Crypto Security Fears Rise As Chaos Labs Reveals Attempted Advanced Wallet Attack

bitcoinistPublished on 2026-05-09Last updated on 2026-05-09

Abstract

Chaos Labs disclosed a sophisticated attempted hack targeting its operational wallets over a weekend, prompting several crypto firms to switch oracle providers. Borrowing platform Tydro, Solv Protocol, and Kelp DAO are among those migrating to Chainlink's oracle infrastructure, signaling a broader shift in confidence. Chaos Labs founder Omer Goldberg stated the attack was contained to routine operational wallets and that the core Chaos Oracle Network was not breached. The company rotated all keys and detected no further suspicious activity. Cyber professionals informed Chaos Labs that the methods were consistent with a nation-state attack, though no specific country was named. This incident occurs amid a difficult month for crypto security, including the high-profile Kelp DAO exploit in April.

Several crypto firms are switching oracle providers after Chaos Labs disclosed it was targeted in a sophisticated hacking attempt last weekend — one that authorities believe may have been carried out by a nation-state actor.

Firms Move To Chainlink

Borrowing platform Tydro announced it is migrating to Chainlink’s oracle infrastructure following the incident. Solv Protocol flagged similar plans, citing recent industry events as the reason for moving its cross-chain setup away from LayerZero.

Kelp DAO, still recovering from an April exploit, is also shifting its restaking token rsETH to Chainlink. The moves signal a broader loss of confidence in alternatives, even as Chaos Labs insists its core systems were never touched.

Chaos Labs founder Omer Goldberg said the attack was contained to operational wallets the company uses for routine on-chain activity. The oracle network itself — which supplies price and data feeds to blockchain applications — was not breached at any point.

“Chaos Oracles run in a fully isolated environment with nodes distributed globally, protected by layered security and cryptographic controls,” Goldberg said in a post on X.

The company rotated all keys following the incident and said no suspicious activity has been detected since.

Attack Consistent With Nation-State Methods

Cyber professionals and authorities working alongside Chaos Labs told the company the methods used were consistent with nation-state attacks, according to Goldberg.

He did not name a specific country. The investigation is ongoing, and Goldberg said more details would be shared as circumstances allow.

BTCUSD now trading at $80,337. Chart: TradingView

State-backed hacking groups, particularly those linked to North Korea, have long been seen as a serious threat to crypto infrastructure.

Reports indicate North Korea-affiliated actors stole at least $578 million across several incidents in April alone. North Korea has denied involvement in global cybercrime, calling such allegations unfounded.

Goldberg said Chaos Labs triggered its highest-severity incident response immediately after detecting the attempt. The company allocates a significant portion of its operating budget to cyber defense, monitoring, and detection systems.

A Difficult Month For Crypto Security

The Chaos Labs incident comes against a backdrop of widespread attacks across the industry. The Kelp DAO hack earlier in April was among the year’s most damaging, sending ripple effects through the crypto lending market and causing Aave’s total value locked to drop by $8 billion. Drift Protocol and at least a dozen other crypto entities were also hit during the same period.

Featured image from Pixabay, chart from TradingView

Related Questions

QAccording to the article, why are several crypto firms switching oracle providers?

AThey are switching providers after Chaos Labs disclosed it was targeted in a sophisticated hacking attempt. This has led to a broader loss of confidence in alternative oracle providers, prompting firms like Tydro, Solv Protocol, and Kelp DAO to migrate to Chainlink's infrastructure.

QWhat was the specific target of the attack on Chaos Labs, and was the core oracle network compromised?

AThe attack was contained to operational wallets Chaos Labs uses for routine on-chain activity. The core Chaos Oracle Network itself was not breached or compromised at any point, as it runs in a fully isolated, globally distributed environment with layered security controls.

QWho do authorities believe may be behind the attempted hack on Chaos Labs, and why is this significant?

AAuthorities and cyber professionals believe the attack methods were consistent with those of a nation-state actor. This is significant because state-backed hacking groups, particularly those linked to North Korea, are considered a serious threat to crypto infrastructure and are known for large-scale thefts.

QWhat actions did Chaos Labs take immediately after detecting the hacking attempt?

AChaos Labs triggered its highest-severity incident response, rotated all its keys, and has detected no suspicious activity since. The company also stated it allocates a significant portion of its operating budget to cyber defense, monitoring, and detection systems.

QWhat broader context of crypto security does the Chaos Labs incident occur within, according to the article?

AThe incident occurs during a difficult month for crypto security, marked by widespread attacks. These include the damaging Kelp DAO hack in April, which impacted the lending market and Aave's TVL, as well as attacks on Drift Protocol and at least a dozen other crypto entities.

Related Reads

SecondFi Outlines Two-Week Recovery Plan After $2.4 Million Cardano Wallet Breach

SecondFi (formerly Yoroi wallet) has detailed a two-week recovery plan following a Cardano wallet security exploit that drained approximately $2.4 million in ADA from 374 addresses. The breach was caused by a flaw in the wallet-generation software, raising significant concerns about user trust in self-custody tools. SecondFi's structured response aims to accurately identify affected addresses and transparently restore funds, with its execution being critical to limiting reputational damage. While the Cardano network itself remains unaffected, the incident underscores that security at the wallet and user-interface layer is vital for overall ecosystem confidence. The outcome for the broader Cardano community hinges on the successful return of user assets and the demonstrated resolution of the underlying vulnerability.

bitcoinistJust now

SecondFi Outlines Two-Week Recovery Plan After $2.4 Million Cardano Wallet Breach

bitcoinistJust now

Real-life 'Black Mirror' Pumpfun Go: 40 Yuan to Lick Toilets, 14,000 USD for a Logo Tattoo on the Forehead

The article discusses the controversial new platform "Pumpfun Go," a bounty task platform launched by the meme coin platform Pump.fun. Its slogan is "Pay anyone to do anything." The platform allows users to anonymously post tasks with cryptocurrency rewards, which are held in escrow until completion and verification. The piece highlights extreme and disturbing tasks that have gained notoriety, such as licking a gas station toilet floor for roughly $5.63, eating live insects, getting a company logo tattooed on one's forehead for $14,000, and even a now-removed $700,000 bounty for suicide. These tasks are often linked to promoting specific meme coins by generating shocking, attention-grabbing content. While some tasks involve community-building or charity, critics, including New York Governor Kathy Hochul, condemn the platform for exploiting economic desperation and encouraging humiliating or dangerous behavior. They argue it mirrors dystopian narratives from shows like "Black Mirror" and movies like "Nerve," where online dares escalate for viewers' entertainment. Supporters and some participants counter that the platform provides much-needed income opportunities for the financially struggling. One user claimed the bounty money far exceeded his monthly salary. The article concludes by questioning the morality of a system where the wealthy pay for spectacle and the poor trade dignity for survival, reflecting a long history of public consumption of others' suffering. It suggests hope may lie in future technological abundance freeing people from such desperate choices.

marsbit6m ago

Real-life 'Black Mirror' Pumpfun Go: 40 Yuan to Lick Toilets, 14,000 USD for a Logo Tattoo on the Forehead

marsbit6m ago

Faked Trades, Clone Websites, 1105 Videos: Polymarket Under CFTC Scrutiny

The U.S. Commodity Futures Trading Commission (CFTC) has launched a wide-ranging investigation into prediction market platform Polymarket. The probe, triggered by a Wall Street Journal report, focuses on allegations of systematic marketing fraud. The report revealed Polymarket allegedly hired dozens of student content creators to post over 1,100 videos showing fake, profitable trades on cloned websites, without disclosing the paid relationships. These videos, with over 140 million views, were pivotal to user growth. Simultaneously, the National Association of Consumer Advocates (NACA) filed a lawsuit in Washington D.C., accusing Polymarket and its executives of deceptive advertising targeting college students. The suit details off-campus promotions and payments made through the CMO's personal PayPal account to influencers who failed to disclose sponsorships. The investigation places CFTC Chairman Michael Selig in a difficult position, as he has been a vocal advocate for prediction markets and is currently suing multiple states to assert federal jurisdiction over them. This case tests the CFTC's dual role as both promoter and enforcer. This marks Polymarket's second major clash with the CFTC. After a 2022 settlement and U.S. ban, it regained approval to operate in September 2025, secured a $20 billion investment, and saw its valuation soar. The current crisis, compounded by a recent $3.1 million front-end supply chain attack, represents the platform's most severe multi-front challenge since its founding.

Foresight News8m ago

Faked Trades, Clone Websites, 1105 Videos: Polymarket Under CFTC Scrutiny

Foresight News8m ago

Real-Life 'Black Mirror' Pumpfun Go: 40 Yuan to Lick a Toilet, $14,000 to Tattoo a Logo on Your Forehead

Pumpfun Go, a bounty task platform launched by the meme coin platform Pump.fun, is facing intense controversy. The platform's slogan "Pay anyone to do anything" has manifested in real-world tasks where participants perform increasingly extreme or demeaning acts for cryptocurrency rewards. These tasks range from licking a gas station toilet floor for roughly $5.63 to getting a permanent "bounty.fun" logo tattooed on one's forehead for $14,000. Other completed challenges include eating live insects and quitting a job on camera. The highest-value active bounty offers approximately $560,000 for climbing Mount Everest and placing a bet on a specified platform. While some tasks involve promoting meme coins or community events, the platform has drawn widespread criticism for incentivizing the exploitation of economic desperation. Participants, often citing "we need money" as their motivation, complete these tasks for sums that can far exceed their regular income. Critics, including New York Governor Kathy Hochul, have condemned Pumpfun Go as a dystopian system that commodifies human dignity and preys on the vulnerable. Supporters argue it provides a novel income opportunity for those in need. The debate highlights deeper societal issues around power, inequality, and the historical human fascination with spectacles of humiliation. The platform's existence raises questions about the ethical limits of anonymous online markets and the persistent reality where financial need forces individuals to trade their dignity for survival.

Odaily星球日报15m ago

Real-Life 'Black Mirror' Pumpfun Go: 40 Yuan to Lick a Toilet, $14,000 to Tattoo a Logo on Your Forehead

Odaily星球日报15m ago

ANSEM Token Rockets From $4 Million To $97 Million In Solana Meme Coin Frenzy

The Solana-based meme coin ANSEM experienced an extremely rapid and speculative surge, reportedly growing from a valuation of approximately $4 million to over $97 million in market capitalization within just 11 days of its on-chain appearance. This dramatic move highlights the potent, high-speed environment for retail trading on Solana, where low transaction costs and fast execution can fuel explosive gains. However, the article cautions that such vertical rallies are often driven by factors like low liquidity, concentrated token supply, and thin trading floats, rather than sustainable fundamentals. While illustrating that speculative capital remains active in Solana's meme coin sector, the ANSEM case serves as both a headline-grabbing story and a warning. It emphasizes that by the time such moves gain widespread attention, the early opportunity is often gone, and chasing them without understanding the underlying market structure can lead to significant losses.

bitcoinist25m ago

ANSEM Token Rockets From $4 Million To $97 Million In Solana Meme Coin Frenzy

bitcoinist25m ago

Trading

Spot
活动图片