Most crypto users worry about price, narratives, and the next airdrop.

Very few think about who actually controls the flow of transactions.

Yet beneath the surface, a subtle shift is happening—one that could quietly reshape the foundations of DeFi:

Validator power is concentrating… and credible neutrality is starting to crack.

What Is “Credible Neutrality” Anyway?

At its core, credible neutrality means:

The network processes transactions fairly, without bias, manipulation, or favoritism.

It’s one of the invisible assumptions that makes DeFi work.

• Your trade gets executed without discrimination
• Your liquidation isn’t selectively delayed
• Your transaction isn’t censored based on identity or strategy

Without neutrality, DeFi stops being permissionless finance… and starts looking a lot like traditional finance with extra steps.

The New Power Stack: Restaking + MEV

Two major innovations—both powerful on their own—are now intersecting:

1. Restaking

Restaking allows validators to reuse their stake across multiple protocols to earn additional yield.

Sounds efficient, right?

But it creates a new dynamic:

• Validators now secure multiple systems simultaneously
• Risk and influence become interconnected
• Large validators gain disproportionate leverage

The result: a smaller group of actors ends up sitting at the center of multiple ecosystems.

2. MEV (Maximal Extractable Value)

MEV refers to profits that validators can extract by controlling transaction ordering.

Examples include:

• Front-running trades
• Back-running arbitrage
• Reordering transactions for profit

MEV has already turned block production into a highly competitive, profit-maximizing game.

When These Two Combine…

This is where things get uncomfortable.

Restaking + MEV creates:

• Cross-protocol coordination incentives
• Shared validator dependencies across systems
• Economic pressure to act strategically—not neutrally

Validators are no longer just passive participants.

They’re becoming multi-system profit optimizers.

The Real Risk: Coordinated Behavior

Here’s the part that’s rarely discussed outside deep dev circles:

Validators may begin coordinating behavior across systems.

Not necessarily through malicious intent—but through aligned incentives.

This could look like:

• Prioritizing certain transactions across multiple chains
• Delaying or censoring transactions that hurt their positions
• Coordinating MEV strategies across ecosystems
• Favoring protocols, they are economically exposed to

And the scary part?

None of this requires ideology or bad actors.

Incentives purely drive it.

From Ideological Censorship → Economic Censorship

Crypto has long feared censorship from governments or centralized entities.

But the emerging threat is different:

Censorship becomes economic, not political.

Validators don’t need to “believe” anything.

They just need to maximize profit.

If censoring or reordering transactions is more profitable…

It will happen.

Why DeFi Should Care (A Lot)

DeFi protocols are built on a fragile assumption:

The base layer behaves fairly.

But if validators gain the ability—and incentive—to act otherwise:

• Liquidations can be manipulated
• Trades can be selectively executed
• Arbitrage becomes gatekept
• Entire strategies stop working

This introduces:

• Hidden risk
• Uneven playing fields
• Reduced trust in protocol outcomes

In short:

DeFi becomes less predictable—and less fair.

The Illusion of Decentralization

From the outside, everything still looks decentralized:

• Thousands of validators
• Multiple chains
• Diverse ecosystems

But under the hood:

• The stake is concentrated
• Infrastructure is shared
• Incentives are aligned

This creates a soft form of centralization—not visible in governance, but very real in execution.

So, What Can Be Done?

There’s no easy fix, but awareness is the first step.

Some directions being explored:

• MEV mitigation (e.g., fair ordering, encrypted mempools)
• Decentralizing validator sets further
• Reducing reliance on shared validator infrastructure
• Designing protocols that are resilient to ordering manipulation

Still, these are evolving solutions to a rapidly evolving problem.

Final Thought

Crypto didn’t promise perfection.

But it did promise neutrality.

If validators become powerful enough to coordinate across systems…

We may not lose decentralization overnight.

But we might slowly lose something just as important:

The guarantee that the system treats everyone the same.

And once that’s gone, DeFi doesn’t break dramatically—

It just quietly stops being fair.

REQUEST AN ARTICLE

TLDR:

• The attacker used durable nonce accounts to pre-sign transactions weeks before executing the $280M drain on Drift Protocol.
  
• No smart contract bug was involved — the breach relied on social engineering to obtain 2/5 multisig approvals in advance.
  
• Even after a Security Council migration on March 27, the attacker regained access to required signers within a short period.
  
• All borrow/lend balances, vault deposits, and trading funds were affected, while DSOL and Insurance Fund assets remained safe.

The Drift Protocol exploit has rattled the decentralized finance space, with attackers draining approximately $280 million from the platform. The breach involved a coordinated admin takeover rather than any smart contract vulnerability.

How the Attacker Gained Control of Drift’s Security Council

The attacker secured access to Drift’s Security Council admin using pre-signed transactions via durable nonce accounts.

This approach allowed transactions to be signed in advance and executed at a later time. There was no evidence of compromised seed phrases linked to the breach. The attack was not the result of any smart contract bug or exploit.

As early as March 23, multiple durable nonce accounts were established across multisig members and attacker-controlled wallets. This pointed to weeks of advance planning and careful staged execution before the attack was carried out.

The attacker likely obtained 2/5 multisig approvals through sophisticated social engineering tactics. Misrepresented transaction approvals are also considered a likely method used to gain those approvals.

On March 27, Drift carried out a Security Council multisig migration, apparently to address the existing security concerns. Shortly after, the attacker regained effective access to the required signers.

This showed that the compromise was persistent and extended well beyond the migration event. The migration did not successfully block the attacker’s ability to proceed with the plan.

According to initial findings shared by SolanaFloor, the attack was highly coordinated and involved weeks of preparation. On April 1, a legitimate insurance fund test transaction took place on the platform.

Just minutes later, two pre-signed nonce transactions were executed in rapid succession. This enabled a near-instant takeover of the protocol’s admin controls.

Withdrawal of Funds and Drift’s Ongoing Response

With full admin control secured, the attacker introduced a malicious asset into the protocol. Withdrawal limits were then removed, and protocol permissions were exploited to drain funds from users.

The total amount withdrawn reached approximately $280 million across the platform. All funds held in borrow/lend, vault deposits, and trading balances were affected by the drain.

Funds not deposited into Drift, including DSOL, were unaffected by the exploit. Insurance Fund assets are currently being moved to safer locations for protection.

All protocol functions have since been frozen to limit further damage. The compromised multisig wallet has also been removed to prevent continued access.

Drift is now actively working with security firms, bridges, and exchanges to trace the stolen assets. Law enforcement agencies have also been brought into the investigation.

The team is coordinating across multiple channels to explore potential recovery options. A full postmortem report is expected to be published in the near future.

No timeline has been shared by Drift for when platform operations might resume. The team confirmed that recovery coordination remains the current priority at this time.

Drift is also working with law enforcement to identify the individuals behind the attack. Further updates are expected as the investigation continues to develop.

Chainlink price fell 6% to $8.55 on Thursday as crypto investors remained concerned over a potential escalation in the U.S.–Iran war.

According to data from crypto.news, Chainlink (LINK) price fell 6% to $8.50 on Thursday as the crypto market fell, reacting to news of the U.S. preparing for a heavy attack on Iran over the next two to three weeks to secure a decisive victory.

Despite Chainlink’s price drop, a massive accumulation trend by whales suggests that large-scale investors remain bullish on the long-term prospects.

In an April 1 X post, CryptoQuant analysis of the top 10 outflow transactions showed that whales were withdrawing over 8,000 LINK tokens from Binance daily. Furthermore, the monthly average outflows for the asset have increased from 2,000 LINK to 2,600 LINK per day.

The whale withdrawals suggest that they could be moving these funds to cold storage with the intent of holding the tokens for longer periods. Commitment from large holders often sparks retail interest and thereby strengthens the price floor as it tends to reduce the total supply of LINK held on exchanges. 

Notably, exchange supply ratio data from CryptoQuant has shown a consistent drop through February. At the time of writing, the Exchange Supply Ratio stood at 0.127, near monthly lows, a sign of sustained accumulation since mid-February.

Low exchange balances also help address concerns around sudden short-term selling pressure by limiting the liquid supply available to traders. Subsequently, it can pave the way for a rapid price rebound once macroeconomic tensions ease.

On the daily chart, Chainlink price has been forming a double-bottom pattern, a bullish reversal signal in technical analysis. It is in the process of completing the second trough of the double bottom.

Other technical indicators on the daily timeframe seem to favor the bulls. Notably, the Supertrend indicator has turned green. When this signal flips green, it typically suggests that the short-term momentum is shifting in favor of the buyers.

The Chaikin Money Flow Index has also recorded a positive reading, a sign that institutional capital is steadily entering the market.

Hence, Chainlink price will likely bounce back to its March 16 high of $10 next. However, it could face a potential drop to $8 amidst the broader market downturn before its next leg up.

Solana’s native token SOL faced a notable pullback after a rejection near the $93 level last Wednesday, slumping about 11% as traders assess the chain’s near-term support. With the price testing the $80 region on multiple occasions in recent days, market participants are watching whether SOL can defend a key floor or if a deeper retracement toward the mid-$70s could emerge.

Amid softer price action, Solana’s on-chain activity remains anchored by its ecosystem’s ongoing revenue generation. The latest data show that while Solana’s DEX volumes cooled, the network continues to support a higher concentration of high-revenue DApps than many rivals, underscoring continued developer interest in the chain. Over the past month, total value locked on Solana stood at roughly $6.3 billion, a fraction of Ethereum’s approximate $54.1 billion. At the same time, Solana’s on-chain fees totaled about $18.5 million in March, a roughly 42% decline from January’s level, driven primarily by softer DeFi activity on the network.

In a broader market context, Ethereum’s on-chain activity remained robust in a shifting landscape dominated by layer-2 solutions. March DEX volumes across Ethereum and its Layer-2 ecosystems reached about $41 billion, down 23% from two months prior. Importantly, when aggregating DEX activity across Ethereum’s layer-2 networks—Base, Arbitrum, Polygon, and Optimism—Ethereum’s DEX market share rose to 42% in March from 33% in January. This marks a clear shift in trading flow toward layer-2s and away from the base chain, reshaping the competitive dynamics between Solana and Ethereum’s expanding L2 ecosystem.

Key takeaways

• Solana remains a revenue leader among blockchains, with a cluster of DApps generating $1 million+ in monthly revenue, reinforcing fundamental ecosystem activity even as price declines persist.
• Ethereum’s L2 expansion is capturing a larger slice of the DEX market, contributing to a shift in trading activity away from Solana as L2 dominance grows.
• Solana’s TVL ($6.3B) lags far behind Ethereum’s ($54.1B), illustrating the ongoing capital gap despite Solana’s ongoing developer engagement.
• Solana’s March on-chain fees ($18.5M) fell sharply from January, reflecting softer DEX volumes; meanwhile, Ethereum’s L2s collectively accounted for a meaningful share of DEX activity (42% in March).
• Solana leads with 13 DApps reporting $1M+ in revenue over the last 30 days, surpassing Ethereum (11), with BNB Chain and Base at 4 each, highlighting a continued ecosystem strength that could support SOL’s longer-term narrative.

Solana’s price pressure vs. ecosystem resilience

Despite a near-term price retreat, Solana’s DApp revenue momentum stands out as a counterweight to the selling pressure. The fact that Solana hosts more DApps delivering $1 million-plus in monthly revenue than Ethereum suggests a vibrant, revenue-generating ecosystem that could underpin demand for SOL beyond speculative trading. Projects like Pump, Helium Network, and ORE Protocol exemplify the range of use cases attracting developers and users to Solana’s layer-1.

Developers and investors are also weighing strategic ecosystem activity beyond pure on-chain metrics. In recent coverage, Solana has highlighted collaborations and platform expansions that could widen adoption, including development platforms that attract financial services players and large brands seeking to experiment with Web3-enabled capabilities. The broader market context—where Solana’s on-chain activity competes against Ethereum’s expanding L2 footprint—remains a dynamic tension for SOL’s near-term trajectory.

Market structure and shifting dynamics

Solana’s total value locked remains a fraction of Ethereum’s, underscoring the persistent capital gap between the chains. However, Solana’s relative strength on DApp revenue signals an ongoing, qualitative advantage: developers continue to build and monetize on Solana, even as traders redirect some activity toward layer-2 networks on Ethereum. The rise of Ethereum’s L2 market share to 42% in March from 33% in January demonstrates how scaling layers are reshaping the competitive landscape, potentially offering lower costs and faster settlement that attract liquidity away from base-layer chains.

Moreover, Solana’s fee trajectory—$18.5 million in March versus $30 million in January—shows how activity patterns influence on-chain economics. While the fee base shrinks during quieter periods, the underlying ecosystem strength remains a critical factor for SOL’s longer-term health. The contrast with Ethereum’s L2-driven structure suggests that Solana’s path to upside hinges not just on transactional volume, but on sustainable DApp monetization and continued developer onboarding.

What to watch next

As SOL tests the $80 region, investors will be watching whether support holds or if the market revisits the $75 level. The evolving balance between base-chain activity and Ethereum’s expanding layer-2 footprint will be a key driver of SOL’s near-term risk-reward. On the ecosystem side, continued momentum in high-revenue DApps and strategic platform partnerships could reinforce NAV-like support for SOL, even amidst broader price volatility.

Readers should monitor upcoming data on DApp earnings, DEX volumes, and layer-2 adoption trends, which will collectively illuminate whether Solana can sustain its ecosystem-led resilience in a market increasingly driven by cross-chain and layer-2 dynamics.

Genius Group, an AI-powered Bitcoin treasury and education company, disclosed in its first-quarter 2026 results that it has sold the remainder of its Bitcoin holdings to pay down debt. The move marks a notable shift for a company that had branded itself with a “Bitcoin first” strategy just over a year earlier, and it arrives amid a broader wave of corporate liquidations in crypto treasuries.

The company said it would recommence building its Bitcoin Treasury when market conditions are more favorable, signaling a potential pivot back to crypto accumulation once the macro backdrop allows. Genius Group had been gradually reducing its holdings since mid-2025 after a period when it was temporarily barred by a U.S. court from expanding its Bitcoin budget. Although the firm had held 84 BTC as of March 2026, the latest liquidation effectively ends its current Bitcoin exposure, consistent with the phrasing that it “sold the remainder” in the first quarter.

The disclosure comes as Genius Group reported a strong start to 2026. First-quarter revenue climbed 171% year-over-year to $3.3 million, while gross profit rose 228% to $2 million. The company swung from a $500,000 operating loss in Q1 2025 to a net profit of $2.7 million in Q1 2026, underscoring improving fundamentals even as its crypto treasury strategy has shifted away from Bitcoin holding expansion.

Key takeaways

• Genius Group confirms the sale of its remaining Bitcoin holdings in Q1 2026 to reduce debt, with the implication that its Bitcoin treasury is no longer a current asset.
• The company had previously pledged a “Bitcoin first” approach in November 2024, aiming to keep 90% or more of reserves in Bitcoin; the Q1 move signals a strategic reversal in the near term.
• Other notable corporate moves reflect a broader trend: Mara.

  Holdings liquidated a large chunk of its BTC to fund debt paydown, cutting its treasury to 38,689 BTC, while Bitdeer and several other firms also sold portions of their holdings in 2026.

• Despite the selloffs, Michael Saylor’s Strategy remains the standout counterpoint, with ongoing Bitcoin accumulation that has drawn significant attention from investors tracking corporate exposure to BTC.

Corporate treasuries in flux

Genius Group’s decision to liquidate its Bitcoin reserve underscores a growing divergence in how companies are approaching crypto treasuries during a bear-market environment. The Q1 2026 results show other parts of the business performing strongly even as the crypto allocation changes. Genius Group’s revenue growth and profitability improvement point to a broader trend: non-crypto operations are resonating with investors even as Bitcoin exposure is trimmed back for now.

The timing aligns with a string of high-profile sales across the corporate crypto space this year. Mara Holdings disclosed the sale of 15,133 BTC for roughly $1.1 billion in March, a move designed to repurchase convertible senior notes and allocate capital to other corporate needs. The liquidation reduced Mara’s BTC holdings to about 38,689 BTC, positioning the company among the largest corporate BTC treasuries behind Twenty One Capital. The proceeds were aimed at stabilizing the balance sheet and financing debt-related needs.

Other notable actions included Bitdeer liquidating its entire BTC stash of 943 coins and selling newly mined BTC, driving corporate holdings to zero in February. Cango Inc. also disclosed the sale of a portion of its 4,451 BTC treasury, while GD Culture Group authorized the sale of some of its 7,500 BTC reserve in February. Taken together, these moves illustrate a broader calendar in which several tech- and mining-adjacent firms have prioritized de-risking and liquidity over immediate BTC accumulation.

Two voices: the bear-market buyers and the bear-market sellers

Amid the wave of disposals, one voice remains conspicuously active in Bitcoin accumulation. Michael Saylor’s Strategy, often cited as the largest corporate Bitcoin treasury, has continued buying through 2026. Analysts and trackers note that the Strategy has purchased thousands of BTC this year, maintaining a steady rhythm of accumulation that stands in contrast to the broader corporate exodus from BTC holdings. The latest figures show a cumulative total in the vicinity of tens of thousands of BTC for the year, with the Saylor Tracker documenting ongoing purchases and the overall size of the Strategy’s treasury rising despite market volatility.

The divergence between the “buy, hold, repeat” posture of the Saylor Strategy and the liquidity-focused exits by other corporate holders highlights a central tension in the crypto ecosystem: a speculative, macro-driven bear market versus a long-horizon, treasury-focused narrative that sees bitcoin as a balance-sheet asset rather than a pure bet on price alone. Investors watching corporate behaviors should pay attention to whether these selling waves represent opportunistic balance-sheet management or a broader reallocation away from BTC as a reserve asset.

What this means for investors and builders

For investors, Genius Group’s latest move is a reminder that corporate crypto policies are fluid and highly contingent on debt levels, liquidity needs, and broader market conditions. A company that once championed Bitcoin as its primary treasury asset is now prioritizing debt reduction and operating profitability, signaling that crypto is increasingly treated as one instrument within a diversified capital-allocation framework rather than a guaranteed anchor for all reserves.

For users and builders in the crypto space, the pattern of asset reallocation among corporate treasuries could influence market liquidity and the availability of BTC on exchange networks. As sales from large holders continue, buyers at different risk tolerances may emerge, potentially affecting price dynamics. Yet, the ongoing accumulation by the Saylor Strategy serves as a counterweight, suggesting that long-term holders continue to see BTC as a strategic asset rather than a short-term liquidity sink.

Regulatory and macro developments will also color the next phase. If the operating environment supports continued debt management and profitability for technology-driven firms, we may see more measured rebalancing rather than outright liquidations. Conversely, a sustained downturn or tighter funding conditions could accelerate the retreat from BTC across more corporate treasuries.

Looking ahead, readers should watch how Genius Group communicates its Bitcoin strategy going forward and whether any new capital-raising or debt-structuring moves arise as it pivots toward a more conventional balance sheet posture. At the same time, the market will be watching Mara and others to gauge whether their liquidations were one-time debt-management steps or the start of a broader asset-reallocation cycle.

In the near term, analysts will likely assess how much of this activity reflects structural changes in corporate risk tolerance versus opportunistic balance-sheet management in response to market cycles. If market conditions improve or if macro liquidity returns, the door could reopen for new Bitcoin treasury accretions, potentially complemented by refined, risk-aware treasury strategies from other technology-focused firms.

For now, the narrative is clear: a notable tilt away from Bitcoin holdings by several high-profile corporate treasuries, counterpointed by continued, disciplined accumulation by leading long-term holders. The next few quarters will reveal whether this is a temporary season of balance-sheet retooling or a more enduring shift in how corporations view Bitcoin within their financial mix.

What to watch next: how Genius Group and its peers re-enter or defer Bitcoin treasury activity, the trajectory of their debt management needs, and the evolving appetite among investors for corporate BTC exposure as a strategic reserve.

Alabama has become the second state in the United States to grant legal status to decentralized autonomous organizations under the Decentralized Unincorporated Nonprofit Association Act.

The DUNA Act, introduced in February by Republican Senator Lance Bell, provides legal recognition and limited liability protections to DAOs after passing 82-7 with 16 abstentions on March 17.

According to data from CoinLaw, there are over 13,000 DAOs across the globe, with roughly $24.5 billion worth of assets under their control. The key goal behind this framework is to offer clarity on how DAOs exist and operate within the legal system.

Alabama Governor Kay Ivey has now signed the bill into law, according to a16z Crypto’s head of policy and general counsel, Miles Jennings.

In a recent X post, Jennings said, “Decentralized governance is essential to crypto’s future—it’s one of the core constructs in market structure legislation.”

The bill will give decentralized communities “the certainty to build, govern, contract, and scale in the real world,” Jennings explained.

However, there are certain requirements that organizations must meet to qualify as a DAO. First, a DAO must have at least 100 members for a common nonprofit purpose, such as governing a blockchain network or smart contract system.

These entities can operate through blockchain technology and smart contracts, and voting, proposals, and consensus mechanisms can all be stored on-chain. Such entities will have full legal entity status, which means they can own property, enter into contracts, and sue or be sued.

This will offer individual members protection from personal liability in cases of disputes arising from DAO operations.

“As federal crypto market structure legislation moves closer to becoming law, builders need effective domestic legal structures,” Jennings said.

Back in 2024, Wyoming became the first state to grant legal status to DAOs under the DUNA Act.

Earlier this month, a similar DUNA bill was introduced in West Virginia by Representative Tristan Leavitt in February and is now awaiting the governor’s signature.

Key Takeaways

• An isolated testnet environment at Galaxy Digital was compromised by unauthorized access
• No client assets, personal information, or account data were exposed or endangered
• The financial impact was minimal, with losses under $10,000 in test-only funds
• Galaxy’s response team identified and contained the breach swiftly
• Trading operations and all client-facing services continued without disruption

Mike Novogratz’s Galaxy Digital has publicly acknowledged a recent cybersecurity incident that compromised one of its development environments. The breach targeted an isolated research and development workspace designed exclusively for testing purposes.

The firm immediately clarified that customer assets and sensitive data remained completely protected throughout the incident. Every trading platform and client service continued operating normally without any interruption.

The compromised system was a testnet infrastructure — a segregated digital environment where engineers experiment with new code and functionality away from live networks. This testing space operated entirely separate from Galaxy’s production systems and core technology infrastructure.

A source familiar with the situation revealed that the monetary damage amounted to less than $10,000. Galaxy characterized this sum as negligible, emphasizing that these funds existed solely for internal development and testing activities.

Galaxy reported that its security team identified the unauthorized entry point and acted rapidly to isolate the breach. The organization locked down the affected workspace and implemented enhanced security protocols throughout its blockchain-based infrastructure.

Understanding Testnet Environments

A testnet functions as a standalone, quarantined space where software developers validate updates and experiment with new capabilities. It replicates the framework of production systems while operating completely independently from actual user assets and information.

Despite being separated from live operations, testnets can still appeal to cybercriminals seeking to identify security vulnerabilities. While compromising such environments doesn’t directly endanger users, it may expose potential weaknesses in system architecture.

Galaxy maintains a diverse range of services including digital asset trading, investment management, lending platforms, custody solutions, cryptocurrency mining operations, staking services, and data infrastructure. The company primarily serves institutional investors while functioning as a connector between conventional financial markets and the digital asset ecosystem.

Ongoing Security Challenges in Cryptocurrency

Cybersecurity incidents and exploits remain an endemic challenge throughout the cryptocurrency space. The combination of publicly available code, substantial on-chain capital, and inconsistent security standards creates attractive opportunities for malicious actors.

According to industry analysts, annual losses from cryptocurrency-related hacks have consistently ranged between $1 billion and $2 billion in recent years. These incidents span everything from centralized exchange compromises to decentralized protocol exploits and sophisticated phishing campaigns.

Galaxy indicated that investigation into the incident continues. The company committed to sharing additional information when appropriate.

The firm has not disclosed specific details regarding the method of unauthorized entry or the particular vulnerability that was exploited during the attack.

Beyond the immediate containment measures and workspace security enhancements, Galaxy Digital has not announced any structural changes to its security personnel or broader infrastructure.

As of its official statement, Galaxy Digital confirmed that all client-facing platforms and services maintain complete security and operational integrity.