Crypto World
Bitcoin miners are selling: is capitulation here?
Public miners have dumped Bitcoin at a record pace, hashprice has collapsed to post-halving lows, and older machines are switching off. That is the textbook definition of capitulation. The harder question is whether it marks a bottom or the start of a deeper shakeout.
Summary
- Publicly traded Bitcoin miners sold more than 32,000 BTC in the first quarter of 2026, a single-quarter record that exceeded their combined sales for all of 2025 and topped the roughly 20,000 BTC sold during the Terra-Luna collapse in 2022.
- The pressure is economic: hashprice, the revenue a miner earns per unit of computing power, fell to post-halving lows in the high-$20s per petahash per day by mid-2026, well below the roughly $35 breakeven for older machines, putting a large share of the industry underwater.
- Network hashrate has started to fall as older hardware powers down, the classic signature of a miner capitulation, in which the least efficient operators stop mining at a loss.
- The bull reading is that capitulation has historically marked bottoms, because it clears weak capacity, lowers difficulty, and rewards the survivors. The bear reading is that this squeeze is structural, with heavy debt, record ETF outflows, and even Strategy turning seller removing the usual counterweight.
- Whether this is a bottom or a way station depends on whether Bitcoin can reclaim miner production cost, estimated by some near $80,000, against a price sitting closer to $58,000.
Bitcoin miners are supposed to be the market’s most committed holders, the operators who spend real money to produce coins and who have every incentive to keep them. So when miners start dumping Bitcoin at a record pace and switching off machines, the market pays attention, because it usually means something has broken in the economics of production. That is exactly what has happened through the first half of 2026. Public miners have sold more Bitcoin than in any prior quarter on record, hashprice has fallen to lows not seen since the last halving, and network hashrate has begun to slip as older rigs go dark.
This piece works through what is driving the selling, what capitulation actually means, and the real disagreement underneath it: whether a miner capitulation at these levels marks the bottom, as it often has, or whether this cycle is different. The signal matters because miners sit at the production edge of Bitcoin, where price, power costs, difficulty, debt, and treasury strategy meet. It also lands at a moment when Bitcoin sentiment is already washed out, making every capitulation signal easier to overread.
The record selling
The headline number is stark. Publicly traded mining companies, including MARA, CleanSpark, Riot Platforms, Cango, Core Scientific, and Bitdeer, collectively sold more than 32,000 Bitcoin in the first quarter of 2026, according to industry trackers. That figure set a single-quarter record. It exceeded what those same companies sold across all four quarters of 2025 combined, and it surpassed the roughly 20,000 Bitcoin they offloaded during the second quarter of 2022, the depths of the bear market that followed the Terra-Luna collapse.
When miners sell more in three months than they did in a full prior year, and more than during one of the worst crises in crypto history, the signal is hard to ignore. The individual disclosures fill in the picture. Riot Platforms sold 3,778 Bitcoin in the first quarter at an average price near $76,626, generating about $289.5 million, while producing only 1,473 coins in the same period, meaning it sold far more than it mined. Core Scientific liquidated roughly 1,900 Bitcoin worth about $175 million in January alone. Cango sold 2,000 Bitcoin in March for approximately $143 million, using the proceeds to retire Bitcoin-backed loans.
In a single week, MARA, Genius Group, and Nakamoto Holdings revealed combined sales of more than 15,000 coins, with the largest share from MARA. These were not routine sales of freshly mined coins to cover the power bill; they were drawdowns of treasury reserves the companies had previously chosen to hold. The trend shows up in the aggregate data too. The total Bitcoin held by miners, a metric some analysts call the miner reserve, has been declining since 2023, falling from more than 1.86 million coins at the end of that year toward roughly 1.8 million by mid-2026.
Selling that once looked like occasional balance-sheet management has become a sustained drawdown, and the pace accelerated as prices fell. The question is what forced it. The answer begins with mining economics, but it does not end there.
Why miners are selling
The answer is a profit squeeze that has been building since the last halving. The central metric is hashprice, which measures the daily revenue a miner earns per unit of computing power. Hashprice has been sliding since mid-2025, and by the first half of 2026 it had fallen to record post-halving lows, dropping into the high-$20s per petahash per day on some trackers, down roughly two-thirds from the October 2025 peak. The breakeven level for many miners running older equipment sits near $35 per petahash per day.
With hashprice well below that line, a large share of the industry, estimated at around a fifth at points earlier in the year, has been operating at a loss. Several forces compounded to produce that squeeze. The April 2024 halving cut the block reward in half, instantly halving the Bitcoin miners earn for the same work. Network difficulty has climbed relentlessly since, sitting roughly 10 times higher than in 2021, which means far more computing power now competes for that smaller reward.
Energy costs rose as Middle East conflict pushed oil higher and pressured power prices. Bitcoin itself fell, dropping toward a 21-month low near $58,000, so the coins miners produce are worth less at the moment they most need the cash. Taken together, mining profitability has compressed by close to an order of magnitude from its peak. Debt turned the squeeze into forced selling.
Aggregate miner debt surged over the past year, rising from around $2.1 billion to roughly $12.7 billion as companies borrowed to fund expansion, buy more efficient rigs, and diversify. Debt has to be serviced regardless of price, so when revenue collapses, miners with loan obligations have little choice but to sell coins or, in some cases, sell coins specifically to repay Bitcoin-backed loans. Some estimates put the all-in cost to produce a single Bitcoin near $80,000, well above the current price, which means the least efficient operators are now mining at a loss on every coin. That is the condition that forces capitulation.
What capitulation actually means
Capitulation is a loaded word, so it helps to define it precisely. In mining, capitulation is the point in a cycle where revenue falls below what a meaningful share of the network costs to run, and those operators power down their machines rather than keep mining at a loss. It is not a crash or a malfunction. It is the market clearing, the mechanism by which the least efficient capacity leaves the network when it can no longer pay for itself.
The signature of capitulation is a falling hashrate, and that is now visible. As unprofitable machines switch off, the total computing power securing the network declines. By mid-2026, a meaningful slice of older hardware had gone offline, and the 30-day average network hashrate had fallen by several % from its highs, after earlier swings in which difficulty dropped sharply and then rebounded as miners reconnected. When hashrate falls and stays down, Bitcoin’s built-in difficulty adjustment eventually lowers the bar, making it cheaper and more profitable to mine for the operators who remain.
That self-correcting loop is what distinguishes a mining capitulation from a permanent decline. Analysts track this through indicators built on hashrate momentum, which flag when short-term hashrate falls below its longer-term trend, historically a marker of miner stress and, often, of a market bottom forming. The pattern moves through recognizable stages: revenue falls below cost, weak operators power down, hashrate and difficulty drop, and the survivors, who sit on cheaper power and more efficient machines, absorb the share the leavers gave up and become more profitable. The shakeout is loud and it photographs like a collapse, but the underlying mechanism is orderly.
Whether that orderly clearing is bullish or bearish for the Bitcoin price is where the disagreement begins. For miners, capitulation is an industry sorting event. For traders, it is a possible bottom signal. Those are related, but not identical.
The bull case: capitulation marks bottoms
The optimistic reading rests on history. Miner capitulations have consistently preceded recoveries rather than endings. The logic is mechanical, not hopeful. When high-cost operators power down, network difficulty falls, which lowers the cost to mine for everyone still online.
The efficient survivors, running new machines on cheap power, then capture a larger share of a reward that has become cheaper to earn, so their margins expand even if the price does not move. The capitulation sorts the industry on a single variable, cost per hash, and consolidates it around its lowest-cost producers. For the price, the argument is that miner capitulation tends to coincide with peak seller exhaustion. Miners are a persistent source of supply, selling coins into the market to fund operations.
When the highest-cost miners give up and switch off, that stream of forced selling thins out, removing pressure that had been weighing on the price. Historically, the crossover in hashrate momentum indicators that signals capitulation has aligned with attractive long-term entry points, because it marks the moment the weakest hands, on the production side, have been washed out. The recovery mechanism has proven fast in the modern, industrialized mining sector. Earlier in 2026, a difficulty drop of around 11% was followed within two weeks by a record upward adjustment near 15% as miners reconnected the moment conditions eased.
That speed is the point: surviving operators are committed and well-capitalized enough to scale back up quickly when hashprice recovers. In this reading, the record selling and the falling hashrate are not a warning but a washout, the part of the cycle where the field clears before the next leg up. The bull case does not deny the pain. It argues that the pain is how the reset finishes.
The bear case: this squeeze may be structural
The skeptical reading argues that the usual capitulation-marks-a-bottom pattern assumes a market backdrop that no longer holds. The first difference is debt. The mining sector carries far more leverage than in past cycles, with aggregate debt having climbed toward $12.7 billion, which means capitulation now involves not just idle machines but the risk of defaults, forced liquidations, and distressed asset sales that can overhang the market longer than a simple hashrate reset would. The second and larger difference is who is buying.
In past capitulations, miner selling was absorbed by a mix of retail and, more recently, institutional demand. In 2026, the marginal buyer has turned into a seller. U.S. spot Bitcoin ETFs recorded their worst month on record in June, with roughly $4.5 billion in net outflows, removing the very demand channel that had absorbed supply on the way up. Even Bitcoin treasury companies, long the reliable counterweight to miner selling, have wobbled: the largest corporate holder made its first Bitcoin sale in years to fund a dividend and has come under pressure over its financing structure.
When miners sell into a market where ETFs are bleeding and the corporate bid is faltering, the supply has fewer places to go, and the price can keep falling even as capitulation runs its course. The third concern is duration. Capitulation clears quickly only if price recovers to pull survivors back and thin the selling. If Bitcoin remains stuck well below the estimated production cost for an extended period, held down by a hawkish Fed and tight liquidity, the squeeze can grind on, pushing even mid-cost operators toward the exit and turning a healthy shakeout into a prolonged contraction.
In this view, the capitulation signal is real, but the conditions that historically turned it into a bottom, rebounding demand and easing macro, are absent, so the pattern may not repeat on its usual schedule. This is also where Strategy’s balance sheet matters, because the market’s biggest corporate Bitcoin buyer is no longer treated as an unconditional bid. The bear case is not that miner capitulation does not exist. It is that capitulation may not be enough when the buyers are missing.
The AI pivot: capitulation or reinvention
There is a third storyline that complicates the simple capitulation frame, and it is specific to this cycle. Many miners are not simply powering down; they are repurposing. The same data centers, power contracts, and cooling infrastructure that mine Bitcoin can, with investment, host the computing demand of artificial intelligence and high-performance workloads, which command far higher and more stable revenue than mining at current hashprice. Several operators have pivoted hard in that direction, converting capacity or striking deals to serve AI customers instead of mining coins.
That pivot muddies the read on hashrate and selling. Some of the machines going dark are not distressed operators giving up but companies reallocating capacity to a more profitable use, and some of the Bitcoin being sold is funding that transition instead of covering losses. For those firms, selling coins and reducing mining is a strategic reallocation, not a capitulation in the traditional sense. It is a rational response to a world where a unit of power and compute is worth more pointed at AI than at a halved block reward.
The implication cuts both ways for Bitcoin. On one hand, the AI pivot means some hashrate decline reflects opportunity rather than distress, which is less bearish for the price and could permanently shrink the pool of forced sellers. On the other hand, it means the mining industry’s most valuable operators may increasingly treat Bitcoin as a secondary business, weakening the reflexive commitment that made miners such steadfast long-term holders. A sector that once mined and held because it believed in the asset is becoming a sector that mines, or computes, wherever the margin is best.
That shift also connects miners to the broader class of Bitcoin treasury companies, where balance-sheet Bitcoin is no longer always sacred. Coins can be collateral, reserves, working capital, or transition funding. In a tight market, that difference matters. It means miner selling is not always panic, but it is still supply.
The divergence that matters
Underneath all of it sits one divergence worth watching more than any single figure. On the supply side, miners are selling into weakness while their reserves shrink and their hashrate falls. On the demand side, the buyers who absorbed that supply on the way up have stepped back, with ETFs posting record outflows and the flagship corporate holder turning seller. In prior cycles, miner capitulation coincided with new demand stepping in at low prices, which is what turned the washout into a floor.
This time, the demand side is thinner precisely when the supply side is capitulating. That is why the capitulation signal, on its own, is not enough to call a bottom in 2026. The historical pattern is real, and the mechanics that clear weak capacity and reward survivors still function. But the pattern completed into a recovery in past cycles because demand returned to meet the reduced supply.
The open question now is whether a new source of demand, renewed ETF inflows, a macro shift toward easier policy, or a return of the corporate bid, arrives to meet the capitulating miners. Until it does, the cleaner read is that miners are doing exactly what they do at cycle lows, while the buyers who usually meet them there have not yet shown up. That makes this capitulation signal important, but incomplete. It is a setup, not a confirmation.
The same distinction applies to corporate Bitcoin holders. A company can hold Bitcoin and still create supply pressure if it sells, or demand if it accumulates. The market does not care which category a holder belongs to; it cares whether they are adding or removing coins from available supply. Right now, the supply-side pressure is visible, and the demand-side recovery has not yet proven itself.
What to watch
For anyone trying to judge whether this capitulation marks a turn, a handful of signals matter more than the daily price. The first is hashprice: a sustained recovery back above the roughly $35 per petahash breakeven would ease the forced selling at its source, while a further slide would deepen it. The second is hashrate and difficulty: a stabilization in network hashrate, followed by a downward difficulty adjustment, would confirm the clearing is working and would improve economics for the survivors. Momentum indicators built on hashrate crossing back above their longer-term trend have historically flagged the completion of a capitulation.
The third is the demand side, which this cycle makes decisive. A return of net inflows to spot Bitcoin ETFs would signal that the marginal buyer is back, and a resumption of corporate treasury accumulation would restore the counterweight to miner selling. The fourth is the price relative to production cost: Bitcoin reclaiming and holding above the estimated all-in cost to mine a coin would pull the economics back into profitability and remove the pressure driving the sales. Until those turn, the record miner selling and the falling hashrate tell a consistent story of an industry clearing its weakest capacity, with the crucial question, whether fresh demand arrives to complete the pattern, still unanswered.
That is the disciplined read. Miner capitulation can mark a bottom, but it does not create one by itself. It needs confirmation from price, hashprice, ETF flows, and corporate demand. Without that, capitulation remains evidence of stress, not proof of recovery.
Frequently asked questions
Why are Bitcoin miners selling so much Bitcoin?
Miners are selling because their economics have collapsed. Hashprice, the revenue earned per unit of computing power, fell to post-halving lows in the high-$20s per petahash per day by mid-2026, below the roughly $35 breakeven for older machines. The 2024 halving cut rewards, difficulty rose about 10 times from 2021, energy costs climbed, and Bitcoin fell toward a 21-month low, forcing miners with heavy debt to sell coins to cover costs.
How much Bitcoin did miners sell in 2026?
Publicly traded miners including MARA, CleanSpark, Riot, Cango, Core Scientific, and Bitdeer collectively sold more than 32,000 Bitcoin in the first quarter of 2026. That set a single-quarter record, exceeding their combined sales for all of 2025 and topping the roughly 20,000 Bitcoin sold during the 2022 Terra-Luna bear market. The total Bitcoin held by miners has fallen from about 1.86 million at the end of 2023 toward 1.8 million. The pace of selling shows miners treating reserves as working capital in a stressed market.
What is miner capitulation?
Miner capitulation is the point in a cycle where mining revenue falls below what a meaningful share of the network costs to run, so those operators power down instead of mining at a loss. Its signature is a falling network hashrate as unprofitable machines switch off. It is a market-clearing mechanism: weak capacity leaves, Bitcoin’s difficulty adjustment lowers the bar, and the efficient survivors become more profitable. It is painful for the sector but can improve economics for the miners that remain.
Does miner capitulation mean the price has bottomed?
Historically, miner capitulation has often preceded recoveries, because it clears weak capacity, lowers difficulty, and thins the forced selling that weighs on price. But that pattern completed into a bottom in past cycles because new demand stepped in at low prices. In 2026, ETFs have posted record outflows and even the largest corporate holder turned seller, so the usual demand counterweight is thinner, making the signal less reliable on its own. Capitulation is a bottoming condition, not a guaranteed bottom.
What is hashprice and why does it matter?
Hashprice is the daily revenue a miner earns per unit of computing power, typically quoted per petahash per second per day. It combines the Bitcoin price, network difficulty, and transaction fees into a single profitability measure. When hashprice falls below a miner’s cost to operate, roughly $35 per petahash for older machines, that operator loses money on every coin, which is what drives capitulation and forced selling. A recovery in hashprice would be one of the clearest signs the pressure is easing.
Are miners capitulating or pivoting to AI?
Both are happening, which complicates the read. Some miners are genuinely distressed and powering down, while others are repurposing their data centers, power contracts, and cooling infrastructure to serve artificial intelligence and high-performance computing, which pays more than mining at current hashprice. That means some hashrate decline reflects strategic reallocation instead of distress, and some coin sales fund the transition instead of covering losses. The result is a sector that is both stressed and reinventing itself.
How does this capitulation compare to past cycles?
The mechanics are familiar, but the backdrop differs in two ways. Miner debt is far higher, having climbed toward $12.7 billion, so capitulation now carries default and forced-liquidation risk. The demand side is weaker too, with spot ETFs recording their worst month on record in June and the flagship corporate buyer turning seller. Past capitulations resolved into bottoms partly because fresh demand met the reduced supply, which is less certain now.
What signals would show the capitulation is ending?
Watch four things: hashprice recovering back above the roughly $35 breakeven, network hashrate stabilizing followed by a downward difficulty adjustment, a return of net inflows to spot Bitcoin ETFs and corporate treasury buying, and Bitcoin reclaiming the estimated production cost near $80,000. Hashrate momentum indicators crossing back above their longer-term trend have historically marked the completion of a miner capitulation. In this cycle, ETF inflows may be the most important confirmation because they show the marginal buyer has returned.
Disclaimer: This article is for information and educational purposes only and does not constitute financial, investment, or trading advice. Cryptocurrency prices and mining economics are highly volatile, and historical patterns do not guarantee future outcomes. Nothing here is a recommendation to buy or sell any asset. Always do your own research and consider consulting a licensed professional before making financial decisions. Figures are accurate as of July 2, 2026, and will change.
Crypto World
US Leads Polymarket Political Betting as Geoblock Fails to Halt Demand
US users remain the most active force behind Polymarket’s political prediction markets, even after the platform moved to geoblock Americans from its global, decentralized service. New analysis from blockchain research firm Allium finds that the United States is the largest single country for political contracts on Polymarket when measured by trading volume and wallet participation—suggesting the demand simply shifted outside formal US oversight.
The findings add another layer to the regulatory and compliance challenges surrounding Polymarket, which has already faced scrutiny from US authorities and was compelled to restrict access under a settlement with the Commodity Futures Trading Commission (CFTC) in 2022.
Key takeaways
- Allium’s report ranks the US as Polymarket’s biggest political market by both contracts traded and wallet count.
- Despite access restrictions, the study argues that US demand did not disappear—it moved offshore.
- US traders appear more drawn to foreign conflict-related markets, with Iran-war themes dominating the top US markets by volume.
- Election-focused markets attract less US participation on the global Polymarket, where such markets are comparatively more prominent on Kalshi and Polymarket US.
- Independent research has previously estimated a large share of Polymarket activity originates from the US, even with geoblocking and VPN countermeasures.
US activity persists after Polymarket’s geoblock
Allium’s analysis, published on Thursday, estimates that US-based users form the largest single political crowd on Polymarket across all countries it tracks. The report emphasizes that this is based on tagged wallets—specifically, the 6% of wallets Allium could associate with a country—so the figures are directional rather than definitive.
Still, Allium frames the result as a clear outcome of Polymarket’s restrictions. Blocking access, the firm argues, did not stop US participation; instead, it concentrated it into a way that makes the US look even larger by volume within the offshore-access model.
“Blocking access did not end US participation; it made the US the largest single political market on Polymarket by volume,” the report said. “The demand is still there, now offshore and beyond US oversight.”
This is an important distinction for investors and market participants watching the political prediction market space: the restriction regime may be affecting where and how US users participate, but it has not eliminated US influence over global outcome bets.
Foreign conflict markets draw more US bets than elections
Allium’s breakdown suggests that US participants disproportionately favor foreign conflict-related topics. In the report’s assessment, five of the top 12 markets for US users by notional volume relate to the Iran war.
At the same time, US interest in election-related markets appears comparatively weaker on Polymarket’s global platform. Allium notes that election markets are a category that is allowed on Kalshi and Polymarket US—meaning the global audience’s incentives and the market landscape may differ from what US users most actively trade.
“US money pours into foreign wars, lately Iran, and largely skips the elections the global crowd trades,” said Allium.
For readers tracking adoption and behavior in prediction markets, the takeaway is not just who is trading, but what they are trading. If US demand continues to show up most strongly in geopolitical risk and away from election positioning, that may shape how liquidity, volatility, and information demand evolve across the different platforms.
Polymarket US vs. the global platform: restrictions and regulatory pressure
Allium’s report also clarifies an often-confused distinction: Polymarket US is a US-regulated platform launched in December and offers a narrower selection of markets. The research discussed here concerns the global Polymarket environment, where access was curtailed for US users.
Polymarket was forced to cut off US users from its global platform as part of a $1.4 million settlement with the CFTC in 2022. That enforcement backdrop has continued to cast a spotlight on how prediction market operators handle jurisdictional boundaries and user verification.
Cointelegraph previously reported that US policy makers and regulators have raised concerns about Polymarket, including issues connected to its marketing and compliance approach. Those broader concerns remain relevant in light of Allium’s findings that US involvement has not gone away—only changed form.
Evidence from other researchers: US share remains large
Allium’s results align with an earlier study by Rutgers University statistician Harry Crane. In a June publication, Crane estimated that 30% of Polymarket trading volume comes from the US, despite Polymarket blocking US-based IP addresses and VPNs that can be used to bypass geofencing.
Crane’s analysis estimated that US-based traders sent between $10.6 billion and $26.7 billion through Polymarket between May 2025 and April 2026. The researcher tied activity to likely US participants by comparing trade timing and the specific markets where trades occurred.
There have also been reports that Polymarket has moved to clamp down on VPN usage by blocking certain IP addresses associated with VPN services, reinforcing the idea that the company is actively attempting to reduce circumvention. However, the existence of US-heavy participation in outcome bets—whether directly or via offshore access—suggests countermeasures may not be fully effective.
Where Polymarket is blocked and where it is “close only”
Geographic restrictions are not limited to the United States. Polymarket is completely blocked in more than 34 countries, with Spain cited as the latest example where authorities took action as a “precautionary measure” while investigating whether the companies are operating without necessary licensing.
In an additional tier, four countries—including Singapore, Thailand, Taiwan, and Poland—operate under “close only” rules. In those jurisdictions, users can close existing positions but cannot open new trades.
Polymarket also maintains restricted regions within countries, according to published information: Ontario in Canada, and Crimea, Donetsk, and Luhansk in Ukraine, where Polymarket is blocked locally but remains accessible elsewhere in the same nation.
These layers of access—complete blocks, close-only allowances, and region-level restrictions—highlight how uneven enforcement and licensing frameworks can be across jurisdictions. For traders, it means the practical reach of a prediction market can remain broader than what top-line policy statements might suggest.
Going forward, the key question is how Polymarket will adapt its geoblocking and compliance tooling as scrutiny grows. Readers should watch whether enforcement tightens enough to materially change participation patterns—or whether US influence continues to reappear offshore in ways that keep global political markets effectively driven by the same demand.
Crypto World
CFTC chair blasts Illinois over ‘punitive’ crypto tax
CFTC Chair Michael Selig criticized Illinois lawmakers over a new 0.2% tax on crypto transactions, saying the state had moved against financial technology at the wrong time.
Summary
- Illinois’ 0.2% crypto tax drew sharp CFTC criticism before its planned 2027 start date.
- The law requires broker registration, monthly reports, and tax collection on covered digital asset activity.
- Federal crypto tax and market structure talks are moving while Illinois pursues its own rule.
In a July 1 statement, Selig said Illinois lawmakers “slammed the brakes on technological progress” when they approved the measure.
The tax forms part of Illinois’ fiscal 2027 budget and is set to take effect on Jan. 1, 2027. It applies to certain digital asset activity carried out by brokers, including exchange, transfer, custody, and wallet services. The rule has drawn criticism from crypto firms, policy groups, and some market figures.
Selig says state risks falling behind
Selig said blockchains could change how value moves across markets, much as the internet changed how information moves. He argued that tokenized assets may cover commodities, currencies, stocks, and bonds. His statement said Illinois could place residents and businesses at a disadvantage if the state taxes crypto transfers differently from other financial activity.
The CFTC chair also said Illinois lawmakers “decided they know better” than federal lawmakers working on crypto market rules. His comments came as Washington continues to review market structure bills, tax proposals, and agency roles. The remarks show a growing split between state-level tax policy and federal efforts to set national digital asset rules.
Brokers face new duties
Illinois’ Digital Asset Tax Act requires brokers to register with the Illinois Department of Revenue before covered activity begins. Brokers must collect the tax as a separate line item and file monthly reports on covered digital asset activity.
The law can also reach firms outside Illinois if they serve users in the state. Tax advisers have said customer records, mailing addresses, IP addresses, and other data may help decide whether activity falls under Illinois rules. That has raised questions about how exchanges, wallet firms, and custody providers will track and apply the tax in practice.
Industry criticism grows
Previously, crypto.news reported that Strategy co-founder Michael Saylor called the Illinois tax a “Big Mistake” after Governor JB Pritzker signed the budget. Industry groups also warned that the law could raise costs for users and push crypto firms away from the state.
Some critics have focused on the design of the tax. They argue that it applies to activity itself, not only to profits or capital gains. Others have raised concerns about routine wallet transfers, broker reporting systems, and whether the rule treats digital assets differently from stocks, bonds, or derivatives.
Federal talks add pressure
The Illinois dispute comes while Congress reviews broader crypto tax rules. As previously reported, lawmakers have split the Digital Asset PARITY Act into seven tax discussion drafts covering stablecoin payments, mining, staking, lending, wash-sale rules, charitable donations, and disclosure duties.
Moreover, Federal agencies are also reviewing crypto market rules. The SEC and CFTC opened a joint rules review covering derivatives, margining, and market structure questions. Against that backdrop, Selig’s criticism frames the Illinois tax as a state-level move that may clash with wider federal attempts to build clearer rules for digital assets.
Crypto World
Microsoft Commits $2.5 Billion to New AI Deployment Business
Microsoft is investing $2.5 billion in a new operating business that embeds 6,000 engineers and industry experts directly inside enterprise customers to build and run AI systems.
The company, called Microsoft Frontier Company, launched on Thursday. It ties its work to measurable business results.
How the Microsoft Frontier Company Works and Who Runs It
The unit delivers what Microsoft calls Frontier Transformation. Experts embed with customers to co-design, deploy, and continuously improve AI systems at scale.
Follow us on X to get the latest news as it happens
Judson Althoff, CEO of Microsoft’s Commercial Business, positioned the effort beyond standard industry practice. He argued it combines deep industry knowledge with enterprise AI engineering.
“This goes beyond what has been labeled as Forward-Deployed Engineering, and will be the largest, most capable, outcome-driven engineering organization in the industry,” he said.
Microsoft Frontier Company will include salespeople, support staff, technical consultants, and forward-deployed engineers already at the company, many with experience in specific industries, CNBC reported.
The company stressed that customers keep control of their own intelligence. It pledged that client data will not be used to train models in ways that erode a customer’s competitive edge.
The platform also stays model-diverse. Customers can run models from OpenAI, Anthropic, Microsoft, open source, or specialized industry options for each task. Rodrigo Kede Lima will serve as president of the new organization.
Microsoft Enters a Crowded AI Deployment Race
The launch puts Microsoft in a fast-growing market. Rivals have moved quickly to sell hands-on AI deployment, not just tools.
Amazon Web Services committed $1 billion to its own deployment venture two days earlier. Both OpenAI and Anthropic also launched their own deployment ventures in May.
The OpenAI Deployment Company is a standalone entity backed by more than $4 billion in funding. Anthropic teamed up with Goldman Sachs, Blackstone, and Hellman & Friedman on a $1.5 billion venture to deploy Anthropic’s Claude AI model directly inside businesses.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights
The post Microsoft Commits $2.5 Billion to New AI Deployment Business appeared first on BeInCrypto.
Crypto World
Binance moves ahead in Philippines as SEC clears BlockShoals sandbox testing
Binance has moved a step closer to returning to the Philippine market after the country’s Securities and Exchange Commission granted final approval for its local partner BlockShoals Technologies to begin regulatory sandbox testing.
Summary
- The Philippine SEC has granted final sandbox approval to BlockShoals, moving Binance closer to a regulated return to the local market.
- BlockShoals will complete a 90 day integration with a licensed local provider before Binance backed user onboarding begins.
- The approval covers SEC sandbox testing, while separate BSP licensing requirements for crypto services remain in place.
In a post on X, Binance co-founder and Chief Customer Service Officer Yi He said the exchange had officially entered the Philippine market, while an accompanying SEC document showed that BlockShoals Technologies Inc. had received final approval to launch financial product and service testing under the Commission’s Strategic Regulatory Sandbox (Stratbox) framework.
SEC approves sandbox rollout
Under the approval, BlockShoals will operate using a crypto-asset intermediary model that allows users in the Philippines to access selected products and services through its global crypto-asset service provider partner, Binance.
The SEC document stated that BlockShoals must first complete system integration with a local virtual asset service provider during an initial 90-day phase before proceeding with the approved testing program.
Once that integration is completed, the testing plan will move forward under regulatory oversight and applicable safeguards, including user registration and onboarding through Binance as its global CASP partner, according to the SEC approval.
The final approval follows the SEC’s earlier clearance of BlockShoals’ Stratbox application in November 2025, after the company fulfilled the remaining regulatory requirements set by the Commission.
BSP licensing question remains
The latest SEC approval comes weeks after the Bangko Sentral ng Pilipinas clarified that neither Binance nor BlockShoals currently holds a Virtual Asset Service Provider license required for certain crypto payment and transaction services.
As previously reported by crypto.news, the BSP said participation in the SEC’s Stratbox program does not replace the need for a separate central bank license because the two regulators oversee different parts of the country’s financial sector. The central bank also noted that BlockShoals would need to integrate with a licensed domestic VASP before onboarding users through Binance’s infrastructure could begin.
While Yi He described the development as Binance’s official entry into the Philippines, the SEC approval itself authorizes BlockShoals to begin sandbox testing and identifies Binance as its global CASP partner. The document does not state that Binance has obtained a Philippine VASP license.
Binance has been working to strengthen its regulatory position in several jurisdictions. On July 1, the exchange told affected European Union users that withdrawals and other account options would remain available as MiCA-related service changes took effect, while it continued pursuing authorization to operate under the bloc’s new crypto rules.
Crypto World
Will Bitcoin price continue uptrend or succumb once again to ETF outflows?
Bitcoin price has rebounded above $60,000 after easing oil prices and softer U.S. macro expectations lifted risk appetite, though persistent ETF outflows continue to threaten the recovery.
Summary
- Bitcoin price has reclaimed $60,000 as easing oil prices and improving macro sentiment triggered a relief rally.
- Persistent U.S. spot Bitcoin ETF outflows continue to weigh on institutional demand despite the rebound.
- Technical charts show room for further gains above $61,000, but failure to hold $60,000 could revive selling pressure.
According to data from crypto.news, Bitcoin (BTC) price climbed from a low near $58,300 to around $60,600 over the past 24 hours as investors responded to softer inflation expectations and improving sentiment across global markets.
Risk assets also benefited from progress in indirect U.S.-Iran talks, while Brent crude slipped below $71 a barrel after oil shipments through the Strait of Hormuz accelerated and concerns over supply disruptions eased. Lower energy prices reduced inflation worries, giving cryptocurrencies room to recover after June’s sharp sell-off.
The rebound comes after one of Bitcoin’s weakest months in recent years. U.S. spot Bitcoin ETFs recorded another $294.6 million in net outflows on July 1 after losing $222.6 million, $231.1 million and $444.5 million during the previous three sessions, extending a streak of institutional withdrawals that has removed billions of dollars from the sector in recent weeks. Those redemptions have continued to offset improving macro sentiment by forcing ETF issuers to sell underlying Bitcoin into the market.

Federal Reserve policy also remains a key obstacle. Although traders welcomed recent dovish remarks, interest rates remain elevated, and expectations for policy easing have been pushed further into the future. Higher Treasury yields continue to compete with non-yielding assets such as Bitcoin, while institutional capital has increasingly flowed toward U.S. technology and artificial intelligence stocks instead of digital assets.
Bitcoin must reclaim $62.7K and $65K to strengthen the recovery
Bitcoin’s 1-day chart shows price rebounding from the 100% Fibonacci retracement near $57,826 after briefly testing the lower boundary of a multi-month decline. The recovery has lifted RSI from deeply oversold territory to around 40, suggesting selling pressure has eased without yet confirming a trend reversal.

Even after reclaiming $60,000, Bitcoin continues to trade below all key moving averages clustered between roughly $62,400 and $75,100, leaving major resistance overhead.
The 4-hour chart paints a more constructive short-term picture. Bitcoin has reclaimed the Supertrend support near $57,700 while the Aroon Up reading has climbed above 78%, with Aroon Down slipping below 43%, suggesting buyers have regained short-term control after the late-June washout.

Bitcoin price has also returned above psychological support at $60,000, though sustained buying will still be needed to challenge resistance around $61,000 before the larger moving-average cluster comes into view.
Derivatives positioning shows traders remain heavily focused on nearby liquidation levels. CoinGlass’ 24-hour heatmap highlights dense short liquidation clusters between $61,000 and $61,800, suggesting a move through that range could accelerate buying as bearish positions are forced to close. On the downside, equally large long liquidation pockets sit around $59,500 and $58,000, creating potential downside magnets if Bitcoin loses its recent gains.

According to analyst Ted Pillows, the latest advance should still be treated cautiously.
“This is just a relief rally, which often happens after a 30% crash. Bitcoin’s key levels are $62,700 and $65,000, which must be reclaimed for another lower high before a new cycle low.”
Commenting on the shorter-term setup, analyst Altcoin Sherpa noted that Bitcoin looks constructive on lower time frames while price remains above current support, although he added that he would not feel confident until Bitcoin decisively breaks above $65,000 on higher-time-frame charts.
ETF selling and macro risks could quickly reverse the recovery
Several downside risks continue to threaten Bitcoin’s rebound. Continued spot ETF redemptions remain the most immediate concern, particularly if institutional demand fails to return after June’s record wave of outflows. Corporate developments have also weighed on sentiment after Strategy revised its capital policy to permit token sales, raising concerns that one of Bitcoin’s largest corporate holders could eventually add supply to the market.
Macro and geopolitical uncertainty also remain unresolved. While oil prices have retreated on improving U.S.-Iran negotiations, any disruption to talks or renewed tensions around the Strait of Hormuz could quickly push energy prices higher and revive inflation concerns.
On the technical side, failure to defend the $60,000 area would expose the $59,500 and $58,000 liquidation zones, while a break below June’s low near $57,800 would invalidate the current relief rally and reopen the path toward fresh cycle lows.
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.
Crypto World
IMF warns tokenization could remake finance or fracture it
The International Monetary Fund has said tokenization could change how financial markets settle trades, manage payments, and record ownership.
Summary
- Tokenization can speed settlement, but weak standards may split liquidity across competing financial platforms worldwide.
- Major banks are testing tokenized deposits as regulated rails for faster institutional payment settlement systems.
- Regulators must define ownership, code oversight, and settlement finality before tokenized markets scale globally.
In a July 2 blog post, Tobias Adrian, the IMF’s financial counselor and director of the Monetary and Capital Markets Department, said policy choices made now will decide whether tokenized finance “strengthens or fragments” the financial system.
Adrian said tokenization is more than a tool for faster payments. It moves assets and liabilities onto shared digital ledgers, where execution, clearing, and settlement can happen at the same time. That could reduce delays in markets that still depend on separate systems, manual checks, and later reconciliation after trades close.
Faster markets bring new risks
The IMF said tokenization can make settlement faster and payments cheaper, but it can also change where risk sits. In traditional markets, delays give banks, brokers, and supervisors time to respond to errors or stress. In tokenized markets, smart contracts can move payments, collateral, and ownership within moments.
That speed can remove old buffers. Automated margin calls, instant redemptions, and 24/7 settlement could make liquidity needs appear faster than firms can manage them. Adrian warned that risk could move away from bank balance sheets and toward the platforms, code, and service providers that run tokenized markets.
Banks test tokenized settlement rails
The warning comes as large financial firms move tokenization deeper into regulated finance. As crypto.news reported, major U.S. banks are backing a tokenized deposit network through the Clearing House, with a launch targeted for the first half of 2027. The system would allow banks to settle tokenized deposits around the clock while keeping deposits inside the banking sector.
Recent market activity also shows that tokenization is spreading into securities. As previously reported, Securitize tokenized its own NYSE-listed shares on Solana and Avalanche on the day it began public trading. Ondo Finance also brought BlackRock’s IVV ETF and Micron shares onto Ethereum through a model designed to keep the underlying securities inside regulated U.S. custody.
Regulators weigh ownership and code oversight
The IMF said tokenized finance needs clear rules on settlement assets, platform governance, interoperability, and the role of central banks. It also said legal clarity matters because investors must know whether tokenized records prove ownership, whether settlement is final, and which court has authority when markets cross borders.
In the United States, regulators are already reviewing tokenized securities. As crypto.news reported, the SEC has explored an innovation exemption for tokenized securities that could let some blockchain-based products trade under tailored rules. Later, the agency reportedly delayed the proposal after exchanges raised questions about shareholder rights and ownership verification.
The IMF’s message adds a global policy layer to that debate. Faster settlement may improve market systems, but weak standards could split liquidity across competing platforms. If tokenized assets move across borders in real time, supervisors may also have less time to respond during stress.
Adrian said central banks, regulators, and market operators must decide how tokenized finance should use public and private money. They must also decide how platforms should connect and how critical smart contracts should be supervised. Without common rules, tokenization may stay split across separate systems instead of becoming a safer settlement model for global finance.
Crypto World
US Wallets Top Polymarket Political Bets Despite Geoblock: Report
US-based users are the biggest political bettors on Polymarket, despite the crypto-based prediction market’s efforts to restrict US citizens from using the decentralized platform, according to new research.
Blockchain research firm Allium estimated in a report published on Thursday that US-based users are the single biggest political market of any country by contracts traded and wallet count on Polymarket — not to be confused with Polymarket US, which is a US-regulated platform that launched in December with a narrower set of markets.
“Blocking access did not end US participation; it made the US the largest single political market on Polymarket by volume,” the report said. “The demand is still there, now offshore and beyond US oversight.”
The data suggests that Polymarket’s efforts to restrict US users from its global platform have not entirely worked, adding to an expanding list of headaches for the company in the fast-growing predictions market sector, which is under legal and political scrutiny.
Polymarket was forced to cut off US users’ access to its global platform as part of a $1.4 million settlement with the Commodity Futures Trading Commission in 2022.

Allium based its figures on the 6% of wallets it tagged with a country, meaning the data should be seen as directional only. Source: Allium
Allium found that US users are more interested in foreign conflict-related markets than the rest of the platform’s users, with five of the US cohort’s top 12 markets by notional volume relating to the Iran war.
It also shows a lesser interest in election-related markets, which is a category of prediction markets allowed on Kalshi and Polymarket US.
“US money pours into foreign wars, lately Iran, and largely skips the elections the global crowd trades,” said Allium.
Cointelegraph contacted Polymarket for comment.
Polymarket’s effort to geoblock US users
Allium’s figures align with another study published in June by Rutgers University statistician Harry Crane, who estimated that 30% of trading volume on Polymarket comes from the US.
Crane estimated that people based in the US sent between $10.6 billion and $26.7 billion through Polymarket between May 2025 and April 2026, despite Polymarket blocking US-based IP addresses and VPNs, which could be used to skirt the block.
The researcher looked at the times of day the trades were made and the markets in which the trades were made to link certain trades to US users.

An excerpt of Polymarket’s FAQ page on its geographic restrictions. Source: Polymarket
Polymarket has reportedly been clamping down on users who use VPNs by blocking certain IP addresses tied to VPN services, The Information reported in May.
Related: Polymarket hit by $2.9M theft, users to be refunded
Where is Polymarket blocked?
Polymarket is completely blocked in more than 34 countries, the latest being Spain, which blocked local users from Polymarket and Kalshi as a “precautionary measure” as authorities open an investigation into whether the companies are operating without necessary licensing.
Another four countries, including Singapore, Thailand, Taiwan and Poland, are in “close only,” meaning users in these countries can close existing positions but cannot open new trades.
There are also four restricted regions, Ontario in Canada, Crimea, Donetsk and Luhansk in Ukraine, where Polymarket is blocked but is available elsewhere in the country.
Magazine: Bitcoin slides to $58K, XRP hits $1 but onchain data promising: Market Moves
Crypto World
Solana Gets NYSE Boost as SOL Jumps 19% on Securitize Listing
Securitize became a publicly traded company on the New York Stock Exchange Thursday, July 2, immediately tokenizing its common stock on Solana (SOL).
The move lands alongside a separate governance shift on Solana, where validators gained a formal, stake-weighted voting process for protocol decisions. Both moves come as SOL posted strong gains, up 19.3% over the past week.
Securitize Brings Its NYSE Debut Onchain
Securitize completed its merger with Cantor Equity Partners II and opened trading on the NYSE under the ticker SECZ on Thursday. This is part of its broader tokenized asset expansion across multiple chains.
“We have long said that public equities are moving onchain”
— Carlos Domingo, Founder and CEO of Securitize
Blockchain data from RWA.xyz tracked roughly $295 million in tokenized SECZ shares at launch. Securitize said the tokens represent the same shares trading on the NYSE, not a synthetic wrapper.
Additionally, access is limited to eligible U.S. investors who pass identity checks.
Validators Gain a Formal Vote
Separately, the Solana Foundation activated Solana Governance Proposals on July 1. Ultimately letting validators with at least 100,000 staked SOL submit proposals.
The framework separates broad directional questions from the technical upgrades developers already handle. Furthermore, it lets individual delegators override their validator’s vote.
Together, the two developments show Solana courting institutional issuers and their own validator bases at once. Whether tokenized SECZ shares draw meaningful onchain trading volume will shape how far this new strategy goes.
The post Solana Gets NYSE Boost as SOL Jumps 19% on Securitize Listing appeared first on BeInCrypto.
Crypto World
Burry Called a Bubble Days Ago and Now AI & EV Stocks Are Already Cracking
Michael Burry disclosed a fresh basket of shorts against Tesla, Nvidia, Caterpillar, Applied Materials, and the semiconductor sector on June 30. Within days, several of those same corners of the market started cracking.
The Setup: Burry’s Basket Built on One Thesis
Burry laid out his positions in a Substack post titled “Trading Post June 30, 2026.” He framed them as a single bet against an overheated AI cycle, not isolated stock picks. He called the semiconductor index “a pure form of overvaluation” and rolled his SOXX puts out to March 2027.
He also disclosed new shorts on Tesla at $416.22 and Caterpillar at $1,060.98, a stock he had never shorted before despite trading it profitably on the long side for years.
The Philadelphia Semiconductor Index was already trading more than 65% above its 200-day moving average when Burry made his call. He compared the stretch to conditions last seen during the dot-com era.
What’s Happened Since
Days later, reports surfaced that Meta is building a business called Meta Compute to lease out its surplus AI data center capacity to outside customers. Investors read the move as a signal that compute supply may be catching up with demand.
On Thursday, July 2, the Philadelphia Semiconductor Index dropped more than 6%, its steepest single-day fall in recent memory. The selloff spread to Samsung and SK Hynix in Asia and briefly triggered a circuit breaker on South Korea’s Kospi.
Memory and storage names took the hardest hits. SanDisk sank almost 20% in the past five session. Seagate and Micron also slid on fears of a supply glut as Samsung and SK Hynix ramp up new capacity. Micron’s fundamentals remain strong, with fiscal third-quarter revenue up 346% year over year. Even so, the stock has given back a chunk of its 2026 gains.
Tesla fell 7.5% that same Thursday, its worst single session in nearly a year. The drop came despite Tesla reporting Q2 deliveries of 480,126 vehicles, well above Wall Street’s consensus estimate. Traders treated the beat as a sell-the-news event. The stock had already run up more than 13% over the four sessions before the report.
A Coincidence Worth Watching, Not Yet a Verdict
None of this proves Burry’s short basket caused the moves. The chip selloff traces to Meta’s compute-leasing plans. Tesla’s drop lines up with a classic sell-the-news pattern around its delivery report, not any catalyst tied to Burry directly.
Still, the timing is notable. Burry’s basket touched nearly every name now under pressure. Caterpillar, his other first-ever short, still trades at a trailing price-to-earnings ratio of 53.
Whether this marks the start of the correction Burry is positioning for, or just a rough week for a handful of stretched valuations, should become clearer as Tesla’s July 22 earnings and the next round of AI capex commentary land.
The post Burry Called a Bubble Days Ago and Now AI & EV Stocks Are Already Cracking appeared first on BeInCrypto.
Crypto World
what Claude Mythos 5 changes
The AI model its own maker says can find and exploit software flaws better than almost any human is back online. It arrives in the middle of crypto’s worst year for hacks. Here is what actually changes, and what the panic gets wrong.
Summary
- On July 1, 2026, Anthropic restored global access to Claude Fable 5 after the U.S. lifted export controls, while the less-restricted Mythos 5 returned only to a set of vetted U.S. organizations through a program called Glasswing.
- Anthropic markets Mythos-class models as able to find and exploit software vulnerabilities more effectively than any other model and than all but the most skilled human experts, and says the models surfaced more than 10,000 high-severity flaws in important software.
- The alarm in crypto is that cheap, fast, AI-driven vulnerability discovery turns unaudited protocols and small forks into easy targets, in a year when hacks have already drained more than $840 million.
- The skeptical view, shared by some security experts and by Anthropic’s own review, is that the models mostly accelerate known attack types, social engineering, exposed keys, and misconfigurations, instead of inventing new ones, and that weaker models can do much of the same work.
- The same capability that helps attackers also helps defenders, through faster audits and patching, which is why the near-term risk is real while the long-run balance is contested.
The model built to find software flaws is back, and it landed in the worst possible year for the industry with the most to lose. On July 1, 2026, Anthropic restored access to Claude Fable 5 worldwide after the U.S. Department of Commerce lifted the export controls that had forced the model offline in June, while its more powerful sibling, Mythos 5, returned only to a set of vetted organizations. The timing is what makes it a crypto story. Anthropic describes Mythos-class models as able to find and exploit vulnerabilities better than nearly any human, and crypto is in the middle of a record run of hacks, with billions in assets sitting inside publicly visible code that an AI can read at machine speed.
This piece separates what these models actually change from what the panic gets wrong, and it does so without treating a single headline as the whole picture. The central question is not whether AI makes crypto security riskier; it does. The harder question is where the added risk actually sits, whether it is in smart contracts themselves, bridges, human operations, signing flows, or the speed at which attackers can now move from disclosure to exploit. The answer is less cinematic than the fear, but more useful for anyone holding funds or building protocols.
What came back, and what did not
The distinction between the two models is the first thing to get right, because they are not equally available. Fable 5 is the public, safeguarded member of the Mythos class, released in June 2026 and priced at roughly twice the cost of Anthropic’s prior flagship. It returned to global users on July 1 across Anthropic’s platforms. Mythos 5 is the less-restricted version that carries the full cyber capability, and it did not return to the public.
Anthropic restored Mythos 5 only to a set of vetted U.S. organizations that operate and defend critical infrastructure, through an opt-in program called Glasswing, following government approval in late June. So the model most crypto observers worry about is not the one now sitting behind a consumer subscription. The distinction matters because public access changes the risk surface very differently from vetted critical-infrastructure access. A powerful model in the hands of security teams is not the same thing as a powerful model available to every attacker with a credit card.
The episode that pulled both offline is worth understanding, because it colors the risk debate. In June, researchers at Amazon showed a jailbreak that got Fable 5 to identify software vulnerabilities and write exploit code, and the U.S. government responded with an emergency export-control order that Anthropic complied with by disabling the models entirely, since it could not restrict access by nationality in real time. The controls were lifted at the end of June, and access returned in the first days of July, with Fable 5 global and Mythos 5 limited. Anthropic’s own account of the incident cuts against the loudest fears: its review, conducted with the government, found that the reported technique did not reveal a uniquely Mythos-level capability, and that several weaker models could reproduce the same vulnerabilities.
The company argued the capability had been oversold, and it deployed a new safety classifier it says blocks the specific technique in more than 99% of cases, routing risky cybersecurity prompts to a weaker model in fewer than 5% of sessions. That is the company’s framing, and it matters, but it is not the whole story either. The point for crypto is narrower: even if public access is constrained, the capability exists, it is improving, and weaker models already reproduce parts of it. That means the security problem cannot be solved by focusing on one model alone.
What Mythos-class models can actually do
The capabilities that alarmed the security world are real and documented, not hypothetical. Under its restricted program, Mythos-class models reportedly surfaced more than 10,000 high and critical-severity vulnerabilities in systemically important software, and found critical flaws across more than 1,000 open-source projects, including widely used components such as the Linux kernel and a popular media library. In one cited case, the model generated a working proof-of-concept exploit for a complex issue in under 31 minutes. Cloudflare reported that an earlier Mythos preview chained bugs into working exploits across more than 50 of its code repositories before refusing to produce a live demonstration.
The capability that most changes the math for defenders is speed. Anthropic has warned that the window between a vulnerability being disclosed and being exploited is collapsing, in some cases from days to hours. Its researchers concluded that a single operator with this class of model could turn a month of software patches into working exploits in a single afternoon, for a cost measured in a few thousand dollars. Security practitioners have started describing the shift as moving from an era of N-days, where attackers had weeks or months after a disclosure, to something closer to N-hours.
When a patch ships, it also reveals the flaw it fixes, and a model that can read the patch, understand the bug, and build an exploit in hours compresses the defender’s response window dramatically. None of this is the same as inventing a new class of attack. It is acceleration and scale. The model reads public code, compares versions, summarizes audits, and reasons about weaknesses faster and cheaper than a human team, which lowers the cost and expertise needed to do work that skilled attackers already do.
That distinction, acceleration rather than invention, is the fault line the entire debate runs along. For crypto teams, the practical implication is brutal: slow patching, stale dependencies, and unaudited forks become more dangerous when attackers can automate the boring parts of vulnerability discovery. The frontier model does not need to be magical to change the economics. It only needs to make the existing attack pipeline cheaper and faster.
Why crypto is uniquely exposed
Crypto sits in the blast radius for reasons specific to how it works. Smart contracts are public by design: the code that controls billions of dollars is visible on-chain for anyone, including an AI, to read and analyze. Bridges, the infrastructure that moves assets between blockchains, concentrate the collateral of many chains into a single set of contracts and message-verification systems, which makes them the highest-value targets in the space. An attacker who can scan code at machine speed has an unusually rich, unusually open field in crypto compared with closed corporate systems.
The backdrop is a genuinely bad year. Crypto has lost more than $840 million to hacks in 2026, with some tallies putting the figure past $940 million across more than 120 incidents, and April alone set a record near $600 million. The two largest losses tell the story of where the damage comes from. Kelp DAO lost roughly $292 million when attackers forged a cross-chain message on its bridge, exploiting a setup that let a single compromised node approve fraudulent withdrawals.
Drift Protocol lost about $285 million not to a code bug but to a six-month social engineering operation that ended in compromised administrative keys. Bridges have accounted for the largest share of losses, and North Korean groups have been linked to a large portion of the total. That pattern is the key context for the AI debate, because it shows where crypto actually bleeds. The biggest 2026 losses came less from novel smart-contract bugs than from human error and operational failure: social engineering, exposed keys, flawed signing flows, and misconfigured infrastructure.
Any assessment of what a Mythos-class model changes has to start from that reality, not from the image of an AI writing an exotic new exploit from scratch. The crypto risk surface is not only code. It is bridges, multisigs, admin keys, custody practices, signing devices, deployment scripts, and teams that still operate under startup-style security despite controlling institutional-scale money. AI makes that whole surface easier to search.
The alarm case
The bearish read is straightforward and has serious voices behind it. Simon Dedic, a well-known crypto investor, warned that a public Mythos-class model could sharply lower the cost and expertise needed to find exploitable flaws in smart contracts, and that unaudited protocols would become, in his words, sitting ducks. The argument is about barriers. Finding a subtle vulnerability in a contract used to require rare skill and considerable time.
If a model compresses that to hours and pennies, the population of people capable of attacking a weak protocol expands enormously, and the long tail of small projects, forks, and unaudited contracts becomes far more exposed. The numbers give the argument weight. Analysts have linked part of 2026’s elevated hacking losses to the growing use of advanced AI in identifying vulnerabilities, and the trend line points toward more automated, faster reconnaissance. In this view, even if the very best human attackers gain little, the marginal attacker gains a great deal, and crypto has no shortage of marginal attackers or of weak targets for them to point a capable model at.
The alarm is less about the top of the skill curve and more about how many more people can now operate near it. That is why small DeFi forks, rushed launches, and unaudited protocols are the obvious danger zone. A well-resourced protocol with continuous audits and strong operational controls may use AI defensively. A copy-paste fork with weak key management may simply become easier to attack.
The skeptics’ case
The counterargument is equally serious, and it comes from builders and from Anthropic itself. Michael Egorov, the founder of a major decentralized exchange, argued that smart contracts typically contain only a few thousand lines of code and are already well understood by human auditors and existing AI tools, so a more capable model changes less about direct contract exploits than the panic suggests. In his view, operational security failures and supply-chain attacks are the larger risk, and those are not primarily a smart-contract-analysis problem. That view fits the loss data, where administrative compromises and bridge failures dominate the largest incidents.
Anthropic’s post-incident review reinforces the skeptical case from an unexpected direction. The company found that the jailbreak technique that triggered the export controls did not reveal a uniquely Mythos-level capability, and that weaker models, its own and others, could reproduce the same vulnerability findings. If a capability is broadly available across many models rather than locked inside one frontier system, then restricting or releasing that single system changes less than it appears to. The skeptics do not claim the models are harmless; they claim the marginal danger of any one release is smaller than the headlines imply, because the underlying capability is diffuse and because the hardest part of most real attacks is not finding the flaw.
That is an important distinction for crypto readers. The risk is not “Claude Mythos appears, therefore every DeFi protocol is suddenly doomed.” The risk is that AI-assisted security analysis is becoming normal across many models, countries, and toolchains, which means attackers and defenders alike will have faster vulnerability discovery available. In that world, the question shifts from whether one model should be online to whether crypto teams can patch and harden faster than adversaries can scan and exploit.
The part everyone agrees on
Between the alarm and the skepticism sits a consensus, and it is the most useful part of the debate. Security experts broadly agree that advanced AI will not invent fundamentally new categories of crypto hack, but will dramatically speed up the attacks that already dominate the loss tables: social engineering, exposed keys, and flawed signing flows. A model does not need to hand over a finished exploit to change the economics of an attack. It can read public repositories, compare old and new versions of software, summarize audit reports, and draft convincing messages designed to catch the small operational mistakes humans make.
As one analysis put it, these exploits remain rooted in social engineering and human error; AI did not create that reality, it made it visible and accelerated it to machine speed. That reframing points straight at the 2026 loss data. The Drift and Kelp attacks, the two largest of the year, were an operational compromise and a bridge-verification failure, not clever new contract bugs. A model that accelerates reconnaissance, scans for the weakest key path or the sloppiest signing flow, and helps craft the human-facing part of an attack makes exactly those failure modes cheaper and faster to exploit.
The practical implication is that the defense that matters most is not writing unbreakable contracts, but hardening the human and operational layer where the money actually leaks. That means keys, signing steps, privileged accounts, dependencies, cross-chain message verification, and incident response. It also means treating every public disclosure and every patch as a race. In an N-hour world, yesterday’s slow security process becomes tomorrow’s exploit window.
The defensive flip side
The same capability that worries defenders can also serve them, which is why the long-run balance is genuinely contested. A model that finds vulnerabilities faster than humans is, pointed the other way, an audit tool that finds them before attackers do. Anthropic has argued that AI will eventually favor defenders in cybersecurity, while conceding that the transition will be turbulent, and it restored the restricted Mythos 5 specifically to organizations that defend critical infrastructure through its security program. That is the defensive version of Glasswing: put the best tools in the hands of teams whose job is to patch before adversaries exploit.
One incident has become the reference point for both sides. In early June 2026, a critical vulnerability in a privacy coin’s shielded pool was discovered using Anthropic’s Opus 4.8, a model a generation below the Mythos class. The flaw, if exploited, could have allowed unlimited minting of the token, and it had eluded expert cryptographers for roughly four years. The token dropped more than 35% on the disclosure.
The lesson cuts both ways: a weaker model catching a four-year-old flaw shows how much AI can strengthen defense, and also how much latent, undiscovered risk sits in code that a stronger model could surface, for good or ill. Faster discovery is a defensive gift when a friendly party finds the bug first and a catastrophe when an attacker does. Which side wins any given race depends on who is scanning, how fast teams can patch, and whether defenders adopt the tools as aggressively as attackers will.
What crypto users and teams can actually do
The useful response to all of this is not panic but hardening, and most of it is advice that held before any model returned. For individual users, the recurring guidance from security researchers is concrete: revoke unused token approvals, since every outstanding approval grants a contract permission to move your funds, and tools exist to review and cancel them. Move significant holdings into self-custody and cold storage, so that the keys controlling real money sit somewhere a compromised laptop cannot reach, and treat any unaudited protocol as a higher risk than it looked a year ago. When approving a transaction, use a device with a trusted screen that shows what is actually being signed, because if AI accelerates the scouting phase, the final signing step becomes the moment that matters most.
For teams and protocols, the priorities follow from where the losses come from. Rapid patch management matters more in an N-hour world, because the window between a disclosure and a working exploit is shrinking, so shipping and applying fixes quickly is now a security control in itself. Continuous auditing beats one-time audits, and using AI-driven analysis on your own code before attackers do is increasingly a baseline instead of an edge. Above all, harden the operational layer: secure key management, tighten signing flows, limit privileged access, and scrutinize dependencies and cross-chain message verification, because that is where the year’s biggest breaches actually happened.
Over-reliance on any single external model carries its own risk, so teams are stress-testing multiple tools instead of betting on one. The same caution applies to exchanges and custodians, where exchange security is not just a proof-of-reserves page but a question of controls, custody, liabilities, and operational discipline. For protocols experimenting with AI agents in crypto, the lesson is even sharper: automation expands what software can do, but also expands what must be secured. The more autonomy a system has, the more dangerous weak permissions and signing flows become.
The honest conclusion is that the return of these models changes the tempo of an existing problem more than it introduces a new one. Crypto was already losing record sums to human error, operational failure, and bridge design long before Fable 5 came back online. Capable AI makes the reconnaissance faster, the attacks cheaper, and the response window shorter, which is a real near-term headwind for a chronically insecure industry. It also puts a powerful audit tool in defenders’ hands, which is the reason the long-run outcome is a race instead of a verdict.
The protocols and users who treat the moment as a prompt to fix the operational basics will be the ones best placed whichever way that race runs. The ones still relying on one-time audits, permissive approvals, weak admin keys, and slow patch cycles are the obvious targets. AI did not create those weaknesses. It just made them easier to find.
Frequently asked questions
What is Claude Mythos 5?
Claude Mythos 5 is a frontier AI model from Anthropic that the company describes as its most capable for cybersecurity, marketed as able to find and exploit software vulnerabilities more effectively than any other model and than all but the most skilled human experts. It is the less-restricted version of the Mythos class. Its safeguarded public sibling is called Fable 5. Mythos 5 is available only to vetted organizations, not the general public.
Why did the models go offline and come back?
In June 2026, researchers showed a jailbreak that got Fable 5 to identify vulnerabilities and write exploit code, and the U.S. government issued an emergency export-control order. Anthropic disabled both models globally because it could not restrict access by nationality in real time. The controls were lifted at the end of June, and access returned in early July, with Fable 5 restored globally and Mythos 5 limited to vetted U.S. organizations. The important distinction is that the public model and the restricted cyber model did not come back under the same access rules.
Can these AI models really hack crypto protocols?
They can accelerate the work attackers already do rather than invent new attacks. Mythos-class models reportedly found more than 10,000 high-severity flaws in important software and can build a proof-of-concept exploit in under an hour. In crypto, the larger effect is speeding up reconnaissance and the human-facing parts of attacks, since the biggest 2026 losses came from social engineering, exposed keys, and operational failures instead of novel contract bugs. That makes unaudited protocols, weak bridge setups, and poor key management especially exposed.
How much has crypto lost to hacks in 2026?
Crypto has lost more than $840 million to hacks in 2026, with some tallies exceeding $940 million across more than 120 incidents, and April alone set a record near $600 million. The two largest losses were Kelp DAO at about $292 million from a bridge message forgery and Drift Protocol at about $285 million from a social engineering operation that compromised administrative keys. Those examples matter because they show where the real losses are coming from: not only code flaws, but operational and verification failures. AI makes those weak points easier to find and exploit faster.
Does AI make crypto hacks fundamentally worse?
The consensus among many security experts is that AI accelerates and scales existing attack types instead of creating new ones. It lowers the cost and expertise needed to find flaws, which most exposes unaudited protocols and small projects. Skeptics, including some builders and Anthropic’s own review, argue the marginal danger of any single model is smaller than headlines suggest, since weaker models can do similar work and the hardest part of most attacks is not finding the flaw. The risk is therefore less about one model suddenly changing everything and more about AI-assisted hacking becoming broadly available.
Can AI also help defend crypto?
Yes, and that is the contested part of the debate. The same ability to find vulnerabilities fast makes AI a powerful audit tool when defenders use it first. In one case, a weaker model discovered a four-year-old critical flaw in a privacy coin’s shielded pool before it was exploited. Anthropic argues AI will eventually favor defenders, while admitting the transition will be turbulent, so the outcome depends on who adopts the tools faster.
What should crypto holders do to protect themselves?
Security researchers recommend revoking unused token approvals, moving significant holdings into self-custody and cold storage where keys sit offline, and treating unaudited protocols as higher risk. When signing transactions, use a device with a trusted screen that shows exactly what is being approved. These steps address the human and operational failures that account for most real losses, which AI mainly accelerates instead of replacing. The goal is to reduce the number of places where an attacker can turn a mistake into a transfer.
Is Mythos 5 available to the public now?
No. After the export controls were lifted, Anthropic restored the safeguarded Fable 5 to global users, but the less-restricted Mythos 5 returned only to a set of vetted U.S. organizations that defend critical infrastructure, through an opt-in program. The company says it will work to expand access over time, but the model with the full cyber capability is not behind a consumer subscription. Public users may have access to stronger AI tools than before, but not to the same unrestricted Mythos 5 setup described in the security program.
Disclaimer: This article is for information and educational purposes only and does not constitute financial, investment, legal, or security advice. It describes an evolving situation involving AI capabilities and cybersecurity risk, and details may change. Nothing here is a recommendation to buy, sell, or use any specific model, asset, or service. Always do your own research and consult qualified professionals for security decisions. Information is accurate as of July 2, 2026, and may change.
-
Fashion6 days agoWeekend Open Thread: Staud – Corporette.com
-
Politics7 days agoThe House | Manchesterism won’t survive the painful trade-offs unless it gets citizens on board
-
Crypto World3 days agoStrategy authorizes up to $1.25B in Bitcoin sales under new capital plan
-
Business7 days agoAsia stock markets slide as tech shares slump
-
News Videos4 days agoMAJOR BITCOIN & MARKET UPDATE!!!! (MUST WATCH ASAP!!!)
-
Tech3 days agoAnonymous researcher drops 0-day ‘exploitarium’ repo
-
Crypto World6 days agoCoinbase, Circle Deepen Crypto Stock Losses Despite Resilient S&P 500
-
Business3 days agoAustralia treasurer says alleged access of prime minister’s bank data ’incredibly concerning’
-
Crypto World6 days agoKraken's xStocks Opens Bending Spoons IPO Registration to EEA Retail
-
Sports6 days agoFIH Pro League: India defeat Pakistan 7-1, register biggest win of campaign | Other Sports News
-
Tech5 days agoBluekit phishing kit adopts browser-in-the-middle for login theft
-
Crypto World7 days agoTether (USDT) Passes Ether in Market Cap as ETH Drops Toward $1.5K
-
Crypto World7 days agoHyperliquid Named on Singapore MAS Investor Alert Register
-
Tech6 days agoRussian hackers now target Signal backup recovery keys
-
Crypto World6 days agoRTX holders must register wallets before token distribution begins
-
Sports2 days agoBroncos roster: OL Ben Powers (No. 74) entering final year of contract
-
Business3 days agoThe AI boom won’t burst all at once. It will pop in ‘rolling bubbles’: Macquarie
-
Tech5 days agoClaude Code turned every engineer into three. Now companies need more product thinkers
-
Crypto World7 days agoSpaceX Called a Market Top Signal Just 2 Weeks After Its $86 Billion IPO
-
Tech5 days agoSilicon Valley paid to kill AI regulation, now it wants the rules back

You must be logged in to post a comment Login