News linked to this event type.
The study suggests that AI’s currently observable applications in crime are primarily concentrated on low-barrier, high-frequency activities such as mass-produced SEO spam content, romance scams, voice cloning, image generation, and low-cost AI-powered nude image generation services.
According to the official disclosure by Drift Protocol, all affected wallets impacted by the April 1 attack will receive Recovery Tokens—representing their verified losses and proportional claims against the Recovery Pool—where each Recovery Token corresponds to $1 of verified loss. The Recovery Pool’s initial funding is approximately $3.8 million, sourced from converting the protocol’s remaining assets into USDT. It will be further replenished through a portion of quarterly net exchange revenue, partner contributions, and up to $127.5 million in matching deployment from Tether. Once the Recovery Pool exceeds $5 million, users may begin redeeming Recovery Tokens; the redemption price will be calculated as the Recovery Fund’s value divided by the outstanding supply of Recovery Tokens. Drift stated that the Insurance Fund was unaffected by the attack; any release of related funds requires governance proposals and DAO voting. The exchange plans to relaunch in Q2 2026, focusing primarily on perpetual contracts and a select set of markets. Additionally, it will replace its programs and addresses, rotate keys, reconstruct its community multisig, remove durable nonces and the Earn product, and implement operational security upgrades.
According to CoinDesk, Angus Fletcher, Head of Digital Assets at State Street, stated at Consensus Miami that recent DeFi attack incidents highlight traditional financial institutions’ need for blockchain asset security and risk management frameworks. He emphasized that before trillions of dollars worth of real-world assets (RWAs) are tokenized, the industry must urgently address cross-chain interoperability, legal ownership, and security safeguards.
According to Odaily, Drift Protocol has released a user recovery plan for the approximately $295 million security vulnerability incident on April 1, which was attributed to a North Korean-backed hacker group. Under the plan, Drift will issue receipt tokens representing users' verified losses, with each token corresponding to $1 in losses, allowing holders to gradually redeem based on the recovery pool's funding size.Currently, the recovery pool has initial funding of approximately $3.8 million. Subsequent funding sources include up to $127.5 million from exchange revenue, Tether-backed funds, and up to $20 million from partner contributions, aiming to cover total losses of approximately $295.4 million. Drift has frozen approximately $3.36 million in USDC and has established a public bounty program offering 10% of recovered assets. It is expected to relaunch the exchange in a "security-first" model during the second quarter. (CoinDesk)
According to The Block, Kelp DAO will abandon LayerZero and adopt Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its cross-chain infrastructure, along with Chainlink’s Cross-Chain Token (CCT) standard. Previously, in April, Kelp DAO suffered a cross-chain bridge attack totaling approximately $292 million; the attackers are suspected to be linked to North Korea’s Lazarus Group and exploited the single-validator configuration of the LayerZero-powered OFT cross-chain bridge to steal 116,500 rsETH. Chainlink states that its CCIP requires at least 16 independent node operators to validate cross-chain transactions.
According to the Wall Street Journal, algorithm development company MicroAlgo Inc. has announced the launch of a quantum technology–based blockchain architecture that enhances transaction security and transparency by integrating cyclic Quantum Secure Channels (QSC) with Quantum Key Distribution (QKD). The architecture features a four-layer design: a quantum communication layer, a blockchain core layer, a smart contract layer, and an application layer. QKD enables highly secure key generation and distribution, while quantum encryption safeguards transaction data against theft and tampering—and remains resistant to attacks from quantum computers.
According to monitoring by on-chain analyst Specter, the Wasabi Protocol attacker has deposited all stolen funds into Tornado Cash, moving approximately $5.9 million into Tornado Cash. Additionally, North Korean hacking groups have also used Tornado Cash to launder stolen funds from KelpDAO and LayerZero. Their process involved first cross-chaining the assets to Bitcoin, then routing them through Wasabi Mixer, extracting and cross-chaining back to Ethereum, depositing into Tornado Cash, subsequently withdrawing to new wallets and dispersing across multiple addresses. The new wallets then deployed tokens, used the stolen funds to buy in, removed liquidity from the deployment wallet, cross-chained to Tron (USDT), held for several hours or days, and finally sent to OTC-related wallets.
According to CoinDesk, Ripple announced on Monday that it will share its internal intelligence on North Korean hackers with Crypto ISAC, a threat intelligence-sharing organization for the cryptocurrency industry, to help businesses identify coordinated intrusion campaigns. This move comes amid a recent shift in attack patterns targeting the cryptocurrency sector. The April theft of $285 million from the Drift protocol was not a traditional smart-contract vulnerability exploit; instead, North Korean hackers spent months building relationships with Drift contributors and installing malware on their devices before stealing private keys. Ripple stated: “The strongest crypto security posture is a shared one. A threat actor rejected by one company after background screening may submit resumes to three other companies the same week. Without shared intelligence, each company starts from scratch.”
According to Cointelegraph, DeFi protocol Aave filed an emergency motion in New York on Monday seeking to vacate a restraining notice issued by U.S. law firm Gerstein Harrow LLP, which prevents the Arbitrum DAO from transferring 30,766 ETH to victims of the Kelp exploit. Gerstein Harrow LLP served the restraining notice on the Arbitrum DAO last Friday, asserting that its client is entitled to over $877 million in damages under a default judgment against North Korea. The firm claims that the North Korean hacking group behind the April 18 Kelp exploit previously held these tokens and that its client therefore holds a legal claim to the relevant ETH.
the Compound Foundation stated on X platform that, in coordination with the Kelp and Aave teams, and to avoid disrupting broader DeFi recovery efforts, the Comet markets for WETH and wstETH on Ethereum have resumed trading. It also noted that depending on the specific timing of Kelp's thawing of rsETH, temporary suspensions may still occur in relevant markets during the liquidation window for vulnerability-related positions. Specific arrangements have yet to be determined.
Aave LLC has submitted an emergency motion requesting the dismissal of the asset freeze notice issued against ArbitrumDAO on May 1, 2026. The notice involves approximately $71 million worth of ETH, assets belonging to users affected by the attack on April 18. Aave stated that stolen assets do not grant legal ownership through theft, and the relevant funds were originally intended for restitution to affected users; the freeze instead hinders the compensation process.Aave has requested an emergency hearing from the court to temporarily lift the freeze measure, while stating that it will continue to collaborate with the Arbitrum community and DeFiUnited to advance user compensation efforts.
North Korea has denied allegations of its involvement in cryptocurrency theft, calling the claims "absurd slander" and a "political tool." The statement, issued by state-run media, emphasized that necessary measures will be taken to safeguard national interests. However, data from blockchain analytics firm TRM Labs shows that in the first four months of 2026, hacker groups linked to North Korea have stolen approximately $577 million, accounting for about 76% of global crypto theft losses during the same period. This includes two major attacks on KelpDAO (approximately $292 million) and Drift Protocol (approximately $285 million).TRM pointed out that the attacks are primarily associated with the Lazarus Group and its sub-organizations. Since 2017, the cumulative scale of crypto theft linked to North Korea has exceeded $6 billion.U.S. and international agencies widely believe that such funds are used to support military and missile programs. Meanwhile, the U.S. Treasury Department has recently imposed sanctions on relevant individuals and entities, targeting approximately $800 million in illicit fund flows in 2024. (The Block)
According to Cointelegraph, U.S. law firm Gerstein Harrow LLP has filed an application with the U.S. District Court for the Southern District of New York seeking a temporary restraining order and three writs of execution to prevent the Arbitrum DAO from transferring 30,766 ETH (valued at approximately $73 million) frozen following the Kelp vulnerability. The firm argues that its clients obtained default judgments against North Korea in U.S. courts in 2010, 2015, and 2016, entitling them to roughly $877 million in compensation—and contends that the stolen ETH constitutes North Korean-linked assets that should be used to satisfy those judgments. Kelp DAO suffered a $292 million hack on April 18; the attacker was identified as TraderTraitor, a subgroup of the North Korean state-sponsored hacking group Lazarus Group. Aave Labs previously proposed unfreezing the seized funds and transferring them into the “DeFi United” fund to compensate rsETH holders—but this legal action by Gerstein Harrow may significantly delay compensation for victims. Members of the Arbitrum DAO community have criticized the move, arguing it shifts the burden of North Korea’s debts onto another set of victims, thereby exacerbating the original harm. Gerstein Harrow had previously pursued litigation related to the 2023 Heco Bridge hack involving Teth
"on-chain detective" ZachXBT posted on X platform, stating that PolyArb is a fake prediction market product with a wallet drainer on its website. Additionally, the product's account posted controversial replies under multiple tweets from well-known prediction markets to drive traffic and lure users into participating.
On-chain investigator ZachXBT replied that PolyArb is a fake prediction market product whose website contains a wallet-stealing script. Previously, PolyArb claimed on X that the Hyperliquid HIP-4 outcome market achieved $6.15 million in daily BTC trading volume within 48 hours. William LeGate, Head of User Growth, questioned its claims regarding Polymarket’s fee structure. ZachXBT warned that replying to the relevant account could generate further exposure and increase the number of potential victims.
Odaily Odaily PaperImperium, the head of MegaETH, disclosed on X platform that documents from the U.S. District Court for the Southern District of New York show that a U.S. court has issued an injunction against the Arbitrum DAO, prohibiting it from transferring approximately $71 million in ETH assets that were previously frozen during the KelpDAO hacking incident. In response, on-chain detective ZachXBT posted on X platform, stating that certain U.S. law firms are using his investigative work and on-chain forensics to help victims of some hacking incidents file legal claims. However, this practice may actually slow down or hinder victims from receiving compensation or recovering funds.ZachXBT added that in previous hacking incidents involving the Lazarus Group, such law firms often stepped in after on-chain fund tracking or freezing was completed, proposing subsequent legal actions that were weakly related to the crypto incidents themselves. Similar "free-riding claims" strategies were used in events like Harmony and Bybit. He called on the crypto community to establish a DAO to resist such practices.
: MegaETH lead PaperImperium disclosed on X platform a court document from the U.S. District Court for the Southern District of New York, showing that a U.S. court has issued an injunction against the Arbitrum DAO, prohibiting it from transferring approximately $71 million worth of ETH assets that were previously frozen in the KelpDAO hacking incident. The plaintiffs are attempting to use these funds to enforce outstanding judgment compensation in cases related to North Korea's involvement in terrorism, kidnapping, and other matters spanning several years. They have also filed a motion to serve legal notice to the Arbitrum DAO via alternative means, treating it as an accountable "partnership." The court document further notes that the Arbitrum DAO has a Security Council governed by ARB holders, which has the authority to take action in emergencies. As a result, relevant members who refuse to comply may face legal consequences such as contempt of court. Market observers believe that this case could set an important precedent for the U.S. judicial system to directly constrain DAO governance structures, further highlighting the compliance pressure faced by DeFi protocols under real-world legal frameworks.
Wasabi Protocol announced a security incident update on X, stating that users can now safely interact with the protocol’s contracts to withdraw remaining funds. The team said it is working behind the scenes to the best of its ability to address the issue; however, as the investigation remains ongoing, no further details can be disclosed at this time. The team will share the latest updates with the community as soon as conditions permit.
According to Cointelegraph, the Arbitrum Committee voted to unfreeze $71 million worth of Ethereum to mitigate the $290 million loss caused by the Kelp DAO vulnerability.
SolanaFloor posted on X platform, stating that a suspected MEV bot turned $0.22 USDC into $696,000 USDC in a single transaction by executing an MEV-style price manipulation attack on Meteora's ANB pool. The ANB token dropped 99%.