Senate Republicans are pushing a merged CLARITY Act draft toward the floor without the Democratic support needed to clear a filibuster, leaving the crypto market-structure bill exposed to a narrowing pre-recess calendar. The latest draft combines work from the Senate Banking and Agriculture committees and adds more than 70 pages to the legislation that cleared Banking in May. Republicans briefed President Donald Trump on the revised framework Thursday, but Sen. Ruben Gallego, one of the Democrats involved in negotiations, said…
Exploit
AI Agent Bypasses Sandbox Controls In a16z DeFi Exploit Test
AI Agent Finds A Way Around The Test Environment An off-the-shelf AI coding agent bypassed sandbox controls during an a16z crypto experiment designed to test whether AI agents can move from finding DeFi vulnerabilities to producing working exploit proofs of concept. The test, published by a16z crypto security engineers Daejun Park and Matt Gleason, used historical Ethereum price-manipulation incidents as benchmarks. The goal was not to attack live protocols. It was to measure whether a general-purpose agent with common developer…
3 months ago
Here’s How Litecoin (LTC) Contained a Massive MWEB Exploit
Litecoin experienced a significant disruption tied to its MimbleWimble Extension Block (MWEB) privacy layer after a critical validation flaw was discovered and exploited across two separate incidents in March and April 2026, according to a post-mortem shared by developer David Burkett. The issue originated from a bug in how MWEB inputs were validated during block connection, which allowed a miner to include malformed metadata that did not match the actual unspent transaction output being referenced. This enabled an attacker to…
3 months ago
DeFi United Unveils Technical Plan to Restore rsETH Backing After KelpDAO Exploit
DeFi United, a coalition of ecosystem participants led by Aave service providers, has released a technical implementation plan to restore rsETH backing. The plan comes after a major exploit on April 18, 2026. Hackers likely associated with North Korea’s Lazarus Group stole approximately $292 million (116,500 rsETH) from KelpDAO’s LayerZero bridge. DeFi United Releases Technical Roadmap to Make rsETH Whole In a detailed post, the team said seven wallets tied to the exploiter still hold active rsETH-backed positions on Aave…
3 months ago
Another DeFi Exploit Drains 150,000 SUI From Scallop’s Deprecated Contract
Scallop, a money market on Sui Network, lost about 150,000 SUI on Sunday after an attacker drained a deprecated rewards contract tied to the protocol’s sSUI spool. The team froze the affected contract within minutes and pledged full reimbursement from its treasury. Core operations resumed in under two hours. Another Sui Exploit Hits Peripheral Code, Not the Core Protocol Scallop disclosed the incident at 12:50 UTC on April 26 through a public notice on X. The attacker targeted a side…
3 months ago
SPARK Gains 100% as SparkLend Absorbs Billions Fleeing Aave After Exploit
Spark (SPK) has gained 98% to trade at $0.05834. The SPARK price rally follows a massive capital rotation into SparkLend after the $290 million Kelp bridge exploit. Decentralized Finance (DeFi) lending is restructuring rapidly as depositors flee Aave and redirect funds toward competing protocols. SparkLend Deposits Double After Kelp Fallout SparkLend’s total value locked climbed from roughly $1.89 billion to $3.6 billion since April 18. That amounts to over $1.7 billion in new deposits within five days, per DefiLlama data.…
3 months ago
Tags
ExploitTags
ExploitSui-Based Volo Protocol Hit by $3.5M Exploit, Freezes Vaults to Contain Damage
Volo Protocol, a liquid staking platform built on the Sui network, reported a security breach that led to the loss of approximately $3.5 million from its vaults, according to an official update shared by the team. The exploit impacted three vaults holding assets in WBTC, XAUm, and USDC. Recovery Efforts Intensify In an official update, the protocol said it detected the attack and responded immediately by notifying the Sui Foundation and other ecosystem partners, while also freezing the affected vaults…
3 months ago
Volo Protocol Loses $3.5 Million in Sui Vault Exploit Amid DeFi Hack Streak
Sui-based liquid staking platform Volo Protocol said on Wednesday that an attacker drained roughly $3.5 million from three of its vaults, the latest DeFi security breach in a month already shaken by nine-figure exploits. Volo froze every vault after detecting the attack and notified the Sui Foundation. The stolen assets included Wrapped Bitcoin (WBTC), gold-backed XAUm, and USD Coin (USDC). The team said the remaining $28 million in total value locked across other vaults carries no shared attack vector. Inside…
3 months ago
Whales Accumulate AAVE as Retail Flees Amid KelpDAO Exploit Fallout
Aave (AAVE) showed signs of large-scale accumulation even as the protocol grappled with the aftermath of a major exploit that triggered sharp outflows and price declines. The activity follows an April 18 exploit of KelpDAO’s rsETH bridge. That incident reportedly left Aave with roughly $196 million in bad debt. Whale Activity Rises as AAVE Faces Fallout From KelpDAO Exploit The KelpDAO incident has rattled market confidence across the Decentralized Finance (DeFi) sector. Data from DeFiLlama shows that Aave’s Total Value…
3 months ago
DeFi Losses Surpass $600M as Kelp DAO Exploit Pushes TVL to One-Year Low
The Kelp DAO exploit on April 18, 2026, in which attackers minted 116,500 unbacked rsETH by poisoning a single LayerZero verifier node, has catalyzed more than $600 million in sector-wide DeFi losses over recent weeks, with cumulative damage across protocols approaching $1 billion. The downstream effect is now visible on-chain: total value locked across DeFi has collapsed to its lowest point in twelve months, per DefiLlama data, as capital flight accelerates across restaking, lending, and cross-chain bridge protocols.The core question…
3 months ago




