News linked to both this project and an event.
According to monetsupply.eth, Spark’s Strategy Lead, in a post on X, Spark has long maintained a relatively high borrowing interest rate cap for its SparkLend ETH market. Although this policy caused many users to migrate to Aave—resulting in substantial loss of business and revenue—the current market liquidity crisis has validated the prudence of this strategy. Presently, Aave is experiencing severe liquidity shortages across multiple chains—including Ethereum Mainnet, Arbitrum, Polygon Plasma, Mantle, and Base—with ETH borrowing utilization reaching 100%. This has prevented depositors from withdrawing funds and hindered normal liquidation of ETH collateral. He warns that if the current liquidity crunch persists, a 15–20% drop in ETH’s price could expose Aave to widespread bad debt—compounded by the potential impact of the rsETH vulnerability incident.
According to on-chain analytics platform Lookonchain (@lookonchain), an OTC whale previously purchased 163,405 ETH (approximately $440 million) and 4,000 cbBTC (approximately $296 million). Due to the KelpDAO rsETH cross-chain bridge vulnerability, this whale was unable to withdraw ETH normally from Aave and was forced to discount-swap 7,438 aEthWETH (approximately $16.83 million) for 1,930 stETH and 5,272 ETH, incurring a loss of approximately 237 ETH (about $540,000). The whale has since withdrawn 98,032 wstETH (approximately $272 million) and 3,000 cbBTC (approximately $221.6 million) from Aave, leaving 10,000 ETH (approximately $22.8 million) still deposited in Aave.
Odaily News: A LayerZero cross-chain bridge related to Kelp DAO was hacked on Saturday, resulting in 116,500 rsETH worth $291 million flowing to a new wallet. The hacker used the illicitly obtained rsETH as collateral to borrow on Aave, causing the utilization rate of Aave's core lending pool to reach 100% and triggering a liquidity crunch. According to monitoring by 0xngmi, as of early Sunday, the net withdrawal amount from Aave had reached $6.2 billion. Kelp DAO has suspended the rsETH contracts on the Ethereum mainnet and several L2 networks. Affected by this, the price of the Aave token fell 16% to $90.13, and the price of Ethereum dropped 2% to $2,300. Currently, Justin Sun has posted on platform X attempting to negotiate with the hacker.
Odaily News Trader 0xSun posted stating that news-driven trading remains one of the more cost-effective strategies in the current crypto market, with its core lying in the directionality and volatility brought by events.Reviewing several recent events, including abnormal ETH transactions, Arc fee adjustments, TAO ecosystem changes, RAVE-related investigations, and the KelpDAO security incident, all triggered significant price fluctuations within a short period. He believes that participating in such opportunities relies on either the speed of information acquisition or the ability to judge the impact of events.Furthermore, he indicated that as the recent altcoin market has gradually cooled down, he has resumed the strategy of going long on BTC while hedging by shorting some altcoin assets. He believes that against the backdrop of relatively weak liquidity and the fading of certain narratives, the overall performance of altcoins may face relatively more pressure.
Odaily News: Sonic Labs co-founder and Flying Tulip founder Andre Cronje posted on platform X, stating that his team is continuing to investigate the L0/rsETH incident. Preliminary reports indicate that approximately $200 million worth of rsETH was stolen, possibly due to a private key leak or configuration error. The related assets were subsequently deposited into Aave as collateral to borrow ETH (due to insufficient rsETH liquidity).Andre Cronje pointed out that the affected positions are technically still overcollateralized. However, if bad debt occurs, Aave's token mechanism and Safety Module will serve as the first line of defense to absorb the risk. Nevertheless, Aave has no mechanism to subsidize user losses, as doing so could trigger a bank run. Currently, Aave holds approximately $7 billion in ETH with an outstanding borrowing amount of around $100 million, so the overall impact of this incident is limited. Furthermore, prioritizing user liquidity, Flying Tulip has withdrawn all its ETH from Aave to its fund management wrapper contract. This action was taken because Aave's available liquidity had fallen below its set minimum threshold.
According to on-chain analytics platform Lookonchain (@lookonchain), impacted by the KelpDAO incident, the attacker deposited rsETH into Aave and borrowed ETH, resulting in a bad debt on Aave. As a result, several whales have begun urgently withdrawing ETH from Aave. Currently, ETH utilization on Aave has risen to 100%.
According to on-chain analyst Yujin (@EmberCN), after the hacker borrowed a large amount of ETH from Aave by pledging illegally minted rsETH, multiple whale addresses sold AAVE on-chain, causing AAVE’s price to drop 15% that day. Among them, the Polymarket user “smaugvision” sold 20,015 AAVE at an average price of $102.9, worth approximately $2.06 million; address 0xFC5 sold 20,000 AAVE at an average price of $102.8, worth approximately $2.05 million; and address 0xA2E sold 19,665 AAVE at an average price of $99.2, worth approximately $1.95 million.
Odaily News The Ethereum restaking protocol Kelp has officially confirmed suspicious cross-chain activity involving rsETH. It has currently paused the rsETH contracts on the mainnet and multiple L2s and launched an investigation into the attack. It is also collaborating with LayerZero, Unichain, as well as audit firms and security experts to conduct a root cause analysis (RCA). A post-mortem report will be released subsequently.
According to Cointelegraph, stablecoin issuer Circle faces a class-action lawsuit in the U.S. District Court for the District of Massachusetts for failing to freeze stolen funds during the Drift Protocol hack on April 1. Plaintiffs allege that attackers transferred approximately $230 million worth of USDC from Solana to Ethereum via Circle’s cross-chain transfer protocol (CCTP) within hours—and that Circle failed to intervene. The lawsuit accuses Circle of aiding and abetting conversion and of negligence. Cryptocurrency analytics firm Elliptic previously suspected the attack may be linked to North Korea–backed hackers; the stolen funds were subsequently converted into ETH and laundered through Tornado Cash.
According to The Block, Grinex—a Russia-linked cryptocurrency exchange—suspended withdrawals and trading on Thursday after suffering a hack reportedly worth approximately $15 million. Blockchain analytics firm Elliptic stated that the stolen funds consisted of USDT, which were subsequently moved across the Tron and Ethereum networks and swapped for TRX and ETH to reduce the risk of being frozen by Tether. Grinex said its wallet infrastructure was hit by a “large-scale cyberattack,” resulting in losses exceeding 1 billion rubles—approximately $13.1 million. Reports indicate Grinex is widely regarded as one of the successor platforms to sanctioned exchange Garantex, which U.S. authorities targeted last year for facilitating hundreds of millions of dollars in illicit fund flows.
The Ethereum Foundation announced that its jointly launched ETH Rangers program has completed its six-month run. The program aims to fund independent researchers who make public security contributions to the Ethereum ecosystem. Seventeen grantees achieved multiple accomplishments in areas including vulnerability research, security tool development, threat intelligence, and incident response—such as recovering or freezing over $5.8 million in funds, reporting or documenting 785+ vulnerabilities and client issues, identifying approximately 100 attackers, delivering security education content reaching over 209,000 users, and handling 36+ security incidents. Additionally, the program engaged over 800 teams in security challenges, produced over 80 technical talks and training sessions, and developed or improved seven or more open-source security tools. The Ethereum Foundation stated that these outcomes demonstrate that decentralized networks require “decentralized defense” to effectively enhance the overall security and resilience of the Ethereum ecosystem.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
According to Elastic Security Labs, threat actors impersonated venture capital firms and lured targets into opening malicious Obsidian note vaults via LinkedIn and Telegram. This attack leveraged Obsidian’s Shell Commands plugin to execute malicious payloads without exploiting any vulnerabilities when victims opened the note vaults. The PHANTOMPULSE malware discovered in this campaign is a previously undocumented Windows Remote Access Trojan (RAT) that uses Ethereum transaction data to achieve blockchain-based C2 communication. The macOS payload employs an obfuscated AppleScript dropper and uses a Telegram channel as a fallback C2. Elastic Defend detected and blocked the PHANTOMPULSE execution before it could run.
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.
According to Cointelegraph, researchers from the University of California recently revealed security risks in certain third-party AI large language model (LLM) routers that could lead to the theft of cryptocurrency assets. The study found that LLM routers—acting as API intermediaries—can read plaintext information; some routers were discovered injecting malicious code and stealing credentials. The research team tested 28 paid and 400 free routers, identifying nine routers that actively injected malicious code, two that deployed trigger-avoidance mechanisms, and 17 that accessed Amazon Web Services (AWS) credentials. One router even transferred ETH using the researchers’ Ethereum private key. The study notes that malicious behavior by routers is difficult to detect, and the “YOLO mode” present in some AI agent frameworks—which automatically executes commands—further increases security risks. Researchers recommend that developers avoid transmitting private keys or mnemonic phrases through AI agents and urge AI companies to implement cryptographic signing of responses to enhance security.
Decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridge contract was attacked. The team promptly disconnected the affected contract and, in collaboration with major exchanges, blacklisted the hacker’s wallet, limiting losses to under $90,000. Earlier, blockchain security firm PeckShield estimated losses at $400,000. The attacker exploited Aethir’s cross-chain smart contract, AethirOFTAdapter, to transfer stolen funds from BNB Chain to Tron. Aethir stated that its Ethereum mainnet ATH token supply remains unaffected. It plans to release a detailed compensation plan and incident analysis next week and will collaborate with exchanges including Binance, Upbit, and Bithumb to freeze funds. Web3 security platform ZeroShadow is assisting with the investigation. In 2025, Aethir achieved $127.8 million in revenue and deployed over 440,000 GPU containers globally.
U.S. law firm Gibbs Mura has launched a class-action litigation investigation into the April 1, 2026, hack of Drift Protocol, reviewing potential investor claims against Circle Internet Financial. The attack resulted in the theft of approximately $280–285 million in assets. The attacker subsequently used Circle’s Cross-Chain Transfer Protocol (CCTP) to bridge over $230 million worth of USDC to Ethereum—Circle took no action to freeze the funds throughout the incident. Notably, just nine days prior, Circle had voluntarily frozen 16 business wallets in a separate civil dispute. Blockchain analytics firm Elliptic suspects the attack was carried out by a North Korea–backed hacking group. As a result of the breach, Drift Protocol’s total value locked (TVL) plummeted from $550 million to below $250 million, the DRIFT token price dropped more than 40%, and at least 20 DeFi protocols suffered indirect losses.