Artículos Relacionados con Hack

El Centro de Noticias de HTX ofrece los artículos más recientes y un análisis profundo sobre "Hack", cubriendo tendencias del mercado, actualizaciones de proyectos, desarrollos tecnológicos y políticas regulatorias en la industria de cripto.

Annual Loss Rate Only 0.03%: Data Disassembles the Real Risk of DeFi Lending

DeFi lending's real-world annual loss rate from hacks and exploits is approximately 0.03% of the Total Value Locked (TVL), excluding cross-chain bridge incidents. This analysis, based on data from DeFi Llama, shows that while lending protocols are frequent targets due to their concentrated assets, the actual financial impact relative to the sector's massive scale is minimal. The overall DeFi hack total of $77.51B is heavily skewed by cross-chain bridge breaches. Removing those, losses drop to $45.18B, with lending and AMM protocols being the most affected non-bridge categories. Risk has significantly improved as the ecosystem has matured. For the year leading to May 2026, net losses in EVM and Solana lending protocols were $30.1 million against an average daily TVL of $99.6 billion, resulting in the 0.03% loss rate. Notably, the industry's asset recovery capability, exemplified by the full recovery and surplus from the Euler Finance hack, mitigates net losses, with a ~20% recovery rate for non-bridge lending incidents. Attack scale follows a log-normal distribution, meaning most incidents are small, and catastrophic losses are rare. This demonstrates that diversification across protocols is an effective risk mitigation strategy. The data indicates that DeFi lending has evolved into a measurable, compartmentalized, and relatively low-risk sector within the broader digital asset landscape.

marsbitHace 1 hora(s)

Annual Loss Rate Only 0.03%: Data Disassembles the Real Risk of DeFi Lending

marsbitHace 1 hora(s)

$10M Gone: Thorchain Exploit Triggers Security Fears Across DeFi

Blockchain tracker Arkham Intelligence has identified wallets linked to a THORChain exploit, holding approximately $3 million in Bitcoin and 216 ETH. On-chain investigator ZachXBT first reported the suspicious activity, estimating total losses now exceed $10 million. The attackers moved assets like USDT, USDC, and wrapped Bitcoin across multiple chains before converting to ETH. The cross-chain trading protocol was hit simultaneously on Bitcoin, Ethereum, BNB Chain, and Base. Security firm PeckShield confirmed the breach. Following the news, THORChain's native token RUNE dropped nearly 14%. The project's team had not issued a public statement at the time of reporting, increasing market anxiety. This incident highlights the recurring vulnerability of cross-chain infrastructure in DeFi, where complex code can create significant security risks. The stolen funds remain in the identified wallets for now.

bitcoinistAyer 07:32

$10M Gone: Thorchain Exploit Triggers Security Fears Across DeFi

bitcoinistAyer 07:32

$30 Billion DeFi Capital Exodus: LayerZero Stumbles, Chainlink Feasts

Following the major DeFi security incident involving Kelp DAO, a significant migration of funds is underway from the cross-chain protocol LayerZero to Chainlink's CCIP (Cross-Chain Interoperability Protocol). Over $30 billion in Total Value Locked (TVL) from protocols like Kelp DAO, Solv Protocol, Re, and Tydro has moved to Chainlink in the past week, driven by security concerns. LayerZero is facing a severe trust crisis after the attack. Initially denying responsibility, LayerZero Labs has now issued a public apology, acknowledging management oversights. These include a vulnerable "1/1" single-node configuration for its Decentralized Verification Network (DVN) and past misuse of a multi-signature wallet by a team member. The protocol's weekly bridge volume has slumped to near-historic lows of around $470 million. In contrast, Chainlink is experiencing a surge in adoption and activity. Its independent active addresses recently hit multi-month highs, and whales have been accumulating LINK tokens. Beyond DeFi, Chainlink is securing partnerships with traditional finance giants like DTCC, European stock exchange operator SIX Group, and asset manager Amundi. While LayerZero has announced security upgrades—such as migrating to stronger multi-signature configurations and developing a second DVN client—and contributed to a rescue fund, the event underscores that security is becoming a decisive competitive factor as DeFi matures.

marsbit05/13 09:40

$30 Billion DeFi Capital Exodus: LayerZero Stumbles, Chainlink Feasts

marsbit05/13 09:40

Crypto Security Fears Rise As Chaos Labs Reveals Attempted Advanced Wallet Attack

Chaos Labs disclosed a sophisticated attempted hack targeting its operational wallets over a weekend, prompting several crypto firms to switch oracle providers. Borrowing platform Tydro, Solv Protocol, and Kelp DAO are among those migrating to Chainlink's oracle infrastructure, signaling a broader shift in confidence. Chaos Labs founder Omer Goldberg stated the attack was contained to routine operational wallets and that the core Chaos Oracle Network was not breached. The company rotated all keys and detected no further suspicious activity. Cyber professionals informed Chaos Labs that the methods were consistent with a nation-state attack, though no specific country was named. This incident occurs amid a difficult month for crypto security, including the high-profile Kelp DAO exploit in April.

bitcoinist05/09 09:04

Crypto Security Fears Rise As Chaos Labs Reveals Attempted Advanced Wallet Attack

bitcoinist05/09 09:04

From Theft to Re-entry: How Was $292 Million "Laundered"?

A sophisticated crypto laundering operation was executed following the $292 million hack of Kelp DAO on April 18. The attack, attributed to the North Korean Lazarus group, began with anonymous infrastructure preparation using Tornado Cash to fund wallets untraceably. The hacker exploited a vulnerability in Kelp’s cross-chain bridge, stealing 116,500 rsETH. To avoid crashing the market, the attacker used Aave and Compound as laundering tools—depositing the stolen rsETH as collateral to borrow $190 million in clean, liquid ETH. This move triggered a bank run on Aave, causing an $8 billion drop in TVL. After consolidating funds, the attacker fragmented them across hundreds of wallets to evade detection. A major breakpoint was THORChain, where over $460 million in volume—30 times its usual activity—was processed in 24 hours, converting ETH into Bitcoin. This shift to Bitcoin’s UTXO model exponentially increased tracing complexity by shattering funds into countless untraceable fragments. The final destination was Tron-based USDT, the primary channel for illicit crypto flows. From there, funds were cashed out via OTC brokers in China and Southeast Asia, using unlicensed underground banks and UnionPay networks outside Western sanctions scope. Ultimately, the laundered money supports North Korea’s weapons programs, which rely heavily on crypto hacking for foreign currency. The incident underscores structural challenges in DeFi: its openness, composability, and lack of central control make such laundering not just possible, but inherently difficult to prevent.

marsbit04/26 07:12

From Theft to Re-entry: How Was $292 Million "Laundered"?

marsbit04/26 07:12

Kelp DAO Hack: Aave DAO Proposes To Contribute 25,000 ETH To Recovery Efforts

Aave DAO has proposed contributing 25,000 ETH from its treasury to a coordinated recovery effort following a major exploit on Kelp DAO. The attack, which occurred on April 18, targeted Kelp's rsETH Ethereum LayerZero adapter, resulting in a loss of approximately 163,183 ETH. Through frozen assets, recovered funds, and expected liquidations, over half the deficit has been covered, but a gap of roughly 75,081 ETH remains. A coalition named "DeFi United," including pledges from EtherFi, Lido, Ethena, and a credit line from Mantle, is mobilizing to restore the system. Aave's anchored contribution is a key part of this effort to reintroduce liquidity and fully back the affected tokens.

bitcoinist04/25 15:02

Kelp DAO Hack: Aave DAO Proposes To Contribute 25,000 ETH To Recovery Efforts

bitcoinist04/25 15:02

Aave Leads Effort to Fill 68.9k ETH Gap, DeFi Undergoes System-Level Stress Test

Aave has initiated a "DeFi United" rescue plan alongside multiple institutions to address a $292 million loss caused by a vulnerability in KelpDAO’s integration with LayerZero. The exploit allowed a hacker to mint unbacked rsETH and use it as collateral to borrow approximately $190 million on Aave, triggering a bank run and evaporating nearly $100 billion in TVL. While about 30,700 ETH was frozen on Arbitrum, a deficit of 68,900 ETH remains. To stabilize the system, several entities—including Lido Finance, EtherFi, Aave founder Stani Kulechov, and Mantle—have pledged support totaling around 43,500 ETH so far. However, the shortfall persists, and the incident has escalated from a technical exploit to a systemic trust crisis. The event tests DeFi’s ability to self-correct without central authority or a lender of last resort. The success or failure of this collaborative rescue effort may reshape confidence in decentralized finance and influence whether cross-protocol risk-sharing can become a sustainable mechanism for future crises.

marsbit04/25 00:00

Aave Leads Effort to Fill 68.9k ETH Gap, DeFi Undergoes System-Level Stress Test

marsbit04/25 00:00

Day 6 of the rsETH Incident: DeFi United Secures Approximately $100 Million in Intentional Commitments, but a $50 Million Gap Remains

On April 18, Kelp DAO’s rsETH LayerZero bridge was exploited, resulting in the unauthorized minting of 116.5k rsETH (approx. $292M). The attacker borrowed around $190M on Aave V3. The Arbitrum Security Council froze 30,766 ETH linked to the incident. DeFi United, a cross-protocol rescue initiative led by Awe, was formed to cover a total shortfall of 112.2k rsETH ($258M). As of April 24, several protocols have pledged around $100M in support, though most commitments are still under DAO voting or discussion. Key pledges include: - Golem: 1,000 ETH ($2.3M) - Aave founder Stani Kulechov: 5,000 ETH ($11.5M) - EtherFi: up to 5,000 ETH ($11.5M) - Lido: up to 2,500 stETH ($5.75M), contingent on full coverage - Mantle: proposed a $69M loan to Aave DAO under specific terms The remaining shortfall is estimated at $50M. Aave’s treasury and safety module (~$236M combined) can cover the worst-case bad debt scenario ($230M). Three potential loss distribution paths were outlined by DefiLlama’s 0xngmi: 1. Uniform 18.5% haircut for all rsETH holders: Aave bad debt ~$216M 2. Only protect Mainnet, abandon L2: bad debt up to $341M 3. Repay only pre-attack holders: technically difficult, ~$91M net loss KelpDAO has not yet announced a specific plan. The success of DeFi United depends heavily on KelpDAO’s final decision on loss allocation.

marsbit04/24 11:26

Day 6 of the rsETH Incident: DeFi United Secures Approximately $100 Million in Intentional Commitments, but a $50 Million Gap Remains

marsbit04/24 11:26

Tether’s Mega-Freeze: $344M USDT Locked Down In Major Operation With US Authorities

Tether has frozen $344 million in USDT held in two Tron wallets at the request of US authorities, including OFAC, after the wallets were linked to sanctions evasion and criminal activity. The company emphasized its routine cooperation with global law enforcement, having supported over 2,300 cases and frozen more than $4.4 billion in assets to date. This action contrasts with increased scrutiny on rival stablecoin issuer Circle, which faces a lawsuit over its alleged failure to promptly freeze $280 million stolen in the Drift Protocol hack. Tether also announced a collaboration with Drift Protocol to support recovery efforts with nearly $150 million in backing.

bitcoinist04/24 08:32

Tether’s Mega-Freeze: $344M USDT Locked Down In Major Operation With US Authorities

bitcoinist04/24 08:32

$292 Million KelpDAO Cross-Chain Bridge Hack: Who Should Foot the Bill?

On April 18, 2026, an attacker stole 116,500 rsETH (worth ~$292M) from KelpDAO’s cross-chain bridge in 46 minutes—the largest DeFi exploit of 2026. The stolen assets were deposited into Aave V3 as collateral, causing $177–200M in bad debt and triggering a cascade of losses across nine DeFi protocols. Aave’s TVL dropped by ~$6B overnight. This legal analysis argues that KelpDAO and LayerZero Labs share concurrent liability, with fault apportioned 60%/40%. KelpDAO negligently configured its bridge with a 1-of-1 decentralized verifier network (DVN)—a single point of failure—despite LayerZero’s explicit recommendation of a 2-of-3 setup. LayerZero, which operated the compromised DVN, failed to secure its RPC infrastructure against a known poisoning attack vector. Both protocols’ terms of service cap liability at $200 (KelpDAO) or $50 (LayerZero), but these limits are likely unenforceable due to unconscionability, gross negligence exceptions, and potential securities law invalidation (if rsETH is deemed a security under the Howey test). Aave’s governance also faces fiduciary duty claims for raising rsETH’s loan-to-value ratio to 93%—far above competitors’ 72–75%—without adequately assessing bridge risks, amplifying the systemic fallout. Practical recovery targets include LayerZero Labs (a registered Canadian entity), KelpDAO’s founders, auditors, and identifiable Aave governance delegates. The incident underscores escalating legal risks for DeFi protocols, infrastructure providers, and governance participants.

marsbit04/24 06:25

$292 Million KelpDAO Cross-Chain Bridge Hack: Who Should Foot the Bill?

marsbit04/24 06:25

活动图片

Indepth Research

Technology Trends