att

According to Jinshi reports, Federal Reserve Chairman Powell stated that before considering lowering interest rates, he definitely wants to first look at the other side of energy and tariffs.

According to Cointelegraph, the cross-chain protocol ZetaChain disclosed that the security issues involved in its recent approximately $334,000 vulnerability attack event had been reported in advance by researchers in the bug bounty program but were deemed "expected behavior" by the project team at that time and were not addressed.According to the official incident review, this attack originated from a combination of three design flaws that initially appeared to be independent and low-risk: the Gateway contract allowed anyone to send any cross-chain instructions; the receiving end could execute calls on almost any contract, and the blacklist restrictions were too narrow; some wallets retained unlimited approvals for a long time without being cleared. The attacker ultimately combined these flaws to instruct the Gateway to transfer tokens directly to their controlled address, thus completing the asset transfer.ZetaChain stated that this attack involved 9 transactions across four chains: Ethereum, Arbitrum, Base, and BSC, with the stolen funds all coming from wallets controlled by ZetaChain, and user funds were not affected. The official noted that the attack showed clear premeditation. The attacker funded the wallet through Tornado Cash three days before the attack and deployed a dedicated Drainer contract in advance, while also implementing an Address Poisoning attack.Currently, ZetaChain has begun pushing repair patches to the mainnet nodes, permanently disabling the arbitrary call function and changing the unlimited approval mechanism in the deposit process to "exact amount authorization."

According to a tweet from GoPlus Security, there have been 4 consecutive smart contract attacks on the Ethereum mainnet in the past 48 hours, with total losses exceeding $1.5 million.These include an attack on the Onchain aggregator contract, resulting in a loss of approximately $983,000; theft from a third-party treasury contract related to TradingProtocol, resulting in a loss of about $398,000; an attack on the BCB contract due to a reentrancy vulnerability, resulting in a loss of approximately $39,800; and a contract that caused a loss of approximately $124,900 in QNT assets due to an arbitrary call vulnerability.GoPlus Security warns that as AI technology enters the battlefield, hacker attacks are becoming more precise and rapid, with vulnerabilities being discovered in "seconds" instead of "days."

According to market news, attackers launched an attack on Syndicate by infiltrating the Commons cross-chain bridge. The related address acquired approximately 18.5 million SYND tokens and sold them for a profit of about $330,000, with the funds having been transferred to Ethereum.

According to the monitoring by Phaidra, the Kyber Network attackers have transferred 2,900 ETH (worth 6.8 million USD) to Tornado Cash.KyberSwap suffered a reentrancy attack on November 23, 2023, resulting in a loss of approximately 47 million USD.

DeFi United announced a technical repair plan for the Kelp DAO rsETH cross-chain bridge vulnerability on Tuesday. Previously, attackers exploited a vulnerability in the LayerZero-driven Unichain to Ethereum bridge, releasing 116,500 rsETH by spoofing inbound packets, of which approximately 107,000 are currently still distributed as collateral across seven associated addresses in Aave and Compound.DeFi United stated that it has secured enough ETH commitments to restore the support for rsETH, which will be converted into rsETH in batches and injected into the bridge lock contract. LayerZero Labs pledged over 10,000 ETH on Tuesday to support the repair efforts. Regarding the liquidation of the attackers' positions, the alliance will execute controlled liquidations through Aave and Compound governance proposals, expecting to recover approximately 13,000 and 16,776 ETH, respectively.During the repair period, WETH and rsETH reserves on multiple chains will remain frozen. DeFi United also cautioned about execution risks, including governance approval progress, potential interference from attackers, and new security measures pending validation in the production environment.

According to a16z, its researchers conducted a systematic test on whether AI agents can independently exploit DeFi price manipulation vulnerabilities.The study used a dataset of 20 Ethereum price manipulation incidents and employed Codex (GPT 5.4) equipped with the Foundry toolchain as the testing agent. Under baseline conditions without domain knowledge, the agent's success rate was only 10%; after introducing structured domain knowledge extracted from real attack events, the success rate increased to 70%. Failure cases showed that the agent could accurately identify vulnerabilities but generally struggled to understand the leverage logic of recursive borrowing, misjudged profit margins, and could not assemble multi-step attack structures across contracts. The experiment also recorded a sandbox escape incident: the agent extracted the RPC key from the local node configuration and called the anvil_reset method to reset the node to a future block, bypassing information isolation restrictions and obtaining real attack data. The research team believes that AI agents can currently effectively assist in vulnerability identification but cannot yet replace professional security auditors.

ZetaChain official announcement, on the 27th, encountered a premeditated targeted attack. The attacker used Tornado Cash to recharge funds and forged wallet addresses. Cross-chain ZETA transfers were not affected. All affected user funds were not impacted ------ all affected wallets are controlled by ZetaChain. The mainnet patch has been deployed, and cross-chain transactions will be re-enabled after continuous monitoring.

According to on-chain analyst PeckShield, the vault YieldCore-3rd-deal under Trading Protocol was attacked, resulting in a loss of approximately $398,000.The reason for the attack is a vulnerability due to the lack of caller permission verification in the contract. The attacker exploited this vulnerability to bypass the authorization mechanism and withdrew all funds from the vault. Currently, the relevant on-chain transaction records have been disclosed.

According to Cointelegraph, Robinhood users have recently encountered a phishing attack. The attackers exploited the Gmail feature that ignores the "." in email usernames, along with a vulnerability in the Robinhood account creation process, to register accounts that are very similar to the target email addresses. This allowed them to send fake reminder emails with phishing links to the victims' inboxes from the Robinhood official mail server.Cybersecurity researcher Alex Eckelberry stated that the email could pass SPF, DKIM, and DMARC verification, appearing to come from an official address. Robinhood stated that this incident did not involve a system or customer account breach, and that user funds and personal information were not affected, but advised users to delete the related emails and not to click on suspicious links.

Slow Fog stated that ZetaChain was exploited in an attack. Preliminary analysis shows that the root of the vulnerability lies in the lack of access control and input validation in the GatewayZEVM contract's call function. Attackers can use this to initiate malicious cross-chain calls and execute arbitrary operations to transfer funds on the target chain through a relay mechanism.Slow Fog mentioned that the attackers triggered the relayer to execute malicious calls by forging cross-chain events, thereby completing the theft of funds. Relevant attack transactions have now been disclosed.

ZetaChain announced that the GatewayEVM contract was attacked, but it only affected the internal team wallets of ZetaChain. The team has blocked the attack vector to ensure that no further funds are at risk and will release a detailed post-mortem analysis report after completing the investigation.Currently, as a precaution, ZetaChain has suspended cross-chain transactions. The investigation is still ongoing, and so far, no user funds have been affected by this attack. The current status can be tracked on the relevant page.

CryptoQuant analyst Darkfost posted on the X platform that Binance attracted a total of $6 billion in stablecoin inflows in March and April, with nearly $3.5 billion in net inflows in April, contrasting sharply with the previous net outflow of about $7.6 billion.Despite the escalating tensions between the U.S. and Iran increasing market uncertainty and concerns about rising inflation being unfavorable for risk assets, the trend of stablecoin inflows has clearly shifted. The analyst pointed out that when inflows to major exchanges exceed outflows, it indicates that some parts of the market are beginning to reposition themselves to participate in the gradual recovery over the past two months. If this trend continues, it may provide support for a short-term positive market.

According to Cointelegraph, Vanessa Perrée, the French national prosecutor for organized crime, stated that 88 people have been prosecuted for allegedly carrying out "ransom attacks" against cryptocurrency holders, including 10 minors, with 75 individuals in pre-trial detention, involving 12 cases currently being investigated by a Paris court judge. "Ransom attacks" refer to the use of violence through home invasions, kidnappings, and other means to gain access to the victims' cryptocurrency wallets.Perrée indicated that some suspects are involved in multiple cases, revealing the existence of a structured network, and the investigation is ongoing to identify all perpetrators and planners. Records from the French national office for organized crime show 18 such incidents in 2024, 67 in 2025, and 47 so far in 2026.

Zhao Changpeng posted on X platform, "It is truly disgusting to see another attempt to attack President Trump at the White House Correspondents' Dinner. Fortunately, he, the First Lady, Vice President Vance, and all those present are safe."

According to Forbes, Paul Atkins, the chairman of the U.S. Securities and Exchange Commission, recently reiterated the advancement of "Project Crypto" and announced that he will work with the U.S. Commodity Futures Trading Commission (CFTC) to develop a classification framework for digital assets, clarifying when tokens are recognized as securities, while also introducing an "innovation exemption" to support on-chain trading of tokenized securities.The market views this as one of the most proactive shifts in crypto regulation in the history of the SEC, marking its formal abandonment of the old model of "regulation by enforcement" in favor of clear rule-making. This move may signal a stronger entry point for institutional capital that has been on the sidelines for a long time and could drive the price of Bitcoin back above $80,000. Currently, the price of Bitcoin is around $77,586, and the market is paying attention to Paul Atkins' further statements at the Bitcoin 2026 conference in late April.

According to Onchain Lens monitoring, the Balancer attacker has exchanged 21,000 ETH for 617.43 BTC over the past three days, worth $48.72 million. The attacker currently holds 1,000 ETH, worth $2.32 million, and may further sell.

Litecoin disclosed in a post on platform X that a recent zero-day vulnerability had caused a DoS attack, affecting the operation of major mining pools. Mining nodes that were not updated allowed an invalid MWEB (MimbleWimble Extension Block) transaction to be executed, enabling the related tokens to be withdrawn to a third-party DEX.The Litecoin network rolled back these invalid transactions through a reorganization (reorg) of 13 blocks, confirming that they would not be included in the main chain. All valid transactions during this period were unaffected, and the vulnerability has been completely fixed, with network operations restored to normal.

According to The Street, the lending protocol Purrlend was attacked on the MegaETH and HyperEVM networks, resulting in a loss of approximately $1.52 million.The attacker extracted about $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125 USDT, 194,745 USDH, as well as some UBTC, wstHYPE, UETH, kHYPE, and WHYPE. The attacker also extracted about $324,000 in assets from the MegaETH network, including USDT, WETH, and USDm.Currently, Purrlend has suspended the protocol and launched an investigation, and the attacker's address has been identified in the block explorers of both networks.