Crypto World
What are cross-chain bridges? Why they keep getting hacked
Blockchains cannot talk to each other on their own. Bridges are the software that moves value between them, and they have leaked more money to hackers than any other kind of crypto infrastructure, billions across a handful of catastrophic breaches. Here is how bridges actually work, the different trust models behind them, and why the connective tissue of crypto is also its most dangerous single point of failure.
Summary
- Cross chain bridges move assets and data between separate blockchains by locking, burning, or swapping tokens through different trust models.
- The security of a bridge depends largely on how it verifies transactions, with cryptographic models offering stronger protection than signer based systems.
- Bridges remain one of crypto’s biggest security risks because they hold large pools of assets and rely on complex infrastructure that has repeatedly been targeted by hackers.
There are hundreds of blockchains, and by design none of them can see the others. Ethereum has no native way to know what happened on Solana; a Bitcoin holder cannot directly spend that Bitcoin inside an Ethereum application. Each chain is an island with its own ledger, its own validators, and no built-in bridge to the mainland.
Yet users constantly need to move value between these islands, to chase yield, access an application, or reach cheaper fees, and that need created an entire category of infrastructure: the cross-chain bridge.
A bridge is software that lets assets and information move between blockchains that otherwise cannot communicate. It is essential plumbing; without bridges, liquidity would be trapped on whichever chain it started on, and the multi-chain world that defines crypto today could not function. Bridges now move billions of dollars a week, and their total value locked runs into the tens of billions.
They are also the single most dangerous piece of infrastructure in crypto. Bridge exploits have produced some of the largest thefts the industry has ever recorded, with individual breaches running into the hundreds of millions and the category’s cumulative losses in the billions. The same design that makes a bridge useful, holding or controlling large pools of assets across chains, makes it a concentrated target, and a small flaw in a bridge can drain a fortune in minutes.
This guide explains how bridges work, the main architectures they use, the trust models that determine how safe each one is, why they keep getting hacked, and how to think about bridge risk before moving your own funds.
Why bridges are necessary
The root problem is isolation. A blockchain is a self-contained ledger whose validators agree only on the state of their own chain. Nothing in Ethereum’s protocol can natively verify that a transaction happened on another chain, because doing so would require Ethereum’s validators to also run and trust every other chain, which they do not. Each network is sovereign and blind to the others.
Before bridges, the only way to move value between chains was through a centralized exchange: send your asset to the exchange on one chain, trade it, and withdraw a different asset on another chain. This works but reintroduces exactly the centralized intermediary that crypto was meant to reduce, along with accounts, custody, and withdrawal limits. Bridges emerged to do the same job more directly, letting value move between chains without handing it to an exchange in the middle.
The demand is enormous because the ecosystem is fragmented by design. Different chains optimize for different things, and users want to combine them: hold an asset native to one chain but use it in an application on another, move to a network with cheaper fees, or supply liquidity where the returns are highest. The connective role bridges play is why the industry sometimes calls them the tissue linking the chains, and it is why bridge volume tracks the overall growth of multi-chain activity. As newer designs push more of that activity toward stablecoin settlement and payments, the demand to move dollar-denominated value across chains has only intensified, echoing the broader rise of payment-focused chains built around moving stable value efficiently.
The catch is that connecting sovereign, mutually blind systems is genuinely hard, and every method of doing it introduces a trust assumption somewhere. That assumption is where the money leaks.
How a bridge moves an asset
Most bridges rely on a simple-sounding trick: they do not actually send an asset from one chain to another, because that is impossible. Instead, they lock or destroy the asset on the source chain and create a corresponding asset on the destination chain.
Three main architectures implement this idea.
The lock-and-mint model is the most common. When you bridge an asset, the bridge locks your original tokens in a smart contract on the source chain, like putting them in a vault, and mints an equivalent wrapped token on the destination chain. That wrapped token is a claim on the locked original, redeemable by reversing the process: burn the wrapped token on the destination chain, and the bridge unlocks the original on the source chain. The locked assets sit in the bridge’s custody the entire time, which is precisely why lock-and-mint bridges have been the most exploited: the vault holding everyone’s locked assets is a single, enormous target.
The burn-and-mint model is used mainly for assets whose issuer controls supply across chains, such as certain stablecoins. Instead of locking the asset, the bridge permanently burns it on the source chain, removing it from that chain’s supply, and mints a fresh, native version on the destination chain. Because the destination asset is truly native, not a wrapped claim, this avoids the pool-of-locked-assets problem, but it only works when a single issuer has authority to burn and mint the asset on every chain, which is why it is common for stablecoins and rare for everything else.
The liquidity-pool model takes a different approach. The bridge maintains pools of assets on every supported chain, and when you bridge, you deposit into the pool on the source chain and withdraw the equivalent from the pool on the destination chain, often with a solver or market maker fronting the destination asset instantly and settling later. Nothing is wrapped; you simply swap into inventory that already exists on the other side. This can be faster and avoids wrapped-token risk, but it requires the bridge to keep large inventories on every chain, which is both capital-intensive and, again, a target.
Beyond moving assets, modern bridges also pass messages: arbitrary data and instructions that let a smart contract on one chain trigger an action on another. A token transfer is just the simplest message, saying an amount was locked here, so mint it there. More elaborate messages let an application on one chain react to events on another, which powers cross-chain lending, governance, and complex applications. This general message passing is powerful and expands what bridges can do far beyond simple transfers, but every added capability is added surface area for something to go wrong.
The trust models that decide safety
The crucial question for any bridge is who verifies that the source-chain event actually happened before the destination chain acts on it. The answer is the bridge’s trust model, and it is the single biggest determinant of how safe the bridge is. There is a well-known framework classifying these models, and it maps cleanly onto a spectrum from convenient-but-risky to trustless-but-costly.
The trusted model relies on a fixed set of external validators, often secured by a multisignature or multiparty scheme, who watch the source chain and sign off on events for the destination chain. This is fast, cheap, and simple, but the validator set is the trust assumption: if enough of their signing keys are compromised, the attacker controls the bridge. Many of the largest bridge hacks in history were failures of exactly this model, where an attacker gained control of enough validator keys to authorize fraudulent withdrawals. When a bridge’s security rests on a handful of keys, those keys are the whole game.
The light-client or validity-proof model is the trustless end of the spectrum. Here the destination chain actually runs a light client of the source chain and cryptographically verifies its block headers, or accepts a validity proof, instead of trusting a set of signers. This is far more secure because it removes the human validator set and replaces it with mathematics, but it is expensive in computation and complex to build, and it does not work efficiently for every pair of chains. Advances in zero-knowledge proofs, the same cryptography moving to the center of Ethereum’s long-term rebuild, are extending this model to more chains, but it remains harder to deploy than trusting a signer set.
Between the extremes sit optimistic and hybrid models, which assume transactions are valid but allow a challenge window during which watchers can submit proof of fraud, similar to how some scaling systems secure their withdrawals. These trade some speed, through the challenge delay, for stronger security than a pure trusted model, without the full cost of a light client. Where a bridge sits on this spectrum tells you almost everything about its risk: the more it relies on a small trusted group and the less it relies on cryptographic verification, the more it depends on those few parties never being compromised.
Why bridges keep getting hacked
Bridges have lost more to hackers than any other category of crypto infrastructure, and the reasons are structural, not accidental. Understanding them explains why the problem persists despite years of painful lessons.
The first reason is concentration of value. A bridge, especially a lock-and-mint one, accumulates a large pool of locked assets backing all the wrapped tokens it has issued. That pool is a single honeypot, and unlike a diffuse set of user wallets, draining it once takes everything. Attackers are economically rational, and they gravitate to wherever the most value sits behind the fewest defenses, which describes a large bridge almost perfectly.
The second reason is weak trust models. Many bridges chose the fast, cheap, trusted model, securing hundreds of millions of dollars behind a small set of signing keys. The largest bridge thefts on record were, at their core, key compromises: an attacker obtained control of enough of the bridge’s validator keys, through phishing, malware, or infrastructure breaches, and then simply authorized withdrawals that the bridge treated as legitimate. No clever exploit of the blockchain was needed, only control of the keys the bridge trusted. A bridge secured by nine keys where five are enough to move funds is, in security terms, a five-key vault.
The third reason is complexity. Bridges are among the most complex smart-contract systems in crypto, spanning multiple chains, custom message formats, and intricate verification logic, and complexity is the enemy of security. Every added feature, every new supported chain, every message type is more code that can contain a subtle flaw, and bridge exploits have repeatedly come from bugs in verification logic that let an attacker forge a proof of a deposit that never happened, causing the bridge to release funds against nothing. The fraud-proof and verification systems that are supposed to guard a bridge are themselves complex code, and a flaw there is catastrophic because it undermines the entire security model at once. The category’s history rhymes with the broader lesson that concentrated infrastructure fails hard, the same dynamic seen when any single point of control becomes the weakest link in an otherwise sound system.
These three forces combine into a grim equation: bridges hold enormous value, often behind trust models thinner than the value warrants, inside code complex enough to hide fatal bugs. That is why, even as the industry has learned hard lessons and newer designs have improved, bridges remain the place where the largest single thefts tend to happen.
The anatomy of a bridge hack
To make the risk concrete, it helps to walk through how a typical bridge exploit actually unfolds, because the pattern repeats across nearly every major incident and reveals why the losses are so total.
Most catastrophic bridge hacks fall into one of two shapes. The first is a key compromise. A trusted-model bridge secures its locked assets behind a set of signing keys, and an attacker obtains control of enough of those keys, through phishing an employee, compromising a server, or exploiting weak key management, to reach the signing threshold. Once the attacker can produce valid signatures, the bridge has no way to distinguish their fraudulent withdrawal from a legitimate one, because a validly signed instruction is exactly what the bridge is built to obey. The attacker signs a withdrawal that drains the locked pool, and the assets are gone before anyone notices, because from the bridge’s perspective nothing broke; the correct keys authorized the transfer. Several of the largest bridge thefts in history were precisely this: not a clever exploit of the blockchain, but a theft of the keys the bridge trusted, turning the bridge’s own security model into the attacker’s tool.
The second shape is a verification bug. A bridge must verify that a deposit really happened on the source chain before releasing funds on the destination chain, and this verification logic is complex code. If it contains a flaw, an attacker can craft a fake proof of a deposit that never occurred, submit it to the bridge, and the bridge, believing the fake, releases real assets against nothing. The attacker deposited nothing and withdrew a fortune, because the code that was supposed to check the deposit accepted a forgery. These bugs are catastrophic precisely because they attack the bridge’s core trust mechanism: once an attacker can forge the proof the bridge relies on, they can mint or withdraw arbitrary value until someone halts the bridge, which in a fast-moving exploit can be far too late.
Both shapes share a defining feature that explains why recovery is so rare: the theft looks legitimate to the bridge at the moment it happens. A key-compromise withdrawal carries valid signatures; a verification-bug withdrawal carries an accepted proof. Neither trips an alarm inside the system, because both exploit the system doing exactly what it was designed to do, only on fraudulent inputs. By the time the discrepancy surfaces, usually when the locked assets no longer back the wrapped tokens in circulation, the funds have moved through mixers and across other chains. The wrapped tokens left behind become claims on an empty vault, and their holders, who did nothing wrong, absorb the loss. This is the mechanism by which a single flaw in one bridge translates into hundreds of millions gone, and why the security of a bridge deserves more scrutiny than almost any other decision in a multi-chain transaction.
How to think about bridge risk
Bridges are necessary and, used carefully, reasonable to rely on, but their risk profile deserves respect. A few principles help you evaluate any bridge before trusting it with funds.
Prefer stronger trust models. A bridge secured by cryptographic verification, a light client or validity proofs, or by a canonical connection to a base chain, is structurally safer than one secured by a small external signer set. Where a bridge documents its trust model, read it; the difference between trusting mathematics and trusting a handful of keys is the difference between the safest and riskiest bridges in existence. Independent frameworks that score bridges on their trust assumptions exist precisely because this distinction is hard for users to assess alone.
Favor track record and audits. A bridge with a long operational history free of exploits, multiple independent security audits, an active bug bounty, and transparent, time-locked upgrade processes has earned more trust than a new, unaudited one, however attractive its yields. Bridges are not where to chase the newest, highest-return option, because the downside of a bridge failure is total loss of the funds in transit.
Minimize time and size at risk. Bridging is riskiest while your value sits in the bridge’s custody or in transit. Moving smaller amounts, avoiding leaving large balances in wrapped tokens longer than necessary, and using aggregators that route through the safest available path all reduce exposure, while minding the slippage a large cross-chain swap can incur along the way. For very large transfers, splitting them or accepting the slower safety of a canonical bridge can be worth the inconvenience.
Understand what you are holding after you bridge. A wrapped token is a claim on assets locked in a bridge, and it is only as sound as that bridge. If the bridge is exploited and its locked assets drained, the wrapped tokens it issued can become worthless claims on an empty vault, even though your original assets are gone. Native assets obtained through burn-and-mint or liquidity-pool models avoid this specific risk, which is one reason those models are often preferred where available, particularly for the stablecoins that dominate cross-chain settlement.
The honest summary is that bridges are indispensable and imperfect. They solve a real and unavoidable problem, connecting sovereign chains that cannot see each other, and there is no way to do that without introducing a trust assumption somewhere. The safest bridges push that assumption toward cryptography and away from small groups of keys; the most dangerous do the reverse and guard enormous value with thin trust. Knowing which kind you are using, and treating the crossing as the riskiest moment in any multi-chain transaction, is what separates informed use from the kind of blind trust that has, again and again, funded the largest heists in the industry.
It is worth ending on where the technology is heading, because the picture is not static. The industry has absorbed the lessons of its worst bridge failures, and newer designs increasingly favor stronger trust models: burn-and-mint transfers for assets whose issuers can support them, cryptographic light clients and validity proofs where the chain pairs allow, and intent-based systems where independent parties front liquidity and take on the risk rather than pooling everyone’s assets in a single honeypot. Independent risk frameworks now score bridges on exactly the trust assumptions that used to be invisible to ordinary users, making it easier to tell a well-secured bridge from a dangerous one before committing funds. None of this eliminates the fundamental tension that connecting blind, sovereign systems requires trusting something, but it does shift the trust toward mathematics and away from the small key-holding groups that account for the largest historical losses. The bridges of the next few years will be safer than those that leaked billions, not because the problem got easier, but because the industry paid for the lesson in full and is finally building as though it remembers.
Frequently asked questions
What is a cross-chain bridge?
A cross-chain bridge is software that lets assets and data move between different blockchains, which otherwise cannot communicate with each other. It typically works by locking or burning an asset on the source chain and creating an equivalent asset on the destination chain, allowing value to move across networks without going through a centralized exchange.
How does a bridge move an asset between chains?
It does not literally send the asset across; instead it uses one of three models. Lock-and-mint locks the original in a contract and mints a wrapped version on the other chain. Burn-and-mint destroys the asset on one chain and creates a native version on the other. Liquidity-pool bridges keep inventories on both chains and let you swap into the destination pool. Each avoids the impossible task of directly transferring an asset between separate ledgers.
Why are bridges hacked so often?
Three structural reasons: they concentrate large pools of value that make single, lucrative targets; many use weak trust models secured by a small set of signing keys that, if compromised, hand an attacker control; and they are highly complex code where subtle verification bugs can let attackers forge deposits. Together these make bridges the category responsible for some of the largest thefts in crypto history.
What is the safest kind of bridge?
Bridges that verify source-chain events cryptographically, through a light client or validity proofs, or that use a canonical connection to a base chain, are structurally safest because they rely on mathematics rather than a trusted group. Bridges secured only by a small external set of signing keys are the riskiest, since compromising those keys compromises the entire bridge.
What is a wrapped token?
A wrapped token is a token minted on a destination chain to represent an asset locked in a bridge on the source chain. It is a claim on the locked original, redeemable by burning the wrapped token to unlock the original. Its value depends entirely on the bridge holding the locked assets; if that bridge is drained, the wrapped token can become a worthless claim on an empty vault.
Are bridge hacks the biggest in crypto?
Some of the largest single thefts in crypto history have been bridge exploits, with individual breaches reaching hundreds of millions of dollars and the category’s cumulative losses running into the billions. Many of these were key compromises of trusted-model bridges rather than exploits of the underlying blockchains, meaning the attacker gained control of the keys the bridge trusted.
Can I lose money using a bridge?
Yes. The main risk is that the bridge is exploited while your value is locked in it or held as a wrapped token, in which case those funds can be lost entirely. Additional risks include smart-contract bugs and, for liquidity-pool bridges, issues with the pools. Using well-audited bridges with strong trust models and long track records, and minimizing the amount and time at risk, reduces but does not eliminate this.
What is general message passing in bridges?
General message passing is the ability of a bridge to move arbitrary data and instructions between chains, not just token transfers. It lets a smart contract on one chain trigger an action on another, powering cross-chain lending, governance, and complex applications. A token transfer is the simplest message, but the added capability also expands the code surface where vulnerabilities can appear.
Disclaimer: This article is for informational purposes only and does not constitute investment advice. Digital asset markets are volatile and you can lose your entire investment. Always do your own research. Information current as of July 7, 2026.
Crypto World
Commodity, Crypto Pool Operator Faces CFTC Fraud Charges
The US Commodity Futures Trading Commission has sued a North Carolina man, accusing him of operating a commodity pool featuring crypto that defrauded investors of more than $14 million.
The CFTC’s lawsuit, filed in federal court on Tuesday, alleged that Trevor Vernon and his company, Argent Capital Management, operated a commodity pool featuring equity index futures, options on equity index futures and crypto.
The agency alleged that from March 2022 to February 2026, Vernon solicited $14.8 million from at least 60 investors and falsely claimed he was a successful trader, even though his trading actually “resulted in consistent and catastrophic losses” for the pool’s investors.
The lawsuit is a rare crypto-related enforcement action from the CFTC, which is angling to oversee the crypto industry while facing questions from some lawmakers about whether it has the resources to police the complicated and rapidly growing sector.
The agency alleged that as part of the scheme, Vernon traded crypto, including Bitcoin (BTC) and Ether (ETH), which the CFTC asserted were commodities.
CFTC alleges Vernon ran pool “akin to a Ponzi scheme”
The CFTC alleged in its complaint that Vernon made false statements to existing and potential investors, including in quarterly account updates and monthly performance emails.
The agency claimed Vernon’s trading of crypto, as well as futures and options on stock indices, resulted in losses of more than $8.6 million.
Related: CME Group sues CFTC over crypto perpetual futures
The CFTC said Vernon never disclosed the losses to investors and alleged he misappropriated $3 million to pay investors “in a manner akin to a Ponzi scheme” to hide his losses. He also allegedly misappropriated $136,000 for private air travel, according to the lawsuit.
The CFTC accused Argent Capital Management of failing to register with the agency as required by federal commodities law, and claimed Vernon made false statements to the regulator in January about the issues alleged in its complaint.
The CFTC charged Vernon with seven counts related to fraud, failure to register and making false statements.
It asked the court to permanently ban Vernon from registration and trading, along with disgorgement, penalties and restitution.
Features: From Bitcoin critics to blockchain believers: The 5 biggest crypto backflips
Crypto World
Markets Wait on Fed Minutes: What to Expect from Today’s Release
The Federal Reserve releases the minutes from its June 16-17 policy meeting on Wednesday at 2 p.m. ET. Investors hoping for clarity on a September rate hike may come away with less than they expect.
Chair Kevin Warsh withheld his own rate projection this cycle. He also issued a policy statement of just 130 words that dropped forward guidance entirely. That leaves the minutes as the only detailed record of the committee’s internal debate.
A Committee Split Between Hawks and Doves
The FOMC held rates steady at 3.50% to 3.75% on June 17. That marked the fourth consecutive hold. Nine of 18 FOMC policymakers penciled in at least one 2026 hike. Warsh declined to submit a projection of his own.
The committee met before the Bureau of Labor Statistics released its June payrolls report. That report showed just 57,000 new jobs, the weakest reading in four months. Any hawkish language in the minutes reflects a labor market that still looked solid at the time. The softer picture came days later.
The CME FedWatch Tool now prices roughly a 50% to 55% chance of a September hike. That is down from 66% before a weaker-than-expected June jobs report. Warsh addressed the uncertainty directly at his press conference.
“We recognize that inflation has been running well ahead of the Fed’s long-stated inflation
goal of 2 percent that’s been going on for more than five years. Persistently high prices are a
burden for the American people. But the recent past need not be prologue.”
— Kevin Warsh.
Why the Silence Itself Is the Story
Warsh has pushed for a leaner communication style since taking office. He argues forward guidance entangles the Fed in markets that should react to data instead.
That approach puts unusual weight on Wednesday’s release. No accompanying statement language exists for comparison. Speaking at the Sintra policy forum in July, Warsh left little doubt about his inflation stance. he stated that people should not expect his Fed to be comfortable with inflation above 2%
The minutes could reveal how close the committee’s hawks came to pushing for a hike in June. Or they could leave the disagreement as vague as the statement did.
Either way, a chair who prefers silence may keep investors waiting past Wednesday for real clarity.
The post Markets Wait on Fed Minutes: What to Expect from Today’s Release appeared first on BeInCrypto.
Crypto World
Why Crinetics Stock Doubled After Vertex’s $10 Billion Buyout
Crinetics Pharmaceuticals shares nearly doubled on Monday, July 6 after Vertex Pharmaceuticals agreed to buy the company for $10 billion in cash.
Vertex will pay $85 a share. That is roughly double Crinetics’ closing price the day before Vertex announced the deal.
What Vertex Is Actually Buying
Crinetics makes Palsonify, a pill for acromegaly, a rare disorder that causes excess growth hormone. Patients previously relied on regular injections, so a once-daily pill is a real upgrade in convenience.
Vertex, known for its cystic fibrosis drugs, is betting big on that convenience. It has a second drug in late-stage trials for another rare hormone condition. Together, the two products could bring in more than $5 billion a year at their peak.
William Blair analyst Myles Minter said the price tag makes sense if that sales target holds up.
“Investors will debate this (stock was down 1.8% after hours), but we view this as reasonable if the peak sales number can be achieved.”
Retail sentiment on Crinetics flipped from bearish to bullish within a day. The GameStop eBay takeover saga shows how fast retail mood can swing on buyout news.
Is There Any Upside Left?
Once a company announces a cash buyout, its stock stops trading on its own business prospects. It trades toward the agreed price instead.
Crinetics is already close to that $85 target. The Riot Platforms Bitfarms takeover played out the same way, with shares settling near the offer price.
Most of the reward has already landed. What remains is a small gap, plus the risk that the deal falls through before it closes in the third quarter.
The post Why Crinetics Stock Doubled After Vertex’s $10 Billion Buyout appeared first on BeInCrypto.
Crypto World
What are liquid staking tokens? stETH and the depeg risk, explained
Staking locks your crypto and earns yield. Liquid staking hands you a tradeable receipt for that locked position, so the same capital can earn twice. It is one of DeFi’s largest markets, and it comes with a specific danger most guides skip: the receipt can trade below what it represents. Here is how liquid staking tokens work, and where the risk actually lives.
Summary
- Liquid staking tokens let users keep earning staking rewards while using a tradeable token across DeFi without unlocking the original assets.
- The biggest risk comes when liquid staking tokens trade below the value of the assets backing them, especially during periods of market stress and heavy withdrawals.
- Higher yields from liquid staking strategies often involve leverage, increasing the risk of liquidations if the token temporarily loses its peg.
Staking a proof-of-stake asset like Ether involves a trade-off that used to be absolute: lock your tokens to help secure the network and earn rewards, and accept that the locked tokens are frozen and useless for anything else. Liquid staking removes the second half of that bargain. You deposit your tokens with a protocol, the protocol stakes them for you, and in return you receive a new token, a liquid staking token, that represents your staked position and can be freely traded, sold, or put to work elsewhere in decentralized finance. The original capital keeps earning staking rewards; the receipt token lets that same capital do a second job.
That double-duty is why liquid staking became one of the largest categories in all of DeFi, with tens of billions of dollars flowing into it. It is also why it carries a risk that plain staking does not. The receipt token is only useful if the market treats it as equal in value to the asset it represents, and there are moments, usually the worst possible moments, when the market does not. A liquid staking token can trade below the value of the staked asset behind it, an event called a depeg, and understanding when and why that happens is the difference between using this tool safely and being surprised by it.
This guide explains what liquid staking tokens are, the two designs they come in, how the peg is supposed to hold and how it breaks, the concentration risk hiding behind the biggest provider, the way these tokens get stacked into leverage across DeFi, and the practical questions to ask before holding one. The star example throughout is stETH, the largest liquid staking token, but the mechanics apply across the category, from Rocket Pool’s rETH on Ethereum to the staked-asset tokens on other proof-of-stake networks. The goal is to leave you able to hold one of these tokens understanding exactly what it is, what backs it, and under what conditions its price can part ways with the asset it represents.
The problem liquid staking solves
To see why liquid staking exists, start with the friction of ordinary staking. On Ethereum, running your own validator requires locking thirty-two ether, operating node software with constant uptime, and accepting that your stake is subject to exit queues when you want out. For most holders this is impractical: they lack thirty-two ether, do not want to run infrastructure, and dislike freezing capital they might need, especially as Ethereum reworks its staking and consensus layers in ways that will reshape validator economics for years.
Staking pools solved the first problems by letting many users combine smaller amounts under professional validators, but the funds were still locked. Liquid staking solves the last problem, the lock itself. When you deposit into a liquid staking protocol, it pools your tokens with everyone else’s, stakes them across a set of validators, and mints you a token representing your share of the staked pool plus its accruing rewards. You no longer need thirty-two ether, you never touch validator software, and, crucially, your position is now liquid: the receipt token sits in your wallet and can move freely while the underlying stake keeps earning.
A coat-check analogy captures it. You hand over your coat and receive a claim ticket. The coat stays safely in the cloakroom earning nothing, but the ticket is now in your hands, and while you cannot wear the ticket, you can hold it, hand it to a friend, or even sell it. Liquid staking works the same way: the staked asset stays locked and productive, while the token proving your claim to it circulates freely. Whoever holds the ticket holds the claim, so selling the token means selling the staked position along with it.
The result is capital efficiency that plain staking cannot match. A holder can stake, receive the token, and then lend it, use it as collateral, or provide it as liquidity, earning a second layer of return on top of the base staking reward, all without unstaking. That stacking is the appeal and, as later sections show, the source of the systemic worry.
Two designs: rebasing and value-accruing
Liquid staking tokens come in two flavors, and the difference matters for how rewards show up in your wallet and how the token behaves in DeFi.
A rebasing token keeps its price pegged to the underlying asset one to one and delivers rewards by increasing the number of tokens you hold. Lido’s stETH is the classic example: hold it, and your stETH balance grows a little each day, with each stETH meant to remain worth roughly one ether. The appeal is transparency, since your balance visibly climbs, but the growing balance complicates integrations, because many DeFi protocols were not built to handle a token quantity that changes on its own.
A value-accruing token keeps the token count fixed and delivers rewards by rising in value against the underlying asset. Rocket Pool’s rETH works this way, as does the wrapped version of stETH, wstETH. You hold the same number of tokens over time, but each one is redeemable for progressively more ether as rewards accumulate; stake when one token equals one ether and, a year later, that token might redeem for meaningfully more. This design integrates more smoothly across DeFi because the balance is stable, which is why wrapped, value-accruing versions dominate in lending and liquidity protocols and increasingly appear in the institutional DeFi rails being built on other ledgers too.
The distinction is easy to miss and important in practice. A rebasing token used as collateral can behave strangely because its balance shifts; a value-accruing token trades at a price that is intentionally above one-to-one and rising, so seeing rETH or wstETH quoted above the price of ether is normal and correct, not a premium to fear. Knowing which design you hold prevents misreading its price and misusing it in a protocol.
How the peg holds, and how it breaks
The entire usefulness of a liquid staking token rests on the market valuing it close to the staked asset it represents. That relationship is a soft peg, maintained by arbitrage and redemption instead of any hard guarantee, and understanding the mechanism explains exactly when it can slip.
In normal conditions the peg holds tightly because of a redemption path. A stETH is a claim on staked ether, and once the protocol’s withdrawal queue is functioning, that claim can be redeemed for actual ether. If stETH ever trades meaningfully below one ether on the open market, arbitrageurs buy the discounted stETH, redeem it for a full ether through the queue, and pocket the difference, and that buying pressure pushes the price back toward parity. Deep secondary-market liquidity reinforces this: research on stETH has found that most deviations beyond a small threshold correct within hours, because the arbitrage is reliable and the market is deep.
The peg breaks when the redemption path is slow and the market panics faster than arbitrage can act. Redeeming a liquid staking token for the underlying asset is not instant; it runs through the network’s validator exit queue, which can take days when many people withdraw at once. In a stressed market, holders who want out immediately cannot wait for the queue, so they sell on the open market instead, and a wave of forced selling can push the token below the value of the asset behind it. This is a depeg: not a loss of the underlying stake, but a temporary discount on the receipt.
The defining real-world case came in 2022, when stETH traded as low as roughly a nickel under parity during a broad market crisis. Large holders facing liquidation needed liquidity immediately, the withdrawal path at the time did not allow direct redemption, and the resulting sell pressure drove stETH to a visible discount to ether. Critically, the underlying staked ether was never lost or impaired; the discount reflected the mismatch between an instant desire to exit and a redemption process that could not move instantly. Once redemption became possible and panic subsided, the peg restored. The episode is the template: a liquid staking token depeg is almost always a liquidity-and-timing event, not a solvency event, but that distinction is cold comfort to someone forced to sell at the discount.
How the yield actually stacks
A concrete walk-through of the returns shows both why liquid staking is popular and where the layers of risk enter, because each layer of yield is also a layer of exposure.
Start with the base. Staking ether on Ethereum earns a network reward, a modest annual percentage that comes from new issuance and transaction fees paid to validators for securing the chain. A holder who simply stakes and holds a liquid staking token captures this base reward with almost none of the friction of solo staking: no thirty-two-ether minimum, no node to run, no direct exit-queue management. For many holders, that is the entire appeal, and it is a reasonable, relatively conservative use of the tool.
The second layer comes from putting the token to work. Because the liquid staking token is freely tradeable, a holder can deposit it into a lending protocol to earn interest, supply it to a liquidity pool to earn trading fees, or use it as collateral, each adding a return on top of the base staking reward. This is the capital efficiency that plain staking cannot match: the same underlying ether earns its staking reward and a second yield simultaneously. It is also where smart-contract risk begins to compound, because the token now passes through a second protocol’s code in addition to the staking protocol’s own.
The third layer, and the dangerous one, is leverage, described earlier: borrowing against the token to acquire more of it and repeating the loop. Each turn of the loop multiplies the base yield, which is why advertised returns on some liquid staking strategies look far higher than the underlying staking reward could ever justify. The arithmetic that produces those headline numbers is leverage, and leverage is precisely what converts a survivable depeg into a forced liquidation.
The practical takeaway is to read any liquid staking yield as a signal of how many layers are involved. A return close to the base staking reward is a plain, relatively safe position. A return well above it means the token is deployed into other protocols, adding smart-contract exposure. A return far above the base almost always means leverage, and therefore liquidation risk in a depeg. The yield number is not just a reward; it is a readout of the risk stack beneath it, and matching the layer you accept to the risk you understand is the whole discipline of using these tokens well. The same logic governs every layered yield strategy in DeFi: more yield is always more of something else at risk.
The concentration problem
Beyond the depeg risk sits a subtler, more structural concern: one protocol dominates Ethereum liquid staking to a degree that worries people who think about the network’s health.
Lido, the issuer of stETH, has for long stretches controlled roughly a third of all staked ether, a share large enough that Ethereum researchers openly discuss it as a risk to the network itself. The reasoning is about consensus: if a single staking entity controls too large a fraction of validators, it gains outsized influence over block production and could, in extreme scenarios, threaten the neutrality or censorship-resistance the network depends on. This is not an accusation that Lido would misbehave; it is a structural observation that concentration itself is a vulnerability, regardless of the operator’s intentions, and it is why parts of the community actively encourage stakers to choose smaller providers.
Concentration also compounds the token-level risks. When one liquid staking token is embedded as collateral across nearly every major lending protocol, a serious problem with that token, a smart-contract bug, a governance failure, or a severe depeg, is not one protocol’s problem but a shock that ripples through all of DeFi at once. The dominant token’s ubiquity, which is a convenience in calm markets, becomes a transmission channel in stressed ones. The same dynamic appears wherever a single asset becomes foundational infrastructure, from stablecoins to the restaking protocols that layer additional yield on top of staked positions: dominance buys efficiency and sells fragility.
For an individual holder, concentration risk is mostly about awareness. Using the largest, most liquid token gives the tightest peg and the deepest DeFi integration, which is a real benefit; it also means holding the asset most entangled with everything else, so a systemic event touches it first. Diversifying across providers reduces personal exposure and, in aggregate, improves the network’s health, at the cost of slightly thinner liquidity in the smaller tokens.
The leverage stack, and why it magnifies everything
The feature that makes liquid staking tokens powerful, their usability across DeFi, also enables a leverage loop that turns a modest depeg into a cascade. Understanding this loop is essential to understanding why depegs matter beyond the inconvenience of a discount.
The loop works like this. A user stakes ether and receives a liquid staking token. They deposit that token as collateral in a lending protocol and borrow ether against it. They stake the borrowed ether, receive more of the liquid staking token, deposit that as collateral, and borrow again. Repeated, this stacks several layers of leverage on a single underlying position, each layer amplifying the yield in calm markets. It is a popular strategy precisely because the base staking reward, multiplied by leverage, produces attractive returns.
The danger is what happens when the token depegs. Each borrowing position has a liquidation threshold tied to the value of the collateral, and a depeg lowers that value. As the token slips below parity, leveraged positions approach liquidation; liquidations force the collateral token to be sold; that selling deepens the depeg; the deeper depeg triggers more liquidations. In stressed markets this becomes a self-reinforcing spiral, a domino run dressed in yield-farm packaging. The 2022 depeg was made sharper by exactly this dynamic, as leveraged holders were forced to unwind into a falling market.
The lesson for holders is that a liquid staking token held plainly is a fairly conservative instrument: it earns staking yield and, absent a solvency failure in the protocol, its worst realistic outcome is a temporary discount that arbitrage eventually closes. The same token levered several times over is a very different risk, one where a discount that a plain holder could simply wait out becomes a forced liquidation. The token did not change; the leverage around it did. Anyone evaluating liquid staking yields that look unusually high should assume leverage is involved and price the liquidation risk accordingly.
What to check before holding one
Liquid staking is a genuinely useful tool, and using it well comes down to a handful of concrete checks, not blanket caution.
Confirm the token design. Know whether you hold a rebasing token, whose balance grows, or a value-accruing one, whose price rises, because the two behave differently in your wallet and in any protocol you deposit them into. Value-accruing wrapped versions are generally the smoother choice for DeFi use.
Assess the redemption path. The peg’s strength depends on being able to redeem the token for the underlying asset, so check that direct withdrawals are live and how long the exit queue runs. A token with a fast, functioning redemption path has a stronger peg than one where exit depends entirely on selling into secondary-market liquidity.
Gauge the liquidity and the provider. Deep secondary-market liquidity is what lets arbitrage defend the peg between redemptions, so a token with thin liquidity is more prone to slipping and slower to recover, the same slippage dynamics that govern any thinly-traded swap. Weigh the largest provider’s tight peg and deep integration against its concentration risk, and consider whether spreading across providers suits your risk tolerance and, incidentally, helps the network.
Respect the layered smart-contract risk. Your capital passes through the staking protocol’s contracts, and if you deploy the token into lending or liquidity protocols, through those as well. Each layer is code that can contain bugs, and stacking layers stacks the places something can break, the same concentration-of-risk lesson that runs through every major bridge exploit. Favor audited, long-lived protocols, and treat any strategy promising outsized yield as a signal that leverage, and its liquidation risk, is present.
Held with these checks in mind, a liquid staking token does what it promises: it unlocks the value of a staked position so the same capital can work twice, earning a base reward while remaining liquid and productive. The depeg risk that defines the category is real but specific, a timing-and-liquidity event instead of a loss of the underlying stake, and it is most dangerous not to plain holders but to those who lever the token into a stack that turns a temporary discount into a forced sale. Understand which of those two users you are, and the risk becomes something you can size instead of something that surprises you.
The broader significance is worth a closing thought. Liquid staking tokens have become foundational plumbing for proof-of-stake economies: tens of billions of dollars of staked value now circulate as these receipts, and they underpin lending, trading, and collateral across DeFi. That ubiquity is a genuine achievement, turning otherwise idle staked capital into productive infrastructure. It also means the health of a few dominant tokens matters to the whole system, which is why the concentration and depeg risks discussed here are not merely individual concerns but systemic ones.
Using these tokens knowledgeably, favoring strong redemption paths, deep liquidity, and audited protocols, and staying alert to the leverage hiding behind unusually high yields, is how an individual participates in that system without being surprised by its failure modes.
Frequently asked questions
What is a liquid staking token?
A liquid staking token is a tradeable token you receive when you stake a proof-of-stake asset through a liquid staking protocol. It represents your staked position plus its accruing rewards, and it can be freely sold or used in DeFi while the underlying asset stays staked and earning. stETH from Lido and rETH from Rocket Pool are the best-known examples on Ethereum.
How is liquid staking different from regular staking?
Regular staking locks your tokens, making them unavailable for anything else until you unstake through an exit queue. Liquid staking gives you a receipt token that keeps your capital liquid, so you can trade it or use it elsewhere in DeFi while the underlying stake continues to earn rewards. The trade-off is added smart-contract risk and the possibility that the receipt token depegs.
What does it mean when stETH depegs?
A depeg means the liquid staking token trades below the value of the staked asset it represents, such as stETH trading below one ether. It usually happens when many holders want to exit faster than the redemption queue allows, so they sell on the open market and push the price to a discount. Importantly, a depeg is generally a liquidity and timing event, not a loss of the underlying staked asset.
Is my staked asset lost if the token depegs?
No. A depeg reflects a temporary market discount on the receipt token, not destruction of the underlying stake. The staked asset remains intact and continues earning, and once the redemption path clears and panic subsides, arbitrage typically restores the peg. The real risk is being forced to sell at the discount, which mainly affects leveraged holders facing liquidation.
Are rebasing and value-accruing tokens different?
Yes. A rebasing token like stETH stays pegged one-to-one and pays rewards by increasing your token balance over time. A value-accruing token like rETH or wrapped stETH keeps the balance fixed and pays rewards by rising in value against the underlying asset. Value-accruing versions integrate more smoothly into DeFi because their balance does not change unexpectedly.
Why is Lido’s dominance considered a risk?
Lido has often controlled roughly a third of all staked ether, and Ethereum researchers worry that any single staking entity holding too large a share of validators could gain outsized influence over the network’s consensus. It also means the dominant token is embedded across most of DeFi, so a serious problem with it would ripple widely. The concern is structural rather than an accusation of misconduct.
Can I lose money with liquid staking tokens?
Yes, through several channels: a smart-contract bug in the staking or DeFi protocols you use, a severe depeg that forces you to sell at a discount, or liquidation if you lever the token in a borrowing loop. Held plainly in an audited, liquid protocol, the risk is relatively modest, but stacking leverage on top substantially raises the chance of a forced loss.
What is the leverage loop with liquid staking tokens?
The loop involves staking to get the token, using it as collateral to borrow the underlying asset, staking that to get more of the token, and repeating to stack leverage and amplify yield. It works in calm markets but is dangerous in a depeg, because falling collateral value triggers liquidations that force selling, which deepens the depeg and triggers more liquidations in a self-reinforcing cascade.
Disclaimer: This article is for informational purposes only and does not constitute investment advice. Digital asset markets are volatile and you can lose your entire investment. Always do your own research. Information current as of July 7, 2026.
Crypto World
How Bitcoin Could Reuse Signatures Across Compatible UTXOs
This is Part 3 in the technical article series about Bitcoin covenants by Cointelegraph Research. To read the previous article click here.
SIGHASH_ANYPREVOUT, as proposed in BIP 118, builds on the earlier SIGHASH_NOINPUT concept mentioned in the 2015 Lightning Network paper by Joseph Poon and Thaddeus Dryja, and later formally proposed by Joseph Poon on the bitcoin-dev mailing list in February 2016.
SIGHASH_ANYPREVOUT is not a new opcode but a proposed new value for the SIGHASH flag, designed to be deployed as a soft-fork upgrade to Bitcoin. The SIGHASH flag is appended to a signature and determines which parts of a transaction are signed and will be checked by the CHECKSIG opcode. The selected flag is chosen by the signer, not enforced by the scriptPubKey. Due to the technical details related to upgradability in a softfork, the SIGHASH_ANYPREVOUT proposal only extends to spends from taproot addresses.
A variety of standard SIGHASH modes already exist, as illustrated in Figure 1. If the flag is set to SIGHASH_ALL, the signature must cover all inputs, all outputs, and the specific outpoint being spent, thus cryptographically binding the authorization to that exact UTXO. An outpoint is the combination of a transaction ID and an output index that together uniquely identify which UTXO a transaction is consuming. With SIGHASH_NONE, only the inputs need to be signed, leaving the outputs unconstrained. The SIGHASH_SINGLE variant signs all inputs, but only the output at the same index as the input being signed. The ANYONECANPAY modifier introduces further flexibility by allowing a single input to be signed independently of the others. Crucially, none of these existing modes allows a signature to omit commitment to the outpoint. That restriction is what SIGHASH_ANYPREVOUT removes.

BIP-118 defines two ANYPREVOUT variants that differ in how much of the previous output they omit from the digest, summarised in Figure 2. Under SIGHASH_ANYPREVOUT, the outpoint is excluded from the digest, but the signature still commits to the amount and scriptPubKey of the previous output, as well as the input’s nSequence. Under SIGHASH_ANYPREVOUTANYSCRIPT, the amount and scriptPubKey are also excluded, meaning the signature is not bound to the locking script of the spent output at all. All other commitments follow the standard Taproot signature message construction and depend on the selected base flag, such as SIGHASH_ALL or SIGHASH_SINGLE.

Because the outpoint is omitted from the digest, the same signature can authorize spending any compatible UTXO that satisfies the remaining committed fields. For example, a transaction pre-signed with ANYPREVOUT | ALL to produce a 0.5 BTC output can be reused if the same address later receives another UTXO of 0.5 BTC, even if the private key used to create the original signature is no longer available. If the new UTXO holds more than 0.5 BTC, however, the excess will be lost to miners unless the original signature included a change output. This rebinding property is what makes ANYPREVOUT useful for layer-2 protocols, where the same pre-signed transaction must apply to multiple possible on-chain UTXOs without requiring new signatures for each one.
For covenant-like applications, the ANYPREVOUT variants preserve commitment to the scriptPubKey of the previous output, and are typically the most relevant. They allow signatures to be reused across compatible UTXOs while ensuring funds remain bound to the same locking script. ANYPREVOUTANYSCRIPT removes this binding entirely and is therefore less suited to covenant-style applications.
Similar to OP_CTV, SIGHASH_ANYPREVOUT improves on the logic already achievable with pre-signed transactions but does not by itself enable recursive covenants or transaction introspection. Instead, it relaxes the binding between a signature and a specific UTXO, allowing a signature to be reused across multiple compatible UTXOs.
Some research has also noted that removing the outpoint commitment makes recovered-key constructions possible — that is, a public key can be derived from a fixed signature and message pair such that the corresponding private key is provably unknown to anyone, making the UTXO’s key path provably unspendable and forcing any spend through the script path. It would avoid the need for temporary keys, which are otherwise required to make the key path unspendable in constructions that rely on script-path-only enforcement. This observation appears in Bitcoin Covenants: Three Ways to Control the Future by Jacob Swambo et al. (2020), although it remains a theoretical construction rather than a design proposed in BIP-118.
The primary risk associated with SIGHASH_ANYPREVOUT signatures is signature replay. Because these signatures do not commit to a specific outpoint, the same signature can be used to spend a different UTXO than the one originally intended, provided the new UTXO satisfies the remaining committed fields. This risk becomes more pronounced in specific configurations: when ANYPREVOUT | SINGLE is used and output amounts can be rearranged; when a separate UTXO exists with the same scriptPubKey and amount, in the case of ANYPREVOUT; when the same public key appears in a compatible script, in the case of ANYPREVOUTANYSCRIPT; or when a miner can influence transaction ordering and inclusion to exploit these conditions. However, these scenarios require either deliberate misuse or a failure of the user or developer to account for replay conditions during protocol design.
In our next article we will commence our discussion of Opcodes that serve as supporting tools. These extend the expressiveness of Bitcoin script or data handling but do not implement covenant functionality unless combined with other opcodes. In this next category, we will discuss OP_CHECKSIGFROMSTACK and OP_CAT.
Crypto World
Michael Saylor Reveals the One Metric Keeping MicroStrategy’s Bitcoin Play Sustainable
Michael Saylor spotlighted Strategy’s BTC Breakeven ARR on Tuesday, July 7. He argued Bitcoin (BTC) only needs 3.3% yearly growth to fund the firm’s preferred dividends from capital gains indefinitely.
The metric divides annual preferred dividend obligations, now roughly $1.76 billion by company figures, by the value of the corporate Bitcoin reserve. Saylor called it one of the most misunderstood numbers attached to Strategy (formerly MicroStrategy).
What BTC Breakeven ARR Means for MicroStrategy
Strategy reports holding 843,775 BTC, worth roughly $53.8 billion with Bitcoin trading near $63,603, and the stack keeps growing. The company disclosed 818,334 BTC in its May earnings release, meaning it added over 25,000 coins through a drawdown.
Saylor, the company’s founder and executive chairman, made the case in a Tuesday post on X (Twitter).
“One of the most misunderstood $MSTR metrics is BTC Breakeven ARR. If BTC appreciates faster than 3.3% over time, BTC capital gains can fund $STRC dividends indefinitely.”
A companion chart from Strategy illustrates the trade-off. At zero Bitcoin growth, the reserve plus a $2.55 billion cash buffer covers about 31 years of payments, per the company’s dashboard. The buffer alone funds roughly 17 months.
The pitch leans on a real track record. MicroStrategy has paid 23 consecutive preferred distributions totaling over $693 million since early 2025, per its Q1 release.
Critics Question the Bitcoin Dividend Math
The model assumes obligations stop compounding, and so far, they have not. Preferred dividends hit $229.5 million in the first quarter of 2026, up from $10.6 million a year earlier. Preferred equity outstanding has swelled past $13.5 billion.
Skeptics also doubt the funding side. JPMorgan recently warned that Strategy’s Bitcoin sales policy could add up to $1.25 billion in sell pressure. On-chain data already pointed to a new Bitcoin sale of 491 BTC on July 1, which was later confirmed to be 7x bigger.
Meanwhile, STRC paid an 11.5% annualized rate in May yet trades below its $100 par target. Preferred holders still price in risk despite the low breakeven hurdle.
Whether 3.3% proves a low bar depends on Bitcoin reclaiming its long-term trend, with the price down nearly 49% from its October peak.
However, coming payments may reveal how much of the burden falls on BTC sales rather than capital gains.
The post Michael Saylor Reveals the One Metric Keeping MicroStrategy’s Bitcoin Play Sustainable appeared first on BeInCrypto.
Crypto World
Bitcoin Sticks to $63,000 as John Bollinger Eyes a ‘Critical Point’ for BTC price
Bitcoin (BTC) circled $63,000 after Tuesday’s Wall Street open as chip companies led a dip in US stocks.
Key points:
- Bitcoin attempts to hold $63,000 after seeing its highest levels in two weeks.
- US stock markets see a correction on the day SpaceX joins the Nasdaq-100.
- Bollinger Bands creator John Bollinger continues to eye a long-term BTC price reversal.
BTC price comes off two-week highs as US stocks fall
Data from TradingView showed BTC price action cooling after a trip to $64,660 — its highest point since June 22.

BTC/USD one-day chart. Source: Cointelegraph/TradingView
BTC/USD surfed a comedown in US equities, with the S&P 500 and Nasdaq 100 down 0.6% and 2.1%, respectively, at the time of writing. Chip stocks led the sell-off, with Micron Technologies, whose earnings were highly anticipated last month, down over 9%.

Micron Technologies stock one-hour chart. Source: Cointelegraph/TradingView
At the same time, Tuesday was due to see SpaceX added to the Nasdaq 100 after its own stock turbulence in late June.
“This marks the fastest inclusion into the Nasdaq 100 in the index’s history,” trading resource The Kobeissi Letter noted in its latest commentary on X.

US spot Bitcoin ETF net flows (screenshot). Source: Farside Investors
Fresh from a second day of net inflows to the US spot Bitcoin exchange-traded funds (ETFs), BTC/USD managed to avoid a major comedown.
“Correlation to the Nasdaq just flipped to +0.72 from -0.87 in the matter of days last week,” trader Daan Crypto Trades reported on X.
“That’s the difference between trading like a complete hedge/inverse and trading like a high beta tech stock. Right now we’re back to the middle on the 4H timeframe.”

BTC/USDT futures (Binance) four-hour chart. Source: Daan Crypto Trades/X
Commentator Exitpump was conservative on low time frames, expecting a “rounding topping structure” and further downside next.
“The next correction on S&P should mark the true $BTC bottom according to history,” trader Killa suggested.
“Lets see if we repeat, 2015, 2018 & 2022.”

S&P 500 chart data. Source: Killa/X
Bollinger: “We are at a critical point”
In recent X discussions, meanwhile, John Bollinger, creator of the Bollinger Bands volatility indicator, had some more positive news for Bitcoin bulls.
Related: Bitcoin can fall below $58K if one of its ‘cleanest’ metrics copies history: Analysis
As Cointelegraph reported, Bollinger was eyeing a “W”-shaped reversal pattern currently in the process of confirmation on daily time frames.
Last week, he queried whether its latest iteration could end up canceling the BTC price downtrend altogether.
“We are at a critical point,” he added on Monday.
“In a bear market bullish setups break and in a bull market bearish setups break. So if this W pattern is successful I would see it as a confirmation of a change in trend.”

BTC/USD one-day chart with Bollinger Bands. Source: John Bollinger/X
Crypto World
Strike Launches Volatility-Proof Bitcoin-Backed Loans
Bitcoin financial services platform Strike has launched a “volatility-proof” Bitcoin-backed loan that eliminates margin calls and forced liquidations amid the depths of a bear market, but only for those who can pay on time and handle a 14% interest rate.
In an announcement on Tuesday, Strike CEO Jack Mallers said the offering came in response to broad customer feedback on Strike’s first Bitcoin loan product, which launched in May 2025 and triggered many liquidations during a timeframe in which Bitcoin (BTC) dropped 54% from peak to trough.
“No margin calls. No price liquidations. No matter how far bitcoin falls, your bitcoin doesn’t move,” Strike CEO Jack Mallers said of the new Bitcoin loan product. The trade-off is an expensive interest rate, a shorter six-month loan term, and an obligation to pay on time to avoid liquidation, Mallers said.

Strike’s Jack Mallers is presenting the new Bitcoin-backed loan product. Source: Jack Mallers
The Bitcoin industry has spent the better part of a decade racing to build financial products that expand Bitcoin’s use case beyond a savings technology. A report in June from crypto lending platform Ledn, however, found that while 88% of surveyed crypto investors said they would consider a crypto-backed loan, only 14% use them.
Ledn said confidence in crypto-lending products and market volatility are among the main reasons for this 6-to-1 “crypto collateral gap” that has slowed adoption.
Volatility has been one of the biggest obstacles behind that push, with Bitcoin dropping 30% or more in 10 of the past 12 years, while also experiencing a 50% or more drawdown four times since 2014, Mallers noted.
Other crypto market participants offering Bitcoin-backed loans are Binance, Coinbase, Nexo and Xapo Bank.
Strike charges double-digit interest
The maximum initial loan-to-value ratio for the volatility-proof loans is 45%, meaning that a customer who puts up $100,000 in Bitcoin as collateral can borrow up to $45,000, while the annual percentage rate (APR) is also 2.95 percentage points higher than Strike’s standard loan product.
“The secret sauce is that we’re taking the extra charge that we’re giving you guys and we’re putting it on extra hedges in the market to protect all of us.”
Strike’s standard Bitcoin loans charge an annual percentage rate between 7.75% and 11.25%, meaning the volatility-proof products could carry interest between 10.7% and 14.2%.
“If you’re OK with a slightly shorter term and a little bit higher of a fee, there is no price move that can liquidate you,” Mallers said.
Over the past year, Bitcoin has fallen 54% from its all-time high of $126,080 in October to $58,190 on June 25.
Bitcoin investor Fred Krueger said the loan product “could eliminate one of Bitcoin’s biggest structural problems: forced selling during market crashes.”
“Instead of volatility causing automatic liquidations, defaults would be driven by borrowers’ inability to service debt rather than by temporary price swings,” he said.
Related: Coinbase rolls out UK crypto-backed loans as FCA shapes rules
“Great product for those who need near-term liquidity and don’t want to risk liquidation,” added Vibes Capital Management executive chairman Rob Topping, though he also acknowledged the 14% APR was expensive.
Customers must pay up or face consequences
If a client misses a payment, they have 10 days to make the payment or contact Strike to explain their financial situation, Mallers said.
Failing to pay after that 10-day period may mean Strike starts liquidating their Bitcoin to cover the overdue amount, Mallers warned.
“If we don’t hear from you for a few weeks, then I may have no choice but to sell off some of the Bitcoin because it seems like you’re doing a hit-and-run.”
“That’s why we call it ‘volatility-proof,’ not ‘liquidation-proof,’” Mallers added.
The Bitcoin loans are offered in most US states and can be taken out in both personal and business names. They can be used for new loans, refinancing or consolidating.
While the minimum loan amount varies from state to state, the minimum loan offered through personal loans is $10,000, while businesses in certain states can access loans as low as $5,000.
Features: Bitcoin miners are pivoting to AI, so why is the hashrate near ATHs?
Crypto World
Bitcoin Covenants Part 3: SIGHASH_ANYPREVOUT Explained for Builders
Bitcoin covenants continue to be explored through incremental, deployable changes to the protocol—rather than sweeping new functionality. In Cointelegraph Research’s technical series, the focus shifts to SIGHASH_ANYPREVOUT, a proposed soft-fork upgrade that changes how Bitcoin signatures bind to the transaction they authorize.
As described in BIP 118, SIGHASH_ANYPREVOUT would not introduce a new opcode. Instead, it proposes a new value for the SIGHASH flag so that signatures can omit commitment to the exact outpoint being spent. The key idea: keep important parts of the previous output committed, while relaxing one binding that normally prevents safe signature reuse across compatible UTXOs.
Key takeaways
- SIGHASH_ANYPREVOUT is a proposed SIGHASH-flag value, not a new opcode, intended for soft-fork deployment.
- The proposal excludes the spent outpoint from the signature digest, enabling signature reuse across different but compatible UTXOs.
- SIGHASH_ANYPREVOUT preserves commitments to the previous output’s amount, scriptPubKey, and the input’s nSequence; SIGHASH_ANYPREVOUTANYSCRIPT relaxes the scriptPubKey commitment too.
- Because the signature no longer commits to a specific outpoint, replay risk increases, depending on how the scheme is configured and implemented.
- The “soft-fork upgradability” constraints limit applicability to taproot spends under the proposal’s design.
Why outpoint binding matters in Bitcoin signatures
In Bitcoin, the SIGHASH flag is appended to a signature and determines what parts of a transaction are included in the data that the CHECKSIG opcode verifies. The signer chooses the SIGHASH value; it is not enforced by scriptPubKey. The upshot is that different SIGHASH modes control how tightly a signature is cryptographically bound to the transaction structure.
Cointelegraph Research notes that Bitcoin already has several standard SIGHASH behaviors. For example, with SIGHASH_ALL, the signature must cover all inputs, all outputs, and the specific outpoint (the transaction ID plus output index) being spent—meaning the authorization is locked to that exact UTXO. Variants like SIGHASH_NONE and SIGHASH_SINGLE loosen what outputs are committed to, while ANYONECANPAY allows a single input to be signed independently of other inputs. However, the common thread is that none of these established modes allows the signature to omit commitment to the outpoint itself.
That omission—removing outpoint commitment from the digest—is the central change SIGHASH_ANYPREVOUT introduces.
What BIP 118 proposes: two ANYPREVOUT variants
According to BIP 118, SIGHASH_ANYPREVOUT defines two variants that differ in how much of the previous output remains in the signing digest.
SIGHASH_ANYPREVOUT excludes the outpoint from the digest. But the signature still commits to several other fields: the previous output’s amount and scriptPubKey, along with the input’s nSequence. In other words, the signature is not tied to “which exact UTXO index is spent,” yet it remains tied to the characteristics of the previous output relevant to spending conditions.
SIGHASH_ANYPREVOUTANYSCRIPT goes further by also excluding the previous output’s amount and scriptPubKey. As Cointelegraph Research highlights, this means the signature is not bound to the locking script of the spent output at all. The rest of the signature message construction follows the normal Taproot signature digest rules, depending on the selected base flag (such as SIGHASH_ALL or SIGHASH_SINGLE).
How signature reuse could work—and why it matters for layer-2
The practical effect of leaving the outpoint out of the digest is that the same signature can authorize spending any compatible UTXO that matches the remaining committed fields. Cointelegraph Research provides a concrete example: a transaction pre-signed under ANYPREVOUT | ALL to create a 0.5 BTC output could be reused later if the address receives a different 0.5 BTC UTXO. In that scenario, reuse does not depend on retaining the original signing key.
But reuse is not free of economic consequences. If the new UTXO holds more than the original amount, the extra value may be lost to miners unless the original design included a change output. That means protocol designers still need to account for the possibility that the “next available” compatible UTXO might differ in total value—despite the signature being reusable.
Cointelegraph Research connects this rebinding property to a broader use case: layer-2 protocols. In these systems, it’s common to preconstruct or preauthorize transactions that must later become valid under multiple possible on-chain realities. By allowing the same pre-signed transaction to apply to multiple compatible UTXOs, ANYPREVOUT-style flexibility can reduce the number of times new signatures—and new coordination—are required.
Where covenants fit—and what remains technically missing
For covenant-like applications, the research notes a crucial distinction. SIGHASH_ANYPREVOUT preserves commitment to the previous output’s scriptPubKey, making it more relevant than SIGHASH_ANYPREVOUTANYSCRIPT, which removes that binding entirely. If the goal is to enforce that funds remain governed by a specific locking script across compatible UTXOs, maintaining that commitment is typically important.
The series also clarifies a limitation. While SIGHASH_ANYPREVOUT improves on what pre-signed transactions can already do, it does not by itself enable more advanced covenant mechanisms such as recursive covenants or transaction introspection. Instead, it changes the binding between a signature and a specific UTXO, allowing reuse across compatible candidates—one building block rather than a complete covenant system.
Cointelegraph Research additionally references academic work suggesting another theoretical angle: removing outpoint commitment might enable “recovered-key” constructions where a public key can be derived from a fixed signature and message pair such that the corresponding private key is provably unknown. In principle, that could force spending through a script path rather than a key path, potentially avoiding temporary keys used in some script-path-only designs. However, the piece stresses that this observation appears in research literature rather than representing a BIP-118 design proposal.
The main downside: signature replay risk
The most important concern with SIGHASH_ANYPREVOUT signatures is signature replay. Cointelegraph Research explains that because the signature does not commit to a specific outpoint, the same signature can be used to spend a different UTXO than the one originally intended—so long as the new UTXO satisfies the other committed fields.
The severity depends on configuration and surrounding assumptions. The research highlights situations where replay becomes more pronounced, such as:
- Using ANYPREVOUT | SINGLE when output amounts can be rearranged.
- Having a separate UTXO with the same scriptPubKey and amount in the case of ANYPREVOUT.
- Having compatible script structures that include the same public key in the case of ANYPREVOUTANYSCRIPT.
- Miner influence over transaction ordering and inclusion that could potentially be exploited under certain conditions.
At the same time, Cointelegraph Research emphasizes that these are not unavoidable flaws. They generally require deliberate misuse or failure to account for replay conditions during protocol design and implementation.
Looking ahead, Cointelegraph Research says the next article will move from signature mechanics to “supporting tools”—opcodes that expand what Bitcoin script can express or how data can be handled, but don’t provide covenant behavior on their own. For readers tracking SIGHASH_ANYPREVOUT’s relevance, the open watchpoints are straightforward: how developers plan to mitigate replay risk, which taproot spend patterns emerge in practice, and whether future covenant constructions can leverage the relaxed outpoint binding without introducing new operational fragility.
Crypto World
EX DeFi makes earning BTC and XRP easy for everyone
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.
EX DeFi is gaining attention as an AI-powered cloud mining platform, offering users access to BTC, DOGE, and LTC mining without owning hardware.
Summary
- EX DeFi launched a cloud mining platform with AI-powered infrastructure and free computing power for new users.
- It has expanded its cloud mining services, highlighting AI optimization, security features, and multi-asset support.
- The platform has introduced AI-driven cloud mining services for BTC, DOGE, LTC, and other major digital assets.
As we enter 2026, mainstream digital assets such as Bitcoin (BTC), Dogecoin (DOGE), and Litecoin (LTC) continue to attract widespread attention from global investors. For many newcomers to cryptocurrencies, how to participate in the digital asset market with a lower barrier to entry and explore long-term profit opportunities has become a key focus. Therefore, free cloud mining platforms are gaining popularity.

Compared to traditional mining models that rely on ASIC miners, cloud mining eliminates the need to purchase expensive equipment and incur electricity costs or complex maintenance. Users simply need to register to participate in the digital asset ecosystem through cloud computing power, starting their digital asset experience in a more convenient way.
Among numerous cloud mining platforms, EX DeFi has gradually become one of the most watched platforms in the market due to its AI-driven computing power optimization technology, automated management system, and transparent operating model. The platform offers a variety of cloud computing power products, helping users participate in the digital asset ecosystem more easily and efficiently, attracting the attention of many novice users and long-term investors.
EX DeFi – A Cloud Mining Platform to Watch in 2026
Register now and receive a $17 reward of computing power for new users!
For those new to cloud mining, EX DeFi offers a low-barrier-to-entry experience. The platform provides new users with $17 worth of free computing power, combined with AI-powered intelligent hosting and computing power optimization technology, making it easier for users to participate in cloud computing services. Whether someone is a cryptocurrency novice or someone looking to learn about long-term cloud computing models, EX DeFi makes it easy to start their digital asset journey.
EX DeFi Platform Advantages
Compliance and Transparency
Headquartered in the UK, EX DeFi is committed to providing digital asset services within a transparent and compliant operating framework, continuously improving its platform operation system to create a more reliable user experience.
Security Protection
The platform employs an offline cold wallet storage solution, combined with the McAfee® cloud security system and Cloudflare® enterprise-grade network protection, providing multi-layered protection for user accounts, assets, and data security.
Supports Multiple Mainstream Digital Assets
The platform supports multiple mainstream digital assets, including BTC, ETH, XRP, USDC, DOGE, SOL, LTC, and USDT, meeting the asset management needs of different users.
Daily Earnings Settlement
Cloud computing power earnings are settled daily according to platform rules. Users can flexibly manage their assets according to platform regulations, providing a more convenient experience for long-term participation in the digital asset ecosystem.
Green Energy Data Center
EX DeFi’s data center uses clean and renewable energy to provide stable support for cloud computing power services, while actively practicing green and sustainable development concepts.
Affiliate Program
The platform launches an affiliate program, where eligible users have the opportunity to receive rewards of up to $50,000, providing more incentives for long-term participation in the platform ecosystem.
How to Start Earning Passive Income?
1. Register
Visit the EX DeFi official website and create an account on the platform using an email address. Upon successful registration, users will receive a $17 newcomer bonus.
2. Choose a Smart Contract Plan
Choose a popular mining contract that matches a particular budget and contract term, and start automatic mining with one click.
3. After purchasing the contract,
The system will automatically contribute computing power to the mining pool, and the rewards will be automatically credited to the account within 24 hours. No action is required; the principal will be automatically returned upon contract expiration.
Popular DeFi Yield Plans
BTC (Beginner Trial Contract): Investment: $100 | Term: 2 days | Daily Yield: $4 | Total Yield: $100 + $8
DOGE (Goldshell-Mini-Doge-Pro): Investment: $500 | Term: 6 days | Daily Yield: $6.5 | Total Yield: $500 + $39
BTC (Canaan-Avalon-A1466): Investment: $1,000 | Term: 10 days | Daily Yield: $13.4 | Total Yield: $1,000 + $134
BTC (Bitmain-S19): Investment: $7,000 | Term: 25 days | Daily Yield: $107.8 | Total Yield: $7,000 + $2,695
BTC (Whats-M56) Investment Amount: $30,000 | Term: 33 days | Daily Yield: $501 | Total Earnings: $30,000 + $16,533
Click here to learn more about EX DeFi mining contract options.
Conclusion: Why EX DeFi is one of the mining platforms to watch in 2026
As the digital asset industry continues to develop, cloud computing power is gradually becoming a convenient way for more and more users to participate in the cryptocurrency ecosystem. Among many platforms, EX DeFi has attracted the attention of more and more new users with its transparent operating model, intelligent computing power management, and simplified usage process, providing users with a more relaxed digital asset participation experience.
For office workers, freelancers, and digital asset novices who want to understand the cloud mining model with a lower barrier to entry, EX DeFi provides a more convenient way to get started. Users do not need to purchase complicated hardware equipment to participate in the digital asset ecosystem through cloud computing power, and further understand and experience how to create more income using computing power.
Ready to start the cryptocurrency journey? Register for EX DeFi now and start the intelligent passive income journey.
Disclosure: This content is provided by a third party. Neither crypto.news nor the author of this article endorses any product mentioned on this page. Users should conduct their own research before taking any action related to the company.
-
Fashion4 days agoWeekend Open Thread: High Hopes
-
NewsBeat3 days agoTaylor Swift and Travis Kelce wedding staffer hilariously struggles to keep her cool while checking in megastars
-
Fashion1 day agoOpen Thread: What Great Books Have You Read Recently?
-
Crypto World7 days agoAirdrop Registration Becomes Key Focus For Remittix As RTX Launch Updates Approach
-
Politics5 days agoThe House | “Reframing the debate from a binary discussion of winners and losers”: Yuan Yang reviews ‘We Are Not Machines’
-
Crypto World4 days agoStandard Chartered Secures MiCA License as ESMA Adds 37 New Crypto Firms
-
Business1 day agoAXT Shares Jump Nearly 14% as Semiconductor Materials Maker Rebounds on AI-Linked Indium Phosphide Demand
-
Sports7 days agoBroncos roster: OL Ben Powers (No. 74) entering final year of contract
-
Crypto World6 days agoBinance stock trading tops $1B in first month after launch
-
Crypto World1 day agoSK hynix (000660.KS) Stock Dips as $28B Nasdaq ADR Offering Drives AI Memory Expansion
-
Crypto World6 days agoAlibaba-affiliate Ant Group enters the humanoid robot market with 12 deals
-
Crypto World3 days agoSouth Africa proposes crypto tax guidance under existing rules
-
News Videos1 day agoBest Time to Enter Small Caps Right Now? Another Bull Run? | Financially Free
-
Tech3 days agoLenovo laptops are now shipping with YMTC SSDs, a sign of Chinese NAND entering the mainstream
-
News Videos24 hours agoWhats Hidden Inside This Cash Register? #treasure #reselling #money
-
Business6 days agoMeta Platforms Stock Jumps 7% Today as Bloomberg Reports Company Plans to Enter the Cloud Business
-
NewsBeat6 days agoNew exhibition reflects five decades of movement between island of Ireland and GB
-
Business5 days agoWhat a 10 Percent Drop Means for Buyers, Sellers and Renters
-
Crypto World5 days agoBinance Re-Enters Philippines As EU MiCA Rules Restrict Access
-
News Videos2 days agoAvoid entering in FOMO #bitcoin #cryptocurrency #trading #scalping

You must be logged in to post a comment Login