Category: Business

The popular Spiderman meme showing three identical superheroes pointing fingers at each other is having its crypto moment today.

Kelp DAO is set to push back on LayerZero’s post-mortem of Sunday’s $290 million exploit, which essentially blames Kelp, a L2 source familiar with the matter told CoinDesk. Kelp plans to dispute the cross-chain messaging firm’s claim that it ignored repeated warnings to move away from a single-verifier setup. CoinDesk has reviewed and verified the memo Kelp plans to publish.

Kelp is a liquid restaking protocol that takes user-deposited ether, routes it through a yield-generating system called EigenLayer, and issues a receipt token, rsETH, in exchange.

LayerZero is the cross-chain messaging infrastructure that moves rsETH between blockchains, using entities called DVNs (decentralized verifier networks) to verify whether a cross-chain transfer is valid.

On Saturday, attackers drained 116,500 rsETH, worth about $290 million, from Kelp’s LayerZero-powered bridge by poisoning the servers that LayerZero’s verifier relied on to check transactions.

Kelp, the source said, is planning on saying the DVN that was compromised via what it calls a “sophisticated state-sponsored attack” was LayerZero’s own infrastructure, not a third-party verifier.

Attackers compromised two of LayerZero’s own servers that check whether cross-chain transactions are legitimate, then flooded the backup servers with junk traffic to force LayerZero’s verifier onto the compromised ones.

All of that infrastructure was built and run by LayerZero, not Kelp, the sourceclaimed.

The source contested LayerZero’s framing of the “1/1 configuration” as a fringe choice made against guidance. LayerZero’s post-mortem said KelpDAO chose a 1-of-1 DVN setup despite expressing recommendations to configure multi-DVN redundancy.

A “1/1 configuration” means only a single validator must sign off on a cross-chain message for the bridge to act on it, leaving the system with no second check to catch a compromised or forged instruction. A multi-validator configuration (such as 2/3, 3/5, etc.) ensures there is no single point of failure that can approve a forged message on its own.

They added that, through a direct communications channel with LayerZero, which has been open since July 2024, they produced no specific recommendation for Kelp to change the rsETH DVN configuration.

LayerZero’s own quickstart guide and default GitHub configuration point to a 1/1 DVN setup, the source told CoinDesk, adding 40% of protocols on LayerZero are currently using the same configuration.

The configuration Kelp ran also appears in LayerZero’s own V2 OApp Quickstart, where the sample layerzero.config.ts wires every pathway with one required DVN and no optional DVNs. That’s the same 1/1 structure.

Kelp’s core restaking contracts were not touched, and the exploit was isolated to the bridge layer, they added. Its emergency pause, 46 minutes after the drain, blocked two follow-up attempts that would have released an additional ~$200 million in rsETH.

CoinDesk reached out to LayerZero for comment on the story and didn’t hear back by the time of publication.

‘Deflecting responsibility’

Security researchers are also not buying LayerZero’s isolated framing, which pinned the blame on Kelp.

Kelp is a liquid restaking protocol. Its core competency is staking infrastructure, EigenLayer integration, and liquid staking token management. When integrating with LayerZero, Kelp relied on LayerZero’s documentation, their defaults, and their team’s guidance to make configuration decisions, the source claimed.

Yearn Finance core team developer Artem K, who is popularly known as @banteg on X, posted a technical review of LayerZero’s public deployment code and said that the reference setup ships with single-source verification defaults across every major chain, including Ethereum, BSC, Polygon, Arbitrum and Optimism.

That deployment also leaves a public endpoint exposed that leaks the list of configured servers to anyone who queries it.

Banteg flagged in his analysis that he can’t prove which configuration Kelp used, but noted that LayerZero usually asks new operators to use its default setup, which its post-mortem criticized.

Chainlink community manager Zach Rynes put it bluntly on X, alleging that LayerZero was “deflecting responsibility” for its own compromised infrastructure and accused the company of throwing Kelp under the bus for trusting a setup LayerZero itself supported.

As such, LayerZero has said it will no longer sign messages for any application running a single-verifier setup, forcing a protocol-wide migration.

Read more: ‘DeFi is dead’: crypto community scrambles after this year’s biggest hack exposes contagion risk

Binance says users and funds are safe after Vercel’s $2m data breach, spotlighting how a single SaaS compromise can ripple across Web3 front ends.

Vercel, a widely used cloud hosting and front‑end deployment platform in the crypto ecosystem, disclosed a “limited” security incident after attackers gained unauthorized access to some internal systems and began offering alleged internal data for sale for $2 million. According to incident summaries, the dataset advertised on underground forums purportedly includes internal databases, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens, with hackers claiming it could be used for “global supply chain attacks.”

Vercel said services remain operational and that only “a limited subset” of customers appears affected, but it has urged teams to rotate secrets and is working with law enforcement and external incident response specialists. The company traced the intrusion to a compromised Google Workspace OAuth application belonging to a third‑party AI tool, turning what began as an upstream SaaS breach into a downstream infrastructure problem for any project depending on Vercel.

Binance, which relies on Vercel for some front‑end components, moved quickly to calm users’ nerves as details of the breach circulated through the market. According to Binance’s security update, the exchange’s “platform and user assets were not impacted” by the Vercel incident, and its security team launched an emergency response to assess potential exposure across “all Binance front‑end products.” The exchange said it contacted Vercel directly to validate the scope of the breach and completed an internal risk assessment while continuing to monitor for any signs of compromise.

Vercel chief executive Guillermo Rauch emphasized that the firm had “analyzed our supply chain” and that core open‑source projects such as Next.js and Turbopack remain safe for developers, even as investigations into the internal systems breach continue. Nonetheless, with Vercel sitting behind front ends for many DeFi protocols, exchanges and Web3 infrastructure providers, security researchers warn the episode is likely to trigger a wave of secret rotations, credential audits and deployment reviews across the sector as teams reassess how much trust they place in shared hosting providers.

With attackers explicitly marketing Vercel’s alleged internal data as a springboard for supply‑chain attacks, the incident highlights how a single compromised SaaS integration can ripple across dozens of crypto projects at once. For now, no major blockchain platforms have publicly confirmed direct impact, but exchanges and protocol teams are being pushed into a live‑fire test of their own incident‑response playbooks and assumptions about third‑party risk.

Crypto exchange Coinbase (COIN) is working with Bybit, one of the largest crypto trading platforms, to explore ways to tokenize, custody and distribute assets such as U.S. public and pre-IPO stocks, a person familiar with the plans told CoinDesk.

The talks, which are ongoing, do not involve any sort of stake acquisition or similar deal for Bybit to enter the U.S., said the person, who asked to remain anonymous because they are directly involved in the discussions, dismissing a report of an investment publicized last month.

It makes sense for Bybit to partner with an American company, the person said, because the U.S. is home to certain assets that global users want. Bybit is international, while Coinbase is U.S.-focused.

Working together, the two can bring U.S. assets to a wider market in, for example, Asia, according to the person. Within five years, tokenization will bring any asset to users globally through a single app.

“Even if Coinbase becomes a super app in the U.S., they are still only in the U.S,” the person said.

The two companies’ explorations into tokenized stocks come as other market participants explore similar link-ups. Intercontinental Exchange (ICE), the owner of the New York Stock Exchange, in March announced it was taking a stake in crypto exchange OKX. Just last week, Deutsche Boerse, made a $200 million strategic investment into Kraken.

Bybit’s plan to enter the U.S. market does involve a local partner, but it’s not Coinbase, the person said.

The new U.S.-focused joint venture, said to be spearheaded by former Bybit co-CEO Helen Liu, will involve an unidentified “local partner who is going to provide license and compliance.” Bybit will to provide tech, product and liquidity.

Bybit and Coinbase both declined to comment.

Continuing its weekly purchases, Strategy completed its weekly Bitcoin ($BTC) purchase and announced that it bought 34,164 $BTC last week.

Accordingly, Strategy purchased 34,164 $BTC, worth $2.54 billion, at an average price of $74,395.

Strategy founder Michael Saylor announced the news via a post on his X account.

“Strategy purchased 34,164 $BTC for approximately $2.54 billion, at approximately $74,395 per Bitcoin, and achieved a 9.5% $BTC return by YTD 2026.”

As of April 19, 2026, we hold 815,061 $BTC, purchased for approximately $61.56 billion at approximately $75,527 per Bitcoin.

This purchase is one of the largest the company has made recently, and with this latest acquisition, the amount of Bitcoin held by the company has exceeded 800,000 $BTC.

Based on Bitcoin’s fixed supply, the amount held by the company represents more than 3.8% of the final total of 21 million, and at current prices, this translates to a loss of approximately $400 million.

It was also stated that the recent purchases were made using proceeds from sales of Class A common shares (MSTR) and perpetual Stretch preferred shares (STRC) at market price.

Michael Saylor once again hinted at the company’s latest purchase. This time, Saylor gave his usual Sunday hint, updating Strategy’s Bitcoin purchase announcement by saying, “Think bigger.” This announcement suggested a larger purchase than the previous week’s 13,927 $BTC.

*This is not investment advice.

Digital asset investment products pulled in $1.4 billion last week, their strongest weekly haul since January and the third consecutive week of positive flows, according to CoinShares’ new report.

The result was driven by recovering risk sentiment tied to US-Iran ceasefire extension talks and Bitcoin’s mid-week move above $76,000, its highest level since February, the report notes.

Total assets under management reached $155 billion, with weekly flows representing 0.91% of AUM, the highest weekly intensity recorded year-to-date.

March CPI data, which came in at 3.3% year-on-year with a benign core reading of 2.6%, appeared to have little dampening effect on investor appetite.

Bitcoin and Ethereum led inflows, as altcoins diverged

Bitcoin drew $1.116 billion in inflows, lifting year-to-date totals to $3.1 billion, as its break above $76,000 marked a meaningful technical development following two months of range-bound trading.

Short-Bitcoin products saw just $1.4 million in inflows, indicating limited but residual hedging demand.

Ethereum attracted $328 million, its best weekly performance since January, bringing year-to-date flows to $197 million.

XRP and Solana recorded outflows of $56 million and $2.3 million, respectively, even as Bitcoin and Ethereum surged.

Regional flows show mixed signals

The regional breakdown is uneven. The US dominated with $1.5 billion in inflows and Germany chipped in $28 million, but Switzerland saw $138 million in outflows, the largest Swiss exit since November.

Market updates

Bitcoin traded at $75,249 at press time, up about 6% over the past seven days, while Ethereum gained more than 5% over the same period to top $2,300, per CoinGecko. Total crypto market capitalization stood at $2.6 trillion.

BitMine Immersion Technologies (BMNR), the largest Ethereum-focused digital asset treasury firm, sped up its crypto purchase pace as chairman Tom Lee sees growing signs of the crypto “mini-winter” ending.

The firm reported Monday it acquired 101,627 ether ($ETH) last week, its largest weekly haul since December 15. The purchase, worth roughly over $230 million at current $ETH prices, lifted BitMine’s total holdings to 4.97 million $ETH.

The move comes as most digital asset treasuries — except Michael Saylor’s bitcoin-focused Strategy (MSTR) — have slowed or halted buying in recent months. BitMine remains among the last large-scale buyers of ether-focused treasuries, continuing to provide a steady source of demand for $ETH.

BitMine’s total crypto and cash holdings stand at $12.9 billion. In addition to its $ETH treasury, the firm holds 199 bitcoin, $1.12 billion in cash and equity stakes including investments in Beast Industries and Eightco Holdings.

Chairman Thomas Lee said the firm sees signs that the recent downturn is nearing an end, pointing to $ETH’s rebound and broader market dynamics.

“Bitmine has maintained the increased pace of $ETH buys in each of the past four weeks, as our base case $ETH is in the final stages of the ‘mini-crypto winter,’” Lee said.

He added that ether has risen sharply from its early February lows and has outperformed equities since the start of the Iran conflict, supported by demand tied to tokenization and AI-related use cases.

BitMine has also continued expanding its staking operations. The firm has staked more than 3.3 million $ETH, or about two-third of its holdings, generating roughly $221 million in annualized revenue.

South Korea’s leading cryptocurrency exchanges, Upbit, Bithumb, and Coinone, have announced that they have added the KernelDAO (KERNEL) token to their delisting watchlist. This decision follows a joint review process aimed at enhancing investor protection.

Upbit stated in its announcement that this decision was based on two main reasons. The first is a security incident or potential attack risk that occurred in the wallets or distributed ledger infrastructure managed by the project and has not yet been fully resolved.

The second reason was that a comprehensive review of the project’s overall business model, sustainability, and development process revealed potential risks for users.

Exchanges emphasized that assets placed on the watchlist will be subject to stricter scrutiny for a specified period. During this process, criteria such as the project’s level of transparency, technical advancements, and community communication will be closely monitored. It was stated that if the necessary improvements are not made as a result of the review, the KERNEL token could be completely delisted.

Experts say that these coordinated steps by major stock exchanges in South Korea increase market discipline and aim to protect investors against risky projects. In particular, recent increases in security concerns and discussions about project sustainability have led stock exchanges to tighten their listing policies.

*This is not investment advice.