Crypto World
MiCA Rules Tighten Compliance Burden on European Small Crypto Firms
The European Union’s Markets in Crypto Assets Regulation (MiCA) transition period is entering its final stretch, placing significant pressure on smaller crypto firms to secure authorization or winding down regulated services for EU clients. The deadline hits July 1, marking the end of the longest grandfathering window and triggering a hard stop for non-compliant providers across the bloc.
Industry early movers, such as United Kingdom–based CoinJar, have publicly noted MiCA’s maturation dynamics: obtaining authorization in Ireland in 2025, they view the regime as a necessary step toward a compliant, investor-protective market. Yet voices from markets like Poland caution that thousands of virtual asset service providers (VASPs) could face a regulatory cliff as deadlines approach, foreshadowing a period of rapid consolidation and market reconfiguration in Europe.
Under MiCA, the July 1 deadline represents decisive enforcement for the most capital-intensive and governance-heavy requirements. The regime includes an 18-month grandfathering period, but the window is uneven across member states, and several national regimes have already tightened or closed their doors to non-authorized operators. For smaller entities and hybrid projects, the regime is perceived as a potential breaking point rather than a gradual ramp-up.
The costs associated with authorization, governance upgrades, and ongoing reporting are raising the barrier to entry at a time when MiCA leaves a narrow lane for narrowly defined, fully decentralized services outside its scope. In practice, this is shaping a market where compliance-first players gain a competitive edge, and noncompliant actors either partner with regulated entities or exit the EU market altogether.
Regulators emphasize that MiCA aims to balance innovation with investor protection through proportionate obligations, but the policy’s ultimate effect on Europe’s crypto ecosystem remains uncertain. A statement from European Union supervisory bodies indicates that the transitional rules were designed to support innovation while preserving fair competition and investor safeguards. The question remains whether MiCA will underpin Europe as a trusted crypto hub or push parts of the sector toward offshore or offshore-like jurisdictions.
Key takeaways
- The MiCA transitional regime culminates on July 1; providers operating without a MiCA license must stop serving EU clients, regardless of size.
- The longest grandfathering window is 18 months, but national implementations and enforcement timing vary, increasing compliance complexity for smaller operators.
- Authorization costs, governance upgrades, and ongoing reporting obligations are creating a higher barrier to entry, incentivizing consolidation among EU VASPs and hybrids.
- MiCA’s scope excludes only a narrow band of fully decentralized services, leaving many DeFi projects in a regulatory gray area and prompting firms to adjust architectures and access points.
- Industry leaders anticipate a shift toward larger exchanges, custodians, and regulated gateways, with potential relocation of activity to more permissive jurisdictions outside Europe for smaller teams.
MiCA transition: implications for EU VASPs and market structure
Polish founders and market participants emphasize that MiCA’s cost and organizational demands leave limited room for smaller players. When Ari10 secured a MiCA license in the Netherlands in February, its founder noted that among roughly 2,000 registered VASPs in Poland, only his group had obtained MiCA authorization to date. The implication is clear: many local firms may be compelled to close or relocate activities to jurisdictions with more favorable regulatory environments. This pattern aligns with industry observations from other markets where licensing barriers have previously driven consolidation and exit of smaller operators.
Industry voices argue that the MiCA framework effectively channels activity toward larger, more capable entities capable of meeting governance, reporting, and capital requirements. This dynamic mirrors historical licensing waves in other jurisdictions, where rigorous post-licensing compliance has favored established custodians and large exchanges. At the same time, proponents contend the regime promotes a healthier market by encouraging credible actors and reducing the prevalence of opaque, undercapitalized ventures.
For those operating at the fringe of the regulated perimeter—hybrid models, experimental projects, or on-chain protocols—MiCA tests new approaches: how to deliver access for EU users through regulated intermediaries while preserving decentralization’s core design. Altura, a DeFi platform cited by industry participants, is exploring structures that keep core functionality on-chain while routing regulated access through compliant exchanges, custodians, and wallets. The practical challenge is how to classify and treat DeFi architectures once upgraded or modified to meet MiCA’s requirements, particularly where there is not an obvious operator or where upgradeability could influence control over outcomes.
DeFi in the gray zone: interpretation and risk
MiCA’s Recital 22 provides an exemption for fully decentralized services, but real-world application remains contested. Analysts argue that many DeFi systems operate as hybrids, with governance, upgradeability, and potential operator influence shaping outcomes. As such, DeFi projects face a spectrum of regulatory risk: some structures might sit outside MiCA’s scope in theory, but practical governance and on-chain dependencies could invite scrutiny. The debate underscores a broader risk: ambiguity surrounding what constitutes “decentralized enough” to avoid MiCA’s reach.
Industry practitioners assert that the current framework creates uncertainty for innovative models that prioritize user sovereignty and on-chain logic. If the landscape remains ambiguous, there is a clear incentive to centralize certain functions through regulated intermediaries or relocate development activities to jurisdictions with more permissive interpretations of decentralization. In this context, the decentralization exemption is a critical but unsettled hinge of MiCA’s long-term impact on innovation within Europe’s crypto ecosystem.
Regulators and the centralization debate
EU supervisors frame MiCA as a measure designed to enable a cohesive, risk-aware market that still supports innovation. An ESMA spokesperson stressed that the framework aims to ensure fair competition and robust investor protection, with the transitional period structured to give existing providers time to comply. The regulator also highlighted that obligations scale with risk, so smaller participants are not expected to meet the same standards as systemically important players. In this view, MiCA’s architecture reduces regulatory arbitrage and promotes a uniform standard across cross-border activities.
However, not all regulators share the same pace or approach. Malta’s Financial Services Authority (MFSA), for example, has warned against rushing toward centralized supervision of major cross-border crypto activities before MiCA’s practical implementation has fully matured in smaller markets. Local knowledge and proportionate oversight are cited as essential to effective supervision, particularly where market dynamics and consumer protection needs differ from larger, more integrated economies. These tensions reflect a broader debate about how to balance central oversight with the realities of diverse member states and emerging products.
In evaluating MiCA’s trajectory, observers note a tension between the desire for a unified, passportable regulatory regime and the risk of over-centralization that could stifle innovation or push activities offshore. The debate also intersects with cross-border regulatory differences, licensing regimes, and the evolving stance of EU authorities toward stablecoins, banking integration, and compliant on-ramps and off-ramps for crypto services.
MiCA as a filter, not a threat: practical consequences for firms
Some industry participants frame MiCA not as an existential hurdle but as a filter that raises the bar for quality, resilience, and investor protection. The path to scale in Europe is now clearly tied to a compliant, scalable, and auditable operation across the EU single market. For established players, MiCA offers a clear passport to grow across member states; for smaller teams, the regime signals a need to partner with regulated entities or migrate to jurisdictions with lighter or differently structured regimes. In this sense, MiCA’s design may concentrate market power toward those with the resources to meet the standards, while compelling experimentation and activity to seek alternatives elsewhere if the regulatory cost becomes prohibitive.
As regulatory monitoring intensifies, market participants should watch how national authorities implement the transition, how DeFi classifications evolve, and how cross-border supervision will interact with local licenses. The evolving policy environment will influence licensing pipelines, partner ecosystems, and the geographic distribution of crypto activities across Europe and beyond.
Closing perspective
With the July 1 deadline approaching, MiCA’s transitional framework is rapidly shaping Europe’s crypto market structure. Regulators emphasize proportionate requirements and investor protection, but the practical outcomes—consolidation, relocation, and evolving DeFi classifications—remain dynamic. For policymakers, market participants, and observers, the next phase will reveal how well a centralized supervisory approach can coexist with innovation-led growth, and whether MiCA’s balance of risk and opportunity will sustain Europe as a credible, globally integrated crypto hub.
As noted in discussions surrounding the regime, ongoing observations of enforcement, licensing activity, and cross-border supervision will be critical to assess MiCA’s real-world impact. Authorities and firms alike will be watching how the final transition unfolds, including the interpretation of decentralization exemptions and the practical application of proportionate requirements to a diverse ecosystem of players.
Coinbase listed Tokenised GBP (tGBP) on April 22, making it the exchange’s first British pound-backed stablecoin available to users globally.
The tGBP stablecoin is issued by FCA-registered BCP Technologies and fully backed 1:1 by cash and short-term UK government bonds.
Why the tGBP Stablecoin Matters for the UK
The listing gives UK users a way to hold and transfer value in their local currency on the Coinbase exchange without converting to dollar-pegged stablecoins.
That removes foreign exchange friction for British traders and businesses.
Keith Grose, Coinbase’s UK lead, wrote that locally denominated stablecoins are essential for the country’s role in the on-chain economy.
Users can now buy, sell, convert, send, and receive tGBP through the Coinbase app and Coinbase Exchange.
The broader stablecoin market has grown past $320 billion in total capitalization.
In 2025 alone, stablecoins settled over $30 trillion in transactions, with usage largely uncorrelated to crypto price swings.
Industry Leaders Back the Move
Coinbase CEO Brian Armstrong endorsed the listing, calling stablecoins “the best form of money.”
Polygon Foundation CEO Sandeep Nailwal offered a broader warning about adoption timelines.
“Countries slow to adopt stablecoins will face the same problem as late internet adopters,” he wrote.
Nailwal noted that cross-border payments still cost 6% and take days, while stablecoins settle in seconds for fractions of a cent.
The UK’s regulatory framework for stablecoins remains in development, with full implementation expected by late 2026.
Whether tGBP gains meaningful traction may depend on how quickly the FCA finalizes those rules.
The post Coinbase Lists First GBP Stablecoin as UK Push Accelerates appeared first on BeInCrypto.
Crypto World
The $292 million Kelp DAO exploit shows why crypto bridges are still one of the industry’s weakest links
The $292 million exploit tied to KelpDAO is the latest in a long line of crypto bridge hacks, underscoring how the systems designed to connect blockchains have become some of the easiest ways to break them.
The incident involved KelpDAO’s use of LayerZero’s cross-chain messaging system, a type of infrastructure widely used to move data and assets between blockchains.
Bridges are meant to let users move assets from one blockchain to another, like from Ethereum to a different network. But instead of acting as seamless connectors, they have repeatedly turned into weak points, draining billions of dollars over the past few years.
So why does this keep happening?
Crypto ecosystem leaders say the answer is not just bad code or careless mistakes. The problem is more fundamental; it is in how bridges are built in the first place.
The core problem: trusting the middleman
To understand the issue, it helps to look at what a bridge actually does.
If you move tokens from one blockchain to another, the second chain needs proof that your tokens existed and were locked on the first one. In an ideal world, it would verify that itself. In reality, that is too expensive and complex.
“Most bridges don’t fully verify what happened on another chain,” said Ben Fisch, CEO of Espresso Systems. “Instead, they rely on a smaller system to report it. That [second] system becomes the thing you trust.”
So instead of independently checking the truth, bridges outsource it, often to small validator groups or external networks like LayerZero or Axelar. That shortcut creates risk. In the Kelp DAO-related exploit, attackers targeted the data feeding into the bridge.
“Attackers compromised nodes and fed the system a false version of reality,” Fisch said. “The bridge worked as designed. It just believed the wrong information.”
Bridge hacks often look different on the surface. Some involve stolen keys, others faulty smart contracts. But experts say those are symptoms of a deeper issue. The real problem lies in how the systems are designed.
“Anything that can go wrong will go wrong, and bridge hacks are a perfect example,” said Sergej Kunz, co-founder of 1inch. “You see code vulnerabilities, centralization issues, social engineering, even economic attacks. Usually it’s a mix.”
How bridges work
For users, bridges look simple. You click a button and move assets from one blockchain to another. Behind the scenes, the process is more complicated.
First, your tokens are locked on the original blockchain. Then a separate system confirms that the tokens are locked. This system usually consists of a small group of operators or validators. Those operators then send a message to the second blockchain saying the tokens were locked so new ones can be issued. If that message is accepted, the second chain creates a new version of your tokens. These are wrapped tokens, like rsETH or WBTC.
The problem is that this process depends on trusting whoever sends that message. If attackers compromise that system, they can send a false message and create tokens that were never backed on the original chain.
“The worst case is when the system isn’t really checking anything,” Fisch said. “It’s just trusting someone else’s version of events.”
When one failure spreads
Given how often bridges fail, why has the industry not fixed them?
Part of the answer comes down to incentives. “Security is often not the top priority,” Kunz said. “Teams focus on launching quickly, growing users and increasing total value locked.”
Building secure systems takes time and money. Many DeFi projects operate with limited resources, making it difficult to invest heavily in audits, monitoring and infrastructure.
At the same time, projects are racing to support more blockchains. Each new integration adds complexity. “Every new connection adds more assumptions,” Fisch said.
Bridge hacks rarely stay contained. Bridged assets are used across lending protocols, liquidity pools and yield strategies. If those assets are compromised, the damage spreads.
“Other platforms may treat a hacked asset as legitimate,” Kunz said. “That’s how contagion happens.” Users are rarely told how a bridge actually works or what could go wrong.
There are ways to make bridges safer. Fisch says one key step is removing single points of failure by relying on independent data sources rather than shared infrastructure.
In practice, these “data sources” are computers that watch blockchains and report what happened. They might be run by the bridge itself, by outside networks like LayerZero, or by infrastructure providers. But many rely on the same underlying services, meaning a single compromised source can feed bad data across multiple systems.
“If everyone is relying on the same source, you haven’t reduced risk,” he said. “You’ve just copied it.”
Other approaches include hardware protections and better monitoring to catch misconfigurations early. Some developers are also working on designs that verify data directly using cryptography instead of intermediaries.
Kunz believes a more fundamental shift is needed. “As long as we rely on validator-based bridges, these problems will continue,” he said.
Read more: North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit
Thailand’s Securities and Exchange Commission (SEC) is seeking public comment on proposed rule changes that would allow licensed digital asset businesses to apply directly for derivatives licenses, removing the requirement to establish separate entities.
The proposed revisions would build on earlier changes recognizing digital assets as eligible underlying assets for futures contracts, expanding the scope of Thailand’s derivatives market while introducing additional requirements to manage conflicts of interest and strengthen oversight.
The proposal could lower barriers for crypto companies to enter the derivatives market by allowing them to apply for licenses within existing entities, rather than establishing separate companies, while bringing those activities under tighter regulatory oversight.
The regulator said the changes are intended to provide investors with additional tools for hedging and portfolio management, as well as bringing standards for derivatives exchanges and clearing houses in line with international practices.
The proposed changes are open for public consultation until May 20, with feedback from industry participants expected to inform the final framework.
Related: Thailand proposes tighter scrutiny of funders behind crypto firms
Crypto derivatives expand as US moves toward approval
Thailand’s proposal comes as crypto derivatives expand globally and momentum builds toward regulatory approval in the United States.
On Tuesday, Blockchain.com introduced perpetual futures trading in its self-custody wallet, allowing users to open leveraged positions using Bitcoin (BTC) as collateral without transferring funds to an exchange. Underpinned by Hyperliquid, the feature offers access to more than 190 markets with as much as 40x leverage.
Other exchanges have taken a similar approach. Earlier this year, both Kraken and Coinbase launched perpetual futures tied to equities for non-US users as part of a broader push toward 24/7, multi-asset trading.
While most of these products remain largely unavailable in the United States, that could change soon. In March, Michael Selig said the Commodity Futures Trading Commission is working to enable crypto perpetual futures, adding the agency could move on the products “within the next month or so.”
In the meantime, exchanges appear to be positioning for potential approval. Last week, Kraken parent Payward agreed to acquire Bitnomial, a US-regulated derivatives venue, in a move aimed at expanding access to products including perpetual futures for US clients.
Magazine: How to fix insider trading on platforms like Polymarket and Kalshi
Circle’s Chief Economist Gordon Liao has proposed a major recalibration of Aave’s USD Coin (USDC) interest rate model. The proposal aims to restore Aave USDC liquidity on Ethereum after days of full utilization.
Circle CEO Jeremy Allaire endorsed the governance proposal on X, calling attention to Liao’s recommended parameter changes.
Why Aave USDC Liquidity Dried Up
USDC on Aave v3 Ethereum Core has been pinned at 99.87% utilization for four consecutive days. Available liquidity sits below $3 million, while total supply contracted by roughly $60 million in 24 hours.
The freeze traces back to the April 18 KelpDAO rsETH exploit, which triggered approximately $300 million in incremental borrowing.
Trapped suppliers began borrowing stablecoins against their own deposits to exit via decentralized exchanges.
These borrowers are structurally rate-insensitive, according to Liao’s analysis.
At 14%, one week of carry costs just 27 basis points. That makes the current rate ceiling insufficient to deter borrowing or attract new capital.
A Two-Step Rate Fix
Liao proposed a two-phase approach. The first step involves a same-day Risk Steward action to raise Slope 2 to 40% and lower optimal utilization to 87%. A full governance vote within five to seven days would then push the parameters to final targets.
At the proposed 50% Slope 2, the maximum supply rate would reach approximately 48%. Liao argued that level should pull capital from allocators across venues within hours, pushing utilization back below the kink.
Aave Working Toward Resolution
Meanwhile, Aave founder Stani Kulechov said the team is working around the clock on multiple paths forward. He noted the Arbitrum Security Council recovered $70 million in ETH, which could meaningfully reduce exposure.
“Every decision we are making is aimed at an orderly return to normal market conditions and the best possible outcome for everyone involved,” wrote Kulechov in a post.
The proposal now awaits input from LlamaRisk, Aave’s remaining risk service provider since Chaos Labs departed earlier this month.
Whether the interim parameters take effect depends on a Risk Steward multisig action.
Despite this news, AAVE token price is up by nearly 5% in the last 24 hours, and was trading for $95.21 as of this writing.
The post Circle Proposes Aave Rate Overhaul to Fix USDC Liquidity Crisis appeared first on BeInCrypto.
Admiral Samuel Paparo, commander of US Indo-Pacific Command, told the Senate Armed Services Committee that his command is running a Bitcoin (BTC) node and conducting operational tests with the protocol.
The April 21 testimony marked the first time a sitting US combatant commander publicly framed Bitcoin as a national security asset during congressional proceedings.
Bitcoin as a ‘Power Projection’ Tool
Responding to questions from Senator Tommy Tuberville (R-AL), Paparo described Bitcoin as “a peer-to-peer, zero-trust transfer of value” and said that anything supporting all instruments of national power “is to the good.”
He characterized the research as focused on computer science rather than monetary policy.
Proof-of-work, he said, “has got really important computer science applications for cybersecurity,” including protecting data and raising the real-world cost for adversaries conducting cyber operations.
“We have a node on the Bitcoin network right now. We’re doing a number of operational tests to secure and protect networks using the Bitcoin protocol,” he said.
The admiral offered to provide classified details on the tests if requested.
Follow us on X to get the latest news as it happens
Broader Strategic Context
Paparo’s remarks align with a growing US posture toward Bitcoin at the federal level. Legislators have advanced the BITCOIN Act and a Strategic Bitcoin Reserve through executive order.
Meanwhile, Major Jason Lowery’s “Softwar” thesis previously proposed proof-of-work as a form of cyber power projection.
Tuberville framed the exchange around competition with China, noting that Beijing’s top monetary think tank has published its own strategic Bitcoin research.
INDOPACOM oversees approximately 380,000 personnel across the Asia-Pacific theater, the primary front for US-China strategic competition.
No official follow-up from the Department of Defense has clarified the scope of the tests as of April 22.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights
The post US Military Runs Bitcoin Node for Cybersecurity Tests, Admiral Confirms appeared first on BeInCrypto.
Base’s Azul upgrade is currently live on testnet, with mainnet launch scheduled for mid-May.
Base, the Ethereum layer 2 network developed by Coinbase, announced Tuesday evening its first independently built network upgrade, dubbed Azul, targeting mainnet activation on May 13.
The upgrade marks a “major step” in Base’s push toward Stage 2 decentralization — the highest trust-minimization standard for Ethereum L2s, according to the Base Engineering Blog post announcing the upgrade.
The centerpiece of Azul is a multiproof system that combines two independent proof mechanisms — a trusted execution environment (TEE) prover and a zero-knowledge (ZK) prover — into a single security layer. Either can finalize a transaction on its own, but when both agree, withdrawals from Base to Ethereum settle in as little as a day, the post notes. This architecture satisfies a core Stage 2 requirement: the ability to detect and handle proof system failures entirely on-chain.
Base currently ranks as the second-largest L2 by total value secured, with $12.12 billion, per L2Beat data. Arbitrum One is ranked first with just over $16 billion.
The announcement comes amid growing pressure on L2s to mature their security models. Ethereum co-founder Vitalik Buterin has pushed for faster L2 withdrawal times to reduce reliance on third-party bridges, while also questioning whether the original L2 vision still holds as the space has evolved. Base’s multiproof design is explicitly modeled on Buterin’s L2 finalization roadmap, the Azul announcement notes.
Beyond security, Azul streamlines Base’s underlying client stack and aligns the network with Ethereum’s latest execution-layer specs. Base has also doubled down on stablecoins, global markets, and AI agents as its core growth bets, and faster, cheaper finality is foundational to all three.
Azul is live on testnet now, with a $250,000 bug bounty competition running through May 4.
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.
Aave TVL has dropped by $10B since the Kelp attackers used the protocol to borrow $190 million in WETH, depositing unbacked rsETH.
DeFi’s lending landscape is being reshuffled in real time as capital flees Aave in the wake of the Kelp bridge exploit, and a notable chunk of appears to be landing on SparkLend.
Spark’s stablecoin lending protocol SparkLend has seen over $1.4 billion in deposits flow into it in the past few days since the $290 million Kelp bridge exploit on Saturday, April 18, which has continued to rock DeFi since.
Total value locked on SparkLend surged from around $1.89 billion to $3.3 billion as of today, April 22, per DefiLlama data.
Meanwhile, Aave — now the second-largest protocol in DeFi by TLV, and where the Kelp hackers’ faked funds were deposited — has seen its TVL plunge by $10 billion over the same time frame, from above $26 billion to just over $16 billion today.
Per DefiLlama data, Morpho has seen the second-largest outflows in USD aftr Aave.
Active loans on SparkLend have climbed by roughly $500 million over the same period, suggesting the inflows aren’t just parked deposits but fresh borrowing demand.
The April 18 Kelp exploit saw the attacker deposit unbacked rsETH into Aave as collateral and borrowed about $190 million in real wrapped ETH (WETH) against it, leaving the protocol with between $124 million and $230 million in bad debt, depending on how Kelp ultimately allocates losses from the exploit.
Aave has partially unfrozen WETH markets and received indicative commitments from ecosystem participants to help cover shortfalls, as The Defiant reported yesterday.
In the latest Kelp-related update from Aave, the protocol’s founder and CEO Stani Kulechov wrote on X today, “every bit of my energy right now is focused on the outcome for Aave users and the protocol.”
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.
Welcome to our institutional newsletter, Crypto Long & Short. This week:
- Jennifer Rosenthal on the need to protect the people actually building DeFi infrastructure.
- Alexis Sirkia on how Ethereum’s L2 strategy is failing due to a fundamental design flaw.
- Top headlines institutions should pay attention to by Francisco Rodrigues.
- Aave’s Market Share Slides After rsETH Exploit in Chart of the Week.
Expert Insights
Protecting the people building DeFi infrastructure
By Jennifer Rosenthal, chief communications officer, DeFi Education Fund
There has been a consistent uptrend in traditional finance companies announcing DeFi-related initiatives, and it’s exciting that these companies embrace technology innovations that will serve as infrastructure for 21st century finance. There seems to also be a growing understanding that open-source, permissionless, programmable, noncustodial, globally accessible and interoperable technology presents major upgrades for certain parts of the financial system.
If you are new to decentralized finance (DeFi), intend to rely on DeFi or want to connect your customers to DeFi, we at the DeFi Education Fund, a nonpartisan, nonprofit organization, invite you to join us in helping to protect the technology and infrastructure that makes it valuable. There are some high-level policy objectives we believe worth defending:
- Protecting Software Developers and Infrastructure
- Preserving Self-Custody
- Advocating for Open Access and Interoperability
- Championing Permissionless Blockchain Infrastructure and DeFi Markets
- Supporting Clear Laws and Policies
For months, my team has participated in productive bipartisan, bicameral discussions with members of Congress. We have been impressed by how many Congressional leaders have engaged productively and in good faith to build legislation that reflects a fundamental understanding of neutral, decentralized technology. Software developer protections have come up as a topic of conversation in recent market structure and broader crypto policy discussions. Why? A majority of industry participants agree that if we’re going to use DeFi, we have to protect the people building it.
For example, on February 26, 2026, Representatives Scott Fitzgerald (R-WI), Ben Cline (R-VA) and Zoe Lofgren (D-CA) introduced the bipartisan Promoting Innovation in Blockchain Development Act of 2026 (PIBDA) to protect software developers — who write code but do not control other people’s money — from inappropriate misclassification under criminal code Section 1960. PIBDA clarifies that Section 1960 applies only to those that control customer assets and transmit funds on behalf of customers, aligning the statute with congressional intent and the Treasury Department’s long-standing regulatory interpretation.
In discussing the bill, Rep. Scott Fitzgerald (WI-05) said: “For years, innovators and software developers have been caught in the crosshairs of an aggressive regulatory approach that treats them like criminals. The Promoting Innovation in Blockchain Development Act draws a clear line between those who develop and deploy blockchain software and those who actually move or manage funds. It provides long-overdue legal clarity, protects innovation here at home and allows law enforcement to focus on genuine criminal activity rather than chilling American technological leadership.”
Like the early internet in the 1990s, blockchain technology is a novel innovation evolving faster than existing regulation. Engineers developing open, disintermediated systems do not neatly fit into financial regulations designed for a system that assumes the existence of intermediaries.
As more individuals and companies interact with decentralized infrastructure, our shared voice can play a constructive role in shaping thoughtful and durable policy outcomes. We should collectively support legislative and regulatory initiatives that foster clarity, reduce uncertainty and enable responsible participation across both centralized and decentralized markets.
Thank you for taking DeFi’s tools and technology seriously, and I hope you will join us in defending the policy principles that make building and using DeFi possible.
Principled Perspectives
Ethereum’s scaling problem was never about throughput
By Alexis Sirkia, chairman and co-founder, Yellow Network
Vitalik Buterin recently conceded that most Layer 2 networks are fragmenting Ethereum rather than scaling it. He’s right, but the diagnosis doesn’t go deep enough. The rollup model was never going to deliver a unified scale because it was designed around the wrong assumption: that Ethereum’s limitation was throughput, when the actual constraint was always how value moves between participants.
Rollups addressed congestion by creating parallel execution environments, each processing transactions independently and posting compressed proofs back to the base layer. On paper, that increases capacity. In practice, it produced dozens of isolated liquidity pools that can’t interact without routing assets through bridge infrastructure. The concentration is stark: Base and Arbitrum now capture 77% of all L2 decentralized finance (DeFi) total value locked (TVL), while usage across smaller rollups has declined 61% since June 2025. The long tail is collapsing, and the capital that remains is fragmenting further. Bridge infrastructure has bled $2.5 billion since 2021 for a simple reason: every time value moves between rollups, it passes through a custodial chokepoint. Attackers don’t need to break the chains on either side, they just need to compromise what sits in between.
The industry responded to each bridge exploit by building better bridges. That instinct, while logical at the time, was wrong. The vulnerability isn’t in the bridge implementation. It’s in the premise that value needs to pass through an intermediary at all. State channels eliminate that premise entirely by allowing participants to transact peer-to-peer off-chain, with the base layer serving as the enforcement mechanism rather than the transaction processor. Settlement touches the blockchain only once state-channel transacting finishes, and either party can invoke on-chain enforcement at any point if the counterparty misbehaves.
This isn’t an incremental improvement on the rollup model, but rather a rejection of the assumption that created the fragmentation in the first place. Where rollups multiply execution environments and then try to reconnect them, state channels keep participants connected from the start and only engage the base layer when finality is needed.
The CFTC is preparing to approve the first U.S. framework for perpetual futures, which will pull a meaningful share of $14 trillion in offshore derivatives volume into regulated venues. To put the scale of that shift in context, U.S.-regulated platforms currently handle just 1.6% of global crypto derivatives volume. The infrastructure that absorbs even a fraction of the remaining 98.4% needs to settle cross-chain, in real time, without passing through custodial chokepoints. Rollups, by design, are not candidates for the job.
The 21Shares prediction that most L2s won’t survive 2026 feels pessimistic, but the reason matters more than the timeline. Rollups failed to deliver a unified scale because they treated Ethereum’s constraint as a throughput problem. The market is starting to price in that the real constraint was always trust at the intermediary layer, and the infrastructure that eliminates that layer entirely is where capital and builders will migrate.
Headlines of the Week
This week’s headlines highlight that while the bridges between traditional finance and the crypto sector keep on growing, the devastation caused by smart contract exploits is hitting the market.
Chart of the Week
Aave’s Market Share Slides After rsETH Exploit
Aave’s TVL market share has dropped sharply from ~51.5% in February to ~39% today following the April 18 KelpDAO rsETH exploit, which froze rsETH markets and triggered deposit withdrawals. Active loan share proved stickier, falling only ~2% (54% to ~52%), as existing borrowers couldn’t easily unwind. The AAVE token is down ~50% from its January peak, pricing in both bad debt risk and the reputational cost of being DeFi lending’s largest venue when a collateral asset failed.
Listen. Read. Watch. Engage.
Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc., CoinDesk Indices or its owners and affiliates.
XRP is rallying steadily with 1.7% gain, and every holder still has the same bullish price prediction. A viral clip shared by crypto commentator John Squire on X is reigniting long-dormant conviction among holders. What he described as “game over” for latecomers may still be early innings.
Squire posted the video with a blunt caption: “If this f***ing XRP video doesn’t give you chills, you have no idea what’s coming.” He argued that once institutional utility demand fully activates XRP’s role in global payments, supply will tighten sharply, not through speculation, but through structural scarcity.
If this fucking $XRP video doesn’t give you chills, you have no idea what’s coming. — John Squire (@TheCryptoSquire) April 22, 2026
pic.twitter.com/oGkfghhVK0
Fewer holders are willing to sell. Fewer coins available at any price. The clip frames XRP as the backbone of the “internet of value,” with money moving across networks as freely as data does.
Ripple’s ecosystem is generating real catalysts to back that narrative. Ripple announced a four-phase quantum-resistance roadmap on April 20, targeting XRP Ledger upgrades by 2028 as the first major crypto asset to formally address institutional quantum threats.
Weekly fund inflows hit $119.6 million, and seven spot XRP ETFs await final SEC review ahead of Q2 2026 decisions. Will the price follows the narrative?
Discover: The best pre-launch token sales
XRP Price Prediction: $1.50 Needed
XRP’s current setup is a study in compressed tension. The asset has been consolidating in a $1.30–$1.45 range for too long, having pulled back sharply from a $3.65 peak last July. But the 24-hour trading volume of $2.6 billion reflects its demand.
For now, key support sits at $1.39–$1.41, with a deeper floor at $1.32–$1.35 if that breaks. Resistance clusters at $1.50 since forever.
“Rising volume during this pullback suggests dip buyers are active, not scared,” according to CaptainAltcoin’s April 20 analysis.
If the $1.39 support holds, with FOMC delivering dovish signals on April 28, and ETFs get the approvals, they will catalyze a breakout toward $1.50–$1.53 easy. But a break below $1.39 opens the path to $1.32. Broader market weakness, especially if FOMC disappoints, invalidates near-term bullish setups. Not just XRP, but most major coins.
Longer-term analyst targets remain significantly higher, but the short-term path runs through $1.50 resistance first.
Discover: The best crypto to diversify your portfolio with
Maxi Doge With Bigger Upside Potential as XRP Fights Resistance
XRP at $1.45 is a compelling hold, but with a $89 billion market cap and resistance capping near-term upside at $1.50, the asymmetric return window has narrowed considerably from where it stood at under a dollar.
That’s the trade-off with established assets: conviction is easy, multiples are hard. Early-cycle positioning in lower-cap assets is where outsized gains typically originate, which is what makes presale timing relevant to this conversation.
Maxi Doge ($MAXI) is positioning itself as the meme token built for the current market cycle’s trading culture with a 240-lb canine juggernaut embodying the 1000x leverage mindset.
The project runs on Ethereum with the chain currently experiencing a meme frenzy. Right now, Maxi is priced at $0.0002814, with $4.7 million raised in presale. Features include holder-only trading competitions with leaderboard rewards, a Maxi Fund treasury for liquidity and partnerships, and a huge 60% APY staking.
The presale has drawn notable attention as it approaches key fundraising milestones.
Check out the Maxi Doge Presale here.
The post XRP Price Prediction: Chilling XRP Video Reminding Us What’s Coming appeared first on Cryptonews.
Network News
KELP DAO EXPLOIT: A cross-chain bridge holding nearly a fifth of a restaked ether token’s circulating supply just got drained, and the fallout is moving through DeFi faster than Kelp DAO can pause contracts. An attacker drained 116,500 rsETH (restaked ether) from Kelp DAO’s LayerZero-powered bridge at 17:35 UTC over the weekend, worth roughly $292 million at current prices and representing about 18% of rsETH’s 630,000 token circulating supply tracked by CoinGecko. LayerZero is a cross-chain messaging layer, or the infrastructure that lets different blockchains send verified instructions to each other. Kelp DAO is a liquid restaking protocol, which takes user-deposited ETH, routes it through EigenLayer to earn additional yield on top of standard Ethereum staking rewards, and issues rsETH as a tradeable receipt. The bridge that was drained held the rsETH reserve backing wrapped versions of the token deployed on more than 20 other blockchains. The attacker tricked LayerZero’s cross-chain messaging layer into believing a valid instruction had arrived from another network, which triggered Kelp’s bridge to release 116,500 rsETH to an attacker-controlled address. Kelp’s emergency pauser multisig froze the protocol’s core contracts 46 minutes after the successful drain, at 18:21 UTC. Two follow-up attempts at 18:26 UTC and 18:28 UTC both reverted, each carrying the same LayerZero packet attempting another 40,000 rsETH drain worth roughly $100 million. — Shaurya Malwa Read more.
NORTH KOREA CRYPTO HEIST PLAYBOOK: Less than three weeks after North Korea-linked hackers used social engineering to hit crypto trading firm Drift, hackers tied to the nation appear to have pulled off another major exploit with Kelp. The attack on Kelp, a restaking protocol tied into LayerZero’s cross-chain infrastructure, suggests an evolution in how North Korea-linked hackers operate, not just looking for bugs or stolen credentials, but exploiting the basic assumptions built into decentralized systems. Taken together, the two incidents point to something more organized than a string of one-off hacks, as North Korea continues to escalate its efforts to hijack funds from the crypto sector. “This is not a series of incidents; it is a cadence,” said Alexander Urbelis, chief information security officer and general counsel at ENS Labs. “You cannot patch your way out of a procurement schedule.” More than $500 million was siphoned across the Drift and Kelp exploits in just over two weeks. At its core, the Kelp exploit did not involve breaking encryption or cracking keys. The system actually worked the way it was designed to. Rather, attackers manipulated the data feeding into the system and forced it to rely on those compromised inputs, causing it to approve transactions that never actually occurred. — Margaux Nijkerk Read more.
AAVE AFFECTED BY KELP DAO HACK: An attacker exploited that setup by forging a transfer message that appeared valid. The system approved the transfer even though the tokens were never taken out of the sending chain, meaning new tokens were effectively created without backing, releasing 116,500 rsETH from the Ethereum-side bridge. Rather than selling the assets on the open market, the attacker deposited 89,567 rsETH into Aave as collateral and borrowed roughly $190 million in ETH and related assets across Ethereum and Arbitrum, according to the report. This left Aave exposed to collateral whose backing may be significantly impaired. Aave Labs said it moved quickly to contain the risk. Within hours, the protocol froze rsETH markets across its deployments, set loan-to-value ratios to zero, and halted new borrowing against the asset. The outcome now depends largely on how Kelp handles the shortfall. If losses are spread across all rsETH holders, the token would face an estimated 15% depegging (meaning the value of the staked tokens would not match the value of actual ETH), resulting in about $124 million in bad debt for Aave. If losses are instead isolated to Layer 2 networks, the impact would be far more severe, with bad debt rising to roughly $230 million and concentrated on networks such as Arbitrum and Mantle.— Margaux Nijkerk Read more.
COINBASE COMMISSIONS PAPER ON QUANTUM COMPUTING RISKS: A new report commissioned by Coinbase sounds a cautious, but urgent, alarm: Quantum computing won’t break crypto tomorrow, but the industry can’t afford to wait. The 50-page paper, authored by an independent advisory board that includes prominent cryptographers and academics like Dan Boneh of Stanford University, Justin Drake of the Ethereum Foundation and Sreeram Kannan of Eigen Labs, concludes that while today’s blockchains remain secure, a future “fault-tolerant quantum computer” capable of breaking widely used encryption is increasingly plausible, and preparation must begin now. In recent months, concerns around quantum risk have moved further into the mainstream. Google researchers have published estimates suggesting that a sufficiently advanced quantum computer could one day break Bitcoin’s cryptography. Major crypto ecosystems have already started mapping out their responses. The Ethereum Foundation has proposed new types of digital signatures that are designed to be safe against quantum computers, while Solana and others are experimenting with quantum-resistant wallet designs. The report stresses that current quantum machines are far from powerful enough to crack the cryptography underpinning Bitcoin, Ethereum and other networks. Breaking standard encryption would require vast computational overhead, a milestone still considered a major engineering challenge. — Margaux Nijkerk Read more.
In Other News
- A chunk of the Kelp DAO haul is no longer going anywhere. Arbitrum’s Security Council froze 30,766 ETH worth roughly $71 million on Monday night, moving funds linked to Saturday’s $292 million rsETH exploit into an intermediary wallet that can only be accessed through further Arbitrum governance action. The council said it acted on law enforcement’s input regarding the exploiter’s identity and executed the freeze “without impacting any Arbitrum users or applications.” The transfer completed at 11:26 p.m. ET on April 20, according to Arbitrum’s statement on X. The stolen funds are no longer under the control of the address that originally held them. — Shaurya Malwa Read more.
- A Polymarket contract on whether Kelp DAO will spread the losses from the weekend’s $292 million exploit beyond those directly affected is pointing to a clear answer: probably not. Bettors are giving a 14% chance that Kelp will “socialize the losses,” or implement a mechanism forcing rsETH holders on Ethereum, which wasn’t hit, to share the pain of users on other chains. The attackers drained roughly 116,500 rsETH from a LayerZero-powered bridge that held the reserves backing the token across more than 20 blockchains. That left parts of the system undercollateralized, with some holders effectively owning tokens no longer fully backed by ether (ETH). “Socializing the losses” would mean Kelp redistributes the shortfall across all rsETH holders, including those on the Ethereum mainnet, rather than leaving losses concentrated among users and protocols tied to the compromised bridge. The most widely cited precedent of this approach came in 2016, when Bitfinex imposed losses on all users after a $60 million hack, effectively mutualizing the hit to avoid shutting down. — Sam Reynolds Read more.
Regulatory and Policy
- April appears to be a lost cause for the crypto Clarity Act, but a U.S. Senate committee hearing sometime in May could keep the critical market structure legislation alive, as long as it can reach a final vote of the overall Senate by July, according to lobbyists and a lawmaker aide focusing on the market structure bill’s sluggish progress. The legislative calendar is running out of room for this year, but a Senate aide told CoinDesk that a potential new delay of a couple of weeks — allowing Republican Senator Thom Tillis to finish discussions with bankers over stablecoin-yield concerns — is not yet pushing this work past the point of no return. The aide also said that earlier negotiations over decentralized finance (DeFi) protections are effectively settled, leaving few other impediments in the way of a committee approval.One of the chief problems the crypto industry faces (if it can leap the stubborn hurdle of the banking sector’s objections about stablecoin rewards) is that the Senate Banking Committee hearing that the bill needs to clear would be only a first step of many. — Jesse Hamilton Read more.
- Tron creator Justin Sun sued World Liberty Financial, the stablecoin and crypto firm backed by members of U.S. President Donald Trump’s family, on Tuesday, alleging that the project had unfairly locked up his $WLFI holdings, made fraudulent misrepresentations, and threatened and defamed Sun. The lawsuit filed, which includes a line about Sun’s support for Trump himself, alleged that World Liberty’s leadership had engaged “in an illegal scheme to seize property” in the form of Sun’s tokens, which Sun alleged he had purchased after being solicited by the World Liberty team in 2024. “At that pivotal time for World Liberty, Mr. Sun invested $45 million to purchase $WLFI tokens from World Liberty not only because of the project’s claims that it would promote adoption of decentralized finance — an issue Mr. Sun cares deeply about and to which he has devoted much of his life’s work — but also because of the Trump family’s association with the project,” the suit said.— Nikhilesh De & Sam Reynolds Read more.
Calendar
- May 5-7, 2026: Consensus, Miami
- June 2-3, 2026: Proof of Talk, Paris
- June 8-10, 2026: ETHConf, New York
- Sept. 29-Oct.1, 2026: Korea Blockchain Week, Seoul
- Oct. 7-8, 2026: Token2049, Singapore
- Nov. 3-6, 2026: Devcon, Mumbai
- Nov. 15-17, 2026: Solana Breakpoint, London
GameStop Shares Surge 4.7% to $25.61 as Meme Stock Momentum Returns Amid Ryan Cohen Transformation Bets
Coinbase Lists First GBP Stablecoin as UK Push Accelerates
‘Iran is still a nuclear threat’
Manchester United reach agreement with Casemiro over contract clause amid transfer speculation
Steven Gerrard disagrees with Gary Neville over ‘shock’ Chelsea and Arsenal claim | Football
US brings back mandatory military draft registration
-
Fashion5 days agoWeekend Open Thread: Theodora Dress
-
Sports5 days agoNWFL Suspends Two Players Over Post-Match Clash in Ado-Ekiti
-
Politics5 days agoPalestine barred from entering Canada for FIFA Congress
-
Entertainment3 days ago
NBA Analyst Charles Barkley Chimes in on Ice Spice McDonald’s Fiasco
-
Business3 days agoPowerball Result April 18, 2026: No Jackpot Winner in Powerball Draw: $75 Million Rolls Over
-
Tech4 days agoAuto Enthusiast Scores Running Tesla Model 3 for Two Grand and Turns It Into Bare-Bones Go-Kart
-
Politics3 days agoZack Polanski demands ‘council homes not luxury flats for foreign investors’
-
Crypto World5 days agoRussia Pushes Bill to Criminalize Unregistered Crypto Services
-
Politics2 days agoGary Stevenson delivers timely reminder to register to vote as deadline TODAY
-
Tech7 days ago‘Avatar: Aang, The Last Airbender’ Leaked Online. Some Fans Say Paramount Deserves the Fallout
-
Business6 days agoCreo Medical agree sale of its manufacturing operation
-
Business10 hours agoRolls-Royce Voted UK’s Most Iconic Trade Mark as IPO Register Hits 150
-
Crypto World5 days agoRussia Introduces Bill To Criminalize Unregistered Crypto Services
-
Crypto World4 days agoKelp DAO rsETH Bridge Hack Drains $292M as DeFi Losses Top $600M in Two Weeks
-
Sports7 days agoBritish climbers complete new route in Swiss Alps
-
Tech7 days agoFord EV and tech chief leaving automaker
-
Sports7 days ago“Felt Much Better Today”: Josh Hazlewood Opens Up On His Recovery Win Over LSG
-
Business6 days agoCheaper Doritos and Lays helps PepsiCo win back struggling snackers
-
Entertainment6 days agoClavicular Says Streaming May Not Work Without Substances
-
Crypto World22 hours agoNew York sues Coinbase, Gemini over prediction market offerings
You must be logged in to post a comment Login