Crypto World
California Teens Arrested in Scottsdale Home Invasion Over $66M Cryptocurrency Holdings
TLDR:
- Two California teenagers posed as delivery drivers to execute a $66 million cryptocurrency heist.
- Suspects were allegedly extorted by individuals known as ‘Red’ and ‘8’ to carry out the robbery.
- Police arrested both teens in a shopping center parking lot shortly after the violent incident.
- A 3D-printed gun was found in suspects’ possession, though it contained no ammunition at all.
Two California teenagers face multiple felony charges after a targeted home invasion in Scottsdale that authorities say was motivated by cryptocurrency theft.
Jackson Sullivan and Skylar Lapaille allegedly posed as delivery drivers to gain entry into a residence near Cactus Road and Loop 101 on January 31.
The suspects restrained two adults with duct tape and assaulted them while searching for $66 million in digital assets. Police arrested both individuals shortly after they fled the scene.
Delivery Disguise Used in Violent Break-In
The teenagers arrived at the Scottsdale home dressed as package delivery workers Saturday morning. Court documents reveal they forced their way inside after gaining initial access through the disguise.
Once inside, Sullivan and Lapaille used duct tape to restrain two adult victims. The pair then assaulted the homeowners during their search for cryptocurrency holdings.
Investigators believe the suspects were extorted into carrying out the crime. Two individuals known only as “Red” and “8” allegedly orchestrated the plot from a distance.
The teenagers had reportedly met recently before traveling from California with $1,000. Those funds were intended for purchasing supplies including disguises and restraining devices.
One victim denied possessing the cryptocurrency, which led to further violence. An adult son present in another room managed to contact authorities during the incident. Officers responded quickly to the emergency call and arrived while the suspects were still in the area.
The teenagers attempted to flee when police arrived at the scene. However, law enforcement successfully tracked and apprehended both suspects in a nearby shopping center parking lot.
Officers found them in possession of a blue Subaru vehicle that matched witness descriptions.
Swift Police Response Brings Community Relief
Authorities discovered a 3D-printed gun during the arrest, though it contained no ammunition. Police have not yet determined whether the weapon was functional.
The suspects now face charges including burglary, aggravated assault, and kidnapping. All charges carry felony-level penalties under Arizona law.
Local resident Ari Parker witnessed part of the police operation without initially understanding the connection. He had noticed a blue vehicle driving through the neighborhood earlier that morning.
Parker later saw what he thought was a drug-related arrest at a shopping center. “The trunk was open, there were supervisory police vehicles there, and I thought, ‘Oh wow, that person’s screwed,’” Parker said. “I had no idea that they were connected to the crime that happened here.”
Police confirmed the vehicle captured on Parker’s Ring camera matched the one used in the crime. “The police work was really impressive,” Parker said.
“They were pounding the pavement, doing real gumshoe police detective work, knocking on doors, letting neighbors know what was happening.” He noted the incident was eye-opening given how evidence was pieced together.
Neighbors expressed shock at the incident but relief over the quick resolution. “Many of them have lived here for 15, 20 years and mentioned this is the first time they remember something like this happening,” Parker said.
“So it actually brought the neighborhood together in a way.” The case demonstrates a growing trend of criminals targeting individuals for cryptocurrency holdings.
Crypto World
Three Major Japanese Financial Institutions Tap Canton to Bring Government Bonds On-Chain
Mizuho, Nomura, and Japan’s central clearing house are launching a blockchain-based proof-of-concept for collateral management of Japanese government bonds.
Three of Japan’s most prominent financial institutions — Mizuho Financial Group, Nomura Holdings, and Japan Securities Clearing Corporation (JSCC) — have announced a joint proof-of-concept with Canton’s parent company, Digital Asset, to test digital collateral management for Japanese Government Bonds (JGBs) on the Canton Network.
According to a press release shared with The Defiant, the proof-of-concept is part of a broader initiative supported by the Financial Services Agency’s (FSA) Payment Innovation Project. The move aims to verify the efficacy of blockchain for transferring JGB rights within the country’s existing legal framework, specifically the Act on Book-Entry Transfer of Corporate Bonds and Shares.
The project’s main goal is to enable 24/7 real-time collateral transactions, a meaningful upgrade from current infrastructure constrained by business hours and manual reconciliation. By integrating legacy systems with Canton’s blockchain rails, the consortium hopes to dramatically cut the administrative overhead associated with posting and substituting collateral.
The project will also test cross-border scenarios, examining how JGBs can move between clearing houses, institutional investors, clients, and agents across both domestic and international markets, per the release.
JGBs are among the widely accepted forms of eligible collateral globally, according to the release, making their on-chain availability strategically significant.
Canton Network positions itself as a public Layer 1 blockchain with customizable privacy features designed for TradFi institutions. The “public” claim has drawn heat from prominent voices across the crypto industry.
Canton’s TradFi Moves
Canton has been on an institutional partnership tear heading into 2026. Fintech Transcend recently connected to the network, enabling clients to move collateral and cash in real time across counterparties using a mix of traditional and tokenized assets.
Before that, JPMorgan announced it would issue its deposit token natively on Canton, with rollout planned in phases throughout 2026, following DTCC’s selection of Canton to tokenize a subset of the U.S. Treasury securities it holds, citing the platform’s privacy features.
Meanwhile, fellow Japanese TradFi giant Mitsui & Co. has also been expanding its on-chain footprint, with its crypto arm announced last week that it would bring its tokenized metals asset ZipangCoin to Optimism’s L2 OP Mainnet — the first deployment of the token on a public blockchain.
U.S. Treasury debt currently makes up the largest portion of distributed tokenized real-world assets (RWAs) — assets that are transferable on-chain — with over $13.7 billion, over half of which is on Ethereum, per data from RWAxyz.
In contrast, all of the $334.35 billion in tokenized repurchase agreements (repos) on Canton is considered represented value, as it only uses blockchain, in this case Canton, for record keeping.
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.
BTCC has launched SPACEXUSDT perpetual futures, opening a new way for users to trade price exposure tied to SpaceX. The product is now live in the exchange’s tokenized stocks section and offers leverage of up to 50x.
The timing is no surprise. SpaceX remains one of the most-watched private companies in the world. Elon Musk’s name keeps attention high, while Starlink’s growth and IPO speculation keep investor interest active. For crypto exchanges, few private firms carry as much attention and trading appeal.
On SpaceX
SpaceX is drawing renewed market attention as IPO talk builds. Starlink’s app downloads and monthly active users more than doubled year over year in the first quarter, while total subscribers passed 10 million in February.
Private market pricing has added more fuel to investor interest. A December 2025 tender offer valued SpaceX at $800 billion, while current IPO talk has pulled valuation estimates as high as $1.75 trillion, with Starlink growth driving much of investor focus.
SpaceX is also staying in the news through the satellite internet race. Amazon agreed to buy Globalstar for $11.57 billion as competition with Starlink intensifies. Amazon remains far behind SpaceX in satellite deployment, with Starlink already operating more than 10,000 satellites.
For retail traders, access remains a major draw. Private company exposure usually comes through secondary transactions and private allocations. A perpetual futures contract gives users a simpler way to trade around SpaceX pricing and investor sentiment. Across crypto exchanges, products linked to familiar companies and active news cycles tend to attract faster interest than lesser-known names.
BTCC Is Expanding Its Product Mix
BTCC is using the SpaceX launch to push further into products linked to traditional market themes. The exchange has already pointed to strong early activity in its TradFi product line, where users can trade traditional market instruments with USDT.
SpaceX gives BTCC a high-interest name with strong retail recognition and a story traders already understand. In its announcement, BTCC also says it is among the first exchanges to offer SpaceX perpetual futures and describes SPACEXUSDT as having deep order book liquidity.
BTCC has paired the launch with a giveaway offering up to 1,000 USDT in rewards and a Tesla Cyberbeast. The campaign links the contract to the wider Musk brand universe, which gives the launch even more visibility.
Retail Access Expands, But the Risk Remains High
Products like this appeal to traders because they open access to stories usually reserved for private market participants. SpaceX has long been a company many people wanted exposure to, but few could reach directly.
At the same time, leveraged derivatives demand caution. BTCC states in its support materials that leverage increases both upside and downside. For retail users, a product tied to a pre-IPO story and amplified by leverage can produce large swings in either direction.
This is where the appeal and the danger sit side by side. The product is easy to understand from a narrative perspective, but it still trades like a high-risk derivative.
A New Route Into Private Market Speculation
BTCC’s SpaceX contract shows how crypto exchanges are packaging well-known private company stories into round-the-clock trading products. SpaceX brings public attention, IPO curiosity, and strong name recognition, which makes it a natural fit for this kind of listing.
Whether tokenized pre-IPO trading becomes a lasting category will depend on user demand after the first wave of curiosity fades. For now, BTCC is betting SpaceX can draw traders looking for fresh exposure outside the usual crypto lineup.
The post BTCC Brings SpaceX Pre-IPO Trading to Crypto Markets appeared first on BeInCrypto.
Ethereum Name Service gateway eth.limo has revealed that the domain hijacking on Friday was caused by a social engineering attack directed against EasyDNS, its domain name service provider.
According to a postmortem published by eth.limo on Saturday, an attacker impersonated one of its team members to initiate an account recovery process with easyDNS, granting access to the eth.limo account and allowing them to alter domain settings.
“The NS records were changed and directed to Cloudflare… Once we understood that a DNS hijack had taken place, we immediately notified the community as well as Vitalik Buterin and others. We then began contacting EasyDNS in an attempt to respond to the incident,” the company said.
Eth.limo serves as a Web2 bridge, providing access to around 2 million decentralized websites using the .eth domain name. Hijacking the service could allow an attacker to redirect users to malicious websites. Ethereum co-founder Vitalik Buterin warned users Friday to avoid his blog until the incident was resolved.
Mark Jeftovic, CEO of easyDNS, has publicly accepted responsibility for the incident in its own postmortem report.
“We screwed up and we own it,” said Jeftovic on Saturday.
“This would mark the first successful social engineering attack against an easyDNS client in our 28-year history. There have been countless attempts.”
Both companies have pointed to the Domain Name System Security Extension (DNSSEC) in thwarting the hacker’s attempts to do further damage.
The attacker couldn’t produce valid cryptographic signatures, so Domain Name System resolvers rejected the attacker’s forged DNS responses, causing users to see error messages instead of being redirected to malicious sites.
“DNSSEC was enabled for their domain when the attackers attempted to flip their nameservers, presumably to effect some manner of phishing or malware injection attack, DNSSEC-aware resolvers, which most are these days, began dropping queries,” Jeftovic said.
In its postmortem, eth.limo noted that because the attacker lacked the signing keys, they were unable to bypass the safeguards, which likely “reduced the blast radius of the hijack. We are not aware of any user impact at this time. We will provide updates if that changes.”
easyDNS makes changes since the attack
Jeftovic described the social engineering attack as “highly sophisticated,” and said easyDNS is still conducting a post-mortem on how the breach occurred, and has already begun rolling out changes to prevent a recurrence.
“In eth.limo’s case, we will be migrating them to Domainsure, which has a security posture more suited toward enterprise and high-value fintech domains, TLDR there is no mechanism for an account recovery on Domainsure, it’s not a thing,” he added.
“On behalf of everyone here, I apologize to the eth.limo team and the wider Ethereum community. ENS has always had a special place in our heart as the first registrar to enable ENS linking to web2 domains and we’ve been involved in the space since 2017.”
Related: RaveDAO denies manipulation as Binance, Bitget probe RAVE trading activity
The eth.limo incident is the latest in a series of domain hijackings targeting crypto projects. Days earlier, decentralized exchange aggregator CoW Swap lost control of its website after an unknown party hijacked its domain.
Steakhouse Financial, a DeFi advisory and research firm, similarly disclosed at the end of March that it had lost control of its domain to an attacker.
Prediction market platform Polymarket is reportedly in talks with investors to raise another $400 million in fresh capital, The Information reported Monday.
The $400 million raise would be made at a $15 billion valuation, The Information said, citing two people familiar with the matter.
The raise would add to a wave of institutional capital flowing into the predictions market space in recent months. New York Stock Exchange parent Intercontinental Exchange (ICE) invested $600 million into Polymarket in late March, while competitor platform Kalshi’s valuation was marked at about $22 billion in its last funding round.
The Information said Polymarket is looking to add strategic investors beyond ICE in its next funding round, which could total $1 billion.
Prediction markets started booming around the time of the 2024 US election and are now consistently recording over $10 billion in monthly trading volume across markets covering everything from sports and political elections to financial results and cultural events.
With that rise has come surging institutional interest from some of Wall Street’s biggest players.
In early March, one of Nasdaq’s options exchanges, Nasdaq MRX, filed to offer cash-settled, binary-style contracts on the Nasdaq-100 index.
Cboe Global Markets is also launching a prediction market-style offering, while CME Group partnered with American gambling company FanDuel, which will enable traders to bet on markets outside of finance.
Related: Kalshi to create ‘portal for parents‘ on prediction markets: Report
Last week, TradFi firms Charles Schwab and Citadel Securities said they are also weighing a move into prediction markets.
Legal issues linger over prediction markets
Despite the rise in prediction market activity, Kalshi and others have faced regulatory scrutiny over widespread insider trading and market manipulation allegations.
Kalshi is currently engaged in a court battle with the Nevada Gaming Control Board after a lower court temporarily blocked Kalshi from operating in the state.
The state regulator argues that Kalshi’s contracts facilitate unlicensed gambling. Coinbase chief legal officer Paul Grewal has predicted that the case could reach the US Supreme Court, potentially creating precedent over the regulatory treatment of prediction markets and event-based derivatives.
Magazine: Should users be allowed to bet on war and death in prediction markets?
The International Monetary Fund (IMF) lowered its global growth forecast for 2026 to 3.1% in its April update. This marks a 0.2 percentage point downgrade from its January estimate.
The Fund noted that the latest downgrade largely reflects economic disruptions stemming from the ongoing Middle East conflict. It added that in its absence, the outlook would have instead been revised upward by 0.1 percentage point to 3.4%.
IMF Cuts Growth, Lifts Inflation Forecast in 2026
The report added that the global growth forecast for 2027 remains unchanged from the January 2026 World Economic Outlook update.
Follow us on X to get the latest news as it happens
Meanwhile, global headline inflation is expected to edge higher in 2026 before resuming its downward trajectory in 2027. It is currently projected at 4.4% this year, before easing to 3.7% in 2027.
The economic impact remains uneven across regions. Emerging markets saw their 2026 growth outlook downgraded by 0.3 percentage points. Yet, projections for advanced economies were largely unchanged.
“Crucially, there is a high degree of cross-country dispersion in the reference forecast. While the growth and inflation revisions seem relatively modest at the global level, the toll on the conflict region and more vulnerable economies elsewhere—in particular, commodity-importing emerging market and developing economies with preexisting fragilities—is much more pronounced,” the report read.
The IMF also outlined additional downside risks. In a scenario where energy prices rise more sharply and persistently, global growth could slow to 2.5% in 2026.
At the same time, inflation may climb to 5.4%. A more severe disruption, particularly involving damage to energy infrastructure in the conflict region, would deepen the impact, dragging global growth to around 2% and pushing inflation above 6% by 2027. Emerging and developing economies would be disproportionately affected again, with nearly twice the impact as advanced economies.
The IMF said its latest World Economic Outlook uses a “reference forecast” rather than a traditional baseline. This reflects the difficulty of forming stable assumptions amid ongoing uncertainty.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights
The post IMF Cuts 2026 Global Growth Forecast by 0.2 Points as Middle East War Hits Momentum appeared first on BeInCrypto.
Bitcoin is absorbing the return of Middle East risk better than oil or equities.
Bitcoin traded at $74,335 on Monday morning, down 1.6% over 24 hours but still up 4.8% on the week after the U.S. Navy seized an Iranian ship over the weekend and Tehran reimposed controls on the Strait of Hormuz.
Ether slipped 2.6% to $2,272, Solana fell 1.5% to $84, and BNB held flat at $618, with the broader top-10 showing red across the board but none of the moves breaching 3%.
Brent crude jumped 5.7% to $95.50 a barrel, European natural gas futures surged as much as 11%, S&P 500 futures fell 0.6% after Friday’s record close, and European equity futures indicated a 1.2% drop at the open. Gold fell 0.8% to $4,790, and the dollar edged up as traditional war-hedge demand returned.
The weekend flare-up reversed a three-week unwind of war risk premium. Iran had declared the Strait “completely open” on Friday, prompting the S&P 500’s record close and a broad rally across emerging markets.
By Sunday morning, Trump was threatening to destroy every power plant and bridge in Iran if negotiations fail, and Tehran was signaling it may skip a second round of talks while the U.S. maintains its naval blockade.
This is the fourth major Iran-related risk event crypto has absorbed since the conflict began, and the pattern of shrinking sell-offs continues. Earlier escalations produced sharper drawdowns in bitcoin than this one, with each successive flare-up compressing the magnitude of the crypto reaction even as oil and equities continue to price each headline fresh.
The divergence suggests crypto has largely finished pricing the geopolitical tail risk that traditional markets are still reacting to, either because holders who were going to sell on Iran headlines have already sold, or because the spot ETF bid has become a more reliable floor than the futures-driven weekend gaps that defined earlier cycles.
What traders will watch through the U.S. session is whether the 10-year Treasury yield holding near 4.27% and the dollar bid pull bitcoin lower through the risk-parity channel, or whether the equity correlation that dominated Q1 loosens on a day when the driver is explicitly geopolitical rather than macro-liquidity.
If bitcoin holds $74,000 through the European open and the Strait of Hormuz situation deteriorates further, the asset’s emerging reputation as a geopolitical shock absorber gains another data point. If the move extends below $73,000 on any incremental Iran headline, the shrinking-sell-off thesis breaks.
Geopolitical tensions surrounding the Strait of Hormuz renewed a risk-off mood across cryptocurrency markets over the weekend, pressuring Bitcoin after a brief rally earlier in the week. On Friday, Bitcoin surged above $78,300 on Coinbase — its highest level since early February — but the rally faded as broader developments escalated. By weekend’s end, BTC had retreated to the $75,000–$76,000 zone, and late Sunday slid further to briefly dip below $74,000 in the wake of a U.S. military operation in the region.
The U.S. military announced that it opened fire on and later seized an Iranian cargo ship it said was attempting to breach a blockade of Iranian ports, a move that Tehran characterized as a violation of a two-week ceasefire between the two nations. The ceasefire, which had contributed to a calmer backdrop for energy markets and crypto trading alike, is due to expire this week, with investors watching how any renewal or breakdown could influence risk assets.
As tensions escalated, Tehran signaled retaliation and reportedly rejected a new round of peace talks slated for Monday in Islamabad, citing the U.S. blockade. The combined stance from Washington and Tehran underscored the fragility of a de-escalation path, complicating the outlook for both oil and crypto markets in the near term.
The broader market backdrop reflected the tension. U.S. stock futures opened Sunday night lower, with S&P 500 futures down about 0.8%, Nasdaq-100 futures off 0.6%, and Dow futures down roughly 0.9% (around 450 points). Oil markets reacted in kind, with crude futures rising more than 4.5% and trading above $95 a barrel as supply concerns and geopolitical risk re-entered the narrative.
Crypto market sentiment also shifted. The Crypto Fear & Greed Index edged higher to 29 out of 100 on Monday, signaling a return to fear after a period of relative calm, though it remained in the cautious end of the spectrum rather than outright panic.
Bitcoin’s price trajectory over the weekend underscores how sensitive the crypto market remains to macro-driven risk factors in addition to its own supply-and-demand dynamics. The move back toward the mid-$70,000s after a weekend foray into the mid-$70k range highlighted the potential for renewed volatility should the conflict persist or escalate around Hormuz and related channels.
Cointelegraph has previously noted how macro tensions, including geopolitical flare-ups and oil price swings, have historically fed into bitcoin’s price action, offering a potential liquidity tilt during periods of global uncertainty. The current sequence — a Friday peak followed by a weekend retreat and a Sunday plunge tied to military actions — illustrates the ongoing intersection between energy markets, geopolitical risk, and crypto liquidity.
Looking ahead, the key question for traders is whether the ceasefire holds long enough for markets to re-price risk more calmly or if renewed escalation magnifies volatility. The end-date of the current two-week ceasefire looms large for both oil markets and digital assets, as any renewal terms or new conflict dynamics could reintroduce abrupt shifts in sentiment, liquidity, and hedge demand.
Analysts will also be watching how the U.S. and Iranian sides approach diplomacy in the coming days. Tehran’s rejection of new talks and its vow of retaliation, alongside the U.S. military actions, suggests that any easing in risk appetite may depend heavily on clear signals of de-escalation rather than the mere absence of headlines.
In the near term, Bitcoin and other major cryptocurrencies may continue to trade within a risk-off framework so long as geopolitical headlines dominate. Traders will likely weigh potential upside toward prior resistance levels against the risk of renewed volatility if tensions intensify or the ceasefire breaks down again. As always, liquidity, macro cues, and the evolving diplomatic calculus will shape the path forward for BTC and the broader crypto market.
What to watch next: the timing and outcome of any renewed discussions around the ceasefire, ongoing responses from both Tehran and Washington, and the corresponding reactions in oil and traditional equity markets. The coming days could reveal whether this episode marks a temporary pause in risk appetite or a more sustained shift in how investors price geopolitical risk into digital assets.
Crypto World
LayerZero blames Kelp’s setup for $290 million exploit, attributes it to North Korea’s Lazarus
LayerZero has placed responsibility for the $290 million Kelp DAO exploit on Kelp’s own security configuration, saying the liquid restaking protocol ran a single-verifier setup that LayerZero had previously warned against.
The attack used a novel vector targeting the infrastructure layer rather than any protocol code.
Attackers, whom LayerZero attributed with preliminary confidence to North Korea’s Lazarus Group and its TraderTraitor subunit, compromised two of the remote procedure call (RPC) nodes that LayerZero’s verifier relied on to confirm cross-chain transactions.
RPC nodes are the servers that let software read and write data on a blockchain, and LayerZero’s verifier used a mix of internal and external ones for redundancy.
The attackers swapped the binary software running on two of those nodes with malicious versions designed to tell LayerZero’s verifier that a fraudulent transaction had occurred, while continuing to report accurate data to every other system querying those same nodes.
That selective lying was engineered to keep the attack invisible to LayerZero’s own monitoring infrastructure, which queries the same RPCs from different IP addresses.
Compromising two nodes was not enough. LayerZero’s verifier also queried uncompromised external RPC nodes, so the attackers ran a distributed denial-of-service attack on those to force failover to the poisoned ones.
Traffic logs LayerZero shared show the DDoS running between 10:20 a.m. and 11:40 a.m. Pacific Time on Saturday. Once the failover triggered, the compromised nodes told the verifier a valid cross-chain message had arrived, and Kelp’s bridge released 116,500 rsETH to the attackers. The malicious node software then self-destructed, wiping binaries and local logs.
The attack only worked because Kelp ran a 1-of-1 verifier configuration, meaning LayerZero Labs was the sole entity verifying messages to and from the rsETH bridge.
LayerZero’s public integration checklist and direct communications to Kelp had recommended a multi-verifier setup with redundancy, where consensus across several independent verifiers would be required to confirm a message. Under that configuration, poisoning one verifier’s data feed would not have been enough to forge a valid message.
“KelpDAO chose to utilize a 1/1 DVN configuration,” LayerZero wrote, using the protocol’s term for decentralized verifier networks. “A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.”
LayerZero said it has confirmed zero contagion to any other application on the protocol. Every OFT-standard token and application running multi-verifier setups was unaffected.
The LayerZero Labs verifier is back online, and the company said it will no longer sign messages for any application running a 1-of-1 configuration, forcing a protocol-wide migration off single-verifier setups.
The architectural distinction matters for how DeFi prices LayerZero risk going forward.
A protocol-level bug would have implied every OFT token on every chain was potentially at risk. However, a configuration failure by a single integrator, combined with a targeted infrastructure attack, implies the protocol worked as designed and that Kelp’s security choices, not LayerZero’s code, created the opening.
Kelp has not yet publicly responded to LayerZero’s framing or addressed why it operated a 1-of-1 verifier setup despite the explicit recommendations against it.
Lazarus Group has been linked to the Drift Protocol exploit on April 1 and now Kelp on April 18, meaning the same North Korean unit has drained more than $575 million from DeFi in 18 days through two structurally different attack vectors: social engineering governance signers at Drift and poisoning infrastructure RPCs at Kelp.
The group is adapting its playbook faster than DeFi protocols are hardening their defenses.
Crypto protocols lost over $606 million to hacks in just 18 days of April 2026. That makes it the single worst month for exploits since February 2025.
The surge comes from two attacks on KelpDAO and Drift Protocol. Together, they account for 95% of April’s losses and 75% of 2026’s total of $771.8 million.
April 2026 Crypto Hack Losses Dwarf Q1 Combined
According to data from DefiLlama, April’s $606.2 million total across 12 incidents, it has already eclipsed the first quarter’s $165.5 million haul. That makes the month roughly 3.7 times as large as January, February, and March combined.
Follow us on X to get the latest news as it happens
| Month | Number of Hacks | Amount Lost |
| January | 12 | $100.1M |
| February | 8 | $24.2M |
| March | 15 | $41.3M |
| April (to April 18) | 12 | $606.2M |
| YTD Total | 47 | $771.8M |
Every month since February 2025 has held under $240 million, per DefiLlama’s tracker. That earlier figure was skewed by the $1.4 billion Bybit breach, which drove February 2025’s total to $1.466 billion.
April 2026’s losses arrived without any headline exchange hack of that size. The pattern shows how quickly attackers pivoted to Decentralized Finance (DeFi) infrastructure.
BeInCrypto reported that KelpDAO lost over $290 million on April 18, now the year’s largest single hack. Drift Protocol sits just behind at $285 million.
The damage has stacked up in recent days. Incidents at Vercel, Hyperbridge, Grinex Exchange, and Rhea Finance have piled in 2026.
“None of these accounts for the collateral damage seen across TVL, user trust, valuations, and the space’s morale. DeFi remains a niche market until risk can be properly priced; at this time, we’re far from it,” an anlyst wrote.
DeFi TVL Slides as Sentiment Cracks
DeFi total value locked (TVL) fell by more than 7% over the past 24 hours following the Kelp exploit. Aave alone dropped from $26.4 billion to near $17.9 billion.
“Every protocol is taking a hit now,” analyst Ted Pillows wrote.
Hack frequency is also climbing sharply. DeFi recorded 47 incidents in the first 4.5 months of 2026, compared with 28 over the same period in 2025. That works out to a roughly 68% year-over-year rise.
The reactions point to rising concern that DeFi’s risk pricing has not caught up with infrastructure-layer exploits. Dollar losses sit below 2025’s Bybit-skewed pace, yet incidents keep stacking. The next few weeks will show whether DeFi can tighten security before April’s trend defines the year.
The post April 2026 Becomes Worst Month for Crypto Hacks Since February 2025 appeared first on BeInCrypto.
The decentralized finance (DeFi) ecosystem is experiencing a sharp capital outflow following the weekend exploit of the KelpDAO protocol.
Leading DeFi lending platform Aave has lost $8.45 billion in deposits over the past 48 hours, driving a broader $13.21 billion decline in total value locked (TVL) across DeFi. TVL refers to the combined dollar value of crypto assets deposited across DeFi protocols, such as Aave, and is widely used as to measure liquidity and overall market activity.
Total value locked across DeFi fell from $99.497 billion to $86.286 billion, while Aave’s TVL declined by $8.45 billion to $17.947 billion over the same period, according to DefiLlama. Protocol-level data shows double-digit percentage drops across platforms, including Euler, Sentora, and Aave, with losses concentrated in lending, restaking, and yield strategies tied to the affected collateral.
The move stems from a $292 million exploit of Kelp’s bridge that allowed attackers to use stolen rsETH, a liquid re-staking token widely used in DeFi, as collateral to borrow funds on lending platforms.
Because these stolen tokens lacked legitimate collateral backing, borrowing against them created potential shortfalls for lenders. It’s similar to conning a traditional bank by depositing fake fiat and taking out loans against it, ultimately leaving the lender with bad debt.
Protocols responded by freezing affected markets, while panicked users withdrew funds, leading to a broad decline in total value locked.
Token prices have moved less sharply than deposits. The AAVE token is down about 2.5% over 24 hours, while UNI and LINK are down less than 1% over the same period, according to CoinDesk market data.
Peter Chung, head of research at Presto Research, said in a note the incident highlights risks in cross-chain infrastructure, particularly in verification systems used by bridges.
Early analysis suggests the issue may have originated in the verification layer rather than in smart contracts themselves.
Chung added that the episode also shows how interconnected DeFi protocols can transmit shocks beyond the initial point of failure, with withdrawal activity and market freezes extending to platforms without direct exposure to the exploit.
‘I’m living with MS and face judgement and assumptions every day’
Tesco: Opportunity Captured, Upside Fading
Three Major Japanese Financial Institutions Tap Canton to Bring Government Bonds On-Chain
![Crypto Leverage Shocker: $61B Risks EXPOSED [Full Report]](https://wordupnews.com/wp-content/uploads/2026/04/1776665179_maxresdefault-80x80.jpg)
-
Crypto World6 days agoThe SEC Conditionalises DeFi Platforms to Be Avoided for Broker Registration
-
Fashion3 days agoWeekend Open Thread: Theodora Dress
-
NewsBeat6 days agoTrump and Pope Leo: Behind their disagreement over Iran war
-
Crypto World6 days agoSEC Signals Exemption for Crypto Interfaces From Broker Registration
-
News Videos5 days agoSecure crypto trading starts with an FIU-registered
-
Sports3 days agoNWFL Suspends Two Players Over Post-Match Clash in Ado-Ekiti
-
Crypto World6 days agoSEC Proposes Certain Crypto Interfaces Don’t Need to Register as Brokers
-
Business16 hours agoPowerball Result April 18, 2026: No Jackpot Winner in Powerball Draw: $75 Million Rolls Over
-
Politics2 days agoPalestine barred from entering Canada for FIFA Congress
-
Crypto World2 days agoRussia Pushes Bill to Criminalize Unregistered Crypto Services
-
Sports7 days agoNWFL opens Pathway for new Clubs ahead of 2026 Season
-
Business3 days agoCreo Medical agree sale of its manufacturing operation
-
Entertainment6 days agoBrand New Day’ Footage Reveals the Devastating Impact of ‘Now Way Home’
-
Politics21 hours agoZack Polanski demands ‘council homes not luxury flats for foreign investors’
-
Crypto World7 days agoTrump whales load up ahead of Mar-a-Lago luncheon.
-
Business7 days ago
Kering slides after Morgan Stanley downgrade, Gucci woes loom
-
Tech7 days agoApple glasses won’t go brand shopping like Meta did with Ray-Ban and Oakley
-
Tech7 days agoGoogle adds E2E encryption to Gmail for iOS and Android enterprise users
-
Tech5 days agoMicrosoft adds Windows protections for malicious Remote Desktop files
-
Entertainment7 days ago
How Euphoria Season 3 Premiere Paid Tribute to Eric Dane After Death
You must be logged in to post a comment Login