HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From litecoin to AI law, this edition of Risk Wrap highlights four developments shaping compliance, governance, and insurance exposure across high‑risk industries.
DeFi Exploits and Liquidity Runs Become a Key Risk for Crypto Markets
On April 18, 2026, hackers exploited vulnerability in KelpDAO, a liquid restaking protocol, to create large amounts of rsETH tokens without backing collateral. They then used the fraudulently created rsETH to borrow legitimate ETH tokens through major DeFi lending platforms including Aave, where it was accepted as collateral for loans. $290 million was stolen in total, and funds were moved through Tornado Cash to obscure transaction trails.
The exploit triggered wider market stress. Users rushed to withdraw assets from Aave after confidence in the protocol was shaken, leading to a run dynamic in which some lenders were unable to access their funds. Lenders of other cryptocurrencies also withdrew their assets.
Aave lets lenders borrow other tokens if they can’t recall their loans and get their tokens back. As a result, lenders of ETH and other assets started borrowing stablecoins at scale. Stablecoin lenders then withdrew a total of $5 billion, pre-empting a scenario where all stablecoins were lent out and liquidity pools were emptied. The incident shows how weaknesses in one protocol can have far-reaching consequences.
Implications for brokers and their clients:
- Traditional cyber policies may not fully respond to smart contract exploits or token theft. Consider obtaining specialist crypto asset coverage and smart contract failure insurance with bespoke wording.
- Review errors and emissions policies to ensure adequate coverage as developers, custodians, and infrastructure providers may face negligence claims after a protocol failure.
- Ensure adequate D&O coverage in case exploits lead to claims from investors or users alleging inadequate controls or weak oversight.
Source: Bank Policy Institute (April 23, 2026). Crypto Hacks and DeFi Runs.
Emerging insurance industries mentioned: Digital Asset and Web3 Insurance.
Lines of business mentioned: Smart Contract Failure Insurance, Errors and Omissions Insurance.
Litecoin Network Disruption Exposes Growing Cross-Chain Risks
On April 25, 2026, the Litecoin Foundation suffered a deep chain reorganization after attackers exploited a zero-day vulnerability linked to its MWEB privacy layer. The vulnerability also enabled a denial-of-service attack against major mining pools.
Attackers attempted to execute double-spends against cross-chain swap protocols and losses have been reported.
This incident follows a broader trend, as most DeFi exploits that have occurred so far this year involved cross-chain infrastructure.
The Foundation has since confirmed that the vulnerability has been patched.
Implications for brokers and their clients:
- Protocols and exchanges can benefit from dedicated digital asset insurance that addresses the sector’s unique vulnerabilities.
- Review cyber liability and crime insurance policies to ensure they respond to the threat vectors affecting crypto firms.
- Consider business interruption insurance that covers losses associated with security incidents.
Source: The Block (April 25, 2026). Litecoin rewrites three hours of history to undo its first major privacy-layer exploit.
Emerging insurance industries mentioned: Digital Asset and Web3 Insurance.
Lines of business mentioned: Cyber Liability Insurance, Crime Insurance, Business Interruption Insurance.
Anthropic’s Mythos Pushes Crypto Security Beyond Smart Contract Audits
Mythos, Anthropic’s new AI model, is prompting the crypto sector to redirect its focus when it comes to cybersecurity. Smart-contract vulnerabilities were often the key focus, but attention is now widening to operational risks that are beyond the scope of traditional audits, like key management, oracles, bridge infrastructure, and signing services.
Mythos is designed to simulate adversaries, and it detects new weaknesses by examining how protocols interact and how flaws can turn into cascading failures. Without AI, it can be difficult to map all the dependencies. Crypto firms and traditional financial institutions are looking to stress test their systems with tools like Mythos.
In future, continuous monitoring using AI may be necessary if firms are to keep up with the pace of adversaries.
Implications for brokers and their clients:
- Investigate specialized digital asset crime and cyber insurance that explicitly addresses infrastructure failures.
- Review policy wordings to confirm whether losses arising from third-party services are excluded and investigate third-party cyber liability insurance.
- Consider obtaining specialized financial institutions professional liability cover as scrutiny increases in novel markets like crypto and DeFi.
Source: CoinDesk (April 26, 2026). How Anthropic’s Mythos model is forcing the crypto industry to rethink everything about security.
Lines of business mentioned: Cyber Liability Insurance, Third Party Cyber Liability Insurance, Digital Asset Crime Insurancehttps://relminsurance.com/lines-of-business/crime-insurance/, Financial Institutions Professional Indemnity Insurance.
Will the English AI Law Review Clarify Existing Liability Rules?
The UK Jurisdiction Taskforce (UKJT) is consulting on a Legal Statement examining how harms caused by AI systems may be addressed under English private law. Its aim is to give businesses and the technology sector greater clarity by outlining how existing legal principles are likely to apply to issues involving this fast-evolving technology.
The consultation focuses on non-deliberate AI harms encompassing negligence, product liability, professional duties, vicarious liability, and responsibility for false statements generated by chatbots. Criminal law, public law, and IP are not within scope. Liability is often determined by contractual terms, so the consultation focuses on non-contractual duties.
The negligence analysis is the same whether the harm is physical or economic.
Here are some key principles addressed in the statement:
- Foundation model developers are unlikely to owe a duty for unforeseeable misuse of their systems where downstream users failed to test or supervise the tool properly.
- In terms of causation, AI opacity may make it hard to prove why a system produced a result. Courts may respond by being more flexible on evidence, including shifting burdens of proof in some cases. Where the science is uncertain, courts could use a “material increase in risk” test instead of strict “but for” causation.
- Liability for creating a dangerous AI system without safeguards or otherwise failing to control it (when the entity has the “special powers” to do so) is possible but likely rare, especially for general-purpose models.
- False or harmful chatbot outputs may still trigger liability. English law could apply negligent misstatement principles where there is a false statement, duty of care, reliance, and resulting loss.
- In terms of strict product liability, the Consumer Protection Act 1987 may apply where AI is built into a physical product that causes injury or property damage. Claimants must show the product was defective and caused the loss, though not the exact technical fault. Standalone software and cloud-based AI services usually fall outside this regime.
Implications for brokers and their clients:
- Investigate specialized AI insurance tailored to the regulatory requirements of your client’s jurisdiction.
- Consider product liability insurance where AI is embedded in physical products, devices, vehicles, or machinery that could cause bodily injury or property damage.
- Review tech E&O insurance in case harmful outputs result from technical faults.
Source: Bristows (April 28, 2026). Can AI be sued?
Emerging insurance industries mentioned: Artificial Intelligence Insurance.
Lines of business mentioned: Product Liability Insurance, Tech E&O Insurance.
