THE BLOCK ANALYST

LlamaRisk, an Aave DAO Risk Service Provider, released its rsETH Incident Report, quantifying the potential bad debt impact on Aave under two scenarios:

1. Uniform loss socialization across all rsETH

~15.12% haircut, resulting in approximately $123.7 million in bad debt, with the largest absolute loss on Ethereum Core and the highest proportional shortfall on Mantle.

2. Losses isolated to L2 rsETH

~73.54% haircut, resulting in approximately $230.1 million in bad debt, concentrated on L2s. Mantle would face a 71.45% WETH shortfall and Arbitrum a 26.67% shortfall, while Ethereum Core would remain unaffected.

The report also notes that WETH reserves across chains are at 100% utilization with under $20 of idle liquidity, limiting liquidation capacity and potentially amplifying risk. It recommends pausing the WETH Umbrella module, with bad debt to be addressed jointly by the $AAVE DAO treasury and ecosystem participants.
#KelpDAOFacesAttack

Lido reports $21.6M rsETH exposure, may deploy $3M loss buffer

Lido stated that its EarnETH product has approximately 9% exposure to rsETH (~$21.6 million) via leveraged positions on Aave following the April 18 Kelp DAO incident. Loss outcomes depend on actions by Kelp, LayerZero, and Aave. If necessary, Lido may deploy a ~$3 million first-loss protection mechanism funded by its DAO treasury. stETH and wstETH remain unaffected, and the core staking protocol is not involved.
#KelpDAOFacesAttack $LDO

Wintermute CEO Says DeFi Composability is Under Threat from Cascading Hack Risks
#defi

KelpDAO Incident Statement from LayerZero
> The attack was as a result of the poisoning of the downstream RPC infrastructure used by the LayerZero Labs DVN, likely by DPRK’s Lazarus Group.
> The attack involved compromising RPC nodes, DDoSing backups, and forging messages
> The breach was isolated to KelpDAO's rsETH because they use a single-DVN setup.
> LayerZero recommend all integrators configure a multi-DVN setup with diversity and redundancy.
> All affected RPC nodes have been deprecated and replaced, and the LayerZero Labs DVN is now live.
#KelpDAOFacesAttack

KelpDAO Exploit Sparks Aave Bad Debt Due to $195M ETH Borrowing, TVL Crashes $6.28B
TVL drop from $26.396B to $20.114B, a decline of $6.28B, as many whales withdraw funds, including:
> MEXC withdrew $431M
> Whale 0x7CD0 (likely Nonco) withdrew $405.7M
> Abraxas Capital withdrew $392M
#avee

Agentic bots can now be created in just 2 taps on Telegram, says Pavel Durov.
$TON #Telegram

𝕏 Launches Its New Cashtags Feature in the US and Canada, Now Available on iOS
Bringing real-time financial data to X.
> When you search for or post a cashtag, X will automatically suggest matching stocks or crypto tokens to select the exact asset you had in mind.
> Anyone who taps a Cashtag will see posts mentioning it along with its price chart

x402 Protocol Introduces 'Upto' Parameter to Enable Pre-Authorized Agentic Payments
> x402 “Upto” allows agents to pre-authorize a spending limit and only settle the actual amount used onchain.
> Agent funds remain untouched in their wallet, free to be used elsewhere until the exact moment of settlement.

Ondo Finance Seeks SEC Clarity with No-Action Request for Tokenized Securities on Ethereum
> “The request is narrow. It asks for confirmation that SEC staff would not recommend enforcement action if we proceed with a specific model for recording and administering certain securities entitlements in tokenized form on Ethereum Mainnet in support of OGM products.”

US and Iran Have Failed to Reach a Deal
> US Vice President JD Vance says the US and Iran have failed to reach an agreement after marathon talks in Islamabad.
#IRAN

Binance Wallet Adds Pre-IPO Asset Discovery Feature
> Binance now lets users explore on-chain pre-IPO assets directly within the Wallet’s Markets section, with the first batch of 5 assets now available.

OpenAI Identifies Axios Security Issue, Mandates macOS App Updates for Certificate Protection
> OpenAI discovered a security issue involving the third-party Axios library (part of a broader industry incident) but found no evidence of user data access, system compromise, or software alteration.
> As a precaution, it is updating macOS app certifications and requiring users to update to prevent potential distribution of fake apps.
#AI

Metamask Launches Advanced Permissions, Built on ERC-7715 to Eliminate Repeated Approvals
> Advanced Permissions lets users approve exactly what a dapp can do in a single interaction.
> It grants dapps scoped, time-bound access to execute on behalf of users without extra signatures, separate wallets, or custody tradeoffs.
> Available now on the MetaMask Extension

TON Blockchain Upgrade Delivers 10× Speed Boost, Near-Instant Transactions, and 6× Block Rate Increase
#TON $TON

Anthropic Expands Partnership with Google and Broadcom for Multiple Gigawatts of Next-Generation Compute
> Anthropic has signed an agreement with Google and Broadcom for multiple gigawatts of next-generation TPU capacity, coming online starting in 2027, to train and serve frontier Claude models.
#AI

The “ETH killers” narrative keeps circulating… but the liquidity map says otherwise.
Ethereum still holds ~56.6% of all DeFi TVL, with every other chain fighting over the remaining half. The ecosystem keeps fragmenting, but capital keeps settling back to the same gravity well.
In DeFi, liquidity compounds. And Ethereum is still where the deepest pool sits.
#ETH $ETH

OpenAI and Anthropic Face Skyrocketing Computing Costs to Train Next-Gen AI Models
> An inside look at OpenAI and Anthropic’s finances ahead of their IPOs shows they both face soaring costs needed to train new AI models
> OpenAI expects to spend $121 billion on AI computing in 2028 alone, resulting in $85 billion in losses that year despite doubling revenue, while both companies race toward IPOs by year-end with similar challenges of mounting model training costs
#AI

Drift Protocol Releases Results of Investigation into $285 Million Theft

It states that the attack appears to be a long-term, organized infiltration operation lasting approximately six months.

Since the fall of 2025, attackers posed as a quantitative trading firm, continuously contacting Drift team members at multiple international crypto conferences and compromising devices through code repository links and the TestFlight application.

Drift indicates that this operation may be linked to the North Korean-related hacking group behind the 2024 Radiant Capital theft.

Block (Jack Dorsey's company) just open-sourced a local AI agent that goes way beyond code suggestions.

It's called Goose and it installs, executes, edits, and tests with any LLM fully on your machine.

100% Opensource.
#AI