Crypto World
Who is Vlad Tenev? The Robinhood CEO explained
He built the app that made stock trading free, sat at the center of the GameStop crisis, launched a blockchain, dismissed memecoins, embraced one six days later, and runs an AI company chasing mathematical superintelligence on the side.
Summary
- Vlad Tenev is co-founder and CEO of Robinhood Markets, the brokerage that popularized commission-free trading and now runs its own blockchain, roughly 28 million customers across 38 countries.
- He co-founded the company with Baiju Bhatt. Before it was Robinhood, they called it CashCat, a discarded name that a memecoin resurrected in 2026.
- Robinhood was at the center of the 2021 GameStop episode, and in the second quarter of that year, 62% of its crypto revenue came from Dogecoin. Its history with joke-driven investing is long.
- In July 2026 he launched Robinhood Chain, told CNBC that assets without underlying utility are not productive, then posted six days later that the chain works great for memes too.
- He is also co-founder of Harmonic, an artificial intelligence company pursuing what it calls mathematical superintelligence, and predicts AI agents will soon trade as well as experienced humans.
Most crypto figures are one thing. Vlad Tenev is the chief executive of a publicly listed American brokerage, the person who made retail stock trading free and then had to explain to Congress what free actually cost, a blockchain founder, an advisor to a decentralized perpetuals exchange, and the co-founder of an artificial intelligence company trying to build mathematical superintelligence. In July 2026 he did all of those jobs in the same fortnight, and in the middle of it dismissed memecoins on television and then endorsed one on X. Understanding him is less about biography than about a pattern that repeats: Tenev builds the infrastructure for a kind of trading he describes as serious, and the traffic that shows up is not.
The company he built
Tenev co-founded Robinhood with Baiju Bhatt. The pitch was simple and, at the time, radical: stock trading with no commissions, on a phone, designed for people who had never owned a brokerage account. It worked. Robinhood now serves roughly 28 million customers across 38 countries and trades on Nasdaq under HOOD.
The name almost was not Robinhood. Before settling on it, the founders called the company CashCat, a detail preserved in a New Yorker profile and largely forgotten until 2026, when a memecoin on Robinhood’s own blockchain resurrected it and briefly reached a $156 million market capitalization. Tenev had tweeted about the CashCat name himself back in April 2021, which meant the lore was documented and personally acknowledged long before anyone tokenized it.
The commission-free model is what everything else follows from, and it is not what most users think. Robinhood does not charge commissions because it routes customer orders to market makers who pay for that flow. The practice is called payment for order flow, and the economics rest on retail orders being valuable precisely because they are uninformed. That structure made Robinhood large, made it controversial, and, as of 2026, has been rebuilt on a blockchain by a company Tenev advises.
GameStop, and what it proved
In January 2021, Robinhood ended up at the center of the most chaotic retail trading episode in modern American history. GameStop’s stock, propelled by a retail crowd largely trading on Robinhood, ran to levels that threatened the firms on the other side. Robinhood restricted buying in the affected names. The decision triggered accusations that the platform had sided with institutions against its own users, congressional hearings, and a durable reputational cost that shaped how the company is read to this day.
The technical explanation, that clearing house collateral requirements spiked and the firm had to restrict activity to meet them, is broadly accepted and did little to change the narrative. The episode fixed Robinhood in the public imagination as the company that democratized trading right up until democratization became expensive.
It also proved something about the business. In the second quarter of 2021, 62% of Robinhood’s crypto revenue came from Dogecoin. A single joke asset produced the majority of a public company’s crypto business. Robinhood has never been a stranger to speculative retail enthusiasm. It has monetized it repeatedly, and the July 2026 memecoin episode is the third act of a pattern rather than a departure from one.
The blockchain bet
On July 1, 2026, Tenev unveiled the blockchain he launched at a livestream from the Old Royal Naval College in London, billed as The World is Flat and described by the company as its most ambitious global expansion and product vision to date.
The architecture was serious. Robinhood Chain is an Ethereum layer 2 built on Arbitrum’s Orbit stack, using ether for gas, running roughly 100-millisecond block times, and settling to Ethereum mainnet. Its flagship product is Stock Tokens: on-chain instruments tracking equities including Nvidia, Apple, and Alphabet, tradeable around the clock and usable in DeFi. The launch stack included Chainlink for oracle pricing, BitGo for custody, Uniswap for liquidity, Morpho for lending, and Lighter for perpetual futures inside Robinhood Wallet.
The business logic is visible in the earnings. Robinhood’s crypto transaction revenue fell 47% year over year to $134 million in the first quarter of 2026, and native-app crypto trading volume dropped 48% to $24 billion. The company cut roughly 10% of its workforce, about 290 people, weeks before the launch. Total revenue of $1.07 billion and platform assets up 39% to $307 billion show the wider business is healthy, but the chain is an explicit attempt to swap volatile transaction revenue for infrastructure income. Tenev is not experimenting. He is trying to own the rails.
The strategy has a wrinkle worth knowing: Stock Tokens are structured as tokenized debt securities, conferring no shareholder rights and no legal ownership of the underlying shares, and they are unavailable to US persons. The CEO of an American brokerage built a tokenized equity product his American customers cannot buy.
The six days
The sequence that defines his 2026 is short enough to state precisely.
On July 2, the day after the chain went live, Tenev told CNBC that the future of crypto is in real-world assets, drawing an explicit line between productive tokenized assets and speculative tokens without underlying utility. His formulation was that an asset not tied to an underlying utility is not a productive asset.
On July 8, as CASHCAT climbed toward a nine-figure market capitalization on his own chain, he posted on X that while the company is building Robinhood Chain to be the best chain for real-world assets, it works great for memes too. He followed the token’s account. For the full context, crypto.news has covered his memecoin reversal in full.
Six days. The charitable reading is that a permissionless chain cannot control what deploys on it and a CEO refusing to acknowledge the most visible thing on his own network would look absurd. The uncharitable reading is that the endorsement, however light, told the market what the company actually values, which is volume, and that a regulated brokerage asking institutions to tokenize serious assets on its chain does not advance that case by cheerleading a cat token. Robinhood’s crypto chief stayed on message throughout, insisting the focus remains a secure and scalable foundation for real-world assets.
Both readings are available and Tenev has not resolved them, which may itself be the position.
The trade the market noticed
One episode from July belongs in any honest account, because it is the kind of detail that shapes how a CEO is read.
Filings show Tenev sold 375,000 HOOD shares in early July, at weighted average prices ranging from roughly $112.22 to $118.14, for a total in the region of $43.6 million. Robinhood’s chief legal officer, Daniel Gallagher, sold shares on July 6 for approximately $1.1 million. Robinhood Ventures Fund I sold as well. The sales landed in the same window as the chain launch, the CNBC interview, and the CASHCAT post.
Context matters and cuts in both directions. Tenev continued to hold more than 48.2 million Class B shares after the transaction, so this was a trim rather than an exit, and by any proportional measure a small one. Executive share sales are also routinely conducted under pre-scheduled plans adopted months in advance precisely so that timing cannot be read as signalling, and a sale executed under such a plan carries no information about what the seller thinks. Anyone drawing conclusions from the timing needs to check whether a plan governed it before drawing them.
What is not in dispute is how it looks, and appearance is the currency a consumer brokerage trades in. A chief executive selling $43.6 million of stock during the fortnight he launched a blockchain and amplified a memecoin on it is a set of facts that arrive together whether or not they are connected. Robinhood’s history makes that harder rather than easier: this is the company whose defining crisis was a decision that looked like it served institutions over users, explained afterward by a technical account that was accurate and did not land.
The broader pattern is what makes it worth stating. Tenev’s public communication is consistently accurate at the level of the individual statement and consistently ambiguous at the level of what the company actually wants. Assets without utility do not last, and the chain works great for memes. Robinhood Chain is institutional infrastructure, and its most famous asset is a cat. The stock is a long-term bet, and here is $43.6 million. Each statement defensible, the aggregate unresolved.
That ambiguity may be deliberate, and it may simply be what running a retail brokerage in 2026 requires: the serious story is what persuades institutions and regulators, and the fun story is what brings volume. Tenev has never had to choose, and the July sequence is the clearest example yet of a career spent not choosing.
The other company
The part of Tenev that crypto coverage almost entirely misses is that he co-founded an artificial intelligence company and it is not a side project.
Harmonic was founded in 2023 by Tenev and Tudor Achim, former chief executive of Helm.ai. Its stated goal is building AI systems that can solve complex mathematical problems, an ambition the company calls mathematical superintelligence, with a flagship model named Aristotle. It raised a $100 million Series B in July 2025 at an $875 million valuation, led by Kleiner Perkins with participation from Sequoia Capital, Index Ventures, and Paradigm.
Note that last name. Paradigm is one of crypto’s largest venture firms, and it is funding the Robinhood CEO’s AI mathematics company. That crossover is not incidental to how Tenev talks about the future.
Because the AI thesis is now inside Robinhood. He has predicted that AI agents will soon trade financial assets as effectively as experienced human traders. The company is building toward it: Robinhood markets its chain as AI-native and is rolling out Agentic Accounts, which let eligible users connect AI models to Robinhood’s data and tools through a Trading MCP so agents can analyze markets and construct strategies while humans retain control of capital. Third parties have gone further, with the agent platform Bankr integrating Robinhood Chain so users can trade tokenized stocks and memecoins by text command on X or Telegram.
There is an asymmetry there worth noticing. Americans are barred from Stock Tokens and barred from perpetual futures through the wallet. Agentic Accounts are rolling out in the United States. The AI trading product is the one Tenev can ship to his home market.
The business nobody covers
Ask what Robinhood’s fastest-growing crypto-adjacent business is and most people will say the chain. They would be wrong.
Robinhood’s prediction markets platform processed more than 12 billion contracts in 2025, including a record 8.5 billion in the fourth quarter alone. On the earnings call, Tenev noted that NBA contracts had overtaken NFL contracts in trading activity, defying expectations that the end of football season would drag volumes down, and pointed to the Winter Olympics, the FIFA World Cup, and March Madness as catalysts for a strong year. He described the business as being at the beginning. Non-sports contracts are contributing too, with a government shutdown contract driving substantial volume. For more context, crypto.news has explained Robinhood’s fastest-growing business.
For context on scale, the company reported record fourth-quarter revenue of $1.28 billion, slightly below Street estimates of $1.34 billion, with earnings of 66 cents per share against a 62-cent consensus.
That business sits inside the same regulatory fight as everything else Tenev touches. The CFTC is asserting exclusive federal jurisdiction over prediction markets, litigating against states, and doing it with a single confirmed commissioner. Whatever happens to Robinhood’s prediction markets will be decided by the same understaffed agency that the CLARITY Act would make crypto’s primary regulator.
Reading him
The pattern across sixteen years is consistent enough to state.
Tenev builds infrastructure for a serious version of retail finance, describes it in serious terms, and then discovers that what retail actually wants is the fun version.
Commission-free trading was democratization until it was GameStop. The crypto business was portfolio diversification until 62% of it was Dogecoin. Robinhood Chain is institutional settlement infrastructure for tokenized real-world assets, and its defining asset is a cat named after a company name he threw away in 2010.
The uncharitable conclusion is that he keeps building casinos and calling them exchanges. The charitable one, and probably the more accurate, is that he keeps building genuine infrastructure and retail keeps using it for entertainment, which is a fact about retail and not about him. The chain is real. The engineering is real. Tokenized equities settling on-chain is a thesis serious institutions share, and Robinhood is the only brokerage that also built the settlement layer.
What is not resolved is whether Tenev can hold both positions at once, because the entire regulatory proposition of Robinhood Chain is that a licensed brokerage extends institutional standards into DeFi, and that proposition is what would persuade issuers to tokenize serious assets there. The measurable test is close: second-quarter earnings land on July 29 and will show whether Stock Tokens are converting, or whether the $12.8 million of tokenized assets on a $312 million chain is what it looks like. That is the thesis he is betting the company on.
What to watch
Three measurable things will settle how the 2026 chapter is read.
Second-quarter earnings on July 29. This is the first look at Stock Token adoption from the company’s own books instead of from chain metrics distorted by a 90-day gas subsidy. Crypto transaction revenue fell 47% year over year in the first quarter and native-app crypto volume fell 48%. The chain was the response. Either the response is producing revenue or it is producing traffic, and the filing will say which.
The real-world asset figure on the chain. Roughly $12.8 million of tokenized assets against about $312 million in total value locked. That ratio is the entire thesis expressed as a fraction. If it improves substantially while memecoin activity fades, Tenev was right and the speculation was ignition. If it stays flat, the chain attracted a crowd that had no interest in the product.
Whether the American wall moves. Stock Tokens are barred to US persons. Wallet perpetuals are barred to US persons. Agentic Accounts are rolling out in the United States. That asymmetry is a map of what American law currently permits, and it is why the CLARITY Act and the CFTC’s staffing matter to Robinhood more than to almost any other listed company. If tokenized equities come onshore, Tenev has already built the rail and 28 million customers become addressable. If they do not, he has built a product for everywhere except home.
The through-line is that every one of those depends on decisions made outside the company, by regulators and legislators, which is an unusual position for a founder who spent a decade routing around gatekeepers. Robinhood’s original insight was that you could give retail direct access and let the incumbents object afterward. The chain inverts it: this time the access requires permission first, and Tenev is waiting on Washington like everyone else.
Frequently asked questions
Who is Vlad Tenev?
Co-founder and chief executive of Robinhood Markets, the brokerage that popularized commission-free stock trading and now operates its own Ethereum layer 2 blockchain. He co-founded the company with Baiju Bhatt. Robinhood serves roughly 28 million customers across 38 countries and trades on Nasdaq under HOOD. He is also co-founder of Harmonic, an artificial intelligence company, and an advisor to the perpetuals exchange Lighter.
What was Robinhood’s original name?
CashCat. Tenev and Bhatt used it before settling on Robinhood, a detail recorded in a New Yorker profile. Tenev tweeted about the name himself in April 2021. In July 2026, a community memecoin called CASHCAT resurrected the discarded name on Robinhood’s own blockchain and briefly reached a market capitalization near $156 million, with no affiliation to the company.
What was Tenev’s role in GameStop?
Robinhood was the primary platform for the retail crowd driving GameStop’s 2021 surge, and it restricted buying in the affected stocks at the peak. The move triggered accusations that the company had sided with institutions against its users and led to congressional hearings. Robinhood explained that clearing house collateral requirements had spiked, an account broadly accepted technically and largely ineffective reputationally.
Did Tenev change his position on memecoins?
The sequence is documented. On July 2, 2026, he told CNBC that assets not tied to an underlying utility are not productive assets and that real-world assets were crypto’s durable direction. On July 8, as CASHCAT climbed on his chain, he posted that the chain works great for memes too and followed the token’s account. Whether that constitutes a reversal or an acknowledgement of a permissionless network is contested.
What is Harmonic?
An artificial intelligence company Tenev co-founded in 2023 with Tudor Achim, former chief executive of Helm.ai, aiming to build AI systems that solve complex mathematical problems, an ambition it calls mathematical superintelligence. Its flagship model is Aristotle. It raised a $100 million Series B in July 2025 at an $875 million valuation, led by Kleiner Perkins with Sequoia, Index Ventures, and the crypto venture firm Paradigm participating.
Why did Robinhood build a blockchain?
Business pressure and strategic positioning. Crypto transaction revenue fell 47% year over year to $134 million in the first quarter of 2026 and native-app crypto volume dropped 48% to $24 billion, prompting roughly 290 layoffs. The chain is an attempt to replace volatile transaction revenue with infrastructure income, and Robinhood is the only major brokerage that built its own settlement layer instead of partnering for one.
What are Robinhood’s prediction markets?
Its fastest-growing and least-covered business. The platform processed more than 12 billion contracts in 2025, including a record 8.5 billion in the fourth quarter. Tenev has said NBA contracts overtook NFL contracts in activity and pointed to the Winter Olympics, FIFA World Cup, and March Madness as catalysts. The sector’s regulatory future rests with the CFTC, which is claiming exclusive jurisdiction while operating with one confirmed commissioner.
What is Tenev’s view on AI and trading?
He has predicted AI agents will soon trade financial assets as effectively as experienced human traders, and Robinhood is building toward it. The company markets its chain as AI-native and is rolling out Agentic Accounts, letting eligible users connect AI models to Robinhood’s data and tools through a Trading MCP while retaining control of capital. Notably, Agentic Accounts are rolling out in the United States, where Stock Tokens and wallet perpetuals are unavailable.
Disclaimer: This article is for information and educational purposes only and does not constitute financial or investment advice. It describes a public company, its executives, and its products, and is not a recommendation to buy or sell any security or token. Company figures, product availability, and jurisdictional restrictions change frequently and should be verified independently. Always do your own research. Information is accurate as of July 17, 2026.
Crypto World
Tokenization has become a strategic priority for 84% of financial firms
On Wednesday, DTCC completed its first live production trades involving tokenized securities, marking a major step toward bringing blockchain technology into traditional financial markets.
Broadridge’s findings suggest those efforts are influencing the broader industry. Sixty-eight percent of respondents said tokenization will at least partially reshape financial markets within the next three to five years, while nearly one-third plan to increase investment in tokenization projects by 26% to 50% or more over the next two years.
The survey also found firms are not preparing for an all-onchain future. Instead, 92% expect digital and traditional assets to coexist for the foreseeable future, and 69% plan to integrate tokenization into existing infrastructure rather than build separate blockchain-native systems.
That mirrors the approach taken by many large financial institutions, which have generally focused on connecting blockchain networks to existing trading, custody and settlement systems instead of replacing them.
Adoption remains uneven across the industry. Forty-four percent of capital markets firms said they already have tokenization initiatives in production or operating at scale, compared with 20% of asset managers and 9% of wealth managers.
The survey also pointed to where firms expect tokenization to gain traction first. About 80% of respondents believe tokenized mutual funds and money market funds will play a meaningful role within five years, reflecting the rapid growth of tokenized Treasury products. By comparison, only about half expect tokenized equities to achieve similar adoption over that period.
Crypto World
Kaspersky Flags Malware Framework Targeting Crypto Investors
Cybersecurity researchers are flagging a fresh wave of malware tactics aimed at people who hold, build, and advise on crypto-related software. Kaspersky, for instance, says it has discovered a new malware framework—dubbed OkoBot—that targets cryptocurrency investors by combining social engineering with data theft capabilities.
At the same time, SlowMist warns of a separate intrusion campaign that targets Web3 developers through seemingly legitimate recruitment messaging on LinkedIn, pushing victims to run poisoned code hosted on GitHub. Together, the incidents underscore how attackers are increasingly using everyday work routines—interviews, code trials, and app installs—as delivery mechanisms for malware.
Key takeaways
- OkoBot is designed to steal crypto-related data by harvesting wallet files, browser information, credentials, and injected browser or extension activity.
- Kaspersky says it has observed multiple OkoBot-linked attacks since January 2026, and that the framework evolved from an earlier campaign called TookPS.
- OkoBot’s infrastructure reportedly routes all payload delivery through an SSH tunnel, enabling remote data transport to attacker-controlled systems.
- SlowMist reports LinkedIn-based “recruiter” scams that deliver malicious GitHub repositories disguised as technical interview tasks for Web3 developers.
- The recruitment workflow mirrors legitimate developer interviews closely enough to lower suspicion, increasing the chance victims will run the malicious code.
OkoBot targets crypto holders through wallet and browser theft
In a report released this week, Kaspersky described OkoBot as a malware framework that kickstarts an infection chain using social engineering and “malicious app” delivery tactics. According to Kaspersky, the initial entry includes tricks such as ClickFix, which aims to persuade users to execute harmful commands, as well as trojanized GitHub applications that can introduce a backdoor to a compromised device.
Once a system is under attacker control, Kaspersky says OkoBot is capable of collecting sensitive information that is directly relevant to crypto ownership. The company reports that the malware can:
- Harvest cryptocurrency wallet files.
- Extract browser data and user credentials.
- Inject malicious extensions.
- Capture wallet application windows, potentially enabling theft through on-screen or session-related data.
Kaspersky also stated that it identified multiple attacks using this malware family since January 2026. For investors, the practical concern is not only that wallets could be accessed, but also that browser activity and stored authentication data can be used to move faster toward account takeovers or transfer operations.
How the infrastructure works: payload orchestration via SSH
A notable detail in Kaspersky’s analysis is that OkoBot allegedly differs from prior campaigns by how it manages its malicious payloads. Kaspersky said the framework orchestrates all 20 malicious payloads via an SSH tunnel, which supports remote transport of data from compromised computers to systems controlled by attackers.
That matters because it points to an operational model where the attacker retains strong control over follow-on stages after initial compromise. Instead of relying solely on static behavior, a tunneled architecture can help attackers adapt to victims and collect information more reliably, depending on what the malware finds on each host.
Kaspersky also described OkoBot as an evolution of TookPS, a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites. By evolving from an earlier delivery approach and adding more coordinated payload handling, the OkoBot framework appears positioned to increase both infection success and post-compromise effectiveness.
LinkedIn recruitment scams push Web3 devs into running poisoned repositories
Separate research from SlowMist focuses on a different target set: Web3 developers. In a report published on Saturday, the firm said attackers are reaching developers through LinkedIn messages that impersonate Web3 recruiters.
SlowMist’s description of the workflow suggests attackers are deliberately choosing a high-trust, familiar entry point. After initial contact, victims are sent what appear to be fake GitHub repositories, framed as a “minimum viable product” that the developer should install and try before an interview.
The technique is effective, SlowMist argues, because it resembles a real technical interview process. The report notes that a legitimate developer workflow often involves pulling code, installing dependencies, and launching a project—steps victims naturally perform while preparing for an interview. In that environment, malicious code can be less obvious, especially if the victim does not expect a security risk from a repository “connected” to a recruiting conversation.
What attackers aim to steal from developer systems
SlowMist said the end goal is to deliver a complete remote access trojan to the victim’s device. Once established, the malware could enable attackers to steal sensitive materials associated with development and operations, including project keys, cloud credentials, or data tied to wallet extensions.
SlowMist also emphasized that the recruitment approach is part of a broader pattern: attackers are increasingly leveraging scenarios such as recruitment, code reviews, and project collaborations to trick developers into running malicious repositories. In other words, this is not only about deception, but also about timing—waiting for the moment a developer is likely to execute code as part of normal work.
Importantly, this LinkedIn-focused warning came after SlowMist reported another campaign targeting macOS users. That earlier effort, as SlowMist described it, aimed to steal credentials and hijack Telegram sessions in order to coerce victims into submitting wallet recovery phrases through fake websites. While the TTPs differ between the campaigns, both point to the same underlying threat: attackers are methodically chaining social engineering and credential theft to ultimately compromise crypto access.
Going forward, both reports suggest readers should watch for more “legitimate-looking” pathways into compromise—especially where code execution is requested via recruiters, interview workflows, or third-party repositories. For investors and developers alike, the immediate question is not only whether malware is present, but whether attackers can leverage everyday trust and authenticated sessions to reach wallet-relevant secrets quickly.
Crypto World
Adam Back Talks About Bitcoin BIP-110 Controversy. “Satoshi Was Not Retarded”
Adam Back, Blockstream’s CEO, dismissed claims that Satoshi Nakamoto backed BIP-110, a contested Bitcoin (BTC) soft fork proposal. He mocked its backers on X for failing to fund what he called a cypherpunk summer celebration.
The exchange unfolded on July 18, 2026, as the debate over BIP-110 proposal approaches a critical signaling deadline. Back predicted the fork attempt would collapse within weeks of that deadline.
Adam Back Questions the Satoshi Assumption
A user on X argued Nakamoto would still back BIP-110 if he were alive today. Back rejected the premise outright. He then questioned whether Nakamoto is even dead, calling it pure speculation either way.
Back also denied being Nakamoto himself. The remark reopened a long-running debate over Bitcoin governance and who speaks for its founding vision. Back has weighed in on this dispute before, in his earlier fork risk warning.
Bitcoin, meanwhile, traded near $63,944 on the Bitcoin price chart, up 1.43% in 24 hours.
BIP-110 Struggles to Gain Miner Support
BIP-110 would temporarily cap the size of arbitrary data miners can embed in Bitcoin transactions, targeting Ordinals-style inscriptions. However, miner backing has stayed minimal so far. Signaling data show just 0.86% of blocks in the current difficulty period support the proposal. That is far short of the 55% threshold needed for lock-in.
Back mocked the proposal’s backers directly, pointing to their failure to monetize the campaign.
sad part is we didnt manage to get the 110 fork to pay for the cypherpunk summer afterparty. no airdrop, no liquidity, no fork futures. no money where their mouth is. ofc as they too know it’s failed.
The comment, meanwhile, echoes the long-running BIP-110 dispute that has split developers for months.
What Happens When Signaling Turns Mandatory
Mandatory signaling begins around block 961,632, roughly three weeks from Friday’s chain tip near block 958,529. Back predicted the fork would stall almost immediately afterward.
He said the first mandatory signaling block would trigger an automatic split. Bitcoin nodes always follow the chain with the most cumulative work.
Miners would have little reason to keep mining once their chain fell behind, Back said. He compared the abandoned fork to a “Pompeii chain,” frozen as a monument to the attempt’s failure.
The prediction follows Back’s earlier pushback against separate claims that Bitcoin would effectively fire noncompliant miners in August.
It also lands alongside renewed chatter about Satoshi’s dormant coins, another flashpoint in the identity debate.
Whether BIP-110 activates or fades away may hinge on how many miners flip the switch once signaling turns mandatory.
The post Adam Back Talks About Bitcoin BIP-110 Controversy. “Satoshi Was Not Retarded” appeared first on BeInCrypto.
Crypto World
SpaceX Stock Sinks Below IPO Price: The Hype Is Over?
SpaceX (SPCX) shares slipped below their $135 initial public offering (IPO) price this week. The stock had peaked above $200 in the weeks following its record Nasdaq debut. Elon Musk dismissed the retreat and predicted the company will eventually outvalue Earth itself.
The stock was priced at $135 a share in June, raising $75 billion in the largest IPO on record. It has now lost roughly a third of its value from that peak. Short interest surged as the price fell.
SpaceX’s Bold Claim Meets a Falling Stock
Musk’s forecast followed a SpaceX stock crash that wiped billions from his fortune this month. Musk responded directly to entrepreneur Peter Diamandis on X.
Diamandis argued that all owned material wealth on Earth totals about $600 trillion. Space, in his view, holds nearly infinite quantities of the same resources.
Musk’s math rests on that comparison, though it hinges on SpaceX reaching goals he never specified. The claim, however, is not new. Musk floated a similar SpaceX outvalue Earth argument earlier this month, well before the stock tested its IPO floor.
Short Sellers Draw Musk’s Ire
Bearish bets against SpaceX climbed sharply as the stock fell. Short interest reportedly reached about 185 million shares, or 29% of the tradable float.
That figure stood at roughly 40 million shares just three weeks earlier. It represents close to $25 billion in bearish wagers. Short sellers already hold an estimated $8.7 billion in paper profits.
The rapid buildup followed SpaceX’s historic IPO, which also sparked a rally in tokens tied to Musk, including Dogecoin. One widely shared post mocked the Ivy League pedigrees of short sellers. Musk then issued a warning of his own on X.
He offered no evidence for that claim, and the stock kept sliding regardless.
What Comes Next for SpaceX
The stock now trades near a level flagged in a recent falling wedge pattern. That pattern points to a possible rebound toward $158. Investors will also watch August share unlocks. That date lets insiders sell shares for the first time since the IPO, adding potential fresh supply.
SpaceX also scrubbed a Starship test flight this week. Automated safety systems halted the countdown at T-minus zero after several Raptor engines failed to ignite. Musk said two engines need replacement, with the next attempt likely early the following week.
Musk has separately argued that the scarcity of goods and services will eventually disappear. It reflects a related piece of his broader worldview on abundance.
That vision, though, remains untested against SpaceX’s near-term performance. Short sellers, meanwhile, appear willing to bet against the stock before the unlock date arrives.
The post SpaceX Stock Sinks Below IPO Price: The Hype Is Over? appeared first on BeInCrypto.
Crypto World
Kaspersky Flags Malware Framework Aimed at Crypto Investors
Two separate cybersecurity reports point to a growing trend in crypto-related malware: attackers are no longer relying only on obvious phishing emails. Instead, they are moving closer to the workflows people already use—recruiting pipelines, developer code trials, and wallet-related software behavior.
Kaspersky says it has uncovered a cryptocurrency-targeting malware framework dubbed “OkoBot,” which initiates an infection chain through social engineering, malicious commands, and trojanized GitHub applications. Separately, SlowMist describes a campaign aimed at Web3 developers that starts with fake LinkedIn recruitment offers and ends with poisoned repositories designed to deliver remote access.
Key takeaways
- Kaspersky links the OkoBot framework to wallet theft activity, including harvesting wallet files and capturing browser and credential data.
- OkoBot is designed to steal assets by injecting malicious browser extensions and collecting wallet application windows, Kaspersky reports.
- SlowMist warns that fake “recruitment” messages are being used to trick developers into running malicious GitHub repositories that resemble legitimate interview tasks.
- SlowMist says the campaign’s goal is to deliver a remote access trojan that can exfiltrate project keys and cloud or wallet extension data.
- Both reports emphasize social engineering paths—ClickFix-like tactics or developer-targeted collaboration scenarios—that make the attacks harder to spot.
Kaspersky: OkoBot targets crypto investors through wallet and credential theft
In a report released this week, Kaspersky describes OkoBot as a malware framework built to compromise cryptocurrency investors by chaining together multiple stages of intrusion. The first step is not purely technical; it relies on social engineering methods intended to get victims to act.
According to Kaspersky, initial access can come from tactics such as ClickFix, a technique that aims to trick users into running malicious commands. Alternatively, attackers may deliver similar outcomes by distributing trojanized GitHub apps that include backdoors once installed.
After gaining a foothold, Kaspersky says OkoBot has capabilities specifically relevant to crypto users and their systems. The malware can harvest crypto wallet files, collect browser data and user credentials, and manipulate the victim’s environment by injecting malicious extensions. It also reportedly captures wallet application windows, which can give attackers a more direct path to stolen assets than credential theft alone.
Kaspersky added that it has observed multiple attacks involving the OkoBot malware family since January 2026, suggesting the framework is not a one-off operation but part of an active campaign.
Evolution from TookPS: more orchestration, more reach
Kaspersky also frames OkoBot as an evolution of a prior threat. The company says the malware framework evolved from “TookPS,” a campaign first identified in 2025 that distributed a Trojan downloader via fake software websites. That earlier stage matters because it signals a progression in how attackers deliver and manage malicious payloads: from initial trickery and download into a more structured compromise process.
A distinctive operational detail in Kaspersky’s account is how OkoBot manages its payloads. The report states that it orchestrates all 20 malicious payloads via an SSH tunnel, allowing remote transport of data from infected computers to infrastructure controlled by attackers.
For investors and defenders, this design choice matters because it can complicate incident response. Data exfiltration over an SSH tunnel may blend with normal encrypted traffic patterns, and the multi-payload architecture suggests victims may not see a single obvious “binary” responsible for damage.
SlowMist: fake LinkedIn recruiting and “try before interview” repositories
In a separate report, SlowMist describes another approach to malware delivery: it targets Web3 developers by disguising an attack as recruitment. Rather than sending victims a generic phishing link, attackers reportedly contact developers through LinkedIn while posing as Web3 recruiters.
SlowMist says the attackers follow up with instructions to download and run code from fake GitHub repositories. The bait is framed as a realistic recruitment process: the repository is presented as a “minimum viable product” that the developer should try before the interview, which aligns closely with how technical screenings often work.
The company notes that the workflow looks and feels like a genuine interview assignment: developers are expected to pull code, install dependencies, and launch the project. That resemblance is a key factor in why the attack can be difficult to detect—there may be no obvious sign that a “try it now” task is actually weaponized.
Remote access trojan goals: keys, credentials, and extension data
According to SlowMist, the end goal of the LinkedIn-and-GitHub tactic is to deliver a complete remote access trojan onto the victim’s device. Once installed, SlowMist says attackers can steal sensitive information relevant to Web3 work, including project keys, cloud credentials, or wallet extension data.
SlowMist also emphasizes that this is not an isolated tactic. The report argues that attackers are increasingly exploiting scenarios that encourage developers to run code—such as recruitment tasks, code reviews, and project collaborations—turning normal professional behavior into an infection vector.
It is also notable that SlowMist’s write-up arrives amid a broader pattern of recent warnings. The security firm had also previously cautioned about a separate malware campaign targeting macOS users, designed to steal credentials, hijack Telegram sessions, and ultimately pressure victims into entering wallet recovery phrases via fake websites.
For readers and builders, the common thread across both reports is the same: attackers are calibrating their intrusions to the moments when people are most likely to click “run,” install, or test code—whether that happens after a recruiter message on LinkedIn or after a malicious “app” appears to be a legitimate GitHub tool. The next thing to watch is whether these campaigns expand into more standardized tooling for developers and more automation for account-level compromise, since both Kaspersky and SlowMist describe activity that looks organized and iterative rather than sporadic.
Crypto World
Kaspersky exposes OkoBot’s 20-module crypto wallet attack
Kaspersky has exposed OkoBot, a year-old malware operation that uses roughly 20 modules to steal crypto wallet recovery phrases and has affected users across at least five countries.
Summary
- Kaspersky uncovered OkoBot using roughly 20 modules to steal crypto wallet credentials.
- The malware has affected users in Brazil, Vietnam, Canada, Mexico, and Turkey.
- OkoBot uses fake recovery screens, keylogging, spyware, and ClickFix commands to target victims.
Kaspersky researchers discovered that the malware has remained active for more than a year, according to a report published by Bits.media. Most identified victims were located in Brazil, Vietnam, Canada, Mexico, and Turkey, while the operators blocked IP addresses from Russia and other Commonwealth of Independent States countries.
Distributed through GitHub repositories, OkoBot is disguised as legitimate software, including Microsoft SQL Server Management Studio. Kaspersky found that the attackers rely on the ClickFix social engineering method, which tricks victims into running malicious commands on their own devices.
The technique often presents users with fake error messages, verification steps, or repair instructions. Following those directions causes victims to execute code that installs the malware without realizing the command is malicious.
OkoBot targets seed phrases and wallet credentials
Among OkoBot’s modules, SeedHunter displays a fake recovery interface linked to hardware wallets such as Ledger and Trezor, according to Kaspersky. When users enter their recovery phrases into the fraudulent screen, the module sends the information to the malware operators.
A second module called MC Keylogger records keyboard input and monitors clipboard activity, allowing it to capture passwords, copied wallet addresses, and other credentials. OkoSpyware can track wallet passwords and record videos of open windows, giving attackers another way to observe activity on an infected device.
Once a recovery phrase is exposed, the attackers can use it to take control of the associated wallet and move its assets. Kaspersky warned that victims have little chance of recovering stolen cryptocurrency because blockchain transfers are generally irreversible.
The malware’s modular design also lets its operators collect different types of information from a single infected system. According to the security company’s findings, OkoBot can target both wallet access data and credentials connected to other services used on the device.
ClickFix attacks have also targeted crypto developers
OkoBot is the latest malware campaign found using ClickFix against the cryptocurrency sector. As crypto.news reported in April, North Korea’s state-backed Lazarus Group used the same technique in a macOS campaign known as “Mach-O Man.”
Citing research from CertiK, the report found that Lazarus sent fake online meeting invitations to fintech and crypto executives. Victims were instructed to paste supposed repair or verification commands into the macOS Terminal, which installed malware capable of stealing cryptocurrency and corporate information.
CertiK also found that the Mach-O Man toolkit deleted itself after running, making forensic analysis more difficult. The campaign combined social engineering with terminal-level commands instead of relying only on malicious file downloads.
Developer tools have provided another route into crypto systems. In May, crypto.news reported that TrapDoor malware was distributed through poisoned software packages targeting developers in cryptocurrency, decentralized finance, artificial intelligence, and security infrastructure.
According to that report, TrapDoor sought wallet data, API keys, cloud credentials, and SSH access tied to services and ecosystems including Coinbase, Binance, MetaMask, Brave, Solana, Sui, and Aptos. Researchers also found hidden prompts designed to manipulate Claude and Cursor into running fake security scans that exposed secrets and transmitted them to the attackers.
Crypto World
France Orders ISPs to Geoblock Polymarket Over Gambling Rules
France’s gambling regulator has ordered internet service providers to block access to Polymarket, escalating a wave of restrictions aimed at prediction platforms operating outside local authorizations.
In a Friday press release, the Autorité nationale des jeux (ANJ) said prediction websites fall under illegal gambling rules if they are not authorized, adding that advertising or promoting such sites is a criminal offense punishable by fines of up to 100,000 euros.
Key takeaways
- France’s ANJ has ordered ISPs to block Polymarket, citing lack of authorization and illegal gambling promotion risks.
- The regulator argues Polymarket’s features resemble regulated gambling, but without “protective mechanisms” found in the legal market.
- ANJ also raised concerns about possible outcome manipulation, including allegations involving weather-related contracts.
- Polymarket has already been geoblocked in multiple regions, according to its own documentation.
- Regulatory scrutiny is not limited to Europe: similar legal disputes have played out in the US between state actors and federal authorities.
France moves to block Polymarket
The ANJ’s order targets access to Polymarket through internet service providers, framing the platform as an unauthorized gambling offering. According to the regulator, Polymarket’s operations are not authorized in France, and the advertising of gambling sites without permission constitutes a criminal offense.
The decision comes as prediction markets continue to gain mainstream attention. Polymarket, in particular, has grown rapidly over the last two years, with trading volume reaching billions of dollars, even as regulators worldwide question whether its event contracts are gambling products, unlicensed offerings, or something closer to financial instruments.
France’s action also reinforces a broader pattern of country-by-country enforcement. Polymarket access has been blocked in places including Singapore, Poland, Portugal, Hungary, Ukraine, Brazil, and Indonesia, while at press time Polymarket said it was geoblocked in 36 regions, based on its published API documentation.
ANJ cites “addictive” mechanics and missing safeguards
Beyond the authorization question, the ANJ’s reasoning focuses on how prediction products are experienced by users. The regulator said Polymarket offers “addictive features” that are comparable to those of legally regulated gambling, but it claims those features are “amplified by the absence of the protective mechanisms found in the legal gambling market.”
This distinction matters for investors and users because it goes to how regulators classify the product. When a platform resembles regulated gambling mechanics but lacks corresponding protections—such as consumer safeguards and oversight—authorities are more likely to pursue takedowns, advertising restrictions, and access blocking, even if the platform markets itself as a different kind of market.
Outcome manipulation concerns and investigation status
The ANJ also pointed to the risk of outcome manipulation in certain event contracts. It cited alleged rigging, including a specific example: bets tied to weather outcomes where the regulator said weather sensors may have been hacked.
“Some of the bets offered on this platform appeared to be rigged: for example, bets on the weather revealed that weather sensors may have been hacked.”
In addition, the cybercrime unit of the Paris Public Prosecutor’s Office opened an investigation in May 2026 and, according to the article’s account of the regulator’s findings, identified a lack of identity verification safeguards such as Know Your Customer checks.
For participants, this kind of enforcement pressure highlights a key operational fault line: regulators are not only focused on contract structure, but also on platform controls—especially around participant verification and the reliability of the information used to settle outcomes.
France builds on earlier warnings, while US regulators escalate
This is not France’s first move. Earlier coverage noted that the ANJ shared plans in November 2024 to block Polymarket after the platform allegedly failed to comply with national gambling laws, and the Friday decision follows through with the required ISP-level blocking.
The French action arrives amid an ongoing legal fight over prediction markets in the United States. On June 17, Kentucky sued five prediction market platforms, including Kalshi and Polymarket, alleging they were operating unlicensed sports betting platforms—according to the earlier reporting cited in the article. Additional states have followed suit. Separately, the Commodity Futures Trading Commission (CFTC) has sued New Mexico, arguing that state-level interference encroached on the federal regulator’s exclusive authority over federally regulated event contracts, as reflected in the referenced CFTC dispute.
Taken together, the US and France developments underscore a persistent regulatory tension: prediction markets sit at the intersection of gambling law, securities and commodities frameworks, and consumer protection rules. Even when platforms frame themselves as market infrastructure for forecasting rather than wagering, regulators appear willing to treat them as gambling-like products when participation mechanics and consumer risk resemble traditional betting.
As France implements the ISP blocking order, the next question for readers and market participants is how Polymarket and other affected platforms will adjust compliance, identity verification, and settlement-risk controls—and whether the broader trend shifts from geoblocking to more formal legal resolutions in major jurisdictions.
Crypto World
Ethereum braces for CLARITY vote as bulls defend crucial support
Ethereum has risen 1.8% to $1,845 after Rep. Bryan Steil raised hopes for a Senate vote on the CLARITY Act next week, while ETF inflows and firm chart support kept traders cautiously bullish.
Summary
- Ethereum rose 1.8% as Bryan Steil raised hopes for a CLARITY Act vote next week.
- Spot Ethereum ETFs recorded $105 million in weekly inflows, their highest since April.
- ETH must defend $1,830 and break $1,854 to target the $1,947 resistance zone.
Steil, who chairs the House Financial Services Subcommittee on Digital Assets, told FOX Business that the bill could reach the Senate floor in the coming week. Passage could place ETH under a digital commodity framework and establish federal rules for its trading and oversight.
During a July 17 hearing, Steil urged lawmakers to complete the legislation as the Senate prepares to consider it. “Let’s pass CLARITY,” he stated in remarks published by the House Financial Services Committee.
Polymarket traders raised the probability of the bill becoming law in 2026 to 39% from 30% on July 17. However, unresolved disputes over ethics rules and stablecoin yields have kept the odds below 50%.

Institutional flows have also improved. SoSoValue data showed that spot Ethereum ETFs attracted $105 million between July 13 and July 17, their strongest weekly inflow since April.
Ethereum’s decentralized finance activity has grown alongside the ETF demand. DeFiLlama placed the network’s total value locked at about $40.5 billion, up from roughly $36 billion at the start of July. The network also processed $978.9 million in decentralized exchange volume and 2.46 million transactions over the past 24 hours.
Ethereum must clear $1,854 to reopen the path toward $1,947
Ethereum’s daily chart shows a double-bottom structure formed around $1,511, with the neckline near $1,847. ETH briefly climbed to $1,947 before returning to test the neckline, which now overlaps with the 0.786 Fibonacci retracement at $1,853.82.

A daily close above $1,854 would place the recent $1,947 high and the 100-day exponential moving average near $1,939 back in play. The double-bottom structure has a measured target near $2,180, while crypto analyst Michaël van de Poppe expects $2,200 to $2,400 if the $1,780 support remains intact.
Daily momentum still favors buyers, although the pace has slowed. The MACD line stands at 35.57, above the 21.69 signal line, while the positive histogram has contracted to 13.88. The relative strength index sits at 57.15, leaving ETH below overbought territory.
On the 4-hour chart, Ethereum (ETH) remains inside an ascending channel that has guided the recovery since late June. Its lower boundary and the previous Supertrend support meet around $1,830, while the upper boundary extends toward $2,040. Chaikin Money Flow remains positive at 0.07, but the active Supertrend resistance at $1,908 must fall before buyers can retest the July high.

CoinGlass’ 48-hour liquidation heatmap places the nearest dense leverage cluster between $1,860 and $1,870. More positions sit around $1,900, while downside liquidity has accumulated near $1,810 and $1,790.

According to analyst Ted Pillows, the $1,820–$1,850 region will decide ETH’s next move.
“If Ethereum holds above it, expect another uptrend towards $1,950–$2,000.”
A break below $1,780 would weaken Ethereum’s recovery
Ethereum would lose its 4-hour channel if sellers force a close below $1,830. Such a move would expose the 50-day EMA near $1,812 and could trigger leveraged long liquidations around $1,810.
A deeper decline below the 61.8% Fibonacci level at $1,780.64 would weaken the double-bottom setup and open the 50% retracement at $1,729.24. Pillows also cited the escalating U.S.-Iran situation as a risk to the $1,820–$1,850 support zone.
Political uncertainty remains another invalidation risk. Failure to resolve the CLARITY Act’s ethics and stablecoin provisions could delay a Senate vote, remove the immediate catalyst behind ETH’s rebound, and place the $1,780 support under renewed pressure.
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.
Crypto World
Wall Street adapts to new era of Federal Reserve communications
F/m Investments’ Washington, D.C., office is just a short drive from the Federal Reserve‘s headquarters. But under the central bank’s new leadership, CEO Alexander Morris has found the distance feeling far greater.
Fed Chairman Kevin Warsh embarked on an overhaul of the central bank’s forward-looking communication since taking the post in May. That move sounded the alarm for market participants like Morris, whose investing theses rely in part on predicting what the Fed will do with interest rates.
“We’ve made a pretty good business out of decoding Fedspeak,” said Morris, referring to the jargon-heavy communication preferred by central bank leaders. “And he just said he was going to go quiet on us.”
This week, Morris’ firm, which manages exchange-traded funds tied to inflation and U.S. Treasurys, released “WarshGPT.” It’s an artificial intelligence-powered tool that parses nearly 1,800 documents and transcripts from Warsh, with the goal of helping users understand how he may analyze issues related to the economy or monetary policy.
F/m Investments is one of many financial institutions readying for an era with less public forecasting from Warsh’s Fed. In some cases, they’re turning to AI models to gain an edge in investing.
“Whether the Fed is providing a lot of information or a little information, investors have to understand what the Fed is likely to do in the future,” said Gary Richardson, a former historian at the central bank who’s now a University of California, Irvine, economics professor. “With limited information, people are going to try to do anything they can to figure out what the Fed is thinking.”
US Federal Reserve Chair Kevin Warsh speaks during his first news conference since taking the helm at the central bank on June 17, 2026 in Washington, DC.
Chen Mengtong | China News Service | Getty Images
Greetings and briefcase sizes
Investors and Fed watchers have wondered if former Chairman Alan Greenspan‘s communication style can serve as a baseline for what to expect under Warsh.
In that era, Richardson said people joked that Greenspan simply saying “good evening” could cause a market decline. Financial media tracked a so-called briefcase indicator, which operated on the theory that Greenspan carrying a bulkier bag meant he accumulated evidence for why borrowing costs should be altered.
Alan Greenspan
Anjali Sundaram | CNBC
Already, Warsh has made expectations clear for a shift in how the Fed publicizes information. One of his task forces aimed at reshaping the Fed’s operations is focused on how the central bank communicates.
June’s Federal Reserve meeting statement — the first such release under Warsh — contained around 130 words, down from figures above 300 words seen in prior publications, a CNBC analysis found. Warsh, who acknowledged the statement was “shorter” and “simpler,” said it purposefully excluded forward guidance.
In his first post-decision press conference as chairman, Warsh allocated 5% of sentences to policy-relevant topics, according to UBS. That number came in at 27% for an average meeting under predecessor Jerome Powell, the bank said.
‘One word can move dollars’
F/m Investments’ WarshGPT chatbot cost less than $1,000 to build with Anthropic‘s Claude model, despite the name being a riff on rival OpenAI‘s ChatGPT. It took roughly two weeks to create from inception to release, a timeframe that included pre-rollout testing by a group that included Fed alumni and newsletter writers.
In addition to Warsh’s communications, the product also taps into economic and political history to ensure its responses have context. But F/m set limits to what WarshGPT can do: The bot doesn’t talk as Warsh and will not offer offer forward statements or forecasts.
F/m isn’t the only large firm reconsidering its strategies and tools for understanding a Warsh-led central bank.
UBS runs an interactive dashboard for clients to track the Fed’s policy tone. It allows users to have an unbiased assessment of Warsh’s commentary during meetings, according to Elena Amoruso, a strategist at the Swiss bank.
Following Warsh’s debut policy meeting as chief last month, Amoruso told clients that Warsh’s policy-relevant comments were “overwhelmingly hawkish.” The central bank leader’s stance was driven by his views on the labor market and growth, she said, in addition to the state of inflation.
“Arguably, this is the most high-value data set … in terms of how much one word can move dollars,” Amoruso told CNBC.
At JPMorgan Asset Management, chief global strategist David Kelly has some backup plans if the Fed stops putting out key releases. If the central bank does away with the “dot plot,” for instance, Kelly said his team will more closely mull over speeches by members of the Federal Open Market Committee — the group tasked with setting interest rates — to get a sense of how they would next vote.
To be sure, Kelly said major changes to Fed communication would likely take several months to announce and implement. He said the final decisions may not be as drastic as some expect.
“Just like the Federal Reserve says it can be patient in adjusting interest rates to the economy, we can be patient in adjusting our resources,” Kelly said.
‘Less clarity’
Still, investors anticipate having less forward guidance from the Fed could result in bigger market swings after policy decisions or members’ public appearances. Some traders see a chance to rake in larger returns in this environment.
“If there’s less communication about the reaction function, I actually think that’s a negative for the economy,” said Steve Friedman, a New York Fed alum who’s now senior macroeconomist at MacKay Shields. However, “less clarity about what the Fed may do can actually be a source of alpha for investors if you have a robust framework for thinking about the economy and monetary policy.”
If Warsh dials back public speaking engagements, Friedman said he would more closely monitor speeches from Fed Governor Christopher Waller. Friedman described Waller as a “bellwether” for the broader committee.
Waller said this week that the Fed shouldn’t be focused on “fighting the last war” with inflation, but that interest rate hikes could still be on the table.
Christopher Waller, governor of the US Federal Reserve, during the Federal Reserve’s Payments Innovation Conference in Washington, DC, US, on Tuesday, Oct. 21, 2025.
Aaron Schwartz | Bloomberg | Getty Images
Retail traders may need to further diversify their portfolios to account for added policy uncertainty under Warsh, according to UC-Irvine’s Richardson. Investment firms looking to get ahead, meanwhile, will be spending big to hire Fed alumni who can help make predictions in a lower-transparency environment, Richardson said.
There are already differing expectations forming for how the Fed will proceed with policy in the coming months.
Fed funds futures traders are pricing in an almost 59% likelihood that the central bank increases interest rates in September, according to CME’s FedWatch tool. On the other hand, Kalshi traders think it’s most likely that the Fed will keep rates unchanged at that meeting.
“For ordinary investors, it’s already really hard for them to figure out what’s going on,” Richardson said. “It’s going to become much harder.”

Crypto World
Kaspersky Uncovers Malware Framework Targeting Crypto Investors
Kaspersky has uncovered a new malware framework targeting cryptocurrency investors.
Dubbed “OkoBot,” the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices, the cybersecurity company wrote in a Wednesday report.
The malware can harvest crypto wallet files, browser data and user credentials, inject malicious extensions and capture wallet application windows to steal assets. Kaspersky said it identified multiple attacks involving this malware family since January 2026.
Kaspersky added that the malware framework evolved from “TookPS,” a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites, and that it opens the door to copycat attacks.
It differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel, which enables the remote transport of data from infected computers to remote machines controlled by attackers.

Original OkoBot infection chain. Source: Kaspersky
Fake LinkedIn recruitment campaigns target Web3 developers with malware
Separately, a new malware campaign is seeking to infiltrate the devices of Web3 developers via fake LinkedIn recruitment opportunities, according to SlowMist.
Attackers contact blockchain developers via LinkedIn, posing as Web3 recruiters. They then send fake GitHub repositories to victims, claiming they contained the minimum viable product that needed to be tried before the interview, the blockchain security company said in a Saturday report.
The workflow closely resembles a legitimate technical interview where developers pull code, install dependencies and launch a project, which makes it difficult to notice the attack, according to SlowMist.
Related: UK sentences 2 hackers tied to $115M crypto ransom scheme
The malware aims to deliver a complete “remote access trojan” that infects devices, enabling attackers to steal project keys, cloud credentials, or wallet extension data from these developers.
“This attack is not an isolated case,” wrote SlowMist, adding that recent incidents illustrate that “attackers are increasingly leveraging scenarios such as recruitment, code reviews and project collaborations to trick developers into actively running malicious repositories.”
The report came a day after SlowMist warned of a separate malware campaign targeting macOS users, aiming to steal their credentials and hijack their Telegram sessions to ultimately trick investors into entering their wallet recovery phrases through fake websites.
Magazine: Does Botanix’s failure prove Bitcoiners don’t care about DeFi?
-
NewsBeat2 days agoLondon Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
-
Fashion20 hours agoWeekend Open Thread – Corporette.com
-
Politics4 hours agoThe House | The City of London can help the new chancellor deliver growth in every postcode
-
Crypto World3 days agoCFTC blocks Kalshi from unwinding Michigan trades after court order
-
Politics3 days agoYoung campaigners urge incoming PM to act on outdoor junk food ads
-
Business2 days agoNvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
-
Crypto World3 hours agoRipple Payments Joins MiCA With 14 Firms, Does It Mean Anything For XRP?
-
Entertainment3 days agoDisney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
-
Crypto World16 hours agoRipple wins EU-wide access as ESMA adds it to MiCA register
-
Tech4 days agoGet Your ESP32 Sunny Side Up With This Solar Dev Board
-
News Videos4 days agoXRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
-
Crypto World2 days agoInjective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
-
Business2 days agoPalantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
-
NewsBeat1 day agoRegistration is now open for March for Men with Kev 2026
-
Tech4 days agoDark Secrets Emerge When Jailbreaking LLMs
-
Sports3 days agoNew Cornerback Enters Vikings Trade Rumor Mill
-
News Videos1 day agoMoney | Class 12 Economics | CBSE Board Exam 2026-27
-
Business2 days agoBanco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
-
NewsBeat9 hours agoDurham County Council to send out electoral registration emails
-
Tech5 days agoCloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human

You must be logged in to post a comment Login