hodler

6 May 2026, 16:19

KelpDAO Slams Layerzero After $300M Exploit, Shifts rsETH to Chainlink CCIP

Following a $300 million exploit on April 18, 2026, KelpDAO has publicly challenged LayerZero Labs’ account of the incident, alleging that the bridge provider is deflecting blame for its own infrastructure failures. The Dispute Over Network Configuration KelpDAO has issued a blistering response to Layerzero Labs following an April 18 exploit that drained more than

6 May 2026, 15:03

LayerZero and KelpDAO trade accusations over $292M North Korea-linked hack

Bryan Pellegrino, founder and CEO of LayerZero Labs, has fired back at KelpDAO after the liquid restaking protocol published a long post alongside screenshots that it claims are proof that LayerZero personnel approved the single-verifier bridge configuration that was exploited in the $292 million hack on April 18. Pellegrino said KelpDAO’s account of the events is largely untrue and that Kelp itself downgraded from a more secure default setup. The public pointing of accusing fingers between both platforms fractures what has shaped up to be a unified front by DeFi projects that took it upon themselves to contain the fallout of the exploit, rallying under the banner “DeFi United.” LayerZero pledged more than 10,000 ETH to Aave-led recovery efforts on April 28, according to a post from the protocol’s official account. However, the latest development begs the question of who bears responsibility for the exploit’s root cause, and so far, it seems to have turned former allies into adversaries. Why are LayerZero and KelpDAO beefing? In a thread posted on X on May 5, Pellegrino challenged three specific claims KelpDAO made in its announcement that it would migrate rsETH bridging from LayerZero to Chainlink’s CCIP. “A ton of this is just completely untrue,” Pellegrino wrote . He said Kelp originally deployed with LayerZero’s default multi-DVN (Decentralized Verifier Network) configuration and “manually migrated to a 1/1 config later.” Pellegrino said KelpDAO downgraded itself from a more secure default setup. Source: @PrimordialAA via X/Twitter. A 1-of-1 DVN setup means a single verification signature is enough to authorize cross-chain token transfers, removing the redundancy that multi-DVN provides. Pellegrino added that “almost 100% of the volume on a 1/1 config was rsETH,” pointing to Kelp as the dominant user of the setup that was exploited. He also noted that LayerZero’s documentation warns against using a single-verifier configuration for production applications. In an earlier post on May 4, Pellegrino acknowledged personal conflict over the situation. “I still carry a huge amount of cognitive dissonance here,” he wrote. Pellegrino stated that he was wrong on the assumption that someone manually changing the configs that they had helped them to set up to a 1/1 was impossible. Based on Pellegrino’s admission, the protocol provided the infrastructure, but each application chose how to configure it. While he stated that it was easy to sit back and do nothing, he acknowledged that it was not the right approach. KelpDAO says LayerZero signed off on the setup KelpDAO’s May 5 post took a different position. According to Cryptopolitan’s earlier reporting , Kelp published Telegram screenshots showing a LayerZero team member writing “No problem on using defaults either” during discussions about Kelp’s L2 expansion. Kelp says those exchanges span eight discussions over 2.5 years without objection from LayerZero personnel. Kelp announced it is migrating rsETH to Chainlink’s CCIP, calling the move a direct response to the exploit. The migration is already in progress. Kelp’s GitHub repository lists a new “CCIP (Chainlink) RSETH” contract alongside the legacy LayerZero RSETH_OFT contract, according to Cryptopolitan’s earlier coverage. The exploit and its scale The April 18 attack drained 116,500 rsETH, roughly 18% of the liquid restaked token in circulation, from Kelp’s LayerZero-powered bridge. At the time of the exploit, 47% of active LayerZero OApp contracts used a 1-of-1 DVN setup, according to data cited in earlier reporting. LayerZero has since banned the configuration and is pushing migrations across its application base. DeFi is at a crossroads The Pellegrino-Kelp dispute will likely shape how DeFi protocols negotiate security responsibilities with infrastructure providers going forward. LayerZero faces pressure to explain why nearly half its application base ran a configuration it now calls unacceptable. Kelp faces scrutiny over why it downgraded from a multi-verifier default, if Pellegrino’s account is accurate. The frozen ETH on Arbitrum remains in legal limbo, and the 10,000 ETH DeFi United recovery contribution from LayerZero is disappearing in the rearview mirror. Your bank is using your money. You’re getting the scraps. Watch our free video on becoming your own bank

6 May 2026, 14:08

NYSE tokenization partners warn synthetic stock tokens could mislead retail traders

Offshore synthetic tokens may not represent the underlying equity, use company names without approval, and exploit regulatory arbitrage.

6 May 2026, 12:35

Ekubo Protocol Exploited for $1.4 Million in WBTC via EVM Router Vulnerability

BitcoinWorld Ekubo Protocol Exploited for $1.4 Million in WBTC via EVM Router Vulnerability Ekubo Protocol, a decentralized finance platform built on the StarkNet ecosystem, has suffered a significant security breach, losing approximately $1.4 million worth of Wrapped Bitcoin (WBTC). The exploit, first reported by The Block, targeted a vulnerability in the protocol’s Ethereum Virtual Machine (EVM) swap router. How the Attack Unfolded Blockchain security firm Blockaid identified the root cause as a flaw within the Ekubo v2 EVM extension contract. The attacker exploited this weakness through a series of approximately 85 consecutive transactions, systematically draining funds from the protocol. The primary victim, a single liquidity provider, lost around 17 WBTC, which was immediately converted into Wrapped Ether (WETH) and Dai (DAI) stablecoin to obfuscate the trail and realize the stolen value. Implications for DeFi Security and Cross-Chain Bridges This incident underscores the persistent security challenges facing the decentralized finance sector, particularly in protocols that bridge different execution environments. Ekubo’s use of an EVM router within the non-EVM StarkNet ecosystem introduces a complex attack surface. The exploit highlights the risks associated with smart contract extensions that facilitate cross-chain or cross-virtual machine operations, a common feature in multi-chain DeFi architectures. What This Means for Users and the Market For users, the event is a stark reminder of the importance of due diligence when providing liquidity to protocols with novel or complex technical architectures. While the total loss is relatively small compared to major DeFi hacks, the methodical nature of the attack—using 85 transactions to avoid triggering alarms—demonstrates a sophisticated understanding of the protocol’s internal logic. The market impact has been contained so far, but the incident may prompt other protocols to audit their own EVM compatibility layers more rigorously. Conclusion The Ekubo Protocol exploit is a targeted attack on a specific vulnerability in its EVM swap router, resulting in a $1.4 million loss for a single liquidity provider. The incident adds to the growing list of DeFi security failures and reinforces the need for continuous, in-depth smart contract audits, especially for cross-environment integrations. Users and developers alike should view this as a cautionary tale about the risks inherent in bridging different blockchain technologies. FAQs Q1: What was the total amount lost in the Ekubo Protocol exploit? The total loss is approximately $1.4 million worth of Wrapped Bitcoin (WBTC), equivalent to about 17 WBTC. Q2: How did the attacker exploit the protocol? The attacker exploited a vulnerability in the Ekubo v2 EVM extension contract, using 85 consecutive transactions to drain funds through the protocol’s EVM swap router. Q3: What happened to the stolen funds? The stolen WBTC was quickly converted into Wrapped Ether (WETH) and Dai (DAI) stablecoin to make the funds harder to trace and to realize the value in more liquid assets. This post Ekubo Protocol Exploited for $1.4 Million in WBTC via EVM Router Vulnerability first appeared on BitcoinWorld .

6 May 2026, 12:00

KelpDAO dumps LayerZero for Chainlink CCIP after $293mln exploit

KelpDAO blamed LayerZero's failure over recent attack and announced plans to migrate to Chainlink's CCIP.

6 May 2026, 11:40

Coinbase Sued Over $55M in Frozen DAI Tied to Hack and Tornado Cash Laundering

BitcoinWorld Coinbase Sued Over $55M in Frozen DAI Tied to Hack and Tornado Cash Laundering A new lawsuit filed in a San Francisco federal court accuses Coinbase of holding $55 million in DAI stablecoins that were allegedly stolen in a hack and laundered through the privacy protocol Tornado Cash. The plaintiff, who claims rightful ownership of the frozen assets, is demanding their immediate return. The case highlights the growing legal tension between cryptocurrency exchanges, victims of theft, and the regulatory framework surrounding frozen digital assets. The Allegations and Frozen Funds According to the complaint, an unidentified hacker stole approximately $55 million in DAI and then used Tornado Cash to obfuscate the transaction trail before depositing a portion of the funds into a Coinbase account. Coinbase subsequently froze the assets, citing security concerns. The plaintiff, who has not been named publicly, asserts that the funds belong to them and that Coinbase is unlawfully withholding the money. The lawsuit also names the presumed hacker as a defendant, though their identity remains unknown. Coinbase has publicly acknowledged that it holds the funds in question. In a statement, the exchange indicated that it requires a court order to release the frozen assets, a standard procedure in cases involving potentially stolen or illicit funds. This position places the exchange in the middle of a complex legal dispute between the alleged victim and the unknown perpetrator. Broader Implications for Crypto Exchanges This lawsuit underscores a recurring challenge for centralized exchanges: balancing the duty to protect customer assets with the legal obligation to comply with anti-money laundering (AML) and know-your-customer (KYC) regulations. When funds are flagged as potentially stolen, exchanges often freeze them pending investigation. However, determining the rightful owner can be legally fraught, especially when the funds have passed through privacy tools like Tornado Cash. Tornado Cash itself has been a flashpoint in crypto regulation. The U.S. Treasury Department sanctioned the protocol in 2022, alleging it facilitated money laundering by North Korean hackers and other illicit actors. While those sanctions have faced legal challenges, the tool remains a focal point for regulators. The involvement of Tornado Cash in this case adds a layer of regulatory complexity, as exchanges must decide whether to honor the sanctions or risk facilitating illegal transactions. What This Means for DAI Holders and Investors For everyday crypto users, the case serves as a reminder that stablecoins like DAI, while designed to maintain a 1:1 peg to the U.S. dollar, are not immune to theft or legal disputes. When assets are frozen by an exchange, recovery can require costly and time-consuming litigation. The outcome of this lawsuit could set a precedent for how exchanges handle frozen assets linked to hacks, particularly when privacy tools are involved. Legal experts note that the case may also test the limits of Coinbase’s liability. If the court rules that the exchange must return the funds to the plaintiff without a clear identification of the hacker, it could open the door to similar claims from other alleged victims. Conversely, if Coinbase is required to hold the funds until the hacker is identified, it may create a backlog of frozen assets and legal battles. Conclusion The lawsuit against Coinbase over $55 million in frozen DAI is a significant development in the ongoing intersection of cryptocurrency, privacy, and law enforcement. As the case progresses through the federal court system, it will likely influence how exchanges manage frozen assets and respond to claims of theft. For now, the frozen DAI remains in limbo, awaiting a judicial decision that could have lasting implications for the broader crypto ecosystem. FAQs Q1: Why did Coinbase freeze the DAI funds? Coinbase froze the funds after they were flagged as potentially stolen, following a hack and laundering through Tornado Cash. The exchange requires a court order to release them, as standard procedure in such cases. Q2: What is Tornado Cash and why is it relevant? Tornado Cash is a privacy protocol that obscures transaction trails on the Ethereum blockchain. It has been sanctioned by the U.S. Treasury for alleged use in money laundering, making its involvement in this case a key legal and regulatory issue. Q3: Could this lawsuit affect how other exchanges handle frozen assets? Yes. The court’s decision may set a precedent for how exchanges determine the rightful owner of frozen funds, especially when the funds have passed through privacy tools. It could also influence future regulatory guidance on asset freezes and recovery. This post Coinbase Sued Over $55M in Frozen DAI Tied to Hack and Tornado Cash Laundering first appeared on BitcoinWorld .