Certik Analyst: KelpDAO Exploit Reveals High-Stakes Shift in Cross-Chain Cybercrime
Bitcoin.com News·60-word summary·1 min read
Certik analyst Wenzhao Dong reported a KelpDAO exploit linked to Lazarus Group, highlighting a shift in cross-chain cybercrime. Attackers routed activity through Aave, transferring risk onto lending protocols. The incident underscores evolving threats in DeFi, with 30,766 ETH frozen by the Arbitrum Security Council on April 18, illustrating increased security concerns in cross-chain protocols.
Volo's vaults were exploited on April 22, 2026, draining $3.5 million. The team promptly froze affected vaults, securing $500,000, and confirmed that $28 million in total value locked remains safe. Volo pledged to cover all user losses, isolated the attack, and is working with partners to recover the stolen funds.
Cybersecurity researchers have identified a new LOTUSLITE malware variant, linked to Mustang Panda, targeting Indian banks and South Korean policy circles. The malware communicates with a dynamic DNS-based command-and-control server over HTTPS, supporting remote shell access, file operations, and session management. This indicates ongoing espionage efforts focused on sensitive financial and governmental sectors.
In a security incident on April 22, 2026, an IRGC gunboat attacked a container ship off Oman, undermining diplomatic efforts and escalating regional tensions. The attack occurred amid an ongoing ceasefire extension between the US and Iran, complicating prospects for a lasting agreement. The incident highlights ongoing security challenges in the region, impacting maritime safety and diplomatic negotiations.
Volo Protocol lost approximately $3.5 million in a recent hack, days after KelpDAO was breached. The attack targeted three vaults holding WBTC, XAU, and USDC, highlighting ongoing security vulnerabilities in DeFi protocols. The incident underscores the persistent risks in the decentralized finance space, with security breaches causing significant financial losses for users and developers alike.
Ripple CTO David Schwartz compared Arbitrum's emergency response to Bitcoin’s 2010 bug, defending the decision to freeze over 30,000 ETH linked to the KelpDAO exploit. The Arbitrum Security Council took this action on April 20, 2026, to mitigate potential damage, drawing parallels to Bitcoin’s early security measures. The move has sparked debate over security versus decentralization.
Aave (AAVE) saw over $15 billion in assets exit the protocol following a $292–$293 million exploit of KelpDAO’s rsETH bridge on April 21, 2026. The attack caused a bank-run, freezing markets and locking approximately $5 billion in USDT and USDC with no withdrawals possible. Total value locked dropped from $48.5 billion to around $30.7 billion.
