55 articles tagged with #security-breach. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
A significant security breach at Kelp DAO has triggered approximately $10 billion in withdrawals from AAVE, highlighting critical vulnerabilities in DeFi protocols. The incident raises institutional risk concerns and may accelerate a broader reassessment of security practices across the decentralized finance ecosystem.
April 2026 emerged as the worst month for cryptocurrency exploits with $606M in losses across 12 incidents, representing a 3.7x increase over Q1 totals. Major attacks included Drift Protocol's $285M social engineering breach and Kelp DAO's $293M bridge vulnerability exploit, signaling escalating security risks in DeFi infrastructure.
Circle's delayed response to a security incident enabled North Korean hackers to successfully steal $230 million in cryptocurrency, exposing critical vulnerabilities in crypto platform security infrastructure. The breach has intensified regulatory scrutiny of the industry and eroded investor confidence in custodial solutions.
The Ethereum Foundation discovered approximately 100 North Korean IT workers embedded across 53 cryptocurrency projects, raising significant security concerns for the crypto ecosystem. This discovery highlights the growing threat of state-sponsored infiltration in decentralized finance and prompts questions about the integrity of major DeFi protocols.
A Polkadot bridge exploit allowed an attacker to gain administrative control and mint approximately 1 billion DOT tokens, subsequently dumping them on the market. The incident exposes critical vulnerabilities in cross-chain bridge infrastructure, threatening the integrity and user confidence in decentralized finance ecosystems.
Drift Protocol suspended all operations after a sophisticated six-month infiltration by a North Korean state-backed group culminating in an exploit on April 1, 2026. The attackers posed as a legitimate trading firm, conducted in-person meetings across multiple countries, and used three attack vectors including a silent code execution flaw in development tools.
DeFi total value locked (TVL) has declined 14% over five weeks following the KelpDAO security breach, signaling renewed investor caution toward decentralized finance protocols. The exploit has exposed vulnerabilities in newer DeFi infrastructure, triggering broader market risk-off sentiment and capital withdrawal from the sector.
USDR, a USD stablecoin, has experienced a severe 37% de-peg following a $10 million governance exploit disclosed by StablR after a two-month silence. The breach compromises confidence in the protocol's security and raises questions about stablecoin resilience when core governance mechanisms are compromised.
Polymarket, a popular prediction market platform, has suffered a security breach resulting in approximately $700K in cryptocurrency theft through a private key compromise. The incident highlights critical security vulnerabilities in decentralized platforms and raises concerns about asset custody practices in crypto applications.
Syndicate Labs experienced a critical security breach where a leaked upgrade key allowed attackers to compromise the Commons cross-chain bridge, siphoning approximately 18.5 million SYND tokens ($330,000) plus additional user funds. The company has committed to full user compensation despite the significant exploit and resulting token price decline.
Alex Lab, a Bitcoin DeFi protocol, has suffered a security breach that reportedly affected customers of Shanghai Pudong Development Bank, marking a spillover from crypto into traditional finance. This incident follows an earlier $8.3M exploit on the platform, raising concerns about the protocol's security infrastructure and the interconnected risks between decentralized and traditional financial systems.
Cryptocurrency protocols suffered over $600 million in losses to hacks during April, marking a critical inflection point where security breaches have evolved from isolated technical incidents into a quantifiable market risk premium. The aggregate loss figure demonstrates that investors now price security vulnerabilities as a systemic cost factor across DeFi platforms, bridges, and wallet infrastructure.
Binance confirmed that user funds and platform security remain intact following a $2 million data breach at Vercel, a cloud hosting platform widely used by crypto projects for front-end deployment. The incident highlights the vulnerability of Web3 infrastructure to supply chain attacks through third-party service providers.
XRP ETF assets have surpassed $1 billion in total holdings coinciding with the launch of wrapped XRP (wXRP) on the Solana network, expanding XRP's utility across ecosystems. However, a $292 million KelpDAO security breach has raised concerns about the risks associated with cross-chain wrapped token infrastructure, potentially impacting user confidence in wXRP adoption.
Hackers conducted a sophisticated social engineering attack to hijack the eth.limo domain by impersonating members of the project's team. EasyDNS, the domain registrar, confirmed the breach and stated it is investigating how the attackers bypassed security measures to gain unauthorized access.
EasyDNS, a domain registry operating for 28 years, acknowledged a social engineering breach that led to the hijacking of eth.limo, a popular Ethereum frontend. The incident underscores a critical vulnerability in the cryptocurrency infrastructure where attackers compromise DNS providers to redirect users to malicious sites, affecting even decentralized protocols.
Israeli military authorities are investigating soldiers for suspected connections to Iran as regional tensions escalate. The probe reveals potential gaps in Israeli intelligence vetting procedures and raises concerns about internal security vulnerabilities that could destabilize the broader Middle East region.
Cryptocurrency platforms experienced record-breaking security breaches totaling $450 million over a two-week period, yet Bitcoin and broader market sentiment remain resilient. While the hacks represent a significant threat to ecosystem security, the market's stability suggests investors may be compartmentalizing risk or desensitized to recurring security incidents.
CoW Swap, a popular DEX aggregator, has issued a security warning urging users to avoid the platform while its operating team works to resolve an unspecified security breach. This incident highlights persistent vulnerabilities in DeFi infrastructure and the risks users face when interacting with decentralized protocols.
CoW Swap, a decentralized exchange protocol previously used by Vitalik Buterin for major ETH sales, has fallen victim to a DNS hijack attack. The platform has issued warnings urging users to avoid accessing the site until the security breach is resolved.
Blockaid security platform flagged the CoW Swap decentralized exchange frontend as malicious following a front-end attack, prompting users to avoid cow.fi and revoke token approvals. The incident highlights vulnerability in DeFi protocols to DNS or interface compromise attacks that can compromise user assets despite underlying smart contracts remaining secure.
Steakhouse Financial experienced a DNS hijacking attack on March 30, 2026, after attackers socially engineered OVHcloud support staff to disable hardware 2FA on the company's account. A phishing site using an Inferno Drainer kit remained active for approximately four hours, but the company confirmed no user funds were compromised, partly due to ICANN's five-day domain transfer lock preventing the attacker from completing the hijack.
Resolv Labs burned 36.7 million USR stablecoins after a security breach allowed an attacker to mint 80 million unbacked tokens through key compromise. The exploit resulted in $24.5 million in ETH being dumped and created a $34 million hole in the protocol's reserves.
Resolv protocol suffered a $25M loss when attackers minted 80M USR tokens illegally by compromising their off-chain signing infrastructure through a contractor's compromised GitHub credentials. The attack occurred on March 22, 2026, with approximately 46M of the illicitly minted tokens later neutralized through burns and blacklisting measures.
Drift, a cryptocurrency platform, suffered a $280 million exploit that the company attributes to the Radiant hackers with medium-high confidence. The attack appears to have been a sophisticated operation that involved months of planning and preparation.
