The Month Crypto Got Wrecked: Inside April 2026’s $600M Attack Wave and the AI Tool That Broke KYC

The RPC Poisoning Attack That Cost $290M — And Why Retail Missed It Coming

On April 18, 2026, a sophisticated state-sponsored attacker poisoned the RPC infrastructure feeding KelpDAO's rsETH bridge, fraudulently approving 116,500 rsETH in transfers. By April 20, that theft had cascaded into $200M in Aave bad debt and triggered a $10B panic withdrawal wave across DeFi. One of the

X Coin Doesn't Exist — But the Scam Does

xcoincore.io is live right now, stealing from retail crypto users. Here's exactly how it works. X has not launched a cryptocurrency. There is no "X Coin." There is no presale. Anyone telling you otherwise is in the process of stealing from you. xcoincore.io is

Ledger Data Breach and Wrench Attack Campaign: When Digital Exposure Becomes Physical Threat

A compromised e-commerce database turned hardware wallet users into targets of physical coercion, proving that operational security extends far beyond private key management.

The $40M Hardware Wallet Phishing Theft: How Social Engineering Defeated Cold Storage

A sophisticated, multi-vector phishing campaign stripped 521.99 BTC from a high-net-worth individual despite hardware wallet protections.

Marlon Ferro Wrench Attack Ring: Coordinated Physical Home Invasions Targeting Crypto Holders

How a criminal enterprise merged digital surveillance with physical coercion to steal cryptocurrency from victims in their homes.

Bybit Multisig Blind Signing Hack: A $1.5 Billion Supply Chain Compromise via Safe{Wallet} Frontend Manipulation

How North Korea's Lazarus Group exploited blind signing and a compromised web interface to execute the largest single theft in crypto history.

Silent Swap: The JavaScript Supply Chain Attack That Weaponized the World's Most Downloaded Packages Against Crypto Users

A single phished developer credential turned billion-download npm packages into multi-chain wallet address hijacking infrastructure.

Julia Goodwin SIM Swap and Physical Attack: When Digital Compromise Escalates to Armed Home Invasion

A retirement-age crypto investor was targeted through carrier-level SIM hijacking, followed by violent physical coercion — exposing the lethal convergence of telecom fraud and real-world violence in crypto theft.

GreedyBear Malicious Firefox Extensions Campaign: A Supply-Chain Phishing Operation That Drained $1M Across Multiple Chains

Over 150 counterfeit browser extensions impersonating MetaMask and Coinbase Wallet weaponized the Firefox Add-ons ecosystem to harvest seed phrases at scale.

Trezor Support Impersonation Phishing: A $284 Million Single-Call Social Engineering Attack

One phone call. One compromised investor. 71% of January 2025's total adjusted crypto fraud losses.

Ledger-Global-e Customer Data Breach & Phishing Campaign: Supply Chain Data Exposure at Scale

Third-party e-commerce partner compromise exposes Ledger customers to targeted phishing, reprising the company's worst operational nightmare.