Invest ideasNews
6 May 2026, 06:27
Frozen ETH worth $71 million faces new court battle
🕵️ $71 million in ETH remains frozen after an Aave platform hack. Lawyers now argue the incident was fraud, not theft, to transfer the ETH to terrorism victims. 🔑 Key point: The legal strategy hinges on using U.S. Continue Reading: Frozen ETH worth $71 million faces new court battle The post Frozen ETH worth $71 million faces new court battle appeared first on COINTURK NEWS .
6 May 2026, 05:30
Aave Challenges $71M Freeze, Seeking Fast Ruling to Restart Restitution for Users
On May 4, decentralized finance protocol Aave filed an emergency motion to lift a restraining notice that has frozen $71 million in recovered ethereum. Key Takeaways: Aave filed a May 4 motion to vacate a court order freezing $71 million in ETH recovered from a recent exploit. ZachXBT alleged the freeze involves fraudulent claims, impacting
6 May 2026, 04:00
Ethereum Freeze Battle Intensifies As Aave Seeks Restraining Notice Lift
A $300 million bond demand is now at the center of a legal fight over 30,766 Ethereum frozen in the wake of April’s Kelp DAO hack — and a New York court will decide whether the funds stay locked or flow to victims. DeFi Protocol Takes Legal Action Aave filed an emergency motion in a New York district court Monday, asking a judge to throw out a restraining notice that has blocked the Arbitrum DAO from moving the frozen Ethereum. If the court won’t act immediately, Aave’s lawyers want the law firm behind the notice — Gerstein Harrow LLP — to post a $300 million bond just to keep the freeze in place. No hearing date has been scheduled. A judge has not yet ruled. Aave LLC has filed an emergency motion to vacate a restraining notice served on Arbitrum DAO on May 1, 2026 that attempts to seize approximately $71 million in ETH belonging to victims of the April 18 exploit. A thief does not gain lawful ownership of stolen property simply by… pic.twitter.com/NwgKIdU1L7 — Aave (@aave) May 4, 2026 The restraining notice was served by Gerstein Harrow on Friday. The firm argues its clients hold more than $877 million in default judgments against North Korea and that the hackers behind the Kelp exploit were North Korean operatives. Based on that claim, the firm says its clients have a legal right to the frozen assets. Aave’s legal team pushed back hard. A thief, they said, does not acquire ownership of property simply by taking it. They also challenged the core premise of Gerstein Harrow’s argument — that North Korea carried out the hack — calling it “conjecture from posts on the internet” rather than established fact. Victims Waiting As Arbitrum DAO Votes The Kelp DAO hack took place on April 18, 2026 and resulted in losses of roughly $292 million. In the weeks since, the Arbitrum DAO has been weighing a proposal to release the frozen ETH to DeFi United, a coordination effort aimed at making rsETH holders whole and restoring the token’s backing. That vote closes May 7. Gerstein Harrow’s restraining notice arrived just days before the deadline, halting any transfer while the legal question is sorted out. Reports indicate the notice effectively placed Arbitrum DAO in a legal bind — it cannot move the funds without risking contempt, even as the community vote moves forward. Aave argued the delay is causing damage that money cannot fix. Users whose frozen assets were being used as loan collateral on other platforms may not be able to meet those obligations while the Ethereum sits locked. According to court filings, Aave warned that continued restraint could destabilize the wider DeFi market, not just the Kelp victims. A Pattern Of Claims Tied To North Korea Hacks This is not the first time Gerstein Harrow has pursued this kind of case. The firm has filed similar restraining actions tied to assets from the 2023 Heco Bridge hack and the 2025 Bybit exploit, each time arguing that frozen funds linked to North Korean hackers should flow to its clients rather than to affected users or platforms. Featured image from Unsplash, chart from TradingView
6 May 2026, 03:46
Coinbase CEO Brian Armstrong pushes AI-first overhaul, fires 700 people
Coinbase (COIN) is cutting about 700 workers, equal to roughly 14% of its global staff, as CEO Brian Armstrong rebuilds the crypto exchange around AI, lower costs, and smaller teams. The company expects most job cuts to be completed in the second quarter of 2026. Coinbase also expects to book about $50 million to $60 million in charges, mainly tied to severance and employee benefits. The exchange warned that the final bill could rise if other restructuring costs appear. Its shares fell 3% in after-hours trading after the announcement, so the market did not exactly throw confetti. Brian Armstrong cuts Coinbase staff as weak trading pushes the exchange into a leaner AI setup Brian said Coinbase remains well funded for long-term growth, but the company still has to cut down its operating size while the market stays weak. His blog post tied the plan to the next crypto cycle, meaning the exchange wants fewer layers before trading activity comes back. That is the kind of language companies use when they want to say the business is fine, but the payroll is too heavy for the present market. The layoff package gives affected U.S. workers at least 16 weeks of base pay. They will also get two extra weeks of pay for every year they worked at the company, their next equity vesting, and six months of healthcare coverage. Coinbase has gone through earlier job cuts during crypto downturns because the business is still tied closely to trading fees and investor appetite. Brian also pointed to new AI tools that now help non-engineering teams write code and automate jobs that once needed more people. He then said: Over the past 13 years, we have weathered four crypto winters, gone public, and built the most trusted platform in our industry. We’ve made it this far by making hard decisions and by always staying focused on our mission. This time will be no different – nothing has changed about the long term outlook of our company or industry. Yoni Assia says eToro uses AI tools, as Coinbase also fights a whale lawsuit The Coinbase cuts came up during an interview with eToro (ETOR) founder and CEO Yoni Assia on Monday, who was asked whether eToro had faced its own “Coinbase moment” after the exchange reduced staff because of crypto conditions. Yoni answered that eToro made “a small, relatively minor adjustment” earlier this year. He framed the bigger issue as training workers and giving them access to AI tools. Yoni said eToro uses Cursor, Groq, Anthropic, OpenAI, Gemini from Alphabet (GOOGL), and Microsoft Copilot from Microsoft (MSFT). He also mentioned fresh deals with Groq, Cursor, and Anthropic. Yoni then said that AI use inside eToro jumped by more than 1,000% in the last four months. He named November as a turning point, then mentioned Opus 4.5, GPT 5.5, and Groq 4.3 as tools that made AI more useful inside the company. He also said eToro launched an App Store and released 40 new apps. Those apps were built by AI, tested by AI, and deployed by AI, while one person guided the idea and product goal. That is the same labor story now hitting Coinbase: fewer people, more automated work, and faster product output. At the same time, Coinbase is dealing with a lawsuit from an anonymous crypto whale based in Puerto Rico. The user sued the exchange this week, claiming Coinbase has not released funds stolen in a 2024 hack. The case was filed Monday in federal court in San Francisco. The filing hides key details, but it aligns with an August 2024 exploit in which one crypto user lost more than $55 million in DAI, an Ethereum stablecoin, after falling for a phishing scam. The whale says several on-chain investigation firms traced the stolen assets to a Coinbase account. By early December 2024, the exchange had identified the funds and frozen them during an investigation, the lawsuit says. The user now claims that about a year and a half later, the crypto still has not been returned. The complaint says Coinbase will not release the funds unless a court orders it. The $55 million DAI theft was first flagged by pseudonymous on-chain sleuth ZachXBT. Hackers allegedly used Inferno Drainer to create a fake DeFi Saver login page for the victim. The smartest crypto minds already read our newsletter. Want in? Join them .
6 May 2026, 02:14
Kelp DAO moves $292 million rsETH after major hack
🚨 $292 million in rsETH was stolen from Kelp DAO after a major attack exploiting LayerZero’s bridge. Kelp DAO is switching its rsETH cross-chain operations from LayerZero to Chainlink CCIP to boost security. 🔑 Key point: Nearly half of LayerZero contracts used just one validator before the shift. Continue Reading: Kelp DAO moves $292 million rsETH after major hack The post Kelp DAO moves $292 million rsETH after major hack appeared first on COINTURK NEWS .
6 May 2026, 00:12
Kelp DAO drops LayerZero for Chainlink CCIP, says it was sold the failed setup
In an X post on May 5, Kelp DAO confirmed that it is migrating its rsETH liquid restaking token away from LayerZero’s OFT standard to Chainlink’s CCIP, citing the April 18 exploit that drained $292 million. With the announcement, Kelp DAO also published screenshots of communications with LayerZero personnel showing the company’s team approved the 1-of-1 verifier setup responsible for the loss. The migration is already technically underway. Kelp’s GitHub repository now lists “CCIP (Chainlink) RSETH (New)” alongside the legacy LayerZero RSETH_OFT contract. Kelp’s GitHub now lists CCIP (Chainlink) RSETH as the new bridged rsETH contract, alongside the legacy LayerZero RSETH_OFT contract | Source: Github Kelp says LayerZero approved the setup it later blamed The April 18 attack on Kelp DAO drained 116,500 rsETH, about 18% of the liquid restaked token (LRT) in circulation from its LayerZero-powered bridge. According to Chainalysis, the attackers compromised internal RPC nodes operated by LayerZero Labs and used a DDoS attack to force traffic onto the poisoned nodes. The 1-of-1 Decentralized Verifier Network configuration meant a single forged signature was enough for the destination chain to release tokens with no matching burn upstream. LayerZero’s April 19 post-mortem said Kelp’s setup “directly contradicts” the multi-DVN model LayerZero recommends. Kelp’s May 5 response disputes that characterization. After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to @chainlink CCIP. From the April 18 incident, it is clear that LayerZero's own infrastructure was exploited, resulting in $300M in losses across DeFi.… https://t.co/beIrfZZLlh — Kelp (@KelpDAO) May 5, 2026 One screenshot Kelp published quotes a LayerZero team member writing: “No problem on using defaults either.” The exchange dates from Kelp’s L2 expansion and references the same 1-of-1 LayerZero Labs DVN configuration later cited in the post-mortem. This is a Telegram communication with a LayerZero Labs team member stating that they are not only aware of Kelp’s 1-1 DVN configuration but they also explicitly approved that setup. | Source: X The data backs Kelp’s position on how widespread the configuration was. Reports suggest that 47% of active LayerZero OApp contracts used a 1-of-1 DVN setup at the time of the exploit. LayerZero has since banned the complicit configuration and is pushing a migration for every affected application. The same default appeared in LayerZero’s own V2 OApp Quickstart and bug bounty scope, which excluded application-level verifier choices from rewards. As Cryptopolitan reported in late April, the exploit triggered Aave TVL outflows of $13 billion within days, with bad debt exposure at the lending protocol estimated at $177 million before recovery efforts began. Why Kelp DAO chose Chainlink CCIP According to Chainlink co-founder Sergey Nazarov, CCIP’s architecture differs from bridge alternatives in three structural ways: Each lane on CCIP runs three separate Oracle networks rather than three nodes inside one network. Each network is responsible for confirming a different aspect of the transaction. So, compromising one does not affect the other. A separate risk management network sits alongside the core protocol, where teams can encode chain-specific policies, such as rules for handling reorgs or new attack vectors, without changing the underlying code. The risk management network and transaction networks were built by different teams in different programming languages . A flaw in one codebase does not extend to the other. In essence, CCIP reduces the chance that one compromised verification path can authorize a bad rsETH release. Even if you’re able to break one of those codebases because you know one language or you found one flaw, that flaw does not extend to the other codebase. – Sergey Nazarov. “It’s really the only bridge in which you have a kind of client diversity and separate codebases interacting with each other in a secure way,” he added. The April 18 exploit succeeded because there was one verifier, one set of code, and one infrastructure operator to compromise. CCIP has been operating without a publicly disclosed value-loss incident since launch. What comes next LayerZero pledged 10,000 ETH to the DeFi United recovery fund last week. Arbitrum’s Security Council froze 30,766 ETH from the attacker’s wallets. The legal status of those funds remains contested after US claimants with terrorism-related judgments against North Korea moved to attach them as DPRK property earlier this month. For Kelp, the migration to CCIP is the structural answer. For LayerZero, the forced multi-DVN migration across roughly half its application base is what comes after the worst DeFi exploit of 2026 so far. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .
