Threat Intelligence Nearly $300M stolen from Kelp DAO cross-chain bridge heist April 20, 2026 Share By SC Staff (Adobe Stock) Cybernews reports that major liquid restaking protocol Kelp DAO had 116,500 rsETH, or almost $292 million, stolen following an attack against its LayerZero-powered cross-chain bridge on Apr. 18, surpassing the over $280 million losses recorded from the crypto heist against Solana-based decentralized finance exchange Drift Protocol . Allowing the illicit transfer of funds was the delivery of a fraudulent cross-network message that was recognized as a valid instruction. Two more attempts by the attacker to pilfer an additional $100 million after Kelp DAO froze its platform were thwarted. "We identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate," said Kelp DAO in a post on X. Such an intrusion has prompted Aave, which is the largest DeFi lending protocol, to freeze its rsETH markets. However, Aave founder Stani Kulechov emphasized that none of the platform's contracts were impacted by the external exploit. "Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed," noted Aave. SC Staff Related Threat Intelligence Multiple other companies purportedly breached by ShinyHunters, over 9M record leak warned SC Staff April 20, 2026 Hacking operation ShinyHunters has claimed to have compromised nine major brands, including fast fashion retailer Zara, convenience store chain 7-Eleven, and cruise line operator Carnival Corporation, while warning that it would release over 9 million records with personally identifiable information and internal data should the demanded ransom remain unpaid by Apr. 21, Cybernews reports. Threat Intelligence Trojanized TestDisk installer, Microsoft binary tapped for illicit ScreenConnect deployment SC Staff April 20, 2026 Trojanized TestDisk installer, Microsoft binary tapped for illicit ScreenConnect deployment Attacks launching a malicious TestDisk installer and exploiting a Microsoft-signed binary for DLL side-loading have enabled the clandestine injection of the ConnectWise ScreenConnect remote monitoring and management software as part of a search engine optimization poisoning campaign, according to GBHackers News. Phishing Tycoon 2FA relinquishes crown to similar PhaaS platforms SC Staff April 20, 2026 Last month's takedown of over 300 active domains used by the Tycoon 2FA phishing-as-a-service platform, which was once the most prolific PhaaS kit, has prompted threat actors to transfer to the Mamba 2FA, Sneaky 2FA, and EvilProxy platforms that have since integrated Tycoon 2FA's tools, according to SecurityWeek. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Brute Force Deauthentication Attack Dictionary Attack Distributed Scans Drive-by Download Dumpster Diving Fault Line Attacks Google Hacking Password Cracking Reconnaissance You can skip this ad in 5 seconds