading use cases—including tokenized assets, prediction markets, and perpetual contracts. The transaction is subject to customary closing conditions.
Decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridge contract was attacked. The team promptly disconnected the affected contract and, in collaboration with major exchanges, blacklisted the hacker’s wallet, limiting losses to under $90,000. Earlier, blockchain security firm PeckShield estimated losses at $400,000. The attacker exploited Aethir’s cross-chain smart contract, AethirOFTAdapter, to transfer stolen funds from BNB Chain to Tron. Aethir stated that its Ethereum mainnet ATH token supply remains unaffected. It plans to release a detailed compensation plan and incident analysis next week and will collaborate with exchanges including Binance, Upbit, and Bithumb to freeze funds. Web3 security platform ZeroShadow is assisting with the investigation. In 2025, Aethir achieved $127.8 million in revenue and deployed over 440,000 GPU containers globally.