News
22 Apr 2026, 02:00
Kelp DAO Hacker Just Moved $175 Million In Ethereum And Started Laundering It – Here Is What We Know

One of DeFi’s largest exploits in recent memory took a new turn on Tuesday as Arbitrum’s Security Council moved to freeze $71 million of the stolen funds — and the attacker responded almost immediately. The incident began when an unknown attacker exploited a vulnerability in Kelp DAO’s LayerZero-powered bridge, draining 116,500 rsETH — approximately $292 million and roughly 18% of the token’s entire circulating supply. The scale of the theft triggered an emergency pause of Kelp DAO’s core contracts, but by then the damage was already done. The stolen rsETH was subsequently deposited as collateral on Aave V3, where it was used to borrow approximately $196 million in wrapped ether, leaving Aave carrying bad debt it had no role in creating and setting off the confidence crisis that has defined the past week in DeFi. Arbitrum’s Security Council acted by freezing 30,766 ETH — worth approximately $71 million at current prices — and moving the funds into a governance-controlled wallet. It was a meaningful intervention, executed quickly by blockchain standards. The attacker did not wait to see what came next. Within hours of Arbitrum’s move, the hacker began reacting — a development that suggests the stolen funds are already in motion and that the window for on-chain recovery may be narrowing faster than the response can keep pace with. $175 Million Is Already Moving — and the Debate It Leaves Behind Is Just Beginning Arkham data confirms what many feared once Arbitrum acted. The Kelp DAO hacker has already moved all 75,701 ETH — approximately $175 million — on Ethereum and has begun laundering the funds. The Arbitrum freeze succeeded in capturing $71 million. The remaining $175 million, the larger share by a considerable margin, is now in motion and being actively obscured. The arithmetic is stark. A coordinated intervention by one of DeFi’s most capable security councils froze less than 30% of the stolen funds. The rest left anyway. That outcome has ignited a debate that extends well beyond Kelp DAO and Aave. Arbitrum’s ability to freeze wallet addresses — even in response to a clear theft — has prompted immediate questions about what blockchain immutability actually means in practice, and who holds the authority to override it. For some, the freeze represents responsible crisis response from a mature ecosystem defending its users. For others, it represents precisely the kind of centralized intervention that decentralized infrastructure was designed to prevent. Both arguments are being made loudly, and neither is entirely wrong. What is not in dispute is the damage this attack has inflicted on DeFi’s broader credibility. The Kelp DAO exploit exposed collateral risk in lending protocols, triggered an $8.45 billion deposit exodus from Aave, sent AAVE down nearly 20%, and has now produced a philosophical confrontation about the limits of decentralization at the worst possible moment — when the ecosystem most needs to project confidence. rsETH Market Cap Reflects Instability in Kelp DAO’s Restaking Layer The market cap of rsETH — the liquid restaking token issued by Kelp DAO — is currently hovering near $1.3 billion after a sharp contraction that disrupted its prior recovery structure. The chart shows that rsETH reached peaks above $2 billion during earlier phases, but has since entered a volatile, downward-adjusting range, reflecting stress within the restaking ecosystem rather than organic market cycles. The most recent move is particularly notable. After a brief recovery toward the $1.6 billion region, the market cap was rejected and fell aggressively back toward the $1.3 billion level. This type of rapid expansion followed by equally sharp contraction typically signals forced unwinds rather than discretionary capital rotation. In this context, that aligns with the exploit involving Kelp DAO’s rsETH bridge, which introduced systemic uncertainty around the asset. From a structural perspective, rsETH is now trading below its key moving averages, with the 200-day trend flattening and beginning to roll over. That suggests the growth phase that defined its earlier expansion has stalled, at least temporarily. Because rsETH represents collateral within broader DeFi systems — including lending protocols — its market cap is not just a valuation metric, but a proxy for trust. The current compression indicates that confidence has weakened, and until stability returns, the restaking layer remains vulnerable to further volatility. Featured image from ChatGPT, chart from TradingView.com
22 Apr 2026, 01:50
Volo Protocol Exploit: Critical $3.5M Breach Rocks Sui Network’s Liquid Staking Sector

BitcoinWorld Volo Protocol Exploit: Critical $3.5M Breach Rocks Sui Network’s Liquid Staking Sector In a significant security incident for the decentralized finance (DeFi) ecosystem, the Volo Protocol, a prominent liquid staking platform on the Sui blockchain, confirmed a devastating exploit resulting in approximately $3.5 million in losses. The breach, which occurred on the morning of March 21, 2025, targeted specific vaults holding wrapped Bitcoin (WBTC), Pax Gold (XAUm), and USD Coin (USDC). This event immediately triggered emergency protocols and raised urgent questions about security frameworks within the rapidly evolving Sui network. Anatomy of the Volo Protocol Exploit The Volo Protocol team announced the breach via an official post on the social media platform X. According to their statement, the attack was swiftly detected by internal monitoring systems. Consequently, the team initiated a multi-pronged response to contain the damage. They immediately notified key stakeholders, including the Sui Foundation and other ecosystem partners. Furthermore, the protocol’s administrators executed an emergency freeze on the three affected vaults, effectively halting any further unauthorized withdrawals. Initial forensic analysis indicates the exploit was highly targeted. The damage remained confined to three specific vaults, with no evidence of a common attack vector shared with the platform’s other secured vaults. This containment is a crucial detail for user confidence. The protocol confirmed that approximately $28 million in user deposits held within the remaining, unaffected vaults remains secure and inaccessible to the attacker. Immediate Response and Damage Control Upon discovering the exploit, the Volo team’s response followed established crisis management procedures for DeFi protocols. The immediate notification of the Sui Foundation allowed for network-level monitoring and collaboration. Freezing the vaults was the primary technical action to prevent asset drainage. The team has since committed to a full, transparent post-mortem analysis. Importantly, Volo has publicly stated its commitment to ensuring users do not bear the financial losses from this incident, a pledge that will be closely watched by the community. Context and Impact on the Sui DeFi Landscape This exploit represents one of the more substantial security incidents on the Sui network since its mainnet launch. Sui, a Layer-1 blockchain developed by Mysten Labs, has positioned itself as a secure and high-performance environment for next-generation decentralized applications. Its ecosystem has seen rapid growth in Total Value Locked (TVL), with liquid staking protocols like Volo being a core component of its DeFi infrastructure. The incident underscores the persistent security challenges in DeFi, even on newer, technologically advanced blockchains. Liquid staking, which allows users to stake native tokens and receive liquid staking tokens (LSTs) in return, involves complex smart contract interactions and cross-chain asset management. These complexities can introduce unique attack surfaces. The table below outlines the assets impacted in the Volo exploit: Asset Type Approximate Value Lost Wrapped Bitcoin (WBTC) Bitcoin-pegged token ~$2.1M Pax Gold (XAUm) Gold-backed token ~$0.9M USD Coin (USDC) Stablecoin ~$0.5M Market reaction was measured but noticeable. The native SUI token experienced minor volatility following the news. However, the broader impact centers on trust. Security researchers emphasize that the protocol’s ability to limit the breach’s scope is a positive sign of robust isolation architecture. Yet, the mere occurrence of a multi-million dollar exploit necessitates rigorous external audits and enhanced security practices across the entire Sui DeFi space. Expert Analysis on DeFi Security Posture Industry analysts point to several critical factors in this event. First, the speed of response is paramount. Volo’s detection and vault freeze likely prevented total depletion. Second, the commitment to cover user losses, if fulfilled, sets a responsible precedent but also highlights the financial risks borne by protocol treasuries and insurers. Finally, the isolated nature of the attack suggests a potential vulnerability in the specific integration or logic of those three vaults, rather than a fundamental flaw in Volo’s core protocol architecture. Comparatively, the DeFi sector has seen a reduction in total exploit value year-over-year due to improved security tooling and auditing. However, sophisticated, targeted attacks on specific contract functions remain a formidable threat. This incident serves as a stark reminder that security is a continuous process, not a one-time audit. Protocols must employ a layered defense strategy including: Time-locked upgrades and multi-signature governance for critical changes. Continuous monitoring and anomaly detection systems . Bug bounty programs to incentivize white-hat hackers. Decentralized insurance coverage for user funds. Conclusion The Volo Protocol exploit on the Sui network is a significant $3.5 million security event with important ramifications. While the breach was contained and user funds in other vaults were secured, it highlights the ever-present risks in the innovative but complex world of decentralized finance. The protocol’s swift response and pledge to cover losses are positive steps toward maintaining user trust. Ultimately, this incident will likely accelerate security investments and collaboration across the Sui ecosystem, serving as a critical case study for other liquid staking and DeFi protocols aiming to build resilient, user-protective platforms. The community now awaits the detailed technical post-mortem from Volo to understand the exact attack vector and the measures being implemented to prevent a recurrence. FAQs Q1: What is the Volo Protocol and what happened? The Volo Protocol is a liquid staking platform on the Sui blockchain. On March 21, 2025, it suffered a smart contract exploit that led to the loss of approximately $3.5 million in digital assets from three of its vaults. Q2: Were all user funds on Volo Protocol stolen? No. The exploit was confined to three specific vaults holding WBTC, XAUm, and USDC. The protocol confirmed that approximately $28 million in user deposits within its other vaults remains secure and was not accessed by the attacker. Q3: How did Volo Protocol respond to the attack? The team detected the attack, immediately notified the Sui Foundation and partners, and executed an emergency freeze on the affected vaults to prevent further outflows. They have committed to a transparent investigation and to ensuring users do not bear the financial losses. Q4: What does this mean for the security of the Sui network? While serious, the exploit appears to be a protocol-specific issue rather than a flaw in the Sui blockchain itself. The incident underscores the need for rigorous, ongoing security audits and robust smart contract design across all projects building on Sui and other networks. Q5: What are liquid staking protocols, and why are they targeted? Liquid staking protocols allow users to stake their cryptocurrency (like SUI) to help secure the network and earn rewards, while receiving a liquid token in return that can be used in other DeFi applications. Their complexity and the high value of assets they manage make them attractive targets for hackers. This post Volo Protocol Exploit: Critical $3.5M Breach Rocks Sui Network’s Liquid Staking Sector first appeared on BitcoinWorld .
22 Apr 2026, 01:10
Kelp DAO Exploit: Hacker’s $80M ETH to Bitcoin Swap Triggers THORChain Volume Frenzy

BitcoinWorld Kelp DAO Exploit: Hacker’s $80M ETH to Bitcoin Swap Triggers THORChain Volume Frenzy In a stunning development that has rocked the decentralized finance community, the perpetrator behind the Kelp DAO exploit has executed a massive cryptocurrency conversion, swapping 34,500 Ethereum (ETH) for Bitcoin (BTC) through the THORChain protocol. This Kelp DAO exploit represents one of the most significant post-hack asset movements in recent cryptocurrency history, with the $80 million transaction causing unprecedented trading volume spikes across multiple blockchain networks. Kelp DAO Exploit Triggers Massive Asset Movement According to blockchain analytics firm AmberCN, the hacker began moving stolen assets approximately 72 hours after the initial Kelp DAO breach. The perpetrator systematically converted the ill-gotten Ethereum holdings into Bitcoin using THORChain’s cross-chain capabilities. This strategic move demonstrates sophisticated understanding of cryptocurrency markets and blockchain infrastructure. Furthermore, the timing of these transactions suggests careful planning to maximize anonymity and minimize price impact. The Kelp DAO platform suffered a security breach earlier this week, though exact details about the vulnerability remain under investigation. Security researchers have identified several potential attack vectors, including smart contract vulnerabilities and potential governance manipulation. Meanwhile, the rapid movement of stolen funds highlights ongoing challenges in DeFi security and asset recovery. THORChain Experiences Unprecedented Trading Surge The massive ETH-to-BTC conversion has propelled THORChain’s trading volume to extraordinary levels. Typically averaging around $20 million daily, the decentralized exchange protocol recorded $360 million in trading volume over a 24-hour period. This represents an 1,800% increase from normal levels and demonstrates how large-scale transactions can dramatically impact decentralized exchange metrics. THORChain’s architecture proved capable of handling the substantial volume, processing the cross-chain swaps without significant network congestion. The protocol’s liquidity pools absorbed the massive transaction, though analysts noted temporary price impacts on certain trading pairs. Additionally, the RUNE token, THORChain’s native cryptocurrency, experienced increased volatility as market participants reacted to the unprecedented activity. Cross-Chain Security Implications Security experts have raised concerns about the implications of such large-scale cross-chain movements. While THORChain’s technology performed as designed, the incident highlights how decentralized protocols can inadvertently facilitate money laundering. Blockchain forensic firms are now tracing the Bitcoin addresses receiving the converted funds, though the pseudonymous nature of cryptocurrency transactions presents significant challenges. The movement also raises questions about regulatory oversight in cross-chain transactions. Unlike centralized exchanges that implement know-your-customer (KYC) procedures, decentralized protocols like THORChain operate without traditional identity verification. Consequently, this creates potential compliance gaps that regulators worldwide are increasingly scrutinizing. Market Impact and Industry Response The cryptocurrency market has reacted cautiously to the news, with Ethereum experiencing minor selling pressure as traders assessed the implications of such a large ETH-to-BTC conversion. Bitcoin’s price remained relatively stable, suggesting the market absorbed the $80 million inflow without significant disruption. However, the incident has renewed focus on DeFi security protocols and insurance mechanisms. Several industry leaders have commented on the situation. Security analysts emphasize the need for improved monitoring of cross-chain bridges and decentralized exchanges. Meanwhile, insurance providers in the DeFi space are reassessing their risk models for protocols handling large-volume transactions. The incident serves as a stark reminder of the substantial value at risk in decentralized finance ecosystems. Key market impacts include: Increased volatility in THORChain’s RUNE token Temporary liquidity shifts in Ethereum-Bitcoin trading pairs Renewed regulatory scrutiny of cross-chain protocols Enhanced security audits for DeFi platforms Historical Context of Major Crypto Exploits The Kelp DAO incident follows a pattern of high-profile cryptocurrency exploits and subsequent fund movements. In 2024, several major breaches resulted in similar large-scale asset conversions, though the THORChain volume surge represents a new benchmark for post-exploit trading activity. Historical data shows that hackers increasingly utilize decentralized exchanges and cross-chain protocols to obscure fund trails. Comparative analysis reveals interesting trends: Exploit Amount Stolen Conversion Method Time to Conversion Kelp DAO (2025) $80M ETH THORChain to BTC 72 hours Cross-Chain Bridge (2024) $65M Various Multiple DEXs 48 hours DeFi Protocol (2023) $45M ETH Centralized Exchange 5 days This data suggests hackers are becoming more efficient at converting stolen assets, reducing the window for potential recovery actions. The use of decentralized protocols also complicates law enforcement efforts, as these platforms typically lack centralized control points. Technical Analysis of the Transaction Path Blockchain analysts have meticulously traced the transaction path from the initial Kelp DAO exploit to the final Bitcoin addresses. The hacker employed sophisticated techniques to obscure the fund trail, including multiple intermediate wallets and transaction splitting. However, the sheer volume of the ETH-to-BTC conversion created distinctive patterns that forensic firms could identify. THORChain’s architecture played a crucial role in the conversion process. The protocol’s cross-chain capabilities allowed direct swapping between Ethereum and Bitcoin without traditional intermediaries. This feature, while innovative for legitimate users, presents challenges for tracking illicit funds. The decentralized nature of the protocol means no central authority can freeze transactions or reverse swaps. Key technical observations include: Batch transactions to avoid single large transfers Multiple output addresses for converted Bitcoin Strategic timing to coincide with high liquidity periods Utilization of privacy features where available Regulatory and Legal Implications The Kelp DAO exploit and subsequent fund movement have significant regulatory implications. Authorities in multiple jurisdictions are likely to increase scrutiny of cross-chain protocols and decentralized exchanges. The incident demonstrates how existing regulatory frameworks struggle to address the unique challenges of decentralized finance. Legal experts note that while the hacker’s actions clearly constitute theft under most jurisdictions’ laws, jurisdictional questions complicate prosecution. The decentralized nature of the involved protocols means no single entity controls the infrastructure, creating legal ambiguities. Additionally, the cross-border nature of blockchain transactions further complicates enforcement efforts. Regulatory bodies may respond with: Enhanced reporting requirements for decentralized protocols Increased scrutiny of cross-chain bridge operators Revised guidance on DeFi compliance obligations International coordination on cryptocurrency enforcement Industry Security Recommendations Following the Kelp DAO incident, security firms have issued updated recommendations for DeFi platforms. These include implementing more robust monitoring systems for unusual transaction patterns and enhancing smart contract audit processes. Additionally, protocols are advised to establish clearer emergency response plans for potential exploits. The incident also highlights the importance of decentralized insurance protocols and emergency funds. Platforms that maintain substantial treasury reserves for such incidents demonstrate greater resilience. Furthermore, improved communication channels between projects, security researchers, and law enforcement could facilitate faster response times during crises. Conclusion The Kelp DAO exploit and subsequent $80 million ETH-to-BTC conversion through THORChain represents a watershed moment for decentralized finance security. This incident demonstrates both the sophistication of modern cryptocurrency exploits and the challenges of tracking illicit funds across blockchain networks. The unprecedented trading volume surge on THORChain highlights how decentralized protocols can handle substantial transactions while raising important questions about regulatory oversight and security practices. As the cryptocurrency industry continues to evolve, incidents like the Kelp DAO exploit serve as crucial learning opportunities. They emphasize the need for enhanced security measures, improved monitoring systems, and clearer regulatory frameworks. The community’s response to this incident will likely shape DeFi development for years to come, influencing everything from protocol design to regulatory approaches. Ultimately, balancing innovation with security remains the central challenge for the decentralized finance ecosystem. FAQs Q1: What is Kelp DAO and what happened in the exploit? Kelp DAO is a decentralized autonomous organization operating in the DeFi space. The platform suffered a security breach that allowed a hacker to steal approximately 34,500 ETH, worth around $80 million at the time of the incident. The exact vulnerability remains under investigation by security researchers. Q2: How did the hacker convert ETH to BTC? The hacker utilized THORChain, a decentralized cross-chain protocol, to swap the stolen Ethereum for Bitcoin. THORChain enables direct asset conversion between different blockchains without traditional intermediaries, allowing the hacker to move funds across chains while maintaining relative anonymity. Q3: Why did THORChain’s volume surge so dramatically? THORChain’s trading volume surged to $360 million because the $80 million ETH-to-BTC conversion represented massive trading activity relative to the protocol’s normal daily volume of approximately $20 million. The large transaction triggered additional market activity as traders reacted to the movement. Q4: Can the stolen funds be recovered? Fund recovery in decentralized exploits presents significant challenges. Unlike centralized systems, decentralized protocols typically lack mechanisms to reverse transactions or freeze funds. Law enforcement agencies and blockchain forensic firms are investigating, but recovery prospects remain uncertain due to the pseudonymous nature of blockchain transactions. Q5: What does this incident mean for DeFi security? The Kelp DAO exploit highlights ongoing security challenges in decentralized finance. It emphasizes the need for enhanced smart contract audits, better monitoring systems, and improved emergency response protocols. The incident also demonstrates how cross-chain protocols can be used to obscure fund trails, presenting new challenges for security professionals. Q6: How are regulators likely to respond to this incident? Regulatory bodies may increase scrutiny of cross-chain protocols and decentralized exchanges following this incident. Potential responses could include enhanced reporting requirements, revised compliance guidance for DeFi platforms, and increased international coordination on cryptocurrency enforcement. The incident demonstrates gaps in existing regulatory frameworks for decentralized finance. This post Kelp DAO Exploit: Hacker’s $80M ETH to Bitcoin Swap Triggers THORChain Volume Frenzy first appeared on BitcoinWorld .
22 Apr 2026, 01:00
Ripple CEO Breaks Down How XRP Ledger DeFi Users Are Protected From Attacks Like KelpDAO

David Schwartz, the former Chief Technology Officer (CTO) of Ripple, has addressed recent concerns over DeFi bridge security, reassuring XRP Ledger (XRPL) users that the network is not exposed to attacks like those linked to the Kelp DAO exploit. He emphasized that vulnerability in cross-chain bridge systems largely depends on how they are designed and implemented, as well as on the level of reliance on external bridge infrastructure. How XRP Users Remain Protected From Kelp DAO-Related Exploits In an X post on April 20, Schwartz provided context on how users in the XRP Ledger (XRPL) ecosystem are positioned differently from those exposed to cross-chain risks in Kelp DAO exploits. The discussion follows concerns in the DeFi space after Kelp DAO suffered a major security breach tied to vulnerabilities in its bridging infrastructure. This hack resulted in approximately $292 million in rsETH tokens being stolen from the protocol and immediately used as debt collateral on Aave, a lending protocol. Related Reading: What’s Really Going On With Ripple’s XRP Ledger And Are Investors Coming Back? Schwartz noted that his past evaluations of DeFi bridging systems, including those considered for Ripple’s stablecoin RLUSD, were heavily focused on security design. According to his assessment, many of these systems already had strong mechanisms to prevent the type of fraudulent cross-chain message manipulation observed during the Kelp DAO attack. However, he noted that actual protection depends on whether projects fully activate those safeguards. The ex-Ripple CTO also pointed to a recurring issue in DeFi infrastructures, where security features exist but are often practiced optionally. He noted that most bridge providers tend to promote their systems as “super safe,” while also emphasizing ease of use and fast deployment across different blockchains. In reality, some of these stronger security settings are left optional or disabled. As a result, Schwartz noted that many developers sometimes choose simpler configurations instead of fully enabling the full set of available security options. He added that, due to the trade-off between convenience and the costs of operational complexity, some teams avoid more robust setups. In his view, this creates a serious gap and can leave systems exposed to attacks that the underlying design was intended to prevent. For XRP Ledger users, Schwartz noted that the blockchain’s reliance on bridge security systems is significantly reduced. As a result, exposure to vulnerabilities similar to the Kelp DAO incident is structurally limited. How XRP Ledger Design Reduces Reliance On Bridge Systems Schwartz has noted a structural difference in how the XRP Ledger operates compared to many DeFi ecosystems that depend on external bridges. In systems like Kelp DAO’s rsETH setup, assets move across chains through third-party bridge protocols, which introduce additional points of failure if verification rules are not strictly enforced. Related Reading: Pundit Says This Chart Paints The Clearest Macro Picture For XRP In contrast, the XRP Ledger is designed with built-in transaction finality and does not rely on the same type of external cross-chain messaging infrastructure for its core functions. This significantly reduces the ledger’s exposure to security breaches and exploits that target tricking bridge validators or falsifying cross-chain instructions. Featured image from Pixabay, chart from Tradingview.com
22 Apr 2026, 00:00
Anthropic Mythos Breach: Unauthorized Access to Exclusive AI Cybersecurity Tool Sparks Critical Enterprise Security Concerns

BitcoinWorld Anthropic Mythos Breach: Unauthorized Access to Exclusive AI Cybersecurity Tool Sparks Critical Enterprise Security Concerns San Francisco, CA – April 30, 2025 – Anthropic’s exclusive cybersecurity tool Mythos has reportedly been accessed by an unauthorized group through a third-party vendor environment, according to a Bloomberg investigation. This development raises significant concerns about the security of advanced AI systems designed for enterprise protection. The breach occurred despite Anthropic’s carefully controlled release strategy for Mythos, a tool the company specifically designed to bolster corporate security defenses. Anthropic Mythos Breach Investigation Underway Anthropic confirmed it is investigating reports of unauthorized access to the Claude Mythos Preview. The company released this statement to Bitcoin World: “We’re investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments.” Importantly, Anthropic’s internal investigation has found no evidence that the unauthorized activity impacted the company’s core systems. The breach appears limited to the preview environment accessed through vendor channels. The unauthorized group reportedly gained access on the same day Anthropic publicly announced Mythos. They employed multiple strategies to penetrate the system. According to Bloomberg’s sources, the group made educated guesses about the model’s online location. They based these guesses on knowledge of Anthropic’s formatting patterns for other models. The group’s activities highlight potential vulnerabilities in third-party security protocols. Third-Party Vendor Security Vulnerabilities Exposed The breach pathway involved a third-party contractor working with Anthropic. Bloomberg reported that the unauthorized group leveraged “access” enjoyed by an individual currently employed at this contractor. This incident underscores the persistent security challenges posed by extended enterprise ecosystems. Third-party vendors often represent the weakest link in corporate security chains. Organizations increasingly rely on specialized contractors for various functions. However, this reliance creates additional attack surfaces. The Anthropic Mythos situation demonstrates how sophisticated actors can exploit these relationships. Security experts consistently warn about third-party risks. They note that vendor security assessments often fail to keep pace with evolving threats. Key Timeline: Anthropic Mythos Security Incident Date Event April 2025 Anthropic announces Mythos cybersecurity tool Same Day Unauthorized group reportedly gains access April 30 Bloomberg publishes investigation findings Ongoing Anthropic conducts internal security review Enterprise AI Security Implications The Mythos breach carries significant implications for enterprise AI security. Anthropic designed Mythos specifically to enhance corporate cybersecurity defenses. The company acknowledged the tool’s dual-use potential during its announcement. In the wrong hands, Mythos could theoretically be weaponized against the very systems it was built to protect. This incident raises critical questions about secure AI deployment. Enterprise organizations must consider several factors: Access Control Protocols: How organizations manage permissions for powerful AI tools Vendor Risk Management: Security assessments for third-party contractors Monitoring Capabilities: Detecting unauthorized usage of AI systems Incident Response: Procedures for potential AI security breaches Unauthorized Group’s Motivations and Activities Bloomberg’s report provides intriguing details about the unauthorized group. Members belong to a Discord channel focused on discovering information about unreleased AI models. The group’s source told Bloomberg they are “interested in playing around with new models, not wreaking havoc with them.” This distinction matters for understanding potential risks. The group has reportedly used Mythos regularly since gaining access. They provided Bloomberg with evidence including screenshots and a live software demonstration. Their activities appear focused on exploration rather than malicious exploitation. However, security professionals caution that even non-malicious unauthorized access creates risks. It establishes pathways that malicious actors could later exploit. Cybersecurity experts emphasize that intent can change rapidly. A group initially interested in exploration might later decide to leverage access for other purposes. Alternatively, their access methods could be discovered and replicated by truly malicious actors. The digital security landscape evolves constantly. Project Glasswing and Controlled Release Strategy Anthropic released Mythos through an initiative called Project Glasswing. This program provided limited access to select vendors including major technology companies like Apple. The controlled release strategy aimed specifically to prevent usage by bad actors. Anthropic recognized the tool’s potential for misuse from the beginning. Project Glasswing represents a growing trend in responsible AI deployment. Companies increasingly implement phased releases for powerful AI systems. This approach allows for: Real-world testing in controlled environments Identification of potential security vulnerabilities Gradual scaling based on performance and safety data Establishment of usage protocols and best practices Despite these precautions, the reported breach demonstrates the challenges of completely securing advanced AI systems. Even limited releases to trusted partners create potential exposure points. The incident will likely influence future AI release strategies across the industry. Industry Response and Security Best Practices The cybersecurity community is closely monitoring the Anthropic Mythos situation. Industry experts note that AI security breaches require specialized response protocols. Traditional data breach procedures may not adequately address AI-specific risks. These include model extraction, prompt injection attacks, and training data poisoning. Enterprise security teams should review several areas following this incident: Vendor Security Assessments: Organizations must implement rigorous vetting for all third-party vendors with AI system access. These assessments should go beyond standard security questionnaires. They must include specific evaluation of AI security competencies and protocols. Access Monitoring: Continuous monitoring of AI system usage patterns becomes essential. Anomaly detection systems should flag unusual access patterns or usage volumes. These systems must account for the unique characteristics of AI tool interactions. Incident Response Planning: Security teams need AI-specific incident response plans. These plans should address scenarios like model compromise, unauthorized access, and potential weaponization. Regular tabletop exercises help prepare organizations for real incidents. Broader Implications for AI Security Landscape The reported Mythos breach occurs amid growing concerns about AI security. As AI systems become more powerful and integrated into critical infrastructure, their security becomes increasingly important. Several trends are emerging in the AI security landscape: First, specialized AI security roles are becoming more common. Organizations now hire professionals focused specifically on securing AI systems. These roles require understanding both traditional cybersecurity and unique AI vulnerabilities. Second, regulatory attention is increasing. Governments worldwide are developing frameworks for AI security and safety. Incidents like the Mythos breach will likely influence these regulatory developments. They demonstrate real-world risks that regulations must address. Third, the security research community is expanding its focus on AI. More researchers are investigating AI-specific attack vectors and defense mechanisms. This growing body of knowledge will help improve AI security over time. Conclusion The reported unauthorized access to Anthropic’s Mythos cybersecurity tool highlights critical challenges in enterprise AI security. While Anthropic’s investigation found no impact on its core systems, the incident reveals vulnerabilities in third-party vendor security protocols. The breach demonstrates how even carefully controlled AI releases can face security challenges. As AI systems become more integrated into enterprise operations, robust security measures become increasingly essential. The Anthropic Mythos situation serves as an important case study for organizations deploying advanced AI tools. It underscores the need for comprehensive security strategies that address both internal systems and extended vendor networks. FAQs Q1: What is Anthropic’s Mythos cybersecurity tool? Mythos is an AI-powered cybersecurity tool developed by Anthropic for enterprise security applications. The tool is designed to enhance corporate security defenses but has potential dual-use capabilities that could be exploited by malicious actors. Q2: How did the unauthorized group access Mythos? The group reportedly gained access through a third-party vendor environment. They used multiple strategies including educated guesses about the model’s online location based on Anthropic’s formatting patterns for other models. Q3: Has Anthropic confirmed the breach? Anthropic confirmed it is investigating reports of unauthorized access but stated its investigation has found no evidence that the activity impacted the company’s core systems. The investigation focuses on the preview environment accessed through vendor channels. Q4: What is Project Glasswing? Project Glasswing is Anthropic’s initiative for controlled release of the Mythos tool. It provides limited access to select vendors including major technology companies, with the goal of preventing misuse by bad actors. Q5: What are the broader implications for AI security? This incident highlights vulnerabilities in third-party vendor security and the challenges of securing advanced AI systems. It will likely influence AI release strategies, regulatory developments, and enterprise security practices across the industry. This post Anthropic Mythos Breach: Unauthorized Access to Exclusive AI Cybersecurity Tool Sparks Critical Enterprise Security Concerns first appeared on BitcoinWorld .
21 Apr 2026, 20:35
“Are We an Industry of Clowns?” Curve Founder Blasts DeFi Security Failures

Michael Egorov, founder of Curve Finance, has called for the development of industry-wide security standards in decentralized finance, amid a surge in recent hacks originating largely from centralized single points of failure. The KelpDAO exploit is one of the latest examples and ranks among the largest DeFi breaches in recent months, shaking the confidence of market participants. DeFi Security Overhaul In his latest tweet, Egorov went on to explain that many of these incidents are “absolutely preventable” and are increasingly damaging trust in the sector. He pointed to the recent scenario involving Aave, where users were unable to withdraw funds following the exploitation of rsETH, despite multiple entities in the stack, including the protocol itself and infrastructure providers, stating that their systems were functioning as intended. Egorov argued that such blame-shifting highlights a deeper structural issue in DeFi, where reliance on interconnected systems can leave users exposed when any single component fails. He said that risks tied to centralized dependencies should be minimized wherever possible, and when unavoidable, trust should be distributed rather than concentrated. “We should probably come together and develop safety standards for DeFi. How to build safely, and how to verify safety. Probably everyone should bring their best practices, and the projects, auditors, and risk assessment groups should know them.” He proposed that leading ecosystem organizations such as the Ethereum Foundation and the Solana Foundation could play a role in bringing together developers, auditors, and risk experts to establish common safety principles. The Curve founder also suggested that the sector could draw lessons from traditional finance in managing unavoidable centralized risks, even as it continues working toward a more decentralized architecture. DeFi Under Pressure The KelpDAO exploit triggered a significant DeFi downturn, as CryptoPotato previously reported that total value locked plunged across multiple networks within a day, including steep drops on Cosmos Hub. The stolen funds are now being moved, based on findings from ZachXBT and Arkham Intelligence. Data revealed that two major Ethereum transactions were carried out during European trading hours on Tuesday. Part of the stolen crypto is already being transferred between blockchains. A portion was bridged to Bitcoin using Thorchain, while another small share was sent through Umbra, a privacy-focused protocol. The laundering methods resemble past activity linked to the Lazarus Group, which has used similar routes before. The post “Are We an Industry of Clowns?” Curve Founder Blasts DeFi Security Failures appeared first on CryptoPotato .












































