Aave Hit With Largest Capital Exit in Protocol History After DeFi Shock
A single exploit on April 19 triggered one of the fastest liquidity withdrawals the sector has ever seen, and the damage is still moving through the system.
Cyberattacks continue to shape risk perception across the digital asset ecosystem — exchange breaches, smart contract exploits, phishing campaigns, ransomware incidents, on-chain fund movements, security vulnerabilities, and the evolving threat landscape targeting crypto infrastructure — tracked with data-driven analysis and incident-level context.
A single exploit on April 19 triggered one of the fastest liquidity withdrawals the sector has ever seen, and the damage is still moving through the system.
The attacker moved nearly all stolen ETH into Bitcoin in roughly a day and a half, while Arbitrum scrambled to freeze a smaller portion of the funds on its own network.
The attacker funded the node through Monero and Hyperliquid weeks before the theft. Chainalysis mapped the entire trail. THORChain paused all trading.
A compromised private key let an attacker automate withdrawals from Polymarket's UMA CTF Adapter on Polygon. ZachXBT flagged it first. Losses passed $700,000 before the team responded. Polymarket says user funds are safe. The attacker has already split the proceeds across 15 wallets.
StablR's EURR and USDR lost their pegs on Sunday after an attacker compromised a single private key in a 1-of-3 multisig, minted 8.35 million unbacked USDR and 4.5 million EURR, and dumped them for 1,115 ETH. The stablecoin issuer holds a Malta EMI license and operates under MiCA. Regulation did not stop a key management failure.
One of the world's largest Bitcoin ATM operators filed an SEC Form 8-K on April 8, 2026, disclosing that an unauthorized party accessed its corporate IT systems and drained 50.903 BTC from settlement accounts. Customer platforms and user data were not affected.