Security researchers revealed that the Bitwarden CLI npm package was briefly compromised, with attackers uploading a malicious version containing a credential-stealing payload. The incident posed risks of spreading malware to other projects. Developers are advised to update immediately and monitor for suspicious activity. No user data was reported as compromised.
Hackers are actively exploiting a critical vulnerability in the Breeze Cache WordPress plugin, allowing unauthorized file uploads. This flaw enables attackers to upload malicious files to affected websites, posing security risks. Web administrators are urged to update the plugin immediately to mitigate potential breaches and protect sensitive data from exploitation.
Lido Finance proposed a $6 million support plan for the rsETH token after the KelpDAO hack caused a $290 million shortfall. The funds aim to cover the rsETH depegging and protect DeFi users. The proposal emphasizes a full recovery, with strict conditions ensuring funds only address the specific shortfall, reinforcing ecosystem resilience.
Aave is coordinating a recovery after the $292 million KelpDAO hack, involving industry partners like Lido and EtherFi. The effort aims to contain the fallout, support affected users, and restore confidence in DeFi. The incident highlights the importance of security and resilience in decentralized finance, prompting collaborative responses across the ecosystem.
Pakistan LNG is seeking spot cargoes amid ongoing disruptions in the Strait of Hormuz, highlighting vulnerabilities in global energy supply chains caused by geopolitical tensions. The disruptions have impacted market stability, prompting Pakistan to secure alternative LNG supplies. This situation underscores the broader risks to energy security in the region, with potential implications for global markets.
On April 23, rsETH, KelpDAO’s liquid restaked token, depegged from Ether to $1,723 following a breach by suspected North Korea-backed hackers. Flare CPO Filip Koprivec emphasized that this incident highlights the need for stronger bridge security as a critical aspect of collateral risk management in Web3. The breach underscores vulnerabilities in cross-chain bridges and the importance of enhanced security standards.
Lido proposes allocating up to $5.8 million in staked ETH to cover a shortfall caused by last week's $292 million exploit on Kelp DAO’s rsETH bridge. The proposal aims to stabilize the ecosystem and prevent further losses, highlighting ongoing risks in DeFi security and the importance of contingency funds for large-scale exploits.
