Economic losses caused by major Web3 security incidents reached $629M, representing an increase of approximately 231% compared to the previous month (March:$186M). This figure also marks the highest single-month loss since the Bybit Hack February 2025 (approximately $1.5B).

This demonstrates that AI-driven smart contract vulnerability exploits, together with cross-chain and social engineering combined attacks, are accelerating the amplification of loss scale. (Data source: GoPlus official monthly report and RektDatabase)

The types of security incidents were primarily concentrated in smart contract vulnerabilities, cross-chain bridge attacks, system vulnerabilities, private key / administrator privilege compromises, and social engineering attacks.

At the same time, with the deep application of large AI models and autonomous agents, attackers' ability to use AI to "instantly mine" historical vulnerabilities has been significantly enhanced, pushing onchain attacks into a "seconds-level" era.

High-risk incidents have also emerged in the AI security domain, mainly concentrated in supply chain attacks, credential hijacking, and loss of control in agent production environments.

I. Web3 Security

Contract Exploits, System Vulnerabilities, etc.

Losses caused by April Exploits (including smart contract vulnerabilities, cross-chain bridge attacks, system flaws, admin private key / privilege compromises, and social engineering attacks) were extremely severe.

Multiple major incidents combined resulted in over $600M in losses, with several large-scale events contributing the majority of the impact. Representative cases include:

  • On April 18, KelpDAO was maliciously drained of a large amount of rsETH via the LayerZero cross-chain bridge. The attacker then leveraged lending protocols such as Aave and Compound for leveraged operations, creating bad debt and resulting in a $292M loss. The attacker's fund flow is linked to Tornado Cash, indicating professional attacker behavior.
  • On April 2, one of Solana's largest DEXs, Drift Protocol, was attacked via social engineering combined with weak multisig configuration. The attacker completed admin privilege takeover within minutes, and drained approximately $280M within 10 seconds.
  • On April 16, the Russia-linked exchange Grinex was suspected to have its hot wallet compromised, leading to suspension of operations, with losses of approximately $13.7M.
  • On April 17, Rhea Finance was exploited on NEAR, resulting in losses exceeding $7.6M.
  • On April 22, Volo treasury contract was exploited, resulting in approximately $3.5M in losses (WBTC, XAUm, USDC).
  • On April 25, Purrlend was attacked on MegaETH and HyperEVM, with total losses of approximately $1.5M.
  • On April 29, four smart contract attacks occurred within 48 hours on Ethereum. AI enabled "instant mining" of historical vulnerabilities, resulting in approximately $1.5M in total losses.
  • On April 15, CoW Swap suffered a DNS hijacking attack, resulting in approximately $1.2M in losses.
  • On April 29, the perpetual contract of Aftermath Finance on Sui was exploited, resulting in approximately $1.1M in losses.

In addition, multiple mid- and small-scale incidents occurred, including ongoing attacks on ZetaChain cross-chain contracts (~$330K), ThetanutsFi integer overflow (~$50K), SubQuery missing access control (~$130K), AethirCloud (~$400K), among others.

Security Recommendations:

Projects should maintain continuous auditing across smart contracts, system configurations, team permissions, and development processes. Regular privilege audits for critical personnel are required, along with implementation of device isolation, zero-trust principles, and periodic updates. It is strongly recommended to use the GoPlus DeepScan platform for AI-driven continuous vulnerability scanning, to prevent attackers from leveraging AI to automatically discover historical vulnerabilities and execute "seconds-level" attacks.

Phishing & Scams

Phishing attacks and scams in April continued to cause significant losses. Representative cases include:

  • The Ledger spoofed app incident (April 7–13), where over 50 victims were affected, resulting in total losses of approximately $9.5M across multi-chain assets (Bitcoin, EVM, Tron, Solana, Ripple).
  • A user lost approximately $221K in WBTC after signing a malicious increaseApproval transaction.
  • Address poisoning attack, where a victim transferred funds to a forged similar address in transaction history, resulting in approximately $386K in USDT losses.

Security Recommendations:

Users are advised to install the GoPlus security plugin to enable real-time interception of phishing links, identification of risky signatures, and monitoring of approval and transaction risks. At the same time, users should adopt a zero-trust mindset and strictly follow GoPlus anti-phishing "4 Don'ts": Do not click, Do not install, Do not sign, Do not transfer.

II. AI Security Incidents & Trends

In April, the AI security landscape remained highly critical. Attackers further penetrated AI infrastructure, credential systems, and agent production environments, with supply chain attacks and agent loss-of-control emerging as new focal points.

1. Supply Chain Attacks & Credential Hijacking

Vercel AI supply chain attack (April 20): The attacker first compromised the third-party AI tool Context[.]ai, then leveraged Google Workspace OAuth credentials previously authorized by Vercel employees to perform hijacking. By doing so, the attacker bypassed enterprise SSO and MFA, successfully took over accounts, and conducted lateral movement within Vercel's production environment, leading to large-scale exfiltration of core data.

This incident highlights the risks of third-party AI tool supply chains and the critical importance of environment variable management.

2. Unauthorized Access to Restricted AI Models

Anthropic Mythos model exposure (April 21): Anthropic's top-tier cybersecurity model Mythos — described as "too dangerous to be publicly released" — was accessed by a small Discord group. The attackers leveraged naming rules leaked via Mercor, guessed endpoint addresses, and used legitimate credentials from third-party contractors to gain silent access for up to two weeks.

This incident echoes last month's Claude Code Leak, once again exposing risks in AI model access control and supply chain credential management.

3. Agent Loss-of-Control & Hallucination Risks

On April 27, a production database deletion incident involving Cursor + Claude Agent occurred. A housing rental startup granted full admin privileges of its production database to a Cursor + Claude Agent. During execution, the AI directly deleted the production database, resulting in a complete halt of business operations.

Key Lessons (Strongly Recommended Engineering Principles for All AI Developers):

  • Never grant agents admin privileges in production environments. Their permissions must be strictly more restricted than any human employee (principle of least privilege).
  • All destructive operations (e.g., database deletion, schema modification) must be subject to strict management and approval processes.
  • Snapshots ≠ backups. True backups must be offsite, offline, immutable, and regularly tested for recovery.
  • Operating agents must be accompanied by appropriate security tooling to prevent risks caused by attacks or loss of control.

Security Recommendations

In agent development and enterprise AI applications, strictly audit third-party toolchains and dependencies, enforce the use of "Sensitive" flags for environment variables, and rotate high-privilege credentials in a timely manner.

It is recommended to integrate AI-native security tools such as AgentGuard to enable security auditing, dynamic risk control, permission isolation, and human-in-the-loop mechanisms, thereby establishing full lifecycle protection.

III. Summary & Outlook

Incidents in April — including KelpDAO, Drift Protocol, and the Cursor + Claude production database deletion event — demonstrate that with the explosive adoption of large AI models and autonomous agents, the boundaries of Web3 security are being fundamentally reshaped.

The threat landscape has evolved from isolated smart contract exploits to full-spectrum, multi-vector attack and defense scenarios, covering social engineering, supply chain poisoning, AI-driven automated vulnerability discovery, and loss of control in agent production environments.

Three Core Pain Points & Security Recommendations

Pain Point 1: Social penetration + human trust remain the weakest link Multisig/social engineering attacks such as those targeting Drift Protocol, as well as privilege misuse by AI agents, demonstrate that technical measures like cold wallets and multisig cannot fully defend against long-term trust exploitation.

Recommendation: Strictly enforce Zero Trust architecture, combined with mandatory multi-party cross-verification mechanisms.

Pain Point 2: Security environments are becoming highly dynamic — static defense is no longer effective AI enables "instant mining" of historical vulnerabilities, rendering traditional one-time audits insufficient.

Recommendation: Projects should establish continuous, 24/7 auditing systems, integrating AI security platforms such as GoPlus DeepScan into CI/CD pipelines to achieve real-time monitoring and dynamic risk detection.

Pain Point 3: Boundaries of AI supply chain and model access control are increasingly blurred Incidents such as the Vercel supply chain attack, Anthropic Mythos unauthorized access, and agent-driven production database deletion demonstrate that prompt injection, credential leakage, and third-party toolchain poisoning are rapidly moving from the application layer into infrastructure layers.

Recommendation: Adopt security tools such as AgentGuard to continuously scan agent toolchains and enforce runtime monitoring. In production environments, strictly isolate unknown plugins and dependencies.

In the era of deep integration between Web3 and AI, any blind confidence based on past security records can lead to catastrophic consequences.

Only by maintaining constant vigilance and continuously upgrading security awareness and tooling (GoPlus DeepScan + AgentGuard) can builders effectively defend against emerging and unknown threats.