Sui DeFi Protocol Volo Suffers Security Breach, $3.5M in Assets Stolen

North Korean Lazarus Group Releases New Mach-O Man macOS Malware Targeting Crypto

Summary: Lazarus Group released a native macOS malware toolkit named Mach-O Man, aimed at crypto platforms and high-value executives; SlowMist warns users to exercise caution against attacks. Abstract: The article reports that the Lazarus Group has unveiled Mach-O Man, a macOS-native malware toolkit aimed at cryptocurrency platforms and high-value executives. SlowMist warns users to exercise caution to mitigate potential attacks.

A Bitcoin toll scam appeared in the Strait of Hormuz, and after a ship paid, it was still shelled

According to CoinDesk on April 22, the Greek maritime risk services company Marisks issued a warning, saying scammers are impersonating Iranian authorities to send messages to multiple shipping companies and requesting Bitcoin or USDT as a “toll” to pass through the Strait of Hormuz. Marisks confirmed that the relevant messages are not coming through official Iranian channels, and, according to Reuters, said it believes at least one vessel was deceived and was still shelled when it tried to pass over the weekend.

RHEA Finance Security Incident Update: About a $400k shortfall remains, with a commitment to fully compensate it

RHEA Finance has released a follow-up update regarding the security incident on April 16, confirming that there has been tangible progress in recovering assets. As of this update, it is estimated that there is still an approximately $400k funding gap, mainly due to the combination of NEAR, USDT, and USDC in the lending market liquidity pool. RHEA Finance has committed to fully cover any remaining shortfall to ensure that all affected users receive full compensation.

Researcher Discloses Critical CVSS 7.1 Zero-Day Vulnerability in Cosmos Consensus Layer CometBFT

Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch. Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.

Venus Attacker Transfers 2,301 ETH to Mixer, Tornado Cash Used for Laundering

On-chain analysis tracks a Venus protocol attacker moving 2,301 ETH (~$5.32M) to a suspected wallet, then batching through Tornado Cash; about $17.45M remains on-chain. Abstract: This note summarizes on-chain activity related to a Venus protocol attacker, including the transfer of 2,301 ETH (~$5.32M) to a wallet and batch-mixing via Tornado Cash, with approximately $17.45M still held on-chain.

Scammers Impersonating Iranian Authorities Demand Bitcoin and USDT as Strait Passage Fees; At Least One Vessel Attacked After Payment

Gate News message, April 22 — Scammers posing as Iranian authorities are demanding cryptocurrency payments in Bitcoin or USDT from shipping companies in exchange for safe passage through the Strait of Hormuz, according to CoinDesk. Greek maritime risk firm Marisks has issued a warning that