hodler

1 May 2026, 02:00

New Ledger Scan Shows How Much XRP Is Quantum-Exposed

A full-history scan of the XRP Ledger has put fresh numbers on one of crypto’s more uncomfortable long-term security questions: how exposed current accounts may be to a future quantum-computing threat. The analysis, shared by dUNL validator Vet on X, examined all 7,810,364 XRP Ledger accounts and found that 76.82 billion tokens is currently held in accounts whose public keys have already been exposed through signed transactions. The thread does not argue that quantum-capable attackers are an immediate operational risk. Instead, it frames the issue as a future migration and governance problem. Once quantum-resistant cryptography is implemented , active users can move funds to new quantum-safe accounts. The harder question is what happens to accounts that cannot move. “What’s the problem with the Quantum threat that is so difficult to agree on how to solve?” Vet wrote. “We’ll need Quantum proof encryption eventually. That is most likely outcome. This means, once we implement such encryption, everyone can transfer their funds to a Quantum threat proof XRP account.” The difficulty, he argued, starts where user agency ends. Dormant accounts may belong to people who lost keys, forgot about holdings, died, or are temporarily unable to act. In a future where quantum computers can exploit exposed public keys, those funds could become vulnerable while the owner remains silent. “Here is already the Problem though,” Vet wrote. “People who can’t move their funds to a Quantum threat proof XRP account are at risk to have their funds stolen in a future with capable enough Quantum computers.” Why Exposed Public XRP Keys Matter Vet’s analysis rests on a key distinction: an account is considered “quantum exposed” only if it has submitted a signed transaction that revealed its public key on-ledger. Accounts that have never signed a transaction have not exposed that public key and are therefore treated as quantum safe under the framework used in the scan. That distinction creates a split across the ledger. According to Vet, 5.6 million accounts holding 76.82 billion tokens are quantum exposed when dormancy is not considered. However, he said 96% of that exposed XRP is held by active accounts, meaning those users would be expected to migrate once a quantum-resistant account model becomes available. The more contentious slice is dormant supply. Accounts that are both quantum exposed and dormant for at least five years hold 3.83% of all quantum-exposed XRP supply. Against total XRP supply, that represents 2.94%. The oldest dormant category, accounts dating back to the ledger’s 2013 genesis year, represents 0.03% of exposed XRP supply and 0.024% of total supply. The account count follows the same pattern. Vet identified 1.33 million accounts in the five-year dormant and exposed bucket, while the 2013 dormant group contains roughly 15,000 accounts. A Smaller Dormant Risk Than Bitcoin? Vet positioned the XRP Ledger’s dormant exposure as materially smaller than Bitcoin’s most discussed quantum-risk edge case: early unmoved BTC, including coins attributed to Satoshi Nakamoto. “Massively lower than Bitcoin, where genesis accounts alone aka Satoshi BTC are about 5% of supply,” he wrote. “That’s supply that is expected to not move to quantum safe addresses. This is not even including BTC sitting in P2PK accounts outside of Satoshi holdings.” The comparison is important because the quantum debate in crypto is not only technical. It is social. If a network introduces quantum-resistant account types, active users can rotate. Dormant users cannot. That raises a difficult governance question: should untouched funds remain exposed, should protocol rules somehow protect them, or should the network accept the risk that future attackers may drain accounts whose owners never migrated? Related Reading: XRP Sentiment Tanks To A 2-Year Low—But History Hints At Major Bullish Comeback Vet described the dormant-account issue as a “litmus test for blockchains social layer,” noting that the XRP Ledger community faces the same type of question Bitcoiners have debated around early wallets. Multi-Sig Is Not Automatically Safe The scan also found that around 27% of XRPL accounts are already quantum safe, collectively holding approximately 23.16 billion XRP. Vet said these accounts either never signed a transaction, meaning their public key never appeared on the ledger, or they disabled their master key and now sign through a fresh RegularKey or SignerList that has not been exposed. But the analysis also cautions against assuming that more sophisticated wallet setups are protected by default. Vet said 242 multi-signature wallets hold 36.60 billion XRP, equal to 36.6% of total supply, in a state where a quorum of signer public keys is already visible on-ledger. The largest examples, he said, include Ripple’s escrow distribution wallets. “So even sophisticated multi-sig setups aren’t automatically safe — they require disciplined signer-key rotation,” Vet wrote. The key nuance is operational. A single-key account can remain safe until it needs to spend, but spending reveals the relevant public key. Multi-signature setups can preserve safety if the quorum threshold is not yet exposed. Vet gave the example of a 4-of-8 SignerList with the master key disabled and only three signers’ keys visible on-ledger: the account can remain quantum safe because the exposed keys are still below the signing threshold. At press time, XRP traded at $1.3758.

1 May 2026, 00:39

Crypto hacks hit record high in April as 20+ exploits shake DeFi

Hackers stole over $625 million across 20 to 30 separate attacks in April 2026 alone. That’s nearly one attack every single day. DefiLlama posted a chart on X showing that April averaged nearly 1 attack per day, compared with previous monthly records that rarely exceeded 12 to 15 incidents. This outstripped the total for all previous quarters, pushing the month toward a record high for security breaches . Why did two attacks cause almost all the damage? Several high-impact incidents defined the month. On April 1, 2026, the Drift Protocol lost $285 million. A North Korean group spent about six months building trust with Drift employees, only to steal the funds in 12 minutes using pre-signed withdrawal instructions. As earlier reported by Cryptopolitan , KelpDAO followed suit on April 18, losing $293 million after attackers tricked its system into releasing tokens with no real backing. Both attacks originated from North Korea, but used different methods, demonstrating a level of sophistication the DeFi industry was not ready for. Together, these two incidents alone accounted for the majority of April’s losses. This shows how a small number of sophisticated attacks can destabilize large portions of the DeFi ecosystem. Why did one hack freeze billions in money that had nothing to do with KelpDAO? The group behind the KelpDAO attack deposited the stolen tokens as collateral on Aave and borrowed nearly $190 million in real Ethereum against them. Aave was now holding worthless tokens as security for real loans, and the platform’s deposits fell from $26.4 billion to around $17.9 billion in just 48 hours. Stablecoin pools on the platform hit 100% utilization, and according to Galaxy Research, Aave’s bad debt rose to between $123.7 million and $230 million. Over $13 billion exited DeFi protocols within days of the attack as users panicked and began withdrawing funds. Platforms like Morpho, Spark, Lido, Yearn, Beefy, and Ethereum itself froze certain operations due to massive outflows as trust across the industry broke down. None of these accounts for the collateral damage seen across TVL, user trust, valuations, and the space’s morale. DeFi remains a niche market until risk can be properly priced.” DeFi analyst, as quoted by BeInCrypto. Who is responsible, and how much have they stolen in total? According to TRM Labs, government-backed hacking units in North Korea were responsible for 75% of all crypto hack losses through April 2026 ($577 million out of a total $759 million). As documented by the United Nations, the US Treasury, and multiple blockchain intelligence firms, North Korea steals crypto to fund its government and weapons programs due to severe international sanctions. TRM Labs reported that North Korea stole over $6 billion in crypto since 2017. “What we are watching is not a North Korean campaign that is broader — it is one that is sharper,” Ari Redbord, Global Head of Policy and Government Affairs at TRMLabs, said. “North Korea is moving faster and more precisely than ever.” What happened to the rest of April, beyond the two big attacks? Rhea Finance lost $18.4 million on April 10. Tether froze $3.29 million of those funds in time, but the attacker used flash loans to manipulate prices and drain the pool of the remaining amount. Similarly, the crypto exchange in Kyrgyzstan, Grinex , lost $13.74 million in USDT on April 15 after hackers split the funds across 54 wallets and converted them into SunSwap to make them difficult to track. Hyperbridge also lost $2.5 million on the Polkadot network, and CoW Swap $1.2 million on April 14. Onchain analyst Wazz posted on X on April 29, saying, “Hundreds of wallets (many of which haven’t been active in 7+ years) just got drained by the same address on ETH mainnet.” He added, “Seems like a new live exploit, worth flagging.” It didn’t end there, though, because Wasabi Protocol lost approximately $5 million on the last day of April after an attacker used a compromised deployment key to exploit the system Is DeFi getting safer or more dangerous? Both, depending on how you look at it. For example, response times after attacks have greatly improved over the years, as more than 14 organizations pledged over $300 million to the DeFi United rescue fund after the KelpDAO incident. The Arbitrum Security Council even froze $71 million of the attacker’s funds using emergency powers, something that was never possible a few years ago. However, the attacks are also evolving faster than defenses can keep up, because the two biggest April incidents exploited human manipulation. Years ago, most hacks exploited bugs in the smart contracts. If losses continue at this rate, with the same number of hacks, the industry might lose about $7.5 billion in the coming months. That’s 3 times the losses in 2024. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

30 Apr 2026, 22:44

April Crypto Hack Record: AAVE Effect

April's crypto hacks broke records: 20+ exploits, 600M$ loss. KelpDAO created bad debt in AAVE with 292M$, Drift was hacked for 280M$ and delisted. AAVE 92.76$, downtrend; support 90.65$. Social en...

30 Apr 2026, 22:14

Is the BTC Rally Speculative? CryptoQuant Warning

Bitcoin's April 20% rally is speculative: CryptoQuant report warns that spot demand remains negative, futures records create vulnerability. Bull Score fell to 40, 2022 similarity risky. Current pri...

30 Apr 2026, 21:56

April’s Crypto Carnage: North Korea Hit Twice And Snagged 76% Of 2026 Hack Value

A new crypto crime report by TRM Labs paints a stark picture of how North Korean hacking groups have been operating in 2026 so far. Through April, they were responsible for 76% of all losses tied to crypto hacks, but the report emphasizes that this outcome wasn’t driven by a steady stream of attacks. Instead, the massive share of stolen value comes down to just two incidents whose combined haul—about $577 million—far outweighed everything else that year. Two Crypto Hacks, Nearly $600M Stolen The first breach highlighted by TRM Labs took place on April 1: the Drift Protocol hack. The report puts the value stolen at $285 million. The second incident followed on April 18, when the KelpDAO bridge exploit reportedly resulted in $292 million in losses. Related Reading: Hyperliquid Jumps Into The Betting Boom With New ‘Outcome Tokens’ For Real-World Events What’s striking is that these two events account for only about 3% of the total number of crypto incidents in 2026 during that period. Yet together, they represent 76% of the stolen value, underlining a pattern the report says has defined North Korea’s approach across most years since 2017—relatively few attacks, but extremely outsized payouts. The report also charts how North Korea’s share of crypto hack losses has grown over time. It notes that the figure was under 10% in 2020 and 2021, then rose to 22% in 2022, 37% in 2023, 39% in 2024, and 64% in 2025. The 76% figure through April 2026 is described as the highest sustained share on record, suggesting that the pattern seen in recent years is not just continuing, but accelerating. April Sets New Record Of Incidents TRM Labs details how the Drift Protocol hack was carried out, focusing on the time and preparation that preceded the actual drain. The crypto hack involved about three weeks of pre-attack staging. It also included months of social engineering intended to compromise protocol signers. Once the attackers were in position, the full drain reportedly took place in roughly 12 minutes, showing how planning can turn into rapid theft at the moment of execution. Related Reading: A Stealth Force In Derivatives—Why Bitcoin Can’t Punch Past $80,000 Yet The KelpDAO hack, dated April 18, followed a very different technical path. According to TRM Labs’ crypto crime report, the exploit centered on a flaw in a single-verifier design used in a LayerZero bridge. After the breach, the attackers moved quickly into laundering: they routed proceeds through THORChain after more than $75 million was frozen on the Arbitrum blockchain (ARB). The findings align with another data point from the broader crypto ecosystem. DeFiLlama, which tracks activity and incidents in decentralized finance (DeFi), flagged April as the most-hacked month in crypto history by number of incidents. Featured image created with OpenArt, chart from TradingView.com

30 Apr 2026, 21:46

Wasabi Protocol Exploit Drains $5.5M Across Four Chains As Compromised Admin Key Exposes Critical Security Flaw

The Wasabi Protocol suffered a massive hack, losing more than $5.5 million across four blockchains: Ethereum, Base, Blast and Berachain. The exploitation stems from vulnerabilities, but investigations to date confirm that the exploit was not due to any weakness of the protocol’s own smart contract code itself. Rather, the hack was due to a compromised deployer wallet, exposing one of DeFi’s ever-so-persistent weaknesses: excessive reliance on centralized governance. Security analysts spotted the incident almost immediately as they noted that the attack moved fast and followed a consistent method across each supported chain. The event has garnered significant interest from crypto community members who view it as a glaring example of how non-code vulnerabilities can wreak havoc. It seems the admin key of @wasabi_protocol has been compromised with the estimated loss of $5.5m across multiple chains, including ETH, BASE, BLAST, and BERA chains. Here is the related tx to add the malicious admin: https://t.co/e4scPX1VQg https://t.co/F2THTUsE5R pic.twitter.com/mXI04lAiKv — PeckShield Inc. (@peckshield) April 30, 2026 Admin Privilege Abuse Executed By The Attack The attack took advantage of the administration in a very systematic manner. They first compromised the master role that was controlling a whole series of dynamic nodes that can be created by those who have access to them. Using this access, the attacker called grantRole, instantly giving a malicious and new contract admin rights. The central feature for this operation was that it bypassed all delay protections as the system allowed role assignments without any timelock. Having acquired administrative control, the attacker then deployed an orchestrator contract which sequentially called strategy deposit for each of the vaults. With the contract now having admin level privileges, the only admin modifier, which is meant to restrict access, became ineffective. They allowed the attacker to drain assets directly from the vaults, transferring funds into EOAs across all four chains. The speed and accuracy of the assault suggests that they were already familiar with the system architecture and its vulnerabilities. Wasabi Protocol was drained for ~$5.5M across 4 chains (ETH, Base, Blast, Bera) via a compromised deployer key. But the on-chain activity since the drain shows the attacker's admin role has already been revoked. The attack: – Wasabi's deployer wallet (0x5c629f8c…) was… pic.twitter.com/J7O11z9HJ4 — Vadim (AI, ⋈) (@zacodil) April 30, 2026 Immediate Recovery Measures Disable Compromised Access Subsequently, on-chain measures were undertaken to quickly disable the permissions of the compromised key. All important roles (e.g. ADMIN, as well as role identifiers such as 100, 101, 102 and 103) were removed from the original compromised deployer wallet. It completely removed any remaining admin access for the attacker on the protocol. As a result, this breach sealed the specific attack vector. The analysts say the compromised key can no longer be used for any further round of unauthorized operations, a landmark in stopping that incident. However, even though access is back again, the remaining stolen funds are sitting in the attackers’ wallets on these chains with no recovery options at this time. Users of the protocol have been stranded with LP tokens worth nothing and are now waiting for an announcement on a compensation plan. The breach has had a tremendous impact on users. In this case, liquidity provider (LP) share tokens still sitting in user wallets were now stripped of their value, at least for the time being, as the assets held by vaults have been drained. The Wasabi Protocol team confirmed the incident and said investigations are underway. Until further notice, users are highly recommended to avoid using any Wasabi contracts to limit additional risks. Security companies like SEAL 911 and Blockaid are working directly with the protocol team to understand the extent of damage and outline remediation measures. Currently, the community is waiting for information on a compensation plan that will be vital in rebuilding trust and helping users recoup their losses. Update: We've been working with professional security teams including @SEAL_911 and @blockaid_ . Further updates will be shared as soon as they are available. Do not interact with Wasabi contracts until further notice. — Wasabi Protocol (@wasabi_protocol) April 30, 2026 Virtuals Protocol Responds by Freezing the Wasabi-Linked Features Repeatedly, the exploit has spoiled connected platforms, amid them Virtuals Protocol, which utilizes Wasabi’s infrastructure for certain systems. Virtuals Protocol quickly responded by freezing margin deposits associated with Wasabi. They took precautions and ensured its core operations, trading, withdrawals and agent functions, are still working. As the situation is still unfolding users are warned to never sign any kind of transaction regarding Wasabi. The team stressed that these restrictions are temporary and will be kept in place until they can ensure the integrity of upstream systems. Virtuals Protocol security remains fully intact. As a precaution, we have frozen margin deposits powered by wasabi protocol, effective immediately. All Virtuals functions, including trading, withdrawals, and agent operations, continue to operate normally. Users should avoid… https://t.co/vBja8sAQ4Y — Virtuals Protocol (@virtuals_io) April 30, 2026 ZachXBT Slams Absence Of Fundamental Security Protections The exploit provoked fresh discussions about the maturity of security practices in DeFi, amid ongoing questions about the use of administrative controls. Blockchain analysis expert ZachXBT calls into question the reasoning behind that a single externally owned account (EOA) was given so much general control with basic safety nets like multisig and cannot be timelocked. His criticism is indicative of a wider trend in the industry: smart contracts are routinely subject to extensive audits but the day-to-day security and governance structures often remain soft targets. Why did a single EOA seemingly have so much control without basic safeguards? Seems your runway was burned on KOL grifters like Kook…. https://t.co/sRNtM8Ai8K pic.twitter.com/rXzCSZpCD0 — ZachXBT (@zachxbt) April 30, 2026 Non-code Exploits Are Growing This April The Wasabi incident is a prime example of something we saw escalating throughout April : the emergence of major exploits that are not due to smart contract flaws, but rather issues in administrative security. The contract logic functioned as designed in this case. The trust model failed, simple as that; in this case S1 used a single admin key to control upstream without any additional protection layers. This pattern simulates a change in the threat landscape. Less and less do attackers try to hack into a code that is hard to compromise, but lean more towards the path of least resistance by focusing on governance and operational vulnerabilities. The takeaway for both developers and protocols is that security goes beyond code audit to ensuring stringent key management policies, access controls and fail-safe mechanisms. With investigations continuing to unravel and more details surfacing, the Wasabi exploit is likely to become an important example of the increasing risks faced by decentralized finance. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !