Kelp DAO was exploited for approximately $292 million, marking one of the largest security breaches in Web3. The attack highlights ongoing vulnerabilities in decentralized protocols. The incident coincides with increased concerns over North Korean hacking activities targeting crypto, Aave contagion risks, and Coinbase's exploration of quantum computing, emphasizing the need for enhanced security measures across the industry.
SparkLend has seen over $1 billion in deposits since the Kelp exploit, which involved borrowing $190 million in WETH using unbacked rsETH. Meanwhile, Aave's total value locked (TVL) has dropped by $10 billion. The incident highlights risks in DeFi protocols and the impact of exploits on investor confidence and platform stability.
Cybersecurity researchers identified a supply chain worm called CanisterSprawl that hijacked npm packages to steal developer tokens. The malicious code, detected by Socket and StepSecurity, spreads via a self-propagating mechanism using stolen npm tokens and exfiltrates data through an ICP canister. The attack highlights ongoing risks in software supply chain security.
Microsoft is integrating Anthropic’s Claude Mythos into its Security Development Lifecycle (SDL) to enhance vulnerability detection. Announced on April 7, Mythos has already identified thousands of major security flaws in operating systems and web browsers. This rollout is part of Anthropic’s Project Glasswing, which also involves Amazon and Apple, aiming to strengthen cybersecurity across major tech companies.
Wallet and payment companies face increasing security challenges in the crypto market, emphasizing the need for proactive PR and crisis communication strategies. Building trust is crucial as users remain unforgiving of breaches. While specific companies or amounts are not mentioned, the article highlights the importance of transparent communication to maintain user confidence amid rising security concerns in 2026.
The Lazarus Group has intensified its Mach-O Man malware campaign targeting crypto and fintech executives, according to CertiK. Researchers linked over $500 million in recent exploits to Lazarus activity. The group used the ClickFix method to deceive victims into executing malicious commands on macOS systems, highlighting a significant security threat in the crypto sector.
The $292 million Kelp DAO exploit highlights ongoing security risks in crypto bridges, which remain one of the industry's weakest points. The exploit underscores structural vulnerabilities in bridge systems that rely on complex infrastructure and hidden trust assumptions. Experts warn that as long as these issues persist, bridges will continue to be prime targets for attacks, posing significant security challenges for the crypto industry.
