News linked to both this project and an event.
according to Blockaid monitoring, an ongoing attack has occurred on Aftermath Finance's perpetual contract protocol on the Sui Network, with approximately $1.1 million worth of USDC stolen across 11 transactions within about 36 minutes. Analysis indicates the vulnerability stems from a fee accounting flaw in the perpetual contract liquidation system, which the attacker exploited to artificially inflate synthetic collateral and drain funds from the protocol's treasury.
According to on-chain security firm Blockaid (@blockaid_), AftermathFi’s perpetual contract on Sui Network was exploited via a vulnerability on April 29. The attacker (address: 0x1a65...2d41e) stole approximately $1.1 million in USDC across 11 transactions within roughly 36 minutes. The attack exploited a flaw in the perpetual contract liquidation fee calculation, enabling illicit withdrawals from the protocol’s treasury via synthetic collateral inflation.
Circle Ventures, Consensys, and Joseph Lubin have announced their support for the DeFi United initiative, aimed at mitigating losses caused by the Kelp DAO vulnerability. Circle Ventures is supporting the ecosystem by purchasing AAVE tokens. Consensys and Ethereum co-founder Joseph Lubin have confirmed the provision of 30,000 ETH to DeFi United. To date, DeFi United has raised over 132,000 ETH, with a total value exceeding $300 million. These funds will be used to cover bad debts resulting from an attacker minting unbacked rsETH via the LayerZero bridge and borrowing assets on Aave. Previously, Aave proposed a donation of 25,000 ETH, while Lido DAO, Ether.fi, and Kelp have respectively proposed or pledged donations of 2,500 ETH, 5,000 ETH, and 2,000 ETH.
the lending protocol Purrlend was attacked on the MegaETH and HyperEVM networks, resulting in losses of approximately $1.52 million. The attacker extracted approximately $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125 USDT0, 194,745 USDH, and portions of UBTC, wstHYPE, UETH, kHYPE, and WHYPE. The attacker also extracted approximately $324,000 in assets from the MegaETH network, including USDT0, WETH, and USDm. Purrlend has since paused the protocol and launched an investigation. The attacker's address has been identified on the block explorers of both networks.
According to an official announcement by Volo, a security vulnerability occurred today on the Sui network involving Volo—a BTCFi and LST protocol—resulting in the theft of approximately $3.5 million in assets (including WBTC, XAUm, and USDC) from three specific vaults. Immediately after the incident, the team notified the Sui Foundation and ecosystem partners and froze all vaults to prevent further losses. Volo stated that the vulnerability affected only these three vaults; the remaining vaults are not exposed to the same attack vector, and the other ~$28 million in TVL remains secure. The official announcement emphasized that Volo will bear the loss entirely and will not pass it on to users. A comprehensive post-mortem report and remediation plan will be released upon completion of the investigation.
According to an official disclosure by RHEA Finance, on April 16, 2026, the NEAR ecosystem lending protocol RHEA Finance (formerly Burrow Finance) suffered a hack targeting its margin trading functionality, resulting in losses of approximately $18.4 million. The attacker began preparations several days prior to the incident by creating multiple fake token pools on Ref Finance and injecting liquidity into them, thereby constructing malicious swap routes. Exploiting a vulnerability in the protocol’s slippage protection mechanism—which failed to account for scenarios where intermediate tokens were reused during multi-step swaps—the attacker caused borrowed debt tokens to be routed into fake token pools under their control. This triggered widespread forced liquidations, ultimately draining the protocol’s reserve pool. During the attack, the attacker deleted a total of 55 intermediary accounts to obscure their trail. As of now, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. Additionally, 4.34 million USDT have been frozen—3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents. The protocol’s smart contracts have been paused, and the team is collaborating with centralized exchanges to jointly trace the funds; relevant law enforcement agencies have also been notified.
Odaily News Rhea Finance has released a post-mortem report on the attack, confirming that the actual loss from the vulnerability is approximately $18.4 million, a significant increase from the initial estimate of around $7.6 million.The attacker constructed complex transaction paths, manipulated liquidity using fake token pools, funneled borrowed assets into pools under their control, and returned only minimal assets. This caused a large number of margin positions to rapidly become undercollateralized and triggered liquidations, ultimately depleting the protocol's reserve funds.Approximately $11.2 million in funds have been recovered or frozen so far. This includes some USDC and NEAR assets returned by the attacker, as well as about $4.34 million in USDT that was frozen (with assistance from Tether).
According to Cointelegraph, stablecoin issuer Circle faces a class-action lawsuit in the U.S. District Court for the District of Massachusetts for failing to freeze stolen funds during the Drift Protocol hack on April 1. Plaintiffs allege that attackers transferred approximately $230 million worth of USDC from Solana to Ethereum via Circle’s cross-chain transfer protocol (CCTP) within hours—and that Circle failed to intervene. The lawsuit accuses Circle of aiding and abetting conversion and of negligence. Cryptocurrency analytics firm Elliptic previously suspected the attack may be linked to North Korea–backed hackers; the stolen funds were subsequently converted into ETH and laundered through Tornado Cash.
According to CoinDesk, Drift Protocol—the largest decentralized perpetual futures exchange on Solana—announced it has secured up to $147.5 million in funding from Tether and its partners (including $127.5 million from Tether and $20 million from other partners) following a hack that stole over $270 million. The funds will be used to restore user assets and relaunch the protocol. The attack was carried out on April 1 by a North Korea–linked group that had posed as a quantitative trading firm and infiltrated the protocol for approximately six months, causing the DRIFT token’s value to plummet roughly 70%. The funding structure combines revenue-linked credit, ecosystem subsidies, and market-maker loans, aiming to cover approximately $295 million in user losses. Upon relaunch, the protocol will replace USDC with USDT as its core settlement layer; Tether will simultaneously provide fee waivers, user incentives, and liquidity support.
Odaily News Drift announced on its official website that Drift Protocol has received support from Tether and other partners. Tether intends to contribute $127.5 million, while other partners plan to contribute $20 million, collectively supporting user recovery efforts following the April 1st attack. This support package includes a $100 million revenue-linked credit line, ecosystem grants, and loans provided to market makers. Drift will establish a dedicated user recovery pool, aiming to gradually address the $295 million in outstanding user losses as trading revenue grows. Additionally, Drift will issue independent recovery tokens to affected users, which represent a claim on the recovery pool and are transferable. Drift is currently in the process of restarting the protocol, having engaged Ottersec and Asymmetric for audits, and is migrating its settlement layer from USDC to USDT. The previous attack resulted in the theft of assets worth approximately $295 million, while the insurance fund assets remained unaffected.
According to The Block, Circle CEO Jeremy Allaire responded at a press conference in Seoul, South Korea, to criticism over Circle’s decision not to freeze the stolen USDC involved in the Drift incident. He stated that Circle fulfills its legal obligations and freezes wallets only upon instruction from law enforcement agencies or courts; unilaterally freezing assets would constitute a “major ethical dilemma.” He also revealed that Circle is engaging with U.S. legislative bodies regarding the Clarity Act, seeking to establish a “safe harbor” mechanism for stablecoin issuers in extreme circumstances—but emphasized that any such authority must be explicitly granted through legislation, not exercised unilaterally by the company.
Circle Chief Strategy Officer Dante Disparte responded to the major security breach affecting Drift Protocol on April 1, which resulted in over $270 million in stolen funds. He stated that open financial systems must be built upon foundations of legal accountability, shared security, and rules that evolve in real time with emerging threats. Circle freezes USDC funds only when legally required—a measure reflecting its compliance obligations and safeguarding users’ assets and privacy rights. He emphasized that openness and accountability must be balanced, and all participants across the ecosystem—including protocols, wallets, infrastructure providers, exchanges, and stablecoin issuers—must jointly shoulder responsibility for security and accountability. Circle is collaborating with U.S. and international policymakers to advance stablecoin legislation, including the GENIUS Act, to establish a more modern legal framework enabling lawful, rapid intervention against illicit activities while protecting property rights and privacy—ensuring the continued resilience and robust growth of open financial systems.
U.S. law firm Gibbs Mura has launched a class-action litigation investigation into the April 1, 2026, hack of Drift Protocol, reviewing potential investor claims against Circle Internet Financial. The attack resulted in the theft of approximately $280–285 million in assets. The attacker subsequently used Circle’s Cross-Chain Transfer Protocol (CCTP) to bridge over $230 million worth of USDC to Ethereum—Circle took no action to freeze the funds throughout the incident. Notably, just nine days prior, Circle had voluntarily frozen 16 business wallets in a separate civil dispute. Blockchain analytics firm Elliptic suspects the attack was carried out by a North Korea–backed hacking group. As a result of the breach, Drift Protocol’s total value locked (TVL) plummeted from $550 million to below $250 million, the DRIFT token price dropped more than 40%, and at least 20 DeFi protocols suffered indirect losses.