Security Incidents

Aave announced on X on April 21 that the WETH reserves in the Ethereum Core V3 market have been unfrozen, and users can supply WETH to Ethereum Core V3 again; the WETH loan-to-value ratio (LTV) remains at 0. WETH reserves on Ethereum Prime, Arbitrum, Base, Mantle, and Linea remain frozen.

A Hong Kong woman lost 7.7 million HKD to a scammer posing as an investment expert on Telegram, promising high returns with low risk. After transferring funds multiple times, she couldn't withdraw her money, revealing the fraud. Police warned against such scams.

Ice Open Network posted on X on April 20, confirming that a data breach occurred last week. The cause was that after four business partners terminated their business relationship with a third-party service provider, they still accessed external servers, leaking users’ email addresses, 2FA phone numbers, and identity-linked data. The background of this incident is that the ION token had already crashed by 93% two weeks ago, and the project team is in a period of large-scale emergency restructuring.

International Settlements Bank (BIS) Managing Director Pablo Hernández de Cos warned on Monday at a Bank of Japan conference in Japan that the global stablecoin market has surpassed $315.9 billion, but its operating mechanism is closer to investment products such as ETFs rather than true money. The BIS said that if large-scale redemptions occur, it would trigger a chain-reaction effect similar to the run on Silicon Valley Bank in 2023.

Michael Egorov, founder of Curve Finance, highlighted the DeFi industry's vulnerabilities after a significant hack. He stressed the need for preventive measures, collaborative safety standards, and accountability to restore trust and ensure secure adoption in the sector.

Arbitrum’s Security Committee announced on April 21 that it has taken emergency action to freeze 30,766 ETH on the Arbitrum One chain related to the KelpDAO hacker attack. With assistance from law enforcement agencies, the Security Committee confirmed the attacker’s identity and devised a technical plan to transfer the funds to an interim freeze wallet without affecting any other chain state or Arbitrum users.

A creator's mother reported that her social media accounts were hacked, resulting in unauthorized crypto-related posts. She clarified these do not represent her views.

Kelp DAO issued a statement on April 21 rebutting LayerZero’s criticism of its 1/1 DVN configuration, pointing the root responsibility for the $292 million vulnerability in this incident to LayerZero’s infrastructure. Aave released an event impact assessment report: under a scenario where losses are evenly distributed, about $124 million; under a scenario where losses are concentrated on L2, they reach up to $230 million.

KelpDAO’s vulnerability caused Aave’s total value locked (TVL) to fall from $26.4 billion on April 18, 2026, to about $17 billion on April 21, and after DefiLlama founder 0xngmi officially responded on the X platform to accusations that its Aave TVL figures were inflated by circular liquidity, he said that the amount of borrowed tokens has been deducted from the TVL.

Analysis of LayerZero OApps post-KelpDAO hack reveals significant security issues, with 47% using the least secure 1-of-1 DVN tier. KelpDAO’s rsETH token also operates at this vulnerable level, exposing risks in single-validator architectures.

The Claude Desktop application by Anthropic installs a backdoor file in Chromium-based browsers without user consent, posing serious security and privacy risks by potentially allowing attackers to control users' browsers.

A Chinese national was arrested in Argentina for carrying a forged Paraguayan passport. He is wanted for orchestrating a $49.4 million cryptocurrency fraud in Nigeria, and extradition proceedings are being initiated.

On April 18, a Kelp cross-chain bridge exploit led to the theft of $292 million in rsETH. Lido reported $21.6 million in exposure via its EarnETH vault, prompting Aave to freeze relevant markets. EarnETH has paused transactions and is deleveraging, while Lido's DAO treasury implemented a $3 million protection mechanism to cover potential losses. The core staking protocol remains unaffected.

Israeli Security Forces Charged in Crypto Theft Case Israeli authorities have charged seven military and police officers with running a multimillion-dollar theft and bribery ring involving cryptocurrency, marking the second crypto-related criminal case to hit the country's defence establishment in

Ice Open Network reported a security breach on April 15, revealing unauthorized access to user data, including email addresses and 2FA phone numbers, but no financial data was compromised. The incident, linked to former partners of a service provider, is under legal review, and users are advised to update security settings. The breach highlights escalating security issues in the crypto sector, with significant losses reported in recent months.

Russian cryptocurrency exchange Grinex ceased operations after a cyberattack caused losses over $13 million. The shutdown impacts Russian businesses' ability to convert rubles internationally and challenges the country's shadow finance system.

LayerZero reported that the Kelp DAO exploit, attributed to North Korea's Lazarus Group, led to a loss of $292 million in rsETH tokens due to vulnerabilities in its decentralized verifier network. Additionally, eth.limo faced a domain hijacking from a social engineering attack, but DNSSEC mitigated severe damage.

A recent hack draining nearly $300 million from a crypto project led to a liquidity crisis on Aave, causing users to withdraw around $9 billion. Concerns over collateral quality prompted mass withdrawals, highlighting risks in DeFi lending.

A coordinated Ethereum phishing attack drained $585,000 from four victims, exploiting user permissions through a deceptive link. This incident highlights the rapid loss of funds via social engineering, even under the guise of legitimacy.