protocols

According to CoinDesk, after KelpDAO was attacked resulting in a loss of $292 million, the industry's scrutiny of the security of cross-chain infrastructure continues to heat up, with approximately $4 billion in assets having completed or currently migrating from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP).The DeFi protocol Lombard is the latest project to join this migration trend. The protocol announced it would abandon LayerZero and migrate over $1 billion in Bitcoin-backed assets to Chainlink CCIP, stating that this decision stemmed from a comprehensive internal security review following the April attack incident.Lombard issues two types of Bitcoin-backed tokens—LBTC and BTC.b—and will prioritize the migration of assets on chains such as Solana, Etherlink, Berachain, Corn, and TAC, while terminating the use of LayerZero on Morph and Swell. Lombard stated that the reason for choosing CCIP is its independent node operators, built-in rate limiting mechanisms, and audited infrastructure. Additionally, the protocol will adopt Chainlink's cross-chain token standard to achieve asset cross-chain circulation through a burn-and-mint model.Previously, Kelp DAO, Solv Protocol, Re, and the cryptocurrency exchange Kraken have all completed similar migrations, with these projects collectively transferring approximately $4 billion in assets. Chainlink Labs Chief Business Officer Johann Eid stated, "We are witnessing a continued wave of risk-averse migration within the industry."

According to analyst Tom Wan's monitoring, despite LayerZero issuing an apology statement, several protocols with a total TVL of approximately $2 billion have announced their migration to Chainlink CCIP, including KelpDAO ($1.5 billion), SolvProtocol ($600 million), and re ($200 million).Meanwhile, the top assets still using the LayerZero OFT standard include: USDe/sUSDe (Ethena), weETH (Etherfi), USDT0 (Tether), thBILL (Theo), and WBTC (Bitgo), with specific migration progress to be determined by project announcements.Previously, LayerZero formally apologized for poor communication regarding security incidents over the past three weeks. The official acknowledged that its internal RPC was attacked by the Lazarus Group and admitted to mistakenly allowing LayerZero Labs DVN to act as a 1/1 verification node for high-value transactions, leading to a single point of risk.

Andre Cronje stated in an interview with Cointelegraph that many DeFi protocols today are "no longer truly DeFi" and are more like "profit-driven companies operated by teams," as they generally rely on upgradable contracts, multi-signatures, off-chain infrastructure, and manual operational control.Cronje pointed out that the current industry is still overly focused on smart contract audits while neglecting operational risks that are closer to traditional finance (TradFi). He believes that recent attack incidents are not due to code vulnerabilities but stem from off-chain infrastructure, permission management, and social engineering attacks.The discussion arises from the recent frequent security incidents in DeFi. In April, protocols such as Flying Tulip, Drift Protocol, and Kelp encountered security events, with Drift and Kelp suffering losses of approximately $280 million and $293 million, respectively.In response, Flying Tulip has introduced a "Withdrawal Circuit Breaker," which can delay or queue withdrawal requests when unusually large withdrawals occur, allowing the team about 6 hours to respond. Cronje emphasized that this mechanism does not permanently freeze withdrawals but serves as a layer of protection within the security system.However, Michael Egorov holds a cautious attitude towards this. He stated that the circuit breaker itself could also become a new point of centralized risk. If control permissions fall into the hands of an attacker, the mechanism originally intended to protect the protocol could instead be used to freeze assets or directly transfer funds.Egorov believes that the long-term direction of DeFi should be to minimize human intervention and centralized permissions as much as possible, rather than adding more layers of manual control. "The security of DeFi comes from decentralization, not more human management."

Orca posted on the X platform that its frontend is hosted on the cloud hosting platform Vercel. In response to the Vercel security incident, all potentially leaked keys and deployment credentials have been rotated out of caution. Orca's on-chain protocol and user funds were not affected. The official team will continue to monitor the situation and will provide updates as more information becomes available.

According to data from DefiLlama, in the first quarter of 2026, hackers stole over $168.6 million in crypto assets from 34 decentralized finance (DeFi) protocols, a significant decrease from $1.58 billion during the same period in 2025, when the high losses were mainly due to the $1.4 billion theft incident from Bybit.The largest single attack this quarter was the private key leak incident at Step Finance in January, resulting in a loss of approximately $40 million; followed by the attack on Truebit due to a smart contract vulnerability on January 8, resulting in a loss of $26.4 million in Ethereum; and third was the private key theft incident at stablecoin issuer Resolv Labs on March 21.

SolanaFloor's latest data shows that the impact of the Drift protocol vulnerability incident continues to expand, with the number of affected protocols increasing from 11 to 20. Nine new protocols have been added: PiggyBank, Perena, Vectis, Valeo, Amp Pay, Loopscale, Prime Numbers Fi, Gauntlet, and Exponent.In terms of specific losses, Prime Numbers Fi estimates losses of over $10 million, Gauntlet approximately $6.4 million, Neutral Trade about $3.67 million, Elemental DeFi around $2.9 million, Reflect Money about $1.95 million, Vectis approximately $1.69 million, Ranger Finance around $919,000, Pyra about $551,000, and PiggyBank has confirmed losses of $106,000, which will be fully compensated by the team.Each protocol has taken corresponding measures, with most suspending minting, redemption, deposits, withdrawals, or related treasury functions. Prime Numbers Fi is still under evaluation and has not announced specific actions. Vectis has not responded but has been confirmed by Ranger Finance to have risk exposure. Gauntlet has restricted further supply and is coordinating with Drift.

According to official news, Gate has officially launched the USDT staking AAVE-Plasma protocol and the USDC staking AAVE V3 (ARB) protocol products. Users can participate in staking with a minimum of just 1 USDT or 1 USDC, allowing them to earn on-chain returns with one click. The current reference annualized yield is as high as 3.23%.It is reported that USDT and USDC staking are Gate's on-chain staking products, allowing users to participate in decentralized liquidity markets through the AAVE-Plasma and AAVE V3 (ARB) protocols, thereby obtaining real on-chain returns. Earnings will be automatically distributed to accounts daily in the corresponding tokens, and users can redeem at any time.

At the "Build and Scale in 2026" themed forum recently held by ChainCatcher in Hong Kong, Spark co-founder Sam MacPherson delivered a keynote speech on "The Growth Engine of DeFi," systematically explaining how Spark builds an integrated solution to address the fragmentation and inefficiency of on-chain capital markets by integrating savings, lending, and institutional-level capital allocation.Sam MacPherson pointed out that the current on-chain capital market still faces challenges of severe fragmentation and low capital utilization efficiency. Spark builds its growth engine through three core products: first, the all-chain savings account Spark Savings, which has managed over $2.75 billion in deposits, providing users with a safe and stable income entry; second, the lending protocol SparkLend, which focuses on blue-chip assets and captures value by reducing external protocol commissions and protocol fees; third, institutional lending in collaboration with the Anchorage custodian, seeking risk-adjusted returns between DeFi, CeFi, and traditional finance.He believes that the next phase of DeFi's growth will rely on integrated protocols that can seamlessly integrate multi-chain liquidity, provide institutional-level risk control, and possess sustainable token economic models. Spark is promoting the evolution of DeFi towards a more efficient and robust direction through its product matrix and ecosystem development.

According to official updates, SUN.io has announced the completion of a new upgrade to its smart routing system, officially introducing the Universal Router and Permit2 protocols. After the upgrade, users can complete optimal path exchanges across multiple liquidity pools such as SunSwap V1/V2/V3, Curve, PSM, and HTX-SUN in a single transaction. At the same time, through Permit2's one-time high-limit authorization and signature validity period and limit mechanism, it significantly reduces the energy consumption costs of repeated authorizations and enhances security.The official Tron mainnet Permit2 and Universal Router contract addresses have been disclosed, reminding users to interact with the contract addresses disclosed by the official source to securely enable a more efficient trading experience.

MultiversX announces a collaboration with OpenAI and Stripe to support its Agent Commerce Protocol (ACP), providing infrastructure for AI-driven on-chain transactions. ACP is an open standard that allows AI agents to complete product discovery, purchasing, and payment within a chat interface, without the need for wallet operations or paying Gas fees.MultiversX has implemented support for ACP through an open-source adapter and introduced the Relayed v3 protocol, offering native Gasless transaction capabilities, allowing users to complete transactions without holding EGLD.Additionally, MultiversX supports Google's Universal Commerce Protocol (UCP), covering the entire shopping process from product discovery to post-sale support. Combined with the upcoming Supernova upgrade (which achieves sub-second finality), MultiversX lays the groundwork for automated work contracts and decentralized value chains between AI agents. This integration enables AI agents to execute transactions seamlessly, driving the development of a machine-to-machine economy and providing new financial infrastructure for both on-chain and off-chain ecosystems.

a16z Crypto published a long article on platform X stating that the timeline for the emergence of quantum computers capable of breaking cryptocurrencies (CRQC) is often exaggerated, and the likelihood of their appearance before 2030 is extremely low. The risk status of different cryptographic primitives varies.Post-quantum encryption needs to be deployed immediately due to the "harvest now, decrypt later" (HNDL) attack. In contrast, post-quantum signatures and zkSNARKs are less susceptible to HNDL attacks; migrating too early could bring risks such as performance overhead, immature implementation, and code vulnerabilities. Therefore, a cautious rather than hasty migration strategy should be adopted.For blockchains, most non-privacy public chains like Bitcoin and Ethereum primarily use digital signatures for transaction authorization, so there is no HNDL risk. The pressure to migrate mainly comes from non-technical challenges such as slow governance, social coordination, and technical logistics.Bitcoin faces unique issues, including its slow governance speed and the existence of millions of quantum-vulnerable tokens worth hundreds of billions of dollars that may be abandoned. In contrast, privacy chains, due to their encryption or concealment of transaction details, do face HNDL attack risks and should transition as soon as possible.a16z Crypto emphasizes that in the coming years, implementation security issues such as code vulnerabilities, side-channel attacks, and fault injection attacks are more urgent and significant security risks compared to the distant threat of quantum computers. Developers should prioritize investment in code audits, fuzz testing, and formal verification.

The blockchain infrastructure company TenX Protocols announced that it will be listed on the TSX Venture Exchange (TSXV) under the ticker symbol "TNX".The company has completed over 33,000,000 CAD (approximately 24,000,000 USD) in financing this year, which includes 29,900,000 CAD in subscription receipt financing related to the public listing and 3,500,000 CAD in seed round financing. TenX stated that it will use these funds to purchase tokens from high-throughput blockchain networks such as Solana, Sui, and Sei, and participate in staking, while also investing in its own infrastructure products and services. Part of the financing was conducted through digital assets (including SOL, SEI, and USDC) at a price of 0.75 CAD per subscription receipt.

According to DL News, the circulation of PayPal's stablecoin PYUSD has surged by 224% since September, surpassing $3.8 billion, making it the sixth largest stablecoin.The DeFi protocol Ethena has become the largest holder of PYUSD, holding $1.2 billion through the custodian Copper. PayPal is providing incentives on the decentralized exchange Curve Finance by partnering with liquidity management company Sentora, and subsidizing user yields for DeFi protocols.The Solana lending protocol Kamino currently offers nearly 6% annualized yield for lending PYUSD, partially subsidized by PayPal. Over the past three months, the scale of PYUSD on Solana has increased from $250 million to over $1 billion.U.S. Treasury Secretary Scott Bessen expects the stablecoin market to reach $3 trillion by 2030.

According to a report by theblock, the total locked value (TVL) of Ethena's synthetic stablecoin USDe has dropped from $14.8 billion in October to the current $7.6 billion, a decline of over 50%.The sharp decline is mainly due to the liquidation of a large number of leveraged loop strategies emerging in DeFi protocols, particularly in lending markets like Aave. Currently, the yield of USDe (around 5.1%) has fallen below the borrowing cost of 5.4% for USDC on AAVE, leading some participants to close their positions.The report states that despite the decrease in TVL, the usage of USDe is on the rise, with on-chain transaction volume exceeding $50 billion last month, indicating that even as speculative positions are gradually unwound.

According to DefiLlama data, the total value locked (TVL) in lending protocols across the network is currently reported at $68.342 billion, a decrease of $11.96 billion from $80.302 billion.During the same period, the total market capitalization of stablecoins also saw a significant decline: a decrease of 0.71% in the past week, with a market cap reduction of $2.17 billion.

Blockchain security company BlockSec posted on social media that Balancer and several forked protocols have been attacked. The losses are as follows:Balancer on Ethereum chain lost $70 million;Balancer on Base chain lost $3.9 million;Balancer on Polygon chain lost $117,000;Beets on Sonic chain lost $3.4 million;Balancer on Arbitrum chain lost $5.9 million;Beethoven on Optimism chain lost $283,000.