Security Incidents

Gate News message, April 21 — A 40-year-old crypto industry professional in Saint-Jean-de-Védas, near Montpellier, France, thwarted an armed robbery attempt at his home. The suspect, disguised as a delivery person, entered the residence and demanded the victim hand over cryptocurrency wallet

Aave risks up to $230M from Kelp DAO; Umbrella may not cover it. A recovery plan via a $kRecovery token could repay the debt over time through token buybacks, Arbitrum recovery, and KUSD scaling. Abstract: The article analyzes Aave's potential losses from the Kelp DAO exploit, the adequacy of the Umbrella reserve, and a proposed recovery path with $kRecovery to repay over time via buybacks, Arbitrum recovery, and KUSD scaling.

Gate News message, April 21 — Scammers impersonating Iranian authorities have targeted shipping companies with vessels stranded west of the Strait of Hormuz, demanding Bitcoin and Tether (USDT) payments in exchange for safe passage, according to maritime risk firm Marisks. The fraudsters

Gate News message, April 21 — The Bank for International Payments (BIS) has reiterated concerns about stablecoins, with Managing Director Pablo Hernandez de Cos warning that dollar-denominated stablecoins such as USDT and USDC are fundamentally riskier than commonly perceived. Cos stated that

Gate News message, April 21 — DeFi depositors faced withdrawal issues over the weekend across major protocols including Aave, rsETH, and LayerZero, prompting Curve Finance founder Michael Egorov to publicly criticize the industry's architectural approach. "Are we an industry of clowns?" Egorov

Arbitrum froze 30,766 ETH from the KelpDAO hack, worked with law enforcement, and recovered about a quarter of assets, while locking funds pending governance amid decentralization versus security debates. Abstract: This article reports that the Arbitrum Security Council froze 30,766 ETH (about $70 million) tied to the KelpDAO exploit, with nine of twelve votes, and moved funds to a secure wallet in coordination with law enforcement. The operation targeted only affected assets to minimize network disruption. The exploiter is suspected to be DPRK-associated. The breach began April 18 via a LayerZero-powered bridge, draining 116,500 rsETH (~$292 million). About a quarter of stolen assets have been recovered. The frozen funds will remain locked until governance and legal authorities decide the next steps, prompting debate over decentralization versus security.

Gate News message, April 21 — Unknown actors sent fraudulent messages to shipping companies with vessels stranded west of the Strait of Hormuz, claiming to be Iranian authorities and offering safe passage in exchange for fees paid in Bitcoin or Tether, according to Greek risk firm MARISKS. The messa

Aave announced on X on April 21 that the WETH reserves in the Ethereum Core V3 market have been unfrozen, and users can supply WETH to Ethereum Core V3 again; the WETH loan-to-value ratio (LTV) remains at 0. WETH reserves on Ethereum Prime, Arbitrum, Base, Mantle, and Linea remain frozen.

A Hong Kong woman lost 7.7 million HKD to a scammer posing as an investment expert on Telegram, promising high returns with low risk. After transferring funds multiple times, she couldn't withdraw her money, revealing the fraud. Police warned against such scams.

Ice Open Network posted on X on April 20, confirming that a data breach occurred last week. The cause was that after four business partners terminated their business relationship with a third-party service provider, they still accessed external servers, leaking users’ email addresses, 2FA phone numbers, and identity-linked data. The background of this incident is that the ION token had already crashed by 93% two weeks ago, and the project team is in a period of large-scale emergency restructuring.

International Settlements Bank (BIS) Managing Director Pablo Hernández de Cos warned on Monday at a Bank of Japan conference in Japan that the global stablecoin market has surpassed $315.9 billion, but its operating mechanism is closer to investment products such as ETFs rather than true money. The BIS said that if large-scale redemptions occur, it would trigger a chain-reaction effect similar to the run on Silicon Valley Bank in 2023.

Michael Egorov, founder of Curve Finance, highlighted the DeFi industry's vulnerabilities after a significant hack. He stressed the need for preventive measures, collaborative safety standards, and accountability to restore trust and ensure secure adoption in the sector.

Arbitrum’s Security Committee announced on April 21 that it has taken emergency action to freeze 30,766 ETH on the Arbitrum One chain related to the KelpDAO hacker attack. With assistance from law enforcement agencies, the Security Committee confirmed the attacker’s identity and devised a technical plan to transfer the funds to an interim freeze wallet without affecting any other chain state or Arbitrum users.

A creator's mother reported that her social media accounts were hacked, resulting in unauthorized crypto-related posts. She clarified these do not represent her views.

Kelp DAO issued a statement on April 21 rebutting LayerZero’s criticism of its 1/1 DVN configuration, pointing the root responsibility for the $292 million vulnerability in this incident to LayerZero’s infrastructure. Aave released an event impact assessment report: under a scenario where losses are evenly distributed, about $124 million; under a scenario where losses are concentrated on L2, they reach up to $230 million.

KelpDAO’s vulnerability caused Aave’s total value locked (TVL) to fall from $26.4 billion on April 18, 2026, to about $17 billion on April 21, and after DefiLlama founder 0xngmi officially responded on the X platform to accusations that its Aave TVL figures were inflated by circular liquidity, he said that the amount of borrowed tokens has been deducted from the TVL.

Analysis of LayerZero OApps post-KelpDAO hack reveals significant security issues, with 47% using the least secure 1-of-1 DVN tier. KelpDAO’s rsETH token also operates at this vulnerable level, exposing risks in single-validator architectures.

The Claude Desktop application by Anthropic installs a backdoor file in Chromium-based browsers without user consent, posing serious security and privacy risks by potentially allowing attackers to control users' browsers.

A Chinese national was arrested in Argentina for carrying a forged Paraguayan passport. He is wanted for orchestrating a $49.4 million cryptocurrency fraud in Nigeria, and extradition proceedings are being initiated.

On April 18, a Kelp cross-chain bridge exploit led to the theft of $292 million in rsETH. Lido reported $21.6 million in exposure via its EarnETH vault, prompting Aave to freeze relevant markets. EarnETH has paused transactions and is deleveraging, while Lido's DAO treasury implemented a $3 million protection mechanism to cover potential losses. The core staking protocol remains unaffected.