China's Apple App Store has been infiltrated by 26 malicious apps impersonating popular crypto wallets like MetaMask and Coinbase. These apps aim to steal recovery phrases and drain cryptocurrency assets, posing a significant security threat to users. Authorities are investigating the scope of the infiltration and advising caution when downloading wallet apps.
Llamarisk reports a hack on KelpDAO’s rsETH bridge on Ethereum and Arbitrum, where attackers stole 116,500 rsETH via a bridge exploit. The incident involved a vulnerability in Layerzero V2, exposing Aave V3 markets to potential losses. No tokens were burned on the source chain, raising concerns over cross-chain security and DeFi protocol safety.
An Israeli soldier destroyed a Jesus statue in Lebanon, sparking regional outrage and risking to undermine the fragile ceasefire. The incident, which occurred recently, has heightened tensions in the area. While the article does not specify financial amounts or direct links to Web3 security, such acts of violence can impact regional stability and security, potentially affecting crypto markets and digital assets.
Ripple’s former CTO David Schwartz highlighted security risks in cross-chain bridges, especially after the KelpDAO incident. He warned that operational shortcuts could weaken protections, particularly concerning RLUSD evaluations and collateral issues. These comments, made in April 2026, underscore ongoing concerns about security trade-offs in DeFi infrastructure, raising questions about the safety of bridge deployments in the evolving Web3 landscape.
Chainalysis flagged a critical security flaw in DeFi, following a $292 million exploit involving KelpDAO on April 20, 2026. The incident revealed vulnerabilities in cross-chain systems, where manipulated inputs bypassed safeguards, leading to undetected asset issuance. The exploit highlights significant trust assumptions in Layerzero’s design, raising concerns over the security of cross-chain protocols.
Aave disclosed potential bad debt between $124 million and $230 million following the Kelp DAO exploit involving rsETH. The platform outlined risk assessment and recovery strategies on April 20, 2026, highlighting the significant financial impact of the security breach. The incident underscores ongoing vulnerabilities in DeFi protocols and the importance of robust security measures.
North Korea's crypto hacking campaign has expanded, with over $500 million stolen in recent weeks through the Drift and Kelp exploits. These incidents, occurring within just over two weeks, suggest a sustained effort rather than isolated breaches, likely driven by North Korea’s financial needs amid ongoing sanctions. DeFi platforms remain a primary target in this ongoing security threat.
