Major Cryptos Focused on US-Iran Peace Talks; Shrug Off Biggest DeFi Hack of 2026

Key insights

As the two-week ceasefire agreement with Iran was on the cusp of expiring, President Trump announced an indefinite extension, marking yet another reversal from his comments on Monday that an additional extension would be “highly unlikely”. 

Risk-appetite rose following the announcement with BTC trading up past $78K, its highest since the onset of the war, though it fell short at the $78.5K resistance wall. 

Our in-house Risk Appetite Metric has continued to tick higher too, and now moves at a year-to-date high for both BTC and ETH. 

Block Scholes’ Risk-Appetite Indexes for both major assets have once more crossed over the -0.5 threshold from below; a crossing that has typically marked a transition into a more bullish market regime. 

Earlier in the week, options markets priced in the first premium towards OTM call options since January 30, 2026, as options traders briefly turned bullish over the near-term – unfortunately however that has yet to hold for long and skew quickly tilted towards put contracts again. 

Block Scholes BTC Risk Appetite Index

Block Scholes ETH Risk Appetite Index

‍

Block Scholes’ Risk Appetite Index measures the level of euphoria (above 1) or panic (below -1) in the spot market. Momentum in this index shows a strong relationship to spot returns.

The Art of the Deal

President Trump’s ‘Art of the Deal’ negotiation style and Iran’s refusal to give in to US demands continue to be the dominant driver of crypto spot prices. 

Only last Monday the President said in a phone interview that he would not be “rushed into making a bad deal”, and that it would be “highly unlikely” that he would renew the two-week ceasefire agreement set to conclude this week. That meant risk-on assets entered the week with a risk-off sentiment — BTC fell from $78K down to $74K, while US equities snapped their win-streak to end Monday’s session lower. 

Sentiment was further soured on news that Vice President JD Vance had cancelled his trip to Pakistan for a second-round of negotiations after Iranian officials refused to attend, citing unreasonable American demands. 

However, in a reversal that we may have now come to expect from the US president, Trump announced on Tuesday that the US-Iran ceasefire would be extended “indefinitely”, though the US’s naval blockade of the Strait of Hormuz would remain. 

BTC quickly rallied back up past $78K in response, though stumbled at the same $78.5K resistance that it failed to breach on Friday 17 April, 2026, when a flurry of comments from Trump had indicated a peace resolution was possible. 

BTC and ETH Spot Price

Despite a spot price that has been dynamic to changing geopolitical headlines, implied volatility in options markets on the other hand continues to dwindle lower. 

The term structure of at-the-money implied volatility levels is compressed around 40%, superficially suggesting that traders expect this level of volatility in spot price to persist over a longer-term horizon. 

However, longer-dated volatility levels have trended downward by around 10 points since early May as options traders price out the risk of a further extension to the conflict and the uncertainty that would entail. 

BTC ATM Implied Volatility

In last week’s report we highlighted that options markets had shown a more bullish tilt in Ether than they had in Bitcoin. 

However, over the past seven days, that optimism spread into BTC markets too. 

BTC’s 7-day 25-delta put-call skew turned positive for the first time since January 30, 2026, before the breakout of the conflict. 

BTC 25-delta Skew

Like in ETH markets, that positive premium towards out-the-money BTC call options did not last long. 

‍

Despite spot price once more reaching $78K (the same level it traded at when 7-day skew rose to 3.1% on April 17, 2026) skew has yet to turn bullish again and is currently trading at -2.9%.

For now it appears that options markets are refusing to turn bullish with serious conviction due to the back-and-forth uncertainty in diplomatic efforts between the US and Iran. 

However, beneath the surface, a number of bullish catalysts underpinning buy-side demand have emerged:

• Strategy purchased $2.54B worth of bitcoins over the past week, marking the digital asset treasury’s largest purchase since November 2024.
• Spot Bitcoin ETFs have purchased over $1.5B worth of bitcoins since last week, marking a sixth straight day of inflows.

Overall, such flickers of bullish sentiment suggest that major cryptos remain sensitive to developments surrounding the Middle East conflict, even sidestepping the largest DeFi hack so far in 2026.

DeFi Under Fire

Just weeks after a $286M exploit hit Drift Protocol, an even larger attack has struck DeFi. 

Kelp DAO (the liquid restaking protocol behind the rsETH token) was exploited, resulting in losses of around $292M.

The exploit occurred via Kelp’s integration with LayerZero V2, a cross-chain messaging protocol that enables tokens to be securely bridged between different blockchains.

LayerZero stated that North Korea’s Lazarus Group, the same group allegedly behind the earlier Drift Protocol exploit, is the “likely” perpetrator, though attribution has not been confirmed. 

On 18 April 2026 at 17:35 UTC, the attacker drained 116,500 rsETH, around 18% of the token’s 630,000 circulating supply, from Kelp DAO’s smart contract. 

These stolen tokens have since made their way across the DeFi ecosystem. 

Unlocking rsETH

‍

When rsETH is bridged across chains, Kelp uses a lock-and-mint model: rsETH is locked on Ethereum (the primary chain), and an equivalent amount is minted on destination chains as a representation of that locked collateral. 

Under normal conditions, rsETH on chains other than the Ethereum mainnet (such as layer 2s) is fully collateralised by rsETH tokens locked in an Ethereum-based smart contract. The tokens then minted representing a claim on the rsETH collateral on the Ethereum mainnet. 

The bridge enforces a key invariant: rsETH locked on Ethereum must always be greater than or equal to the total rsETH issued across other chains. 

To securely transmit messages between chains, Kelp relies on LayerZero’s messaging layer, which relays information via a Decentralised Verifier Network (DVN). A DVN is a set of independent entities responsible for verifying that an event on a source chain (such as burning or locking tokens) has actually occurred before allowing the corresponding action (such as minting or releasing tokens) on the destination chain. 

This verification step is critical, as it enforces the core assumption that cross-chain transfers are backed 1:1. 

In this case, the Unichain → Ethereum route was configured as a 1-of-1 DVN, meaning the verifier set contained a single entity and only one signature was required for a message to be accepted. This verifier relied on three RPC (Remote Procedure Call) nodes as data sources to observe the source chain and determine whether events had occurred. RPC nodes expose blockchain state, such as transactions, logs, and contract events, via an API, allowing off-chain systems like verifiers to reconstruct on-chain activity without running their own full node.

However, two of these nodes were compromised and returned manipulated data, while the third was taken offline by a DDoS (Distributed Denial of Service) attack, which overwhelmed the endpoint with traffic and rendered it unresponsive. With no reliable data source, the verifier’s view of the source chain was effectively controlled by the attacker.

The attacker then submitted a forged LayerZero message (packet) that falsely claimed 116,500 rsETH had been cashed in (burnt) on Unichain, and therefore an equivalent amount should be unlocked on Ethereum.

Kelp: “This was an attack on LayerZero's infrastructure. Kelp's own systems were not involved in building or operating that infrastructure.” 

Because the single remaining, non-malicious verifier’s view of the truth had been manipulated, and the DVN configuration was based solely on the single verifier’s signature, this fabricated message was accepted as valid and passed through the verification process without additional checks.

Once verified, the message was delivered to Kelp’s Ethereum-side bridge smart contract which is responsible for releasing rsETH on Ethereum when a valid inbound message is received. Acting on the false message, the contract released 116,500 rsETH to an attacker-controlled address.

Immediately before the attack, the Ethereum bridge smart contract held approximately 116,723 rsETH. After the forged message was processed, this balance dropped to just 223 rsETH, as 116,500 rsETH was released to the attacker. However, the total amount of rsETH circulating on other chains did not decrease accordingly, meaning a large portion of the non-Ethereum-based rsETH supply became unbacked by collateral.

The AAVE FALLOUT

Even though the hackers managed to exploit Kelp DAO’s cross-chain bridge smart contract to release 116,500 rsETH, the radius of the attack’s impact has extended far beyond Kelp DAO. 

In particular, the largest lending protocol in the DeFi space, Aave, has been particularly exposed. 

rsETH was an accepted collateral asset across V3 and V4 instances of Aave on both Ethereum and Arbitrum. Once the attacker had access to the 116,500 rsETH, they didn’t try to sell it into DEX liquidity. Given that 116,500 rsETH is roughly equivalent to around 18% of the token’s supply — a sell order of this size may have, in the short-term, resulted in a worse execution price quoted by AMMs.

Instead (according to Aave’s Incident Report published yesterday), the attackers deposited 89,567 of the 116,500 rsETH as collateral on Aave to borrow WETH against it. 

53,400 rsETH (equivalent to $132.1M) was supplied on Aave V3/ V4 Ethereum, allowing the attacker to borrow 52,854 WETH (worth $122.2M). 

The rest of the funds (~$89.2M) were bridged to Aave V3/V4 Arbitrum, where close to 30,000 WETH ($68.7M) was borrowed. 

According to the report, the total amount of WETH borrowed was equivalent to $190.86M (while a smaller $2.33M of wstETH was also borrowed) against the $221.39M (89,567 rsETH) collateral. 

The Aave team were quick to highlight that none of their smart contracts had been compromised, but as a safety precaution, all rsETH markets were frozen on the protocol. 

The Arbitrum Security Council has also been able to freeze 30,766 ETH associated with the exploit.

As the news of the hack spread, traders began to price in the risk that Aave might not be able to recover the ~$200M of WETH that had been borrowed against the stolen rsETH collateral. 

The WETH that had been stolen by the hackers ultimately came from Aave depositors who deposited WETH on the protocol in order to earn a yield. 

The AAVE governance token fell nearly 20% from $111 to below $90 in the hours after the hack as the market priced in that tail, while total value locked across the protocol (the aggregate USD value of all assets deposited in Aave's smart contracts) dropped from $26B to around $15B. 

The token is now more than 85% below its May 2021 all-time high of $661. 

Additionally, since the hack, more than $12B worth of USD deposits have left the protocol — a sign that traders have rushed to de-risk and withdraw their funds from any existing positions in the protocol.

However the sharp drop in AAVE’s spot price did not spread over to other blue-chip major tokens. 

Below we plot the spot price of AAVE against ETH around the time of the hack (dotted red line). 

Prior to the hack, ETH’s spot price was already in a downward trend. Crucially, that trend did not steepen following the hack. That contrasted the sharp plunge lower in AAVE’s spot price. 

Additionally, since the sharp fall, AAVE has settled around $90 (below pre-hack levels), while ETH has quickly returned to levels it traded at before the incident – suggesting no real hit to large-cap altcoin sentiment. 

The Blame Game

LayerZero stated that no protocol-level code was exploited and no private keys were compromised, describing the failure as architectural rather than foundational.

In a post on X after the incident, LayerZero publicly pointed to Kelp’s single-verifier setup, stating that “LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration.”

A multi-node configuration would have required attackers to compromise several independent verifiers simultaneously, significantly increasing the difficulty of the attack. Ripple CTO David Schwartz commented on X that “the attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness,” explicitly attributing the exploit path to both infrastructure targeting and configuration weakness.

Kelp DAO, however, stated that the 1-of-1 DVN setup followed LayerZero’s documented default configuration for new OFT deployments. The team said it had been operating on LayerZero infrastructure since January 2024 and had confirmed the appropriateness of this configuration with LayerZero during its L2 expansion. 

Kelp emphasised that the incident originated from compromised LayerZero-hosted RPC nodes and that its own systems were not involved in building or operating that infrastructure. It framed the attack as an infrastructure-level breach rather than a misconfiguration on its side, directly contrasting LayerZero’s claim that recommendations for stronger setups were not followed.

Following the initial drain, Kelp reported that it mitigated further damage by pausing affected smart contracts across Ethereum mainnet and L2s and blacklisting exploiter-linked wallets, which prevented an additional attempt to drain 40,000 rsETH (approximately $95M). 

Kelp’s emergency pauser multisig froze core contracts at 18:21 UTC, 46 minutes after the initial drain, though by then the attacker had already moved funds into Aave V3 as collateral and borrowed against them, contributing to the resulting bad debt.

LayerZero’s response included decommissioning the affected RPC nodes and restoring DVN operations. It reiterated that the issue did not affect other protocols at the code level and announced it would “no longer sign messages for any project using a 1-of-1 verifier configuration”.

The exploit reinforces a broader theme we have highlighted previously: infrastructure choice matters. 

While decentralised venues can offer permissionless access and self-custody, they can also introduce additional layers of technical risk – particularly around smart contracts and cross-chain messaging. 

In contrast, more established and centralized trading venues have historically mitigated many of these risks through centralized operational oversight and more mature risk management systems.

Battle-tested crypto venues operating within a centralised infrastructure can improve chances of fund recovery and make it more difficult for attackers to launder out stolen funds. 

What’s New in DeFi?

What’s New in DeFi?

1. Mastercard has joined the Blockchain Security Standards Council as a Charter-level member, reinforcing the growing institutional focus on security in blockchain and digital asset infrastructure. By contributing its expertise in payments security, digital identity, fraud prevention, and cyber resilience, Mastercard will help shape stronger industry standards for trust, interoperability, and consumer protection.

2. Volo Protocol, a Sui-based liquid staking platform, has disclosed a security incident wherein an exploit targeting specific smart contracts resulted in the extraction of approximately $3.5M in assets (WBTC, XAUm, USDC) from three isolated vaults, indicating a vault-level vulnerability rather than a protocol-wide issue. The team has detected anomalous on-chain activity, coordinated with the Sui Foundation and ecosystem partners, and frozen affected vaults to halt contract interactions, while confirming that other vaults (~$28M TVL) remain secure.

3. Michael Saylor’s Strategy Inc, the largest Bitcoin digital asset treasury company in the world, announced on Monday that it had bought $2.54B worth of bitcoins over the last seven days — its largest purchase for the currency since November 2024.

4. Japan Securities Clearing Corporation (JSCC), the central clearing house owned by Japan Exchange Group, has launched a blockchain-based collateral trial with Mizuho Financial Group, Nomura Holdings and Digital Asset Holdings. The project will test the transfer and management of Japanese government bonds on the Canton Network. The focus is on enabling real-time collateral movement while remaining within existing regulatory constraints. The broader significance is the digitisation of high-quality collateral – if sovereign bonds can move more efficiently between institutions, settlement friction could fall.

5. Ripple has outlined a multi-phase roadmap to prepare XRPL for a post-quantum environment on their official page, with full readiness targeted by 2028. The near-term focus is on testing quantum-resistant cryptography, assessing the performance impact of larger keys and signatures, and introducing hybrid models that can operate alongside existing systems before any full transition.

6. The CLARITY bill on the structure of the crypto market in the USA is being postponed – the vote may be rescheduled for May. Senator Tom Tillis stated that the banking committee will not have time to review and put the document to a vote in April. The parties need additional time to reach a compromise on the profitability of stablecoins.

7. The Arbitrum Security Council initiated an emergency intervention to freeze 30,766 ETH located at an Arbitrum One address associated with the KelpDAO exploit, acting in coordination with law enforcement insights regarding the exploiter’s identity. As of April 20 at 11:26pm ET, the assets were successfully transferred into an intermediary frozen wallet, rendering them inaccessible to the KelpDAO exploit- associated address and subject only to future movement through actions governed by Arbitrum governance in coordination with relevant stakeholders.

8. Kelp have published further context on the $292M exploit, stating that on April 18 rsETH was drained from the bridging adapter through a forged cross-chain message after two LayerZero-hosted RPC nodes were compromised and a simultaneous DDoS attack disabled the third node, confirming the attack originated from LayerZero infrastructure rather than Kelp’s systems. Kelp reported that it mitigated further damage by pausing affected smart contracts across Ethereum mainnet and L2s and blacklisting exploiter-linked wallets, which prevented an additional attempt to drain 40,000 rsETH (approximately $95M). Kelp have specified that their 1-of-1 DVN configuration was consistent with LayerZero’s documented default for OFT deployments and previously validated during Kelp’s L2 expansion.

9. RedotPay, a global stablecoin-based payments fintech, has entered a strategic partnership with Sui to integrate SUI and native USDC-Sui into its payments stack, enabling users across 100+ countries to access SUI-based stablecoin-denominated transactions and global payout functionality via the RedotPay app. RedotPay is also extending its multi-currency wallet and card infrastructure, supported by Apple Pay and Google Pay, by leveraging Sui’s layer 1 blockchain to facilitate low-fee transfers, near-instant finality, and integrated fiat on/off-ramps for real-world merchant payments.

10. Singapore-based Cobo has launched an agentic wallet for AI-led onchain execution, with built-in guardrails aimed at improving control and security. The product supports more than 80 blockchains, including Ethereum, Base, Arbitrum, Optimism, Polygon and Solana, and uses a “Pact” mechanism to define execution limits and termination conditions for each task. Cobo said the wallet also incorporates multi-party computation, positioning the product as a more secure framework for AI agents handling real onchain activity.

11. Charles Schwab announced Schwab Crypto™ last Thursday, a spot crypto trading service that it will roll out to clients in the upcoming weeks. The platform will provide a direct way of trading BTC and ETH, as well as educational content around crypto assets. Head of Retail Investing at the firm said, “With Schwab Crypto, clients who want direct access to the asset class can trade it alongside their other investments, while benefiting from the service, education, and research they expect from us.”

12. The Ethereum Foundation has released a recap of its ETH Rangers Program, outlining results from 17 researchers including over $5.8M recovered, 785+ vulnerabilities identified, and 36+ incident responses handled. The update highlights new technical outputs such as open-source tooling, exploit PoC databases, and threat intelligence frameworks, alongside ecosystem engagement across 800+ teams and 80+ workshops.

13. Flow Capital Partners is set to tokenise its $150M private credit fund through DigiFT, marking another step in the continued institutionalisation of real-world assets on public blockchain infrastructure. According to Bloomberg, the Hong Kong-based asset manager plans to bring the fund onchain by the end of April and raise a further $30M in tokenised shares by year-end, with ambitions to scale the strategy to $250M by the end of 2026.

14. South Korea’s Ministry of Economy and Finance is launching a pilot using tokenized deposits to handle government spending, with rollout planned for the fourth quarter of 2026 starting in Sejong City.

The Latest Listings - CHIP

CHIP is the governance token of USD.AI, a decentralised protocol focused on financing AI compute infrastructure through GPU-backed lending. Rather than serving as a conventional payment token, CHIP underpins an on-chain financing system designed to channel capital into a fast-growing segment of the digital economy: artificial intelligence infrastructure.

The USD.AI ecosystem consists of three core components. USDai is a synthetic dollar designed to support liquidity and redeemability, while sUSDai is the yield-bearing version backed by loans collateralised by AI infrastructure assets such as GPUs. CHIP functions as the protocol’s governance asset, giving holders influence over matters such as collateral eligibility, financing terms, and broader protocol parameters.

The protocol is built around a clear market need: AI infrastructure requires significant upfront capital, while traditional financing channels are often slow, expensive, and difficult to scale. USD.AI aims to address this by creating a more standardised, crypto-native framework for infrastructure credit, allowing users to gain exposure to AI-related lending through a productised on-chain structure rather than through direct loan origination or underwriting. Yield is intended to be generated from loans secured against GPU and related infrastructure assets, as well as from returns on undeployed reserve capital.

What differentiates CHIP is its exposure to a tangible economic activity rather than a purely narrative-driven theme. By linking the protocol to income-generating physical infrastructure, USD.AI presents a more concrete use case than many projects marketed under the AI token category. At the same time, this model carries a more complex risk profile than traditional stablecoin structures, as outcomes depend on the quality, liquidity, and valuation stability of the underlying collateral, as well as on disciplined underwriting and execution. Early market interest has been supported by strong trading performance, major exchange listings, and investor demand for AI-linked digital assets, although near-term price action is still likely to be influenced more by sentiment, liquidity, and speculation than by fully established fundamentals.

Bybit listed CHIP on the Spot trading platform on Apr 21, 2026.

Data & methodology

Data acquisition, composition & timeline

Open interest and trading volume data are sourced “as is” from the Bybit exchange platform API exclusively, and as such do not represent a comprehensive picture of the sum of trading activity across all derivatives markets or exchanges. The data visualized in this report consists of hourly and daily snapshots, recorded over the previous 30 days. Daily (hourly) snapshots of trade volume record the total sum of the notional value of trades recorded in the 24H (1 hour) period, beginning with the snapshot timestamp.

If not explicitly labeled as derived from another exchange, the input instrument prices to all derivatives analytics metrics in this report are sourced from the appropriate endpoints of Bybit’s public exchange platform API. In the event that data is labeled or referred to as representing the market on another exchange source, that data is sourced from the appropriate endpoint of each respective exchange’s public API.

Macroeconomic charts and data are sourced “as is” from the Bloomberg Terminal. Exchange data is sourced “as is” from publicly available exchange APIs. Block Scholes makes no claims about the veracity of public third-party data.

Open interest & volume dollar denomination

After acquisition of underlying-denominated raw data for open interest and trading volume on the Bybit exchange platform from Bybit’s API endpoint, equivalent dollar-denominated figures are calculated using the concurrent value of Block Scholes’s Spot Index for the relevant underlying asset.

Block Scholes’s Spot Index represents the aggregate Spot mid-price for a given currency across the top five CEXs by volume (with USD-quoted markets). It considers the proportion of total volume in the instrument on the exchange, as well as the deviation of a data point from those on other exchanges.

Block Scholes–derived analytics metrics

Futures prices are used for Block Scholes’s futures-implied yields calculation services in order to derive the constant-tenor annualized yields displayed in the Futures section of this report.

Options prices are used for Block Scholes’s implied volatility calculation services in order to calibrate volatility surfaces, from which all derivatives volatility analytics displayed in the BTC Options and ETH Options sections of this report are calculated. Volatility smiles are constructed by calibrating to mid-market prices observed in Bybit options markets. As part of the calibration process, prices go through rigorous filtration and cleaning steps, which ensures that the resulting volatility surface is arbitrage-free and has exceptional fit to the market observables.