pda

The Zcash Foundation announced the release of the Zebra 4.5.1 version update to fix a consensus-level security vulnerability and strongly recommends that all node operators upgrade immediately.The vulnerability, identified as GHSA-2prc-cj5x-4443, involves a sigop (signature operation count) statistical error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects the incomplete patch issue from the previous 4.5.0 version, which was just released yesterday.The Zcash development team stated that the problem originated from discrepancies in sigop counting logic across different implementations, which could cause nodes to produce different results when validating transactions, thereby affecting on-chain consensus consistency. The fix was implemented by reverting and adjusting the Rust implementation logic to ensure alignment with the expected behavior of the protocol.The Zcash Foundation emphasizes that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only way to ensure that nodes remain on the correct chain and avoid potential fork risks.

The Zcash Foundation has released the node client Zebra version 4.5.0 update, which includes multiple security fixes, including a critical consensus vulnerability and several high-risk denial of service (DoS) issues. All node operators are strongly advised to upgrade immediately.It is reported that this core fix includes a sigop counting error caused by P2SH script parsing (which may lead to a consensus fork with zcashd), a defect in the NU5 block validation cache logic, a risk of transparent address balance overflow crashes, as well as multiple crashes and resource exhaustion vulnerabilities in RPC interfaces and memory pool handling. Additionally, some vulnerabilities can be exploited by malicious nodes, leading to node freezes, reboot loops, or even permanent shutdowns.

Vitalik Buterin updated on several CROPS AI related developments and pointed out that there is a clear intersection between the "CROPS Ethereum access layer" and "CROPS AI." He stated that if remote large language models could be called for payment through zero-knowledge proofs, it could also be used to solve the Ethereum private RPC reading issue.Meanwhile, Deepseek v4 has been released, and the 2-bit quantization version can run within 90 GB, but currently runs faster on Apple hardware; the messaging app messa has supported Telegram Alpha features; the model running tool luceb has shown higher efficiency when running intensive models; the local AI recording tool VoxTerm is still under continuous development. Vitalik Buterin also mentioned that large language models fine-tuned for specific applications will help improve secure code writing capabilities, and corresponding fine-tuned models should be available for Ethereum-related scenarios.

Ju.com’s official Chinese account has issued a notice stating that to cooperate with the financial audit of the group’s listing entity, the platform will initiate a special compliance review to enhance the transparency of fund management and the security of accounts.The notice requires users to promptly supplement or update KYC compliance materials according to the prompts on the page. Withdrawals can only be requested after submission and approval. The platform indicated that the withdrawal process is expected to return to normal after the completion of the financial audit.

According to the official announcement, Bitget will support the splitting of preSPAX tokens and adopt preSPCX as the new token code. The splitting ratio is 1:5, meaning that each preSPAX token can be split into 5 preSPCX tokens.According to the schedule, Bitget will temporarily remove the preSPAX/USDT spot trading pair on May 28 at 14:00 (UTC+8), and simultaneously suspend related unified account spot trading, spot strategy bots, and instant exchange functions. After the token split is completed, the preSPCX/USDT trading pair and instant exchange function will be opened on the same day at 17:00 (UTC+8). For more details, please refer to the Bitget official platform.

According to The Block, since the KelpDAO cross-chain bridge attack in mid-April, the total value locked (TVL) in DeFi has decreased by about 14%, from approximately $172 billion to $148 billion. The attackers exploited vulnerabilities in off-chain infrastructure rather than smart contract vulnerabilities, stealing about $292 million and exposing new infrastructure risks.The outflow of funds has continued for more than five weeks, indicating that investors are broadly withdrawing marginal capital rather than just targeting specific protocols that were attacked. Lending, as the largest DeFi category, saw its locked amount decrease from about $53 billion to $40 billion, marking the largest decline. Liquidity re-staking protocols also experienced significant drops. The KelpDAO attack indicates that as the security of smart contracts improves, off-chain infrastructure is becoming a more easily exploitable attack surface.

According to official news, KelpDAO stated that the last batch of 20,373.72 rsETH has been transferred to the rsETH OFT adapter earlier, thus completing the operational part of the rsETH recovery plan. KelpDAO also attached the relevant transaction information.

Binance updated the funding rate for the SPCXUSDT U-based Pre-IPO perpetual contract to 0% on May 21, 2026, at 16:00. If the funding rate for this contract remains at 0% on May 22, 2026, at 00:00, Binance will notify separately. Users holding open positions are advised to reassess their hedging strategies.

LayerZero Labs released a report on the KelpDAO attack incident, confirming that the KelpDAO rsETH cross-chain bridge built on its cross-chain communication protocol was attacked, resulting in the theft of approximately 116,500 rsETH (about $292 million). Several security agencies, including Mandiant, CrowdStrike, and independent researchers, attributed the attack to the North Korean-related hacker group TraderTraitor (UNC4899).The report indicates that the attack began on March 6, 2026, when the attackers used social engineering techniques to compromise a LayerZero developer account, obtain session keys, and infiltrate the RPC cloud environment, further contaminating internal RPC node data and manipulating return results to deceive monitoring systems and the decentralized verification network (DVN).LayerZero Labs officially announced that it will adjust its security strategy, including no longer allowing its DVN to act as the sole signer in a single validation configuration, while also rebuilding the affected cloud infrastructure and introducing short-term credentials, instant permission upgrades, and multi-party approval mechanisms to enhance security.

GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."

Ethereum co-founder Vitalik Buterin commented on the issue of Ethereum state storage, stating that even if users store data themselves, the blockchain only stores hashes, and transactions only include proofs, it still requires storage and updating of the data used to verify the proofs, and this data ultimately becomes almost as large as the state itself; Vitalik mentioned that there are solutions to the relevant issues, but they involve a large number of components and require trade-offs compared to the current Ethereum.Previously, DeFi content writer marilyn100x.eth stated that Ethereum has a state storage problem, where developers pay a one-time fee to write data, while nodes bear the long-term storage costs. However, EIP-8037 does not involve time-weighted rent or ongoing fees, but significantly increases the upfront gas costs for new contracts, accounts, and storage slots to control state growth during the scaling process.

Aave founder Stani Kulechov posted on the X platform that the next step of the rsETH technical recovery plan has been completed, and the loan-to-value (LTV) ratios of WETH loans across all affected networks have been restored to pre-event levels. Users can now again borrow on Aave using WETH as collateral, including through collateral and debt swaps.According to the Aave announcement, this recovery involves network deployments such as Aave V3 Ethereum Core, Ethereum Prime, Arbitrum, Base, Mantle, and Linea.

According to CoinDesk, after KelpDAO was attacked resulting in a loss of $292 million, the industry's scrutiny of the security of cross-chain infrastructure continues to heat up, with approximately $4 billion in assets having completed or currently migrating from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP).The DeFi protocol Lombard is the latest project to join this migration trend. The protocol announced it would abandon LayerZero and migrate over $1 billion in Bitcoin-backed assets to Chainlink CCIP, stating that this decision stemmed from a comprehensive internal security review following the April attack incident.Lombard issues two types of Bitcoin-backed tokens—LBTC and BTC.b—and will prioritize the migration of assets on chains such as Solana, Etherlink, Berachain, Corn, and TAC, while terminating the use of LayerZero on Morph and Swell. Lombard stated that the reason for choosing CCIP is its independent node operators, built-in rate limiting mechanisms, and audited infrastructure. Additionally, the protocol will adopt Chainlink's cross-chain token standard to achieve asset cross-chain circulation through a burn-and-mint model.Previously, Kelp DAO, Solv Protocol, Re, and the cryptocurrency exchange Kraken have all completed similar migrations, with these projects collectively transferring approximately $4 billion in assets. Chainlink Labs Chief Business Officer Johann Eid stated, "We are witnessing a continued wave of risk-averse migration within the industry."

Aave announced that its bug bounty program has been updated to better align rewards with the risk status of each part of the ecosystem and to simplify the review process. The maximum reward for critical vulnerability fixes for Aave V4 and Core Aave V3 has now been increased fivefold.

The Compound Foundation stated that, after closely collaborating with the Aave and KelpDAO teams, the relevant positions of the rsETH exploiters in WETH and wstETH Comet have all been liquidated over the weekend, and all rsETH held by the attackers has been transferred to DeFi United. Compound noted that the swift action effectively mitigated market risks and protected the safety of the protocol's suppliers and reserve funds.Compound also updated that the transfer restrictions for Ethereum WETH and wstETH Comet have now been lifted, and all Comet markets have resumed normal operations. The protocol stated that the top priority remains ensuring the overall safety of the platform and thanked the Aave and KelpDAO teams for their collaboration during the incident handling process.

The Compound Foundation stated that, after close collaboration with the Aave and KelpDAO teams, the relevant positions of the rsETH exploiters in WETH and wstETH Comet have all been closed over the weekend, and all rsETH held by the attackers has been transferred to DeFi United.Compound stated that the quick action effectively mitigated market risks and protected the safety of the protocol's suppliers and reserve funds. Compound also updated that the transfer restrictions for Ethereum WETH and wstETH Comet have now been lifted, and all Comet markets have returned to normal operation. The protocol stated that the top priority remains ensuring the overall safety of the platform and thanked the Aave and KelpDAO teams for their collaborative efforts during the incident handling process.

According to The Block, the U.S. Senate Banking Committee has released an updated 309-page text of the Clarity Act, which is set to be reviewed and voted on later this week. The new text includes language related to restrictions on stablecoin rewards, as well as provisions from the Blockchain Regulatory Certainty Act, clarifying that non-custodial developers do not fall under the category of money transmitters. Coinbase, which previously withdrew its support due to controversies over the stablecoin rewards provisions, has now shifted to support, but banking groups still believe the restrictions are insufficient.Meanwhile, the bill still does not include ethical constraints regarding profits from digital assets for the president and other federal officials. Democrats have stated that without relevant compromises, the bill will struggle to gain support.

According to official news, based on the update from the Arbitrum DAO proposal, a judgment creditor in an unrelated case served a restraining order to Arbitrum DAO regarding the ETH frozen after the rsETH incident. A few days later, Aave LLC filed an emergency motion to vacate. The court modified the restraining order, allowing for on-chain Arbitrum voting and transferring the frozen ETH to Aave LLC.After the transfer, the restraining order will attach to Aave LLC. The revised constitutional AIP retains the asset recovery intent approved by Arbitrum DAO, and ETH will still be used for the recovery of the rsETH incident. Aave LLC will comply with all court obligations during the litigation process.

Binance released the May reserve proof update. As of May 1, the user's net BTC balance is 606,742.388 coins, and the Binance wallet balance is 608,067.979 coins, with a BTC reserve ratio of 100.22%.In addition, the user's net ETH balance is 3,762,321.834 coins, and the Binance wallet balance is 3,762,328.82 coins, with an ETH reserve ratio of 100%. The USDT reserve ratio is 104.27%, and the BNB reserve ratio is 101.68%.

Polymarket announced the latest developments and feature updates, including the launch of measures to mitigate latency spam to ensure order placement and cancellation operations, fixing the "insufficient balance/authorization" error, and another core issue affecting limit buy orders is expected to be resolved in the coming days.In addition, Polymarket stated that it has identified and banned multiple clusters of ghost-fill accounts, which were all created before the deposit wallet system went live. Currently, any occurrence of ghost-fill behavior will be identified and banned, and the deposit wallet system will also prevent the continued bulk creation of new accounts. More updates will be released in the coming week to address previously outstanding issues.