News linked to this event type.
SolanaFloor posted on X platform, stating that a suspected MEV bot turned $0.22 USDC into $696,000 USDC in a single transaction by executing an MEV-style price manipulation attack on Meteora's ANB pool. The ANB token dropped 99%.
Within less than three weeks, 12 protocols were hacked for over $606 million. The Drift incident resulted in losses of $285 million, and the Kelp DAO incident caused $292 million in losses—these two attacks together accounted for approximately 95% of the total losses.
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.
: Iran has submitted a new proposal to Washington aimed at ending the war, which shows signs of compromise and is intended to restart negotiations to resolve the deadlock that is exacting a heavy toll on its economy. According to sources, Iran's new proposal moves a step closer to the US: it suggests discussing Tehran's conditions for reopening the Strait of Hormuz simultaneously with the US commitment to cease attacks and lift the blockade on Iranian ports. Previously, Iran had demanded that the US lift the blockade as a prerequisite for starting negotiations and required the US to agree on terms for ending the war before discussing the future management of the strait and nuclear program. The sources also noted that the new proposal then suggests discussing issues related to Iran's nuclear program in exchange for the US implementing sanctions relief. Iran has informed mediators that if Washington is open to this new proposal, Iran is prepared to travel to Pakistan for talks early next week. (The Wall Street Journal)
Paradigm researcher Dan Robinson proposed a new scheme called PACT (Prove Address Control with Timestamp), aimed at protecting long-dormant Bitcoin, including Satoshi Nakamoto's early addresses, from future quantum computing attacks.The mechanism allows users to prove control over an address via a timestamp without transferring assets or exposing on-chain activity. Should a future quantum attack occur, assets can be recovered based on this proof within a quantum-resistant version of the Bitcoin network.Compared to mandatory migration schemes such as BIP-361, PACT avoids the privacy exposure issues caused by proactively transferring assets, offering long-term holders a more flexible proactive protection path.
Purrlend announced that it suffered a security incident on April 25 on HyperEVM and MegaETH, resulting in losses of approximately $1.52 million. The attacker compromised the team’s 2-of-3 multisig wallet and granted the malicious EOA permissions—including BRIDGE_ROLE—enabling the minting of unbacked pUSDm and pUSDC via the `mintUnbacked` function, which were then used as collateral to borrow assets from the lending pool. Purrlend stated it has suspended the protocol, revoked the compromised permissions, and is collaborating with security teams, law enforcement agencies, and cross-chain bridge partners to trace and attempt recovery of the stolen funds.
According to the anonymous on-chain detective Wazz, hundreds of wallets on the ETH mainnet have been drained by the same address, with several of these wallets remaining inactive for over 7 years. The incident is suspected to be a novel real-time exploit attack. Crypto user Capitulation commented, suggesting that the most likely vulnerability stems from storing seed phrases in LastPass secure notes during 2020/21.
North Korean spies spent months conducting multiple in-person meetings with Drift Protocol employees before executing one of the largest social engineering attacks against a crypto protocol, stealing $285 million. According to TRM Labs data, losses attributed to North Korean hackers accounted for 76% of total crypto hack losses in 2026. (CoinDesk)
DeFi project Carrot announced it will cease operations due to the significant operational impact caused by the Drift vulnerability exploit. Carrot has set May 14 as the deadline for users to withdraw remaining funds from Boost, Turbo, and CRT. Following this, the platform will begin deleveraging its system—reducing all leverage to zero—to free up liquidity for CRT redemptions. Carrot stated that user-deposited funds remain the property of users; should Drift pursue any subsequent recovery measures, related funds will still be distributed per prior announcements.
Wasabi Protocol stated that the Wasabi smart contracts on Solana are secure and unaffected by this vulnerability. The vulnerability is limited to Wasabi’s EVM deployments. The team is collaborating with leading security firms and has contacted law enforcement and the FBI. Further updates will be shared as they become available.
: Arbitrum DAO has initiated a governance vote to release the previously frozen 30,766 ETH to support DeFi United, a recovery plan following the Kelp DAO attack.These assets, worth approximately $71.1 million, were frozen by the Arbitrum Security Council on April 20. They were originally funds transferred to the Arbitrum network by the attacker. If the proposal passes, it will become the largest single source of funding for the DeFi United plan.In the early stage of voting, 16.9 million ARB have already been cast in support. Currently, there are no opposing votes. The voting is set to continue until May 7.
Syndicate Labs disclosed a security incident: an attacker compromised the system through a private key leak and maliciously upgraded the cross-chain bridge contracts on two chains, leading to the transfer of approximately 18.5 million SYND and about $50,000 in user assets. The attack originated from a compromised development endpoint. The attacker exploited production environment permissions to upgrade the bridge contracts to a malicious version, but other chains were unaffected. The losses include:Commons Bridge: Approximately 18.5 million SYND were transferred and sold, worth roughly $330,000.Another Appchain: Approximately $50,000 in user assets were transferred.Syndicate Labs stated that affected SYND holders will receive full compensation, along with additional excess compensation, leaving their overall holdings higher than before the incident. Affected users on the Appchain will also be fully reimbursed for their losses.
the U.S. Air Force has agreed to purchase an undisclosed number of interceptor drones from a company backed by the son of President Trump. As the war between the U.S. and Iran enters its third month, this move deepens the ties between the U.S. military and defense contractors associated with the Trump family. Powerus co-founder Veljkovic stated that the company will sell these drones to the Pentagon following a demonstration in Arizona. This is Powerus' first contract to sell such weapons to the U.S. military. The company declined to disclose the terms or scale of the deal, but such transactions are common when the military evaluates new weapon systems. This move aligns with the U.S. strategy of using low-cost interceptor drones, rather than expensive missiles, to counter Iranian attack drones. Reports indicate that the U.S. military has already deployed 10,000 AI-equipped Merops interceptor drones, developed in Ukraine, to the Middle East.
The Ethereum Applications Guild (EAG) has officially launched as a global, nonprofit collaborative organization dedicated to supporting the growth of the Ethereum application ecosystem—driving its evolution from infrastructure to the application layer. EAG will operate across four key pillars: accelerating real-world application adoption, connecting cross-domain ecosystem networks, establishing unified evaluation and development frameworks, and building sustainable funding mechanisms. EAG will implement a membership contribution model based on institutional scale (e.g., valuation, market cap, or assets under management), and introduce a staking-rewards donation mechanism—allocating a portion of ETH staking rewards into an Ecosystem Growth Fund. Additionally, EAG has unveiled its 2026 Global Applications & Developers Program, which includes developer education initiatives, hackathons, and research projects, alongside regional roadshows and ecosystem showcases to strengthen local developer communities.
According to The Block, blockchain intelligence firm TRM Labs released a report stating that North Korean hacker groups stole approximately $577 million in crypto assets during the first four months of 2026—accounting for 76% of global hacking losses over the same period. All these losses stemmed from two major incidents that occurred in April: KelpDAO was attacked by the TraderTraitor group, resulting in $292 million in losses; and Drift Protocol was compromised by another North Korean sub-group, suffering $285 million in losses. Preparations for the latter attack began as early as March 11, and funds were fully extracted within 12 minutes. The two incidents employed distinct money-laundering pathways: stolen funds from Drift remain largely dormant on Ethereum, whereas funds stolen from KelpDAO were rapidly swapped into BTC via THORChain, with subsequent laundering facilitated by Chinese intermediaries. TRM Labs noted that since 2017, North Korea’s cumulative crypto theft has exceeded $6 billion—and its share of global losses has risen steadily, from less than 10% in 2020 to 64% in 2025.
According to CertiK Alert (@CertiKAlert), cryptocurrency security incidents in April 2026 resulted in total losses of approximately $651 million, of which around $3.5 million stemmed from phishing attacks. This marks the highest monthly loss since March 2022 (approximately $715 million), second only to the Bybit hack in February 2025 (excluded from comparison).
Odaily, Berachain Foundation issued a warning on the X platform, stating that the Wasabi Protocol experienced a cross-chain security incident due to a deployer's private key leak, which has impacted multiple blockchains including Berachain. To prevent the risk from spreading, Berachain has suspended and blacklisted all affected Wasabi Reward Vaults within its network, immediately halting the distribution of BGT staking rewards to the compromised contracts and blocking the flow of new BGT into the affected vaults.The official team requires all users who have previously interacted with Wasabi on Berachain to immediately revoke token approvals for the specified contracts to avoid the risk of asset theft. Berachain also emphasized that the BGT reward funds within the native Reward Vaults remain secure and users can claim them normally; this incident does not affect core ecosystem interests.
Wasabi Protocol announced on X that it has become aware of an issue with the protocol and is actively investigating. As a precautionary measure, users are advised not to interact with the protocol’s smart contracts until further notice. Updates on the security incident will be shared as soon as more information becomes available. Earlier reports indicated that Wasabi Protocol was hacked, resulting in the theft of approximately $2.9 million.
According to blockchain security firm CertiK (@CertiKAlert), Wasabi Protocol (@wasabi_protocol) has suffered a security breach, with approximately $2.9 million stolen so far. Preliminary investigations indicate that the attacker gained privileged access after compromising a wallet deployed by Wasabi, enabling the attack. The stolen funds are currently distributed across the following addresses: 0xb8Bb...70dB (approximately $677,000) and 0x6244...f906 (approximately $1.1 million). The incident remains under active investigation.
the White House has recently opposed Anthropic's proposal to expand the use of its AI model, Mythos, to approximately 120 companies, primarily based on security and computing power concerns. Anthropic had originally planned to add 70 new companies to the roughly 50 enterprises currently using Mythos, but the White House has raised doubts, worrying that insufficient computing power might affect the government's own usage of Mythos.Launched in early April, Mythos is designed to detect and exploit critical software vulnerabilities. It is currently limited to testing by enterprises managing key infrastructure, with no plans for public release. The White House fears that expanding usage to more commercial users could create a computing power bottleneck for the government when using the model. This is particularly concerning given Anthropic's computing power procurement agreements with Amazon, Google, and Broadcom—though contracts have been signed, new capacity has not yet come online.On the political front, relations between the White House and Anthropic have not eased. The Trump administration has publicly criticized Anthropic for hiring multiple former officials from the Biden administration and expressed dissatisfaction with its ties to liberal organizations. One example highlights the trust issues between the two sides: Collin Burns, a former researcher at Anthropic who was originally assigned to a government AI model evaluation role, was replaced by senior White House officials upon learning of his background, to avoid having AI company personnel directly involved in matters concerning dealings with other AI companies.Additionally, last week Anthropic disclosed an unauthorized access incident involving the Mythos model, further intensifying external regulatory scrutiny on the company.