Hackers behind the KelpDAO breach have moved millions of dollars into Bitcoin, using THORChain for conversions. One attacker wallet sent funds through THORChain, boosting daily transaction volume to approximately $211 million, nearly ten times the 30-day average. Around 442 BTC, valued at about $33 million, is now spread across over 400 addresses, highlighting increased network activity.
Volo's vaults were exploited on April 22, 2026, draining $3.5 million. The team promptly froze affected vaults, securing $500,000, and confirmed that $28 million in total value locked remains safe. Volo pledged to cover all user losses, isolated the attack, and is working with partners to recover the stolen funds.
Cybersecurity researchers have identified a new LOTUSLITE malware variant, linked to Mustang Panda, targeting Indian banks and South Korean policy circles. The malware communicates with a dynamic DNS-based command-and-control server over HTTPS, supporting remote shell access, file operations, and session management. This indicates ongoing espionage efforts focused on sensitive financial and governmental sectors.
In a security incident on April 22, 2026, an IRGC gunboat attacked a container ship off Oman, undermining diplomatic efforts and escalating regional tensions. The attack occurred amid an ongoing ceasefire extension between the US and Iran, complicating prospects for a lasting agreement. The incident highlights ongoing security challenges in the region, impacting maritime safety and diplomatic negotiations.
Volo Protocol lost approximately $3.5 million in a recent hack, days after KelpDAO was breached. The attack targeted three vaults holding WBTC, XAU, and USDC, highlighting ongoing security vulnerabilities in DeFi protocols. The incident underscores the persistent risks in the decentralized finance space, with security breaches causing significant financial losses for users and developers alike.
Ripple CTO David Schwartz compared Arbitrum's emergency response to Bitcoin’s 2010 bug, defending the decision to freeze over 30,000 ETH linked to the KelpDAO exploit. The Arbitrum Security Council took this action on April 20, 2026, to mitigate potential damage, drawing parallels to Bitcoin’s early security measures. The move has sparked debate over security versus decentralization.
Aave (AAVE) saw over $15 billion in assets exit the protocol following a $292–$293 million exploit of KelpDAO’s rsETH bridge on April 21, 2026. The attack caused a bank-run, freezing markets and locking approximately $5 billion in USDT and USDC with no withdrawals possible. Total value locked dropped from $48.5 billion to around $30.7 billion.
