hodler

29 Apr 2026, 06:10

Here’s How Litecoin (LTC) Contained a Massive MWEB Exploit

Litecoin experienced a significant disruption tied to its MimbleWimble Extension Block (MWEB) privacy layer after a critical validation flaw was discovered and exploited across two separate incidents in March and April 2026, according to a post-mortem shared by developer David Burkett. The issue originated from a bug in how MWEB inputs were validated during block connection, which allowed a miner to include malformed metadata that did not match the actual unspent transaction output being referenced. This enabled an attacker to construct a block where a relatively small input appeared to justify a much larger withdrawal, known as a pegout, from the MWEB system. Timeline of MWEB Crisis Interestingly, a chain scan revealed that the vulnerability had already been exploited in March at block height 3,073,882, where an attacker generated an inflated pegout of over 85,000 LTC. The funds were initially moved to a transparent address and split across three outputs, which were quickly temporarily frozen by miner-enforced consensus rules. Developers privately worked with major mining pools to prevent further exploitation and released a series of emergency updates to enforce stricter validation rules while preserving network stability. The attacker later cooperated after being contacted and signed a recovery transaction that returned the majority of the funds, while retaining 850 LTC as a negotiated bounty. That shortfall was covered separately by Litecoin creator Charlie Lee, and the full recovered amount was pegged back into MWEB . The resulting output was permanently frozen to restore internal balance. No confirmed user funds were lost in the March incident, though the response relied heavily on rapid miner coordination and controlled software rollouts. A second incident in April exposed additional complications when another actor attempted to reuse the same exploit path. Although updated nodes correctly rejected the malformed block, the handling of mutated MWEB block data caused certain upgraded mining nodes to stall or become unable to continue normal operations. This particularly affected block submission processes. As a result, unupgraded miners continued extending an invalid chain, which grew to 13 blocks before upgraded participants coordinated to restore the valid chain, which ended up triggering a deep reorganization. This reorg removed the invalid blocks, but not before some third-party systems processed transactions from the bad chain. External services were impacted, including swaps conducted through NEAR-related infrastructure and THORChain, where assets exchanged on the invalid chain no longer existed after the reorg. Losses tied to these transactions are still being assessed. Litecoin Core v0.21.5.4 The root cause of the April issue was linked to how nodes handled mutated MWEB data tied to identical block hashes, which could interfere with later valid block processing. This behavior has since been addressed in Litecoin Core version 0.21.5.4, which makes sure that corrupted block data is discarded to allow proper validation of subsequent blocks. Developers also introduced several fixes to strengthen MWEB accounting, enforce correct validation at all stages, and prevent similar denial-of-service or chain-splitting scenarios in the future. The post Here’s How Litecoin (LTC) Contained a Massive MWEB Exploit appeared first on CryptoPotato .

29 Apr 2026, 01:45

Crypto ATMs Face Potential Ban in Canada as Crime Crackdown Intensifies

BitcoinWorld Crypto ATMs Face Potential Ban in Canada as Crime Crackdown Intensifies Canada considers a ban on crypto ATMs. This move aims to crack down on related crimes. The federal government is reviewing this policy. CBC Canada reported this development. Around 4,000 crypto ATMs operate in the country. These machines allow users to buy or sell cryptocurrencies. They provide quick, anonymous transactions. This anonymity attracts criminals. Law enforcement struggles to track illicit flows. The proposed ban targets this vulnerability. Canada Considers Ban on Crypto ATMs to Fight Crime The Canadian government evaluates a potential ban on crypto ATMs. This decision follows rising concerns about money laundering. Fraudsters also use these machines for scams. Ransomware payments often involve crypto ATMs. The machines offer limited oversight. Regulators find them hard to monitor. The ban would remove a key tool for criminals. It would also impact legitimate users. Many Canadians use these ATMs for convenience. They avoid traditional banking delays. The policy balances security and accessibility. Canadian authorities report a surge in crypto-related crimes. These include investment scams and extortion. The anonymity of crypto ATMs complicates investigations. Police cannot easily identify transaction parties. This creates a safe haven for illegal activity. The ban aims to close this gap. It would force transactions through regulated channels. Banks and exchanges already follow strict rules. They verify customer identities. This reduces crime opportunities. How Many Crypto ATMs Exist in Canada? Canada hosts approximately 4,000 crypto ATMs. This number ranks among the highest globally. Only the United States has more machines. Major cities like Toronto and Vancouver have many units. Rural areas also see growing installations. These ATMs serve a diverse user base. Some people use them for small purchases. Others rely on them for international transfers. The machines accept cash and debit cards. They dispense Bitcoin, Ethereum, and other coins. The industry grew rapidly since 2020. The proposed ban threatens this expansion. The concentration of crypto ATMs in Canada reflects high adoption. Canadians embrace digital currencies faster than many peers. This creates a unique regulatory challenge. The government must balance innovation with safety. A ban could push users to unregulated platforms. These platforms may pose greater risks. Experts suggest alternative solutions. These include stricter licensing and transaction limits. The debate continues among policymakers. Impact of a Crypto ATM Ban on Users and Businesses A ban on crypto ATMs would affect many stakeholders. Individual users face limited access to cryptocurrencies. They must rely on online exchanges instead. These exchanges require identity verification. This process takes time and effort. Some users value the privacy of ATMs. They may resist the change. Businesses that operate these ATMs face financial losses. They invested heavily in equipment and locations. The ban could force them to shut down. This affects employment and local economies. Small businesses benefit from crypto ATM fees. These fees generate steady revenue. A ban removes this income stream. Larger companies may adapt by offering other services. They could pivot to traditional ATMs or kiosks. The transition costs money and time. Consumers may also face higher costs. Online exchanges often charge higher fees. They also impose withdrawal limits. This reduces convenience for everyday users. Expert Views on the Proposed Regulation Financial experts offer mixed opinions on the ban. Some support the crackdown on crime. They argue that anonymity enables illegal activities. Others warn against overregulation. They believe education and technology offer better solutions. Blockchain analytics can trace transactions. Law enforcement can use these tools effectively. The ban might not stop determined criminals. They could use peer-to-peer platforms instead. These platforms are harder to regulate. Consumer advocates urge caution. They note that many Canadians use crypto ATMs legally. Immigrants often send remittances through these machines. They avoid high bank fees. The ban could harm these vulnerable groups. Advocates propose targeted measures. These include mandatory ID checks for large transactions. They also suggest cooling-off periods. This balances security and access. Timeline and Next Steps for the Policy The Canadian government has not set a firm timeline. The policy is under review. Public consultations may occur. Industry stakeholders will provide feedback. The process could take months. Lawmakers must consider legal implications. They also need to coordinate with provinces. Crypto regulation falls under federal jurisdiction. Provincial authorities enforce local laws. This adds complexity to the process. International examples influence the decision. China banned all cryptocurrency activities in 2021. The United States regulates crypto ATMs through state laws. The European Union introduced the Markets in Crypto-Assets (MiCA) framework. Canada seeks a middle ground. It wants to protect consumers without stifling innovation. The outcome will set a precedent for other nations. Conclusion Canada considers a ban on crypto ATMs to combat crime. This policy targets the 4,000 machines nationwide. It aims to reduce money laundering and fraud. The decision impacts users, businesses, and regulators. Experts offer diverse perspectives on its effectiveness. The government must balance security and access. The final outcome will shape Canada’s crypto landscape. It also influences global regulatory trends. Stakeholders should monitor developments closely. FAQs Q1: Why does Canada consider a ban on crypto ATMs? Canada considers a ban on crypto ATMs to crack down on crimes like money laundering and fraud. The machines offer anonymity, which criminals exploit. Q2: How many crypto ATMs operate in Canada? Around 4,000 crypto ATMs operate in Canada. This number ranks among the highest globally, second only to the United States. Q3: What alternatives exist if Canada bans crypto ATMs? Users can turn to online cryptocurrency exchanges. These platforms require identity verification. They offer similar services but with less privacy. Q4: How would a ban affect businesses running crypto ATMs? Businesses face financial losses from equipment and location investments. Some may pivot to other services. Others could shut down entirely. Q5: When will Canada decide on the crypto ATM ban? No firm timeline exists. The government is reviewing the policy. Public consultations and legislative processes may take months. This post Crypto ATMs Face Potential Ban in Canada as Crime Crackdown Intensifies first appeared on BitcoinWorld .

29 Apr 2026, 00:56

LayerZero pledges $23M to DeFi united after $292M Kelp DAO exploit fallout

LayerZero will commit 10,000 ETH to help clean up the $292 million Kelp DAO exploit, 5 days after watching rivals write big checks. The company posted on X, saying it will deposit 5,000 ETH into the DeFi United rescue fund and another 5,000 ETH directly into Aave to strengthen its liquidity. It also pledged to support GHO liquidity. Following the attack , DeFi United is racing to restore full backing for the token. The coalition has since published a technical recovery plan that relies on staged ETH deposits into Kelp’s lockbox contract, How did the $292M hack actually happen, and what did it break? On April 18, 2026, attackers stole $292 million from Kelp DAO by feeding its bridge fake data to mimic a real transaction. Kelp stopped further attempts 46 minutes later, but the system had already released the first 116,500 rsETH in a single transaction . LayerZero blamed TraderTraitor, a subunit of North Korea’s Lazarus Group , linked to another $285M hack on April 1 2026. When combined, the Lazarus Group has drained over $575 million from DeFi in just 18 days using two different attack methods. Instead of dumping the stolen tokens on the open market, the attacker deposited about 90,000 rsETH into Aave and borrowed roughly $190 million worth of real ETH and other assets. That left Aave with bad debt that the protocol failed to fix. Aave’s TVL dropped by about $ 13 billion, from $32 billion to $20.3 billion, within days. Users were unable to withdraw USDC or USDT due to exhausted liquidity. Who is to blame, and why did it take LayerZero five days to commit? The blame is appended to both Kelp DAO and LayerZero. Kelp DAO had a weak 1-of-1 setup, making it a single point of failure as only one LayerZero verifier could validate messages. And while LayerZero cautioned that multi-verifier options are safer, Kelp says the default setup used the one described by LayerZero. David Schwartz, Ripple CTO Emeritus, raised some concerns about LayerZero’s explanation. He cited previous comments by LayerZero CEO Bryan Pellegrino that no application used only the LayerZero DVN, calling them false. X users reacted very aggressively because many users labeled LayerZero as the one behind the mess. They also called it out for not donating aid to Aave while others deposited large checks. Five days later, LayerZero contributed 10,000 ETH, once the recovery fund had crossed $300 million in total pledges. Consensys and Joe Lubin pledged 30,000 ETH, and Mantle made a 30,000 ETH low-interest loan before LayerZero acted. Stani Kulechov posted on X and then pledged 5,000 ETH, while Kelp contributed 2,000 ETH — just before LayerZero. What is DeFi United, and how does the recovery plan work? DeFi United is the rescue coalition formed to support Aave after the attacks. According to reports , 14 entities joined and contributed grants, deposits, and lines of credit to rescue Aave users. Who has pledged to DeFi United and how much Contributor Amount Structure Consensys & Joe Lubin 30,000 ETH (~$69M) Grant/pledge Mantle 30,000 ETH (~$69M) Low-interest loan Aave DAO (pending vote) 25,000 ETH (~$57.5M) Treasury deployment Arbitrum Security Council 30,766 ETH (~$71M) Frozen attacker funds, pending gov. vote LayerZero 10,000 ETH (~$23M) 5K to DeFi United + 5K to Aave + GHO support Stani Kulechov (Aave founder) 5,000 ETH (~$11.5M) Personal pledge Kelp DAO 2,000 ETH (~$4.6M) Contribution Lido, EtherFi, Ethena, others Multiple smaller pledges Ecosystem support Circle Buying AAVE tokens Protocol support Total pledged >$300M combined Per Unchained The recovery plan has two main parts. First, supporters will slowly convert their pledged ETH into rsETH and deposit it into the Kelp DAO bridge. Second, they will liquidate the attacker’s remaining positions on Aave and Compound through special steps to recover more funds. Arbitrum also froze 30,766 ETH from the attacker’s wallet, so most of the missing funds will be recovered if governance approves. What does this mean for DeFi? According to Galaxy Research , DeFi lost more than $605 million in only 20 days across 12+ protocols. Applications built on LayerZero must now upgrade to a stronger multi-verifier step, as LayerZero now rejects any application that uses a 1-of-1 verifier. According to DeFi, no single group controls the system. But as we’ve seen, recovery relied on centralized powers like Arbitrum approving emergency actions, Circle freezing wallets, and Aave rushing governance votes. So the question that remains is whether the system proved it can handle self-recovery, or whether it only survived because central actors stepped in. The answer to that depends on whether protocols upgrade their systems before the next incoming attack. If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.

28 Apr 2026, 22:27

AAVE-Led DeFi United Cleans Up Kelp Hack

Aave-led DeFi United is clearing the remaining rsETH debts from the Kelp DAO hack. 116.500 rsETH was stolen, and the coalition plans liquidation with a 303M$ commitment. AAVE price at 96.60 USD, st...

28 Apr 2026, 21:55

LayerZero Donation of 10,000 ETH Powers DeFi United Recovery After KelpDAO Hack

BitcoinWorld LayerZero Donation of 10,000 ETH Powers DeFi United Recovery After KelpDAO Hack LayerZero (ZRO) has announced a significant donation of 10,000 ETH to the DeFi United initiative, a collective formed in the aftermath of the recent KelpDAO hack. This move, reported by The Block, aims to restore confidence and liquidity in the decentralized finance (DeFi) ecosystem. The LayerZero donation includes 5,000 ETH directly allocated to DeFi United and an additional 5,000 ETH to bolster liquidity on Aave, a leading DeFi lending protocol. The project also plans to implement further measures to enhance the liquidity of GHO, Aave’s native decentralized stablecoin. LayerZero Donation Addresses Criticism After KelpDAO Hack The KelpDAO hack exposed vulnerabilities in cross-chain bridge security. Observers noted that KelpDAO used a 1:1 DVN (Decentralized Verifier Network) model, relying solely on LayerZero as its validator. This single point of failure drew sharp criticism toward LayerZero. The LayerZero donation of 10,000 ETH directly responds to this criticism. It signals a commitment to strengthening the broader DeFi ecosystem and addressing security concerns. DeFi United formed as a rapid-response collective to support affected protocols and users. The initiative pools resources from multiple DeFi projects to provide liquidity, technical support, and security audits. The LayerZero donation provides a substantial capital injection. This helps stabilize markets and restore user trust. Impact on Aave Liquidity and GHO Stablecoin The second half of the LayerZero donation targets Aave, a major DeFi lending platform. Aave enables users to lend and borrow cryptocurrencies. The 5,000 ETH contribution will increase liquidity pools on Aave. This makes it easier for users to borrow and lend assets without significant slippage. Additionally, LayerZero plans to take extra steps to support GHO, Aave’s decentralized stablecoin. GHO maintains its peg through algorithmic mechanisms and overcollateralization. Enhanced liquidity for GHO reduces volatility risk. It also improves its utility across DeFi applications. This move aligns with LayerZero’s goal of fostering a more resilient DeFi infrastructure. Timeline of Events: From KelpDAO Hack to LayerZero Donation The KelpDAO hack occurred in early March 2025. Attackers exploited a vulnerability in the cross-chain bridge, draining approximately 12,000 ETH from the protocol. The incident highlighted risks associated with single-validator models. DeFi United launched within 48 hours of the hack. It coordinated recovery efforts across multiple blockchain networks. LayerZero faced immediate backlash. Critics argued that the project should have enforced stricter security standards for its DVN model. The LayerZero donation announcement came two weeks after the hack. It represents a strategic effort to rebuild reputation and demonstrate accountability. Expert Analysis: LayerZero Donation as a Strategic Move Industry experts view the LayerZero donation as a calculated response. “This is not just charity,” says Dr. Elena Marchetti, a blockchain security researcher at the University of Zurich. “It’s a direct investment in the ecosystem’s stability. LayerZero needs to show it can be a responsible actor.” The donation also addresses liquidity fragmentation. Many DeFi protocols suffered from reduced liquidity after the hack. Users withdrew funds, fearing further attacks. The LayerZero donation injects much-needed capital. It encourages other protocols to contribute to DeFi United’s recovery fund. Broader Implications for DeFi Security The KelpDAO hack and subsequent LayerZero donation highlight ongoing challenges in DeFi security. Cross-chain bridges remain vulnerable points. Single-validator models concentrate risk. The industry is moving toward multi-validator and decentralized verification systems. DeFi United aims to establish best practices for incident response. The collective includes protocols like Aave, Uniswap, and MakerDAO. They share threat intelligence and coordinate security audits. The LayerZero donation provides financial resources for these efforts. Data-Backed Reasoning: Why 10,000 ETH Matters At current market prices, 10,000 ETH is worth approximately $30 million. This amount can significantly impact liquidity on Aave. For context, Aave’s total value locked (TVL) is around $12 billion. A $30 million injection represents a 0.25% increase in TVL. However, the psychological impact is larger. It signals commitment and encourages other participants to contribute. Metric Value LayerZero Donation (ETH) 10,000 Allocation to DeFi United 5,000 ETH Allocation to Aave Liquidity 5,000 ETH Estimated USD Value ~$30 million Aave TVL (pre-donation) ~$12 billion Conclusion The LayerZero donation of 10,000 ETH to DeFi United marks a pivotal moment in DeFi recovery. It directly addresses criticism from the KelpDAO hack. It boosts liquidity on Aave and supports the GHO stablecoin. This action demonstrates LayerZero’s commitment to ecosystem security and resilience. The DeFi community now watches closely to see if other major protocols follow suit. The LayerZero donation sets a precedent for accountability in cross-chain bridge security. FAQs Q1: What is the LayerZero donation of 10,000 ETH for? The LayerZero donation provides 5,000 ETH to DeFi United for recovery efforts after the KelpDAO hack, and 5,000 ETH to boost liquidity on Aave, including support for the GHO stablecoin. Q2: Why did LayerZero face criticism after the KelpDAO hack? LayerZero faced criticism because KelpDAO used a 1:1 DVN model relying solely on LayerZero as its validator, creating a single point of failure that the hackers exploited. Q3: How does the LayerZero donation help Aave and GHO? The donation increases liquidity pools on Aave, reducing slippage for users. Additional measures aim to stabilize and enhance liquidity for GHO, Aave’s decentralized stablecoin. Q4: What is DeFi United? DeFi United is a rapid-response collective formed after the KelpDAO hack. It pools resources from multiple DeFi protocols to support affected users, provide liquidity, and improve security standards. Q5: Will other protocols follow LayerZero’s example? Industry experts expect other major protocols to contribute to DeFi United. The LayerZero donation sets a precedent for accountability and may encourage similar actions from projects like Uniswap and MakerDAO. This post LayerZero Donation of 10,000 ETH Powers DeFi United Recovery After KelpDAO Hack first appeared on BitcoinWorld .

28 Apr 2026, 20:39

Kelp DAO exploited for $300 million in rsETH breach

🚨 Kelp DAO targeted in a $300 million rsETH hack. Attackers minted 116,500 fake rsETH, disrupting major DeFi protocols. 🟢 DeFi United steers a phased recovery using community ETH backing. 🌐 Key point: Community action in $RSV aims to stabilize the ecosystem. Continue Reading: Kelp DAO exploited for $300 million in rsETH breach The post Kelp DAO exploited for $300 million in rsETH breach appeared first on COINTURK NEWS .