Hey,

I'll be honest with you:

I'm a little tired.

And a little scared.

I open the news every morning and there's another hack. Another protocol drained. Another company that should have known better. After a while it stops feeling like news and starts feeling like a slow leak you can't plug.

I'm writing this because we should keep an eye on it together.

On April there were mulitple incidents I want to share with you.

I’ll tell you what’s coming and what I'm doing about it personally.

What actually happened in April

Mac Users are a Big Target 🎯 (Mach-O Man)

Lazarus, the North Korean crew that drained KelpDAO, built malware made for Macs. Here's how they get you:

  1. They hijack a colleague's Telegram account.

  2. They send you a link.

  3. The page tells you something is broken: "paste this command into Terminal to verify you're human."

  4. That command is the malware.

Once it runs, it grabs your saved browser sessions, your Mac's keychain, and your crypto wallet credentials. Then it deletes itself so you don't notice.

If you take one thing from this newsletter: never paste a "verification command" into your Terminal. There is no legitimate website that asks you to do this. Ever.

The Vercel Hack

Two months ago, an engineer at a company called Context AI downloaded a Roblox cheat.

It was infected.

The malware grabbed his work passwords.

Those passwords ended up on the dark web.

Someone bought them. From there, the attacker walked into Context AI's systems.

They found that one of Context AI's users was a Vercel engineer, and that engineer had given the tool full access to his Google account. So they walked into Vercel through that door.

Read that chain again. It started with a game cheat on a personal computer. It ended with one of the largest cloud platforms on the internet breached, plus a $2M ransom demand.

The "the tools you trust got compromised" hacks

Bitwarden is one of the most popular password managers: millions of people use it. They have a separate tool that developers use from the command line.

For about 90 minutes on April 22, that developer tool was poisoned with malicious code.

If you use the regular Bitwarden app on your phone or browser, your passwords were not affected.

The poisoned version only hit developers who installed the command-line tool during that 90-minute window. Bitwarden caught it, contained it, and shipped a clean version.

Your vault is fine.

The lesson is brutal.

Even a strong security company can have a 90-minute window where their distribution channel gets owned. The supply chain — how software gets to you — is now the attack surface.

Lovable.

Lovable is one of those "describe what you want, the AI builds the app" platforms.

Cool product, $6.6B valuation.

Here's the bad part.

For 48 straight days, any free user could read other users' source code, database passwords, and AI chat histories.

All you needed was a project link. A researcher reported it.

The bug-tracking platform marked it as duplicate!!!

Lovable first denied there was a breach.

Then they blamed the bug-tracking platform.

They fixed it in the end.

If you built anything on Lovable before April 20, assume your project was readable. Rotate database passwords, API keys, and anything sensitive that lived there.

ClickUp.

This one is almost funny if it weren't so depressing.

A researcher went to ClickUp's homepage.

Then they looked at the public JavaScript code that loads in every browser.

Sitting in plain text was an API key!

With that key, anyone could pull 959 corporate emails — employees from Home Depot, Mayo Clinic, Fortinet, and a handful of US state government workers.

This was reported to ClickUp in January 2025. As of last week, (15 months later) they still haven't rotated the key.

The "DeFi infrastructure got broken" hacks

KelpDAO / LayerZero.

$292 million drained on April 18 — the biggest DeFi exploit of 2026 so far.

Same Lazarus crew.

They didn't break the smart contracts.

They broke the infrastructure that tells the smart contracts what's true between chains.

Combined with another hit on Drift Protocol on April 1, that's $575M lost to North Korea in 18 days.

I did a full breakdown on my X thread and YouTube — why the default LayerZero setup made this possible, and what happens to rsETH holders.

ZetaChain.

$300K drained from ZetaChain's own team wallets on April 27.

A function in their cross-chain bridge contract didn't check who was calling it.

Anyone could trick the bridge into signing transactions it shouldn't have.

Mainnet paused while they fix it. Small in dollar terms — but a sign that cross-chain bridges remain the weakest part of the DeFi stack.

Volo Protocol.

$3.5M on Sui, April 21.

Audited contracts were fine.

Admin private key was the problem.

Volo says they'll absorb the loss themselves.

Three things I want you to walk away with.

1) Smart Contract security has gotten good.

Audits, formal verification, bug bounties — they work. Almost none of these hacks were Solidity bugs. The wins of the last five years are real. The attack surface moved.

2) It moved to Operational Security and Supply Chain.

That means people, devices, vendors, dev tools, OAuth grants, npm packages, and infrastructure.

The chain has new weakest links and most teams haven't woken up to it yet.

3) AI changed the math, on both sides.

The same week these hacks were happening, Claude (running through Cursor) deleted PocketOS's entire production database in 9 seconds.

Including the backups.

Replit's AI agent did the same thing to SaaStr's database last summer.

AI agents now have credentials, network access, and the willingness to act fast. We're still figuring out how to put guardrails on them.

Meanwhile, attackers are using stronger models to scale phishing, generate social-engineering scripts, and analyze exploit chains faster than humans can. AI is now a force multiplier on both sides.

What I think comes next

More OAuth abuse.

The "Allow All" click is the new "click the email link."

Expect more Vercel-style breaches.

And more PocketOS-style AI agents — given access, breaking things they shouldn't.

More Mac targeting.

The "Macs don't get viruses" myth is over.

Lazarus picked Macs because crypto people use them. They won't be the last.

More bridge exploits.

Until LayerZero forces stricter defaults, the setup that broke KelpDAO is sitting under a lot of value.

A lot of protocols still run the same configuration.

Opsec professionalizes:

  • Endpoint protection.

  • Dark-web credential monitoring.

  • Locked-down OAuth scopes.

  • These become table stakes — not nice-to-haves.

Your playbook

If you have meaningful money onchain, fix these this week

1) Hardware wallet, non-negotiable.

Anything beyond pocket change goes on a Ledger or Trezor.

Your hot wallet is for gas.

2) 2FA: hardware key or authenticator app.

Never SMS for anything crypto-adjacent.

SIM swaps remain trivial.

3) Audit your OAuth grants today.

Open Google or Microsoft → "apps with access" → revoke every "Allow All" you don't need.

AI assistants are the priority.

4) The ClickFix rule.

If a webpage asks you to paste a "verification command" into Terminal, close the tab.

Pass this one to your less-technical friends and family.

It's the most effective consumer attack right now.

5) Mac users: endpoint protection on. Firewall on.

CrowdStrike, SentinelOne, or MalwareBytes Premium for the budget option.

Turn on macOS's built-in firewall (System Settings → Network → Firewall).

Add Little Snitch or LuLu to catch outbound connections.

That's how you spot an infostealer phoning home.

6) Compartmentalize.

Separate browser profile for crypto.

Separate email.

Ideally a separate device.

Your work laptop is not your DeFi laptop.

7) Password manager: keep using one. And: phishing now comes from "real" senders.

Be extra careful: real domain, real DKIM, real-looking email — with phishing links inside.

Hover, verify, type the URL manually before you click.

The bigger picture

The security “fight” is moving to opsec and supply chain.

And right now, we're losing against state-backed attackers.

This industry is still treating security like a feature, not a discipline.

An attack surface that keeps growing — more AI tools, more vendors, more cross-chain infrastructure plugged into systems that hold real money.

The encouraging thing: every one of these attacks had a known mitigation:

  • Endpoint protection would have caught Vercel.

  • Stricter LayerZero defaults would have helped KelpDAO.

  • Ownership checks would have made Lovable nothing.

So you know where the fight is.

And so you have a list to work through this weekend.

Stay safe.

Stay alert.

We're in this together.

— Juan

Keep reading