hodler

7 May 2026, 14:25

Lido to Resume EarnETH Vault Operations Following KelpDAO Bridge Incident

BitcoinWorld Lido to Resume EarnETH Vault Operations Following KelpDAO Bridge Incident Lido DAO, the organization behind the liquid staking protocol Lido (LDO), has announced the imminent resumption of operations for its EarnETH vault. The vault was suspended earlier this month following a significant security incident involving a bridge exploited by KelpDAO, resulting in a loss of approximately $292 million (116,500 rsETH). Background of the Suspension On [Insert Date of Hack, e.g., January 10, 2026], an attacker exploited a vulnerability in a cross-chain bridge used by KelpDAO, draining 116,500 rsETH tokens, valued at roughly $292 million at the time. As a precautionary measure to protect user funds, Lido proactively suspended deposits and withdrawals for its EarnETH vault, which integrates with various DeFi protocols to generate yield on ETH deposits. The decision to halt operations was a standard security response, allowing the Lido team to assess the incident’s impact on its own smart contracts and ensure that no funds within the EarnETH vault were compromised. The vulnerability was isolated to the bridge infrastructure, not the vault’s core logic. Resumption Details and User Impact According to Lido’s official announcement, the EarnETH vault will be fully operational again starting [Insert Date of Resumption, e.g., January 24, 2026]. Users will regain the ability to make deposits and withdrawals without restrictions. Importantly, Lido confirmed that reward distributions for EarnETH depositors continued uninterrupted throughout the suspension period. This means users did not lose any potential yield during the downtime. The protocol’s ability to maintain reward payouts while the vault was in a ‘deposits-only’ or ‘paused’ state highlights the resilience of its underlying architecture. Why This Matters for Lido and DeFi The swift suspension and subsequent resumption of the EarnETH vault demonstrate a mature approach to risk management within the DeFi space. For Lido, a protocol that manages over $30 billion in total value locked (TVL), maintaining user trust is paramount. By acting decisively and transparently, Lido has reinforced its reputation as a responsible steward of user assets. For the broader DeFi ecosystem, this event serves as a reminder of the systemic risks posed by bridge vulnerabilities. The KelpDAO incident is one of several high-profile bridge hacks in recent years, underscoring the need for continuous security audits and robust emergency procedures. Lido’s handling of the situation sets a positive precedent for how protocols should communicate and act during crises. Conclusion With the EarnETH vault set to resume full operations, Lido is moving past the immediate fallout of the KelpDAO bridge hack. The incident, while serious, did not result in direct losses for EarnETH users, and the protocol’s continued reward distribution during the pause is a strong signal of its operational stability. The resumption marks a return to normalcy for one of Lido’s key yield-generating products. FAQs Q1: What is the EarnETH vault? A: EarnETH is a vault within the Lido ecosystem that automatically allocates deposited ETH across various DeFi strategies to generate yield for users. Q2: Was any user funds lost in the KelpDAO bridge hack? A: No. The exploit targeted a bridge used by KelpDAO, not the Lido EarnETH vault itself. Lido’s proactive suspension ensured that no user funds within the vault were at risk. Q3: Will I receive rewards for the period the vault was suspended? A: Yes. Lido confirmed that reward distributions continued throughout the suspension period. Users will have accrued yield as normal. This post Lido to Resume EarnETH Vault Operations Following KelpDAO Bridge Incident first appeared on BitcoinWorld .

7 May 2026, 13:45

Critical Litecoin Update Released After Zero Day Exploit Incident

Litecoin's latest update strengthens MWEB and fixes key network issues.

7 May 2026, 13:11

Aave Clears Final $30M Hacker Positions After $293M KelpDAO Exploit

Aave has completed the liquidation of the remaining rsETH positions tied to the KelpDAO hacker across Ethereum and Arbitrum, marking a major step in the protocol’s recovery effort after the $293 million exploit that rocked DeFi markets in April. Thaddeus Pinakiewicz, vice president of research at Galaxy Digital, said the current rsETH supply remains about 10% below the Ethereum backing needed for full recovery. While the latest liquidations reduced part of the deficit, several unresolved issues continue to weigh on the protocol. The exploit occurred on April 18, when the attacker used stolen rsETH tokens as collateral on Aave to borrow Wrapped Ether. The attack left the lending platform with more than $190 million in bad debt and triggered a sharp outflow of funds from Aave’s markets. The recovered assets were transferred to the Recovery Guardian wallet, a multisignature address managed by DeFi United, the coalition coordinating recovery efforts. The group described the liquidation as a “critical step” in stabilizing the protocol. DeFi United also confirmed that user deposits were never directly affected and that Aave’s Umbrella protection system, designed to absorb bad debt automatically, was not activated during the crisis. Legal Battle Over Frozen ETH Could Delay Full Recovery On April 28, Aave reported that liquidating collateral positions on Ethereum and Arbitrum would release around 13,000 ETH, worth approximately $30.2 million at current market prices. However, a much larger block of 30,765 ETH remains frozen by the Arbitrum DAO, creating another obstacle in the recovery process. The funds became tied up in legal proceedings after U.S. law firm Gerstein Harrow LLP filed an injunction seeking to block redistribution of the assets. The filing cited claims connected to clients allegedly affected by North Korea-linked entities. In response, Aave filed an emergency motion requesting the court lift restrictions on the frozen ETH. Meanwhile, voting within the Arbitrum DAO strongly favors releasing the assets to the DeFi United recovery fund. More than 90% of participating voters currently support the proposal ahead of Friday’s final vote. Stablecoin Issuers Now Hold Key Role in Aave Recovery To fully close the remaining gap, DeFi United is seeking additional commitments from stablecoin issuers Circle, Ethena, and Frax, alongside support from Ink, Kraken’s Ethereum-based layer-2 network. According to Pinakiewicz, these contributions could help “bridge the remaining shortfall” and complete the recapitalization effort. The KelpDAO exploit became the largest cryptocurrency hack of 2026 and exposed how deeply interconnected modern DeFi systems have become. According to DefiLlama , Aave’s total value locked (TVL) plunged by nearly $12 billion during the week following the exploit. Still, recent data suggests confidence may slowly be returning to the platform. Aave TVL Climbs Back Above $15 Billion The pace of withdrawals from Aave’s lending markets has slowed significantly over the past two weeks. After falling to a local low near $14.2 billion on April 26, Aave’s TVL has now climbed back above $15 billion. The rebound signals improving market confidence as traders watch the outcome of the Arbitrum DAO vote, the ongoing legal dispute over frozen assets, and whether stablecoin partners step in to finalize the recovery package. The crisis has also highlighted a broader shift across decentralized finance. Unlike earlier DeFi failures such as the 2016 DAO hack, which required a controversial Ethereum hard fork, Aave’s recovery effort relies on coordinated action between decentralized communities, legal institutions, and centralized stablecoin issuers. That growing overlap between DeFi and traditional institutions may become one of the defining trends shaping the industry’s future crisis responses.

7 May 2026, 12:02

Member of Malone Lam $250M crypto theft crime ring hit with 78-month prison sentence

A 20-year-old California man, Marlon Ferro “GothFerrari,” was sentenced to 78 months (~6.5 years) in federal prison for his role in a $250M crypto ring theft. Ferro, who was sentenced for breaking into homes to steal hardware wallets, was also ordered to pay $2.5 million in restitution. Court documents suggest that the syndicate stole more than $250 million in crypto between 2023 and early 2025. Members of the crime ring allegedly led by Singaporean Malone Lam were based in California, Connecticut, New York, Florida, and abroad. Meanwhile, Ferro was supposedly tasked with buying luxury handbags worth tens of thousands of dollars for Lam’s girlfriend after the boss was arrested and detained. Syndicate destroys the illusion of technological safety The vulnerability of digital assets often starts in the physical world, destroying the illusion of technological safety. In Ferro’s case, the syndicate’s ability to compromise iCloud accounts allowed them to track victims’ GPS locations in real time. That turned a digital heist into a physical threat, where Ferro acted as the “proverbial muscle” to seize hardware wallets when remote manipulation failed. Technically, the group did not need to crack private keys if they could trick the owners into handing them over through a fake support call or a spoofed security alert. The Ferro case unveils the grim reality of security in the crypto space: it is only as strong as the users’ individual footprints. Even “cold storage” (hardware wallets) could not protect assets once Ferro physically entered a victim’s home. The attackers often identified targets through their online presence, turning a display of digital wealth into a physical target. “Marlon Ferro served as the criminal enterprise’s instrument of last resort. When his co-conspirators couldn’t deceive victims into handing over access to their cryptocurrency or hack their way into digital accounts, they turned to Ferro to break into homes and steal hardware wallets outright.” -Jeanine Pirro , U.S. Attorney for the District of Columbia On the other hand, U.S. prosecutors noted the “cartoonish” nature of the syndicate’s spending on Rolls Royces, Birkin bags, and $500,000 nightclub tabs–all funded by the psychological undoing of their victims. It serves as a reminder that for these predators, crypto is not a difficult mathematical puzzle; it is just a high-stakes game of con artistry. The bottom line is that human nature cannot be patched. Even the most secure wallet in the world is only one “human error” away from being emptied as long as users can be tracked, tricked, or intimidated. FBI leads investigation conducted by U.S. Attorney’s Office The U.S. Attorney’s Office for the District of Columbia, the FBI Washington Field Office, and the Internal Revenue Service – Criminal Investigation, Washington Field Office conducted the investigation. The FBI’s Miami and Los Angeles field offices provided significant investigative and operational support. Law enforcement recovered a Glock 19 (9mm) pistol from Ferro. U.S. Attorney Pirro also stresses that this scheme combined online fraud with old-fashioned burglary to drain victims of millions of dollars in digital assets. Ferro’s case sends a clear message that crypto fraud is not a victimless, consequence-free crime carried out safely behind a screen. Rather, it is serious criminal conduct that will lead to federal prison. Meanwhile, the matter was prosecuted by the Assistant U.S. Attorneys Christopher Howland and David Liss. Former Assistant U.S. Attorney Will Hart provided valuable assistance. GothFerrari pleaded guilty on October 17, 2025, before Judge Colleen Kollar-Kotelly. On the other hand, Evan Tangeman was sentenced in April 2026 to 70 months in federal prison for his role in laundering approximately $263 million for a crypto theft ring. Tangeman pleaded guilty to laundering at least $3.5 million for the multi-state criminal enterprise. If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.

7 May 2026, 11:25

DeFi Platform TrustedVolumes Hit by $6.7M Exploit

The liquidity resolver used by multiple DeFi protocols was hit, with DEX aggregator 1inch claiming no impact on its systems.

7 May 2026, 11:10

1inch Distances Itself From $6.7M TrustedVolumes Exploit

Security firms Blockaid and CertiK said the attacker exploited a publicly accessible function to register as an approved order signer before draining funds through malicious transactions. The stolen assets included Wrapped Ether, USDT, Wrapped Bitcoin, and USDC. TrustedVolumes Exploit Drains $6.7M TrustedVolumes, an independent market maker and resolver used by decentralized exchange aggregator 1inch Fusion, confirmed that it suffered a major exploit that resulted in approximately $6.7 million in stolen crypto assets. The company revealed that the funds are currently spread across three Ethereum wallets, with two of the addresses holding roughly $3 million each and a third wallet containing close to $700,000. In a statement that was shared on X, TrustedVolumes said it was willing to engage in “constructive communication” with the attacker and appeared open to negotiating a bug bounty arrangement or another mutually acceptable resolution. The exploit first came to light after blockchain security firm Blockaid identified suspicious activity involving TrustedVolumes’ Ethereum-based swap infrastructure. According to Blockaid, the attack targeted a custom swap system controlled by TrustedVolumes and initially resulted in an estimated loss of around $5.87 million. The stolen assets reportedly included Wrapped Ether, USDT, Wrapped Bitcoin, and USDC. The estimate later increased as more information became available about the attacker’s movements across multiple wallets. Security researchers later explained that the exploit involved the attacker registering themselves as an approved order signer through a publicly accessible function. Once authorized, the attacker was able to execute malicious orders that drained funds from the affected infrastructure. Blockchain security company CertiK said the exploit proved how vulnerabilities in third-party infrastructure providers can create serious risks in the decentralized finance ecosystem. Despite TrustedVolumes’ role in supporting 1inch Fusion trades, 1inch quickly clarified that its own systems were never compromised. The platform stated that its protocols, infrastructure, and user funds remained completely unaffected by the exploit. 1inch co-founder Sergej Kunz explained that TrustedVolumes operates independently and serves multiple protocols rather than functioning exclusively for 1inch. Security researcher Vladimir Sobolev also pointed out that ordinary 1inch users were never at risk. However, he warned that the incident sheds some light on weaknesses across the crypto industry, particularly regarding the lack of safeguards like monitoring systems, circuit breakers, and emergency shutdown mechanisms. Interestingly, investigators said that the same operator behind the March 2025 exploit involving outdated 1inch Fusion V1 resolver contracts was responsible for this latest attack. However, researchers said the vulnerability exploited this time was different from the previous incident.