An address poisoning scam resulted in one victim losing $599,000 USDT.

RHEA Finance Security Incident Update: About a $400k shortfall remains, with a commitment to fully compensate it

RHEA Finance has released a follow-up update regarding the security incident on April 16, confirming that there has been tangible progress in recovering assets. As of this update, it is estimated that there is still an approximately $400k funding gap, mainly due to the combination of NEAR, USDT, and USDC in the lending market liquidity pool. RHEA Finance has committed to fully cover any remaining shortfall to ensure that all affected users receive full compensation.

Researcher Discloses Critical CVSS 7.1 Zero-Day Vulnerability in Cosmos Consensus Layer CometBFT

Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch. Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.

Venus Attacker Transfers 2,301 ETH to Mixer, Tornado Cash Used for Laundering

On-chain analysis tracks a Venus protocol attacker moving 2,301 ETH (~$5.32M) to a suspected wallet, then batching through Tornado Cash; about $17.45M remains on-chain. Abstract: This note summarizes on-chain activity related to a Venus protocol attacker, including the transfer of 2,301 ETH (~$5.32M) to a wallet and batch-mixing via Tornado Cash, with approximately $17.45M still held on-chain.

Scammers Impersonating Iranian Authorities Demand Bitcoin and USDT as Strait Passage Fees; At Least One Vessel Attacked After Payment

Gate News message, April 22 — Scammers posing as Iranian authorities are demanding cryptocurrency payments in Bitcoin or USDT from shipping companies in exchange for safe passage through the Strait of Hormuz, according to CoinDesk. Greek maritime risk firm Marisks has issued a warning that

Volo Protocol vault attacked, losses totaling 3.5 million, remaining TVL confirmed to be safe

The Volo within the Sui ecosystem posted a statement on the X platform, confirming that a security vulnerability occurred, resulting in about $3.5 million in assets being stolen from three specific vaults, involving WBTC, XAUm, and USDC. Volo said it notified the Sui Foundation and ecosystem partners immediately after detecting the attack, freezing all vaults to prevent further losses; Volo pledged to cover all losses and would not allow users to bear any responsibility.

KelpDAO stolen funds triggered a money laundering process, with THORChain’s daily volume surging 10x.

On-chain analyst Specter monitoring shows that North Korean hacker group TraderTraitor began money-laundering operations against the stolen funds of KelpDAO on April 22, just three hours after the Arbitrum Security Committee froze about 30,766 ETH. The attackers routed the funds via the THORChain bridge to the Bitcoin network, causing daily trading volume to exceed 10 times the 30-day average.