incident

Former U.S. President Obama posted a response this morning regarding the shooting incident at the White House Correspondents' Dinner. He stated that although the details of the motive behind the shooting are still unknown, "everyone should reject the notion that violence has any place in our democracy. This is also a thought-provoking reminder that highlights the courage and sacrifice demonstrated by the agents of the U.S. Secret Service every day."

Trump stated in a post: "What happened last night (referring to the White House Correspondents' Dinner shooting incident) is exactly why our great military, Secret Service, law enforcement, and past presidents over the last 150 years have demanded the construction of a large, secure banquet hall within the White House. If it weren't for the military's top-secret banquet hall currently being built at the White House, this incident would not have occurred. The sooner it is built, the better!It is not only beautiful but also equipped with all the highest-level security facilities. Furthermore, it does not have upstairs rooms that allow unauthorized personnel to enter freely, and it is located within the gates of the safest building in the world—the White House. The absurd lawsuit regarding the banquet hall raised by a woman walking her dog must be withdrawn immediately; she is not qualified to file such a lawsuit. Nothing should interfere with the construction of the banquet hall, which is well within budget and progressing far ahead of schedule!"It is reported that the shooting incident at the White House Correspondents' Dinner occurred at the Washington Hilton. In July 2025, the Trump administration launched a renovation plan for the East Wing of the White House, intending to demolish the existing building and construct a large banquet hall of approximately 8,300 square meters, capable of accommodating about 1,000 people, along with supporting facilities such as an underground hospital and air raid shelter, with a budget of $300-400 million entirely funded by private donations (from tech giants, etc.) to address the severe space shortage of the current state dining room.After the project quickly demolished the East Wing, it faced lawsuits from organizations such as the National Trust for Historic Preservation for bypassing congressional authorization, national historic preservation review, and public opinion solicitation procedures. Federal Judge Richard Leon has repeatedly ruled that the president does not have the authority to unilaterally undertake large-scale renovations of historically significant White House buildings, ordering a suspension of above-ground construction, currently in a legal tug-of-war state of "underground safety facilities may continue, above-ground banquet hall construction suspended."

According to Jinshi reports, U.S. President Trump stated in response to a reporter's question that the incident that occurred at the White House Correspondents' Association dinner that day was "completely shocking." He heard a noise but thought it was a tray falling to the ground."I was observing the situation at the time," he said, "but his wife reacted faster, seemingly realizing what was happening quickly." Trump expressed his hope to continue holding the dinner and promised to reschedule the dinner date as soon as possible.Trump stated that he had not received any briefings about threats before the dinner. He also mentioned previous assassination attempts against him and called on the American public to "resolve their differences." He noted that members of both parties condemned the related events that night. Trump also expressed gratitude to media personnel, stating that the media "acted very responsibly in their reporting."When asked if the shooting incident was related to the conflict with Iran, Trump said, "I don't think so."

The on-chain analysis platform Santiment tweeted that six days after the Kelp event outbreak, there were obvious signs of "refugee trade" in the market.The Spark token SPK skyrocketed from $0.029 to $0.058 within 48 hours, an increase of over 100%. Meanwhile, whale transactions (over $100,000) surged from an average baseline of about 30 per day to 183 today.In contrast, the price of the AAVE token continues to decline, currently hovering around $92, even though Bitcoin had previously broken through $79,000 earlier this week.Santiment pointed out that this event did not solely cause destruction but led to a reallocation of funds— a liquidity crisis for one protocol turned into a bull market for another protocol.Note: "Refugee trade" is a metaphorical term in the crypto/DeFi space, specifically referring to the phenomenon where funds flee in large amounts from damaged or high-risk protocols, similar to refugees, and move to another protocol that is relatively safe and lower risk.

Lido has released the latest developments regarding the Kelp security incident, stating that its Earn series vaults are working with the management to address the issues, which involve two major risk points: the rsETH exposure and the liquidity tension in the lending market. Lido emphasizes that the core staking protocol has not been affected, and both stETH and wstETH remain safe and stable.Currently, only the EarnETH vault has an approximately 9% TVL exposure to rsETH, and related deposits and withdrawals have been suspended by the management, awaiting a solution. Approximately $70 million in ETH has been recovered from the previous attack, and the subsequent asset recovery and loss distribution are still in progress. In response to liquidity pressure, the management has reduced leverage and optimized the position structure, significantly decreasing the wETH debt exposure. If losses ultimately occur, EarnETH will activate a $3 million "first loss protection mechanism" (funded by the DAO). As for other vaults, DVV and EarnUSD have not been affected and are operating normally; the GGV sub-vault is currently experiencing negative returns due to the combination of circular staking strategies and rising lending rates, but adjustments are ongoing. Withdrawal requests submitted by users will be processed based on valuations prior to the incident.

According to official news, KelpDAO stated that over the past few days, the team has been continuously advancing the handling of related events with the support of partners, allies, and the community. Discussions are progressing in a positive direction, and efforts are being accelerated to reach a suitable solution. The project party emphasized that it always adheres to the core principle of "user first," and subsequent measures will be gradually implemented with the aim of safeguarding the overall interests of users.In the past four days, the Kelp team has been working around the clock in collaboration with multiple parties, maintaining close communication with all relevant parties, and making substantial progress on several potential solutions. This includes measures taken by the Arbitrum Security Council to freeze the stolen funds, as well as SEAL 911 participating in the preliminary investigation to provide objective and clear analytical support for the incident.Kelp stated that the current focus of work remains on protecting user asset security and strengthening the protocol itself. This incident is not only of critical significance to the project but also has enlightening value for the entire industry. The team will continue to disclose subsequent progress through official channels and thanks the ecological partners and community for their ongoing support.Previous reports indicated that the KelpDAO hacker has essentially laundered $175 million in ETH into BTC.

Vercel's CEO Guillermo Rauch tweeted that the team has completed an in-depth security investigation, analyzing nearly 1 PB of complete Vercel network and API logs, far exceeding the initial Context.ai account breach incident.The investigation revealed that the attackers' activities extended beyond Context.ai and have distributed malware on a broader scale, targeting account keys from platforms like Vercel. Once the keys are obtained, the attackers quickly and comprehensively enumerate non-sensitive environment variables. Current measures include deepening collaboration with industry partners such as Microsoft, AWS, and Wiz to jointly protect the broader internet ecosystem; other suspected victims have been notified and advised to immediately rotate credentials and strengthen security best practices.

According to a Bloomberg report citing Jefferies, a hacker attack on small crypto projects over the weekend, involving nearly $300 million, and the subsequent $10 billion fund run at the largest decentralized lending platform (the KelpDAO and Aave incident), may weaken Wall Street's interest in blockchain technology.Andrew Moss, an analyst at Jefferies' digital asset research team, pointed out that over the past year, banks, asset management companies, and payment institutions have been developing blockchain products similar to the technology system exploited by North Korean hackers. The report suggests that while such incidents are unlikely to directly impact traditional financial markets, it warns that traditional financial institutions may pause related processes and reassess risks before further advancing blockchain business.

SuiLend posted on platform X stating that all functions of the platform are currently operating normally, including deposits, loans, withdrawals, and repayments, and user funds are secure.At the same time, the team is closely monitoring the progress of the previous Volo Protocol security incident and will continue to release subsequent updates.

Bloomberg cited a report from Jefferies LLC stating that a hacker attack over the weekend that siphoned nearly $300 million from a small crypto project, along with the resulting $10 billion fund run at the largest decentralized lending platform, may slow Wall Street's interest in blockchain technology.Andrew Moss, an analyst at Jefferies' digital asset research team, pointed out that banks, asset management companies, and payment institutions have been developing blockchain products similar to the technology systems exploited by North Korean hackers over the past year.While the report believes this incident is unlikely to impact traditional financial markets, it warns that traditional financial institutions may pause and reassess the associated risks before further advancing their blockchain initiatives.

Jefferies, a Wall Street investment bank, pointed out that the approximately $293 million attack incident on Kelp DAO exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes that the attackers triggered market sell-offs and liquidity strains by minting uncollateralized tokens and engaging in cross-platform lending. This incident is thought to be related to the Lazarus Group and also highlights the single point of failure issues in the verification mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), the associated risks may cause some banks and asset management institutions to delay deployment and prioritize examining system security. Especially in scenarios that rely on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Under the backdrop of regulatory advancements and continuous improvements in infrastructure, applications such as stablecoins still have growth potential. However, the industry as a whole is still in the early stages of development and requires time to enhance system robustness.

According to Cointelegraph, DefiLlama data shows that there have been 518 hacking incidents in the crypto space over the past 10 years, with total losses exceeding $17 billion, a significant portion of which is related to private key leaks, phishing, and other credential-based attacks.As smart contract security continues to improve, attackers are increasingly turning to wallet security, signature infrastructure, development tools, and user operations. Recently, the rsETH cross-chain bridge of Kelp DAO was attacked, resulting in approximately 116,500 rsETH being stolen, valued at about $290 million to $293 million at the time.

According to CoinDesk, the liquidity re-staking protocol Kelp DAO has raised objections to LayerZero's investigation report regarding the previous $290 million rsETH bridge attack incident.Kelp DAO claims that the single-validator (1/1) configuration that led to this attack was not a choice made in disregard of recommendations, but rather the default setting in LayerZero's official guidelines, and the validator network (DVN) exploited by the attacker is part of LayerZero's own infrastructure.The attack resulted in the theft of 116,500 rsETH, worth approximately $290 million. Security researchers pointed out that LayerZero's publicly deployed code defaults to a single-source validation configuration across networks such as Ethereum, Binance Smart Chain, Polygon, Arbitrum, and Optimism.LayerZero subsequently responded that it will stop signing messages for any applications using a single-validator setup and will enforce a security migration.

In response to the security incident and supply chain security risks of the front-end platform Vercel, the Binance security team has promptly initiated an emergency response, completed a comprehensive risk assessment of the front-end of products within the Binance system, and directly contacted Vercel to verify and confirm each issue.Binance stated that its platform and user assets are not affected by this incident.

In response to the recent security incident on the Vercel platform, Jupiter stated that it has not received any notifications or signs of being affected, and its jup.ag frontend does not store any sensitive information.Jupiter has proactively implemented all security measures recommended by Vercel, completed all key rotations, and conducted a comprehensive review of system logs, finding no suspicious activity. Continuous monitoring is currently in place.

LayerZero Labs released an incident report stating that KelpDAO suffered an attack resulting in a loss of approximately $290 million. Preliminary assessments indicate that the attacker is the Lazarus Group, which has ties to North Korea (more specifically, TraderTraitor). The attack was executed by poisoning the downstream RPC infrastructure relied upon by its decentralized verification network (DVN). The attacker controlled some RPC nodes and, in conjunction with a DDoS attack, induced the system to switch to malicious nodes, thereby forging cross-chain transactions.All affected RPC nodes have been taken offline and replaced, and the DVN has now resumed operation. LayerZero emphasized that this incident was limited to the rsETH application configuration of KelpDAO and did not affect other assets or applications. The reason is that KelpDAO was using a single DVN (1/1) architecture at the time and did not utilize the multi-DVN redundancy mechanism that is officially recommended for long-term use, resulting in a lack of independent verification nodes to identify forged messages.LayerZero pointed out that there were no vulnerabilities in its protocol itself, and applications with multi-DVN configurations were not affected, meaning there is no contagious risk in the system. LayerZero stated that it will urge all projects using single DVN configurations to migrate to multi-DVN architectures as soon as possible and has suspended providing signature and verification services for 1/1 configuration applications. Meanwhile, the company is cooperating with global law enforcement agencies to investigate and assist industry partners in tracking the stolen funds. LayerZero noted that this incident highlights the value of modular security architecture and also reminds the industry to pay attention to the potential security risks of RPC verification links.

Ethena stated that it has not yet received a satisfactory root cause analysis of the rsETH incident and will extend the temporary suspension period of the OFT bridge. While this may be frustrating, it is a prudent measure to ensure the safe cross-chain transfer of user assets.Ethena has released a new proof of reserves, verified by independent third-party verification agencies (Chainlink, Chaos Labs, LlamaRisk, and Harris & Trotter), confirming that the collateral support ratio for USDe remains above 100%.

According to The Block, the Ethereum Name Service (ENS) gateway eth.limo experienced a DNS hijacking attack last Friday evening. The project released a post-incident analysis report on Saturday, tracing the attack back to a social engineering attack against the domain registrar EasyDNS.eth.limo stated that DNSSEC validation rejected the attackers' domain server changes, and no users have been found to be actually affected. In response to the recent breaches at the DNS level affecting crypto frontends, eth.limo plans to migrate to EasyDNS's stricter security services, which no longer support account recovery features.EasyDNS CEO Mark Jeftovic has publicly acknowledged the vulnerability, stating that this is the first successful social engineering attack against customers in its 28-year history.