fec

Keone Hon, co-founder of Monad, posted on platform X stating that the Monad account was frozen without any warning, and he speculates that it was due to a system error. Monad has not engaged in any abnormal operations or violations of API usage. They have currently contacted the support team of platform X through various channels and expect the account to be restored soon.

Slow Fog stated that ZetaChain was exploited in an attack. Preliminary analysis shows that the root of the vulnerability lies in the lack of access control and input validation in the GatewayZEVM contract's call function. Attackers can use this to initiate malicious cross-chain calls and execute arbitrary operations to transfer funds on the target chain through a relay mechanism.Slow Fog mentioned that the attackers triggered the relayer to execute malicious calls by forging cross-chain events, thereby completing the theft of funds. Relevant attack transactions have now been disclosed.

According to Bitcoin.com, the U.S. Securities and Exchange Commission (SEC) has issued a notice seeking public comment on the rule change proposed by the NYSE Arca.The proposal requires that at least 85% of the assets in commodity trust shares must meet existing eligibility standards, with derivatives calculated based on nominal total value. Eligible assets include Bitcoin, Ethereum, Solana, and XRP, which have been traded on designated markets for at least six months and have exchange-traded products providing significant exposure, while NFTs and collectibles are explicitly excluded.If the trust holds Bitcoin and over-the-counter call options on Bitcoin ETFs, only about 71% of the exposure will meet the requirements and will not be approved. The proposal aims to limit most exposure to a manageable range of assets while allowing more products to be listed. The SEC can approve, reject, or initiate related procedures during the review period.

Tennessee Governor Bill Lee has signed a bill that officially becomes law, banning the use and installation of cryptocurrency ATMs and kiosks in Tennessee, located in the southeastern United States. Companies have only a few weeks left to comply.Lee signed Tennessee House Bill 2505 on April 13, which stipulates that starting July 1, the installation of cryptocurrency kiosks will be classified as a Class A misdemeanor. Under state law, such devices are reclassified as illegal, potentially exposing operators and businesses providing the equipment locations to a maximum of 11 months and 29 days in jail and a $2,500 fine.

Crypto analyst Murphy posted on the X platform, stating that by overlaying three sets of data (Options Gamma Exposure, Options Open Interest by Strike Price, Options ATM Implied Volatility), the impact on BTC from an options perspective shows that $80,000 is currently the first effective resistance above BTC. This position simultaneously has high Call OI, positive Gamma, and low IV conditions.As the price moves upward, the dynamic hedging of market makers can easily create selling pressure; the lower the IV, the higher the marginal sensitivity of market makers to hedge adjustments. Therefore, the thickness of this wall (OI of 7,200 BTC + positive Gamma magnitude) makes $80,000 a "hard nut to crack" in May. Once it breaks through and approaches $82,000, due to the presence of a larger scale of negative Gamma (OI of 4,644 BTC), the market may quickly switch from being suppressed to "amplified volatility" mode.

Lido has released the latest developments regarding the Kelp security incident, stating that its Earn series vaults are working with the management to address the issues, which involve two major risk points: the rsETH exposure and the liquidity tension in the lending market. Lido emphasizes that the core staking protocol has not been affected, and both stETH and wstETH remain safe and stable.Currently, only the EarnETH vault has an approximately 9% TVL exposure to rsETH, and related deposits and withdrawals have been suspended by the management, awaiting a solution. Approximately $70 million in ETH has been recovered from the previous attack, and the subsequent asset recovery and loss distribution are still in progress. In response to liquidity pressure, the management has reduced leverage and optimized the position structure, significantly decreasing the wETH debt exposure. If losses ultimately occur, EarnETH will activate a $3 million "first loss protection mechanism" (funded by the DAO). As for other vaults, DVV and EarnUSD have not been affected and are operating normally; the GGV sub-vault is currently experiencing negative returns due to the combination of circular staking strategies and rising lending rates, but adjustments are ongoing. Withdrawal requests submitted by users will be processed based on valuations prior to the incident.

In response to the security incident and supply chain security risks of the front-end platform Vercel, the Binance security team has promptly initiated an emergency response, completed a comprehensive risk assessment of the front-end of products within the Binance system, and directly contacted Vercel to verify and confirm each issue.Binance stated that its platform and user assets are not affected by this incident.

In response to the recent security incident on the Vercel platform, Jupiter stated that it has not received any notifications or signs of being affected, and its jup.ag frontend does not store any sensitive information.Jupiter has proactively implemented all security measures recommended by Vercel, completed all key rotations, and conducted a comprehensive review of system logs, finding no suspicious activity. Continuous monitoring is currently in place.

LayerZero Labs released an incident report stating that KelpDAO suffered an attack resulting in a loss of approximately $290 million. Preliminary assessments indicate that the attacker is the Lazarus Group, which has ties to North Korea (more specifically, TraderTraitor). The attack was executed by poisoning the downstream RPC infrastructure relied upon by its decentralized verification network (DVN). The attacker controlled some RPC nodes and, in conjunction with a DDoS attack, induced the system to switch to malicious nodes, thereby forging cross-chain transactions.All affected RPC nodes have been taken offline and replaced, and the DVN has now resumed operation. LayerZero emphasized that this incident was limited to the rsETH application configuration of KelpDAO and did not affect other assets or applications. The reason is that KelpDAO was using a single DVN (1/1) architecture at the time and did not utilize the multi-DVN redundancy mechanism that is officially recommended for long-term use, resulting in a lack of independent verification nodes to identify forged messages.LayerZero pointed out that there were no vulnerabilities in its protocol itself, and applications with multi-DVN configurations were not affected, meaning there is no contagious risk in the system. LayerZero stated that it will urge all projects using single DVN configurations to migrate to multi-DVN architectures as soon as possible and has suspended providing signature and verification services for 1/1 configuration applications. Meanwhile, the company is cooperating with global law enforcement agencies to investigate and assist industry partners in tracking the stolen funds. LayerZero noted that this incident highlights the value of modular security architecture and also reminds the industry to pay attention to the potential security risks of RPC verification links.

Orca posted on the X platform that its frontend is hosted on the cloud hosting platform Vercel. In response to the Vercel security incident, all potentially leaked keys and deployment credentials have been rotated out of caution. Orca's on-chain protocol and user funds were not affected. The official team will continue to monitor the situation and will provide updates as more information becomes available.

Polygon officials stated that they have been actively monitoring the rsETH vulnerability: Polygon Chain, Agglayer, and the entire ecosystem including Katana and Vaultbridge have not been affected by this incident. Polygon has safely transferred over $20 trillion in funds to date and will continue to closely monitor the situation.

According to official news, the cloud hosting platform Vercel has confirmed that a security incident has occurred, involving unauthorized access to some internal systems.Currently, only a small number of customers have been confirmed to be affected, and Vercel is communicating directly with the relevant customers. Vercel stated that its services are still operating normally, and it has initiated an investigation and hired incident response experts to assist in handling the situation, while also notifying law enforcement.Vercel recommends that all customers review their environment variables and use the sensitive environment variable feature to enhance security protection.

Lido posted on platform X that the team is aware of the developments regarding the Kelp DAO security incident. Due to the current exposure of the earnETH product to rsETH, they have proactively suspended new deposits to earnETH and are working with relevant partners to assess the situation. More information will be disclosed based on future developments. Lido added that stETH and wstETH have not been affected by the rsETH incident, and this security issue does not involve the Lido staking protocol itself.

Sky (formerly MakerDAO) posted on the X platform stating that it has currently suspended the omnichain fungible token (Omnichain Fungible Token) cross-chain bridging function for USDS. It will further assess the impact of the rsETH-related security incident while emphasizing that its protocol itself and the USDS contract have not been affected temporarily. USDS remains fully collateralized as designed by the protocol and can be verified on-chain at any time.

In response to the recent attack on the "ListaDAOLiquidStakingVault" contract, ListaDAO officially released a statement clarifying that the attacked contract was not deployed by the official team, but rather was a counterfeit contract created by an unverified third party using a similar name. All official contracts of ListaDAO were not affected by this incident.According to an in-depth analysis by the GoPlus security team, the attack occurred on April 16, 2026, and the root cause was a business logic flaw in the third-party contract. When a token transfer was made, it triggered the Dividend.setShares() function and altered the share accounting within the contract, which in turn affected the reward calculation in the claimReward() function. The attacker exploited this vulnerability to deplete the assets within the contract.GoPlus reminds that since this logical flaw exists in both segments of the contract code mentioned above, any development projects that fork or reuse this code face a high risk of being exploited. It is recommended that relevant developers promptly conduct code inspections and fixes, and implement continuous auditing mechanisms to ensure the security of smart contracts.

The token permission query tool Revoke.cash has launched a portal for checking affected addresses of CoW Swap. Users can enter their addresses in the portal to check if there are any unrevoked authorizations affecting them.Previously, CoW Swap's technical lead Felix Leupold tweeted that the CoW Swap frontend has resumed online, and users can access it via swap.cow.finance. He reminded users that they should only authorize the original GPv2VaultRelayer contract address.

Tom Lee, chairman of BitMine, a company in the Ethereum treasury, stated in an interview with CNBC, "The reason the stock market remains resilient is that even in the face of war, the economy is actually performing better than expected." He pointed out that defense spending is currently about $30 billion per month and could rise to $60 billion per month in the future, which has a significant stimulating effect on the economy; meanwhile, the rise in oil prices by $20 per month only adds about $12 billion in burden to households, "Overall, the war is actually helping corporate profits right now."Tom Lee cited historical precedents, saying, "Looking back at World War II, the stock market bottomed out in May 1942, just five months after the U.S. entered the war, and at that time, no American troops had even set foot on the European or Pacific battlefields." He believes, "The market is very good at pricing in outcomes ahead of time; the current rise in the stock market means that the market is pricing in a favorable outcome, although I can't clearly articulate the specific reasons, but that's the signal conveyed by the market's performance."Regarding the three major variables in the current market— the Iran war, corporate earnings reports, and interest rates—Tom Lee stated, "Among the three, only war can create tail events in both directions, so this is the variable that deserves the closest attention." In terms of sector allocation, he remains bullish on the energy sector and pointed out that energy security is one of the most important structural themes in recent years.