News
16 May 2026, 09:25
Thorchain Opens $10M Compensation Portal for Hack Victims Across Four Blockchains

BitcoinWorld Thorchain Opens $10M Compensation Portal for Hack Victims Across Four Blockchains The Thorchain Foundation has officially launched a compensation portal for victims of a recent exploit that drained approximately $10 million from the decentralized cross-chain liquidity protocol. The foundation has allocated an equivalent compensation pool to reimburse affected users, with applications now open for eligible wallets. Eligibility and Application Process According to a report from Cointelegraph, the compensation pool covers 12,847 wallets across four blockchain networks: Bitcoin, BNB Chain, Ethereum, and Base. Victims holding funds in these wallets at the time of the exploit are eligible to apply directly through the portal. The foundation has urged users to verify their eligibility before submitting claims to ensure a smooth process. Timeline and Unclaimed Funds Applications will be accepted until June 4. After this deadline, any remaining funds in the compensation pool will be transferred to the protocol’s insurance fund, which is designed to cover future security incidents and strengthen the platform’s resilience. This mechanism ensures that unclaimed resources are not wasted but repurposed for broader ecosystem protection. Why This Matters for DeFi Users The incident underscores persistent security vulnerabilities in decentralized finance protocols, where smart contract exploits and bridge attacks remain a significant risk. Thorchain’s decision to establish a dedicated compensation pool is a notable step toward rebuilding user trust, but it also raises questions about the long-term sustainability of relying on discretionary reimbursement rather than automated insurance mechanisms. For affected users, the window to file claims is limited, making prompt action essential. Conclusion Thorchain’s compensation portal represents a concrete effort to address the financial losses from the recent hack, covering thousands of wallets across major blockchains. The June 4 deadline adds urgency for victims, while the transfer of unclaimed funds to the insurance fund signals a commitment to future security. This case highlights the ongoing challenges DeFi protocols face in balancing innovation with robust user protection. FAQs Q1: How do I know if my wallet is eligible for compensation? Eligible wallets are those that held funds in the affected Thorchain pools at the time of the exploit across Bitcoin, BNB Chain, Ethereum, or Base. The foundation has provided a verification tool on the compensation portal for users to check their eligibility. Q2: What happens if I miss the June 4 deadline? Any unclaimed funds after the deadline will be transferred to Thorchain’s insurance fund, which is used to cover future security incidents. Late applications will not be accepted. Q3: Is this compensation guaranteed for all affected users? The foundation has allocated a pool equal to the estimated losses, but individual reimbursement amounts depend on the specific holdings and verification of claims. Users are advised to apply promptly and provide accurate information to ensure processing. This post Thorchain Opens $10M Compensation Portal for Hack Victims Across Four Blockchains first appeared on BitcoinWorld .
16 May 2026, 07:25
rsETH Net Outflows Signal Recovering Investor Confidence in Kelp DAO After Hack

BitcoinWorld rsETH Net Outflows Signal Recovering Investor Confidence in Kelp DAO After Hack Investor confidence in Kelp DAO appears to be on the mend, as on-chain data reveals a notable shift in rsETH token flows. According to Santiment, exchanges recorded a net outflow of 435 rsETH on May 15, a reversal from the day of the protocol’s hack roughly a month earlier, when a net 563 rsETH flowed into exchanges. This change suggests that holders are moving tokens off trading platforms, often interpreted as a sign of reduced selling pressure and renewed trust in the project. Context of the Recovery The turnaround comes after Kelp DAO, a liquid restaking protocol, suffered a security breach approximately one month ago. In the immediate aftermath, a net inflow of 563 rsETH into exchanges indicated that many investors were preparing to sell or hedge against further downside. However, the recent net outflow of 435 rsETH points to a behavioral shift among holders, who now appear more willing to store their tokens in personal wallets or participate in the protocol’s staking activities. Santiment attributed this change directly to Kelp DAO’s full resumption of rsETH withdrawals, bridging, and protocol operations. The restoration of normal functionality appears to have alleviated immediate liquidity concerns and restored a degree of operational normalcy, which is critical for restoring user trust in decentralized finance (DeFi) platforms. Implications for the DeFi Ecosystem The recovery of investor confidence in Kelp DAO is not an isolated event but reflects broader dynamics within the DeFi sector. Hacks and exploits often trigger panic selling and a loss of trust, but protocols that respond quickly—by pausing operations, communicating transparently, and fully restoring services—can often regain user confidence over time. Kelp DAO’s ability to reverse the net flow of rsETH within a month is a positive signal, though the full impact on its total value locked (TVL) and long-term user retention remains to be seen. What This Means for rsETH Holders For current and potential rsETH holders, the net outflow suggests that the immediate panic phase has passed. However, investors should remain vigilant. The DeFi space continues to face security challenges, and the resumption of operations does not eliminate underlying risks. The data from Santiment provides a useful sentiment indicator, but it is not a guarantee of future stability. Users are advised to conduct their own research and consider the protocol’s security upgrades before making decisions. Conclusion The net outflow of 435 rsETH from exchanges on May 15 marks a meaningful reversal from the panic-driven inflows seen after Kelp DAO’s hack. This shift, driven by the full restoration of protocol functions, indicates that investor confidence is slowly recovering. While the DeFi sector remains volatile, this development offers a measured, data-driven view of how trust can be rebuilt after a security incident. FAQs Q1: What is rsETH? rsETH is a liquid restaking token issued by Kelp DAO. It represents a claim on restaked ETH and can be used across various DeFi protocols while earning rewards. Q2: Why are net outflows from exchanges considered a positive sign? Net outflows suggest that investors are moving tokens off exchanges into personal wallets or staking contracts, which often indicates reduced selling pressure and a longer-term holding strategy. Q3: Is Kelp DAO safe to use now after the hack? Kelp DAO has resumed all operations, including withdrawals and bridging. However, as with any DeFi protocol, users should assess the platform’s security measures and updates before engaging. No protocol is entirely risk-free. This post rsETH Net Outflows Signal Recovering Investor Confidence in Kelp DAO After Hack first appeared on BitcoinWorld .
16 May 2026, 06:58
Pi Network Issues Urgent Safety Warning for All Pioneers

The cryptocurrency industry has certain negative aspects, such as the growing number of bad actors trying to exploit victims following popular projects with giveaway or airdrop scams by typically impersonating key members of their teams. Pi Network’s only official X channel decided to issue an important clarification on how the vast number of users can guarantee to be following only the actual accounts and not fall victim to such schemes. Only These Accounts In its most recent posts on verification and ecosystem growth, Pi Network’s Core Team explained that the user base in its broader ecosystem has grown to over 60 million. Roughly 30% have already been approved and verified through its Know-Your-Customer procedure, while more than 16.7 million have been successfully migrated to Mainnet. Given the significant number of claimed active users, the team decided to clarify which official accounts they should follow. The post below contains links to the two founders’ X accounts, Nicolas Kokkalis and Dr. Chengdiao Fan. Both have received affiliate badges that help Pioneers “identify their only real accounts.” It’s worth noting that neither of them is particularly active on social media, with the most recent visible posts published years ago. As some Pioneers may have noticed, affiliate badges have recently been assigned to the Pi Founders’ official X accounts. This helps you identify their only real accounts! For your safety, always verify information through the official Pi Safety Center and official Founder… — Pi Network (@PiCoreTeam) May 15, 2026 The team also warned that Pioneers have to be wary of scammers trying to impersonate anyone linked to the project, unofficial accounts, and misleading links “claiming to represent Pi.” Ripple, SHIBA Sound the Alarm, too Pi Network is far from the only crypto project that has been targeted by scammers. Ripple’s CTO Emeritus recently published a similar post, warning his 700,000 followers on X that there could be fake accounts on social media impersonating him, trying to promote fake airdrops or giveaways. Shiba Inu, another popular project among retail investors, also frequently warns its users and followers to be cautious regarding suspicious posts and ads running on social media. One of the latest such warnings sounded the alarm about multiple fraud attempts involving the SOU NFT. The post Pi Network Issues Urgent Safety Warning for All Pioneers appeared first on CryptoPotato .
15 May 2026, 20:23
$292M Kelp Exploit Pushes Lombard to Migrate $1B BTC Assets to Chainlink CCIP

Lombard Finance is moving more than $1 billion in Bitcoin-backed assets from LayerZero to Chainlink’s Cross-Chain Interoperability Protocol after completing an internal security review following the Kelp DAO exploit. The protocol said Chainlink CCIP will become its exclusive cross-chain infrastructure for LBTC and BTC.b, two Bitcoin-backed assets used across decentralized finance. Lombard said the decision is part of a wider security upgrade as it expands Bitcoin liquidity across multiple blockchain networks. The move follows renewed scrutiny of cross-chain bridge systems after the April Kelp DAO exploit, which drained about $292 million from a LayerZero-powered bridge. Since then, several crypto firms and DeFi protocols have moved or started moving assets to Chainlink CCIP. The total migration wave is estimated at $4 billion in assets. Lombard said CCIP will replace LayerZero across Solana, Etherlink, Berachain, Corn, and TAC. The protocol will also fully deprecate LayerZero usage on Morph and Swell. Lombard Moves LBTC and BTC.b to Chainlink CCIP Lombard issues LBTC and BTC.b as Bitcoin-backed assets designed to bring BTC liquidity into DeFi. These assets allow Bitcoin exposure to move across smart contract networks for trading, collateral, and other on-chain use cases. The protocol said its migration to Chainlink CCIP is intended to protect users while supporting broader distribution of Bitcoin-backed assets. Lombard said it has maintained zero security incidents and 100% uptime since launch and that its cross-chain infrastructure must meet the same standard as the protocol grows. Lombard co-founder Jacob Phillips said the team reviewed available cross-chain systems after recent bridge security events. He said the review led Lombard to select Chainlink CCIP for securing LBTC and BTC.b. The migration also includes the adoption of Chainlink’s Cross-Chain Token standard. Lombard said the standard supports a burn-and-mint model that allows a single canonical token to move across chains. The protocol said this reduces external dependencies and avoids vendor lock-in because Lombard keeps ownership of its token contracts. Kelp DAO Exploit Spurs Wider Bridge Review The April Kelp DAO exploit increased attention on bridge risk across DeFi. Cross-chain systems handle large pools of value and often serve as key infrastructure for wrapped assets, liquid staking tokens and Bitcoin-backed tokens. After the exploit, Kelp DAO, Solv Protocol, Re, Kraken and Lombard all moved or announced moves toward Chainlink CCIP. Together, those migrations represent roughly $4 billion in assets, according to industry estimates. Kraken recently said it would migrate kBTC and future Kraken Wrapped Assets to Chainlink CCIP. Kelp DAO has also restarted rsETH withdrawals, bridging and claims as part of its recovery plan after the exploit. Chainlink Labs Chief Business Officer Johann Eid said Lombard’s migration is part of a broader move toward cross-chain infrastructure with stronger security controls. He said CCIP is being used by protocols that need reliable infrastructure for institutional adoption and larger Bitcoin-based DeFi markets. LayerZero remains one of the largest cross-chain messaging providers, but the Kelp exploit has led some protocols to reassess bridge dependencies and risk controls. Lombard’s decision shows how protocols are reviewing infrastructure choices after high-value losses. Chainlink Security Features Drive Migration Lombard said Chainlink CCIP offers defense-in-depth architecture, independent node operators, built-in rate limits and audited infrastructure. Chainlink said each bridge lane is secured by at least 16 independent, security-reviewed node operators. The protocol also pointed to native rate limits that can act as circuit breakers during extreme events. These controls are designed to limit asset movement if abnormal activity is detected. Lombard also cited Chainlink’s institutional certifications, including SOC 2 Type 2 and ISO/IEC 27001:2022. The protocol said those standards are relevant as Bitcoin-backed assets move into larger DeFi and institutional markets. The migration gives Lombard the option to add its own Security Consortium as an extra validation layer for cross-chain transfers. Lombard said this lets it enforce its own transfer rules, maintain a record of asset movement and update verification logic when needed. After the announcement, the LINK price recovered from a bearish shift, trading near $10.31, up 0.89% over 24 hours. The LINK price has recently broken above a longer-term descending trendline and is consolidating between $10.03 and $10.80 as buyers test previous resistance as support.
15 May 2026, 17:17
$10M THORChain Exploit Triggers Network-Wide Emergency Security Response to Halt Attacks

Cross-chain liquidity protocol THORChain has just faced a major exploit, with early reports suggesting over $10m in digital assets lost. All incomes from the breach were withdrawn across blockchains-Bitcoin, Ethereum, BNB Chain, Base. The exploit was first revealed to blockchain security analysts through a PeckShield alert and then confirmed by THORChain in its own subsequent protocol update. #PeckShieldAlert @THORChain has been exploited for ~$10M worth of crypto, including 36.75 $BTC ($3M) and ~$7M worth of assets from #BNBChain , #Ethereum , and #Base . The stolen funds mainly sit in: bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37… pic.twitter.com/mhWIWueVPK — PeckShieldAlert (@PeckShieldAlert) May 15, 2026 Independent investigator ZachXBT also issued a warning, via a ZachXBT alert, adding that total losses might exceed the original estimates. However, while this continues to be a fast-moving, fluid situation, early reports suggest users and funds were not directly at risk – which has been positive in terms of keeping community confidence from cratering straight after. Can tell because they did not check the numbers themselves / chains listed. I finished accounting again now and it looks to be $10M+ stolen at least. — ZachXBT (@zachxbt) May 15, 2026 Exploit Targets Asgard Vault Infrastructure Initial investigation suggests a compromise of one of the core infrastructure components within THORChain, specifically Asgard vault. Together, these vaults are managed by node operators to store and provide cross-chain liquidity across the network. Which points to one of their six Asgard vaults being breached allowing outbound transactions. The attacker allegedly siphoned off an estimated 36.75 BTC worth around $3 million and approximately $7 million in assets between Ethereum, BNB Chain and Base. The cross-chain dimension of the exploit speaks to how complicated THORChain architecture is. While this aspect of interoperability is important, it also increases the attack surface to any potential weaknesses that may reveal themselves as it allows for easy swapping of assets between different blockchains. Despite the massive scale of the exploit, the protocol has stressed that most of these assets were owned by the protocol and not user deposits. This difference is important because it suggests liquidity providers and traders may have been protected from loss of capital. Important Announcement Trading on THORChain is currently halted after a vault was compromised. Initial indications are user funds are safe and only protocol owned funds are affected. The network automatically detected abnormal behavior and halted signing activity, which alerted… — THORChain (@THORChain) May 15, 2026 Automatic Safety Systems Minimize Impact One prominent feature of the incident was real-time response from the network. The current integrated security mechanisms in THORChain spotted deficiencies and stopped signing, ceasing more unauthorized transactions from getting broadcasted. The automated intervention activated the alert across all markets, leading to an immediate halt of trading. The protocol was able to contain the damage and prevent further exploitation by stopping the process quickly. Their defensive measures highlight the importance of decentralized security design. THORChain’s system does not rely primarily on manual reactions but instead it autonomously detects and responds to threats, which was also key in this case.In addition to the trading freeze, churn activity, the standard process for rotating node operators and reallocating responsibilities, was paused in an effort by developers to maintain system stability while investigating the source of the breach. Node Operator at Risk of Slashing and Security Audit The exploit also had an economic impact on node operators associated with the exploited vault. The arrangement means nodes are required to bond the RUNE tokens as collateral under THORChain’s security model, losing more or all of their staked funds if an unauthorized transaction occurs. As a result, the bonded RUNE of nodes linked to the compromised vault was cut, demonstrating that the protocol is keen on holding its participants accountable and ensuring their risks are shared by all. This method of slashing is carried out in order to allow for security best practices and avoid negligence. In the wake of the event, THORChain has urged all node operators to conduct urgent reviews of their infrastructure, from host environments and key management processes, to broader operational security protocols. Operators linked to the affected vault were specifically requested by the team to give Bifrost logs. These logs should be useful in identifying the attack vector and informing remedial measures to prevent reinfection. The importance of transparency and cooperation is in line with the decentralized nature of the network, which approaches security as a group responsibility. Network Stability Takes Precedence, Ongoing Investigation Investigation is still ongoing to ascertain the root cause of the exploit. The developers and contributors are still investigating the breach, with more updates coming as the details unfold. At the same time, a few of the network functions were suspended for some while. The onboarding of additional chains has been called off and processes related to churn are still on hold to ensure system integrity. Despite such interruptions, THORChain has sought to assure users that key functionalities will go back online when the safety of the chain is guaranteed. The focus is on addressing all the vulnerabilities before normal operation resumes. In particular, early evaluations reveal that although the hack influenced protocol-level components targeted by numerous individual user swaps remain safe. Wider Implications for Cross-Chain Security in DeFi This THORChain exploit is an extreme example of the hurdles faced by cross-chain DeFi systems. Although interoperability can unlock significant value, it also creates complex security challenges. With growing activity across many blockchains, the need for better security architecture becomes apparent. Collectively, automated detection tools, economic deterrents and coordinated incident response frameworks comprise the foundational components needed to create resilient ecosystems. The next few weeks will be crucial for THORChain. With successful resolution of the breach and bolstering protocol safeguards thereafter, confidence could be restored. On the other hand, if you do not patch underlying vulnerabilities, all concerns surrounding cross-chain liquidity networks will linger. With the investigation underway, eyes will be firmly fixed on what happens next, and not just for answers only the crash can provide, but also so lessons might be learned which may influence the future of decentralized financial infrastructure. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
15 May 2026, 16:30
Lombard Adopts Chainlink CCIP as Cross-Chain Standard, Replacing LayerZero After Security Review

BitcoinWorld Lombard Adopts Chainlink CCIP as Cross-Chain Standard, Replacing LayerZero After Security Review Lombard, a Bitcoin-based financial infrastructure platform known for its BARD token, has officially adopted Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its primary cross-chain standard, replacing LayerZero. The decision, first reported by CoinDesk, follows a broader industry reassessment of cross-chain security after the Kelp DAO rsETH hack exposed vulnerabilities in LayerZero’s bridge infrastructure. Why Lombard Made the Switch Lombard’s move is rooted in growing concerns about the security of cross-chain messaging protocols. The Kelp DAO incident, in which an attacker exploited a LayerZero bridge to drain approximately $200,000 worth of rsETH, served as a catalyst for the review. Lombard’s team determined that Chainlink’s CCIP offered a more robust security architecture, including decentralized oracle networks and multiple layers of validation that reduce the risk of single points of failure. Chainlink CCIP is designed to provide end-to-end security for cross-chain transfers, using a combination of off-chain oracle nodes and on-chain verification. This layered approach contrasts with LayerZero’s reliance on a single relayer and oracle model, which critics argue introduces trust assumptions that can be exploited in certain configurations. Industry Implications Lombard’s decision reflects a wider trend among DeFi protocols reassessing their cross-chain dependencies. The Kelp DAO hack, while relatively small in scale compared to other exploits, highlighted a structural weakness in the LayerZero ecosystem: the ability for a compromised relayer to manipulate messages between chains. This has prompted several other protocols to explore alternatives or implement additional security measures. Chainlink CCIP, which launched in early 2023, has been gaining traction among institutional and retail DeFi platforms seeking a more battle-tested interoperability solution. The protocol supports multiple blockchain networks, including Ethereum, Avalanche, and Polygon, and has undergone extensive security audits from firms like Trail of Bits and Sigma Prime. What This Means for Users For Lombard users, the transition to Chainlink CCIP is expected to be seamless. The platform has assured users that all existing cross-chain functionality will remain operational during the migration. The primary benefit is enhanced security: CCIP’s decentralized validation model means that even if one node is compromised, the network can still verify the integrity of cross-chain messages. This change also positions Lombard more favorably for future institutional partnerships, as Chainlink’s reputation and track record in the oracle space provide a stronger compliance and risk management profile. Conclusion Lombard’s adoption of Chainlink CCIP over LayerZero is a significant endorsement of Chainlink’s security model and a clear signal that the DeFi industry is prioritizing robust cross-chain infrastructure. As cross-chain activity continues to grow, protocols that prioritize security over convenience are likely to gain a competitive advantage. Lombard’s decision, while influenced by a specific security incident, reflects a maturing market that demands higher standards for interoperability. FAQs Q1: Why did Lombard replace LayerZero with Chainlink CCIP? Lombard made the switch after a security review prompted by the Kelp DAO rsETH hack, which exploited a LayerZero bridge. Chainlink CCIP was chosen for its more robust decentralized security architecture. Q2: What is Chainlink CCIP? Chainlink CCIP (Cross-Chain Interoperability Protocol) is a decentralized protocol for secure messaging and token transfers between different blockchain networks. It uses multiple oracle nodes and on-chain verification to ensure message integrity. Q3: Will this change affect Lombard users? Lombard has stated that the migration to Chainlink CCIP will be seamless for users, with no interruption to cross-chain functionality. The change is expected to improve security without affecting user experience. This post Lombard Adopts Chainlink CCIP as Cross-Chain Standard, Replacing LayerZero After Security Review first appeared on BitcoinWorld .










































