Radiant Capital to Wind Down Operations – DeFi Lending Protocol Shifts to Maintenance Mode After 2024 Hack

Key Takeaways

Radiant to Close Down After Failing to Recover From $50 Million Exploit

Radiant Capital, a decentralized finance lending protocol launched in 2022, has announced that it will begin closing down after failing to establish what it described as a viable path forward following a major security breach in 2024.

According to a blog post from Radiant’s decentralized autonomous organization, the protocol was unable to recover the funds lost in an October 2024 exploit attributed to North Korea’s Lazarus Group. The attack resulted in losses of $50 million. The organization stated that the combination of unrecovered funds, the inability to secure new capital, and a lack of sustainable growth left it without sufficient runway to continue operating responsibly.

In a statement shared on X, Radiant said that contributors and community members had continued to support the protocol under increasingly difficult conditions. However, these efforts were not enough to sustain operations without recovery of the stolen assets, new funding, or renewed growth.

From Rapid Expansion to Sharp Decline in Total Value Locked

Radiant positioned itself as a cross chain liquidity protocol designed to bring lending and borrowing liquidity across multiple blockchains through a single platform. After launching in 2022, it expanded rapidly during 2023.

In December 2023, Radiant reached a peak total value locked of $386.8 million. This growth occurred even as overall value locked across the broader crypto market declined, indicating strong protocol specific inflows at that time.

The October 2024 exploit marked a turning point. Following the attack, Radiant’s total value locked dropped to $75 million. Within the same month, it fell further to $5 million. The protocol never recovered to pre hack levels.

For users of decentralized lending platforms, total value locked is a key metric. It reflects the amount of capital deposited in smart contracts and provides an indication of liquidity and activity. A sharp and sustained decline can reduce available liquidity for borrowers and limit incentives for lenders.

Transition to Maintenance State Instead of Full Shutdown

Radiant stated that it will not fully shut down its infrastructure. Instead, it will move into what it calls a maintenance state.

Under this model, the protocol’s frontend will remain online, and its smart contracts will stay accessible. Users will continue to be able to withdraw funds, repay loans, and manage existing positions. However, the decentralized autonomous organization will cease contributing to further development, upgrades, or expansion of the platform.

Radiant also encouraged users to actively manage their risk and reduce exposure where appropriate. This signals that while core functions remain operational, no additional improvements or security enhancements should be expected.

For crypto users, especially those engaging with lending and borrowing services, continued smart contract accessibility is critical. It allows positions to be closed in an orderly manner rather than forcing immediate liquidations or abrupt platform inaccessibility.

Ongoing Recovery Efforts and Remediation Portal

Despite the wind down decision, Radiant stated that it will continue recovery efforts related to the 2024 exploit. The protocol’s remediation portal will remain open, and any recovered funds will be returned to affected users.

No timeline or expected recovery amounts were specified. The commitment to keep the remediation process active suggests that the organization intends to manage outstanding claims even after development activities stop.

Security breaches remain a significant risk in decentralized finance. In this case, the inability to recover the $50 million in stolen assets appears to have played a central role in the protocol’s long term viability.

Market Reaction and RDNT Token Performance

Following the announcement that Radiant would wind down, the Radiant Capital token, RDNT, fell 4.2 percent.

The token previously reached an all time high of 58 cents in September 2022. It is now trading at a fraction of a cent, reflecting a prolonged decline since its peak and the impact of the exploit and subsequent loss of value locked.

For token holders, the shift to maintenance mode means that no further protocol expansion or feature development is expected. The announcement confirms that the project will no longer pursue growth initiatives under its decentralized governance structure.

Implications for DeFi Lending Users

Radiant’s wind down highlights the operational challenges faced by decentralized lending protocols after large scale security incidents. Even when core infrastructure remains functional, a sustained drop in liquidity and failure to secure new capital can limit long term sustainability.

Users who still have funds or positions on Radiant retain access to withdrawal and repayment functions. However, with no future development planned, the protocol will effectively operate in a static state.

For participants comparing lending platforms or using crypto as collateral for borrowing, the case underscores the importance of monitoring total value locked, governance activity, and security history when evaluating ongoing platform risk.

Our Assessment

Radiant Capital’s decision to wind down follows its failure to recover from a $50 million exploit in October 2024 and a sustained collapse in total value locked from $386.8 million to $5 million. The protocol will remain accessible in maintenance mode, allowing users to manage and withdraw funds, but it will cease development and expansion. The announcement triggered a further decline in the RDNT token and formalizes the end of Radiant’s growth phase after its earlier rapid expansion in 2023.

US Senator Brian Schatz Proposes Federal Ban on Micro Prop Bets and FTC Action on Offshore Gambling Payments – Legislation Targets Betting Integrity and Payment Processing

Key Takeaways

Proposed Federal Ban on Micro Prop Bets in Sports Games

US Senator Brian Schatz has announced plans to introduce federal legislation that would outlaw micro prop bets in sports games. He outlined the proposal during a Senate Commerce subcommittee hearing on sports betting, where lawmakers and gaming experts examined issues linked to offshore operators and specific betting formats.

Micro prop bets focus on isolated moments or actions during sporting events. During the hearing, Schatz described these wagers as particularly vulnerable from an integrity standpoint. He stated that the more narrowly defined the betting event becomes, the greater the potential for manipulation by a player or other individuals.

According to Schatz, the structure of micro prop wagers creates risks that require immediate attention. His proposal would prohibit these betting markets at the federal level, targeting what he described as integrity and behavioral concerns connected to highly granular betting options.

For users of sportsbooks and crypto betting platforms, a federal ban on micro prop bets would directly affect the types of in game markets that can be legally offered in the United States. Operators serving US customers would need to ensure that their betting menus comply with any new federal restrictions if the legislation is enacted.

Expanded Authority for the Federal Trade Commission

In addition to banning micro prop bets, the proposed legislation would grant the Federal Trade Commission new authority to pursue companies that knowingly facilitate illegal offshore gambling. Schatz said the bill would create a legislative pathway to address payment flows connected to offshore sportsbooks.

Specifically, the legislation would empower the FTC to go after payment processors that facilitate payments for illegal offshore sportsbooks. According to Schatz, the agency would have the right to inform such companies that they may not work with offshore operators if those operators are not complying with federal law related to micro prop bets.

This approach focuses on financial infrastructure rather than solely on betting operators themselves. By targeting payment processors, the proposal seeks to address how funds move between customers and offshore gambling sites.

For international users who rely on various payment methods, including digital and alternative payment solutions, any enforcement action directed at processors could influence which transactions are accepted or declined. The proposal, as described, centers on companies that knowingly facilitate payments tied to operators that violate federal rules on micro prop betting.

Senate Hearing Highlights Concerns About Offshore Operators

The legislative plan was discussed during a Senate Commerce subcommittee hearing dedicated to sports betting. Lawmakers and gaming experts examined concerns associated with offshore operators and the growth of micro prop betting markets.

During the hearing, Schatz addressed what he described as vulnerabilities linked to micro prop wagers. He argued that these bets can be manipulated because they focus on narrowly defined actions within a game. He also referred to broader societal challenges related to gambling and characterized micro prop betting as especially acute in that context.

Schatz acknowledged that the proposed legislation would not solve every issue connected to gambling. However, he indicated that empowering the FTC to act against payment processors represents a targeted response to a specific enforcement gap.

The discussion at the subcommittee level signals that micro prop betting and offshore gambling payments are currently under federal review. While the legislation has not yet been enacted, the proposal places both betting formats and financial intermediaries within the scope of potential federal action.

Implications for Offshore Sportsbooks and Payment Processing

If introduced and passed, the legislation would create a direct compliance requirement related to micro prop bets. Offshore sportsbooks that do not align with federal law on this issue could face indirect pressure through enforcement aimed at their payment channels.

Payment processors operating in or connected to the US market would need to assess whether their business relationships expose them to FTC scrutiny. The proposal makes clear that knowingly facilitating payments for illegal offshore sportsbooks would fall within the agency’s enforcement authority.

For users comparing crypto betting platforms and international sportsbooks, regulatory developments at the federal level in the United States can affect platform availability, accepted payment methods, and the range of betting markets offered. The proposal specifically links market offerings such as micro prop bets to payment compliance.

Our Assessment

Senator Brian Schatz’s proposal combines a federal ban on micro prop bets with expanded enforcement authority for the Federal Trade Commission over payment processors that work with illegal offshore sportsbooks. The initiative was presented during a Senate Commerce subcommittee hearing focused on offshore gambling and betting integrity.

The legislative approach centers on two elements: restricting a specific betting format viewed as vulnerable to manipulation and targeting the financial channels that support offshore operators. For users and operators, the key factual development is the potential shift in federal oversight, particularly regarding micro prop markets and payment processing linked to offshore gambling services.

Kelp DAO Restores rsETH After $293 Million Exploit – Recovery Effort Highlights DeFi Interconnectedness

Key Takeaways

Kelp DAO Completes rsETH Recovery After April Exploit

Kelp DAO has announced the completion of its recovery process for its restaked Ether token, rsETH, following a $293 million exploit that took place on April 18. The attack was attributed to North Korea’s Lazarus Group.

According to Kelp DAO, the final tranche of 20,373.7 rsETH was transferred to the LayerZero smart contract responsible for locking, minting, burning and releasing rsETH during cross chain transfers. The protocol stated that this transfer closes the operational part of its rsETH recovery plan.

The exploit triggered a five week recovery effort. Earlier in the process, on May 13, Kelp DAO transferred an initial tranche of 25,000 rsETH. That move allowed bridging between the Ethereum mainnet and the network’s layer 2 blockchains to reopen. Withdrawals for rsETH resumed the following day.

Kelp DAO reported that since reopening withdrawals, rsETH mints, redemptions and reward operations have been running normally. Several crypto protocols contributed funds under the DeFi United initiative to help restore the token’s backing.

Ripple Effects Across the Crypto Lending Market

The April exploit did not remain isolated to Kelp DAO. It triggered a broader liquidity shock across decentralized finance markets and renewed concerns about the interconnected nature of DeFi protocols.

The attacker stole 116,500 rsETH and used a large portion of those tokens as collateral on the Aave lending platform. By borrowing wrapped Ether against this collateral, the attacker left Aave with $190 million in bad debt. The situation prompted a wave of withdrawals from the platform.

The incident illustrates how vulnerabilities in one protocol can cascade into others when tokens are widely used as collateral across lending markets. In this case, rsETH was integrated into Aave’s lending infrastructure, amplifying the financial impact beyond Kelp DAO itself.

The Kelp DAO exploit was one of 25 crypto hacks recorded in April. Combined losses across those incidents reached $630 million, making it the worst month for crypto related hacks since February 2025. In that earlier month, crypto exchange Bybit suffered a record $1.5 billion hack.

Aave’s Total Value Locked Remains Under Pressure

Aave was among the protocols most affected by the fallout. Before the exploit, Aave’s total value locked stood at $26.4 billion. Following the incident and the associated withdrawals, that figure fell to below $14 billion.

The decline also cost Aave its long held position as the largest DeFi protocol by total value locked. Data from DefiLlama shows that while net outflows from Aave’s lending markets have eased over the past month, the protocol’s total value locked has not recovered.

Since about one week after the exploit, Aave’s TVL has fluctuated within a narrow range between $13.9 billion and $15.1 billion. The stabilization suggests that the initial wave of withdrawals has slowed, but the platform has not regained the capital it held prior to the Kelp DAO incident.

For users who interact with DeFi lending markets, total value locked serves as a key indicator of available liquidity and market confidence. A sustained reduction in TVL can affect borrowing capacity, collateral requirements and overall market dynamics within decentralized lending ecosystems.

Operational Status of rsETH and Cross Chain Transfers

With the final tranche now transferred to the LayerZero smart contract, Kelp DAO states that the operational component of its recovery is complete. The smart contract plays a central role in managing rsETH across different blockchains by handling locking, minting, burning and releasing functions during cross chain transfers.

The reopening of bridging between Ethereum mainnet and layer 2 networks marked a significant milestone in the recovery process. Restoring cross chain functionality is critical for tokens like rsETH that are used across multiple decentralized applications and lending platforms.

Kelp DAO’s confirmation that minting, redemption and reward mechanisms are functioning normally signals a return to standard protocol operations, at least from an operational standpoint. The recovery was supported by contributions from several crypto protocols through the DeFi United initiative, aimed at restoring the token’s backing after the exploit.

Our Assessment

Kelp DAO has completed the operational phase of restoring rsETH five weeks after a $293 million exploit attributed to the Lazarus Group. The incident had significant spillover effects, particularly on Aave, where the use of stolen rsETH as collateral contributed to $190 million in bad debt and a sharp drop in total value locked.

While Kelp DAO reports that rsETH minting, redemptions and rewards are functioning normally again, Aave’s total value locked remains well below pre exploit levels. The episode underscores how security breaches in one DeFi protocol can affect liquidity and stability across interconnected platforms.

Aave Restores WETH Borrowing After Kelp DAO Exploit – Protocol Lifts Freeze as rsETH Recovery Advances

Key Takeaways

Aave Restores WETH Loan to Value Ratios Across Multiple Networks

Aave users can once again borrow against wrapped Ether on the decentralized finance protocol after the project lifted a precautionary freeze introduced in April. According to Aave founder Stani Kulechov, the protocol restored loan to value ratios for wrapped Ether to pre incident levels on Aave V3 Ethereum Core, Ethereum Prime, Arbitrum, Base, Mantle and Linea.

The freeze had been applied to wrapped Ether markets as well as to rsETH and wrsETH reserves following the exploit of Kelp DAO’s infrastructure. In a governance proposal that passed on Saturday, Aave stated that progress in the technical recovery process made it possible to lift the freeze without compromising user protection.

With the restoration of loan to value ratios, users can again borrow against wrapped Ether, including through collateral and debt swaps. The measure marks the completion of what Aave described as Phase II of the rsETH recovery plan.

Background: RsETH Exploit and Impact on Aave

The incident traces back to April 18, when attackers believed to be linked to North Korean state backed actors exploited Kelp DAO’s LayerZero powered bridge. The attackers stole 116,500 Kelp DAO Restaked Ether tokens and used them as collateral on Aave V3 to borrow wrapped Ether.

This sequence resulted in approximately 195 million dollars in bad debt on Aave. In response, Aave implemented temporary freezes on relevant reserves as a risk containment measure.

The financial impact was visible in Aave’s total value locked. According to data cited from DefiLlama, the protocol’s TVL dropped by more than 8 billion dollars following the exploit. As of Monday, Aave’s TVL stands at about 14.8 billion dollars, compared with 23.5 billion dollars in March.

The incident also affected deposit patterns. Tom Wan, head of data at Entropy Advisors, stated that since the hack, wrapped stETH and wrapped Ether deposits have declined. He quantified the decrease at 1.2 billion dollars for wstETH and 1.76 billion dollars for weETH.

Liquidity Conditions and Borrowing Rates After the Freeze

Following the disruption, liquidity dynamics on Aave changed. Ether utilization has fallen back below 90 percent, according to Tom Wan. At the same time, the annualized borrowing rate has decreased to 1.9 percent.

Lower utilization indicates that a larger share of supplied Ether is currently unused within the protocol. A reduced borrowing rate reflects this increased liquidity. Wan noted that leveraged Ether yield strategies involving wstETH or weETH relative to ETH have become profitable again under current conditions.

For users evaluating lending and borrowing conditions on Aave, the restored loan to value ratios and lower borrowing costs mark a return to more typical market parameters compared with the immediate aftermath of the exploit.

Kelp DAO Adjusts Network Support and Recovery Process

Parallel to Aave’s measures, Kelp DAO is implementing changes to its own infrastructure. On Sunday, the protocol announced that it will consolidate supported networks for rsETH based on usage and integrations.

As part of this process, Kelp DAO will sunset rsETH bridging on several networks after June 15. The affected networks include Optimism, HyperEVM, Unichain, Avalanche and MegaETH.

After the deadline, users seeking to recover funds on those networks will face a fee of 100 USDC per address, according to Kelp DAO.

Earlier in May, Kelp DAO migrated its restaking token rsETH to the Chainlink oracle platform. The protocol has continued to attribute the attack to LayerZero’s cross chain infrastructure, which previously served as its provider.

These steps form part of Kelp DAO’s broader recovery effort following the exploit and are designed to adjust the token’s technical setup and network footprint.

Governance and Risk Controls in Focus

The sequence of events highlights how decentralized protocols respond to security incidents through governance and parameter adjustments. In Aave’s case, the temporary freeze and subsequent restoration of loan to value ratios were executed through formal governance procedures.

The passed proposal emphasized that lifting the freeze would not compromise user protection, reflecting an assessment that recovery progress had reduced systemic risk linked to rsETH collateral.

For users active in decentralized lending markets, such governance decisions directly affect borrowing capacity, collateral eligibility and liquidity conditions across multiple networks.

Our Assessment

Aave has resumed normal wrapped Ether borrowing operations after completing Phase II of its rsETH recovery plan. The restoration of loan to value ratios follows a significant exploit that generated about 195 million dollars in bad debt and reduced the protocol’s total value locked by more than 8 billion dollars. At the same time, Kelp DAO is narrowing its network support and adjusting its technical infrastructure as part of its recovery process. Together, these measures indicate that both protocols are moving from emergency containment toward operational normalization under revised risk parameters.

Blockaid Launches Real-Time Compliance Suite – Institutions Expand Onchain Crypto Operations Under Regulatory Oversight

Key Takeaways

Blockaid Introduces Risk Exposure for Institutional Onchain Activity

Blockchain security firm Blockaid has launched Risk Exposure, a compliance infrastructure suite aimed at institutions that operate directly on public blockchains while remaining subject to regulatory requirements. The product expands the company’s focus beyond scam and exploit prevention into what it describes as programmable, real-time compliance for institutional onchain finance.

According to Blockaid, financial institutions such as banks, asset managers, custodians, and payment processors are no longer limited to occasional crypto exposure. Many now maintain continuous onchain positions, including liquidity pool allocations, stablecoin settlement across multiple chains, and treasury management through decentralized finance protocols. These activities create ongoing exposure that can change rapidly as funds move across wallets, bridges, mixers, and smart contracts.

Blockaid argues that traditional compliance models, which often rely on post-transaction address tagging and reporting, are not designed for an environment where risk profiles can shift within hours without direct action from the institution holding the assets.

Large-Scale Hacks and Exploits Highlight Monitoring Gaps

The company points to recent high-profile incidents to illustrate the scale and speed of risk propagation in crypto markets. Over the past 18 months, more than $1.5 billion linked to North Korean actors moved through the Bybit hack. Additional exploits at Cetus, Balancer, and KelpDAO resulted in combined losses exceeding $600 million.

In these cases, Blockaid states that tainted funds were distributed across multiple wallets, liquidity pools, and counterparties before legacy compliance systems flagged the activity. This pattern reflects how stolen or illicit funds can quickly become embedded in decentralized protocols, potentially affecting counterparties who did not initiate any suspicious transactions themselves.

For institutions that provide custody, settlement, or treasury services involving crypto assets, this dynamic creates regulatory and operational challenges. Exposure can arise not only from direct transfers but also from pooled liquidity or shared smart contract environments.

Three Core Components of the Risk Exposure Suite

Risk Exposure is structured around three main components intended to address these challenges in real time.

The first is a Risk Screening API. This tool evaluates incoming funds before they are accepted and returns structured assessments that include exposure categories, dollar amounts, and severity scores. The output is formatted for audit documentation and Suspicious Activity Report filings.

The second component is a Cosigner Policy Engine. It embeds anti-money laundering thresholds into multisignature workflows. Even if internal approvals have been granted, the system can reject transactions that exceed predefined risk limits.

The third element consists of DeFi Toxicity Monitors. These tools track exposure within protocols, liquidity pools, and counterparty positions throughout the day. Alerts are triggered when exposure to sanctioned entities, stolen crypto funds, scam infrastructure, or mixers surpasses set thresholds.

Blockaid states that its system uses transaction simulation, behavioral analysis, and artificial intelligence-driven threat identification to detect exposure before illicit proceeds enter institutional systems undetected.

Transaction Volume, Clients, and Technical Performance

Blockaid reports that it currently screens more than 500 million transactions per month for clients including Coinbase, MetaMask, Uniswap, Fireblocks, Polymarket, and OKX. According to the company, the infrastructure processes hundreds of transactions per second and delivers verdicts in under 300 milliseconds, with a stated accuracy rate of 99.99 percent.

Founded in 2022, Blockaid has raised $83 million in funding from investors such as Ribbit Capital, Sequoia, and Greylock.

In parallel, the firm highlights the growing impact of AI-driven fraud schemes, including so-called pig butchering scams. It cites findings from the FBI’s Operation Level Up, which reported that approximately 8 in 10 victims do not file complaints. This underreporting, according to Blockaid, limits the effectiveness of compliance systems that depend primarily on law enforcement records to tag suspicious addresses.

Implications for Bitcoin Custody and Institutional Exposure

Blockaid’s launch comes as Bitcoin custody, Bitcoin-backed lending, and Bitcoin treasury strategies become more integrated into institutional balance sheets. As regulated entities increase their direct exposure to digital assets, the compliance infrastructure supporting those positions becomes central to how they manage regulatory obligations.

Real-time monitoring tools may affect how institutions approach liquidity provision, cross-chain settlement, and counterparty risk in decentralized finance. For users of crypto platforms, including those assessing custodial services or onchain financial products, the presence of programmable compliance controls can influence how service providers manage inflows, withdrawals, and pooled exposure.

For platforms connected to betting, gaming, or other high-volume transaction environments, automated screening and policy enforcement can also shape how quickly transactions are processed and how risk thresholds are applied.

Our Assessment

Blockaid has introduced a compliance suite designed to address real-time exposure risks faced by institutions operating directly on public blockchains. The system combines transaction screening, automated policy enforcement, and continuous DeFi monitoring. The launch reflects the scale of recent crypto exploits and the operational shift of regulated financial institutions toward continuous onchain activity. As institutional participation in Bitcoin and decentralized finance expands, compliance infrastructure capable of monitoring exposure in real time becomes part of the broader market framework supporting that activity.

CoW Swap DAO Urges Users to Avoid Platform After Domain Hijacking – Frontend Exploit Prompts Security Warning

Key Takeaways

DAO Issues Public Warning After Domain Hijacking

The decentralized autonomous organization behind CoW Swap has urged users to stay off the platform following what has been described as a domain hijacking. According to reporting on April 14, 2026, the decentralized exchange aggregator advised users to refrain from visiting its website.

The warning was issued after a frontend exploit was identified. As a result, users were specifically told not to access the platform’s web interface. The communication indicates that the incident affects the website layer through which users typically interact with the service.

No additional operational details were disclosed in the source material. The core message from the DAO was clear: users should avoid visiting the CoW Swap website until further notice.

Frontend Exploit Affects Website Access

The reported incident centers on a frontend exploit. In this context, the frontend refers to the web interface that users access through a browser. The DAO’s warning suggests that the issue is linked to this interface rather than to a broader announcement about the protocol’s underlying structure.

By urging users to stay off the platform, the organization signaled that accessing the website could pose risks while the situation remains unresolved. The use of the term domain hijacking indicates that control over the website domain was affected, prompting immediate precautionary measures.

For users, the practical consequence is straightforward: avoid interacting with the CoW Swap website until the DAO communicates that it is safe to return. The advisory applies specifically to visiting the platform’s online interface.

Impact on Users of the Decentralized Exchange Aggregator

CoW Swap operates as a decentralized exchange aggregator. Users typically rely on such platforms to access liquidity and execute trades through a web interface. When that interface is compromised or potentially compromised, direct interaction becomes a risk factor.

The DAO’s public guidance focuses on prevention. By instructing users to stay away from the website, the organization aims to reduce the likelihood of further exposure during the period in which the frontend exploit remains unresolved.

For users who monitor decentralized trading platforms, the key takeaway is operational rather than technical. Access to the platform via its website has been explicitly discouraged. Anyone considering transactions through CoW Swap must take this warning into account and monitor official communications for updates.

Timing and Source of the Report

The development was reported on April 14, 2026. The information originates from coverage by Cointelegraph, which cited the DAO’s warning and referenced the domain hijacking and frontend exploit.

At the time of reporting, no additional technical breakdown or timeline of events was included in the source material. The available facts are limited to the existence of a domain hijacking, the identification of a frontend exploit, and the DAO’s instruction to users to avoid the website.

There were no further details regarding the duration of the advisory or specific remediation steps underway. The central message remains the same: users should not visit the platform’s web interface until the issue is addressed.

Operational Consequences for Platform Access

When a decentralized exchange aggregator advises users to refrain from accessing its website, the immediate operational effect is a pause in normal user activity through that channel. For individuals who rely on the web interface to initiate or manage trades, the warning effectively suspends direct engagement with the platform.

The incident underscores the importance of monitoring official updates when interacting with decentralized services. In this case, the DAO has taken a precautionary stance by issuing a public alert. The measure is framed as a protective step following the identification of a frontend exploit linked to a domain hijacking.

No further claims or assessments about the broader system were included in the reported information. The advisory is limited to website access.

Our Assessment

Based solely on the available information, the DAO behind CoW Swap has identified a domain hijacking and related frontend exploit and responded by urging users to stay off the platform’s website. The immediate significance lies in restricted access to the web interface of the decentralized exchange aggregator. Users are advised to avoid visiting the site until further notice, as communicated on April 14, 2026.

US Treasury Expands Cybersecurity Threat Intelligence to Crypto Firms – Digital Asset Platforms Gain Access to Federal Risk Data

Key Takeaways

Treasury Extends Cybersecurity Program to Digital Asset Companies

The US Department of the Treasury announced that its Office of Cybersecurity and Critical Infrastructure Protection is expanding a federal cybersecurity threat identification program to cover digital asset companies. Until now, the program primarily served traditional financial institutions.

Under the expansion, blockchain companies that choose to participate will receive the same cybersecurity threat intelligence as banks and other established financial entities. According to the Treasury, this information will be provided at no cost to participating firms.

Cory Wilson, deputy assistant secretary for cybersecurity at the Office of Cybersecurity and Critical Infrastructure Protection, stated that cyber threats targeting digital asset platforms are increasing in both frequency and sophistication. The expansion is designed to address those developments by integrating crypto firms more closely into existing federal threat sharing structures.

Policy Background: July 2025 Report on Digital Financial Technology

The initiative implements recommendations outlined in a July 2025 report titled “Strengthening American Leadership in Digital Financial Technology.” The report was issued under US President Donald Trump’s administration and focused on reinforcing the country’s position in digital finance.

By extending federal cybersecurity intelligence support to crypto businesses, the Treasury aligns digital asset infrastructure more closely with the regulatory and security frameworks applied to traditional finance. The announcement reflects a broader recognition that blockchain based platforms now form part of the financial system’s critical infrastructure.

Rising Financial Losses From DeFi Exploits

The decision comes amid continued financial losses from attacks on crypto platforms. According to data cited in the announcement, decentralized finance platform hacks resulted in nearly $169 million in losses during the first quarter of 2026 alone.

Between 2022 and 2025, the sector recorded significant cumulative losses from crypto related hacks. These figures highlight the persistent vulnerability of smart contract based protocols, centralized exchanges, and developer environments to cyber intrusion.

For users of crypto trading, staking, or betting platforms, such incidents can directly affect asset security, platform availability, and operational continuity. While the Treasury program does not mandate participation, it provides an additional source of threat intelligence to companies seeking to strengthen their defenses.

Drift Protocol Exploit Linked to Suspected State Affiliated Hackers

Recent events illustrate the type of threats the expanded program seeks to address. Drift Protocol, a decentralized cryptocurrency exchange, suffered a $280 million exploit in April 2026. According to a preliminary incident report from the company, the attack was carried out by suspected hackers affiliated with North Korea.

The Drift team reported that individuals who initially approached them at a major crypto industry conference were not North Korean nationals. However, the attackers allegedly maintained contact with the team for months following the event.

During that period, crypto stealing malware was deployed on developers’ machines. The malicious software was later activated in connection with the April exploit. The sequence of events demonstrates how social engineering and long term infiltration can precede large scale theft.

The Seals911 group, a team of blockchain cybersecurity specialists, assessed with medium high confidence that the attack was likely carried out by the same group responsible for the October 2024 hack of the Radiant Capital DeFi platform.

State Linked Cyber Threats and Industry Exposure

The Treasury’s announcement also reflects ongoing concerns about foreign intelligence operatives targeting crypto projects. State affiliated groups, including the North Korean linked Lazarus Group, have been associated with multiple high profile crypto attacks in recent years.

These operations often combine technical exploits with social engineering tactics. In the Drift case, direct in person contact at an industry event preceded the deployment of malware. Such methods expand the risk surface beyond code vulnerabilities to include human and operational factors.

For companies operating crypto exchanges, DeFi platforms, or crypto enabled betting services, this environment increases the importance of structured threat intelligence and coordinated response frameworks.

Implications for Digital Asset Platforms and Their Users

By granting crypto firms access to federal threat intelligence resources, the Treasury places digital asset businesses on a similar footing to banks in terms of information sharing. Participation remains voluntary, but the availability of no cost intelligence may lower barriers for smaller firms seeking institutional grade insights.

For users, including those active in crypto trading and online betting, the development signals closer integration of the crypto sector into national cybersecurity infrastructure. While it does not eliminate platform risk, it introduces an additional layer of coordination between public authorities and private operators.

The expansion also underscores the scale of recent losses and the operational sophistication of attackers targeting blockchain based services.

Our Assessment

The US Treasury has formally extended its cybersecurity threat identification program to digital asset companies, granting them access to the same intelligence provided to traditional financial institutions. The move follows policy recommendations from a July 2025 federal report and comes amid nearly $169 million in DeFi related losses in the first quarter of 2026. Recent incidents, including a $280 million exploit at Drift Protocol linked to suspected state affiliated hackers, illustrate the types of threats the initiative aims to address. The expansion integrates crypto platforms more directly into existing federal cybersecurity information sharing structures.

Bitcoin Depot ATM Operator Reports $3.6 Million in BTC Stolen – Corporate Hack Highlights Security Risks

Key Takeaways

Bitcoin Depot ATM Operator Confirms $3.6 Million Bitcoin Loss

A Bitcoin Depot ATM operator has reported that $3.6 million worth of Bitcoin was stolen in what the company described as a corporate hack. The incident was reported on April 8, 2026, and categorized as crypto-related news.

According to the report, the stolen assets were denominated in Bitcoin and amounted to $3.6 million. The company identified the event as a corporate hack, indicating that the breach affected internal systems rather than an isolated external transaction.

No additional operational details were included in the source material. The confirmed figure remains $3.6 million in Bitcoin.

Classification as a Corporate Hack

The company referred to the incident as a corporate hack. This classification distinguishes the event from other types of security issues, such as user-level account compromises or isolated wallet breaches. By labeling the event as corporate, the operator signaled that the breach occurred within its organizational infrastructure.

For readers who use crypto-related financial services, the distinction between individual account hacks and corporate-level breaches is relevant. A corporate hack suggests that internal systems were targeted, rather than a single end-user wallet or transaction.

The source material does not provide further technical details about the method of attack or the systems involved. The confirmed information remains that $3.6 million in Bitcoin was stolen and that the company described the incident as a corporate hack.

Implications for Crypto ATM Operators

The reported loss concerns a Bitcoin Depot ATM operator. Crypto ATM operators provide physical access points for buying or selling digital assets, including Bitcoin. In this case, the operator disclosed a loss linked to a corporate security breach.

For users who rely on crypto ATMs to convert cash into digital assets or vice versa, security practices at the corporate level are a central consideration. While the report does not describe customer impact or operational disruptions, the confirmed theft underscores that operators managing digital assets can be targets of cyber incidents.

The only quantified detail available is the amount reported stolen: $3.6 million in Bitcoin. No additional figures, timelines, or recovery information were included in the source material.

Why the Report Matters for Crypto Platform Users

For international users evaluating crypto-related services, including exchanges, betting platforms, or payment providers, reported security incidents form part of the broader risk landscape. A corporate hack involving millions of dollars in Bitcoin highlights that digital asset operators continue to face security threats.

The reported amount, $3.6 million, reflects a substantial sum in Bitcoin terms. The classification of the event as a corporate hack places the focus on internal infrastructure security rather than on individual user error.

The source material does not state whether law enforcement was involved, whether funds were recovered, or whether customer accounts were affected. The confirmed facts remain limited to the reported theft amount and the company’s description of the event.

Our Assessment

Based on the available information, a Bitcoin Depot ATM operator reported that $3.6 million in Bitcoin was stolen in a corporate hack. The case was reported on April 8, 2026, in the crypto category. The confirmed facts establish the scale of the reported loss and the classification of the breach as corporate in nature. No further operational or technical details were included in the source material.