News
14 May 2026, 04:43
Aave transfers first 25,000 rsETH tranche to LayerZero adapter as Kelp reopens cross-chain bridging

Aave transferred the first 25,000 rsETH into the LayerZero OFT adapter on Ethereum mainnet on May 13, formally reopening cross-chain bridging for the liquid restaking token after the April 18 exploit. Both Aave and Kelp DAO confirmed the move on X. The transaction landed at block 25087631 with a fee of 0.00004376 ETH, per Etherscan . The first tranche of rsETH has been transferred into the LayerZero OFT adapter, and rsETH bridging between mainnet and L2s is back open. https://t.co/lYUPFv9T7Y — Aave (@aave) May 13, 2026 The transfer marks the operational restart of rsETH movement between Ethereum mainnet and Layer 2 networks for the first time since the LayerZero bridge exploit drained $292 million in unbacked tokens. What happens in the next 24 to 48 hours Kelp said rsETH contracts will unpause for withdrawals within 24 hours of the first tranche reaching the mainnet adapter. Deposits will reopen and exchange rates will update within 48 hours, with staking rewards accrued during the pause period credited to all rsETH holders. Remaining tranches from Aave’s Recovery Guardian and Kelp’s recovery safe will flow into the lockbox over the next two weeks, totaling 117,132 rsETH worth roughly $278 million at current prices. As Cryptopolitan reported on May 12, the first phase of the technical recovery involved burning the exploiter’s rsETH on Arbitrum. The May 13 transfer executes the second phase: refilling the bridge lockbox so cross-chain rsETH circulation can resume, backed by legitimate collateral. How the security architecture changed The reopened bridge runs on a hardened security model. Kelp completed a security pass audited by BailSec that raised the LayerZero verification requirement from a single attestor to four independent attestors and lifted block confirmation thresholds from 42 to 64. All L2-to-L2 bridging routes were deprecated. Kelp is also migrating its cross-chain infrastructure from LayerZero to Chainlink’s Cross-Chain Interoperability Protocol. The technical post-mortem from Chainalysis attributes the April 18 exploit to a remote procedure call poisoning attack by North Korea’s Lazarus Group, specifically subunit TraderTraitor. The attackers compromised downstream RPC nodes that LayerZero verifiers relied on for Unichain L2 observation, feeding forged data that tricked the single-verifier bridge into releasing 116,500 rsETH on Ethereum mainnet without a legitimate source-side burn. What the recovery timeline says, and what Kelp still has to prove The exploit-to-restoration window now sits at 26 days. That compares against Ronin Bridge, where compensation took months and required outside funding, and Euler Finance, where recovery depended on attacker negotiation. The rsETH recovery proceeded without either: coordinated ecosystem funding through DeFi United, an on-chain burn of attacker collateral, and a federal court order from Judge Margaret Garnett clearing the 30,765 ETH transfer to Aave. But the damage extends beyond technical recovery. Kelp’s total value locked has fallen from roughly $2 billion in September 2025 to about $1.55 billion, reflecting the exploit and the extended operational pause. Competing liquid restaking protocols, including Ether.fi and Renzo, are watching whether liquidity returns to Kelp once contracts fully unpause, or whether users migrate elsewhere. The 30,765 ETH worth roughly $72 million recovered from the attacker remains in an Aave-controlled wallet pending further court authorization on the terrorism-creditor restraining notice filed May 1. The remaining 92,132 rsETH will be replenished to the LayerZero adapter in staged tranches over the next two weeks before normal operations fully resume. The smartest crypto minds already read our newsletter. Want in? Join them .
14 May 2026, 00:55
TAC Suffers $2.8M Cross-Chain Exploit, Vows Full User Compensation

BitcoinWorld TAC Suffers $2.8M Cross-Chain Exploit, Vows Full User Compensation The TON Application Chain (TAC) project has been compromised in a security incident that led to the theft of approximately $2.8 million in digital assets. The exploit targeted TAC’s cross-chain bridge on the TON network, draining funds in USDT, BLUM, and tsTON before the team could intervene. What Happened and What Was Affected According to an official announcement posted on X, the attack specifically impacted the project’s cross-chain infrastructure. The stolen assets include roughly $2.8 million worth of USDT, BLUM, and tsTON. TAC clarified that its native TAC tokens and ERC-20 tokens bridged from TON and Ethereum remain unaffected. The bridge has been temporarily suspended while the team conducts a forensic investigation to determine the root cause of the exploit. A detailed post-mortem report is expected within 48 hours. TAC is working closely with law enforcement agencies, the security response team SEAL 911, and other security partners to trace and potentially recover the stolen funds. Compensation Plan and Community Response In a move aimed at restoring user confidence, TAC stated that its foundation will sell its holdings of TAC tokens, following all applicable legal procedures, to fully compensate all affected users. This commitment to full restitution is notable in an industry where victims of exploits often face lengthy recovery processes or no compensation at all. The announcement has drawn mixed reactions from the crypto community. Some users praised the proactive compensation pledge, while others raised questions about the potential market impact of a large token sale and the long-term security of the platform. Why This Matters for the TON Ecosystem This incident is the latest in a series of security challenges facing cross-chain bridges, which have historically been a prime target for attackers due to the complexity of their architecture. TAC is designed to bring Ethereum Virtual Machine (EVM) compatibility to the TON network, making it a critical piece of infrastructure for the growing TON ecosystem. A breach of this nature raises broader concerns about the security posture of cross-chain solutions and the risks associated with bridging assets between different blockchain networks. For users and investors, the key takeaway is the importance of due diligence when using cross-chain services. While TAC’s swift response and compensation plan are positive signals, the incident underscores the persistent vulnerability of bridge protocols. Conclusion The TAC exploit serves as a reminder that security remains a paramount concern in decentralized finance. As the investigation unfolds, the project’s ability to deliver on its compensation promise and implement robust security upgrades will be critical to rebuilding trust. The next 48 hours will be pivotal as the community awaits the post-mortem report and further details on the recovery plan. FAQs Q1: How much was stolen in the TAC exploit? The total stolen amount is approximately $2.8 million, comprising USDT, BLUM, and tsTON tokens. Q2: Are my TAC tokens or other assets safe? Yes. TAC confirmed that native TAC tokens and ERC-20 tokens bridged from TON and Ethereum were not affected by the exploit. Q3: How will TAC compensate affected users? The TAC foundation plans to sell its holdings of TAC tokens, following legal procedures, to fully compensate all users who lost funds in the incident. This post TAC Suffers $2.8M Cross-Chain Exploit, Vows Full User Compensation first appeared on BitcoinWorld .
13 May 2026, 23:32
Kelp DAO Restores rsETH Bridging After 1st Tranche Transfer

On May 13, Kelp DAO announced the completion of the first batch of rsETH into the LayerZero OFT Adapter by Aave. After this transfer, the platform will resume bridging and allow users to move their rsETH between Ethereum and various Layer 2 networks. In the next 24 hours, the platform is expected to unpause withdrawals for rsETH contracts. On Wednesday, TAC Protocol’s TON-ETH cross-chain bridge faced an operation, allowing hackers to steal around $3 million in USDT, BLUM, and other tokens. On May 13, Kelp DAO and Aave announced the completion of the first tranche to restore full operations for rsETH after the recent hack incident, which is a liquid restaking token. The first batch of this transaction of rsETH was transferred by Aave into the LayerZero OFT Adapter under their plan to restore the operation with great coordination. This is a major announcement as it will resume bridging, which will allow users to freely move rsETH between the Ethereum main network and different Layer 2 networks. The update will provide major relief to users as well as the entire DeFi community after facing turmoil due to a cyberattack. According to the official announcement, rsETH contracts will be unpaused to allow withdrawals of tokens within the next 24 hours. After this, deposits for tokens are also expected to resume shortly after the announcement, along with exchange rates, which are expected to update within 48 hours. This restoration of operations in some areas will also allow rsETH holders to get staking rewards that accumulated when the operations were closed. “Remaining tranches from Aave’s recovery guardian and Kelp DAO will be sent over the next 2 weeks to fully refill the lockbox,” stated in the official post on X. Kelp DAO and Aave Restore rsETH Operations The latest announcement comes after Kelp DAO and Aave announced the completion of a major recovery process on May 12. They have burned the exploiter’s ETH holdings on the Arbitrum network. By doing this, they have destroyed the last batch of unbacked tokens, which were created after the hack. This process has helped Kelp DAO to restore the real backing for rsETH tokens with great supply integrity. The joint operation between Aave and Kelp has led to the liquidation of Aave positions. They have also made a collaboration with Arbitrum governance to work on frozen assets. On April 18, hackers linked to North Korea’s Lazarus Group exploited the Kelp DAO LayerZero bridge to steal rsETH tokens. They have taken advantage of loopholes present in the system of a one-of-one verifier on the cross-chain system. By using a fake message that came from another chain, a hacker has smartly deceived the bridge to release approximately 116,500 to 117,132 rsETH from the main network without proper backing. While hackers were executing this transaction, the cumulative worth of stolen tokens was approximately $292 million, which makes it the biggest hack of the DeFi sector. After stealing these rsETH tokens, hackers have used the tokens as collateral on Aave, which is a leading lending protocol on Ethereum and Arbitrum. The hacker has then borrowed large amounts of Wrapped Ethereum and other assets against the fake tokens. This cyberattack has created “bad debt” for the lending protocol. However, in response to this bizarre cyberattack, the entire DeFi community has reacted quickly. Aave has launched an operation to freeze the rsETH markets to avoid any further damage. The Kelp DAO hack has created panic in the entire sector, as in just 2 days, around $13 billion worth of capital was wiped out from the sector. The Kelp DAO hack has once again exposed the vulnerabilities present in the cross-chain bridges in the blockchain sector. Just because Kelp used a simple single-verifier setup to reduce the cost of operations. This has created a major loophole on the bridge, which allowed hackers to steal money by attacking nodes and false data. After this cyber attack on Kelp, the DeFi platform has taken lessons. In yesterday’s post on X, Kelp revealed that they have changed, requiring verification from 4 independent attestors, increasing the block confirmations, and others. The platform is also planning to integrate more robust systems like Chainlink CCIP. Aave is playing a major role in the recovery of the stolen tokens. To do this, the lending platform has announced the formation of the DeFi United program in collaboration with Kelp DAO and other DeFi platforms. They used on-chain tools and governance votes to liquidate attacker positions and recover assets. Other chains like Arbitrum have also frozen their funds. Not just this, they have filed an emergency motion to overcome a United States court restraining order. Right now, Aave Recovery Guardian multisig wallets are holding funds that are expected to be used in refilling the missing rsETH. Another Day, Another Bridge Exploited: TAC Blockchain Suffers $3M Hack on TON-ETH Cross-Chain Bridge On May 13, TAC Protocol faced a hack after the hacker stole approximately $3 million from its TON to Ethereum cross-chain bridge. In this hack, the hackers have stolen USDT, BLUM tokens, and other Jettons, which are tokens created on the TON network. In the latest post on X, TAC has confirmed this hacking incident. TAC stated in the post, “We are actively working with law enforcement, SEAL 911, and our security partners to trace and block the stolen funds. ” TAC is a layer 1 blockchain, which is designed to connect Ethereum Virtual Machine-compatible decentralized applications with the Telegram TON blockchain. TAC is a major bridge to transfer assets between the Ethereum and TON blockchains. In this attack, hackers have likely exploited a cross-chain bridge, which is a major loophole in the bridge. This hack has sparked a discussion in the DeFi sector amid the recent turmoil following the Kelp DAO hack. It is raising serious questions about the security of users’ funds on the cross-chain bridges. Also Read: Kelp DAO Begins Recovering rsETH After the April Exploit
13 May 2026, 19:50
Ledger shelves IPO plans, cites poor market condition reasons

Ledger has officially paused its previously planned IPO and U.S. stock market listing today, citing unfavorable market conditions, according to people familiar with the IPO process. The hardware wallet producer has engaged with banking and financial institutions since the year began to advise on the possibility of launching an initial public offering that could value the company at about $4 billion. These financial institutions included Goldman Sachs, Jefferies, and Barclays. A confidential S-1 filing with the SEC is usually the first formal step towards a U.S. stock listing, and none has been filed by Ledger till now. Ledger is now weighing alternatives, which include raising capital through private funding. What is Ledger? Ledger designs hardware devices that let crypto holders securely store their tokens offline by securing their private keys which control access to the crypto tokens. The company was founded in Paris in 2014, and reached a valuation of about $1.5 billion in 2023 with annual revenues said to exceed $100 million. The demand for hardware wallets has grown alongside rising crypto prices and an increase in security breaches and crypto scams. Blockchain analytics firm Chainalysis estimated that losses from cryptocurrency scams and fraud reached about $17 billion in 2025, up from roughly $13 billion the previous year. . Crypto IPOs have seen a decline Ledger’s decision follows a wider pullback among crypto companies regarding their interests in going public. After a wave of crypto stock market listings in 2025, multiple factors including volatile markets, dropping crypto prices, and lower trading volumes have reduced investor appetite in new IPO offerings. Kraken, one of the largest U.S. crypto exchanges, suspended its own multibillion-dollar IPO earlier this year despite having confidentially filed with the SEC in late 2025 . BitGo, which remains the only crypto-native firm to complete a U.S. IPO so far in 2026, has not fared very well as a public company pos-IPO. It raised about $213 million in January, pricing shares above the marketed range at $18 and briefly rallying more than 20% on debut, a momentum that faded quickly as BitGo shares now trade about 36% below their offering price. Ledger’s U.S. expansion not stopping Ledger has continued invest in its American operations since the turn of the year. In March, the company opened a new office in New York and appointed John Andrews, a former Circle Internet executive, as its chief financial officer. Andrews previously led capital markets and investor relations at Circle, the issuer of popular stablecoin USDC. Ledger described the New York office as part of a multimillion-dollar investment in continuing its U.S. expansion. The location is expected to be a working hub for Ledger Enterprise, the company’s infrastructure platform, and will create dozens of new jobs in the organization, according to CoinDesk . CEO Pascal Gauthier has previously been open about the company’s interest in U.S. capital and stock markets. In January, told reporters that the money for crypto “is in New York today; it isn’t anywhere else in the world, especially not in Europe,” as previously reported by Cryptopolitan. If you're reading this, you’re already ahead. Stay there with our newsletter .
13 May 2026, 16:37
$1.88M Reportedly Drained in TransitFinance Exploit that Exposes Hidden Risks of Legacy Smart Contracts

In yet another incident in the growing ecosystem of decentralized finance (DeFi), TransitFinance has reportedly suffered a smart contract hack, which resulted in an estimated loss of around $1.88 million. This incident, recently reported by blockchain security monitor PeckShield Alert, is a reminder that while current infrastructure may be robust, legacy code continues to proliferate in embedded form within blockchain networks. #PeckShieldAlert @TransitFinance seems to have been hacked for ~$1.88M The stolen funds are currently sitting in the following address in $DAI : 0x8a634DfA2609358849D7D65FFA270C8A57a8abA5 pic.twitter.com/9RSQkgdfX6 — PeckShieldAlert (@PeckShieldAlert) May 13, 2026 TransitFinance says the hack came from an early smart contract deployed to the TRON network. This contract was officially deprecated in 2022 but still lingered on-chain and malicious actors were able to exploit the dormant vulnerability.This case study demonstrates an ongoing problem within DeFi: even when old contracts are not, and cannot, be used, they stay propagating because they can still get called upon unless made completely nonoperational or destroyed. This attack takes advantage of the vulnerabilities built into a legacy contract, impacting only a subset of users.This case is an example of how “inactive” components can still provide a significant attack surface, unlike many exploits that affect live protocols. This way, the attacker has not hacked the current system but to hack an unprotected legacy contract remains open. All Stolen Funds Have Been Merged Into A Single Address The no reward analysis of the exploit considers consolidating original assets, which total follows $1.88 million, to a single wallet. Funds are deposited in DAI which is a popular, more stable and liquid stablecoin in DeFi. This is a consolidation pattern showing us an orchestrated and systematic siphoning rather than a disordered, rapid, pointillistic theft across addresses. This also makes the trail of stolen money easier to follow, possibly allowing investigators to follow or even promptly intercept additional transfers. But DAI could be used to launder via decentralized exchanges or cross-chain bridges, which would further complicate recovery and obscure the path of funds. Immediate Response and Containment Measures ॑ TransitFinance reacted quickly when they detected the exploit. Following the incident, an official statement on TransitFinance Announcement indicates that the team had conducted extensive internal investigations, segregating compromised components. The protocol stressed that the contract in question is not a part of its current operating framework. Your smart contract is still secure, backed by four plus years of uninterrupted audits, testing and monitoring with the latest version.The team conducted additional reviews and remediation, during which they reiterated that the platform’s active infrastructure was never compromised. That meant users were told that there was no urgent action required, signalling confidence in the containment process. Transit Announcement Regarding a recent incident related to historical legacy risks, we would like to share the following update: 1⃣ Cause of the Incident The issue was related to an early-version smart contract previously deployed on TRON. Although this legacy contract had… — Transit (@TransitFinance) May 13, 2026 To regain the trust of their user base, TransitFinance promised to fully compensate all affected users. Exact timelines and processes have yet to be provided, but the team promised to update through official channels. Though compensation has emerged as a customary response to DeFi breaches, the manner in which it is executed will be critical for long-term community trust. TransitFinance is presumably acting swiftly to protect its reputation and gain user confidence.Still, the cost of these reimbursements could add strain on to protocols struggling with balancing what they have in their treasuries against their ongoing operational needs. Wider Impacts on DeFi Security There is growing pressure on developers to keep a “clean” contract environment, meaning the old code can’t be used as a path for attack. This requires not just forward looking audits of active deployments but also retrospective scrutiny of all historical contracts. The incident is a reminder to users that the risk in DeFi lives beyond visible interfaces. Vulnerabilities can remain dormant until used for an attack. TransitFinance later even published a security alert warning users that they could face scams. This often leads to malicious actors taking advantage by posing as trusted news outlets, or sending fraudulent emails. NEVER share your keys or seed phrases with anyone, as this information gives access to your funds and cannot be recovered if lost. The team recommends that officials only use verified messaging platforms to ensure they do not fall for further attacks since it is common for a secondary attack to happen after a high-profile breach. Conclusion: Call to Protocol Hygiene The exploit of TransitFinance may not be one of the biggest DeFi hacks, but its impact is heavy. This indicates that even well-maintained platforms can conceal risks if legacy systems are not being secured. With the DeFi ecosystem expanding, it is time to transition focus away from pure innovation and growth into a protracted upkeep of existing infrastructure. Given that code is static and visible, your attack surface includes every contract deployed in a domain instead of just active contracts. In the immediate crisis, it seems that TransitFinance has contained the damage. This is the message for the wider DeFi community: that security does not stop with upgrades but requires constant attention during the whole lifetime of a protocol. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
13 May 2026, 14:45
Transit Finance Commits to Full User Compensation Following $1.88 Million Exploit

BitcoinWorld Transit Finance Commits to Full User Compensation Following $1.88 Million Exploit Transit Finance, the company behind the decentralized exchange aggregator Transit Swap, has confirmed it will fully compensate all users impacted by a recent security breach. The incident, which involved the theft of approximately $1.88 million, was linked to a vulnerability in an older version of the protocol’s smart contract on the TRON blockchain. Details of the Exploit and Response Blockchain security firm PeckShield first flagged the exploit on May 11, reporting that the stolen funds—held as DAI in a wallet address starting with 0x8a6—were linked to Transit Finance. The company clarified that the vulnerability existed in an early iteration of its smart contract, which had been deprecated after 2022 and was no longer in active use. Only a subset of users who had interacted with that outdated version were affected. Upon discovering the breach, Transit Finance stated it initiated an immediate response, completing additional security reviews and recovery measures by May 12. The company emphasized that no action is required from affected users and that the current version of its smart contract remains secure and unaffected. Broader Implications for DeFi Security This incident underscores a persistent challenge in decentralized finance: the risk posed by legacy smart contracts that remain accessible even after being deprecated. While Transit Finance acted swiftly to contain the damage and commit to full restitution, the event highlights the importance of regular security audits and the proactive decommissioning of outdated code. What This Means for Users For Transit Swap users, the announcement brings clarity and assurance that losses will be covered. However, the broader DeFi community is reminded to exercise caution when interacting with older protocols or contract versions. Security experts recommend that users verify they are using the most up-to-date smart contract addresses and avoid transactions with deprecated code. Conclusion Transit Finance’s decision to fully compensate victims of the $1.88 million exploit is a significant step in maintaining user trust. As the investigation continues, the company has not disclosed a specific timeline for compensation distribution but reiterated its commitment to making all affected users whole. This case serves as a cautionary tale for the industry, reinforcing the need for continuous vigilance in smart contract security. FAQs Q1: Do I need to take any action to receive compensation? No. Transit Finance has stated that no action is required from affected users. The compensation process will be handled automatically by the company. Q2: Is the current Transit Swap smart contract safe to use? Yes. The company confirmed that the vulnerability was isolated to an old, deprecated version of the contract on TRON. The current version remains unaffected and secure. Q3: How much was stolen in the hack? Blockchain security firm PeckShield reported that approximately $1.88 million in DAI was stolen from the protocol. The funds are being held in a wallet address starting with 0x8a6. This post Transit Finance Commits to Full User Compensation Following $1.88 Million Exploit first appeared on BitcoinWorld .







































