Key Highlights

• BTC plummeted to approximately $73,753 following Iran’s refusal to participate in additional U.S. peace negotiations
• The cryptocurrency had climbed to $78,300 on Friday before geopolitical developments reversed momentum
• Iranian officials declined talks scheduled in Islamabad, pointing to American naval operations near its coastline
• The bilateral ceasefire arrangement between Washington and Tehran concludes Wednesday, April 22
• Market sentiment indicator Crypto Fear & Greed Index registers 29 — remaining in “fear” zone

Bitcoin experienced a promising start to the weekend before rapidly surrendering those advances as diplomatic friction between Washington and Tehran intensified throughout the weekend period.

The leading cryptocurrency reached $78,300 on Coinbase during late Friday trading — representing its strongest valuation since early February. However, this upward momentum proved short-lived. By the conclusion of Sunday trading, Bitcoin had slipped beneath the $74,000 threshold.

The catalyst for this decline was Tehran’s decision to withdraw from scheduled diplomatic discussions in Islamabad, Pakistan. Representatives from Iran attributed their decision to Washington’s maritime enforcement activities near Iranian harbors and what they characterized as inconsistent policy positions from American negotiators.

Esmail Baghaei, spokesperson for Iran’s Foreign Affairs ministry, published statements on X platform, characterizing American naval operations as breaches of ceasefire terms and violations of international legal frameworks, specifically citing the UN Charter.

President Donald Trump responded sharply, characterizing Iran’s actions as a “serious violation” of ceasefire terms following Iranian military engagement in the Strait of Hormuz. While Trump expressed continued optimism regarding potential diplomatic resolution, he emphasized an agreement would materialize “one way or another.”

Initial diplomatic sessions occurred April 11–12 in Islamabad, extending beyond 21 hours without producing consensus. Vice President JD Vance acknowledged that Iranian negotiators declined to accept conditions proposed by the United States.

BTC Declines to $73,753 Level

On April 19, the cryptocurrency descended to roughly $73,753 on Bitstamp exchange, representing approximately 2% depreciation within a 24-hour timeframe. This movement pushed BTC outside its previously established $74,000–$77,000 trading corridor.

The wider digital asset marketplace declined in tandem with Bitcoin, with total market capitalization contracting by an estimated $83 billion. The Crypto Fear & Greed Index currently stands at 29 out of 100, maintaining position firmly within “fear” parameters.

American equity futures also retreated Sunday evening. S&P 500 futures decreased 0.8%, Nasdaq-100 declined 0.6%, and Dow Jones futures dropped approximately 450 points. Petroleum futures surged over 4.5% to exceed $95 per barrel amid concerns regarding potential Strait of Hormuz disruptions.

Market analyst Wu Blockchain reported via X that Bitcoin spot exchange-traded funds registered $996 million in net capital inflows during the week spanning April 13–17, representing the third consecutive week of positive movement. Ethereum ETFs attracted $276 million in inflows, XRP spot ETFs recorded $55 million, and SOL spot ETFs accumulated $35 million.

Critical Price Thresholds Under Observation

Technical analysis indicates support zones around $70,500–$71,000 with resistance positioned near $75,000. BTC has attempted to breach $76,000 on multiple occasions in recent trading sessions without sustaining elevation above that mark.

The temporary ceasefire arrangement between Washington and Tehran reaches its conclusion Wednesday, April 22. Iranian authorities have declined further negotiations and accused American officials of violating agreement terms. As of 8:30 p.m. ET Sunday, Bitcoin maintained position marginally above $74,000.

Key Takeaways

• Approximately $290–293 million was stolen from Kelp DAO following a sophisticated attack on RPC nodes connected to LayerZero’s verification system
• Kelp DAO allegedly disregarded LayerZero’s security recommendations to implement multiple verifiers, operating with only one verifier
• Preliminary evidence points to North Korea’s Lazarus Group as the perpetrators behind this security breach
• Nine DeFi platforms, most notably Aave, experienced cascading damage, with Aave’s total value locked declining by $6 billion
• Moving forward, LayerZero has declared it will refuse to support applications operating with single-verifier configurations

In what represents one of 2026’s most significant decentralized finance security breaches, Kelp DAO suffered losses totaling approximately $290–293 million during a weekend attack. LayerZero, the cross-chain messaging protocol utilized in the incident, has attributed the vulnerability to Kelp’s infrastructure decisions.

Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.

We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA.

We will keep you…

— Kelp (@KelpDAO) April 18, 2026

The breach focused on Kelp’s rsETH token transfer mechanism across different blockchain networks. Operating with a single-verifier architecture meant only one authority needed to validate cross-chain transfers. According to LayerZero, the company had explicitly cautioned Kelp about this configuration and urged adoption of multiple independent verification sources.

LayerZero: KelpDAO Loses ~$290M in Exploit, Attributed to DPRK’s Lazarus Group

LayerZero reported that on April 18, 2026, KelpDAO suffered an exploit resulting in losses of approximately $290M, preliminarily attributed to DPRK’s Lazarus Group (TraderTraitor). The attack poisoned… pic.twitter.com/mfhQRaC2p9

— Wu Blockchain (@WuBlockchain) April 20, 2026

The hackers infiltrated two remote procedure call nodes—specialized servers enabling software to interact with blockchain data. These legitimate nodes were replaced with compromised versions that delivered fraudulent information to LayerZero’s verification system while maintaining normal appearances to other infrastructure components.

Since LayerZero’s verification process also consulted legitimate external nodes, the attackers launched a distributed denial-of-service campaign to disable those systems. This tactic redirected network traffic through the compromised infrastructure during a 80-minute window from 10:20 a.m. to 11:40 a.m. Pacific Time on Saturday.

When the failover mechanism activated, the malicious nodes transmitted confirmation of a legitimate transaction to the verifier. Kelp’s bridge protocol subsequently released 116,500 rsETH to the attackers’ wallets. The hostile software then eliminated itself, erasing all forensic evidence from the affected servers.

Cascading Impact Throughout DeFi Ecosystem

The stolen rsETH tokens were deployed as collateral across various lending platforms, enabling the attackers to withdraw genuine assets. Aave, the dominant decentralized lending platform, absorbed the most substantial damage.

Aave found itself holding illiquid rsETH collateral while valuable assets such as ETH had already been extracted through borrowing mechanisms. Aave’s native token plummeted approximately 15% within a 24-hour period, while the protocol experienced roughly $6 billion in withdrawals as participants scrambled to remove their funds.

No fewer than nine DeFi applications experienced damage, including Fluid, Compound Finance, SparkLend, and Euler. Cybersecurity firm Cyvers characterized the incident as a “cross-protocol contagion event” extending far beyond a single platform vulnerability.

With preliminary confidence, LayerZero has connected this attack to North Korea’s Lazarus Group, specifically its TraderTraitor division. This same organization was implicated in the $285 million Drift Protocol breach on April 1, indicating Lazarus has extracted over $575 million from decentralized finance within an 18-day period using two distinct attack methodologies.

Security Protocol Adjustments

LayerZero reports no evidence of vulnerability spreading to applications operating with multi-verifier architectures. The company has restored its verification service and announced a permanent policy refusing to process messages for any application utilizing single-verifier configurations.

Curve Finance founder Michael Egorov emphasized that this breach demonstrates the inherent risks of relying on solitary transaction verification sources. He additionally cautioned against utilizing cross-chain infrastructure unless operationally essential.

According to Ledger CTO Charles Guillemet, 2026 will “most likely be the worst year in terms of hacks.” Cryptocurrency-related security breach losses have already surpassed $482 million during Q1 2026.

Kelp has remained silent regarding LayerZero’s version of events and has not addressed why the protocol continued operating with a single-verifier architecture despite receiving explicit security warnings.

Coinbase has begun testing artificial intelligence agents within its internal systems, including Slack and email. 

The move aims to support employees with daily tasks and improve workflow efficiency. According to CEO Brian Armstrong, the company has already introduced two agents designed to assist with different types of work.

Armstrong shared that these agents are part of a broader effort to integrate AI into company operations. He stated that employees may soon be able to create their own agents for team use. He also said that AI agents could eventually outnumber human workers at the company, noting that ”we will have more agents than human employees at some point soon”.

The company has introduced two initial agents named Fred and Balaji. Fred is based on co-founder Fred Ehrsam and acts as a strategic executive agent. It provides guidance on priorities and offers feedback similar to senior leadership.

The second agent, Balaji, is modeled after former chief technology officer Balaji Srinivasan. This agent focuses on creativity and idea generation. It is designed to question assumptions and support innovative thinking. Coinbase said the goal is to help employees approach problems from new angles and improve decision-making.

Moreover, the testing comes as Coinbase continues to expand its use of artificial intelligence. Armstrong has previously stated that the company wants more than half of its code to be written by AI systems. The company is also working to train its workforce to become more familiar with AI tools.

Coinbase has more than 4,000 employees and is aiming to make them “AI-native.” This includes using AI in coding, analysis, and internal communication. The company also introduced the x402 protocol in 2025, which supports payments for AI agents using both crypto and traditional systems.

Growing role of AI agents in crypto

Industry leaders expect AI agents to play a larger role in digital transactions. Armstrong said that ”there will be more AI agents transacting online than humans very soon”. This view is shared by other executives in the crypto sector.

Some leaders believe AI agents could handle tasks such as payments, bookings, and online services without human input. Crypto is often seen as a suitable system for these transactions. This is due to its ability to support fast and automated payments across global networks.

Three of Japan’s most prominent financial institutions — Mizuho Financial Group, Nomura Holdings, and Japan Securities Clearing Corporation (JSCC) — have announced a joint proof-of-concept with Canton’s parent company, Digital Asset, to test digital collateral management for Japanese Government Bonds (JGBs) on the Canton Network.

According to a press release shared with The Defiant, the proof-of-concept is part of a broader initiative supported by the Financial Services Agency’s (FSA) Payment Innovation Project. The move aims to verify the efficacy of blockchain for transferring JGB rights within the country’s existing legal framework, specifically the Act on Book-Entry Transfer of Corporate Bonds and Shares.

The project’s main goal is to enable 24/7 real-time collateral transactions, a meaningful upgrade from current infrastructure constrained by business hours and manual reconciliation. By integrating legacy systems with Canton’s blockchain rails, the consortium hopes to dramatically cut the administrative overhead associated with posting and substituting collateral.

The project will also test cross-border scenarios, examining how JGBs can move between clearing houses, institutional investors, clients, and agents across both domestic and international markets, per the release.

JGBs are among the widely accepted forms of eligible collateral globally, according to the release, making their on-chain availability strategically significant.

Canton Network positions itself as a public Layer 1 blockchain with customizable privacy features designed for TradFi institutions. The “public” claim has drawn heat from prominent voices across the crypto industry.

Canton’s TradFi Moves

Canton has been on an institutional partnership tear heading into 2026. Fintech Transcend recently connected to the network, enabling clients to move collateral and cash in real time across counterparties using a mix of traditional and tokenized assets.

Before that, JPMorgan announced it would issue its deposit token natively on Canton, with rollout planned in phases throughout 2026, following DTCC’s selection of Canton to tokenize a subset of the U.S. Treasury securities it holds, citing the platform’s privacy features.

Meanwhile, fellow Japanese TradFi giant Mitsui & Co. has also been expanding its on-chain footprint, with its crypto arm announced last week that it would bring its tokenized metals asset ZipangCoin to Optimism’s L2 OP Mainnet — the first deployment of the token on a public blockchain.

U.S. Treasury debt currently makes up the largest portion of distributed tokenized real-world assets (RWAs) — assets that are transferable on-chain — with over $13.7 billion, over half of which is on Ethereum, per data from RWAxyz.

In contrast, all of the $334.35 billion in tokenized repurchase agreements (repos) on Canton is considered represented value, as it only uses blockchain, in this case Canton, for record keeping.

This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.

Ethereum Name Service gateway eth.limo has revealed that the domain hijacking on Friday was caused by a social engineering attack directed against EasyDNS, its domain name service provider. 

According to a postmortem published by eth.limo on Saturday, an attacker impersonated one of its team members to initiate an account recovery process with easyDNS, granting access to the eth.limo account and allowing them to alter domain settings.

“The NS records were changed and directed to Cloudflare… Once we understood that a DNS hijack had taken place, we immediately notified the community as well as Vitalik Buterin and others. We then began contacting EasyDNS in an attempt to respond to the incident,” the company said.

Eth.limo serves as a Web2 bridge, providing access to around 2 million decentralized websites using the .eth domain name. Hijacking the service could allow an attacker to redirect users to malicious websites. Ethereum co-founder Vitalik Buterin warned users Friday to avoid his blog until the incident was resolved.

Mark Jeftovic, CEO of easyDNS, has publicly accepted responsibility for the incident in its own postmortem report. 

“We screwed up and we own it,” said Jeftovic on Saturday. 

“This would mark the first successful social engineering attack against an easyDNS client in our 28-year history. There have been countless attempts.”  

Both companies have pointed to the Domain Name System Security Extension (DNSSEC) in thwarting the hacker’s attempts to do further damage. 

The attacker couldn’t produce valid cryptographic signatures, so Domain Name System resolvers rejected the attacker’s forged DNS responses, causing users to see error messages instead of being redirected to malicious sites. 

“DNSSEC was enabled for their domain when the attackers attempted to flip their nameservers, presumably to effect some manner of phishing or malware injection attack, DNSSEC-aware resolvers, which most are these days, began dropping queries,” Jeftovic said. 

In its postmortem, eth.limo noted that because the attacker lacked the signing keys, they were unable to bypass the safeguards, which likely “reduced the blast radius of the hijack. We are not aware of any user impact at this time. We will provide updates if that changes.”

easyDNS makes changes since the attack

Jeftovic described the social engineering attack as “highly sophisticated,” and said easyDNS is still conducting a post-mortem on how the breach occurred, and has already begun rolling out changes to prevent a recurrence.

“In eth.limo’s case, we will be migrating them to Domainsure, which has a security posture more suited toward enterprise and high-value fintech domains, TLDR there is no mechanism for an account recovery on Domainsure, it’s not a thing,” he added.

“On behalf of everyone here, I apologize to the eth.limo team and the wider Ethereum community. ENS has always had a special place in our heart as the first registrar to enable ENS linking to web2 domains and we’ve been involved in the space since 2017.”

Related: RaveDAO denies manipulation as Binance, Bitget probe RAVE trading activity

The eth.limo incident is the latest in a series of domain hijackings targeting crypto projects. Days earlier, decentralized exchange aggregator CoW Swap lost control of its website after an unknown party hijacked its domain. 

Steakhouse Financial, a DeFi advisory and research firm, similarly disclosed at the end of March that it had lost control of its domain to an attacker.

Magazine: Will the CLARITY Act be good — or bad — for DeFi?