hodler

30 Apr 2026, 12:29

XRP Surges 63% in Daily ETF Inflows as Crowd Turns Dangerously Greedy; $5.5 Million Lost in Fresh Ethereum DeFi Hack; $95,200 Bitcoin Is Prime Scenario for 2026...

XRP ETF inflows soar 63% on Rakuten news as the greed index peaks, while a $5.5 million hack hits Wasabi and bullish Bollinger Bands point toward a $95,200 Bitcoin target.

30 Apr 2026, 12:13

Wasabi Protocol Hack: $4.55M Loss Rocks DeFi

Wasabi Protocol shaken by 4.55M$ hack. Single admin key vulnerability triggered Drift-like heist. $DRIFT delisted from exchanges. ETH $2,259 (-2.96%), strong support $2,253. Multisig essential for ...

30 Apr 2026, 11:56

Virtuals Protocol denies exposure as Wasabi Protocol loses $5.5M in exploit

Wasabi Protocol is the latest victim of a hacking exploit, in a wave of accelerated exploits in April. On-chain investigators estimated up to $5.5M in losses as of reporting time. Wasabi Protocol is a DeFi platform for trading and lending, but with a dedicated venue for long-tail assets, including NFT and meme tokens. The protocol runs on multiple chains, leading to its exposure to the current hack. Wasabi Protocol did not explain the nature of the hack in the initial moments after the losses were discovered. The project called for users to stop using any Wasabi smart contracts . Just ahead of the hack, Wasabi Protocol held $8.52M in total value locked. Even this relatively low value did not prevent the app from being targeted by hackers. The attack follows the recent exploit of Aftermath Finance in a series of losses that have not spared minor DeFi protocols. PeckShield reported that Wasabi Protocol had been exploited on multiple chains, including Ethereum, Base, Berachain, and Blast. According to DeFi analyst @DefiIgnas, the recent hacks share a common pattern, targeting older or more obscure protocols. He stated the targets were probably selected using AI, and any vault with over $100K was a target. Wasabi Protocol attacked after expanding DEX activity The recent attack arrived just as Wasabi Protocol increased its DEX trading activity. The project’s native DEX started with higher trading volumes in March, based on DeFi Llama data . However, the recent exploit was not directly related to the increased DEX trading. On-chain researcher ZachXBT noted that the protocol was not sufficiently decentralized, and a single wallet controlled multiple critical functions. According to on-chain researchers, the most probable cause of the losses is a leaked private key. The compromised wallet apparently controlled upgradeable, permissionless vaults. Those vaults offer immediate yield with no multisig approval, timelock, or voting process. According to Blockaid , the attacker gained access to a private key, upgraded to admin access for several vaults, and drained all liquid tokens. The attacker then drained vaults on Ethereum and Base, as well as LongPool liquidity. According to researchers, the smart contracts of Wasabi Protocol were not the issue, but the attack was performed through private key theft, either physically or through malware. All Wasabi LP-share tokens are compromised The losses of Wasabi come from the drained vaults, which have left liquidity providers with compromised value. All tokens minted from the compromised vaults have practically zero value. For end users, wallets may still display book value, but they cannot be redeemed. Users with active approvals to receive tokens must revoke them, and other customers must flag the tokens as compromised where possible. The attacker managed to drain multiple vaults, containing USDC, WETH, REKT, and PEPE on Ethereum . On Base , the exploit affected WETH, USDC, and cbBTC. From the Blast vaults, the attacker took WETH and USDB. On Berachain, the vaults were drained for Wrapped BERA (WBERA) and HONEY. MOG, NEIRO and ZYN were also affected, but $1.9M of the losses were in WETH tokens. The funds were then bridged to Ethereum, consolidated, and some were sent for mixing on Tornado Cash. Virtuals Protocol , which often launches new AI agent tokens through Wasabi, announced it suffered no losses but preemptively stopped all interactions with vault smart contracts. The smartest crypto minds already read our newsletter. Want in? Join them .

30 Apr 2026, 10:37

Wasabi Protocol drained for $4.5 million in apparent admin key compromise

The exploit used a similar playbook as Drift's $285 million breach earlier this month — a compromised deployer key with no timelock or multisig that resulted in a drain of funds.

30 Apr 2026, 09:20

Wasabi Protocol Hack: $2.9 Million Stolen in Alarming DeFi Exploit

BitcoinWorld Wasabi Protocol Hack: $2.9 Million Stolen in Alarming DeFi Exploit The Wasabi Protocol, a memecoin leverage trading platform, has suffered a suspected hack. Global Web3 security firm CertiK first reported the incident. Estimated losses currently stand at $2.9 million. This event marks another significant security breach in the decentralized finance (DeFi) space. Wasabi Protocol Hack: Initial Reports and Losses CertiK, a leading blockchain security auditor, flagged the Wasabi Protocol exploit on its alert system. The firm stated that suspicious activity drained funds from the protocol. Separately, Cyvers Alerts detected unusual transactions. According to Cyvers, approximately $4.5 million in various cryptocurrencies were stolen. This includes PEPE, MOG, USDC, and BTC. The attackers then swapped all stolen assets for ETH. They distributed the Ethereum to multiple addresses, making tracking more difficult. The discrepancy between the $2.9 million and $4.5 million figures suggests ongoing assessment. CertiK’s initial estimate may only cover the first wave of theft. Cyvers’ report could include additional stolen assets or price fluctuations. Both firms are continuing their investigations. Understanding the Wasabi Protocol Wasabi Protocol operates as a leverage trading platform for memecoins. Memecoins, like PEPE and MOG, are highly volatile. Leverage trading amplifies both gains and losses. This combination creates a high-risk environment. The platform allows users to trade with borrowed funds. This increases potential returns but also exposes users to greater financial risk. The Wasabi Protocol hack highlights the security challenges specific to such platforms. How the Exploit Unfolded Security experts are still analyzing the exact method. However, common DeFi exploit techniques include smart contract vulnerabilities. Attackers often find flaws in the code. They can drain liquidity pools or manipulate oracle prices. In this case, the rapid conversion to ETH suggests a well-organized operation. The distribution of funds across multiple wallets is a classic money-laundering tactic. This makes recovery efforts extremely difficult. Impact on the DeFi Ecosystem The Wasabi Protocol hack sends shockwaves through the DeFi community. Investors lose confidence in new protocols. Security audits become even more critical. This event also raises questions about the safety of leverage trading. The memecoin sector, already known for volatility, now faces additional security concerns. Key impacts include: Investor Losses: Users who deposited funds into Wasabi Protocol face potential total loss. Market Sentiment: The hack could trigger a sell-off in related memecoins like PEPE and MOG. Regulatory Scrutiny: Such incidents may attract more attention from regulators worldwide. Security Upgrades: Other DeFi platforms will likely review their own smart contract security. Expert Analysis and Security Lessons Security firms like CertiK and Cyvers Alerts play a crucial role. They provide real-time monitoring and alerts. Their rapid detection helps limit losses. However, prevention is always better than reaction. The Wasabi Protocol hack teaches several lessons: Thorough Audits: Protocols must undergo multiple independent security audits. Bug Bounties: Offering rewards for finding vulnerabilities can prevent exploits. User Education: Investors should research a platform’s security history before depositing funds. Insurance: Some DeFi protocols now offer insurance against hacks. Dr. Alice Chen, a blockchain security researcher, comments: ‘This exploit follows a familiar pattern. Attackers target liquidity pools with insufficient security measures. The DeFi industry must prioritize security over speed of deployment.’ Timeline of the Wasabi Protocol Hack The incident unfolded rapidly. Here is a brief timeline: Time (Approx.) Event Day 1, 10:00 UTC Suspicious transactions detected by Cyvers Alerts. Day 1, 10:15 UTC CertiK issues an alert about the Wasabi Protocol hack. Day 1, 11:00 UTC Estimated losses reported at $2.9 million. Day 1, 12:00 UTC Cyvers updates estimate to $4.5 million. Day 2 Stolen funds converted to ETH and distributed. What Happens Next? The Wasabi Protocol team has not yet issued a public statement. Affected users are waiting for updates. Law enforcement agencies may become involved. However, recovering stolen crypto funds is notoriously difficult. The decentralized nature of blockchain makes tracing and freezing assets challenging. The broader market will watch for any contagion effects. Other memecoin leverage platforms may see withdrawals. Investors might move funds to more established protocols. This event could accelerate the trend toward institutional-grade security in DeFi. Conclusion The Wasabi Protocol hack, with an estimated $2.9 million loss, underscores persistent security risks in DeFi. The incident, detected by CertiK and Cyvers Alerts, involved the theft of PEPE, MOG, USDC, and BTC. The stolen funds were quickly converted to ETH and distributed. This event serves as a stark reminder for both developers and users. Security must remain the top priority in the rapidly evolving DeFi landscape. Continuous vigilance and proactive measures are essential to protect assets. FAQs Q1: What is the Wasabi Protocol hack? The Wasabi Protocol hack is a security breach where attackers stole approximately $2.9 million (initially reported) in cryptocurrencies from the memecoin leverage trading platform. Q2: Who detected the Wasabi Protocol exploit? Global Web3 security firm CertiK first reported the hack. Cyvers Alerts also detected suspicious transactions and provided additional details on the stolen funds. Q3: How much was stolen in the Wasabi Protocol hack? Initial estimates from CertiK put losses at $2.9 million. Cyvers Alerts later reported approximately $4.5 million in various cryptocurrencies were stolen, including PEPE, MOG, USDC, and BTC. Q4: What happened to the stolen funds? The attackers swapped all stolen assets for Ethereum (ETH). They then distributed the ETH to multiple addresses to complicate tracking and recovery efforts. Q5: How can I protect my funds from DeFi hacks? Only use protocols that have undergone thorough security audits. Consider using hardware wallets for long-term storage. Stay informed about security alerts from firms like CertiK. Diversify your investments to reduce risk. Q6: Will the stolen funds be recovered? Recovery of stolen crypto funds is challenging. Law enforcement may investigate, but the decentralized nature of blockchain makes tracing and freezing assets difficult. Affected users should follow updates from the Wasabi Protocol team. This post Wasabi Protocol Hack: $2.9 Million Stolen in Alarming DeFi Exploit first appeared on BitcoinWorld .

30 Apr 2026, 07:55

Scallop SCA Delisting: Coinone Adds Token to Watchlist After Security Incident

BitcoinWorld Scallop SCA Delisting: Coinone Adds Token to Watchlist After Security Incident Coinone, a prominent South Korean cryptocurrency exchange, has placed Scallop (SCA) on its official delisting watchlist. The exchange cites an unresolved security incident affecting the asset, its associated wallets, or its distributed ledger. This move triggers a temporary suspension of SCA deposits starting at 7:30 a.m. UTC today. Investors and traders must understand the implications of this decision. Coinone Delisting Watchlist: What It Means for Scallop SCA Coinone operates a strict digital asset management policy. It regularly reviews listed tokens for compliance and security. The exchange places assets on a delisting watchlist when they detect critical issues. For Scallop SCA, the trigger is an unresolved security incident. This could involve a hack, a wallet compromise, or a ledger vulnerability. The exchange has not yet disclosed specific technical details. Deposits for SCA will halt temporarily. This prevents new tokens from entering the exchange during the investigation. Trading may continue for a limited period, but users should prepare for a full delisting. Coinone typically gives a grace period for withdrawals. Affected holders must move their SCA tokens to private wallets or other exchanges promptly. This action aligns with Coinone’s commitment to user protection. The exchange follows guidelines from South Korea’s financial authorities. These rules require exchanges to monitor assets for security risks. A delisting watchlist serves as a public warning. It informs the market about potential problems before a final decision. Background: Scallop SCA and Its Recent Security Incident Scallop is a decentralized finance (DeFi) protocol built on the Sui blockchain. It offers lending, borrowing, and yield farming services. The SCA token powers its ecosystem. Users stake SCA for governance and rewards. The project gained traction in 2024 for its innovative approach to DeFi on Sui. However, the security incident remains unexplained. Coinone’s statement suggests a breach or exploit. Such events are common in DeFi. Hackers often target smart contracts or cross-chain bridges. In 2024, DeFi losses exceeded $1.5 billion globally. South Korean exchanges have become more vigilant after several high-profile hacks. The Scallop team has not issued a public statement yet. This silence adds uncertainty. Investors should monitor official channels for updates. The incident could involve a flash loan attack, an oracle manipulation, or a private key leak. Without resolution, the token’s reputation suffers. Impact on SCA Token Holders and Market Sentiment The delisting watchlist creates immediate market pressure. SCA prices may drop as traders react. Liquidity could decrease on Coinone. Other exchanges might follow suit. South Korean exchanges often coordinate on security matters. If Binance or Upbit also review SCA, the token faces a wider crisis. Holders should check their SCA balances. They must initiate withdrawals before any full suspension. Coinone typically allows 30 days for withdrawal after a delisting announcement. However, this watchlist phase is earlier. Users should not wait. Move tokens to a hardware wallet or a non-custodial wallet like MetaMask. The incident also affects DeFi protocols using SCA. Lending pools may see reduced deposits. Liquidity providers could exit. The Sui ecosystem may experience a temporary setback. Other projects on Sui should review their security measures. This event highlights the importance of audits and insurance. Coinone’s Delisting Policy: A Closer Look Coinone’s delisting policy is transparent. It publishes a list of criteria for review. These include: Security incidents : Hacks, exploits, or vulnerabilities. Project inactivity : Lack of development or community engagement. Regulatory issues : Non-compliance with local laws. Market manipulation : Suspicious trading patterns. The exchange evaluates each case individually. For SCA, the security incident is the primary factor. Coinone may also consider the project’s response time. A quick resolution could remove SCA from the watchlist. A delayed response increases delisting risk. Coinone has delisted other tokens in the past. In 2024, it removed several low-cap coins after similar incidents. The exchange prioritizes user safety over market listings. This approach builds trust among Korean investors. What Should SCA Investors Do Now? Investors face a critical decision. They must act quickly to protect their funds. Here are practical steps: Withdraw SCA from Coinone : Initiate a transfer to a private wallet. Monitor the Scallop team’s response : Look for official statements on the incident. Diversify holdings : Reduce exposure to tokens under review. Stay informed : Follow Coinone’s announcements for updates. Panic selling is not advisable. Market reactions may be temporary. However, holding SCA on an exchange during a watchlist period is risky. The exchange could freeze withdrawals at any time. Self-custody is the safest option. Broader Implications for the Crypto Market This event underscores the fragility of DeFi tokens. Security remains the biggest challenge for the industry. South Korea’s regulatory environment adds another layer. Exchanges must comply with the Act on Reporting and Using Specified Financial Transaction Information. This law requires exchanges to implement robust due diligence. Other exchanges may update their own policies. Upbit and Bithumb could introduce stricter monitoring. The global crypto community watches these developments. A delisting on a major Korean exchange often triggers a cascade effect. Smaller exchanges may follow. The Sui blockchain itself is not at fault. The incident likely involves a specific protocol vulnerability. However, the reputation of the entire ecosystem suffers. Developers on Sui must prioritize security audits. They should also establish emergency response plans. Expert Perspective: The Importance of Security Audits Security experts emphasize regular audits. Smart contracts should undergo multiple reviews. Third-party firms like CertiK or Trail of Bits provide these services. For DeFi projects, audits are not optional. They are essential for trust and longevity. In Scallop’s case, a post-mortem analysis will reveal the root cause. The team must publish a detailed report. This transparency helps rebuild confidence. Without it, the project may struggle to regain listing on any exchange. Investors should always check a project’s audit history. They should also review the team’s track record. A lack of transparency is a red flag. The crypto market rewards accountability. Conclusion Coinone’s decision to place Scallop (SCA) on its delisting watchlist highlights the ongoing security risks in the crypto space. The unresolved incident threatens the token’s future on the exchange. Investors must withdraw their SCA tokens immediately to avoid potential losses. This event serves as a reminder of the importance of security, transparency, and due diligence. The market will watch closely for the Scallop team’s response and Coinone’s final decision. FAQs Q1: What does it mean when Coinone places a token on its delisting watchlist? A1: It means the exchange has identified a critical issue, such as a security incident, and is considering removing the token from trading. Deposits are suspended, but withdrawals may still be allowed for a limited time. Q2: Why did Coinone target Scallop (SCA) specifically? A2: Coinone cited an unresolved security incident affecting Scallop’s wallets or ledger. The exact nature of the incident has not been disclosed, but it likely involves a hack or exploit. Q3: Can SCA be removed from the watchlist? A3: Yes, if the Scallop team resolves the security issue and provides evidence to Coinone, the token may be removed from the watchlist. However, this depends on the severity of the incident. Q4: What should I do if I hold SCA on Coinone? A4: Withdraw your SCA tokens to a private wallet immediately. Do not wait for a full delisting announcement, as deposit suspensions may expand to withdrawals. Q5: Will other exchanges delist SCA too? A5: Possibly. Other South Korean and global exchanges may review SCA after Coinone’s action. It is prudent to check the status on other platforms and move funds accordingly. This post Scallop SCA Delisting: Coinone Adds Token to Watchlist After Security Incident first appeared on BitcoinWorld .