Aave and Compound have released a technical plan aimed at addressing the downstream impact from the $290 million hack of Kelp DAO.

Aave has set out a recovery plan after an April 18 exploit disrupted liquidity markets and collateral positions across multiple chains. The update describes how DeFi United, a coalition of ecosystem participants, plans to restore rsETH backing and normalize affected markets. The incident began when an attacker exploited a flaw in rsETH's bridge from Unichain to Ethereum, leading Ethereum to process a forged transaction. As a result, 116,500 rsETH was released to multiple addresses. Some of that rsETH was posted as collateral on Aave v3, and some was bridged to Arbitrum. Initial containment included Arbitrum's security council freezing 30,766 ETH tied to the exploit, though a large amount remained outstanding and markets were materially impacted. Aave says roughly 107,000 rsETH from the stolen amount is still locked in active positions on Aave and Compound. Under the DeFi United initiative, Aave is coordinating an industry response to rebuild rsETH's backing to its intended value of 1.017 ETH. The plan calls for converting ETH into rsETH in stages and depositing it into the bridge lockbox, a step Aave says will enable the system to safely resume normal operations. LayerZero and KelpDAO have introduced additional security measures aimed at reducing the risk of a similar event. Aave said it will pursue governance proposals on Ethereum and Arbitrum to unwind affected positions. As part of the process, rsETH's price will be temporarily adjusted to facilitate liquidations. Recovered tokens will be routed to a DeFi United-controlled multisig wallet, redeemed for ETH through Kelp's standard process, and applied to cover the shortfall in impacted markets. Aave estimates the recovery could return about 13,000 ETH for Aave, while Compound could regain roughly 16,776 ETH. The protocol added that all WETH and rsETH reserves on Ethereum Core, Arbitrum, Base, Mantle, and Linea will remain frozen during the recovery. Aave cautioned that, while the procedure is designed to restore rsETH without socializing losses to users, it carries execution risks. Key dependencies include securing the necessary governance approvals, the possibility of attacker interference during recovery, and the effectiveness of the new security controls once fully deployed. Aave said successful execution of the steps would restore rsETH backing and stabilize the affected markets.

On-chain data shows 115,884,320 USDC, valued at about USD 115,863,287, was transferred from the USDC Treasury to Coinbase Institutional.

A newly released postmortem details how a serious flaw in Litecoin's privacy layer was exploited earlier this year to create more than 85,000 LTC. The Litecoin network ultimately contained the incident with limited direct impact to users, but the fallout landed harder on cross-chain infrastructure that briefly acted on an invalid chain. MWEB validation flaw led to inflated pegout In the report dated 28 April, developers said the vulnerability originated in Litecoin's Mimblewimble Extension Block (MWEB). A validation bug let inconsistent transaction metadata pass checks during block processing, allowing an attacker to craft a malicious block and produce an inflated pegout totaling 85,034 LTC. The team detected the issue in March after scanning the chain and confirming the exploit had already taken place. With the funds not yet widely dispersed, mining pools coordinated to freeze the affected outputs. The attacker later cooperated by signing a recovery transaction that returned most of the funds, less an agreed 850 LTC bounty. The recovered LTC was rebalanced back into MWEB, effectively neutralizing the inflation event. No confirmed user losses were reported from the initial exploit. April chain split and a 13-block invalid branch In April, a second attempt to leverage the same weakness exposed a separate failure mode. While upgraded nodes rejected the malicious block, some mining nodes stalled when processing mutated block data. Unupgraded miners continued building on an invalid chain, which reached 13 blocks before upgraded miners overtook it and the invalid branch was removed. Developers emphasized this was not a rollback of valid Litecoin history, but a reorganization that discarded blocks produced under outdated rules. Even so, the temporary divergence created downstream risk for external systems. Cross-chain platforms processed transactions that later vanished Several cross-chain and swap services, including NEAR Intents and THORChain, processed activity on the invalid branch before the reorg finalized. Assets were exchanged based on transactions that did not ultimately exist on the canonical chain, resulting in measurable losses for those platforms. Fixes deployed, but broader risk remains Litecoin developers have shipped patches addressing both the original validation flaw and the node-handling issue. The network has returned to normal operations, and the MWEB balance has been fully restored. The postmortem also highlights operational and ecosystem risk: the successful response depended on rapid miner coordination and phased emergency updates, and it shows how a vulnerability in one network can cascade into losses across connected DeFi and cross-chain infrastructure. Final Summary Litecoin contained an inflation bug that briefly created about 85K LTC, with most funds recovered via coordinated miner action. Cross-chain protocols absorbed losses after processing invalid-chain transactions ahead of a 13-block reorg, underscoring rising systemic risk at the edges of DeFi infrastructure.

Token unlocks scheduled over the next seven days are set to add more than $330 million worth of supply to the crypto market, with SUI, JUP, SIGN, EIGEN, OMNI and GUN leading the largest one-time releases. Data from Tokenomist shows a mix of sizable cliff unlocks and ongoing linear unlocks across major projects. Unlock events are closely monitored because they increase circulating supply; when more tokens become tradable, traders often factor in potential selling pressure, especially in weaker market conditions or when liquidity is thin. On the cliff-unlock side, Tokenomist lists SUI, JUP, SIGN, EIGEN, OMNI and GUN as the biggest releases, each valued above $5 million. These one-off distributions tend to draw attention because the supply hits the market at once. SUI and JUP stand out given their active trading and engaged communities, while EIGEN remains on watch as restaking-related narratives continue to draw interest. Market impact can vary depending on who receives the tokens, whether they choose to sell, and the strength of demand at the time. In addition to the one-time events, several tokens will face steady daily issuance through linear unlocks. Tokenomist flags RAIN, SOL, CC, TRUMP and WLD as projects with daily unlock values above $1 million. Linear unlocks can soften abrupt shocks by releasing tokens gradually, but they still add persistent supply that markets may need to absorb. With both cliff and linear unlocks concentrated this week, the schedule is likely to influence short-term sentiment around the affected tokens, while longer-term investors may keep the focus on fundamentals and project execution rather than near-term supply changes.

Onchain Lens reported that a Matrixport-linked whale with more than $59 million in profits opened a 30,000 ETH long position over the past hour, using 15x leverage. The position is valued at about $68 million. The whale now holds a combined 58,000 ETH in long positions across three addresses—0xa5B0...1D41, 0xfd42...3d97, and 0x6c85...84f6—with leverage ranging from 15x to 20x, bringing total exposure to roughly $132 million.

State Street Bank plans to introduce a tokenized fund service in Luxembourg through State Street Investment Services by no later than the end of 2026, The Block reported. Built on the Digital Asset Platform, the offering is designed to manage tokenized and traditional funds in a single operating environment. It will provide end-to-end infrastructure spanning issuance, administration and custody, with clients able to execute operations and oversee risk controls through one interface.

Odaily Planet Daily reported that the Over Foundation said on X it has halted Over Protocol operations due to financial constraints. The foundation has taken all related infrastructure and services offline and does not plan to restore them, including OverWallet, OverNode, OverFlex, RPC endpoints, block explorers, and APIs. Over Protocol was positioned as a decentralized Layer 1 mainnet, but with the foundation withdrawing support, the network's practical continuity is now in question. Any ongoing block production would rely entirely on independent validators running the open-source client software.