Crypto investors have lost more than $100 million to physical extortion in the first four months of 2026, according to blockchain security firm CertiK, as criminal groups increasingly target the people behind digital wallets rather than the technology securing them. The attacks, known in the industry as “wrench attacks,” use kidnapping, assault, threats, or other […]
The post IRL crypto threats: Physical “wrench attacks” have led to over $100 million in losses since January alone appeared first on CryptoSlate.
The rsETH crisis resulted in $200 million in bad debt on Aave's books, despite not a single line of its contracts misbehaving. On Apr. 18, attackers that Chainalysis preliminarily linked to Lazarus compromised RPC infrastructure, forced a failover to poisoned nodes via DDoS, and injected false data into a 1-of-1 DVN configuration on KelpDAO's rsETH […]
The post After the $16.5 billion in exploits, DeFi is now being forced toward the controls it once resisted appeared first on CryptoSlate.
There has been 34 verified incidents globally, a 41% increase from the same period in 2025, CertiK said in a report published Friday.
Ekubo Protocol lost roughly $1.4 million in WBTC after attackers exploited a flaw in its EVM swap router contracts.
The recent $280 million Drift incident has demonstrated a shift toward more sophisticated social engineering tactics.
Blockchain analytics firm CertiK said this February that attacks using physical threats to steal crypto rose 75% in 2025.
North Korea rejected U.S. cybercrime claims as 'absurd slander,' blaming media as crypto theft attributed to the country exceeded $6 billion.
DeFi’s latest hack wave is likely to add pressure on liquid and yield-focused crypto funds already navigating a tough market.
Hundreds of Ethereum wallets that had sat untouched for years were drained into the same tagged address, turning old key exposure into this week’s sharpest crypto security warning. On Apr. 30, WazzCrypto flagged the incident affecting mainnet wallets on X, and their warning spread quickly because the affected accounts did not appear to be freshly […]
The post Someone just drained long-forgotten dormant Ethereum wallets, and the cause may trace back years appeared first on CryptoSlate.
With the end of April in sight, another exploit involving dormant Ethereum mainnet addresses appears to have occurred.
North Korea-linked hackers stole $577 million in two April exploits, accounting for 76% of crypto losses in 2026, according to TRM Labs.
Blockaid and CertiK said a compromised admin key was used to upgrade Wasabi Protocol contracts and drain funds.
The attack has only impacted internal ZetaChain team wallets, and no user funds were affected, the team said.
The official DeFi United site shows over 69,550 ETH raised from 222 wallets across 1,623 transfers, all aimed at restoring rsETH backing, acting as DeFi's emergency recapitalization desk. The effort is the closest thing the industry has built to a lender of last resort, assembled without a regulator, a central bank, or a mandate. Aave's […]
The post DeFi lost $13B this month as the KelpDAO rescue shows both the best and worst of DeFi appeared first on CryptoSlate.
A crypto founder had his laptop compromised when he joined what appeared to be a Microsoft Teams call with Pierre Kaklamanos, a Cardano Foundation contact he had spoken with before. When “Pierre” reached out about Atrium and sent a Teams invite, nothing looked out of place. On the call, the face and voice matched what […]
The post AI scams in crypto approach breaking point – OpenAI’s new image model shows why they could get worse appeared first on CryptoSlate.
On Apr. 22, a malicious version of Bitwarden's command-line interface appeared on npm under the official package name @bitwarden/cli@2026.4.0. For 93 minutes, anyone who pulled the CLI through npm received a backdoored substitute for the legitimate tool. Bitwarden detected the compromise, removed the package, and issued a statement saying it found no evidence that attackers […]
The post For 93 minutes, installing Bitwarden’s ‘official’ CLI turned laptops into launchpads for hijacking GitHub accounts appeared first on CryptoSlate.
Apple is heading into its biggest leadership transition in years, just as scrutiny is mounting over the security of its App Store and the rise of crypto theft on iPhones. On April 20, the company revealed that John Ternus, its senior vice president of hardware engineering, will succeed Tim Cook as chief executive officer by […]
The post Will new Apple CEO combat fake crypto apps littering the “walled garden” App Store? appeared first on CryptoSlate.
In just under three weeks, cyber operatives linked to the Democratic People’s Republic of Korea (DPRK) have stolen more than $500 million from crypto DeFi platforms. This marks a drastic escalation in Pyongyang’s state-sponsored campaign to bankroll its weapons programs through cryptocurrency theft. Drift and KelpDAO drive North Korea's over $500 million DeFi exploits Notably, […]
The post North Korea hit crypto for $500M+ this month — and the $6.75 billion threat is not over yet appeared first on CryptoSlate.
Aftermath conditions from Kelp DAO’s exploit has opened a broader debate over DeFi’s security model, after billions left Aave.
Wallets tied to the approximate $292 million Kelp DAO exploit have begun moving funds across chains following Arbitrum’s ETH freeze.
The Arbitrum Security Council said the frozen funds will only be moved by further action through Arbitrum governance.
KelpDAO's $292 million rsETH exploit landed at the wrong moment for DeFi. Roughly $10 billion left the sector over the weekend, after confidence had already been shaken by Drift Protocol's April 1 breach and Venus's March post-mortem. That combination makes DeFi's problem harder to ignore. Open DeFi is still alive, but it is losing the case for being […]
The post Six years after “DeFi Summer” is the sun already setting on the decentralized finance revolution? appeared first on CryptoSlate.
A $292 million exploit at KelpDAO set off a broad retreat across decentralized finance over the weekend, draining roughly $10 billion across the DeFi industry and forcing multiple protocols to freeze markets tied to rsETH. The breach began late Saturday when an attacker drained about 116,500 rsETH from KelpDAO’s cross-chain bridge. The stolen tokens were […]
The post DeFi users pull $10 billion out of the market as $292 million exploit sparks bank-run optics appeared first on CryptoSlate.
Kelp's emergency pauser multisig froze the protocol's core contracts roughly 46 minutes after the successful drain, blocking two follow-up attempts.
The lawsuit, filed by law firm Gibbs Mura, alleged that Circle failed to act swiftly to freeze the stolen USDC tied to the attack.
Liquidity and users of the sanctioned Garantex exchange have flowed into Grinex over the past year, Elliptic claims.
Hyperbridge has raised its loss estimate from $237,000 to $2.5 million after a Token Gateway exploit, with some funds traced to Binance.
The attackers obtained videos showing Kraken support staff accessing internal client support systems and limited client data.
Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens. However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets. While […]
The post Polkadot Hyperbridge April Fools’ joke comes true as over 1 Billion fake DOT tokens were minted on Ethereum appeared first on CryptoSlate.
Upbit and Bithumb have since temporarily suspended deposits and withdrawals of Polkadot's DOT, citing signs of a security incident.