Gate News message, April 20 — Solana liquidity protocol Orca responded to a recent security incident at Vercel, its frontend hosting provider, which involved unauthorized access to internal systems. Orca proactively rotated all potentially compromised keys and deployment credentials as a precautionary measure.
The protocol emphasized that the incident only affected the frontend hosting layer; the on-chain protocol and user funds remained unimpacted. Orca’s team continues monitoring developments and will provide timely updates.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
eth.limo domain hijacked; EasyDNS admits first social engineering attack in 28 years
The eth.limo domain was subject to DNS hijacking on April 17. The attacker, posing as a team member, successfully tricked the domain registrar EasyDNS into executing account recovery for the domain. Although this incident did not affect users, because the attacker did not obtain the DNSSEC key material, they were unable to bypass the trust chain. This incident highlighted the risks of social engineering in the crypto space and prompted eth.limo to switch to the Domainsure service, which does not support account recovery, to enhance security.
MarketWhisper26m ago
Curve Finance 預防性暫停 LayerZero 跨鏈,CRV 及 crvUSD 橋接受限
Curve Finance has been attacked over LayerZero infrastructure related to rsETH, and has temporarily suspended cross-chain functionality to prevent risk, impacting CRV cross-chain bridging and the fast bridging of crvUSD. Founder Egorov said the incident demonstrates the risk of “non-isolated lending,” and proposed a fully isolated mode as an alternative. Kelp DAO also suffered losses of about $292 million due to the attack, affecting lending activity on the Aave platform.
MarketWhisper43m ago
A Kelp bridge hack spreads and affects Aave, as TVL plunges and bad debt surges to 196 million
Liquidity re-staking protocol Kelp’s cross-chain bridge was attacked, stealing 116,500 rsETH and depositing it into Aave V3, resulting in roughly $196 million in bad debt. Aave’s contracts were not affected, but the incident revealed the systemic risk of LRT collateral, prompting DeFi protocols to re-evaluate their risk models, which could lead to losses for stkAAVE holders.
MarketWhisper49m ago
Third-party AI breaches Vercel; Orca urgently rotates the key and confirms the agreement is secure
Decentralized exchange Orca announced that it has completed key rotation and confirmed that users’ funds are safe. This was done because the cloud platform Vercel was attacked. The attack method used a third-party AI tool’s OAuth integration to enter the Vercel system. A supply-chain vulnerability made it difficult for traditional security measures to be detected. Vercel reminded users to review environment variables to strengthen security protections, and noted that encryption projects’ reliance on cloud infrastructure creates a new security risk.
MarketWhisper1h ago
Pause the Reserve agreement for eUSD and USD3 minting; the redemption function remains fully enabled
The Reserve agreement was paused on April 20 for the minting of eUSD and USD3 and the RSR redemption and withdrawal operations due to the Kelp DAO rsETH attack event, but the redemption function remains operational. The attack caused a liquidity crisis at Aave, deposits dropped significantly, and the price of AAVE tokens fell.
MarketWhisper1h ago
Kelp DAO Bridge Exploit Results in $293M Mint, Leaves Aave With Over $200M in Bad Debt
An attacker exploited a vulnerability in Kelp DAO's cross-chain bridge, stealing $293 million in unbacked rsETH. The incident caused significant losses for DeFi platforms, with Aave facing up to $236 million in bad debt and substantial impacts on the market.
GateNews7h ago
