South Korea’s largest cryptocurrency exchange, Upbit, has partnered with the Optimism Foundation to build Giwa Chain, a new Ethereum-based Layer 2 blockchain network.

 

Giwa Chain, which will be built on Optimism’s open source OP Stack, will be the first of its kind built on the self-managed tier of Optimism’s OP Enterprise and stems from the growing need for exchanges to build their own blockchains.

 

 

While crypto exchanges using shared chains are not inherently problematic, issues arise as usage increases, making it difficult for these networks to handle the growing workloads of exchanges, including institutional transaction volumes, compliance requirements, and fee economics, which often compound as an exchange scales. For a global exchange like Upbit, which serves more than 13 million users and ranks among the top exchanges by spot trading volume, owning and managing its own blockchain is critical for performance and scalability.

 

By partnering with Optimism to build a self-managed chain, Upbit allows Optimism to manage key technical aspects of the chain’s infrastructure, including tooling and engineering support, while still retaining sovereignty over the chain’s control and overseeing key functions such as the primary sequencer, chain configuration, and operational authority.

 

“Operating our own Giwa Chain is a strategic move for Upbit. Our goal is to provide institutional and retail users with a level of performance and compliance consistent with our existing platform,” said Minseok Jung, Chief Operating Officer of Dunamu Inc.

 

“The Optimism Foundation’s self-managed tier provides a suitable framework, allowing us to maintain operational control while building on established infrastructure. This approach aligns with our requirements for scalability and oversight.”

 

Giwa Chain is currently live on testnet, with mainnet deployment to follow. Dunamu, the parent company of Upbit, has also signed a memorandum of understanding with the Optimism Foundation on May 4, outlining key aspects of Giwa Chain, including its architecture reviews, performance benchmarking, and security audits.

 

Crypto Exchanges Building Their Own Chains

There has been an increase in the number of cryptocurrency exchanges building their own layer 2 blockchains, with many doing so for improved infrastructural performance and to gain control over fees, transaction sequencing, user experience, and compliance.

 

The OP Stack has been instrumental in this development, with the Optimism Foundation stating that its OP Stack currently houses over 32 layer 2 blockchain networks, including Binance’s opBNB chain, Kraken’s Ink chain, Gate.io’s Gate Layer, and OKX’s X Layer.

 

 

Wasabi Protocol, a multichain decentralized perpetual futures trading platform, was hit by an exploit that led to the loss of more than $5 million across several chains.

 

The exploit, according to blockchain security company PeckShield, was carried out across multiple chains, including Base, Berachain, Blast, and Ethereum, which is its main deployment chain.

 

The incident was also flagged by blockchain security firms CertiK and Blockaid, with both firms attributing the cause of the hack to a compromise of the Wasabi deployer wallet, which allowed the attacker to gain privileged admin access and subsequently drain funds from the protocol.

 

“The Wasabi deployer externally owned account was used to grant admin role access to an attacker-controlled helper contract, which then upgraded the perpetual vaults and LongPool to a malicious implementation that drained balances,” Blockaid wrote in a post on X.

 

“All Wasabi and Spicy liquidity provider share tokens minted by these vaults should be treated as compromised. The underlying assets backing them have been drained or are at risk while the Wasabi deployer key remains active. End users holding these tokens are showing book value, but the redemption value is zero,” the firm added, while recommending the immediate flagging and revocation of these tokens.

 

Blockchain security firm Cyvers also provided further details on how the incident occurred. According to Cyvers, a crypto wallet funded through Tornado Cash was used to deploy a malicious contract on Wasabi Protocol across the Base and Ethereum chains.

 

As a result of this malicious contract deployment, about $4.5 million in various crypto assets, including WETH, USDC, BTC, VIRTUAL, and cbBTC, as well as memecoins such as PEPE, MOG, and REKT, were stolen. The funds were later consolidated into Ether and distributed across multiple wallet addresses outside the protocol.

 

Wasabi Protocol Responds

Following the disclosure of the exploit by security teams, the Wasabi team, in a post on X, stated that they were aware of the breach and were actively investigating the incident alongside security experts, notably Security Alliance and Blockaid.

 

The team also warned against interacting with a list of compromised vaults and EVM positions across Base, Blast, and Berachain, while stating that users whose vaults were not among the compromised list could proceed with withdrawals at any time.

 

The Wasabi exploit closed the month of April, which recorded some of the largest crypto exploits, including those involving Drift Protocol and KelpDAO, which led to losses of $285 million and $293 million, respectively.

 

 

Cryptocurrency exchange OKX has launched Agent Payments Protocol (APP), a new payment protocol that allows AI agents to perform commercial activities.

 

The new payment protocol, according to OKX, is an open standard that defines how AI agents communicate and negotiate, pay for services, and pay each other. It also, for the first time, allows AI agents to move beyond simple payments and into full-scale commerce.

 

 

“In the past few months, AI agents moved from answering questions to running workflows, managing business processes, and acting autonomously on behalf of users,” OKX wrote in a blog post. “The bottleneck shifted from intelligence to commerce - not just paying, but the full cycle of doing business: quoting, negotiating, escrowing funds, metering usage, settling, and resolving disputes.”

 

This existing problem among AI agents is what OKX aims to solve with its new Agent Payments Protocol (APP), allowing agents not only to manage single payment requests but also to manage payment requests across multiple levels.

 

Inside the Agent Payment Protocol

The agent payment protocol (APP) from OKX is an open standard designed to work across all chains, especially the Solana and Ethereum blockchains.

 

APP unlocks new capabilities for AI agents, making it possible for these agents to operate and communicate autonomously across the full commerce lifecycle, pay each other through agent-to-agent payments, and also allowing AI agents to perform upfront and top-up payments, including deductions.

 

At its implementation layer is the payment software development kit (SDK) that makes it possible for developers to accept and make agent payments with just a few lines of code. According to the blog announcement, the agent payment protocol supports a wide variety of payments, including one-time payments, batch payments, pay-as-you-go, and escrow payments, which OKX says is coming soon.

 

Embedded within the payment protocol is the OKX self-custodial agentic wallet, which supports over 20 blockchains. Since the wallet is secured by means of a Trusted Execution Environment (TEE), a hardware-based security environment, the wallet’s private keys and sensitive operations are kept highly secure.

 

Despite its early launch, the OKX agent payment protocol is currently supported by major cloud infrastructure firms, including Amazon Web Services (AWS) and Alibaba Cloud, as well as blockchain companies such as Uniswap, Paxos, MoonPay, Zerion, and Nansen.

 

With the launch of its payment protocol, OKX joins companies such as Coinbase, Stripe, and OpenAI, which have already launched their payment protocols, namely x402, Agentic Commerce Protocol (ACP), and Machine Payments Protocol (MPP), respectively.

 

 

MetaMask cofounder Dan Finlay has left Consensys after spending about a decade working with the self-custodial wallet firm.

 

Finlay announced his departure from Consensys in a Thursday post on X, citing burnout and the need to spend more time with his family. He also wished the Consensys team well, saying the team has an amazing road ahead of them.

 

 

Since joining Consensys in 2016, Dan Finlay, alongside cofounder Aaron Davis, worked hand in hand on the development of MetaMask, Consensys’s self-custodial wallet. Finlay played an instrumental role in shaping MetaMask, transforming it from a browser-based Ethereum wallet into one of the mainstream crypto wallets, enabling access to decentralized finance (DeFi), non-fungible tokens (NFTs), and many other on-chain services.

 

Finlay was also key in the design and creation of some of MetaMask’s technical features, including Snaps, a MetaMask feature that allows third-party developers to safely extend MetaMask’s capabilities. Some of the capabilities added through Snaps include the ability to explore other blockchains such as Bitcoin, Solana, and Cosmos, as well as improved security features and the ability to receive warnings about malicious transactions occurring within a MetaMask wallet.

 

On his last day at Consensys, Finlay highlighted the launch of Advanced Permissions, ERC-7715, stating that he was over the moon regarding its launch. Advanced Permissions is a feature that allows decentralized applications to request pre-approved permissions from a MetaMask user to execute transactions on their behalf.

 

With this Advanced Permissions ERC-7715 feature, a user can activate or grant a particular request in their MetaMask wallet without having to manually approve it repeatedly.

 

Voluntary Exits Not Uncommon Among Crypto Founders

Like Dan Finlay, it is not uncommon to see crypto founders voluntarily step away from work to focus on other important aspects of life, especially their families.

 

On the same day Finlay announced his exit from ConsenSys, Bitcoin advocate and podcaster Preston Pysh announced that he was stepping away from public work and social media to focus on his wife and children.

 

Earlier this month, Ethereum researcher Josh Stark announced his departure from the Ethereum Foundation after spending five years there. According to an X post, Stark said he was stepping away from work to focus more on his family and friends.

 

 

The Aave DAO is being asked to commit 25,000 ETH from its treasury to help close a massive funding gap left behind by the April 18 exploit of Kelp DAO's rsETH bridge, a vulnerability that drained roughly $292 million from one of DeFi's most widely-used liquid restaking products. The proposal, put forward Thursday by Aave service provider TokenLogic, would make Aave the single largest contributor to a broader coalition effort dubbed "DeFi United", a coordinated response involving some of the sector's biggest names.

 

The attack exploited a configuration flaw in Kelp's LayerZero bridge adapter, which was running a single-verifier setup. That weakness let the attacker mint 152,577 rsETH tokens that had no actual ETH backing, which were then used as collateral on Aave to borrow approximately $190 million in legitimate assets. The fallout was severe. More than $10 billion in net withdrawals hit Aave in the days following the breach, and the protocol's affected V3 deployments on Ethereum, Arbitrum, and Mantle were left sitting on bad debt that, by various estimates, lands somewhere between $123 million and $230 million, depending on how recoveries play out.

 

The Funding Gap and How It Gets Closed

At the prevailing rsETH-to-ETH ratio of 1.0696, the original shortfall came out to roughly 163,183 ETH. Since then, a series of coordinated actions have chipped away at the hole. Kelp recovered and froze tokens representing approximately 43,168 ETH in value. The Arbitrum Security Council stepped in to freeze 30,766 ETH that the attacker was still holding on that network, following input from law enforcement. Liquidating the hacker's remaining positions across Aave and Compound is expected to recover a further 14,168 ETH. That gets you to a shortfall of around 75,081 ETH, still a very large number.

 

To plug what remains, the DeFi United coalition has assembled a funding stack that combines direct donations, a credit facility, and the requested Aave treasury contribution. Public contributors including EtherFi, Lido, Ethena, Ink Foundation, BGD Labs, and several individual ecosystem participants have pledged a combined 14,570 ETH so far, with more conversations reportedly in progress. Mantle has proposed a credit facility of up to 30,000 ETH, structured with interest at Lido's rate plus 1% and a repayment term of up to 36 months. Bybit co-founder Ben Zhou said the exchange, as Mantle's largest stakeholder, would vote yes on the facility, drawing a parallel to industry support Bybit received after its own security incident. Together, those streams narrow the residual gap to approximately 30,000 ETH. The Aave treasury request covers most of that.

 

 

A Complex Recovery With Real Execution Risk

What makes this more complicated than a straightforward treasury disbursement is the mechanics of actually executing the recovery. The coalition needs to place the full 120,015 ETH into the LayerZero lockbox to restore rsETH's backing. But a significant chunk of the expected recoveries, roughly 44,787 ETH worth, are not yet liquid. They depend on the Arbitrum Security Council releasing frozen funds, and on successfully liquidating the attacker's positions on Aave and Compound. Those processes could stretch out over weeks.

 

To bridge that timing gap, the coalition is arranging a separate tranche of short-duration loans from additional ecosystem partners. The proposal also includes a notable authorization: Aave Labs would be permitted to pledge DAO assets and future protocol revenue as collateral to secure these funding arrangements. That is a significant move, and the TokenLogic proposal is candid about the risks involved, noting the recovery depends on actions outside the coalition's control, including Kelp reopening withdrawals, LayerZero reopening its bridge, and the Security Council completing its process. "This is a call to arms," the proposal states. "The path there is not risk-free."

 

What the Industry Is Saying

Aave founder Stani Kulechov has already put skin in the game, pledging 5,000 ETH personally stating that "Aave is my life's work and we're working nonstop to find the best possible outcome for users.". The response has drawn both measured optimism and pointed skepticism from across the ecosystem. Matthew Pinnock, COO at Altura DeFi, told Decrypt the effort signals that DeFi is "moving beyond isolated protocols to a more coordinated financial system," while also emphasizing that "socialised recovery methods" need to be paired with clear accountability frameworks. Georgii Verbitskii, founder of yield platform TYMIO, was more cautious, telling the publication that without concrete details on the initiative's structure, "it's difficult to expect any meaningful structural shift in DeFi." He also predicted the incident would push users and protocols toward more conservative, base-layer configurations, likely reducing appetite for wrapped products and liquid staking derivatives.

 

 

On the constructive side, Sergey Kravtsov, CEO of Papaya Finance, described the coordinated effort as "an emergent immune response of a financial system that is actually decentralized", competing protocols stepping in because letting bad debt cascade, as he put it, "would have hurt everyone."

 

Governance Process Still Underway

The proposal is currently in the community feedback phase on Aave's governance forum. If it reaches consensus, it moves to a Snapshot vote before heading to an on-chain AIP. Timing matters here. The DeFi United coalition has flagged that ETH price appreciation could make the dollar-denominated bad debt worse by the hour if governance moves slowly. A separate proposal to pause AAVE buybacks has also been floated, suggesting the DAO is bracing for a period of concentrated capital deployment.

 

For Aave, this is partly precedent-following. After the 2022 CRV short-squeeze incident left the DAO with roughly $1.9 million in bad debt, it chose to cover the shortfall rather than socialize losses among suppliers. The current situation is orders of magnitude larger, but the underlying posture is the same: the Aave DAO balance sheet is being positioned as a backstop for systemic DeFi events, at least when the protocol itself is directly exposed. Personally, it is amazing to see the DeFi community rally behind this endeavor in wake of such a monumental exploit.

 

Tokenized stocks have crossed the $1 billion market cap marking a major turning point for RWAs on-chain. Public equities drove the surge, with platforms like Ondo Global Markets and xStocks leading the charge, while tokenized private equities on Solana continue to gain early traction and expand rapidly.

 

The rise of tokenized stocks brings several benefits to investors as they enable 24/7 global trading without the traditional T+2 settlement delays, allowing markets to operate continuously rather than shutting down after regular hours. Fractional ownership lowers the barrier for smaller investors to gain exposure to stocks and private investments. Assets can be used directly as collateral in DeFi protocols, creating new opportunities for yield generation and liquidity with instant settlement that reduces counterparty risk and improves capital efficiency. 

 

Ondo Finance and xStocks together account for over 90% of the tokenized stock market cap. Ondo leads at $741.1M (heavily on Ethereum at $440.1M and BNB Chain at $283.2M), followed by xStocks at $315.2M (dominant on Solana with $258.4M and reach through CEXs like Kraken and Bybit). The rest includes Superstate, Robinhood on Arbitrum, Dinari, and PreStocks’ $17.8M in tokenized private equities. Launched in June 2025, xStocks has already facilitated over $3.5 billion in on-chain transaction volume and $25 billion in total trading volume, tokenizing major assets like SPYx, QQQx, NVDAx, and TSLAx. 

 

Another interesting segment is tokenized pre-IPO stocks that bring exposure to private companies like Anthropic directly onto Solana via platforms such as PreStocks. These tokens are created through Special Purpose Vehicles (SPVs) that hold shares or exposure acquired on secondary markets. PreStocks then issues 1:1 backed SPL tokens on Solana that track the company's implied valuation which lets holders get price exposure with 24/7 trading on DEXes like Jupiter. The tokenized pre-IPO sector has grown roughly 200% year-to-date, with Anthropic leading the surge. 

However, Ethereum is still the clear leader when it comes to bringing stocks on-chain, as it’s become the primary home for major financial moves as the value of funds moving onto Ethereum has grown 20x since the start of 2024, thanks to massive names like BlackRock and Fidelity launching their own products there. This dominance extends across other major real-world asset categories as well, with the network maintaining a strong position in tokenized commodities, funds, and stablecoins.

 

 

Nasdaq has secured SEC approval to trade tokenized Russell 1000 stocks and major index ETFs on the same order book as their traditional counterparts, while the NYSE is building a 24/7 on-chain venue with instant settlement and stablecoin funding in partnership with Securitize and the DTCC’s tokenization infrastructure. Firms like Franklin Templeton, JPMorgan, and Apollo are rolling out tokenized money market funds, credit strategies, and other securities across networks that reache beyond Ethereum and Solana to include chains like Polygon, Avalanche, Base, Aptos, and Stellar, reflecting a multi-chain strategy to plug directly into different DeFi ecosystems. 

 

Ondo Global Markets, now one of the main issuers of tokenized U.S. stocks and ETFs, blocks U.S. users and anyone trading from inside the country, and pushes those restrictions through partners like MetaMask, Binance Wallet, and centralized exchanges that list its products. Kraken’s xStocks do the same, limiting access to non U.S. clients in a set list of jurisdictions and explicitly excluding residents of the United States, Canada, the U.K., and Australia. On Solana, the pre-IPO names led by PreStocks let people trade tokens linked to companies like Anthropic, but they sit in a gray zone because they’re SPV based claims with no audited, public proof of backing, wide gaps between implied token prices and private round valuations, thin liquidity, and no clear path for U.S. retail to participate. So while Binance, OKX, Kraken, and others rush to put tokenized stocks in front of millions of users, most of the real volume is still offshore, and U.S. investors are mostly stuck watching from the sidelines until policy catches up.

 

 

Cryptocurrency exchange Coinbase has rolled out crypto-backed loans for users in the United Kingdom, allowing users to borrow USDC against Bitcoin (BTC), Ether (ETH), and Coinbase Wrapped Staked Ether (cbETH) holdings.

 

The launch, announced this Monday, is part of Coinbase’s overall efforts to build a leading financial app in the UK that allows users to invest, manage, and grow their money.

 

 

The loans will be issued through Morpho, a decentralized finance lending protocol on Base, and according to Coinbase, users will be able to borrow up to $5 million in USDC, depending on the amount of Bitcoin and other eligible assets they hold as collateral. Coinbase says the interest rates will vary, depending on market conditions on Base, and that these rates will be set by Morpho.

 

It is also important to note that while there is no fixed repayment schedule for the borrowed loans, borrowers face liquidation risk if the loan-to-value ratio exceeds specific thresholds that will be set by Coinbase.

 

The crypto-backed loans can be accessed through the Coinbase app, where users can choose the amount of USDC they want to borrow and their preferred collateral asset. Once this is done, the pledged collateral will be transferred on-chain to a Morpho smart contract, and the USDC loans will be automatically disbursed to the user’s Coinbase account, which can then be converted to British pounds (GBP).

 

Coinbase Expands Its Crypto Efforts

Coinbase is one of the cryptocurrency exchanges leading development at the intersection of blockchain technology and artificial intelligence (AI).

 

In an X post last weekend, Coinbase CEO Brian Armstrong announced that the exchange was testing and integrating two AI agents into Slack and email. These AI agents will serve as virtual workers, able to perform on-chain actions such as holding funds, spending and sending money, trading, and earning yield.

 

This recent development comes shortly after Coinbase launched the x402 Foundation, designed to enhance the use of its x402 protocol as a standard payment protocol for internet native payments.

 

To achieve its “Everything Exchange” goal, Coinbase made a number of significant acquisitions last year, including the acquisition of the Deribit exchange and Echo. The exchange has also rolled out stock and ETF trading in-app for all eligible users, with its most recent rollout in Canada.

 

 

AllUnity, a regulated European stablecoin issuer, is bringing EURAU, its Markets in Crypto-Assets compliant stablecoin, to major decentralized exchanges.

 

The announcement, made recently by the issuer, will see the introduction of AllUnity’s EURAU stablecoin in two trading pairs across multiple chains. These include the EURAU/USDT pair on the Ethereum and Solana blockchains via Uniswap and Raydium, as well as the EURAU/USDT0 trading pair on the Tempo blockchain via Uniswap.

 

To support this expansion initiative, Flowdesk, a regulated digital asset trading firm, will serve as the main liquidity provider for the EURAU rollout across the different decentralized exchanges. This move is expected to improve EURAU’s integration and utility in decentralized finance, enabling traders to swap between EURAU and USDT with reduced slippage.

 

According to Rupertus Rothenhäuser, Chief Commercial Officer at AllUnity, the expansion represents a key step toward building a robust and accessible euro liquidity layer. He added that it will enable seamless euro to dollar trading and empower institutions and liquidity providers to participate in deep and efficient markets.

 

Dollar-pegged stablecoins continue to dominate

Stablecoins tied to the U.S. dollar continue to maintain the largest share of the more than $320 billion stablecoin market cap. According to a report, USD pegged stablecoins make up about 99 percent of the total global stablecoin supply, with Tether’s USDT and Circle’s USDC being the largest by market cap.

 

Euro pegged stablecoins account for a small share of the global supply, with a market cap of about €450 million to approximately $1 billion, representing less than 0.3 percent of the total.

 

Despite remaining a niche segment of the crypto market, euro pegged stablecoins have seen some institutional adoption in recent months. In February this year, Société Générale, one of Europe’s largest banks, expanded its euro pegged EURCV stablecoin to the XRP Ledger and the Stellar blockchain.

 

In December last year, about twelve of Europe’s largest banks, including ING, UniCredit, BNP Paribas, and CaixaBank, formed Qivalis, a joint consortium to launch a euro pegged stablecoin. The consortium has engaged in regulatory dialogue with the Dutch National Bank and has entered advanced talks with cryptocurrency exchanges regarding the launch, which is expected this quarter. 

 

 

A carefully planned attack on Kelp DAO's cross-chain bridge drained 116,500 rsETH, worth roughly $292 million, from the liquid restaking protocol on Saturday, instantly becoming the largest DeFi exploit of 2026. The fallout spread almost immediately, pulling in Aave, SparkLend, Fluid and Lido before Kelp's own emergency systems could fully catch up.

 

The exploit was first flagged by on-chain investigator ZachXBT at around 2:52 PM ET, with six attacker wallets identified. Those wallets, it turned out, had been pre-funded via Tornado Cash, the coin-mixing service widely used to obscure transaction origins. That kind of preparation doesn't happen overnight, and points to a deliberate, well-resourced operation that had studied Kelp's architecture before making its move.

 

How the Attack Worked

At 17:35 UTC, an attacker-controlled wallet called the lzReceive function on LayerZero's EndpointV2 contract. LayerZero is the cross-chain messaging infrastructure that Kelp relied on to move rsETH between networks. By spoofing a valid instruction from another chain, the attacker tricked the bridge's verification logic into releasing 116,500 rsETH directly to an address they controlled. It was a clean hit. Kelp's emergency multisig paused core contracts 46 minutes later, at 18:21 UTC. Two follow-up attempts at 18:26 and 18:28 UTC were blocked, each carrying the same LayerZero packet aimed at pulling another 40,000 rsETH worth roughly $100 million. The pause held.

 

The bridge that was drained served as the reserve backing wrapped versions of rsETH deployed across more than 20 networks, including Arbitrum, Base, Linea, Blast, Mantle and Scroll. With those reserves gone, holders of rsETH on layer 2s are now left wondering what exactly their tokens are worth. That uncertainty creates a dangerous feedback loop: panic redemptions on layer 2 networks pressure the unaffected Ethereum-side supply, which in turn could force Kelp to unwind underlying EigenLayer restaking positions to honor withdrawals.

 

The Contagion Moves Fast

The stolen rsETH didn't just sit in an attacker's wallet. The second phase of the attack played out on Aave V3, where the attacker deposited the drained rsETH as collateral and borrowed a substantial volume of Wrapped Ether against it. Because the rsETH was no longer backed by anything real at that point, the resulting debt positions are effectively unliquidatable. Aave's WETH reserve is now carrying bad debt it cannot recover through normal liquidation mechanisms. Some estimates put the bad debt exposure on Aave V3 at close to $177 million.

 

Aave moved quickly, freezing rsETH markets on both V3 and V4 within hours. Founder Stani Kulechov clarified on X that Aave's own contracts had not been compromised and that the freeze was precautionary while the situation was assessed. The AAVE token still dropped about 10% on the news, a reflection of how exposed the protocol's broader ecosystem appeared even if its core code was clean. SparkLend and Fluid followed with their own rsETH market freezes.

 

Lido Finance paused additional deposits into its earnETH product, which carries rsETH exposure, while being careful to note that stETH and wstETH remain unaffected. Ethena, the stablecoin issuer, took its own precautionary step, temporarily shutting down its LayerZero OFT bridges from Ethereum mainnet for roughly six hours despite having no direct rsETH exposure and maintaining collateralization above 101%. Upshift, which runs non-custodial yield vaults, paused deposits and withdrawals to its High Growth ETH and Kelp Gain vaults, though its USDC and AUSD products had no rsETH exposure.

 

Kelp's Response, and Its History

Kelp, which operates under the KernelDAO umbrella, posted its first public acknowledgment on X at 20:10 UTC, nearly three hours after the drain. The team said it was investigating the suspicious cross-chain activity with LayerZero, Unichain, its auditors and external security specialists. It has not yet disclosed how the attacker bypassed the bridge's validation logic or what the path to recovery looks like for rsETH holders across layer 2 networks.

 

It isn't Kelp's first serious incident. Back in April 2025, a bug in its fee contract caused excess rsETH minting and triggered a temporary pause, though that event did not result in direct user losses. This time the damage is far more severe and far more public.

 

 

The Kelp DAO exploit overtakes the Drift Protocol hack from April 1, 2026, where attackers drained roughly $295 million from the Solana-based perpetuals exchange in a targeted administrative breach, as 2026's largest DeFi loss. The pattern is hard to ignore. DeFi attacks are getting larger and more sophisticated, and as Ledger CTO Charles Guillemet noted earlier this month, AI tools are now actively lowering the cost and complexity of carrying out these attacks.

 

What the Kelp incident also lays bare is a structural risk baked into DeFi's composability model. Liquid restaking tokens like rsETH were whitelisted as collateral on major lending protocols because they held real value and generated real yield. The assumption underlying all of that was that the token would remain fully backed. When that assumption collapsed on Saturday afternoon, there was no circuit breaker, no committee vote and no grace period. The losses cascaded instantly across protocols that had nothing to do with the original exploit. That's the architecture working exactly as designed, and also its greatest vulnerability.

 

The Ethereum Foundation has committed $1 million to subsidize smart contract security audits for developers building on Ethereum mainnet, a move that signals how seriously the organization is taking security as the network continues its push toward broader adoption. The initiative, called the Ethereum Security Subsidy Program, was announced April 14 on X and arrives at a time when the cost of professional audits has long been a sticking point for smaller teams trying to ship responsibly.

 

The program was built in partnership with digital asset advisory firm Areta, along with Nethermind and Chainlink Labs. Through Areta Market, the foundation is connecting builders with a pool of more than 20 vetted audit firms, including well-known names like Certora, BlockSec, Quantstamp, Spearbit, Sherlock, Zellic, Hacken, Cyfrin, Dedaub, Immunefi, and Nethermind Security. Rather than running a slow, confusing grant process, approved projects get subsidies applied directly through the platform, then request quotes, and can reportedly get them back within 48 hours.

 

How It Works

Builders submit applications through a form on Areta Market. From there, an Expert Committee, made up of representatives from the Ethereum Foundation, Areta, Nethermind, Chainlink Labs, and audit partners, reviews each submission. Selected teams can receive subsidies covering up to 30% of their total audit costs, with higher support possible on a case-by-case basis for certain projects. There is no fixed deadline for applications. The subsidy pool is distributed on a first-come basis until the $1 million is exhausted, with new cohorts picked every month.

 

The program is open to all Ethereum mainnet builders regardless of project size or development stage, though the foundation has said it will prioritize teams aligned with what it calls the CROPS principles: Censorship Resistance, Open Source, Privacy, and Security. The foundation published this framework just last month as part of a broader mandate defining its role and what it expects from builders in the Ethereum ecosystem.

 

Part of a Bigger Push on Security

This subsidy program did not come out of nowhere. It sits inside the foundation's broader Trillion Dollar Security Initiative, which launched last year and is explicitly focused on raising the network's security standards as Ethereum scales to handle more complex applications and larger sums of on-chain value. The thinking behind that initiative has always been that security infrastructure needs to grow alongside adoption, and audit access has been one of the more persistent gaps.

 

Areta CEO Fin Boothroyd framed the launch this way on X: the program is a joint initiative with top-tier audit providers, backed by an expert committee made up of leading voices from organizations that know Ethereum well. Notably, Areta ran a comparable $1 million audit subsidy for Solana developers prior to this, which gives the firm a useful blueprint for how these programs tend to play out in practice.

 

The Ethereum Foundation has been active on several fronts beyond this. In March 2026, it partnered with Morpho to expand its involvement in decentralized finance. In February, it rolled out Project Odin, a separate effort aimed at supporting teams building core infrastructure, particularly those that provide essential services but struggle to secure reliable funding. The audit subsidy program fits neatly into that broader pattern of trying to shore up the ecosystem before problems develop rather than after.

 

Wider Industry Context

The Ethereum Foundation is not alone in making these kinds of moves right now. Last month, Aave Labs announced a $1.5 million audit program focused specifically on securing the newly released Aave V4 protocol, another sign that some of the larger DeFi players are taking the cost-of-security problem seriously. The pattern emerging here looks like a coordinated, if informal, industry-wide shift toward treating security infrastructure as something worth investing in upfront.

 

Smart contract audits have always been considered a baseline best practice before deployment, yet for many teams, particularly earlier-stage ones, the cost has been prohibitive enough to skip or delay. If the program works as intended, more code gets reviewed before it goes live. That matters to the network given how much value is at stake on Ethereum at any given moment, and how frequently vulnerabilities in unaudited contracts have led to significant losses across DeFi.

 

There is still the question of whether $1 million is really enough to move the needle at scale. Audit costs vary widely depending on protocol complexity, and covering 30% of fees, while helpful, still leaves a meaningful share of the bill on the builder. The foundation has left the door open to higher support for select projects, which suggests it knows the ceiling matters. For now, the program represents a concrete, operational step rather than just a policy statement, and that puts it ahead of most security initiatives that never get past the announcement stage.

 

Hyperbridge, a cross-chain interoperability protocol built on Polkadot, was recently hit by a hack that led to the loss of approximately 108.2 ETH, roughly $237,000.

 

The attack, which occurred in the early hours of Monday, was caused by the exploitation of a smart contract vulnerability in the protocol’s token gateway contract on Ethereum.

 

 

By taking advantage of this vulnerability, the attacker forged a cross-chain message and proof that allowed them to bypass the Merkle proof verification of Hyperbridge’s Ethereum HandlerV1 contract. As this contract is central to security and proof verification on Hyperbridge’s Ethereum side, the attacker was able to gain unauthorized administrative control over the bridged DOT token contract on Ethereum.

 

With this administrative authority, the attacker minted approximately one billion fake bridged DOT tokens in a single transaction. The tokens were then immediately dumped into various liquidity pools through Uniswap V4 and other crypto aggregators such as Odos. However, due to poor liquidity and limited trading activity for the bridged DOT token on Ethereum, the attacker was only able to extract about 108 ETH, valued at roughly $237,000.

 

Polkadot acknowledged the incident in a statement on its official X account, noting that it was aware of the situation. The team stated that the breach only affected DOT tokens on Ethereum, and confirmed that its native DOT cryptocurrency, as well as DOT bridged through other platforms, remained unaffected.

 

To contain the issue, Hyperbridge temporarily paused the protocol. Seun Lanlege, founder of Polytope Labs, the team behind Hyperbridge, stated that the issue was under investigation shortly after the incident occurred.

 

 

Hyperbridge April Fool Joke

The Hyperbridge hack comes shortly after the team made an April Fool's joke on the 1st of April about being hacked, dismissing the idea as a joke and boasting that the protocol was unhackable, a move that sparked criticism about the team’s overconfidence.

 

 

Lanlege, the protocol’s founder, was also called out, with some in the crypto community accusing him of ignoring and rejecting security feedback and tests from white hat researchers who had identified flaws in the protocol’s security system.

 

The Hyperbridge exploit is one of almost 10 smart contract vulnerability exploits we have seen this year. In January, DeFi protocol Truebit and decentralized exchange aggregator Swapnet were hit by smart contract vulnerability exploits that led to the loss of approximately 26.4 million dollars and $13.4 million, respectively.

 

Solv Protocol and CrossCurve were also hit in the following months by smart contract vulnerability exploits. So far, over $400 million has been lost to crypto-related hacks and exploits this year.

 

 

Charles Schwab, the Texas-based brokerage giant with more than $12.2 trillion in assets under management, confirmed Friday it is on track to roll out spot Bitcoin and Ethereum trading for U.S. clients before the end of Q2. It is, by any measure, a significant moment for the digital asset industry, though the market's reaction has been muted so far.

 

"We remain on track to launch our spot crypto offer in the first half of 2026, starting with Bitcoin and Ethereum," a company spokesperson told reporters Friday. Clients looking for early access can now join a waitlist through the newly launched Schwab Crypto page, which has quietly appeared under the firm's Investment Products section online.

 

A Phased Rollout

CEO Rick Wurster, confirmed the launch will start in Q2 with a limited client pilot before widening to the broader investor base. Before that even happens, the firm plans to test the product internally with its own employees, a cautious approach that is very much in line with how Schwab tends to operate.

 

The service will be operated through Charles Schwab Premier Bank, SSB, a regulated banking subsidiary. Although, not everyone in the U.S. will have access at launch. Residents of New York and Louisiana are excluded from the signup form, due to tight state-level regulatory considerations that have long complicated crypto product rollouts in those markets.

 

What This Actually Means for Crypto Exchanges

The competitive implications here are real. Schwab is not some fintech startup trying to chip away at Coinbase's market share from the margins. This is a firm with tens of millions of existing retail and institutional clients who already trust it with their stocks, bonds, and retirement accounts. Bringing Bitcoin and Ethereum into that same account view, without needing a separate wallet or a new platform login, removes one of the biggest friction points keeping traditional investors on the sidelines.

 

Bloomberg ETF analyst Eric Balchunas has flagged pricing as the key variable to watch. Schwab already offers zero-commission stock and ETF trading. If the firm prices spot crypto below 50 basis points, the pressure on crypto-native exchanges could be significant, particularly for casual retail traders who are cost-sensitive and already comfortable inside the Schwab ecosystem.

 

Are Stablecoins Next?

Spot trading is likely just the opening move. Wurster signaled during an earnings call late last year that the firm wants exposure to stablecoins as well, describing them as something that will likely play a role in transacting on blockchains. A stablecoin offering, if it materializes, would put Schwab in even more direct competition with crypto-native platforms and potentially with payment networks.

 

The firm has also been expanding through acquisitions. Earlier this year, Schwab announced a $660 million deal to buy private shares platform Forge Global, aimed at giving clients access to pre-IPO investments. Wurster has said Schwab remains open to further deals in the crypto space if the right opportunity and valuation align.

 

Where Bitcoin and Ethereum Stand Right Now

At the time of writing, Bitcoin was trading near $67,000, down roughly 47% from its all-time high of $126,080. Ethereum sat around $2,050, off nearly 59% from its own peak set last August. Both assets have had a difficult few months, which makes the timing of Schwab's entry intriguing. The firm is coming in during a period of weakness, not euphoria, which could prove to be well-timed when the market recovers.

 

Schwab shares closed Thursday up about 1.5%, trading near $93.77, representing roughly a 19% gain over the past year. That compares favorably with Bitcoin's 18.5% decline over the same stretch. The brokerage's stock has, for now, outperformed the very asset class it is preparing to offer its clients.

 

Whether Schwab's entry into spot crypto ultimately proves to be a turning point for mainstream adoption, or just another incremental step in a long institutional migration into digital assets, remains to be seen.