DeFi Exploits Top $840M, Variational Raises $50M for RWA Perps, Blockchain.com Files for IPO

Crypto News

The first five months of 2026 have produced one of the worst stretches on record for DeFi security, with cumulative protocol losses surpassing $840 million across dozens of incidents. April alone accounted for more than $600 million, anchored by the $292 million KelpDAO breach and the $285 million Drift Protocol exploit. THORChain extended the carnage into May, halting trading after researchers flagged a suspected cross-chain attack draining over $10 million. Smaller hits on TrustedVolumes, Echo Protocol, Step Finance, Truebit, Resolv Labs, Volo Protocol, Rhea Finance and the Verus-Ethereum bridge continued the streak, exposing structural weaknesses in bridges and admin systems as automated reconnaissance accelerates exploit discovery against unverified contracts.

Peer-to-peer onchain derivatives protocol Variational has closed a $50 million Series A led by Dragonfly, with participation from Bain Capital Crypto and Coinbase Ventures. The Cayman Islands-based firm is rolling out perpetual futures tied to real-world assets including gold, silver, copper and West Texas Intermediate crude oil. Chief executive Lucas V. Schuermann argued that blockchain-native RWA perpetuals will eventually surpass Bitcoin and Ether combined as the largest contract class in decentralized finance. Variational reports more than $200 billion in trading volume since 2025 and intends to route liquidity directly from traditional markets to over 100 onchain perps within months.

Blockchain.com has confidentially filed a draft S-1 registration with the U.S. Securities and Exchange Commission, kicking off the regulatory review process for a proposed initial public offering of Class A ordinary shares. The Dallas-based company, operational since 2011, has not disclosed share count or proposed pricing, with the listing contingent on SEC clearance and prevailing market conditions. Its product suite spans a retail wallet, a crypto exchange, and institutional trading and lending services. The move follows earlier discussions about going public through a special purpose acquisition company merger, plans that were ultimately shelved in favor of a traditional offering.

The Blockchain.com submission extends a broader push by digital-asset firms onto U.S. equity markets that began reshaping the sector last year. Circle, eToro, Bullish and Gemini collectively raised an estimated $14.6 billion across at least eleven offerings in 2025, while BitGo became the first major crypto firm to debut in 2026 via its January NYSE listing. Grayscale remains in the pipeline. Sentiment has cooled, however, as weaker trading volumes and disappointing post-listing performance prompted Kraken parent Payward, Ethereum app builder Consensys and hardware-wallet maker Ledger to delay or pause their own listing plans pending more constructive conditions.

State-linked threat actors have become the dominant force behind crypto theft this year, with North Korea-affiliated groups responsible for roughly 76% of global hack losses through April 2026, per blockchain analytics data. That share has climbed from 64% in 2025 and less than 10% in 2020, reflecting sustained investment by hostile actors in social engineering, supply-chain compromise and protocol-level reconnaissance. CertiK investigators noted that April saw only three days without an exploit causing at least $10,000 in damages, with fourteen separate incidents crossing the seven-figure mark. The pattern points to industrialized, well-resourced campaigns rather than opportunistic hacking.

Artificial intelligence is now widely cited as a force multiplier on the attacker side of the security ledger. Security researchers describe automated code-scanning tools that can ingest entire repositories of older Solidity contracts, surface logic flaws and propose working exploit paths in hours rather than weeks. Older and unverified contracts, often left untouched after deployment, are particularly exposed. Defenders are responding with continuous auditing pipelines, formal verification and tighter admin-key controls, but the asymmetry favors offense in the near term, especially across DEX aggregators, lending markets and cross-chain bridges that hold concentrated liquidity behind upgradeable contracts.

Taken together, this week's developments reveal a market splitting into two distinct narratives. On one track, capital is institutionalizing aggressively: venture money flows into infrastructure tying traditional assets to blockchain rails, and exchanges race toward public listings to lock in mainstream legitimacy. On the other, security debt accumulated through years of rapid DeFi expansion is being exposed by increasingly sophisticated, often state-sponsored adversaries armed with AI tooling. The cycle's dominant arc is therefore one of institutional rotation racing against operational risk, with the winners likely to be those who can credibly close the security gap.