📰

subtl daily briefing

Saturday, April 25, 2026

Good morning, builders and investors. DeFi had its most consequential week in years — a LayerZero bridge exploit drained $293M from Kelp DAO in under an hour, triggering an industry-wide rescue effort and forcing a hard conversation about trust-based composability. Meanwhile, Google is doubling down on the AI arms race with a staggering $40B Anthropic investment, and SaaStr is sounding alarms on $46.9B in distressed PE-backed SaaS debt. Let's get into it.

In today's briefing

1.The DeFi Exploit That Rewrote the Rules
2.Google Bets $40B on Anthropic
3.The FDE Gap Splitting AI Agent Success
4.Samsung's Looming Smartphone Loss
5.x402's Unauthorized Wrapper Problem
⚡Quick hits on other news

Latest Developments

Crypto

💥The Kelp DAO Exploit: DeFi's Most Consequential Hack Ever

The Rundown: A LayerZero bridge exploit drained $293M from Kelp DAO in just 46 minutes, saddling Aave with over $200M in bad debt and exposing deep structural trust assumptions across DeFi's composable stack.

The details:

●Kelp DAO was exploited via a LayerZero bridge for $293M in 46 minutes, making it the most consequential DeFi hack ever — not by dollar size, but by the systemic implications it revealed
●Aave was left with over $200M in bad debt and immediately froze rsETH markets as part of emergency defensive measures
●EtherFi upgraded its LayerZero DVN threshold to 4/4 as the ecosystem scrambled with a coordinated 'DeFi United' industry recovery effort
●David Hoffman argues the exploit proves DeFi must be rearchitected away from trust-based composability, with validators and security councils standardizing recovery operations

Why it matters: This isn't just another hack post-mortem — it's a referendum on how DeFi is built. The exploit didn't just drain funds; it exposed that composable DeFi stacks inherit each other's trust assumptions silently. For founders building on-chain products, this is a forcing function: every external dependency is a potential attack surface, and 'move fast' architecture is becoming existentially dangerous at scale. Expect tighter security council standards, stricter DVN requirements, and a potential unbundling of high-trust protocol integrations in the months ahead.

📰 Source: Bankless / The Defiant

Share𝕏 in

🔥 Synthesized from 2 sources

🔗x402's Unauthorized API Wrappers Could Torpedo Its Own Ecosystem

The Rundown: Third-party operators are packaging Wolfram Alpha, Google Flights, and Amadeus APIs as x402-compatible wrappers on agentic.market without apparent authorization — potentially turning future native integrators into adversaries.

The details:

●agentic.market lists x402 wrappers for Wolfram Alpha, Google Flights, and Amadeus APIs that appear to violate those providers' terms of service, creating legal and reputational exposure for the x402 protocol
●MPP (Tempo's agentic payments protocol) offers a compliance-first model x402 lacks, visually marking first-party integrations — while Exa went natively x402 citing Linux Foundation governance as its trust anchor
●Dreamspace, backed by Microsoft m12, launched publicly as a vibe coding platform letting anyone build Base smart contracts and frontends via text prompts, powered by the Space and Time data blockchain

Why it matters: x402 has a real shot at becoming the payment rail for AI agents — but unauthorized wrappers are a classic 'tragedy of the commons' problem that could kill it before it scales. If major API providers get burned by ToS violations under x402's banner, they won't just ignore the protocol — they'll actively block it. For founders building agentic infrastructure, governance and first-party authorization aren't bureaucratic overhead; they're the moat. The Exa and MPP examples show the right playbook: native integrations with clear provenance beat scrappy wrappers every time.

Sources: Bankless +1 other

Share𝕏 in

⚡

Everything else in the news today

Bitmine purchased 10,000 ETH OTC directly from the Ethereum Foundation and is now staking over 70% of its holdings→

Grayscale staked an additional 102,000 ETH for its Ethereum Mini Trust, signaling institutional confidence in staking yields despite the DeFi turbulence→

Justin Sun sued World Liberty Financial in California federal court over frozen WLFI tokens, escalating his public feud with the Trump family's DeFi project→

Bitcoin held near $78K amid $10B in Deribit options settlement this week→

MegaETH locked in an April 30 TGE for its MEGA token after clearing its first KPI milestone→

Polymarket and Kalshi both announced plans to launch perpetual futures trading, moving prediction markets closer to traditional derivatives products→

X's standalone XChat iOS app launched with end-to-end encryption claims, though independent security researchers have publicly questioned the implementation→