News linked to both this project and an event.
According to The Block, JPMorgan analysts noted in their latest report that ongoing DeFi security vulnerabilities and stagnant growth in total value locked (TVL) continue to constrain institutional enthusiasm for the DeFi sector. Recently, Kelp DAO’s cross-chain bridge suffered a major attack, during which the attacker minted $292 million worth of uncollateralized rsETH tokens and borrowed real ETH on Aave, resulting in approximately $230 million in bad debt. This caused DeFi TVL to evaporate by roughly $20 billion within several days. LayerZero and blockchain security researchers have attributed this attack to the North Korean hacker group Lazarus Group; some of the stolen funds have been frozen, while the rest remain in circulation. Analysts also pointed out that DeFi TVL denominated in ETH has remained range-bound for an extended period, raising market concerns about whether DeFi can achieve organic growth sufficient to support institutional adoption. Furthermore, following each security incident, users tend to shift funds into USDT as a safe-haven asset—yet this trend has not yet significantly driven USDT’s market capitalization growth.
According to on-chain analyst PeckShield (@PeckShieldAlert), the KelpDAO attacker has transferred ETH from Ethereum to Arbitrum via the Across Protocol, swapped it for USDT, and then routed the funds to TRON DAO via LayerZero.
According to an official disclosure by RHEA Finance, on April 16, 2026, the NEAR ecosystem lending protocol RHEA Finance (formerly Burrow Finance) suffered a hack targeting its margin trading functionality, resulting in losses of approximately $18.4 million. The attacker began preparations several days prior to the incident by creating multiple fake token pools on Ref Finance and injecting liquidity into them, thereby constructing malicious swap routes. Exploiting a vulnerability in the protocol’s slippage protection mechanism—which failed to account for scenarios where intermediate tokens were reused during multi-step swaps—the attacker caused borrowed debt tokens to be routed into fake token pools under their control. This triggered widespread forced liquidations, ultimately draining the protocol’s reserve pool. During the attack, the attacker deleted a total of 55 intermediary accounts to obscure their trail. As of now, the attacker has repaid approximately 3.359 million USDC and 1.564 million NEAR to the RHEA lending contract. Additionally, 4.34 million USDT have been frozen—3.291 million frozen by Tether and 1.053 million frozen by NEAR Intents. The protocol’s smart contracts have been paused, and the team is collaborating with centralized exchanges to jointly trace the funds; relevant law enforcement agencies have also been notified.
Odaily News Rhea Finance has released a post-mortem report on the attack, confirming that the actual loss from the vulnerability is approximately $18.4 million, a significant increase from the initial estimate of around $7.6 million.The attacker constructed complex transaction paths, manipulated liquidity using fake token pools, funneled borrowed assets into pools under their control, and returned only minimal assets. This caused a large number of margin positions to rapidly become undercollateralized and triggered liquidations, ultimately depleting the protocol's reserve funds.Approximately $11.2 million in funds have been recovered or frozen so far. This includes some USDC and NEAR assets returned by the attacker, as well as about $4.34 million in USDT that was frozen (with assistance from Tether).
Paolo Ardoino, CEO of Tether, tweeted that Tether has frozen 3.29 million USDT in the hacker’s address associated with Rhea Finance. Earlier reports indicated that Rhea Finance was attacked via a fake token contract, resulting in approximately $7.6 million stolen.
According to The Block, Grinex—a Russia-linked cryptocurrency exchange—suspended withdrawals and trading on Thursday after suffering a hack reportedly worth approximately $15 million. Blockchain analytics firm Elliptic stated that the stolen funds consisted of USDT, which were subsequently moved across the Tron and Ethereum networks and swapped for TRX and ETH to reduce the risk of being frozen by Tether. Grinex said its wallet infrastructure was hit by a “large-scale cyberattack,” resulting in losses exceeding 1 billion rubles—approximately $13.1 million. Reports indicate Grinex is widely regarded as one of the successor platforms to sanctioned exchange Garantex, which U.S. authorities targeted last year for facilitating hundreds of millions of dollars in illicit fund flows.
According to CoinDesk, Drift Protocol—the largest decentralized perpetual futures exchange on Solana—announced it has secured up to $147.5 million in funding from Tether and its partners (including $127.5 million from Tether and $20 million from other partners) following a hack that stole over $270 million. The funds will be used to restore user assets and relaunch the protocol. The attack was carried out on April 1 by a North Korea–linked group that had posed as a quantitative trading firm and infiltrated the protocol for approximately six months, causing the DRIFT token’s value to plummet roughly 70%. The funding structure combines revenue-linked credit, ecosystem subsidies, and market-maker loans, aiming to cover approximately $295 million in user losses. Upon relaunch, the protocol will replace USDC with USDT as its core settlement layer; Tether will simultaneously provide fee waivers, user incentives, and liquidity support.
Odaily News Drift announced on its official website that Drift Protocol has received support from Tether and other partners. Tether intends to contribute $127.5 million, while other partners plan to contribute $20 million, collectively supporting user recovery efforts following the April 1st attack. This support package includes a $100 million revenue-linked credit line, ecosystem grants, and loans provided to market makers. Drift will establish a dedicated user recovery pool, aiming to gradually address the $295 million in outstanding user losses as trading revenue grows. Additionally, Drift will issue independent recovery tokens to affected users, which represent a claim on the recovery pool and are transferable. Drift is currently in the process of restarting the protocol, having engaged Ottersec and Asymmetric for audits, and is migrating its settlement layer from USDC to USDT. The previous attack resulted in the theft of assets worth approximately $295 million, while the insurance fund assets remained unaffected.