Crypto risk management and infrastructure provider Chaos Labs said its Chaos Oracle Network, which provides data feeds to blockchain applications, was not compromised after a hacking attempt over the weekend by a potential “nation-state.”

Chaos Labs founder Omer Goldberg said in an X post Thursday that the company identified an attack over the weekend, possibly by a “nation state,” and immediately moved to a full lockdown. 

“The surface area was strictly contained to operational wallets we use for routine onchain operations. At no point was the Chaos Oracle Network breached or compromised.”

“Chaos Oracles run in a fully isolated environment with nodes distributed globally, protected by layered security and cryptographic controls,” Goldberg said.

“The authorities and cyber professionals working with us have characterized the activity as consistent with nation-state attacks,” he added. “The investigation continues, and we will share more as it allows.”

State-backed hacker groups, particularly those from North Korea, have been seen as a persistent threat to the crypto space.

North Korea-affiliated actors have been accused of stealing at least $578 million across several major incidents in April and have been linked to many of the industry’s largest hacks. North Korea recently rejected claims linking it to global cybercrime, calling the allegations unfounded.

Goldberg said that Chaos Labs has rotated all keys since the attempted attack and said there hasn’t been any further suspicious activity. 

Source: Omer Goldberg

Recent industry exploits prompted “highest severity” response

The April Kelp DAO hack has been one of the year’s largest security incidents, causing broader ecosystem contagion and impacting the interconnected crypto lending market.

Drift Protocol, a decentralized cryptocurrency exchange, and at least a dozen other crypto entities were hacked in the same month. 

Goldberg said against the backdrop of recent exploits, Chaos Labs triggered its “highest-severity incident response” after detecting the attempted hack.

“We allocate a substantial share of our operating budget to cyber defense, alerting, and detection,” he added.

Several crypto firms shift to Chainlink

Borrowing platform Tydro said it is migrating to the Chainlink oracle platform following the attack on Chaos Labs, adding to the list of crypto firms that have switched providers in recent weeks.

Related: Chaos Labs taps out as Aave’s risk provider, decision ‘not made in haste’

DeFi protocol Kelp DAO is migrating its restaking token rsETH to the Chainlink oracle platform following the April exploit. It continues to blame the attack on LayerZero’s cross-chain infrastructure, which LayerZero has disputed. 

Decentralized finance platform Solv Protocol has also flagged plans to migrate its cross-chain infrastructure from LayerZero to Chainlink in “light of recent industry events.”

Magazine: Guide to the top and emerging global crypto hubs — Mid-2026 

Coinbase shares fell after the U.S. crypto exchange posted a $394.1 million net loss for Q1 2026. 

The result marked its second straight quarterly loss and reversed a $65.6 million profit from the same period last year.

Google Finance showed COIN closing at $192.96, down 2.53%, before falling another 4.70% to $183.90 after hours. The move followed a revenue miss and a wider loss than analysts expected. The stock has also traded lower in 2026.

Trading slowdown hits revenue

Coinbase reported total revenue of $1.41 billion, down from $2.03 billion a year earlier. Its 10-Q showed transaction revenue fell to $755.8 million from $1.26 billion, while subscription and services revenue fell to $583.5 million from $674.6 million.

The company linked the weaker trading backdrop to softer market conditions. CFO Alesia Haas said “Macro conditions were genuinely tough,” adding that total crypto market cap and total crypto trading volume both fell more than 20% quarter over quarter.

Additionally, trading volume dropped to $202 billion from $401 billion a year earlier. Coinbase said the decline came as global crypto spot trading volume fell 44% during the period, leaving the exchange more exposed to lower user activity.

Consumer transaction revenue fell 48% to $566.9 million. Institutional transaction revenue rose 37% to $135.7 million, helped by derivatives trading and the Deribit acquisition. However, that growth did not offset the broader decline in spot-related revenue. Bitcoin accounted for 40% of spot transaction revenue in Q1.

Coinbase leans on wider products

Coinbase used the update to point investors toward products beyond spot trading. Its release said crypto trading volume market share reached 8.6%, while retail derivatives annualized revenue topped $200 million. It also said prediction markets reached more than $100 million in annualized revenue in March.

Chief executive Brian Armstrong said the company saw growth in derivatives, USDC, and Base activity. The message matched his wider plan to make Coinbase a broader venue for crypto, tokenized assets, derivatives, and event contracts.

Related crypto.news coverage said Coinbase had already framed its Q4 loss around a wider push into derivatives, stablecoins, and new markets. Crypto.news also reported on Coinbase’s prediction markets strategy, calling it part of an “everything exchange” plan.

Another related crypto.news update covered Agentic.market, where AI agents use USDC through x402 payments. For investors, the Q1 report showed two different stories. Trading revenue fell sharply, but Coinbase kept building products that may reduce its exposure to spot market cycles. 

The near-term pressure remains clear, while the wider strategy now faces a harder test in a weaker crypto market and tougher investor mood after two straight quarterly losses and a sharp share-price reaction.

• Bitcoin retreated amid clashes in the Strait of Hormuz and rising oil prices.
• Analysts argue that a limited appetite for full‑scale escalation caps downside risk.
• Bulls aim for a rebound toward $82,000, but bears could target a breakdown below $78,000.

Bitcoin dropped to around $79,200 in early trading on Friday as fresh military skirmishes in the Strait of Hormuz rattled global risk assets.

The crypto bellwether was witnessing a sharp intraday pullback after a brief run above $80,000, with the latest price swing highlighting prevailing weakness amid potential geopolitical shocks.

However, despite this outlook, is a classic “bear trap” in play?

Iran ceasefire cracks dent Bitcoin momentum

Bitcoin rallied above $82,500 on Monday, igniting further bullish sentiment across the broader cryptocurrency market.

However, BTC has reversed as selling pressure resurfaced, dropping to support near $79,200.

The downturn coincides with fresh clashes in the Strait of Hormuz after Iran accused the United States of striking an oil tanker, prompting retaliatory strikes by the Islamic Revolutionary Guard Corps (IRGC) against US warships.

The US says it responded with counterstrikes.

Energy markets reacted swiftly, with Brent crude pushing back above $100 per barrel as local skirmishes reignited fears of supply disruption in the world’s key oil chokepoint.

According to SosoValue, the flare‑up has injected fresh anxiety into the so‑called “14‑point deal” narrative, a diplomatic framework aimed at stabilizing the region.

However, the platform notes that President Donald Trump’s insistence that the ceasefire remains in place, and Washington’s framing of its actions as “self‑defense,” point to a lack of appetite for full‑scale escalation.

“If both sides publicly signal restraint, the damage to global risk appetite remains localized,” SosoValue observed on X.

Bitcoin price forecast: a bear trap or deeper retreat?

According to analysts, a scenario that sees the current macro fallout contained could set the stage for a bullish reversal.

Santiment has noted a wave of profit‑driven holder capitulation in recent days, which it says hints at a potential sharp rebound amid thinning liquidity.

“Capitulation is one of the key ingredients to the beginning of bull runs, and wallets can drop out during both a price fall (out of fear of losing more) or on a price rise (expecting prices to not go any higher),” the firm posted.

Meanwhile, veteran market technician John Bollinger recently flagged Bitcoin’s trend model as flipping positive. BTC has retreated from the upper Bollinger Bands line, but the BBTrend indicator remains bullish.

This suggests a short‑squeeze could materialize if prices hold support levels.

Bulls will also need to reclaim upward momentum on strong volume, largely helped by limited escalation in the Gulf, contained oil‑price spikes, and the crypto‑friendly CLARITY Act.

Key resistance levels could be around $85,000-$90,000. However, if downside risks continue, bears could eye a deeper correction toward the $60,000 support zone.

Bitcoin hovered around $79,615 on Friday morning.

Chaos Labs, a crypto risk management and infrastructure provider, says its Chaos Oracle Network—used to feed data to blockchain applications—emerged from a weekend hacking attempt without a breach. Founder Omer Goldberg disclosed that the incident was detected promptly and that the surface area was confined to operational wallets used for routine on-chain operations. He emphasized that the Chaos Oracle Network remained secure, operating in a fully isolated environment with globally distributed nodes protected by layered security and cryptographic controls.

In a Thursday X post, Goldberg said authorities and cyber professionals view the activity as consistent with nation-state attacks, though the investigation is ongoing and updates will be shared as allowed. He also noted that Chaos Labs rotated all keys in response and has not observed any further suspicious activity since the initial incident.

While the claim of a possible nation-state attribution remains contested within broader cyber security discourse, the event occurs against a backdrop of heightened concerns over the security of cross-chain infrastructure and oracle providers. North Korea-linked actors have been linked to several large-scale exploits in recent months, though Pyongyang has denied involvement in global cybercrime. The April incident landscape, including the high-profile Kelp DAO breach, has intensified scrutiny on the sector’s risk controls and incident response protocols.

Goldberg stressed that Chaos Labs’ incident response was decisive and proportionate, stating that the company has rotated keys and that there has been no recurrence of suspicious activity. He added that the organization remains committed to robust cyber defense, noteing that a substantial portion of operating budgets is devoted to alerting, detection, and defense in an increasingly hostile threat environment.

Key takeaways

• The Chaos Oracle Network was not breached; the surface area was limited to routine operational wallets, with keys rotated and no subsequent suspicious activity detected.
• The incident prompted a full lockdown and a “highest-severity” incident response, underscoring the sector’s emphasis on rapid containment and cyber resilience.
• Authorities have described the activity as potentially consistent with nation-state tactics, though investigations continue and attribution remains under review.
• Across the industry, firms are reassessing oracle security and moving toward more trusted infrastructure, highlighted by a wave of migrations to Chainlink.

Chaos Labs’ response and the evolving oracle security landscape

Chaos Labs framed the weekend event as a test of the resilience of its data feeds and risk-management stack. Goldberg’s account of the incident centers on containment and rapid isolation: the compromised surface was confined to operational wallets used for routine on-chain operations, and the Chaos Oracle Network itself remained untouched. The firm rotated all keys in response, and Goldberg said there has been no follow-on anomalous activity since the initial response.

The company also highlighted the defensive posture underpinning its operations. “Chaos Oracles run in a fully isolated environment with nodes distributed globally, protected by layered security and cryptographic controls,” Goldberg wrote. The emphasis on segmentation and cryptographic safeguards reflects a broader industry push to harden critical infrastructure as the DeFi ecosystem expands and becomes more interconnected with cross-chain services.

In the broader context, security incidents in 2024 have driven heightened vigilance across the space. The April Kelp DAO breach, which coincided with a string of other exploits, sent waves through DeFi and highlighted the fragility of cross-chain and oracle architectures. Such events have intensified the debate about where trust should reside in any data feed—from the providers that curate data to the networks that transport and verify it across chains.

Despite the fog of attribution, the incident has already contributed to a shift in how protocols evaluate oracles and cross-chain infrastructure. The attack environment has reinforced the view among developers and investors that a multi-sourced, heavily audited oracle framework can act as a critical line of defense against cascading risks in DeFi and beyond.

Chainlink migration wave and what it signals for the sector

The Chaos Labs event has added momentum to a broader migration trend toward Chainlink’s oracle platform. Several projects have signaled or initiated moves to Chainlink in response to security concerns around other providers’ infrastructures. Notably, Tydro, a borrowing platform, announced plans to migrate to Chainlink after the Chaos Labs incident, joining a growing cohort of projects seeking more trusted oracle security amid a period of industry-wide scrutiny.

In related moves, Kelp DAO has migrated its restaking token rsETH to the Chainlink Oracle platform, continuing to fault LayerZero’s cross-chain infrastructure in connection with the April exploits. LayerZero has disputed the attribution, but the migration underscores a preference for proven, auditable cross-chain connectivity in a volatile security environment. Separately, Solv Protocol has publicly flagged plans to migrate its cross-chain infrastructure from LayerZero to Chainlink, citing recent industry events as a driver for re-evaluating security and reliability in interoperability.

Taken together, the shifts point to a broader industry emphasis on oracle reliability and secure cross-chain messaging as the backbone of DeFi’s ongoing growth. Chainlink’s established track record in providing decentralized, tamper-resistant data feeds appears to be a factor driving these migrations, even as other players continue to innovate and compete in the space. The exact timelines for these migrations vary by project, but the trend is clear: builders are prioritizing security posture and resilience in the face of an increasingly sophisticated threat landscape.

For investors and developers alike, the episode reinforces a core takeaway: the infrastructure that underpins DeFi—especially data feeds and cross-chain messaging—has become a strategic battleground. While attribution remains a puzzle in many high-profile exploits, the practical impact is tangible: protocols are increasingly choosing platforms with transparent security practices, verifiable audits, and robust incident response protocols as a core element of their risk management strategy.

North Korean-linked actors have been repeatedly associated with major crypto hacks, and the sector continues to monitor whether these patterns will intensify or shift as security practices improve. The opposing narrative—denials from the North Korean side—highlights the ongoing geopolitical tension surrounding cybercrime and the crypto industry. As investigators continue to piece together recent incidents, the market will likely watch how oracle providers differentiate themselves on security and reliability in the months ahead.

With Chaos Labs’ investigation still in progress, the industry will be watching how quickly and transparently new details emerge, and whether additional firms will accelerate their migrations to Chainlink or other trusted infrastructures. The evolving story underscores a broader shift toward stronger, more auditable cross-chain connectivity in a space that increasingly depends on dependable data feeds to sustain growth and user trust.

Source: Omer Goldberg, Chaos Labs (via X post); ongoing industry reporting surrounding the Kelp DAO and other exploits. For additional context on related incidents and reactions across the sector, see ongoing industry reports and coverage from Crypto outlets.

Key Takeaways

• ETH declined approximately 3%, currently trading between $2,280–$2,293
• Large holders transferred more than 63,000 ETH to Binance, signaling potential selloff
• Whale accumulation decreased 21.5% from October 2025 highs
• Open interest reached 14.85M ETH amid rapid short position expansion
• Market analyst Ted Pillows highlights insufficient spot demand weighing on ETH

Ethereum has experienced a nearly 3% decline over the last 24 hours, with current prices hovering around $2,280 as of this report. This downturn coincides with significant movements by major holders transferring their assets to trading platforms, typically signaling impending liquidation.

Blockchain analytics platform Lookonchain identified that an address associated with cryptocurrency asset manager Metalpha transferred 27,000 ETH, valued at approximately $62.78 million, to Binance. Another significant holder executed a separate transaction, moving 14,062 ETH worth $32.82 million to the identical platform during the same period.

These transactions came after Bitcoin veteran Garrett Jin deposited a massive 166,000 ETH to Binance on Wednesday, representing roughly $396 million in value. This series of substantial transfers has heightened market anxiety regarding additional downward price pressure.

Crypto analyst Ali Martinez highlighted an extended trend in large holder activity. Addresses containing between 1,000 and 10,000 ETH accumulated from 12.95 million coins in April 2025, reaching a maximum of 15.95 million by October 6, 2025. However, these holdings have since contracted to approximately 12.52 million ETH — representing a 21.5% reduction.

According to Martinez, Ethereum requires a “fresh wave of institutional or retail demand” to breach the $3,000 threshold.

Bearish Sentiment Dominates Derivatives Markets

Futures market indicators are revealing a distinctly pessimistic outlook. Open interest has surged to 14.85 million ETH — the highest level recorded since July of last year — despite concurrent price declines. This pattern, combined with negative funding rates, indicates an accelerating accumulation of bearish positions.

The 30-day moving average of Ethereum’s Net Taker Volume is approaching negative territory, suggesting that bearish traders are increasingly controlling futures market activity. Additionally, ETH saw $96.3 million in forced liquidations during the past day, with $89.1 million stemming from bullish positions.

Market analyst Ted Pillows shared his perspective on X, stating: “$ETH tried to hold above the $2,400 level again but failed. Spot demand is very weak, which is pushing Ethereum lower. Until that changes, ETH will continue to underperform the market.”

Critical Support and Resistance Zones

Technically, Ethereum maintains a position above its 50-day EMA at $2,262 but faces resistance from the 100-day EMA at $2,349. The Relative Strength Index hovers just beneath 50, while the Stochastic Oscillator trends downward toward 30.

Should ETH breach the $2,262 support level, additional downside targets emerge at $2,211, followed by $2,107. On the bullish side, clearing $2,388 would be necessary to challenge the $2,746 resistance zone.

The $2,300–$2,500 corridor has functioned as a distribution area throughout the past month, with smaller investors liquidating approximately 1.5 million ETH during the previous two weeks.

Michael Saylor says Strategy is “converting digital capital Bitcoin into digital credit (STRC) and digital equity (MSTR),” pitching a three‑layer capital stack with BTC as reserve asset, STRC as yield‑focused credit, and MSTR as the levered equity layer.

Michael Saylor, founder and executive chairman of Bitcoin treasury company Strategy, said on X that the firm is “converting digital capital Bitcoin into digital credit (STRC) and digital equity (MSTR),” underscoring what he called a Bitcoin-centric capital market architecture. The post reiterates a theme Saylor has been pushing since his Bitcoin 2026 keynote, where he framed Bitcoin as “engineered capital,” STRC as a digital credit instrument built on that capital, and MSTR as the equity layer that absorbs the residual upside and volatility.

Bitcoin as capital, STRC as credit, MSTR as equity

At the Bitcoin 2026 conference, Saylor detailed Strategy’s three-layer model, with Bitcoin as layer-one digital capital, STRC as layer-two digital credit, and a range of yield and money products at layer three. “Digital credit is a killer application of digital capital. Every dollar that flows into digital credit will flow into digital capital,” he said, describing STRC as the credit layer built directly on top of Strategy’s BTC reserves.

STRC (ticker STRC), nicknamed “Stretch,” is Strategy’s variable-rate perpetual preferred stock backed by the company’s Bitcoin holdings and designed to trade near a $100 par value, according to the digital credit dashboard. Strategy manages STRC’s price stability by adjusting its monthly dividend rate and using an at-the-market (ATM) issuance program to sell new shares when they trade at or above $100, raising cash to buy more BTC and expand its reserve. In an April update, Saylor said STRC had reached $8.5 billion in assets under management in roughly nine months, making it “the world’s largest preferred stock” and targeting what he described as a $3.5 trillion private credit market.

In that same presentation, Saylor argued traditional private credit is “illiquid, opaque, discrete, and burdened with fees,” while “digital credit” such as STRC is “liquid, transparent, homogeneous, scalable, accessible, and carries no fee,” positioning the product as a structural fix to what he sees as misaligned incentives in legacy markets. KuCoin’s summary of the Bitcoin 2026 talk noted that STRC’s design channels Bitcoin’s capital returns into monthly income, with an 11% yield based on BTC’s 38% annualized return and a 5:1 collateral ratio intended to protect principal even if Bitcoin falls by 80%.

On the equity side, MSTR — Strategy’s common stock — functions as what Saylor calls “digital equity,” a leveraged claim on the firm’s expanding BTC treasury that captures the excess return from Bitcoin after servicing STRC’s coupon. A BitcoinTreasuries profile notes that Strategy now holds more than 800,000 BTC, and a recent digital credit overview frames MSTR as the equity layer sitting above STRC and other Bitcoin-backed preferreds. Yahoo Finance, in a separate report, estimated that roughly 85% of a recent $2.5 billion BTC purchase by Strategy was funded through STRC issuance, illustrating how the preferred stock has become the engine for scaling the company’s Bitcoin balance sheet.

The U.S. Department of the Treasury reportedly sent Binance a private letter pressing the exchange on compliance with its 2023 settlement duties. 

The request followed fresh claims that Iran-linked entities moved large sums through the platform. Bloomberg reported that Treasury sought employee interviews and records tied to possible sanctions violations. 

The Information also reported that Treasury demanded Binance comply with the monitoring program imposed after its 2023 deal with U.S. authorities. That agreement followed anti-money laundering and sanctions cases that ended with large penalties and long-term oversight. 

Binance says it is cooperating

Binance said it remains engaged with the monitor and U.S. agencies. The exchange said, “We welcome constructive feedback from the Treasury” and added that it is giving the monitor “full cooperation and transparency.” 

The comments came after lawmakers raised questions about whether Binance had met the terms of its settlement. A February Senate letter asked Treasury and the DOJ to review Binance’s sanctions controls after reports tied the exchange to Iran-linked activity. 

Additionally, Treasury’s 2023 settlement required Binance to pay billions in penalties and accept monitoring. FinCEN said its order imposed a five-year monitorship and required Binance to complete major compliance changes, including a full exit from the U.S. market. 

The Treasury said the settlement gave officials access to Binance books, records, and systems for five years through a monitor. It also warned that failure to meet the obligations could expose Binance to more penalties, including a suspended $150 million penalty. 

Iran-linked crypto claims widen the story

Related crypto.news coverage said internal data reviewed by the Financial Times showed 13 suspicious Binance accounts handled $1.7 billion in crypto, including about $144 million after the 2023 settlement. The report also said some wallets had links to funds later frozen over alleged Iran-backed activity. 

This comes as U.S. enforcement around Iran-linked crypto flows grows. Crypto.news recently reported that the U.S. seized nearly $500 million in Iranian crypto assets, above a previously reported $344 million USDT freeze tied to Iran. 

Binance’s monitoring issue also follows earlier reports that the exchange had sought an early end to a DOJ-appointed monitor. However, crypto.news noted that Binance also had a separate Treasury-linked monitorship through FinCEN, with no clear sign that this oversight was under the same review. 

Solv Protocol said it will move more than $700 million in tokenized Bitcoin assets to Chainlink CCIP. 

The migration covers SolvBTC and xSolvBTC, which Solv uses across its Bitcoin finance products. The protocol said the decision followed an updated review of cross-chain systems and recent bridge hacks.

As part of the move, Solv will phase out LayerZero bridge support for Corn, Berachain, Rootstock, and TAC. Solv said Chainlink CCIP will become its official cross-chain infrastructure. Its CTO Will Wang said, “Security is the foundation of everything we build at Solv.”

Kelp DAO dispute puts bridges under watch

The move came after Kelp DAO said it would shift rsETH to Chainlink CCIP. The decision followed an April exploit that drained 116,500 rsETH from a LayerZero-powered bridge. Crypto.news reported that the stolen tokens later entered Aave v3 as collateral before parts of the funds were frozen.

The dispute between Kelp DAO and LayerZero remains unresolved. Kelp DAO claimed LayerZero approved the single-verifier setup later blamed for the attack. 

LayerZero CEO Bryan Pellegrino rejected that account and said Kelp moved away from a default multi-verifier setup. Kelp also cited data showing many LayerZero apps used one verifier.

Aave recovery adds fresh market context

In a related update, crypto.news reported that Aave completed liquidation of the attacker’s final rsETH-backed positions on Ethereum and Arbitrum. Aave said the recovered collateral moved to Recovery Guardian, a multisig wallet controlled by DeFi United.

The recovery is not complete. Crypto.news reported that DeFi United still needs more support from Circle, Ethena, Frax, and Ink to restore rsETH backing. A separate legal dispute also covers 30,765 ETH, worth about $71 million, frozen by Arbitrum DAO after the exploit.

Bridge risk becomes the main story

The Solv migration adds to a wider shift in how DeFi projects review cross-chain infrastructure. OpenZeppelin said no public evidence showed a broken smart contract in the Kelp DAO case. It said the failure appeared tied to bridge operations and integration settings, not only deployed code.

That context makes Solv’s decision more than a vendor change. The protocol is moving a large tokenized Bitcoin stack at a time when users are asking how bridges verify messages and protect collateral. For Solv, the shift to Chainlink CCIP is now framed around reducing bridge exposure while keeping its Bitcoin products active across chains.

Solv did not directly blame LayerZero in its migration note. Instead, it pointed to security reviews and recent cross-chain incidents. That wording keeps the announcement focused on infrastructure choice, while the Kelp DAO dispute continues to shape the wider debate around cross-chain bridge design and user protection.