Crypto Security Fears Rise As Chaos Labs Reveals Attempted Advanced Wallet Attack

bitcoinistPublished on 2026-05-09Last updated on 2026-05-09

Abstract

Chaos Labs disclosed a sophisticated attempted hack targeting its operational wallets over a weekend, prompting several crypto firms to switch oracle providers. Borrowing platform Tydro, Solv Protocol, and Kelp DAO are among those migrating to Chainlink's oracle infrastructure, signaling a broader shift in confidence. Chaos Labs founder Omer Goldberg stated the attack was contained to routine operational wallets and that the core Chaos Oracle Network was not breached. The company rotated all keys and detected no further suspicious activity. Cyber professionals informed Chaos Labs that the methods were consistent with a nation-state attack, though no specific country was named. This incident occurs amid a difficult month for crypto security, including the high-profile Kelp DAO exploit in April.

Several crypto firms are switching oracle providers after Chaos Labs disclosed it was targeted in a sophisticated hacking attempt last weekend — one that authorities believe may have been carried out by a nation-state actor.

Firms Move To Chainlink

Borrowing platform Tydro announced it is migrating to Chainlink’s oracle infrastructure following the incident. Solv Protocol flagged similar plans, citing recent industry events as the reason for moving its cross-chain setup away from LayerZero.

Kelp DAO, still recovering from an April exploit, is also shifting its restaking token rsETH to Chainlink. The moves signal a broader loss of confidence in alternatives, even as Chaos Labs insists its core systems were never touched.

Chaos Labs founder Omer Goldberg said the attack was contained to operational wallets the company uses for routine on-chain activity. The oracle network itself — which supplies price and data feeds to blockchain applications — was not breached at any point.

“Chaos Oracles run in a fully isolated environment with nodes distributed globally, protected by layered security and cryptographic controls,” Goldberg said in a post on X.

The company rotated all keys following the incident and said no suspicious activity has been detected since.

Attack Consistent With Nation-State Methods

Cyber professionals and authorities working alongside Chaos Labs told the company the methods used were consistent with nation-state attacks, according to Goldberg.

He did not name a specific country. The investigation is ongoing, and Goldberg said more details would be shared as circumstances allow.

BTCUSD now trading at $80,337. Chart: TradingView

State-backed hacking groups, particularly those linked to North Korea, have long been seen as a serious threat to crypto infrastructure.

Reports indicate North Korea-affiliated actors stole at least $578 million across several incidents in April alone. North Korea has denied involvement in global cybercrime, calling such allegations unfounded.

Goldberg said Chaos Labs triggered its highest-severity incident response immediately after detecting the attempt. The company allocates a significant portion of its operating budget to cyber defense, monitoring, and detection systems.

A Difficult Month For Crypto Security

The Chaos Labs incident comes against a backdrop of widespread attacks across the industry. The Kelp DAO hack earlier in April was among the year’s most damaging, sending ripple effects through the crypto lending market and causing Aave’s total value locked to drop by $8 billion. Drift Protocol and at least a dozen other crypto entities were also hit during the same period.

Featured image from Pixabay, chart from TradingView

Related Questions

QAccording to the article, why are several crypto firms switching oracle providers?

AThey are switching providers after Chaos Labs disclosed it was targeted in a sophisticated hacking attempt. This has led to a broader loss of confidence in alternative oracle providers, prompting firms like Tydro, Solv Protocol, and Kelp DAO to migrate to Chainlink's infrastructure.

QWhat was the specific target of the attack on Chaos Labs, and was the core oracle network compromised?

AThe attack was contained to operational wallets Chaos Labs uses for routine on-chain activity. The core Chaos Oracle Network itself was not breached or compromised at any point, as it runs in a fully isolated, globally distributed environment with layered security controls.

QWho do authorities believe may be behind the attempted hack on Chaos Labs, and why is this significant?

AAuthorities and cyber professionals believe the attack methods were consistent with those of a nation-state actor. This is significant because state-backed hacking groups, particularly those linked to North Korea, are considered a serious threat to crypto infrastructure and are known for large-scale thefts.

QWhat actions did Chaos Labs take immediately after detecting the hacking attempt?

AChaos Labs triggered its highest-severity incident response, rotated all its keys, and has detected no suspicious activity since. The company also stated it allocates a significant portion of its operating budget to cyber defense, monitoring, and detection systems.

QWhat broader context of crypto security does the Chaos Labs incident occur within, according to the article?

AThe incident occurs during a difficult month for crypto security, marked by widespread attacks. These include the damaging Kelp DAO hack in April, which impacted the lending market and Aave's TVL, as well as attacks on Drift Protocol and at least a dozen other crypto entities.

Related Reads

OpenClaw and Cursor Just Invaded Phones! Agents Are Now in Your Pocket

AI Agents have officially arrived on mobile. In a landmark move, both OpenClaw and Cursor launched native mobile apps on the same day, fundamentally shifting how AI assistants are accessed and controlled. OpenClaw has released full-featured native apps for iOS and Android. Its "local-first" architecture, developed by the OpenClaw Foundation, keeps user data private by running the agent on a user's private Gateway. The mobile app now allows seamless remote control and approval of the agent's actions directly from a smartphone, with access to device capabilities like the camera, GPS, and contacts. Simultaneously, Cursor, the AI-powered coding tool, launched a public beta of its native iOS app. It enables developers to start and manage cloud-based AI coding agents from their phones. These agents can work asynchronously for extended periods—debugging, writing code, and creating pull requests—while developers are away from their computers. The app sends notifications for key decisions, allowing users to review and merge PRs from anywhere. Together, these releases signal a major shift: AI agents are no longer confined to desktop browsers or terminals. They are becoming persistent, autonomous assistants that work independently in the cloud, with humans transitioning from constant operators to mobile supervisors who approve key steps. The era of pocket-sized, on-demand AI is now here.

marsbit3m ago

OpenClaw and Cursor Just Invaded Phones! Agents Are Now in Your Pocket

marsbit3m ago

Polygon Says It Processed $80 Billion In Stablecoin Volume In May

Polygon reportedly processed roughly $80 billion in stablecoin transfer volume in May, claiming to overtake both Solana and BNB Chain in settlement activity. This is a significant metric as stablecoin transfers represent one of the clearest indicators of real blockchain utility, used for trading, payments, and DeFi. For Polygon, the figure supports its push to be seen as a serious settlement layer. The article notes that while the volume is impressive, its composition—whether from user payments or large institutional flows—matters for assessing true adoption. Nonetheless, gaining share in stablecoins, a proven use case, strengthens Polygon's utility narrative amid a competitive landscape. Readers are advised to treat this as a signal to monitor for broader ecosystem follow-through.

bitcoinist17m ago

Polygon Says It Processed $80 Billion In Stablecoin Volume In May

bitcoinist17m ago

Base's New Token Issuance Gateway B20: What Assets Does It Aim to Accommodate?

Base, a layer-2 blockchain, is developing B20, a native token standard designed to be a foundational tool for asset issuance. It serves as an ERC-20 compatible, pre-compiled system built directly into Base's infrastructure, offering faster speeds and lower costs than standard smart contracts. The core innovation lies in its robust control features for issuers. B20 enables granular role-based access control for functions like minting or pausing, alongside policy registries for whitelists and blacklists to restrict transfers. It also supports transaction memos for linking on-chain actions to off-chain records. These features are particularly targeted at stablecoin providers, Real World Asset (RWA) tokenizers, and other projects needing compliant, controllable, and low-cost token creation. However, its launch on the mainnet was recently delayed following network stability issues, underscoring its critical importance as a core network upgrade. B20 provides the tools for controlled issuance, but the responsibility for implementing specific compliance rules remains with the asset issuers themselves.

Foresight News23m ago

Base's New Token Issuance Gateway B20: What Assets Does It Aim to Accommodate?

Foresight News23m ago

Dialogue with IOTA Foundation's Jens: From Kenya to the UK, TWIN Propels Global Trade into the '5-Minute' Era

**Summary: IOTA's TWIN Project is Speeding Up Global Trade** Jens Munch Lund-Nielsen, Head of Global Trade & Supply Chain at the IOTA Foundation, discusses how the TWIN (Trade and Logistics Information Network) project is addressing long-standing inefficiencies in global trade. Traditionally, cross-border trade involves numerous parties, extensive paperwork, and delays spanning weeks. TWIN, built on IOTA's decentralized, scalable, and low-cost infrastructure, aims to replace this fragmented, paper-based system with a real-time, trusted, and interconnected digital collaboration layer. As a neutral digital public infrastructure, TWIN allows governments, businesses, and ports to exchange verifiable data and documents without ceding control to a single entity. This solves a core coordination problem that previous, proprietary platforms failed to address due to a lack of trust and neutrality. Key real-world implementations include: * **TLIP in East Africa:** Reduced document retrieval times for flower, coffee, and tea exports from 6-7 hours to ~30 minutes, cutting administrative work by 50-60%. * **UK Ecosystem of Trust Trials:** Provided border agencies with much earlier visibility (up to 20+ hours) of incoming chilled poultry shipments from Poland, enabling better resource planning. * Other pilots focus on supply chain traceability for fruits/vegetables, port efficiency, and critical mineral sourcing. TWIN ensures interoperability across jurisdictions by adopting global standards (e.g., UN/CEFACT data models), leveraging decentralized identity systems (DIDs), and supporting legal frameworks like MLETR. Looking ahead, Jens is optimistic that a trusted "connective layer" like TWIN will scale in the coming years. Its success could fundamentally transform global trade, most notably by helping to close the current $2.5 trillion trade finance gap. By providing lenders with access to verifiable, real-time supply chain data, TWIN could unlock capital and reshape how businesses discover partners and secure financing.

marsbit27m ago

Dialogue with IOTA Foundation's Jens: From Kenya to the UK, TWIN Propels Global Trade into the '5-Minute' Era

marsbit27m ago

MicroStrategy Releases Self-Rescue Script: The Game and Calculations Behind the $1.25 Billion Crypto Sale

MicroStrategy Shifts Strategy with $1.25 Billion BTC Sale Plan to Manage Crisis and Rebuild Capital Facing over $13 billion in unrealized losses on its Bitcoin holdings and a stalled funding model, MicroStrategy has pivoted from its "buy-and-hold-only" dogma. The company announced a new "Digital Credit Capital Framework" centered on active capital management. Key pillars of the plan include a potential $1.25 billion Bitcoin sale to bolster liquidity, a dividend hike and up to $1 billion in buybacks for its battered preferred stock (STRC), and up to $1 billion in common stock (MSTR) repurchases. The goal is to repair its creditworthiness, lift its stock price above the net asset value of its Bitcoin, and eventually restart its equity issuance engine to fund future purchases. This strategic shift, while a pragmatic move for survival, cracks the foundational "never sell" belief that once granted MicroStrategy a premium valuation. It transforms Bitcoin from a static reserve into a managed asset for liquidity, introducing potential future selling pressure. Market focus now shifts to the execution of its buyback program and any actual Bitcoin sales, which will test the resilience of its new framework and its impact on broader crypto market sentiment.

marsbit29m ago

MicroStrategy Releases Self-Rescue Script: The Game and Calculations Behind the $1.25 Billion Crypto Sale

marsbit29m ago

Trading

Spot
活动图片

Hot Categoriesright-arrow

Hot Tagsright-arrow