In 2024, 68% of cloud breaches were caused by compromised service accounts and forgotten API keys, not phishing or weak passwords. Unmanaged non-human identities, such as API tokens and OAuth grants, often go unnoticed. For each employee, there are 40 to 50 automated credentials, highlighting the need for better identity management to prevent data exposure.
Amid rising geopolitical tensions, the crypto market experienced a significant $400 million liquidation on April 20, 2026. The volatility underscores the sector's sensitivity to global instability and macroeconomic shifts, reflecting how geopolitical events can trigger large-scale liquidations and impact market stability. This event highlights ongoing risks within the crypto ecosystem amid geopolitical uncertainties.
The KelpDAO rsETH hack on April 20 caused a major disruption in Solana’s DeFi lending markets, with USDC utilization rates soaring to near maximum levels. Jupiter Lend reached 99% utilization with $340 million of its $421 million supply lent out. Kamino and Marginfi protocols also experienced heavy strain, highlighting significant security concerns across Solana’s DeFi ecosystem.
In 2026, the KelpDAO bridge hack drained $292 million, marking the largest DeFi exploit of the year. The attack exposed significant vulnerabilities in DeFi platforms, prompting emergency security measures and raising concerns about systemic risks across interconnected crypto ecosystems. The incident underscores ongoing security challenges within the decentralized finance sector.
A $292-293 million exploit on KelpDAO’s bridge led to a $13.21 billion drop in DeFi total value locked over 48 hours. Hackers stole 116,500 rsETH tokens and used them as fake collateral on Aave, incurring approximately $195 million in bad debt. Aave’s TVL plummeted from $26.4 billion to $18.6 billion, triggering a major crisis in the DeFi sector.
Vercel experienced a security breach after unauthorized access via a compromised third-party AI tool, Context.ai. A hacker on BreachForums is offering stolen Vercel data, including API keys and source code, for $2 million. The incident raises concerns for Web3 projects hosting wallet interfaces and frontends on Vercel, prompting Orca to rotate all deployment credentials on April 20, 2026.
KelpDAO suffered a $290 million exploit on April 18, 2026, linked to North Korea’s Lazarus Group. Attackers used cross-chain message spoofing, compromised RPC nodes, and triggered DDoS attacks to manipulate LayerZero’s DVN system. The incident highlights ongoing risks in DeFi and cross-chain protocols, raising concerns over security vulnerabilities in blockchain ecosystems.
![[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data](/_next/image?url=https%3A%2F%2Fblogger.googleusercontent.com%2Fimg%2Fb%2FR29vZ2xl%2FAVvXsEi6vJpO9kksCQDpSksNkqDFNUCbXD70dMGYqI6P9S_XPMY5d8BR8PVdrsVQP1ZJO_-nzL6eQShM3Cap9heQ5kAglsPjfxwIcXPSsf_cfgUVnGQ2XzIWVOuo7JhxMjnHYDN6r9KlQ6LqZJisRZkjatnWChuzUkSlXRa1hFseUPq28PZ5gjGR7L2WzTFdZ3fM%2Fs1600%2Fghost.jpg&w=3840&q=75)