Crypto heads into the new week with its Friday rally on shakier ground.

The announced reopening of the Strait of Hormuz sent oil lower and pushed risk assets higher, including bitcoin and the wider crypto market. The opening reversed on Saturday, with Iran firing at ships attempting to pass and the U.S. seizing an Iranian-flagged tanker on Sunday.

With the ceasefire set to expire by mid-week, traders will be watching whether the risk-on rotation can survive a renewed energy shock.

The technical level to watch is clear. Luke Nolan, senior ETH research associate at CoinShares, told CoinDesk the follow-through hinges on bitcoin holding its ETF cost basis near $74,000.

“With Hormuz reopening, oil is off and equities have caught a bid back to ATHs, pulling crypto higher with it,” Nolan said. “Follow-through now hinges on BTC decisively holding above its ETF cost basis (~$74k), which would confirm the risk-on rotation already visible in flows. ETF flows have turned positive the last three sessions, and a pickup in that pace would be supportive of the move higher.”

A decisive hold above $74,000 into the ceasefire deadline, paired with a fourth straight session of positive ETF inflows, would validate the rotation thesis. A break below would bring volatility back into the sector.

What to Watch

(All times ET)

• Crypto
  • April 30: Comment period on the CFTC’s Advanced Notice of Proposed Rulemaking on prediction markets closes.
• Macro
  • April 20, 7:30 a.m.: Canada Consumer Price Index YoY for March (Prev. 1.8%); Core Rate (Prev. 2.3%)
  • April 21, 1:30 p.m.: Fed Gov. Christopher J. Waller speech on”Modernizing Reserve Bank Operations” at Brookings Institution, Washington, D.C.
  • April 22, 1:00 a.m.: UK Consumer Price Inflation YoY for March (Prev. 3.0%); Core rate (Prev. 3.2%)
  • April 22, 7:30 p.m.: Japan S&P Global Services PMI Flash for April (Prev. 53); Manufacturing PMI (Prev. 51.6)
  • April 23, 7:30 a.m.: Canada Producer Price Index YoY for MArch (Prev. 5.4%); MoM (Prev. 0.4%)
  • April 23,7:30 a.m.: U.S. Initial Jobless Claims for week ending April 18 (Prev. 207K)
  • April 23, 8:45 a.m.: U.S. S&P Global Flash U.S. Manufacturing PMI for April (Prev. 52.3); Services PMI (Prev. 49.8)
  • April 23, 3:30 p.m.: U.S. Fed Balance Sheet for period ending April 22 (Prev. $6.71T)
  • April 23, 6:30 p.m.: Japan Consumer Price Index YoY for March (Prev. 1.3%); Core CPI (Prev. 1.6%)
  • April 24, 3:00 a.m.: Germany Ifo Business Climate for April (Prev. 86.4)
  • April 24, 9 a.m.: U.S. Michigan Consumer Sentiment Final for April est. 47.6 (Prev. 53.3)
• Earnings (Estimates based on FactSet data where available)
  • April 22: Tesla (TSLA), pre-market, $0.3
  • April 22: CME Group (CME), pre-market, $3.29
  • April 23: Nasdaq (NDAQ), pre-market, $0.93

Token Events

• Governance Votes & Calls
  • SafeDAO is voting to allocate 5 million SAFE tokens to fund a six-month staking rewards program and interface development for Safenet Beta. Voting ends April 20.
  • Unlock DAO is voting on a payment plan to compensate members for their contributions to the collaboration platform throughout March and April. Voting ends April 20.
  • RootstockCollective DAO is voting on a 20,000 USDRIF grant to fund a security audit for TYKORA Prize Vaults, a no-loss savings protocol. Voting ends April 20.
  • ENS DAO is voting to update its DNSSEC implementation by repointing algorithm 7 to a previously patched contract, adding proper padding validation to correct an omission from a prior security update. Voting ends April 21.
  • Decentraland DAO is voting to overhaul its transparency infrastructure by establishing named ownership for all record-keeping systems, publishing strict maintenance standards, and creating a single accessible portal for the community to locate data. Voting ends April 22.
  • Telcoin Platform Council DAO is voting to allocate 50 million TEL to hire a strategic telecom advisor to drive GSMA adoption. Voting ends April 22.
  • Aavegotchi DAO is voting to appoint nine multi-sig signers for 2026-2027, maintain a 5-of-9 security threshold, set their quarterly compensation at $1,000 in GHST and establish a succession plan. Voting ends April 22.
  • Lightchain AI DAO is voting to explore adding an optional Moonpay fiat on-ramp to its AI chat, focusing on feasibility and risks without committing any funds or approving implementation yet. Voting ends April 23.
  • Gitcoin DAO is voting to claw back remaining unclaimed fees from the discontinued public goods network (PGN). Voting ends April 24.
  • Parallel DAO is voting to begin sunsetting its V2 EUR stablecoin by halting most new issuance and imposing a punitive 50% borrow rate to encourage users to repay their existing debt. Voting ends April 24.
• Unlocks
  • April 20: LayerZero (ZRO) to unlock 5.35% of its circulating supply worth $48.33 million.
  • April 22: Undeads Games (UDS) to unlock 13.47% of its circulating supply worth $37.09 million.
  • April 23: Toncoin (TON) to unlock 1.47% of its circulating supply worth $49.75 million.
  • April 25: Humanity Protocol (H) to unlock 4.02% of its circulating supply worth around $11.88 million.
  • April 25: Avalanche (AVAX) to unlock 0.39% of its circulating supply worth $15.6 million.
  • April 26: Plasma (XPL) to unlock 3.73% of its circulating supply worth $10.10 million.
• Token Launches
  • April 21: OpenGradient (OPG) token generation event occurs.
  • April 21: USDAI’s CHIP token to launch.
  • April 22: Wingbits (WINGS) token generation event occurs.

Conferences

Crypto exchanges Binance, Gate.io, and Bitget have all reportedly opened investigations into the $6 billion collapse of RaveDAO’s RAVE token this weekend.

The live music themed token saw its daily trading volume exceed $300 million in the run-up to its all-time high on Saturday, a market capitalization of $6.7 billion and a price of $27.

This was short-lived, however, as the token plummeted by -97% in the days that followed. 

Before RAVE’s collapse, on-chain investigator ZachXBT warned of “Pump and dump activity” from RAVE insiders trading the token on Binance, Bitget, and Gate.io.  

He accused RaveDAO of manipulating the token’s price by controlling over 90% of the token’s supply, which was allocated to three wallets connected to RaveDAO’s team. 

Read more: Vercel breach leaves DeFi frontends dangling on a $2M ransom

Zach also posted a bounty, which he later increased to $25,000, for any whistleblowers to come forward and share evidence about the parties involved. Today, OXK CEO Star Xu also said he would contribute an extra $25,000 on top of Zach’s original bounty.

Binance co-CEO Richard Teng, Bitget CEO Gracy Chen, and Gate.io CBO Kevin Lee all announced that they would investigate the token following Zach’s warnings. 

However, Zach wasn’t impressed by the response time, and noted, “Exchanges need faster intervention on manipulation.”

He added, “While it’s good the exchanges responded, I find it unlikely this activity wasn’t spotted internally before I raised it publicly.”

The token had already started to spiral by the time the crypto exchange’s announced investigations.

RaveDAO says it has nothing to do with RAVE’s collapse

RaveDAO is a music venue project that gave participants NFTs at its hosted gigs while donating a portion of the proceeds to charities. 

On Saturday, after the token collapsed, RaveDAO claimed its team “is not engaged in, nor responsible for, recent price action.”

It added that it plans to liquidate some unlocked tokens “based on TRS” so it can “fund operations, global hiring, marketing, strategic acquisitions and philanthropic efforts.”

Solana user @FabianoSolana claims there are three major faces behind RaveDAO, co-founders Yemu Xu, Felix Xu, and core contributor Ronald Elliot Yung.

Zach failed to elicit a response from Yemu Xu on X days before the collapse. Felix Xu’s X posts are currently private, and neither Yemu Xu nor Yung has posted since February 2026. 

Read more: Crypto trader shorted the top, still lost 3,963%

Yemu Xu is the co-founder of the ARPA network and Bella Protocol, and is also an ambassador for the environmental magazine Ocean Geographic. Felix Xu also co-founded ARPA network and Bella Protocol, and the pair have featured in Forbes’ 30 under 30 Asia listing.

Yung claims to have studied at Harvard University and works for Penrose Tech, which was also co-founded by both Xu’s. Yung spoke to CoinDesk in 2025 about RaveDAO’s goals. 

Ironically, he said, “The winners will be platforms that treat culture as a living ecosystem, not a quick flip, and that balance on-chain innovation with the off-chain work of building trust.” 

Don’t short RAVE and don’t buy $M, ZachXBT warns

Zach already warned users to avoid shorting the RAVE token due to its manipulated supply. Some traders attempted to short the RAVE token at its peak, but still lost profits tallying -3,963%.

Now Zach has moved on to another shady token created by MemeCore. $M reportedly had a market capitalization of $6 billion, while over 90% of its supply was controlled by insiders.

The token was promoted by Grayscale and Zach is again warning users against placing shorts against it.

Zach has since threatened to report MemeCore’s staff to the US Immigration and Customs Enforcement agency after MemeCore’s CEO poked at Zach’s comments.

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

An Ethereum whale has taken a sizable bullish stance, opening a leveraged long position worth 90.8 million dollars in ETH, using 20x leverage. A second notable whale appears to have joined the bid, opening a roughly 61 million ETH long at 20x leverage on HyperLiquid, with an entry around $2,303. The moves come as ETH traded near $2,280, roughly 32% above the February low near $1,750, and as inflows into spot ETH products keep accumulating in a backdrop of improving market optimism.

Key takeaways:

• Ethereum-equivalent wagers: one trader opened a leveraged long position totaling $90.8 million in ETH, at 20x leverage.
• Another whale added about $61 million in ETH longs at 20x leverage, with entry around $2,303.
• Price setup near-term: ETH sits above $2,200, with an ascending triangle pattern on the daily chart pointing toward higher targets if resistance at $2,400 is cleared.
• Capital inflows reinforce bulls: seven consecutive days of spot ETH ETF inflows totaling about $426 million, and ETH investment products logging $328 million in inflows for the week ending April 17.

Market context: whales stacking bets as macro cues loom

Across market data, ETH has enjoyed a steady bid in recent sessions, with the ETH/USD pair trading around $2,280 after a strong rally off the February lows. A trader known for track record and risk appetite highlighted that macro forces could swing sentiment in either direction this week. AlphaBTC, posting on X, noted that stronger retail sales could push yields higher and delay anticipated Fed rate cuts, while weak data would likely spur risk-on positioning. The analyst added that Fed commentary and PMI data offer growth signals, but geopolitical developments remain a wildcard that could spark sudden volatility.

In this environment, one high-profile trader has unveiled a substantial long on ETH, signaling a strong nearby conviction about upside potential. The $90.8 million position is notable not only for its size, but for the use of 20x leverage, which magnifies both potential gains and risk should market conditions turn unfavorably. A second whale has also stepped in, with a roughly $61 million ETH long at 20x leverage, entering around the $2,303 area on HyperLiquid, according to trader posts tracked by market observers.

These positions arrive as investors monitor a broader backdrop of rising activity in ETH-related instruments. Spot Ethereum ETFs have seen inflows for seven straight weeks, totaling roughly $426 million over the period observed, a sign that institutional appetite for direct exposure to ether remains resilient even amid the volatility tied to macro headlines. The flow backdrop complements another trend: continuous inflows into global Ethereum investment products, with weekly inflows reported at about $328 million for the week ending April 17, underscoring a persistent preference for ETH among asset allocators.

Technical setup: how the chart shapes a potential breakout

From a purely technical lens, ether’s price action on the daily chart is forming an ascending triangle, a pattern traders watch as a potential continuation signal. The critical threshold to clear is the resistance line near $2,400. If ETH breaks above this level, the pattern’s classical measure suggests a rally equal to the height of the triangle’s base, potentially pushing ETH toward roughly $3,230 in a continuation move. In numerical terms, that would be a gain of a bit more than 41% from current levels.

Other nearby hurdles may shape whether a breakout actually unfolds. The immediate region around $2,350–$2,500 sits under the influence of the 50-day exponential moving average, which has in some periods acted as a ceiling for near-term momentum. If buying pressure pushes ETH beyond that band, the next sizable obstacle sits at the 200-day EMA near $2,640, a level that could determine whether buyers sustain the push into higher territory.

On the momentum side, the relative strength index has moved up from oversold conditions in February to the mid-50s, signaling a better probability of upward movement but not a guarantee of a decisive breakout. Micro2Macr0, analyzing broader chart patterns, has suggested that a sustained breakout from a multi-year ascending triangle could trigger a substantial rally, though the path may be choppy given the proximity to several key resistance zones.

Analyst commentary from Cointelegraph’s coverage of price projections also points to a potential recovery path if ETH clears the $2,400 level. A successful breach could pave the way toward intermediate targets in the $2,800 region, with a further push toward $3,050 over the ensuing sessions or weeks, depending on the pace of buying interest and macro catalysts.

Flows, ETFs, and the institutional backdrop

The ongoing inflow momentum into Ethereum-related products appears to be reinforcing a narrative that large holders expect a continued price recovery from the mid-$2,000s. Spot ETH inflows, which track demand for immediate exposure to ether, have persisted across multiple weeks, signaling that buyers remain engaged even as macro headlines intermittently threaten risk assets.

Beyond spot, the broader ETH investment product segment—ranging from exchange-traded products to other listed vehicles—has also drawn meaningful funds. The week ending April 17 saw ETH-focused products record inflows of about $328 million, a signal that institutions and professional traders are logistics-ready to chase a rising ETH bid in various instruments. This backdrop supports the argument that any near-term sell-off could be met with a quick reaccumulation by professional participants and strategic buyers seeking to front-run a potential breakout scenario.

For market watchers, the combination of outsized whale positions, rising momentum on the technical front, and persistent inflows into ETH-centric products forms a cohesive narrative: the market is positioning for further upside, but the path remains contingent on clearing a few important resistance levels and navigating macro volatility.

What comes next: watching key thresholds and potential catalysts

As ETH eyes higher ground, market participants should focus on the $2,400 barrier and the surrounding order flow. A clean breakout above this level would remove a major roadblock and open the door to the next target near $3,230, with further extension toward $3,050 on the sooner-to-mid-term horizon depending on momentum and liquidity conditions. Conversely, a struggle to push through $2,350–$2,500 could extend consolidation, providing a lower-risk setup for traders looking to re-enter on dips.

Investors should also keep an eye on macro signals that could alter the calculus in the coming weeks. If retail demand and macro data push yields higher and the Fed commments lean toward tighter near-term policy, risk assets could face headwinds. In contrast, softer data or a more accommodative tone could sustain a constructive tilt for ETH alongside other risk-on assets.

In sum, the current landscape suggests that large-scaled bets by whales, coupled with reinforcing flows into ETH vehicles and a rising chart trajectory, could keep ETH in focus as a prominent beta play within the broader crypto market. The next test will be whether ETH can clear the $2,400 resistance decisively and trigger the projected triangle-derived rally, or whether macro dynamics and technical friction at nearby EMAs will cap the move in the near term.

The market will likely respond to fresh price action around the critical levels and to any new liquidity injections or regulatory signals. Traders and investors should stay tuned for rapid shifts in sentiment as weekly inflows and notable on-chain moves continue to shape Ethereum’s short- to medium-term trajectory.

Dune Analytics published an open analysis on Monday examining Decentralized Validator Network (DVN) security configurations across ~2,665 active OApp contracts on LayerZero over the past 90 days. The research found that 47% of OApps operate with a 1-of-1 DVN security floor—the most minimal configuration requiring only a single validator—while 45% use 2-of-2 configurations and approximately 5% employ 3-of-3 or higher. KelpDAO’s rsETH token, which was targeted in a recent exploit, fell into the 1-of-1 bracket.

The analysis provides open-source methodology and queryable data, inviting community feedback on DVN security standards across the LayerZero ecosystem. The findings highlight structural vulnerabilities in cross-chain bridge security, as single-validator configurations create single points of failure for protocol assets and user funds routed through LayerZero’s omnichain infrastructure.

Sources: Dune Analytics

This article was generated automatically by The Defiant’s AI news system from publicly available sources.

Kelp DAO says a LayerZero “default” single‑validator setup helped enable a $290m rsETH bridge hack, forcing a messy blame game and a rushed security migration.

Kelp DAO has pushed back against LayerZero’s official explanation of a $290 million bridge exploit, arguing that the “single‑validator” setup that let an attacker walk off with 116,500 rsETH was not reckless customization but a default configuration in LayerZero’s own guidelines.

The liquidity re‑staking protocol told CoinDesk the 1‑of‑1 Decentralized Verifier Network (DVN) used on its rsETH cross‑chain route “followed LayerZero’s documented defaults” and that the validator stack compromised by the attacker “is part of LayerZero’s own infrastructure,” rather than an unvetted third party.

The attack, which hit on April 18, minted or released 116,500 rsETH to an attacker‑controlled address — about 18% of the token’s supply — and translated into losses of roughly $290–$293 million at the time, making it the largest DeFi exploit of 2026 so far.

In its investigation report and follow‑up statements, LayerZero has insisted that “LayerZero’s protocol was not broken,” arguing instead that Kelp DAO “deployed a single‑point‑of‑failure DVN in production” for a token with more than $1 billion in total value locked.

The interoperability firm said “operating a single‑point‑of‑failure configuration meant there was no independent verifier to catch and reject a forged message” and claimed it had previously communicated “best practices around DVN diversification” to Kelp DAO and other partners.

Security researchers and auditors, including SlowMist co‑founder Yu Xian, have confirmed that the rsETH bridge route used a 1/1 DVN — effectively a single signature — rather than a 2/2 or multi‑DVN stack, calling it a “single‑signature single point” vulnerability that may have been aided by social engineering.

A detailed post‑mortem from DeFi tracking site DeFiPrime notes that LayerZero’s OApp model lets applications choose how many DVNs must sign off on a message, with 2‑of‑3 or 3‑of‑5 configurations commonly recommended for high‑value deployments, but says Kelp’s adapter “was configured to accept the attestation of a single verifier” run by LayerZero Labs.

That design meant “one forged signature was enough to make any cross‑chain message look real,” allowing the attacker to feed the bridge a fake instruction that mimicked a valid message from another chain and triggered the release of 116,500 rsETH “out of thin air” to their wallet.

Kelp DAO’s team counters that they implemented LayerZero’s own public code and defaults across multiple networks and that the DVN exploited “was operated by LayerZero itself,” implying that responsibility sits at least partly with the infrastructure provider rather than solely with the application.

LayerZero has now taken the unusual step of promising it “will stop signing messages for any applications using a single‑validator setup” and is forcing a “security migration” that will require all OApps to move to multi‑DVN architectures if they want to keep using the protocol.

The fallout goes well beyond one re‑staking token.

As crypto.news reported in an earlier story on the rsETH exploit and LayerZero’s attribution of the attack to North Korea’s Lazarus Group, the incident has reignited a broader debate over bridge design, default configurations and who ultimately bears responsibility when modular cross‑chain infrastructure goes wrong.

Related crypto.news stories you can link in copy include coverage of the Kelp DAO–LayerZero exploit and Lazarus attribution, analysis of earlier cross‑chain bridge hacks, and reporting on how re‑staking and liquid‑staking protocols concentrate smart‑contract risk across multiple chains.

CoinDesk Indices presents its daily market update, highlighting the performance of leaders and laggards in the CoinDesk 20 Index.

The CoinDesk 20 is currently trading at 2085.29, down 3.6% (-78.65) since 4 p.m. ET on Friday.

None of 20 assets are trading higher.

Leaders: BNB (-2.3%) and BTC (-2.5%).

Laggards: AAVE (-22.9%) and ICP (-7.9%).

The CoinDesk 20 is a broad-based index traded on multiple platforms in several regions globally.

Crypto exchange Coinbase (COIN) is working with Bybit, one of the largest crypto trading platforms, to explore ways to tokenize, custody and distribute assets such as U.S. public and pre-IPO stocks, a person familiar with the plans told CoinDesk.

The talks, which are in progress, do not involve any sort of stake acquisition or similar deal for Bybit to enter the U.S., said the person, who asked to remain anonymous because they are directly involved in the discussions, dismissing a report of an investment publicized last month.

Bybit is, indeed, planning to enter the U.S., just not with Coinbase, said the person, who declined to identify the partner. It will create a new entity said to be spearheaded by former Bybit co-CEO Helen Liu. The local partner will provide licensing and compliance while Bybit provides the tech, product and liquidity, the person said.

Discussions between Bybit and Coinbase are more global in nature, leveraging Bybit’s worldwide reach, particularly in places like Asia, where users may want access to tokenized versions of U.S. stocks. As such, the firms are exploring synergies around custody and distribution of these assets going forward.

The U.S. is home to certain assets that global users want, the person said. Bybit is international, while Coinbase is U.S.-focused. Working together, the two can bring U.S. assets to a wider market, according to the person. Within five years, tokenization will bring any asset to users globally through a single app.

“Even if Coinbase becomes a super app in the U.S., they are still only in the U.S,” the person said.

The two companies’ explorations into tokenized stocks come as other market participants explore similar link-ups. Intercontinental Exchange (ICE), the owner of the New York Stock Exchange, in March announced it was taking a stake in crypto exchange OKX. Just last week, Deutsche Boerse, made a $200 million strategic investment into Kraken.

Bybit and Coinbase both declined to comment.

CORRECT (April 20, 14:03 UTC): Corrects spelling of Liu in second bullet point.

UPDATE (April 20, 14:50 UTC): Adds Coinbase-Bybit relation in U.S., Bybit’s U.S. entry plans starting in third paragraph.

Work on global standards for stablecoins has slowed over the past year, raising concern among central bankers that gaps in oversight could split markets and amplify risk.

Bank of England Governor Andrew Bailey, who chairs the Financial Stability Board, said progress on international rules has stalled, Reuters reported last week. That’s a concern, Bank for International Settlements (BIS) General Manager Pablo Hernández de Cos said Monday in Japan.

Global coordination is critical to avoid a patchwork of rules that firms could exploit, de Cos said, according to Reuters. Without international alignment, companies may shift operations to jurisdictions with lighter oversight, a practice known as regulatory arbitrage.

The warning comes as major economies push ahead with their own frameworks, often on different timelines and with different approaches.

The stablecoin sector has expanded over the last few years, and now accounts for $320 billion according to DeFiLlama. Tether’s USDT and Circle Internet’s (CRCL) USDC make up most of that figure. De Cos said their structure can resemble securities more than cash, noting that redemption frictions can push prices away from their intended $1 value.

He also said that sudden withdrawals could ripple through markets. Proposals to reduce risk include limiting interest payments on stablecoins and giving issuers access to central bank lending facilities or deposit-insurance-type arrangements.

Policymakers argue such measures could make the sector safer while preserving its role in digital payments.

In the U.S., lawmakers are working to advance the Digital Asset Market Clarity Act, which would set federal rules for digital asset markets.

The bill passed the House last year and is now before the Senate, where Banking Committee Chairman Tim Scott and Agriculture Committee Chairman John Boozman are leading the push. Senators Thom Tillis and Angela Alsobrooks have negotiated a compromise on stablecoin yield that could clear the way for a markup, while Senator Cynthia Lummis, who chairs the Banking Committee’s digital assets subcommittee, has said a hearing could come in the second half of April.

A deal remains contingent on resolving several open questions, including DeFi oversight and ethics provisions.

The DeFi sector is reeling from the effects of a suspected North Korea-linked hack which has spread to multiple protocols and saw DeFi poster child Aave’s TVL drop by a third.

Saturday’s incident saw $290 million worth of Kelp DAO’s liquid staking token, rsETH, stolen via the Layer Zero bridge.

The loot was deposited into Aave and used to borrow $236 million of WETH. But with liquidity drained, and markets frozen, users began to panic, withdrawing collateral where they could and borrowing whatever they could get their hands on.

In all, since Saturday, almost $9 billion has left Aave, with the protocol potentially facing hundreds of millions of dollars of bad debt.

The question of who will foot the bill is still very much to be decided.

The hack

The hack, which Layer Zero suspects was carried out by the Lazarus Group of North Korean state sponsored hackers, exploited rsETH issuer KelpDAO’s “single-DVN setup” for bridging their token.

Layer Zero bridges tokens between blockchains, and uses decentralized verifier networks (DVNs) to validate transactions. The model puts the onus on asset issuers to “define their own security posture,” including DVN thresholds.

In Kelp DAO’s case, they used a 1-of-1 setup relying on Layer Zero’s DVN.

Aside from an initial acknowledgement posted to X, there’s been no further communication from Kelp DAO itself.

Read more: Inside the $280M Drift hack: weeks of setup, minutes to drain

Layer Zero claims its DVN was compromised through a “highly sophisticated… RPC-spoofing attack.” RPCs are nodes which allow external apps to read blockchain data.

The attack presented malicious info only to the targeted DVN, skirting monitoring efforts. In addition, it performed a DDoS attack on uncompromised RPCs to trigger fallback to the “poisoned” ones.

However, pseudonymous veteran DeFi developer banteg pushed back on Layer Zero’s characterization as an RPC poisoning attack, which suggests purely outside interference. With attackers pulling off an “infra breach within the perimeter… the real story is a targeted implant operating inside the trust boundary.”

They disapprove of “such elaborate distancing,” warning “given it doesn’t say how the breach has occurred, I wouldn’t rush re-enabling the bridges.”

Read more: Hyperbridge exploited less than two weeks after April Fools’ day hack prank

The fallout

Aside from the hack itself, the real damage has spread across DeFi, especially on the sector’s flagship lending protocol, Aave.

Rather than selling such a large quantity of rsETH, crashing its price, the attacker chose to borrow against it. Depositing stolen rsETH as collateral into Aave and other lending platforms, they then borrowed $236 million worth of WETH, according to blockchain audit firm Peckshield’s tally.