One Bridge Exploit Just Wiped $13 Billion From DeFi in Two Days

On Saturday at 17:35 UTC, an attacker drained 116,500 rsETH (roughly $292 million) from Kelp DAO's cross-chain bridge, making it the largest DeFi exploit of 2026. The attack targeted LayerZero's messaging infrastructure, which Kelp used to move its restaked ether token between more than 20 blockchains. The attacker compromised two of LayerZero's own verification servers, then DDoS'd the backups to force failover onto the poisoned nodes. The bridge believed a valid cross-chain instruction had arrived and released the tokens. LayerZero has preliminarily attributed the attack to North Korea's Lazarus Group.

What happened next was worse than the exploit itself. The attacker took the stolen rsETH, deposited it into Aave V3 as collateral, and borrowed roughly $196 million in wrapped ether against it. The collateral was stolen and effectively unbacked, but Aave's smart contracts treated it as legitimate. Aave's total value locked cratered from $26.4 billion to $17.9 billion in 48 hours as depositors fled. The AAVE token fell 16%. Across the broader DeFi ecosystem, TVL dropped $13.2 billion, from $99.5 billion to $86.3 billion, as SparkLend, Fluid, Euler, Lido, and Ethena all froze or paused products with rsETH exposure.

Now Kelp and LayerZero are pointing fingers at each other. LayerZero blames Kelp for running a single-verifier bridge configuration despite warnings to adopt multi-verifier redundancy. Kelp is firing back: the compromised verifier was LayerZero's own infrastructure, the single-verifier setup is LayerZero's default onboarding configuration, and 40% of protocols on LayerZero run the same setup. Security researcher @banteg confirmed that LayerZero's reference deployment code ships with single-source verification defaults. Chainlink's Zach Rynes accused LayerZero of "deflecting responsibility" for its own compromised infrastructure.

Aave initially said its "Umbrella" safety module would cover the deficit, then walked that back to "explore paths to offset." Stani Kulechov, Aave's founder, emphasized that Aave's own contracts were not compromised. But that's cold comfort for depositors. Aave accepted a liquid restaking token as collateral, and when the bridge backing that token got drained on a chain Aave doesn't control, the bad debt landed on Aave's balance sheet anyway. As Aave's latest update put it: rsETH and WETH remain frozen across affected markets while they "assess potential resolutions."

The lesson is one bitcoiners have been screaming for years. When you build layers of abstraction on top of layers of abstraction, restaked tokens on cross-chain bridges used as collateral in lending protocols, the blast radius of a single failure becomes unknowable until it detonates. Bitcoin has no bridges, no restaking layers, no liquid receipt tokens, no composable counterparty chains. That's not a limitation. As we've noted in conversations like our recent deep dive with John Arnold on stablecoins and public blockchains, the complexity of the DeFi stack is the risk. Bitcoin's simplicity is the feature.

Iran Rejects Deal, Seizes Ship, Ceasefire Deadline Passes

Why it matters: The Hormuz situation remains binary. Deal or escalation, nothing in between.

Friday's optimism evaporated over the weekend. After initially appearing to agree to surrender enriched uranium and open the Strait of Hormuz, Iran reversed course, rejecting the uranium deal and saying Hormuz will stay restricted while the US blockade holds. The US Navy seized an Iranian cargo ship on Sunday. Polymarket puts the odds of a permanent US-Iran peace deal by April 22 at just 15.5%. BTC dropped from $78K back to the $75K range as markets priced in the renewed uncertainty. As we've been tracking since the talks collapsed, this situation remains fluid.

Bitcoin Optech #401: Nested MuSig2 for Lightning, secp256k1 Gets Formally Verified

Why it matters: Institutional-grade Lightning security and the first formal proof of Bitcoin's core crypto library.

This week's Optech was loaded. ZmnSCPxj proposed using nested MuSig2 to enable k-of-n multisig for Lightning routing nodes, which would let institutional holders split channel keys across multiple signers without changing the on-chain footprint. Separately, researchers formally verified secp256k1's modular scalar multiplication using Rocq/VST, the first time anyone has mathematically proven absence of memory errors in Bitcoin's core cryptographic library. Coldcard 6.5.0 shipped MuSig2 signing and miniscript support, Utreexod 0.5 uses SwiftSync to cut initial block download from 1.4TB to roughly 200GB, and silent payments scanning went from 1 hour to 0.5 seconds with GPU acceleration.

Cerebras Files S-1 for Nasdaq IPO

Why it matters: An Nvidia competitor going public signals the AI compute market is far from winner-take-all.

AI chip startup Cerebras Systems filed its S-1 with the SEC on Thursday, targeting a Nasdaq listing under ticker $CBRS. The company reported $510 million in revenue and $88 million in net income, with a target valuation around $23 billion. Cerebras builds wafer-scale processors designed specifically for AI training and inference, a fundamentally different architecture from Nvidia's GPU approach. The filing signals that the AI compute bottleneck is attracting real capital into alternative hardware. Competition for TSMC foundry capacity will only intensify.

Strategy Bought Another 17,000 Bitcoin Last Week

Why it matters: STRC preferred stock is now a bitcoin accumulation machine running at 14,000-17,000 BTC per week.

Strategy's STRC preferred stock drove the purchase of an estimated 17,000 bitcoin last week, following roughly 14,000 the week before. Saylor also announced the company will move to twice-monthly dividend payments on STRC to reduce face value volatility. Meanwhile, spot bitcoin ETFs took in just under $1 billion in net inflows for the week, and Charles Schwab announced direct bitcoin trading is coming to its platform within weeks.

Northwestern Prints Artificial Neurons That Talk to Real Ones

Why it matters: Brain-machine interfaces just moved from science fiction to laboratory proof of concept.

Researchers at Northwestern University have successfully 3D-printed artificial neurons that can communicate with biological neurons, forming functional synaptic connections in lab cultures. The synthetic neurons use conductive hydrogels that mimic the electrochemical signaling of real neural tissue. This is early-stage research, but it represents a significant milestone for brain-machine interfaces and neural prosthetics. The convergence of AI, biotechnology, and materials science continues to accelerate in ways that will reshape how we think about human-computer interaction.

Alcoa in Talks to Sell Dormant Smelter to NYDIG for Bitcoin Mining

Why it matters: Industrial-scale energy assets continue migrating from legacy industry to bitcoin mining.

Major US aluminum producer Alcoa is reportedly in advanced talks with NYDIG to sell a dormant smelter in upstate New York for conversion to bitcoin mining. The trend of repurposing stranded industrial energy assets for mining continues to accelerate. Smelters, steel mills, and shuttered power plants all share the same profile: massive grid connections, cheap land, and no current economic use. Bitcoin mining gives them a second life and turns stranded energy into sound money.