Crypto World
Counterfeit Ledger Devices Found Draining Crypto Wallets Through Supply Chain Fraud
TLDR:
- Counterfeit Ledger Nano S Plus devices use ESP32 chips to steal seeds and PINs in plain text format.
- A fake Ledger Live app passed Mac App Store review and drained over $9.5 million from 50+ victims.
- The fraud spans five attack vectors including Android, iOS, Windows, macOS, and physical hardware.
- Ledger’s genuine check feature fails when hardware is compromised at the supply chain source level.
Counterfeit Ledger hardware wallets are at the center of a growing threat targeting cryptocurrency users worldwide.
A security researcher has documented a large-scale operation distributing fake Ledger Nano S Plus devices through multiple online marketplaces.
The compromised units appear identical to legitimate products but carry entirely different internal hardware. Seeds, PINs, and wallet data are being sent directly to attacker-controlled servers, draining any wallet initialized on the device.
Fake Hardware Hides Malicious Chips and Firmware
The counterfeit devices replace Ledger’s secure element chip with an ESP32 microcontroller. This substitute chip runs modified firmware labeled “Nano S+ V2 1.”
Unlike the genuine secure element, this hardware stores sensitive data in plain text. That data is then transmitted to remote servers controlled by the attackers behind the operation.
Beyond the hardware, the campaign also distributes a fraudulent version of Ledger Live. This fake app is built with React Native and signed using a debug certificate.
It intercepts transactions and sends sensitive user data to multiple command-and-control servers. Users downloading this version have no visible indication that anything is wrong.
The attack spans five separate vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps.
The iOS distribution uses Apple’s TestFlight platform to bypass the standard App Store review process. This approach allows the fraudulent software to reach users without triggering typical security checks. Each channel serves as an independent entry point for the same underlying scam.
Ledger’s built-in genuine check feature is designed to verify device authenticity. However, that verification process can be bypassed when the hardware is tampered with at the source.
This makes the point of purchase a critical security variable. Buying from unauthorized sellers removes the only reliable layer of hardware-level verification.
Separate Mac App Store Fraud Drained Over $9.5 Million
Separately, on-chain investigator ZachXBT documented another fake Ledger Live app that passed through Apple’s Mac App Store review. That operation alone drained more than $9.5 million from over 50 victims.
Among those affected was musician G. Love, who lost 5.92 BTC after entering his recovery phrase into the fraudulent application. The app presented itself as the legitimate Ledger companion software.
These two operations together show a clear pattern in how attackers are targeting hardware wallet users. Rather than exploiting firmware vulnerabilities, they are intercepting users before they reach a genuine device.
The fraud happens at the distribution level, not the protocol level. This shift makes user behavior and purchase source more important than ever.
Security best practices remain unchanged despite the evolving tactics. Hardware wallets should only be purchased directly from the manufacturer’s official website.
No legitimate wallet software will ever request a 24-word recovery phrase on screen. Any application asking for seed phrase input is running a scam, without exception.
The broader message from both incidents is straightforward. The hardware itself remains secure when obtained through proper channels.
The vulnerability now lives in the supply chain and software distribution ecosystem. Staying safe requires equal attention to both where a device is bought and how companion software is sourced.
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.
Crypto payment gateways gain traction as blockchain reshapes everyday transactions.
Summary
- Crypto POS gateways gain traction as stablecoins reshape payments, with Polygon aiming to close usability gaps.
- Stablecoins boost cross-border payments and speed, but challenges remain as Polygon works on seamless adoption.
- Crypto payments evolve beyond investment use, with Polygon set to enhance stablecoin usability in e-commerce.
The ability to perform online payments is often taken for granted, as fiat-based methods have essentially become a part of daily life. However, cryptocurrency point-of-sale gateways are once again beginning to transform the entire ecosystem. Offering a host of user-friendly features in tandem with elements unique to the blockchain, many analysts hail crypto-friendly platforms as the wave of the future.
However, even stablecoins can suffer from a handful of drawbacks. This is why additional changes must be made to further streamline the process if we hope to provide consumers, and e-commerce platforms alike, with the solutions they have been searching for. Let’s see how Polygon will soon be able to bridge this gap so that we can better appreciate what the not-so-distant future has in store.
The stablecoin revolution
It is impossible to deny the positive impacts that stablecoins have had upon the online payment community. While it can be argued that anonymity is one of their most important selling points, other blockchain-native benefits exist. For instance, cross-border payments have become a reality (a crucial selling point for e-commerce hubs hoping to cater to an international marketplace). Consumers can likewise leverage the anonymous nature of stablecoins. When combined with faster processing times and tokens that can sometimes act as hedges against inflation, it becomes clear to see why cryptocurrencies represent far more than one-off investment opportunities.
Good, but far from perfect
The only issue is that cryptocurrencies can still suffer from a handful of possible drawbacks. One major pitfall involves a somewhat fragmented presence across the global marketplace. In other words, the availability of stablecoins can often vary from region to region. Other possible pain points include:
- Occasionally slow settlement times
- High transaction fees
- Difficulty upgrading point-of-sale infrastructure (a particular concern for online merchants)
- Challenges when performing token swaps
- On- and off-ramping friction
Not only might these elements detract from the public appeal of stablecoin transactions, but they can present additional hurdles that e-commerce providers will need to overcome. The good news is that things are soon about to change thanks to a novel initiative by Polygon.
The Polygon Open Money Stack
Perhaps the best way to describe the Open Money Stack is to refer to a quote from Polygon founder and CEO Sandeep Nailwal:
“Open, seamless, and interoperable.”
Open Money Stack promises to address many of the same issues highlighted in the previous section of this article. So, what does this system have in store? Why should it be able to provide relief to consumers, and businesses alike?
Vertical integration
Open Money Stack can be seamlessly integrated into existing POS architecture; taking much of the guesswork out of implementation. Furthermore, this system is modular by design. Vendors can select which features are required while still being able to connect with other networks.
Reducing the need for multiple service providers
This is yet another pitfall that some stablecoins have yet to overcome. The problem with multiple service providers is that relying on numerous nodes can lead to sluggish processing times; a real issue for vendors hoping to provide lightning-fast payment solutions. Increased fees could also be present; resulting in most costly end-user transactions, or forcing the seller to absorb the associated costs. The one-size-fits-all design of Open Money Stack addresses these drawbacks.
Keeping conversion woes at bay
Fiat/crypto exchanges are a regular occurrence throughout the e-commerce community, and the processes are sometimes convoluted. On- and off-ramping can be sluggish, costly, and dependent on existing infrastructure. Polygon’s Open Money Stack aims to provide an efficient solution thanks to its cross-chain interoperability. This will help to reduce friction, to simplify how consumers interact with the systems, and ultimately, to lower cart abandonment rates.
A coming paradigm shift
The Polygon Open Money Stack seeks to provide even more targeted solutions to consumers and e-commerce vendors. Even though core aspects of the stack are already live (like its enterprise grade wallet suite and the Polygon Chain), the rest is expected to go live later in 2026; already, this system has begun to make headlines across the cryptocurrency community. Analysts feel that Open Money Stack could very well usher in an entirely new era of digital payments; great news for buyers and sellers alike.
Disclosure: This content is provided by a third party. Neither crypto.news nor the author of this article endorses any product mentioned on this page. Users should conduct their own research before taking any action related to the company.
Bitcoin hovers near $75k with on-chain data flagging $76,800 as key resistance, while Morgan Stanley’s cut‑price MSBT ETF pulls in $100m amid easing macro headwinds.
Summary
- Bitcoin is trading near $75,000, with on-chain data flagging $76,800 as key resistance where short-term holders may take profits.
- A new Morgan Stanley spot bitcoin fund has already attracted more than $100 million in inflows with a market‑low 0.14% fee, intensifying ETF fee competition.
- Geopolitical tensions, a weaker dollar and lower U.S. yields are supporting BTC, even as Iran risk and energy prices keep inflation fears alive.
Bitcoin (BTC) is hovering around $75,000 as on-chain cost metrics cluster near $76,800, a level CoinDesk says could act as a major resistance where short-term holders begin to sell into strength. The analysis suggests that when BTC pushes into short-term holders’ realized price band, supply often spikes as investors “break even,” raising the odds of profit‑taking and a near‑term pause or pullback.
CoinDesk reports that market sentiment has been buoyed by news of an extended ceasefire between the U.S. and Iran, with the dollar sliding to a near six‑week low and U.S. Treasury yields drifting lower, a combination that typically supports risk assets and non‑yielding hedges such as bitcoin and gold. Gold has been rising alongside BTC, signaling what the outlet describes as a market trying to balance risk appetite with lingering demand for safe‑haven assets.finance.
On-chain data tracked by firms such as CryptoQuant shows that as bitcoin approaches the $76,800 realized price for short-term holders, supply to exchanges tends to increase, echoing a pattern seen in earlier rallies where that band acted as a ceiling. A recent note highlighted hourly BTC inflows to exchanges jumping to roughly 11,000 BTC as price tested the mid‑$76,000s, the strongest pace since December, which historically has signaled mounting sell pressure at resistance zones.
At the same time, institutional demand remains firm. Morgan Stanley’s new MSBT spot bitcoin fund, listed on NYSE Arca with a 0.14% annual fee, has already drawn more than $100 million in inflows and is now the cheapest spot BTC ETF in the U.S. market, undercutting BlackRock’s IBIT at 0.25%. Unchained and other industry trackers reported MSBT logged about $34 million in first‑day net inflows and strong early volume, a sign that large advisors are actively rotating client flows into the bank’s in‑house product.
CoinDesk notes that the new inflows come as U.S. spot bitcoin ETFs collectively hold more than 1.2 million BTC, or over 6% of total supply, giving traditional finance vehicles an outsized role in marginal bitcoin demand. Meanwhile, the U.S. blockade of Iranian ports and Tehran’s threats to disrupt shipping in the Persian Gulf continue to cloud the global growth outlook, with knock‑on effects on energy prices and inflation expectations that could, in turn, influence central bank policy and risk sentiment toward crypto.
In recent crypto.news coverage, analysts stressed that $68,000 remains a key downside “line of defense” for bitcoin, with the current range between that level and roughly $75,000 framed as the most consequential band of 2026 as macro, geopolitical and ETF flows collide. Other crypto.news articles have highlighted how short‑term holder behavior and realized price bands have repeatedly marked local tops and consolidation zones during this cycle, a dynamic now converging again around $76,800.
Summary
- JPMorgan says CLARITY Act talks have narrowed to 2–3 core disputes as senators race to finalize a stablecoin deal before midterms.
- The bill would ban passive yield on stablecoin balances while allowing activity-based rewards, reshaping revenue models for issuers like USD Coin.
- Coinbase and major banks have clashed over the yield language, with a White House compromise now framing “idle yield” as off‑limits but transactional incentives as acceptable.
Negotiations over the U.S. CLARITY Act, a sweeping digital asset market structure bill, have entered their final stage, with JPMorgan analysts saying the number of disputed issues has fallen from more than a dozen to just two or three core questions centered on stablecoin rewards and regulatory oversight.
Final-stage talks on CLARITY Act stablecoin rules
The talks, which are unfolding in Washington ahead of the 2026 midterm cycle, aim to bolt a durable federal framework for stablecoins and broader crypto markets onto last year’s GENIUS Act, the first U.S. law to license dollar‑pegged payment stablecoins.
In a recent research note, JPMorgan argued that passage of the CLARITY Act could become a key positive catalyst for digital asset markets in the second half of 2026 by finally settling the jurisdictional split between the Securities and Exchange Commission and the Commodity Futures Trading Commission.
The political fight has focused on how far Congress will go in banning yield on stablecoin balances, a feature that has become a major revenue engine for exchanges and wallet providers.
According to FinTech Weekly, the latest Senate draft “bans passive yield on stablecoin balances” but permits “activity-based rewards tied to loyalty programmes, promotions, subscriptions, transactions, payments, and platform use,” with the SEC, CFTC and Treasury given twelve months to define the precise boundaries and anti‑evasion rules.
Coinbase chief legal officer Paul Grewal told Fox Business that negotiators are “very close to a deal” on the yield language and said he expects the bill to move toward a Senate Banking Committee markup and eventually a floor vote after the recess.
Banks, led publicly by JPMorgan, have pressed lawmakers to ensure that stablecoin products offering yield face bank‑level oversight to avoid what they describe as regulatory arbitrage against traditional deposits.
On JPMorgan’s first‑quarter earnings call this week, chief financial officer Jeremy Barnum warned that yield‑bearing stablecoins risk becoming “a tool for regulatory arbitrage unless they are held to the same strict oversight and consumer protection standards as traditional bank deposits,” remarks that landed squarely in the middle of the CLARITY negotiations.
The White House has tried to broker a compromise by drawing a line between “idle yield” for simply holding a token and transaction‑linked rewards, with one recent proposal described by BVNK analyst Stewart Will as an attempt “to prevent massive deposit flight from traditional banks to high‑yield digital assets” while still allowing stablecoins to function as a low‑haircut settlement layer.
For issuers such as USD Coin, which currently trades around $0.9998 with an estimated market capitalization of roughly $78.6 billion, the final shape of the law will determine how far platforms can go in layering incentives on top of basic dollar‑pegged balances without triggering securities or banking rules.
The CLARITY bill also interacts with the GENIUS Act, enacted in 2025 to require key payment stablecoins to be backed one‑for‑one by cash or short‑term Treasuries and to obtain a federal or state licence as a Permitted Payment Stablecoin Issuer.
Policy analysts at Brookings say that GENIUS‑regulated payment stablecoins sit in a distinct category outside of both securities and traditional bank deposits, leaving CLARITY to decide how those instruments plug into capital markets, DeFi protocols and tokenized bank money such as JPMorgan’s own deposit token projects.
As senators race to lock in text before election politics harden, JPMorgan has framed approval of the CLARITY Act by mid‑2026 as a “key positive catalyst” that could unlock institutional participation in crypto once stablecoin rules, yield limits and agency mandates are finally pinned down.
European companies exploring Bitcoin treasury strategies are unlikely to replicate the playbook pioneered by Michael Saylor’s Strategy, according to industry executives, who pointed to structural differences between US and European capital markets.
Speaking at Paris Blockchain Week 2026, Thomas Vogel, a partner in the Paris and Frankfurt offices of Latham & Watkins, said the constraints on issuing financial instruments in Europe differ significantly from those in the US, making a direct replication of the model difficult.
“If you issue convertibles in the US, the constraints are not the same as when you issue them out of a French balance sheet or a balance sheet in Europe,” Vogel said, pointing to differences in market depth, regulation and investor behavior.
Alexandre Laizet, who leads Bitcoin (BTC) strategy at France-based treasury firm Capital B, said European firms are instead looking to local market infrastructure, including French public markets and Luxembourg-based structures, to raise capital tied to Bitcoin exposure.
The remarks suggest Europe’s Bitcoin treasury model is likely to evolve as a local adaptation rather than a direct copy of Strategy’s US playbook.
Europe’s listed holders remain small
A growing number of European public companies now hold Bitcoin on their balance sheets, but the market remains fragmented across small and mid-cap names.
According to data from BitcoinTreasuries.net, Germany-based Bitcoin Group SE held 3,605 BTC worth about $268 million at the time of writing, though it has not disclosed its average cost or profit and loss.
Related: EU adviser says ‘MiCA 2’ is likely as crypto market matures: PBW 2026
Capital B held 2,925 BTC at an average cost of $99,932 per Bitcoin, reflecting a roughly 25.6% unrealized loss. In contrast, Sequans Communications, also based in France, held 2,139 BTC, with cost and performance data not disclosed.
Other European names show similar pressure from recent price moves. Netherlands-based Treasury held 1,111 BTC at an average cost of $111,857, representing about a 33.5% unrealized loss, while Sweden’s H100 Group held 1,051 BTC at an average cost of $114,615, with an unrealized loss of around 35.1%
The gap in scale remains significant compared with the US. On Monday, Strategy acquired 13,927 Bitcoin for about $1 billion in a single week, bringing its total holdings to 780,897 BTC.
Magazine: Bitcoin will not hit $1M by 2030, says veteran trader Peter Brandt
XRP spot ETFs recorded $17.11 million in net inflows on April 15, their largest single-day intake in nearly 11 weeks, as four consecutive days of positive flows pushed combined assets under management above $1.25 billion.
Summary
- XRP spot ETFs drew $17.11 million on April 15, the strongest single-day inflow since February 3, 2026, bringing a four-day total to $38.86 million.
- Combined US-listed XRP ETF assets under management crossed $1.25 billion as the token rallied 6% to $1.42 on Thursday, reclaiming fourth place by market cap.
- Analysts say the CLARITY Act roundtable and Ripple’s new tokenized bond pilot with Kyobo Life are adding regulatory and utility tailwinds behind the inflow surge.
XRP (XRP) spot ETFs logged their largest single-day inflow in nearly 11 weeks on April 15, with $17.11 million flowing into US-listed products, per SoSoValue data. The figure marks the strongest daily intake since February 3, 2026, and extends an inflow streak to four consecutive sessions for the first time since March.
Over those four days, US-listed XRP ETFs drew a combined $38.86 million, pushing total net assets to over $1.25 billion. XRP itself rose 6% to $1.42 on Thursday, outperforming every other token in the top 10 by market cap.
The timing aligns with a broader improvement in crypto market sentiment driven by US-Iran ceasefire diplomacy and easing macro risk. XRP specifically has been benefiting from additional catalysts beyond the macro backdrop.
The SEC’s CLARITY Act roundtable, which kicked off in Washington today, is being closely watched by the XRP community as it could clarify the regulatory treatment of digital assets used in payments, an area where XRP has direct exposure. The prospect of legislative progress has brought institutional buyers back to the ETF market.
Ripple’s announcement on April 14 of a tokenized government bond pilot with South Korea’s Kyobo Life Insurance also reinforced XRP’s real-world settlement utility, adding a fundamental narrative alongside the technical inflow momentum. XRP ETFs posted a record $119.6 million across global products the week ending April 11, driven largely by European buyers, before Wednesday’s US-led single-day surge reset the domestic record.
What Analysts Are Watching
XRP remains roughly 23% below its January 2026 high despite Thursday’s rally. Analysts say the $1.60 level, which aligned with XRP’s March 17 high, is the first meaningful resistance test. A sustained hold above $1.40 is needed to avoid a false breakout reading on the chart.
The four-day inflow streak is constructive because XRP’s exchange supply has dropped to multi-year lows, meaning ETF accumulation is absorbing tokens from an already thin exchange order book. When ETF demand meets low exchange supply, price elasticity tends to increase on the upside.
XRP price has rallied 6% to $1.42 with its market cap moving back above $87 billion, with further upside contingent on clarity from today’s SEC roundtable and continued ceasefire progress reducing the macro headwinds that have kept risk assets pressured since February.
Blockstream CEO Adam Back said Thursday that a future post-quantum migration of Bitcoin could help clarify how many coins linked to Satoshi Nakamoto remain accessible, because any owner wanting to protect vulnerable holdings would need to move them to a new address format.
Speaking at Paris Blockchain Week, Back said such a migration would likely give users ample time to move funds and argued that coins left unmoved after that process could reasonably be treated as lost.
“This migration to post-quantum address format may tell us how many of those coins [Satoshi] still has,” said Back, adding that the pseudonymous creator has an estimated 500,000 to 1 million Bitcoin (BTC).
Satoshi’s Bitcoin stash has ignited heated debate among Bitcoin holders concerned by the quantum computing threat. On Wednesday, Jameson Lopp and five co-authors published a Bitcoin Improvement Proposal aimed at restricting the future movement of coins held in quantum-vulnerable address formats, including older coins whose public keys have already been exposed.
Blockchain data platform Arkham estimates that Nakamoto-linked wallets hold 1.09 million Bitcoin, currently valued at $81.6 billion.
Related: Bernstein says Bitcoin market already priced in quantum risk
Back sees long runway on quantum
Back said Bitcoin developers and holders still have substantial time to prepare, arguing that a quantum breakthrough capable of threatening Bitcoin signatures is at least 20 years away.
He argued that today’s quantum computers are “less powerful than a $5 calculator” and that some of their issues become more pressing as these systems scale, such as their energy consumption.
Back said that runway should give developers and users ample time to develop a post-quantum path and migrate to a new quantum-resistant standard underpinned by hash-based signatures.
In December 2025, Back’s Blockstream Research released a paper proposing a hash-based signature scheme that offers a “promising path for securing Bitcoin in a post-quantum world,” as a quantum-safe replacement for the ECDSA and Schnorr signatures. Under the proposal, security would rely solely on hash function assumptions, similar to the ones currently used in Bitcoin’s network design.
The Elliptic Curve Digital Signature Algorithm (ECDSA) uses elliptic-curve cryptography to verify the authenticity and integrity of a message. Schnorr signatures are another signature scheme praised for enhancing privacy and reducing data size, due to their ability to combine multiple signatures into one.
Magazine: Bitcoin vs. the quantum computer threat — Timeline and solutions (2025–2035)
Circle Internet Group faces a class-action in a Massachusetts federal court over claims it failed to intervene as attackers siphoned funds during the Drift Protocol exploit. The lawsuit, filed by Drift investor Joshua McCollum on behalf of more than 100 claimants, contends Circle’s Cross-Chain Transfer Protocol (CCTP) allowed approximately $230 million worth of USDC to be moved from Solana to Ethereum over several hours on April 1 without timely action.
The plaintiffs allege that Circle’s inaction caused or substantially contributed to the losses and seek damages to be determined at trial. The case underscores ongoing questions about whether crypto firms that maintain control over user funds can or should intervene in real time to curb theft or misuse, and how that potential responsibility should be calibrated against regulatory constraints and legal authority.
Key takeaways
- The lawsuit alleges Circle had the technical capacity to freeze compromised funds, pointing to a prior action where Circle froze 16 USDC wallets in connection with a sealed civil case.
- The Drift attack leveraged Circle’s cross-chain facilities to move roughly $230 million in USDC from Solana to Ethereum over several hours, with the suit asserting Circle did not act to halt the transfers.
- Analysts at Elliptic have linked the exploit to DPRK-state–backed actors, noting the movement of funds through the network during U.S. business hours and subsequent attempts to obfuscate the trail via privacy tools.
- Circumstances surrounding the incident have reignited debate about the liability of DeFi and infrastructure providers when user funds are stolen, including arguments that freezing assets without a court order may create perverse incentives or political considerations for future action.
- Circle did not immediately respond to requests for comment, while industry observers and investors weigh the legal and policy implications for future risk management and user protection.
What the suit alleges and why it matters
The court filing, lodged in a Massachusetts district court, asserts that Circle “permitted this criminal use of its technology and services” and that timely intervention could have substantially reduced, if not prevented, the losses. The action frames Circle as potentially aiding and abetting conversion and as negligent in supervising the use of its own cross-chain tooling. The allegations hinge on the argument that Circle had, or should have had, the ability to freeze funds or intervene in the flows that enabled the theft, even if regulators and legal authorities did not immediately grant a freezing order.
As part of the filing, McCollum’s legal team notes that Circle froze 16 USDC wallets in connection with a separate sealed civil matter about a week before the Drift incident—an occurrence they say demonstrates Circle’s capacity to intervene in real time when needed. The docket referenced in the court filing is publicly accessible, and the plaintiffs point to that prior action as evidence of proportional capacity to halt similar transfers.
The broader question the case raises is whether firms that sit at the center of crypto rails bear a responsibility to act when wrongdoing is detected or suspected. In many cases, executives acknowledge practical constraints, including the lack of explicit legal authorization during fast-moving exploits. The Massachusetts suit seeks to compel accountability and damages, but it also spotlights a broader, unresolved tension between rule-of-law principles and the operational realities of decentralized finance ecosystems.
The Drift exploit, the mechanics, and the alleged response gap
The Drift Protocol incident involved a sequence of transfers that moved a large tranche of USDC across networks via Circle’s CCTP. The complaint alleges that attackers succeeded in moving about $230 million worth of USDC from Solana to Ethereum without timely intervention from Circle, enabling proceeds to be wired into a different chain against the users’ interests.
According to the plaintiffs, Circle’s tools were capable of halting or reversing suspicious activity, and the failure to intervene allowed the attackers to drain liquidity from one ecosystem into another. The suit frames Circle’s inaction as a failure to protect user funds, arguing that the consequences extended beyond the individuals directly affected to the broader ecosystem—potentially dampening confidence in cross-chain tooling and in platforms that retain de facto control over user tokens during such crises.
Commentary from the plaintiffs’ counsel emphasizes that the losses might have been less severe had Circle exercised timely control, raising questions about the threshold of permissible intervention for centralized crypto services in edge cases of theft or misappropriation. Circle’s response to the suit has not yet materialized in public commentary, and the company did not immediately respond to Cointelegraph’s request for comment.
Tracing the funds: laundering routes and attribution
Elliptic researchers have flagged the Drift exploitation as being consistent with DPRK-linked activity. In a post-creach analysis, the firm noted that more than a hundred transactions related to the assault occurred during U.S. working hours, a detail seen as relevant to attribution efforts and to understanding the operational tempo of the attackers. Elliptic’s assessment also describes how the proceeds were converted into Ether (ETH) and routed through privacy-oriented channels, including the Tornado Cash protocol, in an attempt to obfuscate the trail.
While attribution in crypto forensics remains complex and often contested, the Elliptic findings contribute to a broader narrative about the transnational and cross-chain nature of such exploits. The Drift incident has become part of a larger discourse on how sanctions-enforcement and tracing capabilities intersect with the practical realities of on-chain finance, and how firms that provide bridging and custody solutions fit into that equation.
“Whether Circle got it right comes down to how much you weigh rule-of-law principles vs concrete harm. Reasonable people disagree.”
Industry observers note that the Drift case sits at a crossroad: it tests the boundaries of what action is considered appropriate when funds are believed to have been stolen, and what legal authorities would be required to justify a freeze or rollback in a permissionless network context. The case also intersects with ongoing debates about the liability for DeFi developers and infrastructure providers when episodes of misuse occur on the rails they maintain.
Liability, intervention, and the investment view
In the wake of the lawsuit, the debate over liability intensified among investors and researchers. Lorenzo Valente, the director of research for digital assets at ARK Invest, argued that Circle’s decision to abstain from freezing funds in the absence of a legal order represents a defensible stance in strict adherence to rule-of-law principles. He contended that freezing assets without a court directive could invite arbitrary discretion and undermine established legal standards, framing the case as part of a bigger constitutional risk debate for crypto rails that operate across borders and jurisdictions.
Valente’s position reflects a broader sentiment in some investor and academic circles: that the legal architecture surrounding crypto infrastructure is still catching up to the pace and sophistication of on-chain activity. The case also underscores a key strategic tradeoff for users and builders: the tension between technical capability to intervene and the legitimate need for careful, legally grounded action that does not set dangerous precedents for arbitrary asset freezes.
As the legal process unfolds, observers will watch for how the court interprets the responsibilities of crypto infrastructure providers and whether any settlement or court ruling could redefine the standard for future incidents. The Drift lawsuit is not the only lens on this issue, but it is among the most high-profile, given the scale of funds involved and Circle’s central role in bridging assets across chains.
What readers should watch next
The case is still early in its trajectory, and the court has yet to determine the appropriate remedies or establish a clear framework for liability in similar contexts. Key questions to watch include whether a court will require or authorize asset freezes in future incidents, how damages will be calculated, and what this could mean for cross-chain infrastructure providers and custody services.
Regulators and lawmakers, too, will likely scrutinize the evolving balance between proactive risk management and the prescriptive limits of authority over private-led, permissionless networks. For investors and users, the underlying takeaway is that accountability mechanisms for crypto rails are still taking shape—and how those mechanisms emerge could influence risk models, product design, and regulatory engagement in coming quarters.
As Circle and the Drift investors navigate these questions, market participants will be watching for any legal milestones, potential settlements, or policy clarifications that could tilt how similar incidents are managed in the future. The evolution of this case could help define whether asset freezes become a common tool in crisis management or remain extraordinary measures bound by formal due process.
Bitcoin (BTC) struggles to reclaim price highs above $76,000, but analysts say that the uptrend may continue if key conditions are met.
Bitcoin’s 8% climb over the last three days saw it reclaim key levels, including the 50-day exponential moving average (EMA) at $71,000.
“$76K is the level that decides everything,” analyst Crypto Patel said in a Wednesday post on X, adding:
“We need a proper HTF candle close above this zone to trust the move.”
Related: Bitcoin falls to lower support as analysts say markets are ignoring key Iran issue
The analyst further explained that a high-time frame close above $76,000 would open the path toward the $84,000-$96,000 zone, where investors acquired more than 2 million BTC over the last six months, according to Glassnode’s cost basis distribution heatmap.
Echoing this view, trading resource Material Indicators said that “there are multiple levels of technical resistance stacked” between the spot price and a “bonafide $BTC bull market breakout.”
These include the yearly open at $87,500 and the 50-week moving average at $97,000, which must be reclaimed to confirm that the “$BTC bull market has returned,” Material Indicators said in a follow-up post.
The trading resource further pointed out that the relative strength index must close and hold above the 41 level in the weekly time frame.
Previous occurrences in 2023, 2020 and 2019 have led to 660%, 1,600% and 316% BTC price rallies, respectively.
“Obviously, we are not there yet,” Materials indicators said in a video posted on X, adding:
“Those are the macro things that need to happen to say a validated bull market is on.”
For analyst Rekt Capital, the BTC/USD pair needs to achieve a weekly close above $72,800 to “confirm a breakout.”
As Cointelegraph reported, the bulls must decisively break above the $76,000-$80,000 range to confirm a trend change.
Optimism needs to return to the BTC market
The bull score index, a measure of Bitcoin’s overall market health that combines fundamental and technical metrics, indicates a significant improvement in market conditions following BTC’s latest move to $76,000.
The metric increased to 40 on April 15, the highest since late October 2025. This reading remains within neutral territory, reflecting a gradual recovery after a period of relatively weak momentum.
While the bull score index improvement to 40 “reflects relative stability in the market,” it must rise to an area of “strong optimism (above 60), which typically indicates strong bullish conditions,” CryptoQuant analyst Arab Chain said in a Quicktake post, adding:
“If the indicator continues to improve gradually, it may signal a potential return of upward momentum, especially if higher levels are reclaimed in the coming period.”
Meanwhile, demand for spot Bitcoin ETFs remains intermittent, with these investment products recording alternating inflows and outflows after every few days.
Although the $451 million in net inflows recorded on Tuesday pointed to a return in demand from US investors, persistent positive flows are required to propel BTC price higher.
As Cointelegraph reported, onchain activity is showing “bull market behavior,” with Bitcoin’s daily transaction count reaching 17-month highs, further reinforcing BTC’s upside potential.
This article is produced in accordance with Cointelegraph’s Editorial Policy and is intended for informational purposes only. It does not constitute investment advice or recommendations. All investments and trades carry risk; readers are encouraged to conduct independent research before making any decisions. Cointelegraph makes no guarantees regarding the accuracy or completeness of the information presented, including forward-looking statements, and will not be liable for any loss or damage arising from reliance on this content.
France has logged 41 crypto-linked kidnappings in 2026, prompting Interior Ministry plans for tougher measures after the country became Europe’s hotspot for “wrench attacks.”
Summary
- France’s Interior Ministry will roll out new measures to protect crypto holders after 41 kidnappings so far in 2026.
- Officials say France now accounts for about 40% of Europe’s crypto “ransom attacks,” after a 75% global jump in 2025.
- A new prevention platform has drawn thousands of sign‑ups as authorities move to treat crypto crime as a physical security threat.
French Interior Ministry representative Jean‑Didier Berger says France will introduce new measures “in the coming weeks” to deal with a wave of crypto‑linked kidnappings that has made the country an epicenter of what police now call “wrench attacks.” Speaking at Paris Blockchain Week, Berger said authorities have already launched a prevention platform aimed at digital asset holders and attracted thousands of registrations, framing the next step as a tighter, more coordinated law‑enforcement response.
So far in 2026, officials have counted 41 kidnapping cases tied to cryptocurrency in France, an average of roughly one every 2.5 days, according to figures cited by Berger and local media. In 2025, global incidents of such ransom attacks rose 75% year‑on‑year, with France the worst‑hit country worldwide and accounting for about 40% of all cases recorded in Europe.
Berger said he is working with Interior Minister Laurent Nuñez on a “more stringent response plan” that will be deployed shortly, following internal warnings that the threat has evolved from insider disputes to systematic targeting of wealthy individuals and their families. A January memo from France’s organized crime agency SIRASCO, reported by Le Parisien, described roughly 40 crypto kidnappings and hostage‑takings between mid‑2023 and end‑2025, mostly in urban areas around Paris.
Recent cases underline the escalation. In April, GIGN commandos rescued a mother and 10‑year‑old son held for about 20 hours as kidnappers tried to extort “several hundreds of thousands” of euros from the father, a crypto entrepreneur. Earlier this year, a magistrate linked to a Lyon‑based crypto executive and her elderly mother were held for 30 hours in a ransom plot before six suspects were arrested, including a minor.
Industry and security researchers say self‑custody has become a physical risk factor in France’s crypto scene, pushing some executives toward bodyguards and home security checks. TRM Labs and CertiK data cited by outlets such as Forbes show France logged 19 of 72 verified wrench attacks globally in a recent period, more than twice the tally in the United States, with at least 30 documented cases since 2017 and over 20 in 2025 alone.
For a government that has marketed Paris as a crypto and fintech hub under clear rules and MiCA‑aligned licensing, the surge in kidnappings now threatens to become a reputational and capital‑flight problem. As one CryptoSlate report put it, France is “where crypto wealth looks hardest to hold safely in public,” a perception Berger and Nuñez will now have to fight through prevention, rapid‑response policing and closer cooperation with an industry suddenly focused as much on physical safety as on private keys.
Summary
- Blockstream CEO Adam Back backs “optional” quantum-resistant upgrades and rejects freezing quantum‑vulnerable wallets.
- His stance clashes with BIP‑361, a three‑phase plan that would eventually invalidate legacy signatures and freeze unmigrated coins, including Satoshi’s stash.
- The debate highlights how Bitcoin must balance intergenerational security against hard limits on property rights and censorship resistance.
Bitcoin’s (BTC) long‑running debate over the quantum computing threat has flared again after Blockstream CEO Adam Back used Paris Blockchain Week to argue for optional, opt‑in upgrades instead of forcibly freezing old wallets. “Preparation is much safer than hasty responses in a crisis,” Back said, insisting that the network should build quantum‑resistant paths now while preserving user choice and property rights.
Back described today’s quantum computers as “essentially lab experiments” and noted he has followed the field for more than 25 years, during which progress has been “incremental,” but warned that Bitcoin cannot afford to wait until a real‑world break occurs. He also pushed back on calls to lock down coins by protocol fiat, arguing that the Bitcoin community has shown it can coordinate under pressure and that “bugs have been identified and fixed within hours” in past emergencies.
Back’s comments directly contrast with BIP‑361, “Post‑Quantum Migration and Legacy Signature Sunset,” a proposal from Jameson Lopp and five co‑authors that would gradually phase out quantum‑vulnerable outputs and ultimately freeze unmigrated coins. The draft, which builds on BIP‑360’s soft‑fork framework, introduces a quantum‑resistant output type and targets early formats such as pay‑to‑public‑key (P2PK) addresses that expose public keys on‑chain.
Estimates cited by CoinMarketCap and other publications say roughly 1.7 million BTC — about 34% of total supply, including Satoshi Nakamoto’s early holdings valued around $70–$80 billion at current prices — still sit in quantum‑exposed address types. Under BIP‑361’s three‑phase schedule, Phase A would begin three years after activation and ban new payments to legacy addresses, while still allowing spending from them.
Five years after activation, Phase B would go further by rendering old ECDSA and Schnorr signatures invalid, meaning any coins that had not been migrated to quantum‑resistant outputs would be effectively frozen on the network. Lopp and co‑authors frame this as necessary to prevent “intergenerational theft” by a future quantum adversary and to avoid a scenario where an attacker can seize dormant wallets and crash trust in Bitcoin’s fixed‑supply narrative.
Back and other critics counter that deliberately freezing coins crosses a red line for decentralization and censorship resistance, amounting to protocol‑level expropriation even if done in the name of security. They argue that Bitcoin has historically relied on social consensus and voluntary upgrades, and that the community should instead focus on offering robust quantum‑safe options, education and incentives so users migrate out of genuine self‑interest rather than under threat of losing control over their funds.
In previous crypto.news coverage of protocol‑level governance battles and hard‑fork debates, similar tensions have surfaced between risk‑mitigation schemes and the movement’s founding principles, from block‑size wars to taproot activation. The quantum fight, now centered on BIP‑361 and Back’s rival vision of optional defenses, is shaping up as the next major test of how far Bitcoiners are willing to go to “save” the network without breaking what made it attractive in the first place.
Scots will question whether SNP can be trusted to run economy after food price plan
Israel and Lebanon begin ceasefire, Trump says Iran may meet US over weekend
Why digital payments need a better infrastructure
-
Politics6 days agoUS brings back mandatory military draft registration
-
Sports6 days agoMan United discover Nico Schlotterbeck transfer fee as defender reaches Dortmund agreement
-
Fashion6 days agoWeekend Open Thread: Veronica Beard
-
Politics7 days agoMalcolm In The Middle OG Turned Down ‘Buckets Of Money’ To Appear In Reboot
-
Politics5 days agoWorld Cup exit makes Italy enter crisis mode
-
Business6 days agoTesla Model Y Tops China Auto Sales in March 2026 With 39,827 Registrations, Beating Cheaper EVs and Gas Cars
-
Crypto World3 days agoThe SEC Conditionalises DeFi Platforms to Be Avoided for Broker Registration
-
Crypto World3 days agoSEC Signals Exemption for Crypto Interfaces From Broker Registration
-
News Videos2 days agoSecure crypto trading starts with an FIU-registered
-
NewsBeat4 days agoPep Guardiola and Gary Neville agree over Arsenal title problem that benefits Man City
-
Business5 days agoIreland Fuel Protests Enter Day 5 as Blockades Spark Shortages and Government Prepares Support Package
-
Business7 days agoOpenAI Halts Stargate UK Data Centre Project Over Energy Costs and Copyright Row
-
Crypto World6 days agoFederal judge blocks Arizona from bringing criminal charges against Kalshi
-
Politics7 days agoLBC Presenter Mocks Trump Over Iran War Failures
-
NewsBeat3 days agoTrump and Pope Leo: Behind their disagreement over Iran war
-
Crypto World3 days agoSEC Proposes Certain Crypto Interfaces Don’t Need to Register as Brokers
-
NewsBeat5 days agoJD Vance announces ‘no agreement’ with Iran over nuclear weapons fear
-
Business6 days agoIMF retains floor for precautionary balances at SDR 20 billion
-
Business6 days agoFormer Liverpool CEO eviscerates FIFA for World Cup ticket pricing
-
Crypto World4 days ago
Sei Network Enters Quiet Reset Phase as On-Chain Metrics Signal a Slowdown in 2026
You must be logged in to post a comment Login