Ecosystem Incidents Feed: Real-Time Awareness of Major Onchain Incidents Detected by Blockaid
Executive Summary
Onchain systems are open, composable, and irreversible by design. Any sufficiently valuable contract is a standing target, one team's compromise propagates to everyone connected to it, and settlement finality means losses become permanent within minutes. The result is a steady cadence of major incidents, with April 2026 the worst month on record at over $629 million drained across more than 20 incidents, and the practical question for most teams has shifted from whether an incident will touch them to how quickly they will know when one does.
Blockaid is closing that gap with the Ecosystem Incidents Feed, a new capability of Onchain Monitoring that brings real-time awareness of ecosystem-wide security events directly into the Blockaid Portal. Contract exploits and key compromises detected by Blockaid's detection engines now appear in a dedicated in-platform feed the moment they are identified, with live status updates as each incident develops.
Teams can subscribe to exactly what matters to them, filtering by chain, incident type, severity, and value lost, and receive alerts through Slack, Telegram, or email. From any incident, they can confirm whether their own assets are affected, review recommended actions, and respond without leaving the platform.
This post covers why reaction time has become the deciding factor in onchain security outcomes, how the Ecosystem Incidents Feed works, and where it fits within Blockaid's Onchain Monitoring product.
DeFi Incidents Continue to Expose Gaps in Security Posture and Governance
DeFi exploits rarely stay contained. Composability is DeFi's core strength, but it's also its core liability as the same interconnections that let assets flow freely also widen the attack surface and let failures cascade. Recent incidents have demonstrated this, resulting in financial losses across other DeFi ecosystem projects and participants:
- In March 2026, the Resolv DeFi protocol was exploited, resulting in a sharp depeg of its USR stablecoin. However, the losses extended far beyond direct holders of USR to many other project teams in DeFi, highlighting the concentrated dependencies and risks of collateral reuse.
- In April 2026, the Drift protocol, Solana’s largest perpetuals trading platform, was exploited for $285m which similarly evolved into a broader contagion event impacting other participants and users across the Solana DeFi ecosystem.
- Later that same month, KelpDAO was drained of $292M, with losses rippling through DeFi's largest lending protocol and beyond, spilling across multiple blockchain networks in the aftermath.
Many of those affected have been caught off guard, highlighting the need for stronger monitoring and detection to address DeFi contagion risks.
A Few Minutes Can Be The Difference Between Preventable and Irreversible
Exploits rarely happen in a single transaction. In each of these cases, the attack played out over minutes or hours, leaving a critical window for exposed participants to exit positions, freeze markets, or otherwise cut off the flow of funds and contain the incident. Stronger monitoring and detection can be the difference between preventable and irreversible.
That awareness already flows through Blockaid. The company has become a de facto source for real-time exploit announcements across the industry, actively alerting customers and non-customers alike as incidents unfold, on X (Twitter), on Telegram, and in dedicated alert channels inside customer Slack workspaces, alongside published incident breakdowns. What has been missing is a way to consume that real-time intelligence directly in the Blockaid Platform, connected to the assets teams already monitor and the actions they can take on them.
Introducing the Ecosystem Incidents Feed
The Ecosystem Incidents Feed makes ecosystem-wide awareness a first-class part of the Blockaid platform. A new Ecosystem Incidents page in the Portal presents a dedicated, chronological feed of major security events across Web3, detected by Blockaid's detection engines and published regardless of whether a customer's own assets were the target. Each incident is enriched as the picture develops, with details, status, and scope updated live as new information is confirmed.
Every entry carries an exploit name, an industry identifier that groups all transactions belonging to the same incident, so a multi-transaction attack reads as one coherent event rather than a scattering of alerts. Incidents at launch cover contract exploits and compromised private keys, the two attack types behind the majority of recent DeFi losses, with additional detection types expanding over time.
Blockaid's detection engines process far more than what the feed displays, and only incidents that clear an internal significance threshold are published, which keeps the feed curated, high-signal, and free of noise by design. The feed also stays separate from My Incidents, which remains focused on activity touching a customer's own monitored assets and configured monitors, so day-to-day triage keeps its dedicated home while Ecosystem Incidents provides the wider situational awareness to act before a distant exploit becomes a team's own problem.
Customize Your Ecosystem Incidents Feed
Ecosystem alerting becomes something each team configures and owns. From the feed or from any individual incident, teams can create a subscription that matches their exposure, filtering by chain, incident type, severity, and value lost, so a Solana-focused trading firm and an Ethereum lending protocol each receive the incidents relevant to them and nothing else.
Delivery works through the channels teams already use, with alerts sent to Slack, Telegram, or email the moment a matching incident is published. A subscription created today means the next qualifying incident arrives as a notification in the team's own workspace, with a direct link back to the full incident in the Portal, and subscriptions can be adjusted at any time as coverage and exposure change.
-2.png&w=3840&q=100)
Investigate and Respond Within the Blockaid Portal
Alerts link directly to the incident page in the Blockaid Portal, where details are presented in plain language alongside live status updates and recommended actions. Each incident answers the questions a security team actually asks, what happened, which contracts and addresses are involved, how much value is at risk, and what to do next.
The question that matters most, am I affected, gets a direct answer. If a customer's monitored assets are the target, the incident appears in My Incidents with full exposure detail and response actions. If they are not, the Ecosystem Incidents Feed confirms that Blockaid detected the event and that no monitored assets are involved, turning an hours-long internal investigation into a single glance.
From the same page, teams close the investigative loop, scanning any address involved in the incident directly from the incident page, labeling entities, and coordinating a response with their security and engineering teams, all without leaving the platform.
-2.png&w=3840&q=100)
How Blockaid's Onchain Monitoring Keeps Teams Ahead of Onchain Threats
The Ecosystem Incidents Feed is a capability of Blockaid's Onchain Monitoring, the product that gives protocols, trading firms, asset managers, and financial institutions real-time visibility into the assets they hold and move, with the ability to detect anomalies and respond as activity happens:
- Full asset coverage - Teams monitor the smart contracts, wallets, tokens, vaults, and third-party dependencies that make up their onchain footprint from a single inventory.
- Real-time detection - Out-of-the-box and custom monitors flag anomalies, risks, and vulnerabilities as they emerge, before they become losses.
- Ecosystem-wide exploit detection - The same detection engines behind the Ecosystem Incidents Feed identify exploit preparation and execution across chains, surfacing threats whether or not a team's own assets are the target.
- Automated response - When a monitor fires, response workflows can pause contracts, propose transactions, and trigger incident processes automatically, cutting the time between detection and action.
Together these capabilities reduce time to detect, time to respond, and the value at risk in between.
Learn more about Blockaid's Onchain Monitoring →
One Platform: Onchain Monitoring Is Only as Strong as Its Exploit Detection
Onchain Monitoring is one layer of the broader Blockaid Platform, which spans transaction scanning, dApp and token scanning, address screening, risk exposure, and automated response. The same detection engines that power the Ecosystem Incidents Feed protect wallet users at the moment of signing, screen deposits and withdrawals at exchanges, and monitor production assets for protocols and institutions, so intelligence gathered at any point strengthens protection at every other. For teams building a security program onchain, Blockaid provides detection, investigation, and response in a single platform.
Conclusion
The Ecosystem Incidents Feed puts that early awareness where teams can act on it. Every Blockaid customer now sees the major incidents Blockaid detects across the ecosystem the moment they are published, subscribes to the chains, incident types, and severities that match their exposure, confirms at a glance whether their own assets are involved, and responds without leaving the platform. The intelligence Blockaid already broadcasts to the industry now arrives connected to a team's own assets and monitors, and when the next incident lands, the teams watching the feed will already know where they stand.
About Blockaid
Blockaid is the onchain security platform trusted by the largest companies operating in Web3. Built by veterans of elite intelligence and cybersecurity units, Blockaid provides end-to-end protection for financial institutions, protocols, and end users, combining direct wallet and dApp integrations with real-time monitoring, detection, and response across smart contracts, infrastructure, and externally owned accounts. Since 2025, Blockaid scanned over 6.3 billion transactions and blocked 585 million attacks. Blockaid is the security infrastructure behind Coinbase, MetaMask, Uniswap, Safe, and dozens of the most widely used platforms in the industry.
Learn more at Blockaid.io, and follow us on Twitter and LinkedIn.
Blockaid is securing the biggest companies operating onchain
Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users.



