Geopolitical tensions surrounding the Strait of Hormuz renewed a risk-off mood across cryptocurrency markets over the weekend, pressuring Bitcoin after a brief rally earlier in the week. On Friday, Bitcoin surged above $78,300 on Coinbase — its highest level since early February — but the rally faded as broader developments escalated. By weekend’s end, BTC had retreated to the $75,000–$76,000 zone, and late Sunday slid further to briefly dip below $74,000 in the wake of a U.S. military operation in the region.

The U.S. military announced that it opened fire on and later seized an Iranian cargo ship it said was attempting to breach a blockade of Iranian ports, a move that Tehran characterized as a violation of a two-week ceasefire between the two nations. The ceasefire, which had contributed to a calmer backdrop for energy markets and crypto trading alike, is due to expire this week, with investors watching how any renewal or breakdown could influence risk assets.

As tensions escalated, Tehran signaled retaliation and reportedly rejected a new round of peace talks slated for Monday in Islamabad, citing the U.S. blockade. The combined stance from Washington and Tehran underscored the fragility of a de-escalation path, complicating the outlook for both oil and crypto markets in the near term.

The broader market backdrop reflected the tension. U.S. stock futures opened Sunday night lower, with S&P 500 futures down about 0.8%, Nasdaq-100 futures off 0.6%, and Dow futures down roughly 0.9% (around 450 points). Oil markets reacted in kind, with crude futures rising more than 4.5% and trading above $95 a barrel as supply concerns and geopolitical risk re-entered the narrative.

Crypto market sentiment also shifted. The Crypto Fear & Greed Index edged higher to 29 out of 100 on Monday, signaling a return to fear after a period of relative calm, though it remained in the cautious end of the spectrum rather than outright panic.

Bitcoin’s price trajectory over the weekend underscores how sensitive the crypto market remains to macro-driven risk factors in addition to its own supply-and-demand dynamics. The move back toward the mid-$70,000s after a weekend foray into the mid-$70k range highlighted the potential for renewed volatility should the conflict persist or escalate around Hormuz and related channels.

Cointelegraph has previously noted how macro tensions, including geopolitical flare-ups and oil price swings, have historically fed into bitcoin’s price action, offering a potential liquidity tilt during periods of global uncertainty. The current sequence — a Friday peak followed by a weekend retreat and a Sunday plunge tied to military actions — illustrates the ongoing intersection between energy markets, geopolitical risk, and crypto liquidity.

Looking ahead, the key question for traders is whether the ceasefire holds long enough for markets to re-price risk more calmly or if renewed escalation magnifies volatility. The end-date of the current two-week ceasefire looms large for both oil markets and digital assets, as any renewal terms or new conflict dynamics could reintroduce abrupt shifts in sentiment, liquidity, and hedge demand.

Analysts will also be watching how the U.S. and Iranian sides approach diplomacy in the coming days. Tehran’s rejection of new talks and its vow of retaliation, alongside the U.S. military actions, suggests that any easing in risk appetite may depend heavily on clear signals of de-escalation rather than the mere absence of headlines.

In the near term, Bitcoin and other major cryptocurrencies may continue to trade within a risk-off framework so long as geopolitical headlines dominate. Traders will likely weigh potential upside toward prior resistance levels against the risk of renewed volatility if tensions intensify or the ceasefire breaks down again. As always, liquidity, macro cues, and the evolving diplomatic calculus will shape the path forward for BTC and the broader crypto market.

What to watch next: the timing and outcome of any renewed discussions around the ceasefire, ongoing responses from both Tehran and Washington, and the corresponding reactions in oil and traditional equity markets. The coming days could reveal whether this episode marks a temporary pause in risk appetite or a more sustained shift in how investors price geopolitical risk into digital assets.

LayerZero has placed responsibility for the $290 million Kelp DAO exploit on Kelp’s own security configuration, saying the liquid restaking protocol ran a single-verifier setup that LayerZero had previously warned against.

The attack used a novel vector targeting the infrastructure layer rather than any protocol code.

Attackers, whom LayerZero attributed with preliminary confidence to North Korea’s Lazarus Group and its TraderTraitor subunit, compromised two of the remote procedure call (RPC) nodes that LayerZero’s verifier relied on to confirm cross-chain transactions.

RPC nodes are the servers that let software read and write data on a blockchain, and LayerZero’s verifier used a mix of internal and external ones for redundancy.

The attackers swapped the binary software running on two of those nodes with malicious versions designed to tell LayerZero’s verifier that a fraudulent transaction had occurred, while continuing to report accurate data to every other system querying those same nodes.

That selective lying was engineered to keep the attack invisible to LayerZero’s own monitoring infrastructure, which queries the same RPCs from different IP addresses.

Compromising two nodes was not enough. LayerZero’s verifier also queried uncompromised external RPC nodes, so the attackers ran a distributed denial-of-service attack on those to force failover to the poisoned ones.

Traffic logs LayerZero shared show the DDoS running between 10:20 a.m. and 11:40 a.m. Pacific Time on Saturday. Once the failover triggered, the compromised nodes told the verifier a valid cross-chain message had arrived, and Kelp’s bridge released 116,500 rsETH to the attackers. The malicious node software then self-destructed, wiping binaries and local logs.

The attack only worked because Kelp ran a 1-of-1 verifier configuration, meaning LayerZero Labs was the sole entity verifying messages to and from the rsETH bridge.

LayerZero’s public integration checklist and direct communications to Kelp had recommended a multi-verifier setup with redundancy, where consensus across several independent verifiers would be required to confirm a message. Under that configuration, poisoning one verifier’s data feed would not have been enough to forge a valid message.

“KelpDAO chose to utilize a 1/1 DVN configuration,” LayerZero wrote, using the protocol’s term for decentralized verifier networks. “A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.”

LayerZero said it has confirmed zero contagion to any other application on the protocol. Every OFT-standard token and application running multi-verifier setups was unaffected.

The LayerZero Labs verifier is back online, and the company said it will no longer sign messages for any application running a 1-of-1 configuration, forcing a protocol-wide migration off single-verifier setups.

The architectural distinction matters for how DeFi prices LayerZero risk going forward.

A protocol-level bug would have implied every OFT token on every chain was potentially at risk. However, a configuration failure by a single integrator, combined with a targeted infrastructure attack, implies the protocol worked as designed and that Kelp’s security choices, not LayerZero’s code, created the opening.

Kelp has not yet publicly responded to LayerZero’s framing or addressed why it operated a 1-of-1 verifier setup despite the explicit recommendations against it.

Lazarus Group has been linked to the Drift Protocol exploit on April 1 and now Kelp on April 18, meaning the same North Korean unit has drained more than $575 million from DeFi in 18 days through two structurally different attack vectors: social engineering governance signers at Drift and poisoning infrastructure RPCs at Kelp.

The group is adapting its playbook faster than DeFi protocols are hardening their defenses.

The decentralized finance (DeFi) ecosystem is experiencing a sharp capital outflow following the weekend exploit of the KelpDAO protocol.

Leading DeFi lending platform Aave has lost $8.45 billion in deposits over the past 48 hours, driving a broader $13.21 billion decline in total value locked (TVL) across DeFi. TVL refers to the combined dollar value of crypto assets deposited across DeFi protocols, such as Aave, and is widely used as to measure liquidity and overall market activity.

Total value locked across DeFi fell from $99.497 billion to $86.286 billion, while Aave’s TVL declined by $8.45 billion to $17.947 billion over the same period, according to DefiLlama. Protocol-level data shows double-digit percentage drops across platforms, including Euler, Sentora, and Aave, with losses concentrated in lending, restaking, and yield strategies tied to the affected collateral.

The move stems from a $292 million exploit of Kelp’s bridge that allowed attackers to use stolen rsETH, a liquid re-staking token widely used in DeFi, as collateral to borrow funds on lending platforms.

Because these stolen tokens lacked legitimate collateral backing, borrowing against them created potential shortfalls for lenders. It’s similar to conning a traditional bank by depositing fake fiat and taking out loans against it, ultimately leaving the lender with bad debt.

Protocols responded by freezing affected markets, while panicked users withdrew funds, leading to a broad decline in total value locked.

Token prices have moved less sharply than deposits. The AAVE token is down about 2.5% over 24 hours, while UNI and LINK are down less than 1% over the same period, according to CoinDesk market data.

Peter Chung, head of research at Presto Research, said in a note the incident highlights risks in cross-chain infrastructure, particularly in verification systems used by bridges.

Early analysis suggests the issue may have originated in the verification layer rather than in smart contracts themselves.

Chung added that the episode also shows how interconnected DeFi protocols can transmit shocks beyond the initial point of failure, with withdrawal activity and market freezes extending to platforms without direct exposure to the exploit.

Bitcoin erased its weekend gains as it fell below $74,000 on Sunday after the US military seized an Iranian cargo ship, putting pressure on a ceasefire between the two countries. 

Bitcoin (BTC) had soared above $78,300 late Friday on Coinbase, its highest price since early February, but dropped to between $75,000 and $76,000 over the weekend after Iran said it would close vital oil routes in the Strait of Hormuz.

The cryptocurrency then sank sharply late on Sunday to briefly trade below $74,000 after the US military said it opened fire on, and later seized, an Iranian cargo ship it claimed tried to run its blockade of Iranian ports, with Tehran accusing the US of violating an agreed ceasefire. 

The two-week ceasefire between the US and Iran, which had helped boost the markets and temper oil prices, is set to end on Wednesday.

Tehran has vowed to retaliate over the US military’s seizure of the ship and has rejected a new round of peace talks slated for Monday in Islamabad, Pakistan, due to the US blockade, Iranian state media reported.

Related: Bitcoin eyes $90K as whales absorb 20x daily BTC supply in 30 days

US stock futures sank Sunday night amid rising tensions, with S&P 500 futures dropping 0.8%, Nasdaq-100 futures falling 0.6% and Dow Jones futures declining 0.9%, or about 450 points.

Oil futures also soared amid the hostilities and Iran’s threat to close the Strait of Hormuz, with crude oil futures rising over 4.5% to over $95 a barrel.

The Crypto Fear & Greed index rose by two points to a score of 29 out of 100 on Monday, its highest score since late January, but which still indicated a sentiment of “fear.”

Magazine: Bitcoin will not hit $1M by 2030, says veteran trader Peter Brandt