Exploits, hacks, breach disclosures and cybersecurity news.
Lido proposes allocating up to $5.8 million in staked ETH to cover a shortfall caused by last week's $292 million exploit on Kelp DAO’s rsETH bridge. The proposal aims to stabilize the ecosystem and prevent further losses, highlighting ongoing risks in DeFi security and the importance of contingency funds for large-scale exploits.
Lido Finance has flagged a 9% exposure to rsETH following the KelpDAO exploit, which has impacted rsETH markets. On April 23, 2026, Lido paused EarnETH withdrawals to limit risk amid the liquidity crunch. The firm confirmed limited exposure and deployed safeguards as the fallout from the KelpDAO breach continues to spread across DeFi platforms.
UK Prime Minister Keir Starmer has warned of potential foreign-backed proxy attacks targeting political institutions, amid rising concerns over foreign interference and political instability. The warning, issued on April 23, 2026, emphasizes the need for enhanced security measures to counteract these threats, which could complicate legislative efforts and increase instability within the UK’s political landscape.
The US Treasury has sanctioned Cambodian senator Kok An, alleging his involvement in a large-scale crypto scam network. The sanctions, announced on April 23, 2026, target An’s resorts and casinos, which are accused of facilitating the illegal operation. This move highlights ongoing efforts to combat crypto-related financial crimes linked to political figures.
Aave has launched the 'DeFi United' Relief Fund to restore rsETH backing following the Kelp exploit. Lido is the first to participate, proposing up to 2,500 stETH as part of the effort. The initiative aims to stabilize the affected assets and reinforce security within the DeFi ecosystem after the security breach.
Trigona ransomware attacks now employ a custom command-line exfiltration tool to enhance data theft efficiency. The attacks, observed recently, demonstrate an evolution in their tactics, allowing faster and more effective data exfiltration from compromised systems. This development highlights ongoing security challenges in the Web3 space, emphasizing the need for robust defenses against sophisticated ransomware threats.
The U.S. government restrained $700 million in crypto assets in a crackdown on global scam networks. The enforcement action, announced on April 23, 2026, aims to combat widespread fraud and dismantle illicit operations within the crypto space, demonstrating increased regulatory efforts to protect investors and maintain security in the digital asset ecosystem.
The EU has proposed new security measures for jet fuel supplies amid ongoing tensions with Iran, highlighting vulnerabilities in energy security. The move aims to diversify sources and prevent disruptions, reflecting lessons from past crises. While specific amounts or dates are not provided, the initiative underscores the EU’s focus on safeguarding critical energy infrastructure during geopolitical conflicts.
Circle's Chief Economist proposed raising USDC borrow rates on Aave V3 after a $292 million exploit against KelpDAO froze the pool for days. The proposal aims to mitigate risks and prevent future exploits, reflecting ongoing concerns about DeFi security and the need for higher collateral costs to protect liquidity pools.
Cybersecurity researchers identified UNC6692, a threat group using social engineering via Microsoft Teams to deploy SNOW malware. The group impersonates IT helpdesk staff, convincing victims to accept chat invitations from malicious accounts. The campaign highlights evolving tactics in social engineering attacks leveraging popular collaboration tools, with ongoing investigations into the threat actor.
Axie Infinity’s Ronin Network will migrate to Ethereum in May 2026, aiming to improve security and efficiency. The move is expected to reduce inflation and introduce new rewards for builders, supporting a more sustainable ecosystem for developers and users. This transition marks a significant step in strengthening the network’s security and long-term viability.
JPMorgan reports that DeFi growth has stalled due to recent hacks, including exploits on Kelp DAO and Drift Protocol, which have eroded investor confidence. As a result, institutions are shifting funds toward safer assets like Tether. The analysis highlights ongoing security concerns in the DeFi sector, impacting institutional participation and overall market stability.
Lido reported that its EarnETH vault has 9% exposure to rsETH following last week's KelpDAO exploit. Despite the fallout, Lido confirmed that its core staking products remain unaffected. The update was issued on April 23, 2026, highlighting the ongoing impact of the KelpDAO incident on specific vaults within the ecosystem.
Crypto companies are facing a security challenge as bug bounty submissions surge by 900%, driven by artificial intelligence. This massive increase is overwhelming security teams and raising concerns about protocol stability. The wave of submissions highlights how AI is transforming bug bounty programs, but also creating new risks for the crypto industry. The situation underscores the need for enhanced security measures.
The US imposed sanctions on a Cambodian senator accused of running crypto scam centers, as part of a broader crackdown. Over 500 fraudulent web domains linked to cryptocurrency investment fraud were seized by authorities, according to OFAC. The action highlights increased efforts to combat crypto-related scams and protect investors, with no specific dates provided for the sanctions or seizures.
Israel is prepared to strike Iran pending U.S. approval, which could destabilize regional markets and alter geopolitical dynamics. The potential military action has raised concerns about security and market stability, with Lebanon's market showing a positive response. The situation remains uncertain, highlighting the delicate balance of regional security and the influence of U.S. decisions on global markets.
The US military is operating a Bitcoin node as part of cyber defense tests, according to Admiral Samuel Paparo. The initiative aims to explore Bitcoin's strategic utility for national security. This development underscores the military's interest in blockchain technology for cybersecurity purposes, though specific dates or amounts were not disclosed.
Hackers compromised Docker images, VSCode, and Open VSX extensions for Checkmarx KICS, a popular security analysis tool, in a supply-chain breach. The attack aimed to harvest sensitive data from developer environments. The incident highlights ongoing security risks in software supply chains, emphasizing the need for vigilance in protecting development tools and dependencies. The breach was detected in April 2026.
JPMorgan warns that ongoing security flaws are hindering DeFi's growth, citing a recent exploit that erased around $20 billion in total value locked. The attack involved minting $292 million in unbacked rsETH and creating nearly $200 million in bad debt. Hack losses this year are comparable to 2025 levels, raising concerns about DeFi's institutional appeal.
Circle faces criticism after proposing a USDC rate hike, amid ongoing issues from the KelpDAO attack that caused bad debt and frozen positions on Aave. The proposal has drawn backlash from the community, highlighting concerns over the platform’s stability and the impact of the attack on the USDC liquidity pool. The incident underscores ongoing security challenges in DeFi.
JPMorgan reports that ongoing DeFi exploits and stagnant total value locked (TVL) are reducing institutional interest. The bank notes that persistent hacks are driving investors to Tether's USDT, especially during periods of stress, as users withdraw funds from DeFi platforms. This trend highlights security concerns impacting DeFi's growth and institutional adoption.
Lido’s $3 million first-loss buffer was tested after a security breach at Kelp, a liquid restaking protocol, on April 23, 2026. The incident impacted Lido’s EarnETH vault, prompting the platform to pause deposits and withdrawals. Lido is addressing issues related to exposure to a compromised asset and a liquidity squeeze, highlighting ongoing security risks in DeFi.
Chinese APT group has exploited multiple cloud tools, including Microsoft Outlook, Slack, Discord, and file.io, to conduct online espionage targeting Mongolia. The threat actor used these platforms for command and control, highlighting vulnerabilities in cloud-based communication tools. The attack underscores ongoing security risks associated with cloud service abuse by state-sponsored cyber espionage groups.
Meta faces a class-action lawsuit for allegedly generating $16 billion from scam ads, exposing major security and regulatory issues. The lawsuit, filed by the Consumer Federation of America, seeks damages and aims to hold Meta accountable for failing to protect users from fraudulent advertising, raising concerns over platform security and user safety.
JPMorgan highlights ongoing security issues in DeFi, citing a $20 billion loss from the KelpDAO exploit as evidence of systemic risks. Despite stablecoin growth, Ethereum-denominated activity remains flat, underscoring persistent vulnerabilities. These security flaws continue to hinder DeFi’s appeal to institutional investors, emphasizing the need for improved safeguards in the sector.
Tensions between the US and Iran escalated in April 2026, with Iran seizing ships in the Strait of Hormuz, raising security concerns. The incident threatens regional stability and could impact global oil markets. The ongoing standoff highlights the increasing risks in the area, with potential implications for international trade and security.
Tether has frozen $344 million linked to pig-butchering scams as its USDT market cap reached $188 billion, marking a significant step in crypto-state cooperation against cybercrime. The move aims to disrupt criminal activities and enhance security within the crypto ecosystem, reflecting increased efforts by Tether and authorities to combat illicit use of digital assets.
Cisco identified and fixed a major vulnerability in Anthropic's memory handling for AI agents, highlighting ongoing security concerns. Experts warn that mishandled memory files could still pose risks to AI systems, despite the fix. The issue underscores the importance of robust security measures in AI memory management to prevent potential exploits.
Dutch cosmetics company Rituals revealed a data breach affecting its "My Rituals" membership database. Attackers stole personal information of an undisclosed number of customers. The breach highlights ongoing security vulnerabilities in customer data management, though specific details on the number of affected individuals or the breach date have not been disclosed.
Regular password resets may not be as secure as believed, according to Specops Software. The company highlights how attackers can exploit helpdesk social engineering to turn legitimate reset requests into full account compromises. This underscores the vulnerability of password reset procedures, emphasizing the need for stronger security measures to prevent social engineering attacks.
