Bookmarking Crypto Insights
Auto Added by WPeMatico
April 2026 closed as the most-hacked month in crypto history by incident count, with Defillama confirming 28 to 30 separate exploits and more than $625 million stolen across the industry. Key Takeaways: Defillama confirmed April 2026 as the most-hacked month in crypto history, with 28-30 incidents totaling over $625M stolen. Drift Protocol lost $285M on … Read more
North Korea’s Lazarus Group has deployed a modular macOS malware kit called Mach-O Man that uses fake meeting invites to steal credentials and crypto wallet access from fintech executives and developers. Key Takeaways: North Korea’s Lazarus Group deployed Mach-O Man malware targeting macOS users in crypto and fintech roles in April 2026. Bitso’s Quetzal Team … Read more
A cross-chain message forgery drained 116,500 restaked ether from KelpDAO on April 18, triggering what Cardano founder Charles Hoskinson called the largest DeFi exploit of the year and a contagion event that pulled billions in total value locked from the broader ecosystem within 48 hours. Key Takeaways: An attacker exploited KelpDAO’s cross-chain bridge on April … Read more
Certik reported a significant exploit of the Hyperbridge gateway, which allowed the perpetrator to mint 1 billion unauthorized DOT tokens on the Ethereum network. Key Takeaways: A hacker used a replay flaw to mint 1 billion fake Polkadot tokens via the Hyperbridge gateway. The price of DOT dropped 6% to $1.16 before recovering, while the … Read more
U.S. Treasury expands cybersecurity coordination with digital asset firms, signaling tighter integration with traditional finance and raising baseline protections as systemic risk exposure grows across crypto markets. Key Takeaways: Treasury introduces an initiative giving U.S. digital asset firms access to shared cyber threat intelligence. Crypto firms gain parity with traditional institutions, strengthening system-wide risk response. … Read more
Anthropic’s unreleased Claude Mythos Preview has autonomously identified thousands of high-severity zero-day vulnerabilities across every major operating system and web browser, prompting the company to launch Project Glasswing, a defensive cybersecurity coalition backed by up to $100 million in AI usage credits. Key Takeaways: Anthropic’s Claude Mythos Preview scored 83.1% on Cybergym, finding thousands of … Read more
Google Deepmind researchers have published the first systematic framework cataloguing how malicious web content can manipulate, hijack, and weaponize autonomous AI agents against their own users. Key Takeaways: Google Deepmind researchers identified 6 AI agent trap categories, with content injection success rates reaching 86%. Behavioural Control Traps targeting Microsoft M365 Copilot achieved 10/10 data exfiltration … Read more
A new study warns that Openclaw is facing a systemic security collapse after researchers found critical vulnerabilities, malware‑infected extensions, and prompt injection risks that allow attackers to steal data or hijack systems. The ‘Trusted Environment’ Fallacy A March 31 study by Web3 security firm Certik has pulled back the curtain on a “systemic collapse” of … Read more
A phishing campaign targeting Openclaw developers is spreading through Github, attempting to trick users into connecting crypto wallets and exposing funds to theft. Crypto Developers Warned of Github-Based Phishing Attack Cybersecurity firm OX Security reported this week that it identified the campaign, which impersonates the Openclaw ecosystem and uses fake Github accounts to reach developers … Read more
A malicious npm package impersonating an installer for the Openclaw artificial intelligence (AI) agent framework is spreading credential-stealing malware designed to quietly take control of developer machines. Security Researchers Expose Malicious Openclaw npm Package Security researchers say the package is part of a supply-chain attack aimed at developers working with Openclaw and similar AI-agent tooling. … Read more