hodler

30 Apr 2026, 20:40

Solana Yield Protocol Carrot Shuts Down After Drift Exploit Drains $8M in TVL

Carrot, the Solana-based decentralized finance ( DeFi) yield protocol, announced its shutdown on Thursday, following direct losses tied to the April 1 exploit on Drift Protocol, which drained approximately $285 million from the Drift platform in minutes. Key Takeaways: Carrot ( DeFi Carrot) shut down April 30, 2026, citing the $285 million Drift Protocol exploit

30 Apr 2026, 20:10

Carrot Shutdown: Solana DeFi Protocol Closes After Drift Hack Fallout

BitcoinWorld Carrot Shutdown: Solana DeFi Protocol Closes After Drift Hack Fallout Solana-based DeFi protocol Carrot has announced its immediate shutdown, citing the devastating fallout from the Drift hack. The project confirmed on its official X account that continued operation is no longer possible. Users must withdraw remaining funds before May 14. Carrot Shutdown: The Drift Hack Connection The Carrot shutdown stems directly from the Drift hack. Drift, a decentralized exchange on Solana, suffered a significant security breach. This breach exposed vulnerabilities across the ecosystem. Carrot relied on Drift for critical infrastructure and liquidity pools. The hack drained funds and destabilized Carrot’s operational model. Carrot’s team stated that the hack made continued operation impossible. They emphasized that the damage was too extensive to recover from. The announcement shocked the Solana DeFi community. Many users now face uncertainty about their locked assets. Withdrawal Timeline and User Instructions Carrot has set a clear withdrawal deadline. Users must withdraw all funds by May 14. After this date, the protocol will be fully decommissioned. The team urges users to act immediately. Withdrawal window: Now until May 14 Supported assets: All user funds currently in Carrot Process: Access the Carrot interface and follow on-screen instructions Support: Limited support available via official X account Users should verify their wallet connections and complete transactions early. Delays could result in permanent loss of funds. The team warns against using third-party services for withdrawals. Impact on Solana DeFi Ecosystem The Carrot shutdown highlights ongoing risks in DeFi. Solana has experienced multiple hacks in recent months. These events erode user trust and market stability. Carrot’s closure may trigger a broader reassessment of protocol dependencies. Analysts note that interconnected protocols amplify risk. A single hack can cascade through the ecosystem. Drift’s breach exposed this fragility. Carrot became a direct casualty. Other protocols with similar dependencies may face scrutiny. Timeline of Events The Drift hack occurred in early April. Carrot announced its shutdown shortly after. The rapid timeline suggests a critical dependency. Here is a summary: Date Event Early April Drift hack discovered Mid-April Carrot assesses damage Late April Carrot announces shutdown May 14 Withdrawal deadline This timeline shows the swift impact. Carrot had little time to respond. The decision to shut down came after careful evaluation. Lessons for DeFi Users and Developers The Carrot shutdown offers critical lessons. Users must diversify their holdings across protocols. Relying on a single ecosystem increases risk. Developers should audit dependencies thoroughly. Smart contract audits are not enough. Operational dependencies also need scrutiny. Security experts recommend regular stress testing. Simulating hack scenarios can reveal weaknesses. Carrot’s failure underscores the need for redundancy. Protocols should have contingency plans for partner failures. What Happens After May 14? After the withdrawal deadline, Carrot will cease all operations. The team will decommission smart contracts. No further support will be available. Users who miss the deadline will lose access to their funds permanently. The team has not announced any recovery plans. They urge users to take immediate action. The project’s X account will remain active only until May 14. After that, all communication channels will close. Conclusion The Carrot shutdown marks a significant event in Solana DeFi. The Drift hack fallout directly caused this closure. Users must withdraw funds before May 14 to avoid losses. This incident highlights the fragility of interconnected DeFi protocols. It serves as a stark reminder of the risks inherent in decentralized finance. The Solana ecosystem must learn from this event to build more resilient systems. FAQs Q1: What caused the Carrot shutdown? The Carrot shutdown was caused by the fallout from the Drift hack. The hack destabilized Carrot’s operational model, making continued operation impossible. Q2: When is the withdrawal deadline for Carrot? The withdrawal deadline is May 14. Users must withdraw all funds before this date to avoid permanent loss. Q3: How do I withdraw my funds from Carrot? Access the Carrot interface through the official website. Connect your wallet and follow the withdrawal instructions. Complete the process before May 14. Q4: Will Carrot provide any compensation for lost funds? No. The Carrot team has not announced any compensation plans. Users are responsible for withdrawing their funds on time. Q5: Is the Solana DeFi ecosystem safe after this incident? The Carrot shutdown highlights risks in interconnected protocols. Users should exercise caution and diversify their holdings. The ecosystem remains operational but requires careful assessment. This post Carrot Shutdown: Solana DeFi Protocol Closes After Drift Hack Fallout first appeared on BitcoinWorld .

30 Apr 2026, 20:05

OpenAI Restricts Access to Cyber After Criticizing Anthropic for Limiting Mythos: A Contradictory Move

BitcoinWorld OpenAI Restricts Access to Cyber After Criticizing Anthropic for Limiting Mythos: A Contradictory Move In a surprising reversal, OpenAI restricts access to Cyber , its advanced cybersecurity tool, just days after CEO Sam Altman publicly criticized Anthropic for limiting its competing tool, Mythos. This move, announced on April 30, 2026, in San Francisco, has sparked debate about consistency in AI safety policies. Altman now confirms that OpenAI will roll out GPT-5.5 Cyber exclusively to “critical cyber defenders.” OpenAI Restricts Access to Cyber: The Announcement On Thursday, Sam Altman posted on X that OpenAI would begin distributing GPT-5.5 Cyber to select users. The company launched an application portal where cybersecurity professionals must submit credentials and planned use cases. OpenAI evaluates each request before granting access. The tool performs penetration testing, vulnerability identification and exploitation, and malware reverse engineering. It helps organizations find security holes and test defenses. However, the fear of misuse by malicious actors drives this restrictive policy. The Anthropic Mythos Controversy Earlier this month, Anthropic limited access to Mythos, its own cybersecurity AI. Sam Altman called this tactic “fear-based marketing.” Many critics agreed, arguing Anthropic exaggerated the risks. Some even accused the company of creating artificial scarcity. Ironically, an unauthorized group reportedly gained access to Mythos anyway, undermining Anthropic’s security claims. This event set the stage for OpenAI’s own restrictive approach. Key Differences Between Cyber and Mythos OpenAI Cyber: Focuses on penetration testing, vulnerability exploitation, and malware reverse engineering. Anthropic Mythos: Designed for threat detection, incident response, and secure code generation. Access Model: Both use application-based access, but OpenAI claims tighter government consultation. Target Users: Cyber targets critical infrastructure defenders; Mythos aimed at enterprise security teams. Why OpenAI Restricts Access to Cyber Now OpenAI cites the dual-use nature of Cyber as the primary reason. The tool can identify and exploit vulnerabilities, making it a powerful weapon in the wrong hands. Altman stated that OpenAI is working with the U.S. government to define legitimate users. The company plans to expand access gradually, focusing on organizations with proven cybersecurity credentials. This cautious approach contrasts sharply with Altman’s earlier criticism of Anthropic. Timeline of Events April 10, 2026: Anthropic releases Mythos with restricted access. April 15, 2026: Sam Altman criticizes Anthropic on X, calling it fear-based marketing. April 20, 2026: Unauthorized group reportedly gains access to Mythos. April 30, 2026: OpenAI announces restricted access to Cyber. Industry Reactions and Expert Analysis Cybersecurity experts have mixed reactions. Dr. Elena Torres, a cybersecurity researcher at MIT, notes, “Both companies face the same dilemma. Tools like Cyber and Mythos are too powerful for open release. Restricting access is prudent, not hypocritical.” However, critics argue that Altman’s earlier comments undermine OpenAI’s credibility. “You cannot criticize a competitor for doing exactly what you plan to do,” says tech analyst Mark Chen. The incident highlights the challenge of balancing innovation with safety in AI. Potential Impact on Cybersecurity Positive: Reduces risk of AI-powered cyberattacks by malicious actors. Negative: Slows adoption by legitimate defenders who need these tools. Uncertain: May create a black market for unauthorized access, as seen with Mythos. Comparison of Access Policies Feature OpenAI Cyber Anthropic Mythos Release Date April 30, 2026 April 10, 2026 Access Method Application with credentials Invitation-only Government Involvement U.S. government consultation No public mention Target Users Critical cyber defenders Enterprise security teams Reported Breaches None yet Unauthorized access confirmed OpenAI’s Justification and Future Plans OpenAI states that Cyber will become more widely available over time. The company plans to consult with the U.S. government to identify more users with legitimate cybersecurity credentials. Altman emphasizes that safety is the priority. “We cannot release a tool that could cause harm,” he said. This stance aligns with OpenAI’s broader mission to ensure AI benefits all of humanity. However, the contradiction with earlier statements remains a point of contention. Lessons from the Mythos Breach The unauthorized access to Mythos serves as a cautionary tale. It proves that no access system is foolproof. OpenAI must learn from this incident to avoid similar vulnerabilities. The company should implement multi-factor authentication, continuous monitoring, and strict usage auditing. Additionally, OpenAI could collaborate with ethical hackers to identify weaknesses in its access control system. Conclusion OpenAI restricts access to Cyber after criticizing Anthropic for limiting Mythos, creating a significant policy contradiction. While the decision prioritizes safety, it undermines Altman’s earlier rhetoric. The incident underscores the complex balance between AI innovation and security. As both companies navigate these challenges, the cybersecurity community watches closely. The future of AI-powered defense tools depends on responsible deployment and transparent policies. FAQs Q1: Why did OpenAI restrict access to Cyber? OpenAI restricts access to Cyber to prevent misuse by malicious actors. The tool can identify and exploit vulnerabilities, making it dangerous in the wrong hands. The company prioritizes safety over widespread availability. Q2: How does OpenAI’s Cyber differ from Anthropic’s Mythos? Cyber focuses on penetration testing and malware reverse engineering, while Mythos targets threat detection and secure code generation. Both use restricted access models, but OpenAI involves government consultation. Q3: Did Sam Altman really criticize Anthropic for the same policy? Yes, Altman called Anthropic’s restriction of Mythos “fear-based marketing.” This contradiction has drawn criticism from industry observers and cybersecurity experts. Q4: Can I apply for access to OpenAI Cyber? Yes, OpenAI has an application portal on its website. You must submit your credentials and planned use. The company evaluates each request and grants access to qualified cybersecurity professionals. Q5: What happened with the unauthorized access to Mythos? An unauthorized group reportedly gained access to Mythos despite Anthropic’s restrictions. This incident highlights the challenges of securing advanced AI tools and serves as a warning for OpenAI. Q6: Will OpenAI ever make Cyber widely available? OpenAI plans to expand access gradually. The company is consulting with the U.S. government to identify more legitimate users. However, no timeline for general availability has been announced. This post OpenAI Restricts Access to Cyber After Criticizing Anthropic for Limiting Mythos: A Contradictory Move first appeared on BitcoinWorld .

30 Apr 2026, 19:55

Ethereum users noticed over 500 wallets were drained in the past 24 hours

On-chain investigators noted multiple Ethereum wallets drained after up to seven years of no activity. The exploit caused up to $800K in losses, with the proceeds moved and mixed through ThorChain. In a post on X (formerly Twitter), user @WazzCrypto disclosed that hundreds of wallets have had their funds drained. While wallet-draining is not a new type of attack, one thing that stood out this time was that the affected wallets were dormant for up to 7 years. Aside from the on-chain record, over the past 24 hours, there have been reports on X by some users confirming their wallets had been drained. Hundreds of wallets (many of which haven't been active in 7+ years) just got drained by the same address on ETH mainnet Seems like a new live exploit, worth flagging https://t.co/QiKU1b86Uv pic.twitter.com/o1uU85CLPT — Wazz (@WazzCrypto) April 30, 2026 The ongoing attack mostly affected wallets aged 4 to 8 years, according to on-chain data. The oldest wallet had not moved funds in nearly 14 years . Even advanced and experienced crypto users reported having their wallets drained after no known interactions with smart contracts or protocols. The most worrying part of the attack is the unknown vector for compromising the wallet’s private keys. Users may prevent losses by preemptively moving funds to new storage with a safely generated private key. Ethereum attack sweeps hundreds of wallets The attacker swept over 500 wallets, collecting 2 ETH to swap into XMR for privacy. The wallets contained not only ETH, but other assets as well, and some of the tasks may have been done manually, as noted by on-chain researcher @tayvano . Some of the wallets were not fully drained, and researchers are still searching for signs of wallet filtering or clustering. Following the initial asset sweep, the attackers moved to mixing the coins and tokens, similar to other recent DeFi hacks. The actions were similar to other attempts to disguise funds performed by DPRK hackers. A total of 324.741 ETH was bridged as wrapped assets on the Bitcoin network using ThorChain . Around $32,000 in ETH were stored in another wallet . Some of the funds were swapped into 9.56 BTC . Wallets may be exposed through trading bots, contracts, or npm attacks One possible explanation includes leaked private key databases, activated after years to claim coins. Other hypotheses include flawed Electrum wallet usage, which has been linked to contaminated versions. It is possible that some of the old addresses were in a database of compromised keys. As Cryptopolitan reported, similar attacks have happened in connection with the LastPass breach. One of the hypotheses is that another batch of wallets and passwords was exposed. The recent wallet-draining attacks happened just days after the Bitwarden hack, but other npm supply chain attacks have shown it is possible to steal crypto from hot wallets. The other possible explanation is the usage of trading bots, which often require the user to input a private key. The recent wave of attacks has led to a decline in trust in DeFi protocols, and continues to make the argument against efforts to present Ethereum and other chains as suitable for large-scale financial activity. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

30 Apr 2026, 18:35

Carrot shuts down weeks after Drift exploit slashed protocol value

Carrot is shutting down operations after losses tied to the Drift exploit, marking one of the clearest cases of DeFi contagion in April.

30 Apr 2026, 18:00

Did ZetaChain ignore a bug report that could have prevented $334K exploit?

DeFi hacks have hit $629 million April, the highest monthly losses in over a year.