News linked to both this project and an event.
Blockaid disclosed on X that the Alephium TokenBridge Ethereum cross-chain bridge was attacked. The attacker compromised three out of four Guardian private keys, forged a Verified Action Approval (VAA) message, and executed the attack within approximately seven minutes, stealing roughly $815,000 worth of assets. During the attack, the attacker minted 13.76 million Wrapped ALPH tokens out of thin air—exceeding the pre-attack circulating supply by over 100%—and simultaneously unlocked and withdrew assets including USDT, USDC, WBTC, and WETH from the custody pool. As of now, the attacker’s address still holds approximately $815,000 in stolen assets and 13.76 million uncollateralized Wrapped ALPH tokens; the largest anomalous transaction involved the out-of-thin-air minting of 13.76 million Wrapped ALPH tokens.
Bitget is launching the 3rd edition of its VIP Guardian Program, with the participation deadline set for June 5, 18:00 (UTC+8) and a total prize pool of 50,000 USDT. This round targets a specific user group: users whose VIP tier was downgraded after November 15, 2025, and who have not yet reached VIP1 as of May 6, 2026.The program includes three main sections: VIP Contracts, VIP Spot, and VIP Asset Return. Eligible users can choose one direction to participate in after completing the registration. By fulfilling the designated trading volume and net deposit requirements, users can claim corresponding USDT rewards, with a maximum of 500 USDT. Rewards are distributed on a first-come, first-served basis. For more details, please refer to the official Bitget platform.
Aave stated that, per the previously disclosed technical recovery plan, the attacker’s rsETH positions on Ethereum and Arbitrum have been liquidated on Aave, and the associated collateral assets have now been transferred to the Recovery Guardian address designated by the AIP. Aave noted that this action did not impact other users, nor did it affect the Umbrella mechanism, and emphasized that this step is a critical milestone in the overall recovery roadmap, with further recovery efforts continuing as planned.
Aave has announced the completion of the liquidation of the remaining rsETH position belonging to the Kelp DAO attacker. The related collateral assets will be transferred to the Recovery Guardian multi-signature wallet managed by DeFi United, to be used for restoring rsETH reserves and compensating affected users.This liquidation is part of the recovery plan following the previous $292 million attack incident. Aave had previously passed a governance vote to temporarily adjust the rsETH oracle price in order to create bad debt in the attacker's position and trigger liquidation. The relevant parameters will be restored upon completion of the liquidation. Previously, the attacker exploited the Kelp DAO cross-chain bridge based on LayerZero to forge 116,500 unbacked rsETH and borrowed ETH from protocols such as Aave and Compound. Currently, the recovery funds managed by DeFi United have exceeded $320 million.