Volo Protocol on the Sui blockchain lost $3.5 million in a security breach on April 21, 2026, due to a compromised vault admin private key. The exploit affected three vaults and prevented a WBTC bridge attempt. Security firms GoPlus Security and ExVul confirmed the incident, highlighting vulnerabilities in the platform’s key management.
Spain has dismantled a major manga piracy platform that generated $4.7 million, arresting four individuals. The platform, active since 2014 and serving millions of global users, was the largest Spanish-language site of its kind. Authorities targeted the operation in a crackdown on digital piracy, emphasizing efforts to protect intellectual property rights in the Web3 era.
Security researchers have linked a new macOS malware kit called "Mach-O Man" to the Lazarus hacking group. The malware targets crypto and fintech firms by using fake meeting invites and ClickFix prompts to steal credentials and access corporate systems. The campaign highlights ongoing threats from Lazarus, emphasizing the need for enhanced security measures in the sector.
Palantir (PLTR) signed a $300 million Blanket Purchase Agreement with the U.S. Department of Agriculture in April 2026 to enhance farmland security. The deal supports the National Farm Security Action Plan and the “One Farmer, One File” initiative, building on Palantir’s existing work with the USDA’s Landmark platform. The agreement aims to improve data security for U.S. farmers facing economic pressures.
France has frozen $800,000 in crypto ransom linked to a kidnapping, amid rising extortion cases involving digital assets. Authorities are increasing efforts to combat crypto-related crimes, highlighting the need for better security and regulation. The trend underscores the growing use of crypto in criminal activities and the importance of law enforcement adapting to digital assets.
Cybercriminals are now running "Caller-as-a-Service" operations similar to call centers, with hiring, training, and performance tracking, according to Flare. This scam economy approach enables fraudsters to scale their operations efficiently. The development highlights the evolving sophistication of Web3 security threats, emphasizing the need for enhanced fraud detection and prevention measures in the crypto space.
Aave’s deposits have dropped by $15 billion following the Kelp DAO bridge exploit, causing users to withdraw funds amid concerns over potential losses related to rsETH-linked shortfalls. The incident, which occurred in April 2026, has heightened security fears within the DeFi sector, leading to a significant decline in Aave’s supplied balance and increased caution among investors.
