Crypto & Ransomware Brief — April 24, 2026
The DeFi sector faces a systemic crisis following the Kelp DAO exploit, with total value locked collapsing by $15 billion across major protocols in just 72 hours. Aave alone dropped from $45 billion to $30 billion as the breach triggered cascading withdrawals and a fundamental repricing of DeFi credit risk—stablecoin deposit rates surged from 2.32% to over 13% as $13 billion fled the ecosystem. Hackers behind the $300 million Kelp DAO theft have begun laundering funds through mixing services, while Volo Protocol on Sui lost an additional $3.5 million in a fresh exploit. The Kyrgyzstan-based Grinex exchange shut down after a $13.7 million breach, though Chainalysis analysis suggests the incident may be an exit scam rather than the Western state-sponsored attack operators claimed. A separate breach at web infrastructure provider Vercel exposed customer API keys, forcing crypto projects to conduct emergency credential rotations.
On the ransomware front, threat actors are demonstrating both technical evolution and insider collaboration. Kyber ransomware has become the first confirmed operation to implement post-quantum cryptography, using ML-KEM1024 to protect AES-256 encryption keys—a move security researchers characterize as primarily psychological rather than practically necessary. Trigona ransomware has deployed a custom command-line exfiltration tool to accelerate data theft, while The Gentlemen RaaS operation has claimed hundreds of victims in under a year, achieving rapid scaling comparable to established groups. Angelo Martino, a Florida-based ransomware negotiator, pleaded guilty to providing confidential victim information to the BlackCat group to maximize ransom payments, becoming the third U.S. security professional convicted of aiding cybercriminals. UK data shows ransomware actors have largely abandoned broad, untargeted campaigns in favor of human-operated attacks against small businesses, while a former FBI cyber chief called for terrorism designations against groups targeting hospitals following attacks like the Anubis group's strike on Signature Healthcare Brockton Hospital in Massachusetts.
Sources: NewsБТС · CoinDesk · Bloomberg · The Street · Hackread · CoinDesk · Ars Technica · Bleeping Computer · Dark Reading · SecurityWeek · SC World ·
