Security Incidents

Gate News message, April 23 — KelpDAO announced it is actively advancing a recovery solution following a recent security incident, with discussions progressing in a positive direction over the past few days. The project emphasized its core principle of "user first," stating that all subsequent

Gate News message, April 23 — Aave's Ethereum platform has been frozen for nearly four days as USDC utilization reached 99%, locking approximately $1.86 billion in user funds. Circle's chief economist, Gordon Liao, has proposed an emergency governance intervention to address the crisis, marking a ra

Bitcoin critics and gold supporter Peter Schiff posted on X on April 23, saying that the STRC perpetual preferred stock introduced by MicroStrategy (Strategy) is “the most obvious Ponzi scheme to date,” and criticizing the U.S. Securities and Exchange Commission (SEC) for failing to effectively stop Michael Saylor from promoting STRC.

Gate News message, April 23 — China Investment Guarantee (CITIC Guarantee) issued a statement on April 23 clarifying that unauthorized individuals have falsely claimed the company is partnering with Nippon Life India Asset Management (Singapore) Pte. Ltd., commonly known as NAMS, and is

Gate News message, April 23 — Vercel CEO Guillermo Rauch announced that the company has completed an in-depth security investigation spanning nearly 1 petabyte of complete Vercel network and API logs, extending well beyond the initial Context.ai account breach. The investigation revealed that

High-profile crypto exploits test DeFi risk yet unlikely derail tokenization; institutions favor permissioned chains, while broader tokenization must interoperate with DeFi; stablecoins face scrutiny and possible regulatory backlash.

Gate News message, April 22 — Volo Protocol, a yield vault operator on Sui, announced yesterday (April 21) that it has begun freezing stolen assets following a $3.5 million exploit. Hackers looted WBTC, XAUm, and USDG from Volo Vaults, marking the latest major DeFi security breach in a

Gate News message, April 22 — A family in Ploudalmézeau, a small town in Brittany, France, was invaded by two armed masked men on Monday (April 20), according to reporting by The Block. Three adults were bound for over three hours and forced to transfer approximately 700,000 euros (about $820,000) i

Gate News message, April 22 — The U.S. Department of Justice has announced the launch of a compensation process for victims of the OneCoin cryptocurrency fraud scheme, with more than $40 million in recovered assets now available for distribution. The scheme, operated between 2014 and 2019 by Ruja

Federal class action accuses AI16Z/ELIZAOS of a $2.6B crypto fraud via fake AI claims and deceptive marketing, alleging insider favoritism and a staged autonomous system; seeks damages under consumer protection laws. Abstract: This report covers a SDNY federal class-action filed April 21 accusing AI16Z and its rebrand ELIZAOS of a $2.6 billion crypto fraud involving fake AI claims and deceptive marketing. The suit alleges a manufactured link with Andreessen Horowitz and a non-autonomous system. It details a peak valuation in early 2025, a 99.9% crash, and about 4,000 losing wallets, with insiders receiving ~40% of new tokens. Plaintiffs seek damages and equitable relief under New York and California consumer-protection laws. Regulators in Korea and major exchanges have warned or suspended related trading.

SlowMist warns of MacSync Stealer (v1.1.2) for macOS that steals wallets, credentials, keychains, and infra keys, using spoofed AppleScript prompts and fake 'unsupported' errors; urges caution and awareness of IOCs. Abstract: This report summarizes SlowMist's alert about MacSync Stealer (v1.1.2), a macOS information stealer targeting cryptocurrency wallets, browser credentials, system keychains, and infrastructure keys (SSH, AWS, Kubernetes). It deceives users with spoofed AppleScript dialogs prompting for passwords and visible fake 'unsupported' messages. SlowMist provides IOCs to customers and advises avoiding unverified macOS scripts and remaining vigilant for unusual password prompts.

Lazarus releases Mach-O Man for macOS to steal keychain data and wallet credentials, targeting crypto executives via ClickFix pop-ups and compromised Telegram meetings. Abstract: The article reports that the Lazarus-linked Mach-O Man malware targets macOS to exfiltrate keychain data, browser credentials, and login sessions to access cryptocurrency wallets and exchange accounts. Distribution relies on ClickFix social engineering and compromised Telegram accounts directing victims to fake meeting links. The piece ties the operation to the April 20 Kelp DAO hack and identifies TraderTraitor as Lazarus-affiliated, noting rsETH movement across blockchains via LayerZero’s OFT standard.

ZachXBT warns Bitcoin Depot ATMs impose steep premiums—$25k fiat at $108k/BTC vs ~$75k market (about 44%), leading to ~ $7.5k loss on 0.232 BTC; also notes a $3.26M security breach. This article summarizes ZachXBT's warnings about Bitcoin Depot's pricing practices and a recent security breach, highlighting risks from inflated rates and security lapses for users.

Gate News message, April 22 — Privacy protocol Umbra has shut down its frontend website to prevent attackers from using the protocol to transfer stolen funds following recent attacks, including the Kelp protocol breach that resulted in losses exceeding $280 million. Approximately $800,000 in stolen

Misty’s Chief Information Security Officer 23pds issued an alert on April 22, stating that the North Korean hacking group Lazarus Group has released a new native macOS malware toolkit called “Mach-O Man,”专a专专专專專專 specialized in the cryptocurrency industry and high-value enterprise executives.

Coinbase's Independent Advisory Board on Quantum Computing and Blockchain has found that most major crypto networks are poorly prepared for the threat that powerful quantum computers could pose to their security in the coming years, according to a new report. The board identified Algorand and Aptos

According to on-chain analyst Ai Ayi’s monitoring on April 22, the Venus Protocol attacker transferred 2,301 ETH (about 5.32 million US dollars) to address 0xa21…23A7f 11 hours ago, then moved the funds in batches into the crypto mixer Tornado Cash for laundering; as of the time of monitoring, the attacker still holds about 17.45 million US dollars worth of ETH on-chain.

Security researcher Doyeon Park disclosed on April 21 that there is a high-severity zero-day vulnerability rated CVSS 7.1 in the Cosmos consensus layer CometBFT. It could allow a malicious peer node to attack nodes during the block synchronization (BlockSync) stage and cause them to deadlock, impacting a network that safeguards more than $8 billion in assets.

Summary: Lazarus Group released a native macOS malware toolkit named Mach-O Man, aimed at crypto platforms and high-value executives; SlowMist warns users to exercise caution against attacks. Abstract: The article reports that the Lazarus Group has unveiled Mach-O Man, a macOS-native malware toolkit aimed at cryptocurrency platforms and high-value executives. SlowMist warns users to exercise caution to mitigate potential attacks.