A security breach at Vercel on April 20, 2026, compromised API keys used by crypto developers. The attack, linked to a compromised AI tool, exposed credentials for app frontends that connect web3 wallets and trading platforms to backend services. Developers are now scrambling to secure their systems and prevent further unauthorized access.
Aave froze WETH withdrawals on certain markets following a $292 million exploit of KelpDAO on April 20, 2026. The attack caused significant bad debt, prompting whale exits and raising security concerns across DeFi platforms. The incident highlights ongoing vulnerabilities in decentralized finance protocols and the importance of robust security measures.
AAVE's total value locked (TVL) fell to $17 billion after the KelpDAO exploit on April 20, 2026, triggered $8.4 billion in withdrawals. The incident exposed cross-chain security vulnerabilities, raising concerns over DeFi platform safety and potentially impacting Ethereum's growth prospects. The exploit underscores ongoing security challenges in the decentralized finance sector.
US delegations arrived in Islamabad on April 20, 2026, amid a security lockdown, for potential Iran talks. The diplomatic efforts highlight ongoing geopolitical tensions between the US and Iran, affecting broader markets and diplomatic relations. The situation underscores the fragile security environment and the importance of diplomatic negotiations in the region.
The US fired on the Iranian cargo ship Touska near the Strait of Hormuz, heightening geopolitical tensions on April 20, 2026. The incident risks disrupting global oil markets and increasing volatility in maritime trade routes, raising concerns about security and stability in the region. The event underscores ongoing tensions between the US and Iran with potential implications for global trade.
Ripple CTO David Schwartz warned that an evaluation of RLUSD revealed similar risks to those that led to the $292 million drain from Kelp DAO. Schwartz noted that vulnerabilities in DeFi bridging systems, which he had assessed for RLUSD, could expose users to significant security breaches. The incident highlights ongoing risks in DeFi infrastructure and cross-chain bridges.
On April 18, 2026, an attacker exploited a vulnerability in KelpDAO’s cross-chain bridge, draining 116,500 rsETH tokens worth approximately $292 million. This incident, the largest DeFi exploit of the year, has threatened KelpDAO and Aave’s financial stability. Justin Sun has called for negotiations to address the crisis and mitigate further damage in the crypto ecosystem.
