As Wall Street moves onchain, the year's biggest crypto hack and DeFi crisis is forcing a rethink of risk, security and market structure, industry insiders told CoinDesk.
Wasabi Protocol has suffered a multi-chain exploit leading to losses of over $5 million across Ethereum, Base, Berachain, and Blast. Reports indicate the attacker used the deployer wallet to grant ADMIN_ROLE to a malicious helper contract, which then performed a UUPS upgrade of perp vaults and the LongPool. This upgrade replaced core logic with a …
Syndicate confirmed that its Commons bridge was compromised, allowing an attacker to steal around 18.5 million SYND tokens and sell them for an estimated $330,000–$400,000 before bridging funds to Ethereum. Following the exploit, SYND plunged roughly 35% as panic selling hit the market. The incident matters because it highlights ongoing security risks surrounding cross-chain bridges …
ZetaChain has paused cross-chain transactions after an attack targeted its GatewayEVM contract, a core component used for cross-chain transfers. The exploit only affected internal team wallets, with no user funds compromised, as the team quickly identified and blocked the attack vector. As a precaution, all cross-chain activity remains halted while investigations continue, with no further …
Blockchain analytics platform Arkham said that the largest contributors are Mantle and Aave DAO, having raised a combined $127 million.
Industry players are coordinating a recovery effort as the year's biggest crypto rattled Aave, with Lido and EtherFi being firsts to offer aid.
The emergency response prevented stolen funds from moving, but sparked debate over governance, control and the limits of decentralization on Layer 2s.
A $20 billion hit from the KelpDAO exploit highlights systemic risks, while flat ETH-denominated growth and a shift to stablecoins point to ongoing fragility in DeFi.
Following the KelpDAO exploit, the attacker rapidly moved 75,700 ETH, worth about $175 million, and converted nearly all of it into Bitcoin within roughly 36 hours. The swaps were mainly executed through THORChain, a cross-chain protocol that allows direct ETH-to-BTC conversions without intermediaries. The massive transactions pushed THORChain’s volume to around $800 million and generated …
Also: DPRK hacking crypto, Aave contagion and Coinbase on quantum computing.
The problem is structural and as long as bridges depend on complex systems with shared infrastructure and hidden trust assumptions, they will remain vulnerable.
North Korea's Lazarus Group has a new attack vector that allows it to exploit an apparently routine business call as a gateway into a target's systems.
Polymarket prices low odds of a system-wide redistribution, as the protocol weighs how to handle an undercollateralized rsETH supply
Volo Protocol lost about $3.5 million from three vaults holding WBTC, XAUm, and USDC.
Hackers behind the KelpDAO breach have started moving stolen assets into Bitcoin, using THORChain to convert funds and dramatically increase the network’s activity. One attacker wallet sent funds through THORChain, pushing daily transaction volume to about $211 million, nearly 10× the 30-day average. Around 442 BTC ($33 million) is now spread across more than 400 …
The $293 million Kelp DAO exploit has exposed critical infrastructure risks, leading Jefferies to suggest that traditional financial firms may pause their blockchain initiatives to prioritize security.
KelpDAO hackers are moving $290M in stolen crypto across blockchains, using privacy tools to mask the trail as DeFi contagion fears move through the sector.
More than $500 million was siphoned across the Drift and Kelp exploits in just over two weeks. What once looked like isolated breaches now resembles a sustained campaign, likely driven by the financial needs of a sanctioned state.
Aave published a report outlining two possible outcomes: around $123 million in losses if damage is shared across all rsETH, or up to $230 million if confined to Layer 2s, with the final impact depending on how Kelp DAO allocates the shortfall.
The liquid restaking protocol said the compromised verifier was LayerZero's own infrastructure, and the setup it was faulted for running was LayerZero's onboarding default.
KelpDAO suffered a $290M exploit on April 18, 2026, after attackers used a highly targeted cross-chain message spoofing attack. According to post-incident analysis, North Korea’s Lazarus Group is the likely source. The attackers compromised and poisoned RPC nodes used by LayerZero’s DVN system, then triggered a DDoS to force failover to malicious nodes, allowing fake …
Breach tied to compromised AI tool may have exposed credentials used by app frontends, the user-facing layer that connects web3 wallets and trading interfaces to backend services.
2026 is shaping up to be DeFi's "worst year in terms of hacks," Ledger's CTO said, as the Kelp exploit shows how a single point of failure can cascade across systems.
The exchange, formerly known as Garantex and based in Kyrgyzstan, has been sanctioned by the U.S., U.K. and EU for helping users bypass sanctions.
A malicious Ledger Live clone slipped onto Apple’s App Store, draining millions from dozens of victims across multiple blockchains in a week-long phishing campaign.
The firm said a criminal group is attempting to extort it over limited insider-related data access incidents affecting about 2,000 accounts. Kraken says it will not pay and is working with law enforcement.
A hacker exploited a vulnerability in the Hyperbridge cross-chain gateway connecting Polkadot to Ethereum. By forging gateway messages and manipulating the token contract’s admin privileges, the attacker created 1 billion unauthorized DOT tokens and sold them on decentralized markets, earning about 108.2 ETH (roughly $237,000) in profit. The incident highlights ongoing risks in cross-chain bridge …
The Department of the Treasury announced it's letting crypto firms sign up for timely information-sharing on cybersecurity threats.
For years, the DeFi industry has treated security as a technical problem: something that could be solved with better code. But the Drift incident suggests something far more complex: that the real vulnerabilities may lie outside the codebase altogether.
The program includes 24/7 threat monitoring for protocols with more than $10 million in deposits and a dedicated incident response network of security firms.