Crypto World
Aave WETH Suppliers Urged to Withdraw After KelpDAO rsETH Exploit
Aave V3’s Wrapped Ether (WETH) reserve is carrying bad debt after attackers exploited KelpDAO’s rsETH liquid restaking token and used it as collateral to borrow against the lending protocol.
Solidity developer and auditor 0xQuit flagged the situation on X, warning depositors that the WETH pool is effectively impaired and that partial withdrawals may only become possible after Aave’s Umbrella backstop settles the deficit.
How Drained rsETH Created Bad Debt on Aave
The exploit started with an attacker funding wallets through Tornado Cash. Approximately 116,500 rsETH was drained from KelpDAO, totaling over $290 million.
The attacker then supplied the stolen rsETH as collateral on Aave V3 and borrowed a large volume of WETH against it.
Because the rsETH became unbacked after the drain, the resulting positions are effectively unliquidatable. This left Aave holding WETH obligations it cannot recover through normal liquidation.
“Wish I had better news but looks like WETH on aave is fucked. Withdraw if you can but likely too late,” warned 0xQuit, Solidity developer and auditor.
What Umbrella Means for WETH Depositors
Aave’s Umbrella system, which replaced the legacy Safety Module in late 2025, is designed for exactly this scenario.
Users who staked aWETH in the Umbrella vault face automatic slashing to cover the deficit.
Once the slashing cycle completes, remaining WETH suppliers should regain partial withdrawal access.
However, a full recovery is not guaranteed, and depositors may face a haircut on their positions.
The incident marks the first major real-world test of Umbrella’s automated bad debt coverage. It also raises fresh questions about the risks of whitelisting liquid restaking tokens as collateral on lending protocols.
Meanwhile, the Upshift team, offering non-custodial vaults for managing tokenized assets, have assured users that they do not have any exposure to rsETH.
“We are in touch with KelpDAO about a potential exploit of rsETH. As a precaution, the Kelp team have decided to temporarily pause deposits and withdrawals to the High Growth ETH and Kelp Gain vaults while their investigations take place. Upshift USDC, Core USDC and EarnAUSD vaults have zero exposure to rsETH. We will provide updates as we receive them from the Kelp team,” wrote Upshift.
The post Aave WETH Suppliers Urged to Withdraw After KelpDAO rsETH Exploit appeared first on BeInCrypto.
TLDR:
- Security researcher Alex “Scalar” Sol reported four Zcash vulnerabilities on April 4, 2026, via coordinated disclosure channels.
- A crafted Orchard transaction with an all-zeros randomized key could crash any reachable zcashd or Zebra node instantly.
- A turnstile accounting bug introduced in zcashd v5.10.0 could be triggered by routine peer-to-peer duplicate block headers.
- Mining pools ViaBTC, Luxor, F2Pool, AntPool, and Foundry all deployed patches before the public release on April 17, 2026.
Zcash vulnerabilities have been patched across two full-node implementations following a coordinated security disclosure.
On April 17, 2026, Zcash Open Development Lab released zcashd v6.12.1, while the Zcash Foundation released Zebra v4.3.1. Security researcher Alex “Scalar” Sol reported the issues on April 4, 2026.
Four vulnerabilities were addressed, covering a node crash bug, a consensus enforcement gap, and a turnstile accounting bypass. No user funds were compromised, and no ZEC supply inflation occurred at any point.
Four Bugs Identified Across Both Zcash Full-Node Clients
The most directly exploitable bug was an Orchard transaction crash present in both zcashd and Zebra. A crafted transaction with an all-zeros randomized key encoding could immediately crash any node processing it.
Repeated broadcasting of such a transaction could effectively prevent nodes from participating in the network. No transactions triggering this condition were found on the Zcash mainnet before the patch.
A related enforcement gap also existed between the two implementations. Zebra already enforced a protocol requirement on ephemeral public keys within Orchard actions, but zcashd did not.
This meant a crafted transaction could be accepted by zcashd while being rejected by Zebra. Such a transaction could have forced a visible chain fork between nodes running different clients.
A separate bug in zcashd, introduced with v5.10.0 in August 2024, could disable turnstile accounting under certain conditions.
Receiving a duplicate block header from a peer could silently reset pool balance tracking to null. This condition could arise from ordinary peer-to-peer network behavior, not only from deliberate attack. The turnstile tracks ZEC balances across shielded and transparent value pools and serves as a critical safety layer.
Even so, this bug was not independently exploitable to steal or inflate ZEC. The official disclosure confirmed that “exploiting it to steal funds would require a separate, independent balance vulnerability on top of it.”
Any resulting turnstile violation would also have been publicly visible as a detectable chain anomaly. No such anomaly occurred on the Zcash mainnet before the fix was deployed.
Mining Pools Deploy Patches Before Public Disclosure
Zcash Open Development Lab addressed the disclosure directly, stating: “Mining pools representing a supermajority of the network’s hash power, and the primary operator running Zebra in mining production, deployed patches prior to this disclosure.”
ZODL engineers Kris Nuttycombe and Daira-Emma Hopwood authored the zcashd patches and reviewed each other’s work.
Nuttycombe addressed the Orchard crash, enforcement gap, and turnstile accounting bug. Hopwood authored hardening patches for integer overflow undefined behavior and exception safety.
Mining pools ViaBTC, Luxor, F2Pool, and AntPool — each running zcashd — were contacted directly for coordination. Foundry, which runs Zebra in mining production, also deployed its patch ahead of public release.
The Zcash Foundation’s Conrado Gouvêa separately developed and delivered the Zebra patch. This outreach ensured network stability was preserved throughout the entire disclosure process.
The zcashd v6.12.1 release also included broader hardening changes beyond the core vulnerability fixes. A chain supply value checkpoint was added at NU6.1 activation to enable future corruption detection.
Integer overflow protections were added across pool balance accumulation routines in multiple code paths. These additions provide an extra defense layer against edge-case exploitation scenarios.
This marks the second set of Zcash vulnerabilities disclosed within a month. On X, Zcash Open Development Lab stated: “We have no evidence that any of these bugs were exploited.
User funds and privacy were never at risk, and no ZEC supply inflation was possible.” Alex “Scalar” Sol also reported the March 2026 Sprout verification vulnerability through the same coordinated channels. Users running either zcashd or Zebra should upgrade to the latest patched versions immediately.
The Bitcoin mining landscape tightened again as the network’s difficulty dipped on the latest adjustment, underscoring the pressure facing public mining operators that have been selling BTC to fund ongoing costs amid higher energy prices and a subdued price environment. Data from CoinWarz placed the current mining difficulty at about 135.5T, a roughly 1.1% decline over the prior 24 hours, signaling a modest relief for issuers still dealing with razor-thin margins.
Looking ahead, CoinWarz estimates the next adjustment will push the difficulty higher to around 137.43T, with the change expected on May 1, 2026, at about 01:24 PM UTC. The calculation places the shift at 1,865 blocks from now, roughly 12 days, 18 hours, and 41 minutes of lead time. These sequential moves illustrate the ongoing tug-of-war between miners’ costs and the rewards embedded in the BTC network’s protocol.
Key takeaways
- The Bitcoin network’s mining difficulty fell to roughly 135.5T, a 1.1% drop in the last 24 hours, signaling continued strain in a sector under cash-flow pressure.
- The next difficulty adjustment is projected to rise to about 137.43T on May 1, 2026, after 1,865 blocks, roughly 12 days and change from now.
- Publicly traded mining firms sold more BTC in Q1 2026 than in all of 2025 combined, totaling over 32,000 BTC, according to TheEnergyMag.
- Consolidated BTC sales by MARA, CleanSpark, Riot, Cango, Core Scientific and Bitdeer exceeded 20,000 BTC in Q2 2022, a period associated with the Terra-Luna collapse and a then-deep bear market.
- CoinShares’ Q1 2026 mining report shows about 20% of miners are unprofitable under current economics, highlighting persistent profitability headwinds despite operational changes by miners.
Record BTC liquidation and its implications for the sector
Publicly traded Bitcoin miners have increasingly relied on selling mined BTC to cover ongoing operating costs, a practice that has intensified as price swings and energy costs squeeze margins. The EnergyMag’s compilation indicates that in Q1 2026, a cohort of major players—MARA, CleanSpark, Riot Platforms, Cango, Core Scientific and Bitdeer Technologies—sold more than 32,000 BTC in aggregate. That figure surpasses the total BTC sold in all four quarters of 2025 combined, underscoring how the economics of mining have shifted toward cash preservation and liquidity management in a tougher market.
To put the scale in perspective, the Q1 2026 tally surpassed the 20,000 BTC sold in Q2 2022, a period that overlapped with the Terra-Luna collapse and a broad crypto downturn. The parallel illustrates how the sector’s response to stress has evolved: where miners once leaned on revenue timing and hedging, they now face a higher burden to convert freshly minted BTC into fiat to pay for electricity, hosting, and other fixed costs as the market’s risk premium remains elevated.
Miners typically unwind BTC holdings to meet operating expenses denominated in fiat, making their cash flow acutely sensitive to both BTC price fluctuations and the cost of power. The broader backdrop has grown more challenging as energy prices have trended higher in many regions and the crypto bear market extended its course through late 2025 and into 2026. The difficulty trend compounds these pressures: even as the price swings rattle sentiment, the network’s computational difficulty continues to trend upward, complicating profitability for operators with under-water margins.
Profitability under pressure: a closer look at the data
CoinShares’ Q1 2026 mining report provides a sobering frame for the environment miners operate within. The study notes that about one-fifth of miners are unprofitable under current economics, a figure that signals that a significant slice of the mining sector remains at a break-even or loss point given prevailing BTC prices and energy costs. The report characterizes Q4 2025 as the most challenging quarter for Bitcoin mining since the April 2024 halving, due largely to a sharp price correction in October 2025 that pulled BTC from peaks around $125,000 to roughly $86,000 by year-end. Coupled with rising difficulty, these dynamics compressed margins and forced many operators to contend with tighter balance sheets.
Alongside these dynamics, the sector’s debt and capital expenditure plans—driven by the need to deploy new hardware and secure low-cost power—continued to shape strategic decisions. As operators balance capex with income, the ability to sustain production without eroding balance sheets remains a material question for 2026. The broader market has watched for any regulatory developments that could alter energy costs, tax treatment of mining, or access to cheaper electricity in key basins, all of which could tilt profitability in the months ahead.
Why this matters for investors and builders
From an investor perspective, the combination of rising difficulty and persistent BTC sales by miners creates a nuanced risk profile. On one hand, a higher difficulty suggests that continuing hardware investment could be necessary for those seeking to maintain production levels and capture block rewards. On the other hand, if miners’ cash flow remains constrained, they may favor further asset sales or debt-funding mechanisms, potentially creating selling pressure on BTC and altering the supply dynamics in the near term.
For builders and infrastructure operators, the current environment highlights the importance of energy strategy and location economics. Regions with access to affordable power remain the most competitive, and those with regulatory clarity around mining operations could attract future deployments. The fact that a significant share of miners remains unprofitable increases the emphasis on efficiency gains—from chip technology and cooling innovations to load management and energy hedging strategies.
Regulators, too, are watching profitability trends as a signal of the sector’s resilience. As the mining industry contends with structural shifts—price volatility, energy costs, and the ongoing evolution of carbon and energy policies—the sector’s next moves could influence broader market sentiment and adoption of blockchain-based use cases that rely on robust, secure mining networks.
What to watch next
The next Bitcoin network difficulty adjustment—expected in early May 2026—will be a key data point for assessing whether miners can sustain operations under the current cost structure. Additionally, BTC price action into spring and summer 2026 will interact with mining economics in meaningful ways. Investors and operators should monitor energy price trends, operational expenditures, and any regulatory signals that could alter the cost of running mining facilities. If the sector can stabilize cash flow and leverage efficiency gains, the coming quarters may reveal a more resilient mining landscape even as the market remains cautious.
Ultimately, the story today is one of a sector recalibrating to a tougher macro and micro environment. How mining firms adapt—through cost discipline, technology upgrades, and strategic hedging—will shape the degree to which Bitcoin mining remains a volatile but enduring edge of the crypto economy.
US Senator Elizabeth Warren has accused Paul Atkins, the head of the Securities and Exchange Commission, of possibly lying to Congress about the agency’s enforcement numbers.
Warren, the top Democrat on the Senate Banking Committee, said in a letter to Atkins dated Wednesday that the SEC’s enforcement data for fiscal year 2025, released on April 7, raised “significant concerns” about his answers at a Feb. 12 congressional hearing.
“At the hearing, I specifically asked you to comment on publicly available data highlighting a decline in SEC enforcement activity,” Warren said. “In response, you demurred, stating that you were ‘not sure what data’ I was looking at.”
“Now, it is clear that my assertion regarding the SEC’s declining enforcement actions was correct: the data you released last week show that the number of enforcement actions initiated by the SEC was lower than at any point in the last decade,” she added.
The SEC has rolled back its enforcement against crypto companies under the Trump administration, settling or dismissing crypto-related lawsuits the agency launched under the Biden administration, garnering criticisms from some lawmakers.
Warren said the SEC’s enforcement data was “deeply disturbing” and showed it had “largely abdicated its enforcement responsibilities” as the agency’s enforcement activity had dropped to the lowest level in more than 20 years.
She told Atkins that, in light of the data, his answers at the hearing in February “were deeply troubling and raise concerns that you may have been deliberately trying to mislead the Committee about the state of SEC enforcement.”
Related: US SEC taps new enforcement chief amid questions over predecessor’s exit
Warren said the hearing took place more than four months after the end of the 2025 fiscal year, and Atkins’ “deflection and claim to be unsure of the ‘data’ I was examining now appear deeply misleading, potentially designed to cast doubt on the now obvious fact that enforcement activity has declined significantly at the Commission under your watch.”
Warren’s letter asked Atkins a series of questions about whether he was aware of the SEC’s enforcement efforts at the time of his testimony and requested that he explain the agency’s decline in enforcement.
The letter asked Atkins to respond to the questions by April 28.
The SEC did not immediately respond to a request for comment.
Magazine: Trump’s crypto ventures raise conflict of interest, insider trading questions
TLDR:
- Nasdaq call options volume hits 3.9 million daily, nearing its highest level ever recorded
- Bullish options activity has surged sharply, with volumes rising more than fourfold since 2021
- The Nasdaq posts a 13-day winning streak, marking its longest run of gains since 2013
- The index climbs 17.7% during the streak, ranking among top short-term returns in 20 years
US technology stocks continue a strong upward run, supported by rising options activity and sustained market momentum. Recent data shows increasing bullish positioning, while the Nasdaq records one of its longest positive streaks in over a decade.
Rising Options Activity Signals Strong Market Positioning
Recent market data points to a sharp increase in bullish bets on US technology stocks. Nasdaq call options volume has reached 3.9 million contracts per day. This marks the second-highest level ever recorded.
A tweet from The Kobeissi Letter reports that this figure trails only the November 2025 level. During that period, volumes approached 4.3 million contracts per day. The post also notes that current activity reflects a broader rise in market participation.
The volume growth has been steady over recent years. Since 2021, Nasdaq call options volume has more than quadrupled. This rise shows a clear shift toward active trading in the tech sector.
At the same time, the increase in call options signals stronger interest in upward price movement. Traders often use these contracts to position for gains. However, the data reflects positioning rather than future direction.
Moreover, the rising volume aligns with broader trends in equity markets. It shows that participation has expanded as prices move higher. This pattern often appears during extended rallies.
Nasdaq Extends Winning Streak With Strong Returns
Alongside increased options activity, the Nasdaq has posted consistent gains. The index has now closed higher for 13 straight sessions. This marks the longest positive streak since 2013.
During this period, the Nasdaq has risen by 17.7%. This performance ranks among the strongest 13-day returns in the past two decades. The sustained climb has drawn attention across financial markets.
The rally reflects continued buying interest in technology stocks. It also aligns with the surge in call options activity reported earlier. Together, these trends show a period of strong market momentum.
The Kobeissi Letter notes that such a streak is rare. Extended runs like this often stand out in historical data. However, they do not appear frequently in modern trading cycles.
As the Nasdaq continues its upward movement, traders remain focused on short-term price action. At the same time, the sharp rise in options activity signals market participation. This combination shapes current trading conditions.
The ongoing rally places US technology stocks in a notable position. Market data continues to track both price movement and trading behavior. These figures offer a clear snapshot of current market dynamics without projecting future direction.
TLDR:
- Bitcoin’s STH SOPR is nearing 1.0, placing short-term holders at a key decision point between selling or holding.
- Historical patterns show repeated SOPR tests near 1.0 often occur before a sustained market trend shift emerges.
- A successful reclaim above 1.0 may support continued upside, while rejection could extend consolidation.
- Recent price recovery has brought SOPR back to break-even, reflecting shifting sentiment among recent buyers.
Bitcoin’s short-term holder behavior is approaching a critical threshold as the STH SOPR nears the 1.0 level. After a 26% recovery from early February lows, market participants now face a decisive moment that could shape near-term price direction.
STH SOPR Approaches Break-Even as Market Tests Direction
Recent data shared by analyst Darkfost shows the STH SOPR hovering near 0.998, just below break-even. This level reflects whether short-term holders are selling at a profit or loss. A move above 1.0 signals profit-taking, while values below indicate losses.
The chart tracks Bitcoin’s price alongside the STH SOPR and its 30-day moving average from 2021 to early 2026. It shows how short-term holder behavior has aligned with major market phases. At present, the indicator sits at a level that often leads to strong reactions.
According to the analysis, short-term holders now face two clear choices. They can exit positions at break-even after months of pressure, or they can continue holding in anticipation of gains. This behavior tends to influence liquidity and short-term volatility.
Past cycles show that reclaiming the 1.0 level often supports upward continuation. However, repeated rejections at this level can extend consolidation or trigger further downside. The latest recovery has brought the indicator back to this pivot zone once again.
Historical Patterns Show Repeated Tests Before Trend Reversal
The broader trend from 2021 to 2022 reflects a distribution phase followed by a bear market. During that period, the STH SOPR dropped below 1.0 as prices declined, showing consistent loss realization among short-term holders.
As Bitcoin moved into 2022 and early 2023, the indicator struggled to reclaim 1.0. Multiple failed attempts marked a period where weaker participants exited positions. This phase aligned with price consolidation between $16,000 and $25,000.
The recovery phase in 2023 shifted this pattern. The STH SOPR moved above 1.0 and held that level consistently. At the same time, Bitcoin climbed toward $45,000, showing renewed strength and steady profit-taking without disrupting the trend.
During the expansion phase between 2024 and 2025, the indicator frequently moved above 1.03. Pullbacks found support near 1.0, while prices pushed toward $100,000. This structure reflected strong demand and continuous absorption of selling pressure.
The recent correction from late 2025 into early 2026 has changed this dynamic. The STH SOPR dropped below 1.0 again, reaching levels near 0.98. This shift shows that short-term holders have returned to selling at a loss during the pullback.
The current rebound toward 1.0 places the market at a familiar decision point. Historical patterns show that several attempts may occur before a clear direction forms. Previous cycles recorded multiple tests before a sustained reversal took hold.
If the indicator moves above 1.0 and holds, it may support a renewed upward trend. On the other hand, failure to reclaim this level could extend the current range or lead to further downside pressure.
For now, the STH SOPR continues to act as a key measure of short-term sentiment. Its position near break-even reflects a market that remains undecided, with price action likely to follow the behavior of recent buyers.
TLDR:
-
- XRP reclaimed fourth place in global crypto rankings with a market cap of around $91 billion.
- The SEC and CFTC jointly classified XRP as a digital commodity on March 17, boosting trading volume 250%.
- Only 16% of XRP ETF assets come from institutions, leaving significant room for larger capital inflows.
- XRP would need to reach roughly $4.79 per token to match Ethereum’s current $295 billion market cap.
- XRP reclaimed fourth place in global crypto rankings with a market cap of around $91 billion.
XRP price has reclaimed fourth place in global crypto rankings, overtaking BNB with a market cap near $91 billion. The two assets have swapped positions multiple times since March 2026.
XRP trades around $1.50 as of writing, following a 10% rally. Ethereum holds a much larger market cap of roughly $295 billion. Three key developments, however, could close that gap considerably in the months ahead.
The Structural Shift Behind XRP’s Rise Over BNB
For much of the past three years, XRP and BNB have exchanged the fourth-place ranking repeatedly. XRP grabbed it in early 2025, lost it, then reclaimed it in July at a cycle high of $3.65. The token slid back as the broader market corrected through late 2025 and into early 2026.
The March 2026 flip carried more weight than previous ones. On March 17, the SEC and CFTC jointly classified XRP as a digital commodity. Banks and asset managers that had previously avoided XRP over securities concerns could now hold and trade it freely.
XRP spiked to $1.60 that day, with trading volume surging roughly 250%. The rally faded after the Fed held rates and raised its inflation forecast. BNB briefly reclaimed fourth on March 23 before XRP pulled ahead once again.
Three Catalysts That Could Drive XRP Higher
The CLARITY Act remains the most closely watched catalyst for XRP price. It cleared the House in July 2025 and is targeting a Senate Banking Committee markup in late April. Unlike March’s regulatory guidance, the CLARITY Act would permanently cement XRP’s commodity classification.
XRP ETFs represent another growing driver in the market. Currently, six XRP ETFs operate in the U.S., with retail investors holding about 84% of assets. Institutions account for only 16%, leaving substantial room for larger inflows as legal certainty grows.
Real-world adoption through Ripple’s On-Demand Liquidity service adds consistent organic buying pressure. ODL uses XRP to settle cross-border payments in seconds without pre-funded destination accounts.
Expanding ODL corridors throughout 2025 and 2026 have steadily built a foundation of transaction-driven demand.
What XRP Realistically Needs to Reach Ethereum’s Level
XRP at $1.50 carries a market cap of about $91 billion, compared to Ethereum’s $295 billion. Matching Ethereum’s current valuation would require XRP to reach approximately $4.79 per token. That translates to a 219% move from where it trades today.
A more achievable target for 2026 is a range between $3.00 and $4.00. That range would roughly double XRP’s market cap, placing it about halfway toward Ethereum’s current standing. Getting there still requires the CLARITY Act to pass and macro conditions to stabilize.
Flipping Ethereum this year would need nearly every catalyst aligning at once. A legislative win, a macro recovery, and accelerating ETF inflows would all have to converge simultaneously. That combination is not impossible, but remains a considerable stretch within a single calendar year.
TLDR:
- The SEC charged Donald Basile and two companies over a fraudulent $16 million Bitcoin Latinum SAFT offering.
- Basile falsely claimed LTNM was the world’s first insured digital asset with up to $1 billion in coverage.
- Millions in investor funds were allegedly misused for real estate, credit card bills, and a $160,000 horse.
- The SEC is seeking disgorgement, civil penalties, permanent injunctions, and an officer-and-director bar against Basile.
Bitcoin Latinum founder Donald G. Basile now faces federal fraud charges from the U.S. Securities and Exchange Commission.
The SEC claims Basile and his two companies raised $16 million from hundreds of American investors through fraudulent crypto offerings.
Regulators filed the complaint on April 17, 2026, in the Eastern District of New York. The charges center on false claims about insurance, asset backing, and the intended use of investor funds.
Alleged Misrepresentations Behind the Bitcoin Latinum Offering
The case revolves around the sale of Simple Agreements for Future Tokens, or SAFTs. These instruments promised investors the right to receive a crypto asset known as Bitcoin Latinum, or LTNM.
Basile conducted the offering through GIBF GP, Inc. and Monsoon Blockchain Corporation. The campaign launched in 2020 and attracted hundreds of investors across the United States.
According to the SEC, Basile repeatedly told investors that LTNM “is the world’s first insured digital asset” with “up to $1 billion coverage.”
He made these claims both directly to investors and through his two companies. Regulators say no insurance company ever issued such a policy. No coverage was ever in place for LTNM or any part of the SAFT offering.
The complaint further alleges that Basile told investors LTNM “is an asset-backed cryptocurrency.” He also claimed that an “existing trust” secured the token’s value on behalf of investors.
However, regulators say no such trust or asset pool was ever created. These representations were made to give the project a false sense of legitimacy.
Beyond that, Basile allegedly promised that 80% or more of proceeds would be “used to support the underlying value” of LTNM or would go “into an underlying fund.”
Instead, he reportedly used millions for personal expenses, including real estate purchases and credit card payments. He also allegedly bought a $160,000 horse using investor funds. The token later became worthless, leaving investors across the country with major losses.
Charges Filed and Legal Remedies Sought Against Basile
The SEC charged Basile under Section 17(a) of the Securities Act of 1933 for anti-fraud violations. The complaint also cites Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5.
GIBF and Monsoon face charges under Section 17(a)(2) and related exchange act provisions. The SEC further charges Basile with aiding and abetting the violations of both companies.
As a result, the regulator is seeking permanent injunctive relief against all three defendants. Disgorgement of ill-gotten gains with prejudgment interest forms part of the requested remedies.
Civil penalties are also being sought to address the alleged misconduct by Basile and his entities. A conduct-based injunction would additionally bar defendants from future securities activities.
The SEC is pursuing an officer-and-director bar specifically targeting Basile. This bar would prevent him from serving in any leadership role at a public company.
Litigation is being led by Brockett, Flath, and Rodriguez from the SEC’s New York Regional Office. Supervision of the case falls under Jack Kaufman of the same office.
TLDR:
- XRP’s SuperTrend indicator flipped bullish on the daily chart for the first time since January 17, 2025.
- Transfers above 100K and 1M XRP show periodic spikes but lack consistency, signaling no clear whale direction.
- No strong correlation exists between XRP inflows and price, pointing to balanced liquidity absorbing supply.
- A daily close above $1.55 resistance could trigger a relief rally toward the primary target zone of $1.90.
XRP price is drawing attention as fresh technical and on-chain data point toward a potential trend reversal. At $1.43, the asset’s SuperTrend indicator has flipped bullish on the daily chart for the first time since January 17.
Meanwhile, on-chain transfer data shows balanced liquidity conditions across the market. Analysts are now watching key resistance levels closely.
The broader setup suggests that a sustained push from spot buyers could trigger a sharp upward move in price.
On-Chain Data Points to Balanced Liquidity Across XRP Market
Retail activity remains visible in the XRP network, particularly through transfers in the 10,000 to 100,000 XRP range.
Source: Cryptoquant
However, this type of inflow primarily generates trading volume rather than direct price movement. Transfers at this scale carry a neutral effect on price direction overall.
Larger transfers, those above 100,000 and one million XRP, have shown periodic spikes in activity. Yet the pattern remains inconsistent, meaning whale participants are not applying steady directional pressure. The market, as a result, lacks a clear dominant force at the upper transfer tiers.
Notably, there is no reliable correlation between inflow volume and price movement in either direction. When inflows rise, the price does not automatically fall. When inflows slow, the price does not automatically climb either.
This pattern suggests that incoming coins are not all being sold into the market at once. Sufficient liquidity appears to be absorbing available supply.
Based on this data, the main price drivers are likely derivatives market activity and the broader market trend rather than spot inflows.
SuperTrend Flip Puts XRP Resistance Level of $1.55 in Focus
Crypto analyst Ali Charts noted on social media that XRP’s SuperTrend indicator has turned bullish on the daily chart.
This is the first such signal since January 17, ending an extended period of sell pressure across the chart. The shift marks a notable change in short-term trend structure for the asset.
The real test, however, remains at the $1.55 resistance level. That price zone has repeatedly capped upward movement in recent weeks. A clean daily close above $1.55 would likely open the door to a broader relief rally.
With the SuperTrend now acting as a trailing support floor, the primary target for any sustained move sits at the $1.90 zone. Traders are watching that level as the next meaningful objective should buying pressure increase.
On-chain conditions currently show no strong selling pressure in the market. Liquidity remains stable, and inflows alone are not dominating price action. If spot buying strengthens from here, XRP could move sharply higher in the near term.
DeFi markets faced another high-profile setback this weekend as Kelp, a liquid restaking protocol, disclosed a cyber attack targeting its rsETH restaking token. The incident prompted an immediate pause of rsETH smart contracts across Kelp’s mainnet and multiple Layer-2 networks as the project investigates potentially hundreds of millions of dollars in losses. Blockchain security firm Cyvers later pegged the damage at about $293 million, signaling a significant hit to users and counterparties tied to the restaking ecosystem.
Kelp stated on X that it detected suspicious cross-chain activity involving rsETH and subsequently halted rsETH contracts on mainnet and several Layer-2s to prevent further damage while the investigation unfolds. Cyvers added that the attacker exploited the rsETH adapter bridge—the software component that manages the rsETH token—allowing the drain of funds from the platform. The firm also noted that the attacker has been actively moving funds, with a substantial portion converted into Ethereum (ETH).
In the wake of the breach, the attacker’s on-chain activity has increasingly relied on a Tornado Cash mixer-funded address. Cyvers reported that roughly $250 million of the stolen funds had already been swapped into ETH, underscoring the challenge of tracing and recovering assets in the DeFi space once they leave the original contract domains.
Key takeaways
- The Kelp rsETH attack reportedly drained about $293 million, triggering contract pauses across Kelp’s mainnet and several Layer-2 networks as investigators assess the damage.
- The attacker targeted the rsETH adapter bridge, leveraging cross-chain dynamics that underscore risks inherent to DeFi composability and restaking ecosystems.
- At least nine protocols with exposure to rsETH reportedly froze activity in response, while Aave moved to suspend rsETH markets on V3 and V4 to contain risk.
- Approximately $250 million of the stolen funds have been converted to ETH, with the attacker utilizing a Tornado Cash mixer-funded address, complicating on-chain tracing efforts.
Attack details and ecosystem response
According to Kelp, the breach traces to irregular cross-chain activity linked to rsETH, prompting an immediate safety pause to contain potential further loss. The company’s moderation was swift, spanning mainnet and several Layer-2 deployments, as the team works through the incident. While Kelp is conducting its investigation, the broader DeFi community has begun to map the ripple effects beyond a single protocol.
Blockchain security firm Cyvers provided a stark figure for the loss, estimating the total at about $293 million. The firm’s analysis highlights the risk that bridges and adapters—components that enable tokens like rsETH to move across chains—present when vulnerabilities exist in the bridging layer. The incident aligns with a pattern of high-severity exploits aimed at cross-chain and interoperable DeFi primitives, where a single compromised bridge can force widespread disruption across multiple protocols.
In response to the breach, several DeFi platforms publicly paused or limited exposure to rsETH. Notably, Aave—one of the largest DeFi lenders—announced that rsETH markets had been frozen on its V3 and V4 deployments. Cyvers notes that at least nine protocols reportedly had exposure to rsETH and executed precautionary freezes or withdrawal restrictions as a precautionary measure to prevent cascading losses.
Analysts and observers have highlighted a core risk exposed by the incident: the compounding nature of DeFi’s composability. When multiple protocols rely on a shared token or bridge, a vulnerability in one hinge can reverberate across the entire network, forcing sudden risk management actions across an otherwise diversified ecosystem. Cyvers senior leadership emphasized to Cointelegraph that this is precisely the kind of incident that underscores the fragility and complexity of modern DeFi infrastructure when bridges and adapters are compromised.
Contextual backdrop: a string of cybersecurity incidents
The Kelp attack sits within a broader panorama of DeFi hacks observed over the past several months. In late April, Drift Protocol—a decentralized derivatives exchange—suffered a major exploit that drained roughly $280 million from the platform. Drift’s post-mortem described a months-long intrusion, noting the attackers’ alleged infiltration of developer machines and the eventual deployment of malware. The incident traced to a sophisticated operation that reportedly included access gained at a large crypto conference, followed by collaboration with the attackers before the breach unfolded.
Taken together, these events illuminate a persistent security challenge for the nascent DeFi stack: attackers are increasingly targeting the risk-prone layers of cross-chain interoperability and restaking mechanisms, where a single vulnerability can cascade into sizable losses across multiple protocols. Industry participants continue to debate the best path forward—ranging from more stringent bridge audit standards to enhanced multi-party computation (MPC) and formal verification for cross-chain components.
What this means for investors, users, and builders
For users and liquidity providers, the Kelp incident underscores the importance of understanding the specific risk profiles of restaking and cross-chain primitives. Restaking naturally introduces an expanded attack surface: while it offers potential yield enhancements, it also increases reliance on the security of adapter contracts and bridges that connect across layers of the ecosystem. Investors should monitor how protocols respond to such incidents, particularly regarding fund recovery efforts, contingency plans, and the timelines for resuming normal operations.
From a builder’s perspective, the episode highlights several priorities: rigorous security testing of bridge and adapter code, heightened monitoring for cross-chain anomalies, and clearer disclosure frameworks around incident response. The drift toward rapid, publicized pauses—while essential for risk containment—also presses for standardized playbooks so that platforms can coordinate responses without sacrificing user trust.
Regulators and policymakers may also take note of the evolving security landscape, especially as DeFi protocols broaden their engagement with restaking mechanisms and more intricate cross-chain flows. The balance between innovation and resilience will likely shape ongoing discussions around security best practices and capital-adequacy considerations for DeFi incumbents as they scale.
Closing perspective
As the Kelp investigation unfolds, observers will be watching for a clearer accounting of the breach’s root causes, the effectiveness of the emergency pauses, and any progress toward asset recovery. The incident, along with Drift’s earlier breach, reinforces a central theme for the crypto markets: cross-chain and restaking infrastructures demand heightened scrutiny, robust security postures, and coordinated risk management across the ecosystem. Readers should stay tuned for updates on Kelp’s findings, the status of rsETH across major platforms, and any new measures aimed at hardening DeFi’s interconnected layers.
Kelp, a liquid restaking protocol, was the victim of a cyber attack on Saturday, causing the platform to pause smart contracts for its restaking token (rsETH), as it “investigates” the attack amid reports of hundreds of millions of dollars in losses.
“Earlier today, we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several Layer-2s,” the Kelp platform said in an X post.
The attacker exploited the rsETH adapter bridge contract, the software code that manages Kelp’s rsETH token, and drained the platform of about $293 million in funds, according to blockchain security firm Cyvers.
The attacker used a Tornado Cash crypto mixer-funded address and has already converted about $250 million of the stolen funds to Ether (ETH), the native cryptocurrency of the Ethereum layer-1 blockchain network, Cyvers told Cointelegraph.
In response to the attack, decentralized finance (DeFi) platform Aave announced it had frozen rsETH markets on Aave V3 and V4. At least nine crypto protocols had exposure to the token and have frozen activity on their platforms in response, Cyvers said.
“This is exactly the kind of incident that highlights the risks of composability in DeFi,” Deddy Lavid, CEO of Cyvers, told Cointelegraph. Cointelegraph reached out to Kelp but did not obtain a response by the time of publication.
The incident is the latest in a string of cybersecurity hacks and exploits of crypto platforms over the last several months, as crypto losses from hacks and scams totaled about $482 million in Q1 2026.
Related: Fake Ledger Live app on Apple App Store drained $9.5M from victims: ZachXBT
Drift Protocol hacked for $280 million
Decentralized cryptocurrency exchange Drift Protocol also suffered an exploit in April, which drained the platform of about $280 million.
The Drift Protocol team said the attack took “months of deliberate preparation,” in which the team was infiltrated by suspected North Korean state-affiliated hackers.
In a post-mortem update, the Drift team said they met the attackers at a “major” crypto conference and collaborated with them for several months before the attackers deployed malware on developer machines and compromised the platform.
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks
Andrea Barber Says TV Today Feels ‘Fractured’ Compared To ’90s
Banish grime from your oven in just 30 minutes with 8p Morrisons hack
Trump, Iran cite progress in talks as uncertainty hangs over Strait
-
NewsBeat6 days agoPep Guardiola and Gary Neville agree over Arsenal title problem that benefits Man City
-
Crypto World5 days agoThe SEC Conditionalises DeFi Platforms to Be Avoided for Broker Registration
-
Politics6 days agoWorld Cup exit makes Italy enter crisis mode
-
Fashion1 day agoWeekend Open Thread: Theodora Dress
-
Crypto World5 days agoSEC Signals Exemption for Crypto Interfaces From Broker Registration
-
News Videos4 days agoSecure crypto trading starts with an FIU-registered
-
Sports2 days agoNWFL Suspends Two Players Over Post-Match Clash in Ado-Ekiti
-
Crypto World5 days agoSEC Proposes Certain Crypto Interfaces Don’t Need to Register as Brokers
-
NewsBeat5 days agoTrump and Pope Leo: Behind their disagreement over Iran war
-
NewsBeat7 days agoJD Vance announces ‘no agreement’ with Iran over nuclear weapons fear
-
Politics1 day agoPalestine barred from entering Canada for FIFA Congress
-
Crypto World1 day agoRussia Pushes Bill to Criminalize Unregistered Crypto Services
-
Sports6 days agoNWFL opens Pathway for new Clubs ahead of 2026 Season
-
Business2 days agoCreo Medical agree sale of its manufacturing operation
-
Sports7 days ago
Dexter Lawrence, Stefon Diggs, Trading for De’Von Achane
-
Business6 days ago
Kering slides after Morgan Stanley downgrade, Gucci woes loom
-
Crypto World6 days agoTrump whales load up ahead of Mar-a-Lago luncheon.
-
Crypto World6 days ago
Sei Network Enters Quiet Reset Phase as On-Chain Metrics Signal a Slowdown in 2026
-
Tech6 days agoGoogle adds E2E encryption to Gmail for iOS and Android enterprise users
-
Tech6 days agoApple glasses won’t go brand shopping like Meta did with Ray-Ban and Oakley
You must be logged in to post a comment Login