A six-month investigation backed by the Ethereum Foundation has uncovered how North Korean operatives quietly embedded themselves inside dozens of Web3 teams under false identities.

The Ethereum Foundation said Thursday that its ETH Rangers initiative funded a security-focused effort that identified 100 individuals linked to the Democratic People’s Republic of Korea operating within crypto companies. The program, launched in late 2024, was designed to support public goods work through stipends for independent researchers.

One of those recipients used the funding to launch the Ketman Project, which focused on tracking “fake developers” working inside Web3 organizations. Over the six-month period, the project flagged 100 suspected DPRK IT workers and reached out to 53 crypto projects that may have unknowingly employed them.

“This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today,” the foundation said.

Findings add to a growing body of evidence showing that North Korean-linked developers have spent years embedding themselves across the crypto industry, often blending into teams through credible technical contributions and fabricated professional identities.

Security researcher and MetaMask developer Taylor Monahan has previously said such activity dates back to the early DeFi era, with DPRK-linked developers contributing to widely used protocols.

“Lots of DPRK IT workers built the protocols you know and love, all the way back to DeFi summer,” she said, noting that more than 40 platforms have relied on such contributors at different points. Claims of extensive experience are not always fabricated, she added, saying their “seven years of blockchain dev experience” is “not a lie.”

Investigators have consistently tied these operations to the Lazarus Group, a state-backed collective linked to some of the largest crypto thefts in recent years. Estimates from R3ACH analysts put total stolen funds at around $7 billion since 2017, including attacks such as the $625 million Ronin Bridge exploit, the $235 million WazirX breach, and the $1.4 billion Bybit incident.

Simple tactics, persistent execution

Despite the scale of damage, many infiltration attempts rely on relatively basic methods rather than advanced exploits. Analysts say persistence, social engineering, and identity layering often prove more effective than technical sophistication.

Independent blockchain investigator ZachXBT noted that many of these operations are “basic and in no way sophisticated,” adding that “the only thing about it is they’re relentless.” Outreach typically happens through job applications, LinkedIn profiles, email exchanges, and remote interviews, allowing operatives to gradually build trust within teams.

Recent incidents have shown how far such tactics can go. Drift Protocol’s $280 million exploit was linked to a North Korean-affiliated group, with attackers using intermediaries and fully constructed professional identities to establish credibility before executing the breach.

Red flags and detection efforts expand

Details from the Ketman Project shed light on how these operatives maintain cover inside development teams. Common indicators include reusing avatars or profile metadata across multiple GitHub accounts, unintentionally exposing unrelated email addresses during screen sharing, and using system language settings that contradict claimed nationalities.

Alongside its investigative work, the project developed an open-source tool designed to flag suspicious GitHub activity. It also co-authored an industry framework for identifying DPRK-linked IT workers in collaboration with the Security Alliance.

This article has been updated with comments from a Ledger spokesperson.

A Brazilian security researcher has uncovered a sophisticated counterfeit Ledger device operation after discovering modified hardware designed to siphon cryptocurrency from unsuspecting users.

The security researcher, known online as “Past_Computer2901,” shared findings on Reddit after purchasing what appeared to be a standard Ledger Nano S Plus from a Chinese marketplace. 

Despite the packaging and price point matching official retail standards, the unit failed a “Genuine Check” when connected to the authentic Ledger Live desktop application. 

This red flag led to a physical teardown of the device, revealing that the internal circuitry had been altered to include WiFi and Bluetooth antennas—features entirely absent from the legitimate model.

Hardware manipulation and malicious redirects

Scammers are utilizing these tampered devices to exploit first-time buyers through a deceptive setup process. 

A QR code included in the packaging directs users to a fraudulent version of the Ledger Live app, which is programmed to bypass security warnings and issue a fake verification of the hardware’s authenticity. 

Once a user follows the prompts to generate or enter a seed phrase, the compromised firmware captures the data, allowing the attackers to drain the wallet at will.

“This isn’t meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation,” the researcher noted.

Internal analysis of the unit showed that the scammers went to great lengths to hide the fraud, including scraping off original chip markings.

Counterfeit Ledger device. Source: Reddit. 

While the device initially identified itself as a Nano S Plus 7704 during the boot phase, the final sequence revealed the manufacturer as Espressif Systems, a Shanghai-based semiconductor firm. 

These modifications fundamentally break the security premise of Ledger products, which are built to keep private keys in a strictly offline environment.

“When purchasing from a marketplace, Ledger strongly encourages users to verify the identity of the seller. Users should ensure they only download the official Ledger Wallet apps on desktop and mobile. The situation involved counterfeit hardware, paired with a fake companion app flow designed to simulate the onboarding process, distributed through unofficial channels,” a Ledger spokesperson told crypto.news.

“Ledger will never ask users for their 24 words. If anyone claiming to be Ledger, or any app that purports to be a Ledger app, asks for your 24 words, you should immediately assume it is a scam,” they added.

The discovery follows a separate incident earlier this month where a fraudulent app bypassed Apple App Store security via a bait-and-switch tactic. The malicious software successfully tricked over 50 people into revealing their recovery phrases, resulting in the theft of $9.5 million before the platform removed the listing. The app has since been removed for malicious bait-and-switch functionality, according to Apple.

“Stay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com. If your device fails the Genuine Check — stop using it immediately,” the researcher cautioned.

Plans to release revised stablecoin yield language in the Clarity Act have been delayed, extending uncertainty around one of the bill’s most divisive provisions.

According to a report from Politico, Senator Thom Tillis said the updated draft is unlikely to be made public this week, as lawmakers wait for clarity on the timing of the Senate Banking Committee’s upcoming markup before proceeding with a release.

Meanwhile, a source familiar with the discussions told The Block that legislative teams are still holding meetings with bank trade groups and crypto firms, suggesting that negotiations remain active despite earlier expectations of an imminent rollout.

The draft, in its current form, continues to follow earlier proposals that would block rewards on idle stablecoin balances held in accounts, while allowing yield tied to transactional activity. 

According to the source, making major revisions at this stage would be difficult, pointing to a text that is largely settled even as political agreement remains out of reach.

Work on the language has been led by Tillis in coordination with Angela Alsobrooks, as both lawmakers attempt to settle a dispute that has held up progress on the Digital Asset Market Clarity Act well beyond its initial end of 2025 target.

Earlier remarks from Tillis had suggested the proposal would be released this week, with the senator stating, “I think the language has come together well,” as negotiations appeared to move toward a compromise. That timeline now appears to have slipped, underscoring how difficult it has been to align competing interests.

Tensions around stablecoin rewards have emerged as the most contentious issue in the bill. While the GENIUS Act, passed last year, prevents issuers from paying interest directly to holders, it leaves room for third-party platforms such as exchanges to offer yield, a gap the Clarity Act is attempting to address.

U.S. banks have warned that allowing such rewards could draw deposits away from traditional institutions and weaken funding stability. 

Crypto companies, including Coinbase, have pushed back, arguing that banning rewards would limit product development and overlook opportunities for banks to participate in the same market.

Efforts to close the gap have included a series of closed-door meetings convened by the White House since the start of the year. Those talks have yet to produce an agreement, with both sides continuing to hold firm positions as lawmakers weigh how far the legislation should go in restricting yield-bearing stablecoin products.

Finance ministers, central bankers, and senior financiers are increasingly focused on the potential risks posed by Anthropic’s Claude Mythos model, amid fears it could expose critical weaknesses in global financial infrastructure.

The model has already prompted high-level discussions and emergency-style meetings after early testing revealed vulnerabilities across major operating systems and widely used applications. Officials and industry experts say the system may have an “unprecedented” ability to detect and exploit cybersecurity flaws, though some caution that its full capabilities are still not fully understood.

Canadian Finance Minister François-Philippe Champagne said the issue dominated conversations during this week’s International Monetary Fund meetings in Washington.

“Certainly it is serious enough to warrant the attention of all the finance ministers,” he said, adding that unlike physical risks, the challenge with AI is “the unknown, unknown.”

He stressed the need for safeguards, saying authorities must ensure “we have process in place to make sure that we ensure the resiliency of our financial systems.”

Major banks and government agencies are now being given early access to Mythos to assess vulnerabilities before any broader rollout.

C. S. Venkatakrishnan, chief executive of Barclays, said the concerns are significant enough to demand immediate attention.

“It’s serious enough that people have to worry,” he said. “We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly.”

He added that the situation reflects a more connected financial system where risks and opportunities are increasingly intertwined.

Anthropic has indicated that Mythos has already uncovered multiple flaws across operating systems, financial platforms, and web browsers. In response, access has been restricted to a small group of institutions, including major technology firms and systemically important banks, allowing them to strengthen defenses before wider exposure.

Authorities in the United States have taken similar steps. The Treasury Department has encouraged leading banks to deploy the model internally to identify weaknesses, while also exploring ways to make a controlled version available to federal agencies. A memo from the White House Office of Management and Budget outlined plans to introduce safeguards before any such access is granted.

Andrew Bailey, governor of the Bank of England, said the implications for cybercrime must be taken seriously.

“We are having to look very carefully now what this latest AI development could mean for the risk of cyber crime,” he said, warning that such tools could make it easier for “bad actors” to identify and exploit system vulnerabilities.

Senior US officials, including Scott Bessent and Jerome Powell, have already convened Wall Street executives to address the risks. Attendees reportedly included leaders from major banks such as Goldman Sachs, Bank of America, Citigroup, and Morgan Stanley, underscoring the systemic importance of the issue.

Industry voices suggest the concerns may not be limited to Anthropic. Sources indicate another US AI company could release a similarly capable model without comparable safeguards.

James Wise of Balderton Capital described Mythos as “the first of what will be many more powerful models” capable of exposing system vulnerabilities. His Sovereign AI unit is investing in companies focused on AI security, adding, “We hope the models that expose vulnerabilities are also the models which will fix them.”

Mythos is part of Anthropic’s Claude family of models, a competing system to offerings from OpenAI and Google. Unlike previous releases, the company has restricted access due to concerns that the tool could be misused to uncover sensitive flaws or break into protected systems.

Internal testing raised alarms after the model identified critical bugs that would typically require highly skilled hackers to discover. Some vulnerabilities reportedly date back decades, highlighting gaps that had gone undetected by traditional security systems.

The concerns have also spilled into policy disputes. The Pentagon recently designated Anthropic as a potential supply chain risk, a move usually reserved for foreign adversaries. The company successfully challenged a proposed ban in court, arguing it would result in significant financial losses.

Within national security circles, Mythos has introduced new uncertainty around how cyber threats are assessed. One official described the impact as comparable to equipping an ordinary hacker with tools akin to those used by elite operators.

Despite the risks, authorities continue to engage with Anthropic. Federal agencies are preparing for possible controlled access, while regulators and financial institutions race to understand and address the vulnerabilities the model has already begun to uncover.

Part 1 of this series explained what quantum computers actually are. Not just faster versions of regular computers, but a fundamentally different kind of machine that exploits the weird rules of physics that only apply at the scale of atoms and particles.

But knowing how a quantum computer works does not tell you how it can be used to steal bitcoin by a bad actor. That requires understanding what it is actually attacking, how bitcoin’s security is built, and exactly where the weakness sits.

This piece starts with bitcoin’s encryption and works through to the nine-minute window it takes to break it, as identified by Google’s recent quantum computing paper.

The one-way map

Bitcoin uses a system called elliptic curve cryptography to prove who owns what. Every wallet has two keys. A private key, which is a secret number, 256 digits long in binary, roughly as long as this sentence. A public key is derived from the private key by performing a mathematical operation on the specific curve called “secp256k1.”

Think of it as a one-way map. Start at a known location on the curve that everyone agrees on, called the generator point G (as shown in the chart below). Take a private number of steps in a pattern defined by the curve’s math. The number of steps is your private key. Where you end up on the curve is your public key (point K in the chart). Anyone can verify that you ended up at that specific location. Nobody can figure out how many steps you took to get there.

Technically, this is written as K = k × G, where k is your private key and K is your public key. The “multiplication” is not regular multiplication but a geometric operation where you repeatedly add a point to itself along the curve. The result lands on a seemingly random spot that only your specific number k would produce.

The crucial property is that going forward is easy and going backward is, for classical computers, effectively impossible. If you know k and G, calculating K takes milliseconds. If you know K and G and want to figure out k, you are solving what mathematicians call the elliptic curve discrete logarithm problem.

It is estimated that the best-known classical algorithms for a 256-bit curve would take longer than the age of the universe.

This one-way trapdoor is the entire security model. Your private key proves you own your coins. Your public key is safe to share because no classical computer can reverse the math. When you send bitcoin, your wallet uses the private key to create a digital signature, a mathematical proof that you know the secret number without revealing it.

Shor’s algorithm opens the door both ways

In 1994, a mathematician named Peter Shor discovered a quantum algorithm that breaks the trapdoor.

Shor’s algorithm solves the discrete logarithm problem efficiently. The same math that would take a classical computer longer than the universe has existed, Shor’s algorithm handles in what mathematicians call polynomial time, meaning the difficulty grows slowly as numbers get bigger rather than explosively.

The intuition for how it works comes back to the three quantum properties from Part 1 of this series.

The algorithm needs to find your private key k, given your public key K and the generator point G. It converts this into a problem of finding the period of a function. Think of a function that takes a number as input and returns a point on the elliptic curve.

As you feed it sequential numbers, 1, 2, 3, 4, the outputs eventually repeat in a cycle. The length of that cycle is called the period, and once you know how often the function repeats, the math of the discrete logarithm problem unravels in a single step. The private key falls out almost immediately.

Finding this period of a function is exactly what quantum computers are built for. The algorithm puts its input register into a superposition (or, in quantum mechanics, a particle exists in multiple locations simultaneously), representing all possible values simultaneously. It applies the function to all of them at once.

Then it applies a quantum operation called the Fourier transform, which causes the number of wrong answers to cancel out while the correct answers are reinforced.

When you measure the result, the period appears. From this period, ordinary math recovers k. That is your private key, and therefore your coins.

The attack uses all three quantum tricks from the first piece. Superposition evaluates the function on every possible input at once. Entanglement links the input and output so the results stay correlated. ‘Interference’ filters the noise until only the answer remains.

Why bitcoin still works today

Shor’s algorithm has been known for more than 30 years. The reason bitcoin still exists is that running it requires a quantum computer with a large enough number of stable qubits to maintain coherence through the entire calculation.

Building that machine has been beyond reach, but the question has always been how large is “large enough.”

Previous estimates said millions of physical qubits. Google’s paper, in early April by its Quantum AI division with contributions from Ethereum Foundation researcher Justin Drake and Stanford cryptographer Dan Boneh, reduced that to fewer than 500,000.

Or a roughly 20-fold reduction from prior estimates.

The team designed two quantum circuits that implement Shor’s algorithm against bitcoin’s specific elliptic curve. One uses approximately 1,200 logical qubits and 90 million Toffoli gates. The other uses approximately 1,450 logical qubits and 70 million Toffoli gates.

A Toffoli gate is a type of gate that acts on three qubits: two control qubits, which affect the state of a third, target qubit. Imagine this as three light switches (qubits) and a special lightbulb (the target) that only turns on if two specific switches are flipped on at the same time.

Because qubits lose their quantum state constantly, as Part 1 explained, you need hundreds of redundant qubits checking each other’s work to maintain a single reliable logical qubit. Most of a quantum computer exists just to catch the machine’s own mistakes before they ruin the calculation. The roughly 400-to-1 ratio between physical and logical qubits reflects how much of the machine exists as self-babysitting infrastructure.

The nine-minute window

Google’s paper did not just reduce qubit counts. It introduced a practical attack scenario that changes how to think about the threat.

The parts of Shor’s algorithm that depend only on the elliptic curve’s fixed parameters, which are publicly known and identical for every bitcoin wallet, can be precomputed. The quantum computer sits in a primed state, already halfway through the calculation, waiting.

The moment a target public key appears, whether broadcast in a transaction to the network’s mempool or already exposed on the blockchain from a previous transaction, the machine only needs to finish the second half.

Google estimates that the second half takes about nine minutes.

Bitcoin’s average block confirmation time is 10 minutes. That means if a user broadcasts a transaction and their public key is visible in the mempool, a quantum attacker has roughly nine minutes to derive a private key and submit a competing transaction that redirects funds.

The math gives the attacker a roughly 41% chance of finishing before your original transaction confirms.

That is the mempool attack. It is alarming but it requires a quantum computer that does not exist yet.

The bigger concern, however, is the 6.9 million bitcoin (roughly one-third of total supply) sitting in wallets where the public key has already been permanently exposed on the blockchain. Those coins are vulnerable to an “at-rest” attack that requires no race against the clock. The attacker can take as long as needed.

A quantum computer running Shor’s algorithm can turn a bitcoin public key into the private key that controls the coins. For coins transacted since Taproot (a privacy upgrade on Bitcoin that went live in November 2021), the public key is already visible. For coins in older addresses, the public key is hidden until you spend, at which point you have roughly nine minutes before the attacker catches up.

What this means in practice, which 6.9 million bitcoin are already exposed, what Taproot changed, and how fast the hardware is closing the gap, is the subject of the next and final piece in this series.

Foundation, a prominent Ethereum-based digital art hub, has permanently ceased operations after a planned rescue acquisition by the platform Blackdove collapsed.

According to a Wednesday announcement on X by Foundation founder and CEO Kayvon Tehranian, the marketplace will not return to active service because the deal intended to sustain its future fell through. 

While Tehranian did not name Blackdove specifically in his initial statement, he confirmed that the sale’s primary objective was to keep the platform running under new management. 

“That’s no longer possible,” Tehranian stated, noting that the company is currently unable to restore the site’s functionality.

A subsequent message signed by the Blackdove team clarified that the marketplace would be brought back online for a brief window. This temporary restoration is intended solely to allow users to delist their NFTs and secure their assets before the final shutdown.

The failure of the Foundation sale highlights a difficult period for the NFT sector, which has seen a steady exit of independent marketplaces as trading volumes struggle to match previous years. Blackdove had originally signaled its intent to acquire the platform in early 2025, with a transition period that lasted into 2026 before the deal finally dissolved.

Foundation first gained global attention during the 2021 market surge, eventually facilitating over $230 million in primary sales. The platform served as a high-profile gallery for notable creators such as Jen Stark and James Jean. It also famously hosted the sale of Edward Snowden’s “Stay Free” NFT, which fetched approximately 2,200 Ether—valued at $5 million at the time—to benefit press freedom.

The list of closures has grown steadily over the last year especially within the NFT space. Nifty Gateway, which had the backing of the Gemini exchange, shut down in February.

Other former competitors have already disappeared or changed focus. MakersPlace shut down last year following a drop in collector activity, and X2Y2 chose to move away from the NFT space entirely.

The total market cap for NFTs has retreated to levels not seen since early 2021. Despite the shrinking number of active platforms, OpenSea continues to hold a commanding lead in the market. 

Data from DefiLlama indicates OpenSea currently handles more than 73% of all sector activity, though it faces ongoing competition from the trading-focused platform Blur. 

Flare’s FIP.16 plan would capture MEV at the base layer, slash FLR inflation to 3% and route new revenues through FIRE into buybacks and aggressive token burns.

Flare has tabled a sweeping governance proposal that would make it one of the first layer-1s to capture maximal extractable value (MEV) directly at the protocol level while cutting annual FLR inflation by 40% to 3%.

In its FIP.16 proposal, the Flare Foundation said the model is designed so that “network usage directly connects to token value,” with MEV and other fees routed into FLR buybacks and burns instead of going to external searchers and private builders.

Under the three-stage redesign, block building would first shift from individual validators to a designated builder run by the Flare Entity, then move into Flare Confidential Compute for public auditability, before finally merging builder and proposer roles and relegating existing validators to verification.

The proposal creates the Flare Income Reinvestment Entity (FIRE), which will “collect revenue from multiple protocol sources including attestation fees, FAsset and Smart Account fees, confidential compute fees and the captured MEV,” before using it to buy and burn FLR on the open market.

If approved, FIP.16 would immediately drop FLR inflation from 5% to 3% and lower the annual issuance cap from 5 billion to 3 billion tokens, a move Binance Square summarized as “a 40% decrease” in the network’s inflation rate.

Flare also plans a 20-fold jump in its base gas fee, from 60 gwei to 1,200 gwei, a change various analyses estimate would lift annual FLR burns from roughly 7.5 million tokens to about 300 million at current activity, even as a typical transaction “would cost a fraction of a cent.”

According to CoinDesk, the network is pitching protocol-level MEV capture as a way to claw back what it calls “a hidden tax on ordinary users” and recycle it into long-term token value instead of allowing front‑running and sandwich bots to hoard the upside.

Flare’s tokenomics overhaul lands as the network reports more than $160 million in total value locked, over 880,000 active addresses and around 150 million FXRP minted to bring smart contracts to XRP, with its initial FLR distribution having gone to XRP holders in 2023.

As of April 17, 2026, XRP is trading around $1.47, while FLR changes hands near $0.009, underscoring the smaller network’s bet that tighter inflation and protocol-owned MEV can help close the value gap with larger ecosystems anchored by assets like XRP.

In the broader market, the move echoes debates on Ethereum and other chains over whether MEV should remain the domain of specialized actors or be socialized via mechanisms such as protocol-owned builders and burn‑linked fee designs, a question Flare now wants token holders to settle in its upcoming FIP.16 vote.

Circle’s new USDC Bridge aims to turn cross‑chain transfers into a near‑invisible backend plumbing layer for on‑chain dollars, replacing fragmented bridges with a single bank‑style ledger experience operated end‑to‑end by Circle itself.

Circle has rolled out a native USDC Bridge that lets users burn USDC on a source chain and mint it natively on a destination chain, with all routing and gas management handled by Circle. In its materials on the Cross‑Chain Transfer Protocol, Circle says the system is designed to “enable USDC to flow natively 1:1 between blockchains—unifying liquidity and simplifying user experience,” explicitly eliminating third‑party bridge liquidity pools and wrapped tokens.

Built on top of CCTP’s burn‑and‑mint architecture, the new bridge effectively makes moving USDC between chains feel like shifting balances inside one ledger rather than hopping across multiple bridges and wrappers. A technical explainer of CCTP describes how “a sender deposits USDC for burn on the source network” before Circle’s attestation service authorizes minting the same amount on the destination chain, removing the smart‑contract risk that plagued earlier wrapped‑asset bridges.

Circle’s upgrade lands as stablecoins solidify their role as the de facto settlement rail of crypto and, increasingly, institutional finance. According to one industry analysis, stablecoins processed about $33 trillion of transactions in 2025, more than double Visa’s annual volume, with Circle’s USDC alone moving roughly $8.3 trillion in January 2026.

That flow sits on top of a growing technical footprint: separate data shows USDC and CCTP now support native USDC across 32 blockchains, with burn‑and‑mint transfers live on 21 networks. A recent post on cross‑chain settlements estimates “over $20 billion in monthly cross‑chain volume” now runs over USDC using CCTP, underscoring how much real money is already riding on Circle‑operated rails.

Circle has also started to consolidate those flows with infrastructure like Gateway and the Arc environment, which it describes as a way to “consolidate those crosschain flows into a unified USDC balance” and move from “multi‑chain balance reconciliation to deterministic, high‑speed settlement.” In parallel, projects like World Chain are upgrading millions of wallets from bridged to native USDC via CCTP, turning previously fragmented liquidity into fully reserved, directly redeemable digital dollars.

In earlier crypto.news coverage of Circle’s CCTP upgrade, the company highlighted that CCTP v2 cuts cross‑chain USDC settlement to seconds, positioning USDC not just as another stablecoin but as programmable settlement plumbing for everything from perpetual DEXs to consumer apps. As on‑chain stablecoin transaction velocity accelerates and demand for new issuance flattens, the game shifts from printing more tokens to owning the rails through which dollars actually move—and Circle’s USDC Bridge is a direct play for that choke point in the crypto economy.

France’s finance minister backs bank‑issued euro stablecoins and Qivalis’ 2026 launch, pivoting policy to keep Europe’s digital rails denominated in euros, not dollars.

France’s finance minister Roland Lescure has publicly called for more euro‑denominated stablecoins and urged European banks to move ahead with tokenized deposits, signaling a sharp policy pivot in Paris toward bank‑issued digital euros. Speaking at a crypto conference in Paris on April 17, Lescure said the current volume of euro‑pegged stablecoins versus dollar tokens is “not satisfactory” and warned that Europe cannot leave its digital payment rails to foreign currencies. His remarks come as the Qivalis alliance of 12 major European banks, including ING, UniCredit, BBVA and BNP Paribas, prepares a MiCA‑compliant euro stablecoin for launch in the second half of 2026.finance.

Lescure told attendees that “Europe need[s] more euro‑based stablecoins” and said he “strongly encourage[s] banks to further explore the launch of tokenised deposits,” framing the projects as tools to strengthen European digital sovereignty and reduce reliance on dollar‑pegged tokens. He explicitly endorsed the Qivalis initiative, saying “that is what we need and that is what we want,” in what is effectively a political green light for the consortium’s plans to issue a euro‑pegged stablecoin under the EU’s Markets in Crypto‑Assets, or MiCA, framework.

Qivalis, based in Amsterdam, is working toward regulatory approval from the Dutch central bank and aims to operate as an electronic money institution, with CEO Jan‑Oliver Sell calling a native euro stablecoin “a major turning point for digital commerce and financial innovation in Europe.” The group’s stated goal is to become the “interface between blockchain and the euro” and the default euro token across exchanges, custodians and DeFi platforms, a direct attempt to head off “digital dollarization” from dollar‑linked tokens like USDT and USDC.

Lescure’s comments also land against a tougher French line on non‑euro stablecoins, with the Bank of France recently calling for stricter limits on foreign stablecoin payments under MiCA to mitigate systemic risk. European regulators have warned that widespread use of non‑EU stablecoins inside the bloc could undermine monetary policy, pushing authorities to explore ways of tightening rules on large dollar‑based tokens even as they open the door to euro projects.

The broader European shift is already visible across the banking sector, with euro stablecoin projects moving from “education and risk‑understanding” into concrete launch preparations as MiCA’s unified regime reduces regulatory uncertainty. For France, backing Qivalis and euro stablecoins is an attempt to ensure that when on‑chain settlement volumes rival traditional card networks, it is the euro—rather than the dollar—that anchors European rails, in both payments and tokenized assets.

Related crypto.news coverage includes a recent story on how stablecoins are tipped to power global settlement, an explainer on what infrastructure companies use to add stablecoin payments, and a regional look at how firms like Stables and Mansa are stitching together Asia’s missing stablecoin rails.

Kraken parent Payward will buy Bitnomial for up to $550M, adding a full CFTC derivatives stack just as Deutsche Börse’s $200M stake backs its U.S. build‑out.

Payward Inc., the parent company of crypto exchange Kraken, has agreed to acquire Chicago‑based crypto derivatives venue Bitnomial in a deal worth up to $550 million in cash and stock, further accelerating its push into U.S. regulated futures and options. The companies expect the transaction to close in the first half of 2026, subject to customary regulatory approvals from the Commodity Futures Trading Commission (CFTC) and other U.S. authorities.

Bitnomial is the first crypto‑native operator to assemble the full CFTC derivatives stack, running a Designated Contract Market, a Derivatives Clearing Organization and a Futures Commission Merchant under one roof. According to Bitnomial’s own materials, its exchange and clearinghouse support “leveraged spot, perpetuals, futures, options, and prediction markets, all on one CFTC‑regulated exchange with crypto margin and settlement,” giving Payward an immediate onshore home for products that previously leaned on offshore venues.

Under the plan, Payward will plug Bitnomial’s trading and clearing infrastructure into Kraken, NinjaTrader and Payward Services, offering banks, brokerages and fintechs a single API into CFTC‑regulated crypto derivatives. Kraken has already been expanding in this direction; in a prior crypto.news story it acquired CFTC‑regulated Small Exchange for about $100 million to secure a DCM license, and later used that footprint to launch U.S. regulated derivatives tied to CME‑listed futures.

The Bitnomial deal lands just days after German exchange operator Deutsche Börse agreed to buy a 1.5% fully diluted stake in Payward for $200 million, in a transaction that values Kraken at roughly $13.3 billion. Deutsche Börse said the partnership is meant to “deepen” its role in regulated crypto, tokenized markets and derivatives, with a focus on “enhanced liquidity for institutional clients across geographies,” effectively giving Europe’s largest exchange group a front‑row seat in Kraken’s derivatives build‑out.

Regulators have also been preparing the ground for this shift. CFTC Commissioner Caroline Pham has pushed to bring leveraged spot crypto trading and perpetual‑style products onshore under full DCM and DCO oversight, arguing they can be offered safely if “brought into our markets under well‑defined rules and supervision.” In that context, Bitnomial’s December 2025 launch of the first‑ever leveraged retail spot crypto market under CFTC jurisdiction — which CEO Luke Hoersten called “a watershed moment for U.S. crypto markets” — looks like a dress rehearsal for the infrastructure Payward is now buying.

For institutional order flow, the battle increasingly turns on who controls the cleanest regulatory pipe: the combination of licenses, clearing and prime‑style services that let banks and asset managers trade crypto derivatives without touching offshore platforms. With Bitnomial’s stack and Deutsche Börse’s capital, Payward is positioning Kraken as a CME‑style hub for digital asset futures, options and leveraged spot inside the U.S., echoing its broader strategy to bridge tokenized assets, equities and derivatives through initiatives like its xStocks platform.

In addition, Kraken’s derivatives and market‑structure push includes stories on its U.S. derivatives rollout, the Small Exchange acquisition, and Deutsche Börse’s $200 million stake in Payward.