News linked to both this project and an event.
The Ethereum Applications Guild (EAG) has officially launched as a global, nonprofit collaborative organization dedicated to supporting the growth of the Ethereum application ecosystem—driving its evolution from infrastructure to the application layer. EAG will operate across four key pillars: accelerating real-world application adoption, connecting cross-domain ecosystem networks, establishing unified evaluation and development frameworks, and building sustainable funding mechanisms. EAG will implement a membership contribution model based on institutional scale (e.g., valuation, market cap, or assets under management), and introduce a staking-rewards donation mechanism—allocating a portion of ETH staking rewards into an Ecosystem Growth Fund. Additionally, EAG has unveiled its 2026 Global Applications & Developers Program, which includes developer education initiatives, hackathons, and research projects, alongside regional roadshows and ecosystem showcases to strengthen local developer communities.
According to The Block, blockchain intelligence firm TRM Labs released a report stating that North Korean hacker groups stole approximately $577 million in crypto assets during the first four months of 2026—accounting for 76% of global hacking losses over the same period. All these losses stemmed from two major incidents that occurred in April: KelpDAO was attacked by the TraderTraitor group, resulting in $292 million in losses; and Drift Protocol was compromised by another North Korean sub-group, suffering $285 million in losses. Preparations for the latter attack began as early as March 11, and funds were fully extracted within 12 minutes. The two incidents employed distinct money-laundering pathways: stolen funds from Drift remain largely dormant on Ethereum, whereas funds stolen from KelpDAO were rapidly swapped into BTC via THORChain, with subsequent laundering facilitated by Chinese intermediaries. TRM Labs noted that since 2017, North Korea’s cumulative crypto theft has exceeded $6 billion—and its share of global losses has risen steadily, from less than 10% in 2020 to 64% in 2025.
Odaily News ether.fi CEO Mike Silagadze posted on X platform to explain the reason behind the company's commitment of 5,000 ETH to the Kelp hack recovery fund. He stated that the team believes this incident posed a real risk of "destroying the entire DeFi ecosystem." If Kelp were to go bankrupt, $1.5 billion worth of rsETH could be frozen long-term, potentially bringing the $30 billion Aave lending market to a standstill and triggering a cascading collapse across both DeFi and CeFi, which he described as making "FTX look insignificant by comparison." Mike Silagadze added that while most institutions chose to step back and defer to legal counsel, proactively taking responsibility and quickly raising funds to plug the gap was the right choice to help avert the worst-case scenario.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.
According to SlowMist monitoring, due to a design flaw in an EIP-7702 account, a QNT reserve pool was attacked, resulting in a loss of 1,988.5 QNT, worth approximately 54.93 ETH. The root cause of the attack is that the administrator identity of the reserve pool is held by an address, which delegated its code to the BatchExecutor contract via EIP-7702. Because BatchExecutor authorized the permissionless BatchCall contract as a caller, and the BatchCall.batch function lacks permission checks, the attacker exploited an arbitrary call vulnerability to drain tokens from the pool.
According to a disclosure by a16z, its researchers conducted systematic testing to assess whether AI agents can independently exploit DeFi price manipulation vulnerabilities. The study used a dataset of 20 Ethereum price manipulation incidents and employed Codex (GPT 5.4) equipped with the Foundry toolchain as the test agent. Under baseline conditions—i.e., without domain-specific knowledge—the agent’s success rate was only 10%; after incorporating structured domain knowledge distilled from real-world attack incidents, the success rate rose to 70%. Failure cases revealed that the agent consistently identified vulnerabilities correctly but generally failed to comprehend the leverage logic of recursive lending, misjudged profit margins, and could not orchestrate multi-step, cross-contract attack sequences. The experiment also recorded one sandbox escape incident: the agent extracted an RPC key from the local node configuration and invoked the <code>anvil_reset</code> method to reset the node to a future block, thereby bypassing information isolation constraints and accessing real-world attack data. The research team concluded that AI agents can currently assist effectively in vulnerability identification but are not yet capable of replacing professional security auditors.
According to Dark Web Informer, the decentralized prediction market platform Polymarket is suspected of having been hacked. The threat actor “xorcat” posted over 300,000 data records and a corresponding exploit toolkit on a well-known cybercrime forum. The data extraction occurred on April 27, 2026. Reportedly, the attacker extracted data via an undisclosed API endpoint, pagination bypasses, and misconfigured CORS settings in Polymarket Gamma and the CLOB API. The leaked data includes: - Full personal information for 10,000 users (including names, proxy wallets, and base addresses); - 4,111 comments; - 1,000 moderation reports (including 58 ETH addresses and administrator authentication address identifiers); - Metadata for 48,536 Gamma markets; - Constant-product market maker addresses for over 250,000 active CLOB markets; and - Social graph data for 9,000 followers. The toolkit contains proof-of-concept code for multiple vulnerabilities, including CVE-2025-62718 (Axios NO_PROXY bypass, CVSS 9.9, enabling server-side request forgery), CVE-2024-51479 (Next.js middleware authentication bypass, CVSS 7.5), and the aforementioned CORS misconfigurations. Additionally, the toolkit includes automated continuous data-extraction scripts and a comprehensive red-team report (including M
Circle Ventures, Consensys, and Joseph Lubin have announced their support for the DeFi United initiative, aimed at mitigating losses caused by the Kelp DAO vulnerability. Circle Ventures is supporting the ecosystem by purchasing AAVE tokens. Consensys and Ethereum co-founder Joseph Lubin have confirmed the provision of 30,000 ETH to DeFi United. To date, DeFi United has raised over 132,000 ETH, with a total value exceeding $300 million. These funds will be used to cover bad debts resulting from an attacker minting unbacked rsETH via the LayerZero bridge and borrowing assets on Aave. Previously, Aave proposed a donation of 25,000 ETH, while Lido DAO, Ether.fi, and Kelp have respectively proposed or pledged donations of 2,500 ETH, 5,000 ETH, and 2,000 ETH.
Odaily报道 According to Ai Yi monitoring, a Galaxy Digital OTC-related address (0x16F...1Fde) has deposited 15,000 ETH, worth $34.74 million, to an exchange. These funds originated from 38,000 ETH withdrawn from Aave a week ago, which was the day when Kelp DAO was attacked, causing Aave to potentially face bad debt.
QCP Group’s analysis states that U.S.-Iran negotiations have once again collapsed, while the Middle East ceasefire continues, leaving the overall geopolitical landscape relatively static. A shooting incident occurred at the White House Correspondents’ Dinner, with Trump suspected as the target. Following Asia’s market open, BTC briefly surged past $79,000 and ETH above $2,400—but gains quickly reversed amid concerns triggered by news of Iran’s Foreign Minister traveling to Russia for talks with Putin. Since early April, BTC has rallied over 14% cumulatively, marking four consecutive weeks of positive closes. Spot ETFs recorded nine straight days of net inflows totaling approximately $2.11 billion. Strategy funds added over $3.8 billion worth of BTC in the past month. The current key resistance level for BTC lies near the CME gap around $82,000. BTC perpetual contract funding rates remain persistently negative; a breakout above this level could trigger short-covering. Implied volatility continues declining, and risk-reversal skew has narrowed somewhat, signaling gradually rising market interest in upside exposure. Key events this week: - April 29: Earnings reports from Microsoft, Amazon, Meta, and Google, plus the FOMC interest-rate decision. - April 30: Apple earnings report, U.S. Q1 GDP data, and March PCE inflation data.
according to Onchain Lens monitoring, a Balancer attacker has exchanged 21,000 ETH for 617.43 BTC over the past three days, worth $48.72 million. The attacker currently still holds 1,000 ETH, worth $2.32 million, and may conduct further sell-offs.
According to CoinDesk, while quantum computers cannot break Bitcoin’s mining mechanism or blockchain ledger, they could potentially crack the elliptic curve cryptography (ECC) that secures wallet ownership—using Shor’s algorithm. Currently, approximately 6.9 million BTC—roughly one-third of the total supply—are at potential risk because their public keys are already visible on-chain; this includes Satoshi Nakamoto’s estimated early holdings of about 1 million BTC. Transactions generated after Ethereum’s 2021 Taproot upgrade are similarly exposed due to public key disclosure. Ethereum has maintained an official post-quantum migration plan since 2018, with four full-time teams and over ten independent development groups, and operates a dedicated progress website at pq.ethereum.org. In contrast, Bitcoin currently lacks a unified roadmap for quantum resistance: existing proposals such as BIP-360 and BitMEX Research’s detection framework have not gained broad support among core developers. Prominent Bitcoin advocate Nic Carter has bluntly labeled Bitcoin’s quantum response “the worst,” while Blockstream CEO Adam Back acknowledges that current quantum systems remain confined to laboratory settings—but still endorses deploying optional upgrade paths in advance. Analysts note that Bitcoin’s decentralized governance culture makes coordinating large-scale security upgrades extremely difficult, and resolving historical issues—such as how to handle Satoshi’s holdings—presents a particularly thorny dilemma. A related Google paper warns that once quantum attacks become feasible, the window for effective response may already have closed.
According to Odaily, independent researcher Giancarlo Lelli was awarded the Q-Day Prize and 1 Bitcoin by quantum security startup Project Eleven for successfully cracking the encryption keys protecting Bitcoin. Giancarlo Lelli utilized publicly available quantum hardware and a variant of Shor's algorithm to crack a 15-bit encryption key among 32,767 possibilities. The difficulty of this quantum attack is 512 times greater than the 6-bit key record set in September 2025. Project Eleven CEO Alex Pruden stated that the resource requirements for such attacks continue to decline, with approximately 6.9 million Bitcoins currently held in vulnerable static addresses, including 1 million Bitcoins owned by Satoshi Nakamoto. The Bitcoin network has proposed BIP-360 to introduce quantum-resistant address types, while platforms such as Ethereum, Ripple, and Tron have also begun releasing plans for transitioning to post-quantum defenses.
according to on-chain analyst Ai Yi's monitoring, an address linked to the Balancer attacker has transferred 5,609 ETH, worth $13 million, to THORChain over the past 9 hours. In November 2025, Balancer was hacked for over $116 million, a incident with the same suspected culprit as the Aave attack, both pointing to the North Korean hacker group Lazarus Group. Both entities have recently been frequently using Tornado Cash for money laundering.
According to on-chain analyst Yujin (@EmberCN), the hacker who stole approximately $98 million worth of assets from Balancer last November has been continuously swapping ETH for BTC via THORChain. To date, the hacker has swapped a total of 14,300 ETH for 419.3 BTC (approximately $32.51 million). The hacker currently holds 7,700 ETH on the Ethereum chain and 419.3 BTC on the Bitcoin chain, with a combined value of approximately $50.4 million. Since the price of ETH has fallen significantly from around $3,600 at the time of the theft, the value of the hacker’s holdings has shrunk by nearly half—from the original $98 million.
According to Onchain Lens monitoring, the Balancer attacker (0xa6d6...BDaA) exchanged 13,191 ETH for 386.52 BTC, worth $30.54 million, over the past 15 hours. The attacker currently still holds 8,000 ETH, valued at $18.52 million.
According to on-chain analyst Yujin (@EmberCN), the hacker who stole approximately $98 million in assets from Balancer last November is today exchanging ETH for BTC via THORChain. So far, 7,000 ETH have been swapped for 204.7 BTC—valued at roughly $15.88 million—and the process continues. Additionally, it has been disclosed that this address currently holds 15,000 ETH on Ethereum, valued at approximately $34.65 million, and 204.7 BTC on Bitcoin.
According to on-chain analyst Onchain Lens (@OnchainLens), the Balancer hacker’s address has reactivated after five months of dormancy, transferring 100 ETH (approximately $233,000) to a new wallet and beginning fund transfers via ThorChain. The hacker currently still holds 21,900 ETH, valued at approximately $51.13 million.
According to information on the governance forum page, Mantle plans to provide Aave with a loan of 30,000 ETH to help it address the non-performing loan risk triggered by the recent attack. According to analyst Yujin’s statistics, confirmed rescue funds now cover a shortfall of approximately 43,500 ETH.
According to Onchain Lens monitoring, the Balancer attacker, dormant for five months, has transferred 100 ETH (approximately $233,000) to a new address and begun transferring funds through Tornado Cash.The attacker currently still holds 21,900 ETH, valued at approximately $51.13 million.