News linked to both this project and an event.
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.
Odaily, Berachain Foundation issued a warning on the X platform, stating that the Wasabi Protocol experienced a cross-chain security incident due to a deployer's private key leak, which has impacted multiple blockchains including Berachain. To prevent the risk from spreading, Berachain has suspended and blacklisted all affected Wasabi Reward Vaults within its network, immediately halting the distribution of BGT staking rewards to the compromised contracts and blocking the flow of new BGT into the affected vaults.The official team requires all users who have previously interacted with Wasabi on Berachain to immediately revoke token approvals for the specified contracts to avoid the risk of asset theft. Berachain also emphasized that the BGT reward funds within the native Reward Vaults remain secure and users can claim them normally; this incident does not affect core ecosystem interests.
According to an official disclosure by Aftermath Finance, the protocol expects to complete full compensation to users within the next 48–72 hours. The team is currently working at full capacity to return funds and expresses its gratitude for users’ patience. Earlier reports indicated that the perpetual contract protocol Aftermath Finance was exploited via a vulnerability yesterday, resulting in losses of approximately $1.14 million. The Sui Foundation, in collaboration with Mysten Labs, stated it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol.
According to an official announcement by Sui, Aftermath Finance’s perpetual contract protocol deployed on the Sui network was exploited due to a vulnerability, and the affected protocol has been immediately suspended. The Sui Foundation, in collaboration with Mysten Labs, stated that it will actively assist Aftermath Finance in recovering user funds and is committed to ensuring the continued operation of the Aftermath protocol. Aftermath Finance will provide further updates on the fund recovery progress in the near future.
According to on-chain analyst Ember (@EmberCN), the rsETH incident on April 18 resulted in a funding shortfall of approximately 68,900 ETH (around $160 million): the hacker collateralized rsETH to borrow 99,600 ETH; after Arbitrum recovered 30,700 ETH, the remaining funds were fully converted by the hacker into BTC. The incident has now entered the remediation phase. Aave is coordinating the establishment of a “DeFi United” relief fund, which has so far received cumulative donations totaling 13,500 ETH (approximately $31.45 million). Donors include Lido Finance (2,500 stETH), ether.fi Foundation (5,000 ETH), Aave founder Stani Kulechov (5,000 ETH), Golem Foundation (1,000 ETH), as well as LayerZero and Ink Foundation (amounts undisclosed).
According to an official announcement by Volo, a security vulnerability occurred today on the Sui network involving Volo—a BTCFi and LST protocol—resulting in the theft of approximately $3.5 million in assets (including WBTC, XAUm, and USDC) from three specific vaults. Immediately after the incident, the team notified the Sui Foundation and ecosystem partners and froze all vaults to prevent further losses. Volo stated that the vulnerability affected only these three vaults; the remaining vaults are not exposed to the same attack vector, and the other ~$28 million in TVL remains secure. The official announcement emphasized that Volo will bear the loss entirely and will not pass it on to users. A comprehensive post-mortem report and remediation plan will be released upon completion of the investigation.
Michael Egorov (@newmichwill), founder of Curve Finance, posted that recent security incidents in the DeFi space—triggered by centralized failure points—have occurred frequently and severely damaged the industry’s reputation. Citing examples such as Aave users being unable to withdraw funds following the rsETH exploit and the LayerZero cross-chain bridge hack, he emphasized that problems must be prevented *before* they occur—not addressed only after damage is done. He called on the industry to jointly establish DeFi security standards, proposing that the Ethereum Foundation and Solana Foundation take the lead in collaborating with projects across ecosystems, auditing firms, and risk-assessment teams to develop principles and specifications for secure system design—and suggesting that lessons could be drawn from traditional finance’s approaches to safeguarding centralized nodes.
The Ethereum Foundation announced that its jointly launched ETH Rangers program has completed its six-month run. The program aims to fund independent researchers who make public security contributions to the Ethereum ecosystem. Seventeen grantees achieved multiple accomplishments in areas including vulnerability research, security tool development, threat intelligence, and incident response—such as recovering or freezing over $5.8 million in funds, reporting or documenting 785+ vulnerabilities and client issues, identifying approximately 100 attackers, delivering security education content reaching over 209,000 users, and handling 36+ security incidents. Additionally, the program engaged over 800 teams in security challenges, produced over 80 technical talks and training sessions, and developed or improved seven or more open-source security tools. The Ethereum Foundation stated that these outcomes demonstrate that decentralized networks require “decentralized defense” to effectively enhance the overall security and resilience of the Ethereum ecosystem.