hodler

24 Apr 2026, 14:41

US escalates war on Crypto Scams with $700M seizure

The US government took a major action to choke off one of the biggest pipelines of crypto-linked fraud money. The DOJ is freezing more than $701 million in digital assets tied to investment scams targeting Americans. The action was led by the US Department of Justice (DOJ) under its Scam Center Strike Force. This marks one of the largest coordinated seizures targeting crypto fraud networks operating overseas. The global crypto market has been witnessing a wave of minor recovery rallies. The cumulative market cap hovers around $2.6 trillion. DOJ targets global scam pipeline According to the release, Authorities said that the funds were “restrained” through a mix of legal processes and voluntary cooperation from crypto exchanges. This was part of a major campaign launched to dismantle scam centers that have bilked victims of billions. The operation went ahead with just freezing funds only. Officials confirmed criminal charges against two Chinese nationals. They are accused of running a crypto fraud compound in Myanmar and attempting to expand operations into Cambodia. However, the crackdown also included the seizure of a Telegram channel that was used to recruit trafficked workers into scam centers, It added that the victims were allegedly forced to impersonate banks and law enforcement agencies to defraud Americans. As reported, the authorities had shut down 503 fake investment websites tied to the scheme. US Attorney Jeanine Ferris Pirro has described the effort as part of a government-wide push to combat cyber-enabled fraud. She stated that they have charged the Chinese bosses who ran a scam compound in Burma. She highlighted that the Office continues to work to identify funds stolen from victims. This Administration is lock-step in combatting these scams, and we are not done, Pirro added. The $700 million figure represents funds linked to crypto scams and money laundering. Authorities are now seeking to forfeit the property and potentially return it to the victims. The effort is coordinated with multiple agencies. This includes the Federal Bureau of Investigation (FBI) and the US Secret Service. However, financial regulators and international partners are also a part of it. Assistant Attorney General A. Tysen Duva said the goal is to ensure that overseas fraud networks can no longer operate beyond the reach of US enforcement. “Fraudsters who target Americans from overseas may believe they cannot be reached,” Duva said. “We are working to ensure they cannot operate with impunity.” Sanctions imposed in crypto scam fight The Treasury Department had announced sanctions against Cambodian operators linked to scam centers. On the other hand, the State Department announced rewards for information leading to the recovery of funds linked to the so-called Tai Chang scam network in Myanmar. Treasury Secretary Scott Bessent stated that the admin would continue targeting fraud networks “no matter where they operate or how well-connected they are.” The scale of the seizure highlights both the reach of these criminal networks and the increasing role of crypto in global fraud schemes. Meanwhile, it also highlights how blockchain transparency is enabling authorities to trace and freeze illicit funds at scale. The seized assets could also be added to major government reserves. Back in 2025, President Donald Trump signed an executive order that established a Strategic Bitcoin Reserve and Digital Asset Stockpile. That was partly funded through confiscated crypto. For now, officials say the operation is ongoing, and the $700 million figure may not be the final tally. The year 2026 began with a massive crypto scam and fraud. January 12 saw TrueBit Exploit, where an integer overflow vulnerability allowed attackers to extract $26.2 million. Then, Feb 4 witnessed Step Finance Breach. An executive email compromise led to the theft of $27.3 million. April saw the KelpDAO Bridge Exploit. Attackers linked to the Lazarus Group stole approx $292 million. They compromised off-chain infrastructure to forge token “burn” approvals. However, the Drift Protocol Hack happened. The massive exploit resulted in a $285 million loss after an attacker used a compromised admin key to manipulate oracles. Your keys, your card. Spend without giving up custody and earn 8%+ yield on your balance with Ether.fi Cash.

24 Apr 2026, 12:22

What the KelpDAO Exploit Reveals About DeFi’s Hidden Risks

Attackers drained roughly $292 million from KelpDAO’s bridge this month, then used the released tokens as collateral on lending protocols that were never originally hacked. The result is a textbook example of how one failure can spread through DeFi — and why that matters as more tokenised assets move into wider markets. On April 18, 2026 attackers exploited KelpDAO’s cross-chain bridge and drained roughly $292 million in rsETH, a liquid restaking token. The attack is being described as the largest DeFi exploit of the year to date — just the latest in a series of incidents to have earned April its place as the worst month of the year so far for the sector, with losses estimated at over $600 million. The theft itself, however, was only the start. Within hours, the stolen tokens were being used as collateral across some of DeFi’s biggest lending protocols — protocols that had nothing to do with the original attack and are now left holding collateral that no longer represents what the market once assumed. This is what makes the Kelp episode much more than just another bridge exploit. It is, in fact, a textbook example of how quickly damage can move through DeFi once an asset that still looks valid on-chain enters the wider system. It also shows just how difficult it can be to judge the real soundness of a token when the proof of that soundness sits on another protocol. For institutions increasingly exploring DeFi, tokenisation and on-chain settlement, the structural warning is clear: the weakest point may not sit in the market you can see, but in the infrastructure hidden beneath the surface. KelpDAO’s Single Point of Failure KelpDAO , a restaking protocol, issues rsETH, a liquid restaking token representing ETH staked through EigenLayer . To move rsETH between chains, it used LayerZero’s messaging infrastructure. The exploited route relied on a 1-of-1 Decentralised Verifier Network (DVN) setup, meaning a single verifier was responsible for approving cross-chain messages before tokens were released on Ethereum. Rather than attacking Kelp’s core restaking contracts, the attackers targeted the infrastructure feeding data into that verifier. They compromised two RPC nodes used by the DVN and replaced their software with versions that reported false transaction data. They then launched a distributed denial-of-service (DDoS) attack against the remaining clean nodes, forcing the verifier into failover so that it was reading only the poisoned sources. That, in effect, caused the verifier to accept a forged message claiming rsETH had been burned on the source chain and could be released on Ethereum. Kelp’s bridge contract then released 116,500 rsETH — roughly 18% of circulating supply — to an attacker-controlled address, despite there being no corresponding backing. Within hours, they were being moved into other parts of DeFi. Kelp and LayerZero are still publicly disputing responsibility . LayerZero says it warned KelpDAO to adopt a multi-verifier setup. KelpDAO says the 1-of-1 verifier configuration matched LayerZero’s own default documentation and quickstart guide. LayerZero has since said it will no longer sign messages for any application using a single-verifier configuration. That debate matters for governance and for the narrower question of who should bear the losses. It doesn’t, however, change the fact that the unbacked rsETH still looked valid on-chain and was able to be moved, deposited and accepted by other protocols. rsETH’s credibility depended on infrastructure that ordinary market checks failed to capture. The token had liquidity, a price and integration across major protocols. What it did not have was enough redundancy in the layer that determined whether the ETH it represented was actually there. That is where the exploit stopped being a Kelp problem and became a headache for the wider market. Where the Damage Landed Once the tokens had been released, the attacker did not simply dump them into the market. They used them as collateral. Aave , DeFi’s largest lending protocol, appears to have been the most exposed. The attacker proceeded to use the unbacked rsETH there to borrow roughly $190 million in wrapped ether (WETH) , triggering a sharp withdrawal of liquidity once the scale of the problem became clear. The key distinction is that Aave itself was never hacked. Its contracts actually worked exactly as designed. Even so, it was left holding collateral that no longer represented what it appeared. An incident report from Aave Labs and LlamaRisk estimates bad debt on Aave will run to between $123.7 million and $230.1 million, depending on how the shortfall is ultimately allocated. If losses are spread across all rsETH holders, the damage will be smaller but shared more widely. If they are instead isolated to Layer 2 networks, the losses there will be concentrated and severe. However the fallout is managed, one of the key lessons is that once bad collateral enters the wider market, the final outcome is no longer just about code. How Kelp Became Everyone Else’s Problem DeFi’s composability is usually presented as one of its main strengths — the idea that one protocol’s output becomes another’s input, allowing assets to move across venues and capital to be reused more efficiently. Kelp shows the flip side of that design. rsETH was not an obscure token sitting at the edges of the market. It was integrated across multiple protocols, accepted by risk frameworks, priced by oracles and used by depositors in various leveraged strategies. Once the bridge released unbacked rsETH, every venue that treated it as a valid representation of staked ETH inherited exposure to something that no longer existed. In many ways, composability worked exactly as designed, just in the wrong direction. Sound inputs make the system more efficient but when an input breaks the damage inevitably flows across the same connections. Lending is in the spotlight this time because the exploit targeted lending protocols, and lending is where broken assumptions about a token create the fastest and most measurable losses. The underlying failure is bigger than lending, though. It began earlier, at the point where the token stopped representing what the market thought it did. Why It Matters Beyond DeFi The immediate losses of the KelpDAO exploit sit with DeFi-native participants. The failure mode Kelp exposed, however, is not exclusive to DeFi lending. Any tokenised asset carries an implicit claim: that the token represents the asset behind it. That claim only holds if the infrastructure linking the token to its backing remains sound. In rsETH’s case, that link broke, even though the token still appeared valid on-chain. The appeal of tokenised markets lies precisely in things like programmable collateral, faster settlement and round-the-clock liquidity. But they also require more value to move across shared rails and through infrastructure layers that many markets still treat as secondary. This will matter increasingly beyond DeFi-native markets, and there are already suggestions that the fallout may slow institutional tokenisation efforts as security risks are reassessed. That is not surprising — after all, tokenised bonds, deposits and other real-world assets are moving into environments where participants, especially institutions, need to trust that the token actually stands for what it says it does. The process of damage control is already spreading beyond Aave. Arbitrum, another of the Layer 2 networks affected by the fallout, moved this week to freeze roughly 30,766 ETH linked to the attack through action by its Security Council. That may help reduce final losses, but it’s also a reminder that once failures like this spread, the outcome is no longer shaped by code alone, but also by governance and emergency intervention — decisions that remain highly contentious in systems that claim to be decentralised. While the KelpDAO exploit does not show that tokenised assets are inherently unsound, it does show that the credibility of any token ultimately rests on infrastructure that often sits below the level most markets actively assess. Once that infrastructure fails, the damage does not stay local. It spreads through composable markets, lands in venues that were never directly attacked and is then shaped by sometimes questionable governance decisions. As more value moves on-chain, the hidden layers beneath the assets themselves are going to become much harder to ignore. The post What the KelpDAO Exploit Reveals About DeFi’s Hidden Risks appeared first on Bitfinex blog .

24 Apr 2026, 11:24

Aave Leads ‘DeFi United’ Push to Contain $292M KelpDAO Fallout

Aave's founder has pledged 5,000 ETH of his own money as a growing DeFi coalition races to contain the fallout from the KelpDAO exploit.

24 Apr 2026, 10:00

Mantle Proposes 30,000 ETH Loan to Aave After Kelp DAO Hack

The proposal would structure the funds as an interest-bearing loan with a term of up to 36 months and collateral requirements for Aave. The bad debt was created after attackers minted 116,500 rsETH through a compromised Kelp DAO bridge and used around $221 million of the stolen assets as collateral on Aave V3 to borrow WETH and wstETH. Mantle Offers 30,000 ETH to Help Aave Mantle Network, an Ethereum Layer 2 project backed by Bybit, proposed a major financial support package to help Aave DAO recover from the fallout of the recent $292 million Kelp DAO exploit. The proposal is known as MIP-34, and was submitted by Mantle’s Core Contributor Team. It will allow the Mantle Treasury to lend up to 30,000 ETH to Aave DAO. The funds would be used specifically to cover bad debt that was created on Aave V3 after the exploit involving rsETH, a liquid restaking token connected to Kelp DAO. Part of Mantle’s MIP-24 proposal According to the proposal, Mantle will not simply hand over the funds, but instead structure the arrangement as a yield-generating credit facility. Mantle Treasury would earn interest on the loan, turning otherwise idle assets into productive capital. The suggested interest rate would be based on Lido’s staking APR plus an additional 1% premium, though final terms would still need to be negotiated. The proposed maturity period is up to 36 months, and Aave would be able to repay the loan early without penalty. Mantle also shared details about several safeguards to reduce risk. The loan would be secured through a multisignature wallet designated by Mantle, where it would hold first-priority rights over the collateral. In addition, Aave would be required to commit 5% of its protocol revenue and AAVE tokens worth at least $11 million as collateral. If Aave defaults, Mantle would have the right to demand immediate repayment. Bybit CEO Ben Zhou publicly backed the proposal by saying the crypto industry should support one another during times of crisis. He referenced Bybit’s own past security incident, and pointed out that the community offered assistance then. The crisis began on April 18 when attackers exploited Kelp DAO’s LayerZero-powered cross-chain bridge. Around 116,500 rsETH tokens were fraudulently minted, worth roughly $292 million. This made it the largest decentralized finance exploit of the year so far. LayerZero said the attackers, likely linked to North Korea’s Lazarus Group, compromised two RPC nodes and used a DDoS attack to trick the bridge’s verification system into approving a fake message. The damage quickly spread to Aave when the attacker used approximately $221 million in stolen rsETH as collateral on Aave V3, borrowing 82,650 WETH and 821 wstETH. This left Aave facing a massive bad debt problem.

24 Apr 2026, 09:39

Mantle Proposes 30,000 ETH Loan To Aave DAO As Industry Mobilizes Coordinated Response To RsETH Exploit Fallout

Mantle has responded to the harmful aftermath of the April 18,2026 rsETH bridge exploit by submitting a proposal that will seek to provide Aave DAO with important liquidity support. Per the MIP-34 draft proposal, MantleCore will provide a loan of up to 30,000 ETH from Mantle Treasury to Aave. Following this week's rsETH incident involving @KelpDAO and @LayerZero_Core , a proposal has been put forward for Mantle to contribute a loan facility to @aave 's coordinated relief effort. The loan would form part of a wider coordinated framework, structured to minimize… — Mantle (@Mantle_Official) April 24, 2026 This level is meant to account for the impaired debt created following the exploit on Aave V3 that temporarily disrupted liquidity and alarmed much of DeFi. While the proposal is yet ‘most in principle’ to achieve consensus obstruction and heads towards a formal vote, it suggests a consolidated strategy approach aimed at reining systemic risk and returning confidence into the markets. Mantle Flexible and Stable Structure of Loans The loan structure features terms carefully calibrated to curb risk exposure, flexibility and debt sustainability. Mantle suggests a 36-month loan term, which gives Aave plenty of time to get its financial house in order before it has to pay anything back. Interest offered at LIDO + 1% APR, with exact numbers to be determined by the execution team based on current market conditions. This flexible mechanism keeps the agreement adaptable while allowing Mantle to get paid fair market rates for providing liquidity here. Importantly, the proposal does not impose penalties for early repayment, if Aave’s situation improves enough further through a protocol and product recovery or other means, it should be able to repay its loan before maturity. Such a provision is evidence of practical crisis management preserving flexibility for both parties as time rolls on. This should limit the financial impact to protocol while helping Aave get back on track. The proposal includes a mixture of financial, and governance-based collateral from Aave to back the loan. This consists of a 5% allocation of protocol fee and AAVE tokens amounting to at least $11 million. Mantle would also be granted delegated voting authority over 130,000 AAVE under these conditions, making for an extensive governance role on the part of Mantle during the course of the loan. By maintaining both financial and strategic stakes in Aave’s recovery, this arrangement aligns incentives for all parties. More Details To Note It is worth noting the governance delegation component, which provides insight into how DeFi agreements continue to grow more sophisticated. These arrangements, however, increasingly encompass governance rights in addition to just financial transactions and further promote collaboration between protocols. This layered stack provides security to the lender while encouraging co-responsibility within the ecosystem. The masterminded loan comes as part of a more extensive work to confine disturbance from everywhere in the DeFi space. Mantle has reiterated that this will be designed as a gradual and orderly pathway for recovering from the rsETH exploit. This initiative is indicative of an emerging trend within decentralized finance where protocols come together to better mitigate systemic risk as opposed to resolving matters in isolation. Caused problems on one DeFi protocol be transferred easily to another and coordinated response are important due to high connectivity on DeFi platforms. Mantle wants to demonstrate how large treasuries can be effectively routed during a crisis, and as such will become a key player in the future resilience of the ecosystem far beyond this historical moment of providing ample liquidity support. Bybit Signals Support And Strengthens Industry Unity The proposal has since received support from some of the crypto industry’s major players, including Bybit. CEO Ben Zhou even gave the exchange a public commitment that it would support MantlePlan. Zhou notes the relevance of mutual support between companies in crypto, citing Bybit’s own experience receiving help in responding to a previous hack. Bybit, as the biggest holder and supporter of Mantle, will vote YES for this proposal. When we got hacked the industry got together and helped us. It is the only right thing that we do the same to unit together and walk out from difficult times. https://t.co/GmAK4YwLns — Ben Zhou (@benbybit) April 24, 2026 He pointed out that the industry supported us after we were hacked, and now it is only fair for us to help one another, since this attitude has been usual when trouble arises. Support from major exchange letters gives this proposal substantial credibility, as an endorsement increases the odds for wider community support as well as eventual approval. Recoveries Taking Shape have put DeFi at a Defining Moment The Mantle-Aave proposal is being announced at a crucial point for decentralized finance. The exploit of the rsETH token presented weaknesses in many protocols that were previously fine-tuned and interlinked with one another, leading to composability shocks and putting the entire sector to a test. At the same time, it highlights what unified action looks like. These measures, from treasury-backed loans and collaboration between governance models to allied support across the industry chain, demonstrate an ecosystem that is growing up while navigating intricate challenges. For Aave, this loan could be a critical lifeline, a means of stabilisation and regaining user trust. For Mantle itself, it is a way to flexibly deploy capital, benefiting the surrounding ecosystem while potentially earning returns. Depending on which way talks are headed, the result could set a precedent that would probably effect on how future crises will no longer result in this manner and thus forming what is the form of inter-protocol agreements and level of cooperation inside DeFi. In the end, this episode reminds us of a simple fact: decentralized finance can only be sustainable at large scale if participants have the agility to work closely together in times of doubt, not just innovate. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !

24 Apr 2026, 07:51

Ethereum (ETH) Panic? Not So Fast: Ethena Data Shows Demand Holding

Despite the KelpDAO hack, things aren't that bad for staking on Ethereum network.