MetaMask cofounder Dan Finlay has left Consensys after spending about a decade working with the self-custodial wallet firm.

 

Finlay announced his departure from Consensys in a Thursday post on X, citing burnout and the need to spend more time with his family. He also wished the Consensys team well, saying the team has an amazing road ahead of them.

 

 

Since joining Consensys in 2016, Dan Finlay, alongside cofounder Aaron Davis, worked hand in hand on the development of MetaMask, Consensys’s self-custodial wallet. Finlay played an instrumental role in shaping MetaMask, transforming it from a browser-based Ethereum wallet into one of the mainstream crypto wallets, enabling access to decentralized finance (DeFi), non-fungible tokens (NFTs), and many other on-chain services.

 

Finlay was also key in the design and creation of some of MetaMask’s technical features, including Snaps, a MetaMask feature that allows third-party developers to safely extend MetaMask’s capabilities. Some of the capabilities added through Snaps include the ability to explore other blockchains such as Bitcoin, Solana, and Cosmos, as well as improved security features and the ability to receive warnings about malicious transactions occurring within a MetaMask wallet.

 

On his last day at Consensys, Finlay highlighted the launch of Advanced Permissions, ERC-7715, stating that he was over the moon regarding its launch. Advanced Permissions is a feature that allows decentralized applications to request pre-approved permissions from a MetaMask user to execute transactions on their behalf.

 

With this Advanced Permissions ERC-7715 feature, a user can activate or grant a particular request in their MetaMask wallet without having to manually approve it repeatedly.

 

Voluntary Exits Not Uncommon Among Crypto Founders

Like Dan Finlay, it is not uncommon to see crypto founders voluntarily step away from work to focus on other important aspects of life, especially their families.

 

On the same day Finlay announced his exit from ConsenSys, Bitcoin advocate and podcaster Preston Pysh announced that he was stepping away from public work and social media to focus on his wife and children.

 

Earlier this month, Ethereum researcher Josh Stark announced his departure from the Ethereum Foundation after spending five years there. According to an X post, Stark said he was stepping away from work to focus more on his family and friends.

 

 

The Aave DAO is being asked to commit 25,000 ETH from its treasury to help close a massive funding gap left behind by the April 18 exploit of Kelp DAO's rsETH bridge, a vulnerability that drained roughly $292 million from one of DeFi's most widely-used liquid restaking products. The proposal, put forward Thursday by Aave service provider TokenLogic, would make Aave the single largest contributor to a broader coalition effort dubbed "DeFi United", a coordinated response involving some of the sector's biggest names.

 

The attack exploited a configuration flaw in Kelp's LayerZero bridge adapter, which was running a single-verifier setup. That weakness let the attacker mint 152,577 rsETH tokens that had no actual ETH backing, which were then used as collateral on Aave to borrow approximately $190 million in legitimate assets. The fallout was severe. More than $10 billion in net withdrawals hit Aave in the days following the breach, and the protocol's affected V3 deployments on Ethereum, Arbitrum, and Mantle were left sitting on bad debt that, by various estimates, lands somewhere between $123 million and $230 million, depending on how recoveries play out.

 

The Funding Gap and How It Gets Closed

At the prevailing rsETH-to-ETH ratio of 1.0696, the original shortfall came out to roughly 163,183 ETH. Since then, a series of coordinated actions have chipped away at the hole. Kelp recovered and froze tokens representing approximately 43,168 ETH in value. The Arbitrum Security Council stepped in to freeze 30,766 ETH that the attacker was still holding on that network, following input from law enforcement. Liquidating the hacker's remaining positions across Aave and Compound is expected to recover a further 14,168 ETH. That gets you to a shortfall of around 75,081 ETH, still a very large number.

 

To plug what remains, the DeFi United coalition has assembled a funding stack that combines direct donations, a credit facility, and the requested Aave treasury contribution. Public contributors including EtherFi, Lido, Ethena, Ink Foundation, BGD Labs, and several individual ecosystem participants have pledged a combined 14,570 ETH so far, with more conversations reportedly in progress. Mantle has proposed a credit facility of up to 30,000 ETH, structured with interest at Lido's rate plus 1% and a repayment term of up to 36 months. Bybit co-founder Ben Zhou said the exchange, as Mantle's largest stakeholder, would vote yes on the facility, drawing a parallel to industry support Bybit received after its own security incident. Together, those streams narrow the residual gap to approximately 30,000 ETH. The Aave treasury request covers most of that.

 

 

A Complex Recovery With Real Execution Risk

What makes this more complicated than a straightforward treasury disbursement is the mechanics of actually executing the recovery. The coalition needs to place the full 120,015 ETH into the LayerZero lockbox to restore rsETH's backing. But a significant chunk of the expected recoveries, roughly 44,787 ETH worth, are not yet liquid. They depend on the Arbitrum Security Council releasing frozen funds, and on successfully liquidating the attacker's positions on Aave and Compound. Those processes could stretch out over weeks.

 

To bridge that timing gap, the coalition is arranging a separate tranche of short-duration loans from additional ecosystem partners. The proposal also includes a notable authorization: Aave Labs would be permitted to pledge DAO assets and future protocol revenue as collateral to secure these funding arrangements. That is a significant move, and the TokenLogic proposal is candid about the risks involved, noting the recovery depends on actions outside the coalition's control, including Kelp reopening withdrawals, LayerZero reopening its bridge, and the Security Council completing its process. "This is a call to arms," the proposal states. "The path there is not risk-free."

 

What the Industry Is Saying

Aave founder Stani Kulechov has already put skin in the game, pledging 5,000 ETH personally stating that "Aave is my life's work and we're working nonstop to find the best possible outcome for users.". The response has drawn both measured optimism and pointed skepticism from across the ecosystem. Matthew Pinnock, COO at Altura DeFi, told Decrypt the effort signals that DeFi is "moving beyond isolated protocols to a more coordinated financial system," while also emphasizing that "socialised recovery methods" need to be paired with clear accountability frameworks. Georgii Verbitskii, founder of yield platform TYMIO, was more cautious, telling the publication that without concrete details on the initiative's structure, "it's difficult to expect any meaningful structural shift in DeFi." He also predicted the incident would push users and protocols toward more conservative, base-layer configurations, likely reducing appetite for wrapped products and liquid staking derivatives.

 

 

On the constructive side, Sergey Kravtsov, CEO of Papaya Finance, described the coordinated effort as "an emergent immune response of a financial system that is actually decentralized", competing protocols stepping in because letting bad debt cascade, as he put it, "would have hurt everyone."

 

Governance Process Still Underway

The proposal is currently in the community feedback phase on Aave's governance forum. If it reaches consensus, it moves to a Snapshot vote before heading to an on-chain AIP. Timing matters here. The DeFi United coalition has flagged that ETH price appreciation could make the dollar-denominated bad debt worse by the hour if governance moves slowly. A separate proposal to pause AAVE buybacks has also been floated, suggesting the DAO is bracing for a period of concentrated capital deployment.

 

For Aave, this is partly precedent-following. After the 2022 CRV short-squeeze incident left the DAO with roughly $1.9 million in bad debt, it chose to cover the shortfall rather than socialize losses among suppliers. The current situation is orders of magnitude larger, but the underlying posture is the same: the Aave DAO balance sheet is being positioned as a backstop for systemic DeFi events, at least when the protocol itself is directly exposed. Personally, it is amazing to see the DeFi community rally behind this endeavor in wake of such a monumental exploit.

 

Tokenized stocks have crossed the $1 billion market cap marking a major turning point for RWAs on-chain. Public equities drove the surge, with platforms like Ondo Global Markets and xStocks leading the charge, while tokenized private equities on Solana continue to gain early traction and expand rapidly.

 

The rise of tokenized stocks brings several benefits to investors as they enable 24/7 global trading without the traditional T+2 settlement delays, allowing markets to operate continuously rather than shutting down after regular hours. Fractional ownership lowers the barrier for smaller investors to gain exposure to stocks and private investments. Assets can be used directly as collateral in DeFi protocols, creating new opportunities for yield generation and liquidity with instant settlement that reduces counterparty risk and improves capital efficiency. 

 

Ondo Finance and xStocks together account for over 90% of the tokenized stock market cap. Ondo leads at $741.1M (heavily on Ethereum at $440.1M and BNB Chain at $283.2M), followed by xStocks at $315.2M (dominant on Solana with $258.4M and reach through CEXs like Kraken and Bybit). The rest includes Superstate, Robinhood on Arbitrum, Dinari, and PreStocks’ $17.8M in tokenized private equities. Launched in June 2025, xStocks has already facilitated over $3.5 billion in on-chain transaction volume and $25 billion in total trading volume, tokenizing major assets like SPYx, QQQx, NVDAx, and TSLAx. 

 

Another interesting segment is tokenized pre-IPO stocks that bring exposure to private companies like Anthropic directly onto Solana via platforms such as PreStocks. These tokens are created through Special Purpose Vehicles (SPVs) that hold shares or exposure acquired on secondary markets. PreStocks then issues 1:1 backed SPL tokens on Solana that track the company's implied valuation which lets holders get price exposure with 24/7 trading on DEXes like Jupiter. The tokenized pre-IPO sector has grown roughly 200% year-to-date, with Anthropic leading the surge. 

However, Ethereum is still the clear leader when it comes to bringing stocks on-chain, as it’s become the primary home for major financial moves as the value of funds moving onto Ethereum has grown 20x since the start of 2024, thanks to massive names like BlackRock and Fidelity launching their own products there. This dominance extends across other major real-world asset categories as well, with the network maintaining a strong position in tokenized commodities, funds, and stablecoins.

 

 

Nasdaq has secured SEC approval to trade tokenized Russell 1000 stocks and major index ETFs on the same order book as their traditional counterparts, while the NYSE is building a 24/7 on-chain venue with instant settlement and stablecoin funding in partnership with Securitize and the DTCC’s tokenization infrastructure. Firms like Franklin Templeton, JPMorgan, and Apollo are rolling out tokenized money market funds, credit strategies, and other securities across networks that reache beyond Ethereum and Solana to include chains like Polygon, Avalanche, Base, Aptos, and Stellar, reflecting a multi-chain strategy to plug directly into different DeFi ecosystems. 

 

Ondo Global Markets, now one of the main issuers of tokenized U.S. stocks and ETFs, blocks U.S. users and anyone trading from inside the country, and pushes those restrictions through partners like MetaMask, Binance Wallet, and centralized exchanges that list its products. Kraken’s xStocks do the same, limiting access to non U.S. clients in a set list of jurisdictions and explicitly excluding residents of the United States, Canada, the U.K., and Australia. On Solana, the pre-IPO names led by PreStocks let people trade tokens linked to companies like Anthropic, but they sit in a gray zone because they’re SPV based claims with no audited, public proof of backing, wide gaps between implied token prices and private round valuations, thin liquidity, and no clear path for U.S. retail to participate. So while Binance, OKX, Kraken, and others rush to put tokenized stocks in front of millions of users, most of the real volume is still offshore, and U.S. investors are mostly stuck watching from the sidelines until policy catches up.

 

 

Cryptocurrency exchange Coinbase has rolled out crypto-backed loans for users in the United Kingdom, allowing users to borrow USDC against Bitcoin (BTC), Ether (ETH), and Coinbase Wrapped Staked Ether (cbETH) holdings.

 

The launch, announced this Monday, is part of Coinbase’s overall efforts to build a leading financial app in the UK that allows users to invest, manage, and grow their money.

 

 

The loans will be issued through Morpho, a decentralized finance lending protocol on Base, and according to Coinbase, users will be able to borrow up to $5 million in USDC, depending on the amount of Bitcoin and other eligible assets they hold as collateral. Coinbase says the interest rates will vary, depending on market conditions on Base, and that these rates will be set by Morpho.

 

It is also important to note that while there is no fixed repayment schedule for the borrowed loans, borrowers face liquidation risk if the loan-to-value ratio exceeds specific thresholds that will be set by Coinbase.

 

The crypto-backed loans can be accessed through the Coinbase app, where users can choose the amount of USDC they want to borrow and their preferred collateral asset. Once this is done, the pledged collateral will be transferred on-chain to a Morpho smart contract, and the USDC loans will be automatically disbursed to the user’s Coinbase account, which can then be converted to British pounds (GBP).

 

Coinbase Expands Its Crypto Efforts

Coinbase is one of the cryptocurrency exchanges leading development at the intersection of blockchain technology and artificial intelligence (AI).

 

In an X post last weekend, Coinbase CEO Brian Armstrong announced that the exchange was testing and integrating two AI agents into Slack and email. These AI agents will serve as virtual workers, able to perform on-chain actions such as holding funds, spending and sending money, trading, and earning yield.

 

This recent development comes shortly after Coinbase launched the x402 Foundation, designed to enhance the use of its x402 protocol as a standard payment protocol for internet native payments.

 

To achieve its “Everything Exchange” goal, Coinbase made a number of significant acquisitions last year, including the acquisition of the Deribit exchange and Echo. The exchange has also rolled out stock and ETF trading in-app for all eligible users, with its most recent rollout in Canada.

 

 

AllUnity, a regulated European stablecoin issuer, is bringing EURAU, its Markets in Crypto-Assets compliant stablecoin, to major decentralized exchanges.

 

The announcement, made recently by the issuer, will see the introduction of AllUnity’s EURAU stablecoin in two trading pairs across multiple chains. These include the EURAU/USDT pair on the Ethereum and Solana blockchains via Uniswap and Raydium, as well as the EURAU/USDT0 trading pair on the Tempo blockchain via Uniswap.

 

To support this expansion initiative, Flowdesk, a regulated digital asset trading firm, will serve as the main liquidity provider for the EURAU rollout across the different decentralized exchanges. This move is expected to improve EURAU’s integration and utility in decentralized finance, enabling traders to swap between EURAU and USDT with reduced slippage.

 

According to Rupertus Rothenhäuser, Chief Commercial Officer at AllUnity, the expansion represents a key step toward building a robust and accessible euro liquidity layer. He added that it will enable seamless euro to dollar trading and empower institutions and liquidity providers to participate in deep and efficient markets.

 

Dollar-pegged stablecoins continue to dominate

Stablecoins tied to the U.S. dollar continue to maintain the largest share of the more than $320 billion stablecoin market cap. According to a report, USD pegged stablecoins make up about 99 percent of the total global stablecoin supply, with Tether’s USDT and Circle’s USDC being the largest by market cap.

 

Euro pegged stablecoins account for a small share of the global supply, with a market cap of about €450 million to approximately $1 billion, representing less than 0.3 percent of the total.

 

Despite remaining a niche segment of the crypto market, euro pegged stablecoins have seen some institutional adoption in recent months. In February this year, Société Générale, one of Europe’s largest banks, expanded its euro pegged EURCV stablecoin to the XRP Ledger and the Stellar blockchain.

 

In December last year, about twelve of Europe’s largest banks, including ING, UniCredit, BNP Paribas, and CaixaBank, formed Qivalis, a joint consortium to launch a euro pegged stablecoin. The consortium has engaged in regulatory dialogue with the Dutch National Bank and has entered advanced talks with cryptocurrency exchanges regarding the launch, which is expected this quarter. 

 

 

A carefully planned attack on Kelp DAO's cross-chain bridge drained 116,500 rsETH, worth roughly $292 million, from the liquid restaking protocol on Saturday, instantly becoming the largest DeFi exploit of 2026. The fallout spread almost immediately, pulling in Aave, SparkLend, Fluid and Lido before Kelp's own emergency systems could fully catch up.

 

The exploit was first flagged by on-chain investigator ZachXBT at around 2:52 PM ET, with six attacker wallets identified. Those wallets, it turned out, had been pre-funded via Tornado Cash, the coin-mixing service widely used to obscure transaction origins. That kind of preparation doesn't happen overnight, and points to a deliberate, well-resourced operation that had studied Kelp's architecture before making its move.

 

How the Attack Worked

At 17:35 UTC, an attacker-controlled wallet called the lzReceive function on LayerZero's EndpointV2 contract. LayerZero is the cross-chain messaging infrastructure that Kelp relied on to move rsETH between networks. By spoofing a valid instruction from another chain, the attacker tricked the bridge's verification logic into releasing 116,500 rsETH directly to an address they controlled. It was a clean hit. Kelp's emergency multisig paused core contracts 46 minutes later, at 18:21 UTC. Two follow-up attempts at 18:26 and 18:28 UTC were blocked, each carrying the same LayerZero packet aimed at pulling another 40,000 rsETH worth roughly $100 million. The pause held.

 

The bridge that was drained served as the reserve backing wrapped versions of rsETH deployed across more than 20 networks, including Arbitrum, Base, Linea, Blast, Mantle and Scroll. With those reserves gone, holders of rsETH on layer 2s are now left wondering what exactly their tokens are worth. That uncertainty creates a dangerous feedback loop: panic redemptions on layer 2 networks pressure the unaffected Ethereum-side supply, which in turn could force Kelp to unwind underlying EigenLayer restaking positions to honor withdrawals.

 

The Contagion Moves Fast

The stolen rsETH didn't just sit in an attacker's wallet. The second phase of the attack played out on Aave V3, where the attacker deposited the drained rsETH as collateral and borrowed a substantial volume of Wrapped Ether against it. Because the rsETH was no longer backed by anything real at that point, the resulting debt positions are effectively unliquidatable. Aave's WETH reserve is now carrying bad debt it cannot recover through normal liquidation mechanisms. Some estimates put the bad debt exposure on Aave V3 at close to $177 million.

 

Aave moved quickly, freezing rsETH markets on both V3 and V4 within hours. Founder Stani Kulechov clarified on X that Aave's own contracts had not been compromised and that the freeze was precautionary while the situation was assessed. The AAVE token still dropped about 10% on the news, a reflection of how exposed the protocol's broader ecosystem appeared even if its core code was clean. SparkLend and Fluid followed with their own rsETH market freezes.

 

Lido Finance paused additional deposits into its earnETH product, which carries rsETH exposure, while being careful to note that stETH and wstETH remain unaffected. Ethena, the stablecoin issuer, took its own precautionary step, temporarily shutting down its LayerZero OFT bridges from Ethereum mainnet for roughly six hours despite having no direct rsETH exposure and maintaining collateralization above 101%. Upshift, which runs non-custodial yield vaults, paused deposits and withdrawals to its High Growth ETH and Kelp Gain vaults, though its USDC and AUSD products had no rsETH exposure.

 

Kelp's Response, and Its History

Kelp, which operates under the KernelDAO umbrella, posted its first public acknowledgment on X at 20:10 UTC, nearly three hours after the drain. The team said it was investigating the suspicious cross-chain activity with LayerZero, Unichain, its auditors and external security specialists. It has not yet disclosed how the attacker bypassed the bridge's validation logic or what the path to recovery looks like for rsETH holders across layer 2 networks.

 

It isn't Kelp's first serious incident. Back in April 2025, a bug in its fee contract caused excess rsETH minting and triggered a temporary pause, though that event did not result in direct user losses. This time the damage is far more severe and far more public.

 

 

The Kelp DAO exploit overtakes the Drift Protocol hack from April 1, 2026, where attackers drained roughly $295 million from the Solana-based perpetuals exchange in a targeted administrative breach, as 2026's largest DeFi loss. The pattern is hard to ignore. DeFi attacks are getting larger and more sophisticated, and as Ledger CTO Charles Guillemet noted earlier this month, AI tools are now actively lowering the cost and complexity of carrying out these attacks.

 

What the Kelp incident also lays bare is a structural risk baked into DeFi's composability model. Liquid restaking tokens like rsETH were whitelisted as collateral on major lending protocols because they held real value and generated real yield. The assumption underlying all of that was that the token would remain fully backed. When that assumption collapsed on Saturday afternoon, there was no circuit breaker, no committee vote and no grace period. The losses cascaded instantly across protocols that had nothing to do with the original exploit. That's the architecture working exactly as designed, and also its greatest vulnerability.

 

The Ethereum Foundation has committed $1 million to subsidize smart contract security audits for developers building on Ethereum mainnet, a move that signals how seriously the organization is taking security as the network continues its push toward broader adoption. The initiative, called the Ethereum Security Subsidy Program, was announced April 14 on X and arrives at a time when the cost of professional audits has long been a sticking point for smaller teams trying to ship responsibly.

 

The program was built in partnership with digital asset advisory firm Areta, along with Nethermind and Chainlink Labs. Through Areta Market, the foundation is connecting builders with a pool of more than 20 vetted audit firms, including well-known names like Certora, BlockSec, Quantstamp, Spearbit, Sherlock, Zellic, Hacken, Cyfrin, Dedaub, Immunefi, and Nethermind Security. Rather than running a slow, confusing grant process, approved projects get subsidies applied directly through the platform, then request quotes, and can reportedly get them back within 48 hours.

 

How It Works

Builders submit applications through a form on Areta Market. From there, an Expert Committee, made up of representatives from the Ethereum Foundation, Areta, Nethermind, Chainlink Labs, and audit partners, reviews each submission. Selected teams can receive subsidies covering up to 30% of their total audit costs, with higher support possible on a case-by-case basis for certain projects. There is no fixed deadline for applications. The subsidy pool is distributed on a first-come basis until the $1 million is exhausted, with new cohorts picked every month.

 

The program is open to all Ethereum mainnet builders regardless of project size or development stage, though the foundation has said it will prioritize teams aligned with what it calls the CROPS principles: Censorship Resistance, Open Source, Privacy, and Security. The foundation published this framework just last month as part of a broader mandate defining its role and what it expects from builders in the Ethereum ecosystem.

 

Part of a Bigger Push on Security

This subsidy program did not come out of nowhere. It sits inside the foundation's broader Trillion Dollar Security Initiative, which launched last year and is explicitly focused on raising the network's security standards as Ethereum scales to handle more complex applications and larger sums of on-chain value. The thinking behind that initiative has always been that security infrastructure needs to grow alongside adoption, and audit access has been one of the more persistent gaps.

 

Areta CEO Fin Boothroyd framed the launch this way on X: the program is a joint initiative with top-tier audit providers, backed by an expert committee made up of leading voices from organizations that know Ethereum well. Notably, Areta ran a comparable $1 million audit subsidy for Solana developers prior to this, which gives the firm a useful blueprint for how these programs tend to play out in practice.

 

The Ethereum Foundation has been active on several fronts beyond this. In March 2026, it partnered with Morpho to expand its involvement in decentralized finance. In February, it rolled out Project Odin, a separate effort aimed at supporting teams building core infrastructure, particularly those that provide essential services but struggle to secure reliable funding. The audit subsidy program fits neatly into that broader pattern of trying to shore up the ecosystem before problems develop rather than after.

 

Wider Industry Context

The Ethereum Foundation is not alone in making these kinds of moves right now. Last month, Aave Labs announced a $1.5 million audit program focused specifically on securing the newly released Aave V4 protocol, another sign that some of the larger DeFi players are taking the cost-of-security problem seriously. The pattern emerging here looks like a coordinated, if informal, industry-wide shift toward treating security infrastructure as something worth investing in upfront.

 

Smart contract audits have always been considered a baseline best practice before deployment, yet for many teams, particularly earlier-stage ones, the cost has been prohibitive enough to skip or delay. If the program works as intended, more code gets reviewed before it goes live. That matters to the network given how much value is at stake on Ethereum at any given moment, and how frequently vulnerabilities in unaudited contracts have led to significant losses across DeFi.

 

There is still the question of whether $1 million is really enough to move the needle at scale. Audit costs vary widely depending on protocol complexity, and covering 30% of fees, while helpful, still leaves a meaningful share of the bill on the builder. The foundation has left the door open to higher support for select projects, which suggests it knows the ceiling matters. For now, the program represents a concrete, operational step rather than just a policy statement, and that puts it ahead of most security initiatives that never get past the announcement stage.

 

Hyperbridge, a cross-chain interoperability protocol built on Polkadot, was recently hit by a hack that led to the loss of approximately 108.2 ETH, roughly $237,000.

 

The attack, which occurred in the early hours of Monday, was caused by the exploitation of a smart contract vulnerability in the protocol’s token gateway contract on Ethereum.

 

 

By taking advantage of this vulnerability, the attacker forged a cross-chain message and proof that allowed them to bypass the Merkle proof verification of Hyperbridge’s Ethereum HandlerV1 contract. As this contract is central to security and proof verification on Hyperbridge’s Ethereum side, the attacker was able to gain unauthorized administrative control over the bridged DOT token contract on Ethereum.

 

With this administrative authority, the attacker minted approximately one billion fake bridged DOT tokens in a single transaction. The tokens were then immediately dumped into various liquidity pools through Uniswap V4 and other crypto aggregators such as Odos. However, due to poor liquidity and limited trading activity for the bridged DOT token on Ethereum, the attacker was only able to extract about 108 ETH, valued at roughly $237,000.

 

Polkadot acknowledged the incident in a statement on its official X account, noting that it was aware of the situation. The team stated that the breach only affected DOT tokens on Ethereum, and confirmed that its native DOT cryptocurrency, as well as DOT bridged through other platforms, remained unaffected.

 

To contain the issue, Hyperbridge temporarily paused the protocol. Seun Lanlege, founder of Polytope Labs, the team behind Hyperbridge, stated that the issue was under investigation shortly after the incident occurred.

 

 

Hyperbridge April Fool Joke

The Hyperbridge hack comes shortly after the team made an April Fool's joke on the 1st of April about being hacked, dismissing the idea as a joke and boasting that the protocol was unhackable, a move that sparked criticism about the team’s overconfidence.

 

 

Lanlege, the protocol’s founder, was also called out, with some in the crypto community accusing him of ignoring and rejecting security feedback and tests from white hat researchers who had identified flaws in the protocol’s security system.

 

The Hyperbridge exploit is one of almost 10 smart contract vulnerability exploits we have seen this year. In January, DeFi protocol Truebit and decentralized exchange aggregator Swapnet were hit by smart contract vulnerability exploits that led to the loss of approximately 26.4 million dollars and $13.4 million, respectively.

 

Solv Protocol and CrossCurve were also hit in the following months by smart contract vulnerability exploits. So far, over $400 million has been lost to crypto-related hacks and exploits this year.

 

 

Charles Schwab, the Texas-based brokerage giant with more than $12.2 trillion in assets under management, confirmed Friday it is on track to roll out spot Bitcoin and Ethereum trading for U.S. clients before the end of Q2. It is, by any measure, a significant moment for the digital asset industry, though the market's reaction has been muted so far.

 

"We remain on track to launch our spot crypto offer in the first half of 2026, starting with Bitcoin and Ethereum," a company spokesperson told reporters Friday. Clients looking for early access can now join a waitlist through the newly launched Schwab Crypto page, which has quietly appeared under the firm's Investment Products section online.

 

A Phased Rollout

CEO Rick Wurster, confirmed the launch will start in Q2 with a limited client pilot before widening to the broader investor base. Before that even happens, the firm plans to test the product internally with its own employees, a cautious approach that is very much in line with how Schwab tends to operate.

 

The service will be operated through Charles Schwab Premier Bank, SSB, a regulated banking subsidiary. Although, not everyone in the U.S. will have access at launch. Residents of New York and Louisiana are excluded from the signup form, due to tight state-level regulatory considerations that have long complicated crypto product rollouts in those markets.

 

What This Actually Means for Crypto Exchanges

The competitive implications here are real. Schwab is not some fintech startup trying to chip away at Coinbase's market share from the margins. This is a firm with tens of millions of existing retail and institutional clients who already trust it with their stocks, bonds, and retirement accounts. Bringing Bitcoin and Ethereum into that same account view, without needing a separate wallet or a new platform login, removes one of the biggest friction points keeping traditional investors on the sidelines.

 

Bloomberg ETF analyst Eric Balchunas has flagged pricing as the key variable to watch. Schwab already offers zero-commission stock and ETF trading. If the firm prices spot crypto below 50 basis points, the pressure on crypto-native exchanges could be significant, particularly for casual retail traders who are cost-sensitive and already comfortable inside the Schwab ecosystem.

 

Are Stablecoins Next?

Spot trading is likely just the opening move. Wurster signaled during an earnings call late last year that the firm wants exposure to stablecoins as well, describing them as something that will likely play a role in transacting on blockchains. A stablecoin offering, if it materializes, would put Schwab in even more direct competition with crypto-native platforms and potentially with payment networks.

 

The firm has also been expanding through acquisitions. Earlier this year, Schwab announced a $660 million deal to buy private shares platform Forge Global, aimed at giving clients access to pre-IPO investments. Wurster has said Schwab remains open to further deals in the crypto space if the right opportunity and valuation align.

 

Where Bitcoin and Ethereum Stand Right Now

At the time of writing, Bitcoin was trading near $67,000, down roughly 47% from its all-time high of $126,080. Ethereum sat around $2,050, off nearly 59% from its own peak set last August. Both assets have had a difficult few months, which makes the timing of Schwab's entry intriguing. The firm is coming in during a period of weakness, not euphoria, which could prove to be well-timed when the market recovers.

 

Schwab shares closed Thursday up about 1.5%, trading near $93.77, representing roughly a 19% gain over the past year. That compares favorably with Bitcoin's 18.5% decline over the same stretch. The brokerage's stock has, for now, outperformed the very asset class it is preparing to offer its clients.

 

Whether Schwab's entry into spot crypto ultimately proves to be a turning point for mainstream adoption, or just another incremental step in a long institutional migration into digital assets, remains to be seen.

 

In a Thursday post on X, stablecoin issuer Circle announced that it will be launching cirBTC, its own version of wrapped Bitcoin for institutional markets.

 

 

cirBTC will maintain a 1:1 backing with Bitcoin and will be launched on Ethereum as well as on Circle’s Layer-1 Arc blockchain. Circle also says the yet-to-be-launched crypto asset will be credible, claiming it was designed with the same foundations as USDC and EURC.

 

Despite the existence of dozens of wrapped Bitcoin products in the crypto market, Circle says several features set cirBTC apart from other versions of wrapped Bitcoin:

• Institutional-grade global standard: cirBTC is well-suited for over-the-counter (OTC) desks, market makers, and lending protocols, as well as other institutional crypto users seeking a neutral, secure, and high-performance tokenized version of Bitcoin.
• Verifiability: cirBTC reserves can be independently verified onchain in real time by any counterparty.
• Interoperable infrastructure: cirBTC is designed to be multi-chain compatible. Although it will launch on Ethereum and Arc first, support is expected to expand to additional chains over time.

 

Circle Joins the Wrapped Bitcoin Race

With cirBTC now in place, Circle will compete with the likes of BitGo, Coinbase, and Ren Protocol, whose wrapped versions of Bitcoin have long dominated the crypto and DeFi space.

 

BitGo, in combination with Kyber Network and Ren Protocol, launched its own version of wrapped Bitcoin (WBTC) in 2018. WBTC was introduced with the goal of bringing Bitcoin liquidity into Ethereum and DeFi protocols, and since its launch, it has been widely used for DeFi lending, borrowing, and trading.

 

WBTC currently holds a dominant market share of about 85% of the total wrapped Bitcoin market, with a market capitalization of approximately $7.9 billion, a 1:1 backing with Bitcoin, and roughly 119,000 WBTC in circulation.

 

Cryptocurrency exchange Coinbase also launched cbBTC, its own version of wrapped Bitcoin, in 2024. cbBTC was introduced with the goal of providing institutional-grade, exchange-native wrapped Bitcoin that would serve as an alternative to BitGo’s WBTC while tightly integrating into Coinbase services and the Base ecosystem.

 

cbBTC currently has a market capitalization of about $5.9 billion, a circulating supply of approximately 88,000 cbBTC tokens, and a 1:1 backing with Bitcoin.

 

To bring Bitcoin liquidity into DeFi, several other crypto exchanges have also created their own versions of wrapped Bitcoin, including Binance Wrapped BTC (BTCB), Kraken Wrapped BTC (kBTC), and OKX Wrapped BTC (XBTC).

 

 

Whatever optimism had crept back into crypto markets over the past two days got wiped out Thursday morning after President Trump's primetime address to the nation offered not a path to peace, but a harder line. Crypto fell. Stocks fell. Oil surged past $106. The familiar cycle repeated itself, for roughly the fifth or sixth time in five weeks.

 

Bitcoin dropped 3% to around $66,000, giving back the gains it had quietly built on Tuesday. Ethereum fell by a similar margin, sliding to $2,056. BNB shed 4.9% to $580, XRP lost 3.5% to $1.30, and Solana's SOL had the worst session of the major tokens, off 5.2% and now down roughly 13% on the week. It was an ugly morning across the board, and it felt awfully familiar.

 

A Rally Built on Hope, Not Reality

Tuesday had been, briefly, a good day. Trump had made offhand comments suggesting the Iran conflict could wrap up within weeks and that a formal deal was not necessarily a prerequisite for a resolution. That was enough. Asian equities surged 4%. S&P 500 futures climbed. Bitcoin pushed back toward $69,000. The crypto Fear and Greed Index, which had been pinned at single digits for weeks, got a bit of air.

 

Then came the Wednesday speech. In nearly 20 minutes, Trump outlined no real shift in Iran policy, offered no pathway to a ceasefire, and gave no timeline for reopening the Strait of Hormuz, the critical oil shipping lane that has been effectively closed since mid-March. He said the strait would reopen 'naturally' once hostilities subside. That was not what markets had priced in and our small rally just went away.

 

The Real Problem Underneath the Headlines

Analysts and traders increasingly point out that tracking Trump's daily commentary on Iran may be beside the point. The underlying oil market situation has been quietly deteriorating, independent of whatever the president says on any given afternoon. The International Energy Agency's member nations authorized the largest coordinated strategic petroleum reserve release in the organization's 50-year history, around 426 million barrels in total, to compensate for the near-shutdown of Hormuz flows. Those flows represent about 20% of the world's seaborne oil trade.

 

The problem is that those emergency reserves are expected to run dry within weeks. When that happens, the manageable shortfall of roughly 4.5 to 5 million barrels per day could balloon to 10 or 11 million, which would be an entirely different kind of crisis. Ship insurance premiums for Hormuz transits remain elevated. Tanker traffic through the strait has not recovered. The real-world picture, independent of political statements, is not improving.

 

Going Nowhere Fast

Bitcoin has essentially traded between $60,000 and $73,000 for the entirety of the conflict, now entering its sixth week. It sells off on escalation headlines, bounces on de-escalation headlines, and ends up more or less where it started. The Fear and Greed Index has been stuck between 8 and 14 for a month, deep in extreme fear territory. The pattern has become almost mechanical at this point.

 

There are some who see reasons for cautious optimism, and they are not entirely without basis. April has historically been one of Bitcoin's stronger months, finishing green in 10 out of 15 years with an average gain of around 20.9%. Bitcoin also bounced clearly off two-month uptrend support near $60,000 last week and is attempting to reclaim its 50-day moving average. Spot Bitcoin ETFs have seen roughly $2.5 billion in net inflows over the past month, a sign that institutional interest has not collapsed. BlackRock noted this week that large investors are concentrating specifically in Bitcoin and Ether rather than spreading into the broader altcoin market.

 

But seasonality does not trade against a war. Until the conflict itself shows signs of genuinely unwinding, the pattern of hope, headline, reversal is unlikely to change. Wednesday was just another reminder of that.

 

The next few weeks will likely be decisive, not because of anything Trump says, but because of what happens with oil supply fundamentals that have been quietly building toward a breaking point regardless of the diplomatic noise.

 

After more than two years in development, Aave has officially deployed its fourth protocol iteration on the Ethereum mainnet, introducing what the team is calling a fundamental redesign of the way decentralized lending works. The upgrade is built around a hub-and-spoke architecture that Aave Labs CEO Stani Kulechov says positions the protocol as the most resilient lending market in the world.

 

Speaking at DeFi Day during ECC in Cannes, Kulechov sat down with The ROLLUP to walk through what the upgrade means and where Aave goes from here. The conversation covered everything from the protocol's new risk tooling to its partnership with Chainlink, and for a protocol that has survived the FTX collapse, multiple bear markets, and various DeFi exploits without accruing bad debt, Kulechov's confidence did not feel misplaced.

 

A New Plumbing System for DeFi Liquidity

The core change in V4 is a shift away from isolated liquidity pools, the model that defined both V2 and V3. In the previous design, each market on Ethereum held its own separate pool of assets. Capital in one market could not serve borrowers in another, which made it notoriously difficult to list new assets or bootstrap fresh lending markets without starting from scratch.

 

V4 replaces that structure with a central Liquidity Hub that aggregates capital across the protocol. Specialized spoke markets connect to the hub and draw from its shared pool, each with its own risk parameters, collateral rules, and liquidation settings. Kulechov used the tranching model from traditional finance as a reference point, explaining it to The ROLLUP as three tiers: a plus spoke for riskier, tail-end opportunities; a core hub for risk-adjusted mainstream markets; and a prime hub for the conservative end of the curve.

 

The practical implication is that a builder wanting to list a newer, less-proven token can now plug into the plus spoke without needing to bootstrap liquidity from zero. If that market matures, it can work its way toward the core hub. "One of the biggest challenges for DeFi builders has been how to bootstrap their product and liquidity," Kulechov told The ROLLUP. "This is the perfect way where if you build something exciting, it can be connected into existing Aave liquidity."

 

That said, Kulechov was clear the gates are not wide open yet. Spoke creation remains DAO-governed during the controlled launch phase, with the protocol prioritizing security over growth in the early going.

 

Risk Management Gets a Real Overhaul

Two specific features stand out on the risk side. The first is risk premiums, which allow the protocol to price risk differently depending on the collateral type a borrower is using. Under V3, every borrower taking out a loan against a given stablecoin paid roughly the same rate. V4 changes that, layering in a variable premium so that riskier collateral positions carry a higher borrow cost.

 

The second is dynamic risk configuration, which lets the protocol update parameters for new positions without touching existing ones. Kulechov walked The ROLLUP through why this matters: "Configurations can be applied to new positions without affecting old positions," he said, describing it as fundamentally new tooling that simply did not exist in prior Aave architecture.

 

The security buildout behind V4 reportedly spanned more than a year, with roughly eight months dedicated specifically to hardening the protocol's infrastructure. Formal verification firm Certora worked alongside the Aave Labs engineering team from the earliest architectural stages, embedding smart contract protections into the design rather than treating them as a pre-launch formality. V4 launched with conservative supply and borrow caps across all three hubs, a posture Aave says is entirely intentional while the protocol proves itself in production.

 

Chainlink SVR Adds a Revenue Stream on the Liquidation Side

Running alongside the V4 launch is Aave's expanding integration with Chainlink's Smart Value Recapture product, known as SVR. The mechanism routes oracle price updates through a private channel ahead of the public mempool, allowing an auction to occur for the right to backrun liquidations. Value that would otherwise flow entirely to block builders and MEV searchers instead gets shared between Aave and Chainlink.

 

Kulechov explained the appeal of the integration to The ROLLUP in fairly direct terms: "It helps all the users and it also helps the Aave treasury," he said. "It's a balance of being able to get Aave, as a community, to capture some of that revenue that liquidations occur with, directly into the Aave treasury."

 

As a launch partner, Aave currently receives 65% of recaptured MEV with Chainlink taking 35%, a rate locked in for the first six months of the live integration. The Aave DAO voted unanimously to expand SVR coverage on Ethereum from roughly 3% of protocol TVL to approximately 27%, following a pilot period during which no bad debt accrued. The integration has since been extended to Arbitrum. Chainlink's own testing suggests SVR can recapture around 40% of non-toxic liquidation MEV, which at Aave's scale represents a meaningful addition to treasury revenues.

 

What Existing Users Actually Need to Do

For users currently sitting in V3 positions, Kulechov's message on The ROLLUP was simple: there is no urgency to move. V1, V2, and V3 deployments will continue operating as long as the underlying blockchains remain available. "Our V3 is a perfectly working system," he said. "There is no rush. We want it to be as organic as possible."

 

V4 does offer new collateral compositions, new hub options, and potentially improved rates depending on the position, but migration is purely optional for now. Aave Pro, the new interface designed specifically for V4, surfaces all hubs and spokes in a unified account view and shows real-time risk premiums and health factors. It is freely accessible despite the name.

 

When asked on The ROLLUP which category of protocols would benefit most if the tokenization thesis plays out and trillions of dollars of assets come onchain, his answer was concise: "Where Aave is sitting is in the middle of DeFi, stablecoins, and RWAs. And I think those three components make the future of finance." Whether V4 proves durable enough to support that kind of scale is the question the next few months will start to answer. But given Aave's long track record of delivering a quality product, we think that their success is a safe bet.