The two things most cryptocurrency investors are pondering are how much lower can bitcoin BTC$65,878.09 go and how much longer this bear market could last.

The price pain aspect has been discussed widely, but the time-based dimension is another question in itself.

Price pain refers to sharp drawdowns or volatility that force participants out of positions, while time pain reflects slow, range-bound conditions that exhaust both bulls and bears through lack of direction.

Bitcoin is currently trading below $66,000, down over 3% in the past 24 hours and roughly 45% below its October all-time high, an almost six-month bear market.

One indicator pointing toward continued time pain is the Realized Cap HODL Waves from Glassnode. This metric groups bitcoin supply by the last time coins moved, with each band representing different holding periods, and weights them by realized price, the average price at which coins last transacted on chain.

Historically, bear market bottoms have coincided with long-term holders, those holding for six months or more, controlling at least 85% of supply. Typically, price bottoms form first, and only several months later does long-term holder supply approach these high levels, indicating these investors bought at depressed prices and held through the bear market.

Currently, long term holders account for about 80% of supply. If this trend continues, the market may be nearing a bottoming phase, though several months of consolidation are likely still ahead.

SoFi said Thursday it is launching a new business banking platform designed to let companies handle both traditional money and crypto in one place, as it pushes deeper into digital assets.

The service, called SoFi Big Business Banking, allows firms to hold U.S. dollars, convert them into stablecoins and move funds around the clock, all within SoFi’s regulated bank.

Today, companies operating in crypto often rely on a patchwork of providers: a bank for cash, a separate firm for stablecoins and another for custody. Moving money between them can take hours or days. SoFi said it is trying to simplify that.

“To be competitive, businesses today must operate… 24 hours a day, 7 days a week,” SoFi CEO Anthony Noto said in a press release, contrasting the platform with traditional banking hours.

Under the new system, a trading firm could deposit dollars at SoFi, convert them into a digital token like SoFiUSD and deploy that capital instantly into markets, without waiting for bank wires to clear. Funds can also move back into dollars just as quickly.

The platform includes large crypto firms as early partners, including Cumberland, Wintermute, Galaxy (GLXY), BitGo (BTGO) and CoinDesk parent company Bullish (BLSH). These companies, which handle trading, liquidity and asset custody, are expected to use the system to move money and settle transactions more efficiently.

A central piece of the offering is SoFiUSD, a stablecoin that can be created and redeemed inside the bank. Unlike many stablecoins issued outside the U.S. banking system, SoFi’s version is tied directly to a regulated balance sheet, with reserves held internally.

The platform will also use blockchain networks, including Solana (SOL), to process transactions.

The launch reflects a broader shift in finance, as banks and crypto firms move closer together.

Instead of operating as separate systems, companies are increasingly trying to merge traditional banking with blockchain-based infrastructure. If successful, SoFi’s approach could reduce the need for multiple intermediaries and make it easier for large firms to move money globally.

Coinbase’s AI-focused payment protocol x402 is moving toward becoming an open, standardized infrastructure under the Linux Foundation, the non-profit hub for open-source software development. The move aims to create a community-governed ecosystem for high-frequency, micro transactions that legacy finance can’t efficiently handle.

The protocol has formed an initial governing body, the x402 Foundation, that includes internet services firm Cloudflare and payments giant Stripe, with support from a long list of other big players.

The industry interest in X402 comes as AI-driven commerce expands. Especially, so-called agentic payments, executed autonomously by AI agents, is a hot topic particularly within certain areas of the crypto industry where the belief is that programmable, blockchain-based micro-payments make the most sense.

x402 is designed for these payments. Unlike using ChatGPT as a front-end for a traditional shopping cart, it can handle transactions worth only fractions of a cent at high frequency — something traditional credit card networks struggle to manage.

Now, by using the Linux Foundation to scale an open-source ecosystem, x402 aims to tackle potential interoperability issues by creating something like a Secure Sockets Layer (SSL) for AI agents, in other words a standard technology that encrypts the connection between a web server and a browser.

“The internet was built on open protocols,” said Jim Zemlin, CEO of the Linux Foundation. “The x402 Foundation will create an open, community-governed home to develop these capabilities in the open, ensuring they evolve with transparency, interoperability, and broad participation across the ecosystem.”

Coinbase said in a press release on Thursday that additional membership of the foundation will be comprised of participants from multiple verticals with initial intent and support being expressed by Adyen, Amazon Web Services, American Express, Ampersend.ai, Ant International, Base, Circle, Fiserv Merchant Solutions, Google, KakaoPay, Mastercard, Merit Systems, Microsoft, Polygon Labs, PPRO, Sierra. Shopify, Solana Foundation, Thirdweb, and Visa.

“The shift toward agentic commerce requires cloud infrastructure that is as open as the protocols it supports,” said James Tromans, Managing Director, Web3 and Digital Assets, Google Cloud. By joining the x402 Foundation, Google is reinforcing its commitment to interoperable standards that enable secure, AI-driven transactions across platforms.”

CoinDesk Indices presents its daily market update, highlighting the performance of leaders and laggards in the CoinDesk 20 Index.

The CoinDesk 20 is currently trading at 1875.68, down 4.5% (-88.38) since 4 p.m. ET on Wednesday.

None of the 20 assets are trading higher.

Leaders: CRO (-2.5%) and BCH (-3.0%).

Laggards: UNI (-7.7%) and SOL (-6.9%).

The CoinDesk 20 is a broad-based index traded on multiple platforms in several regions globally.

The crypto market recovered for the second straight day, rising 2.1% over the past 24 hours to $2.45 trillion on Tuesday.

Bitcoin (BTC), the bellwether asset, rose 2.4% to a six-day peak of $69,000. Ethereum (ETH) price was up 4.2%, back above $2,100, while other major crypto assets such as BNB (BNB), XRP (XRP), Solana (SOL), and Dogecoin (DOGE) posted gains between 1-3%.

Some of the best performers of the day were Algorand (ALGO), Stable (STABLE), and Zcash (ZEC), which led gains of 20.5%, 16%, and 8% each.

The latest market recovery comes as reports suggest that U.S. President Donald Trump will provide an important update on the ongoing tensions with Iran later at 9 PM ET today. This anticipation comes just a day after reports emerged that Trump was considering ending the U.S. war with Iran in the Middle East, even if the Strait of Hormuz remains closed.

The blockade in the key maritime corridor has led oil prices to surge to multi-year levels, which contributed a big part to deteriorating investor demand for risk assets as they flee to safe-haven assets such as gold and U.S. equities.

Meanwhile, a contrasting narrative came from a report by the Wall Street Journal, which indicated that several nations, including the UAE and Saudi Arabia in the Gulf stream, are pressuring the U.S. to continue its war against Iran as they try to force open the strait.

The Iranian government, for its part, has stated that the country will end the war only if certain conditions are met; these include full compensation for the wartime damages incurred.

All this combined makes Trump’s speech today a high-stakes event for global markets. Investors are likely pricing in Trump’s potential plan of looking into ending the war, although details of his speech today remain sparse at the time of writing.

Notably, the initial impact of the potential peace talks has already been seen in the energy markets as crude oil fell lower today. At press time, West Texas Intermediate (WTI) crude oil and Brent were both down 4% each, moving below $100.

Short liquidations and ETF inflows add momentum to rally

The crypto market recovery has triggered a massive short squeeze as short sellers were caught off guard. Data from CoinGlass shows that over $200 million in short positions were liquidated in the past 24 hours across leveraged markets. Such a trend could continue to accelerate the bullish momentum if the resistance levels are broken.

Meanwhile, crypto ETFs also seem to have played a part in today’s gains. Notably, spot Bitcoin ETFs recorded $117 million in net inflows over the past day, extending their inflow streak to the second day, while their Ethereum counterparts drew in $31 million on the day.

U.S. technology and AI giants’ stocks, such as Meta, Microsoft, and NVIDIA, crashed after Iran’s Islamic Revolutionary Guard Corps threatened military action against their regional bases.

On April 1, 2026, the IRGC officially designated 18 U.S. companies as “legitimate targets” described by Tehran as retaliation for the targeted assassination of major Iranian leaders by the U.S. and Israeli forces. These include Alphabet (Google), Apple, Microsoft, Meta, NVIDIA, Intel, IBM, Oracle, Cisco, Dell, HP, Palantir, Boeing, Tesla, GE, JPMorgan Chase, G42, and Spire Solutions

Following the announcement, Meta shares dropped by 13.31% while Microsoft and NVIDIA shares dropped by 8.34% and 6.00%, respectively.

The threats have translated into immediate operational risks with reports of drone activity causing power failures at two Amazon Web Services data centers in the Middle East, which have disrupted AI and cloud services in the region, affecting banking payment processors and consumer apps. Notably, Anthropic’s Claude AI platform reportedly went offline for a period because it relies on AWS infrastructure.

Iranian officials allege that these ICT and AI companies are complicit in tracking and identifying targets for “terrorist operations” against Iranian leaders.

For its part, the U.S. administration has dismissed the threats, with White House officials stating the U.S. military is prepared to thwart any potential aggression. Meanwhile, companies like Intel and Boeing have already implemented safety protocols for regional staff amid the escalating geopolitical and kinetic risk to critical infrastructure.

The news of the attack on AI-focused companies also rippled onto AI-focused crypto assets, which rely on the hardware and cloud ecosystems of NVIDIA and other giants that have come under fire.

According to data from crypto.news, Chainlink (LINK), currently the largest AI coin with a market cap of over $6 billion, has fell 5.8% over the past 24 hours. Bittensor (TAO), Near Protocol (NEAR), and Internet Computer (ICP) also recorded nearly similar losses between 4% and 5%. Together, the negative sentiment in the AI market led its market capitalization to drop over 3% to $0.59 billion at last check.

While these assets remain at risk of further losses if Iran starts carrying out more strikes, a sector-wide rebound could be in the cards if the U.S. manages to de-escalate the situation.

Anthropic said on Tuesday that a release error led to portions of the internal source code for its AI coding assistant, Claude Code, being unintentionally made public.

A file meant for internal use was mistakenly bundled into a software update, pointing to an archive containing roughly 2,000 files and nearly 500,000 lines of code. The material was quickly circulated on GitHub after being discovered, with a post on X sharing access to the files drawing more than 29 million views by early Wednesday. A modified version of the codebase also surged to become one of the fastest-downloaded repositories on the platform.

“Earlier today, a Claude Code release included some internal source code. No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said, attributing the incident to a packaging mistake rather than a security breach.

The exposed materials largely detailed the tool’s internal architecture, including its command-line interface, agent framework, and development tooling. However, the company said that no user data or model weights tied to its underlying Claude AI system were compromised.

While parts of Claude Code had previously been inferred through reverse engineering, the latest disclosure offered a far more complete view of how the system operates. An earlier version of the assistant had also seen its code exposed in February 2025.

The latest episode adds to a string of recent incidents. A prior report by Fortune indicated that Anthropic had stored thousands of internal files on publicly accessible systems, including a draft blog post referencing unreleased models named “Mythos” and “Capybara”.

Security researchers traced the current leak to a 60MB source-map file embedded in the tool’s npm package, which allowed reconstruction of the full TypeScript codebase. Within hours, developers had begun replicating and analysing the code, uncovering internal techniques used to turn Claude into a functional coding agent.

The disclosure has raised concerns among some experts about internal safeguards at a company that positions itself around AI safety. The availability of detailed implementation methods may also provide rivals such as OpenAI and Google with insights into Claude Code’s design and capabilities. According to The Wall Street Journal, the leaked material included commercially sensitive elements such as proprietary workflows and agent instructions.

In response, Anthropic has moved aggressively to contain the spread, issuing around 8,000 copyright takedown notices targeting repositories and derivative projects hosting the leaked material on GitHub.

By Wednesday morning, April 1, the company had begun efforts to remove both original files and modified versions shared by developers, The Wall Street Journal reported. Anthropic reiterated that the incident stemmed from human error and said additional safeguards are being introduced to prevent a repeat.

Despite those assurances, the episode may weigh on the company’s operational credibility, particularly as it is reportedly preparing for a potential $380 billion initial public offering.

Key Takeaways

• Alastair Syme from Citi upgraded his XOM price objective to $175 from $150 while maintaining a Neutral stance
• The upgrade stems from Middle East tensions potentially reducing equity costs for energy companies across the board
• Syme suggests regional conflict may spark renewed institutional investment in the oil and gas industry
• Former President Trump’s reported warnings against Iran intensified supply concerns in petroleum markets
• Despite the upgrade, Citi favors TotalEnergies, ConocoPhillips, and BP over Exxon as preferred energy investments

Citi has announced a significant upward revision to its Exxon Mobil (XOM) price objective, moving from $150 to $175, with escalating Middle East tensions serving as the primary catalyst for energy sector revaluation. Analyst Alastair Syme maintained his Neutral position while implementing the increase as part of sweeping adjustments throughout oil and gas coverage.

Exxon Mobil Corporation, XOM

Syme’s rationale centers on a clear thesis: geopolitical instability in the Middle East compresses the cost of capital for energy companies, which mathematically elevates valuation targets. He characterized the regional tensions as potentially catalyzing a “structural re-engagement” from institutional capital in the oil and gas sector — an industry segment that has experienced diminishing investor enthusiasm in recent years.

XOM experienced upward momentum midweek as commodity traders assessed geopolitical uncertainties against already elevated petroleum prices. This convergence created favorable conditions for the equity.

Regional Conflict Reshapes Market Dynamics

The primary catalyst involves crude oil’s acute sensitivity to Middle Eastern geopolitical developments. Recent trading sessions saw petroleum prices advance on concerns that escalating conflict might interrupt critical shipping corridors or precipitate broader supply constraints.

Compounding market anxieties, reports emerged that former President Donald Trump threatened severe action against Iran — rhetoric that rattled traders and elevated the geopolitical risk premium embedded in oil pricing. Markets frequently react to potential supply disruptions before any actual interruption materializes. Perceived threats alone typically suffice to trigger repricing.

Exxon, representing one of the planet’s largest vertically integrated energy corporations, stands directly within this repricing dynamic. Elevated crude prices enhance upstream profitability, while its downstream refining operations provide diversification. The company’s financial foundation is considered robust, a critical attribute during volatile commodity environments.

Alternative Investment Preferences from Citi

An important distinction: although Citi elevated its XOM target, the firm’s preferred energy sector positions remain TotalEnergies, ConocoPhillips, and BP. The Neutral designation indicates Syme views the shares as appropriately valued at present levels, even after the target adjustment.

The target elevation primarily reflects industry-wide momentum rather than Exxon-specific optimism.

Energy equities have broadly regained investor consideration as protection against geopolitical volatility and inflationary pressures. Exxon features prominently in these discussions given its operational scale and financial discipline, yet Citi clearly signals superior opportunities exist elsewhere within the sector.

Citi’s upgraded $175 price objective marks the latest in successive upward revisions across major oil companies as analysts recalibrate expectations for an increasingly unstable geopolitical environment.

Drift Protocol, a major Solana-based DeFi exchange, has suffered a $285 million social engineering-driven exploit that weaponized a compromised administrator key rather than any code flaw.

Drift Protocol, a decentralized exchange built on Solana, was drained of approximately $285 million in digital assets on April 1 in what security researchers believe was a social engineering attack targeting the protocol’s administrative key infrastructure, according to Bloomberg. PeckShield Inc. was among the first firms to flag the breach, identifying that a significant portion of stolen funds were converted into USDC, the dollar-pegged stablecoin issued by Circle, based on on-chain data. The attack unfolded in approximately 12 minutes across 31 transactions, emptying nearly 20 vaults and netting, among other assets, 66.4 million USDC, 42.7 million JLP, 23.3 million MOODENG, 5.6 million USDT, 5.2 million USDS, 2.6 million JUP, 583,000 RAY, and 477,000 WETH.

Blockchain data shows that the attacker exploited a compromised Drift administrator key to list CVT as a new spot market on the platform and simultaneously raised withdrawal limits for USDC and four other markets to 500 trillion, effectively nullifying the protocol’s internal security controls. Using fraudulent collateral, the attacker was then able to withdraw freely from Drift’s spot market vaults. The use of different signature keys across the 31 transactions suggests that either the key management infrastructure was compromised or that multiple authoritative keys were accessed, pointing to a coordinated, targeted operation rather than an opportunistic smart contract bug.

The native DRIFT token fell from roughly $0.072 to $0.055 in the immediate aftermath, as users rushed to withdraw liquidity and the protocol halted deposits and withdrawals.

“The real target of the attack is people”

Lily Liu, chair of the Solana Foundation, addressed the incident directly on X, stating: “The Drift incident has far-reaching effects, impacting the entire ecosystem. The Drift team is working around the clock to investigate and control the situation, and we are doing our best to provide support. The smart contract itself has withstood the test. The real target of the attack is ‘people’ — more related to social engineering and operational security vulnerabilities rather than exploits at the code level.”

Vibhu Norby, Chief Product Officer of the Solana Foundation, reinforced that assessment, writing on X that the incident “is not caused by a program or smart contract vulnerability, but is more likely related to operational security or social engineering attacks.” Norby added that any protocol relying on a multi-signature mechanism across various chains could theoretically face similar risks, and stressed that the Drift security incident “is an isolated case and does not indicate a systemic issue with Solana DeFi or related products.”

The clarification from both officials was pointed: this was not a Solana failure, it was a human one. As crypto.news has previously reported, social engineering has become the dominant attack vector in the industry, with phishing, fake job offers, and impersonation campaigns now accounting for a majority of high-value breaches — a pattern accelerated by North Korea’s Lazarus Group and other state-linked actors.

Market fallout and cross-chain ripple effects

SOL fell 9% to an intraday low of $78.60 on April 2, bringing its market cap down to $45.5 billion, according to crypto.news data. Over the previous seven days, SOL had already shed more than 10%, making it the steepest loss among the top 10 cryptocurrencies. The $285 million hack stands as one of the largest exploits in the Solana ecosystem in the last five years.

Cross-chain infrastructure also felt the strain. Wormhole posted on X confirming that its user assets were not at risk and that bridge functionality remained operational, but warned that built-in Solana security mechanisms could cause some cross-chain transfers to experience delays. Wormhole core contributors said they were in active communication with the broader Solana ecosystem to provide

Drift Protocol hit by $285m social engineering attack on Solana

• Drift Protocol lost $285 million in one of the largest DeFi exploits in Solana’s history, with the attack executed through a compromised administrator key rather than a smart contract vulnerability.
• Solana Foundation leadership confirmed the breach was rooted in social engineering and operational security failures, stressing that Solana’s underlying code and smart contracts remained intact.
• SOL fell nearly 9% to an intraday low of $78.60 following the incident, bringing its market cap down to $45.5 billion.

Drift Protocol, a decentralized exchange built on Solana, lost approximately $285 million in digital assets on April 1 after an attacker exploited a compromised administrator key to drain nearly 20 protocol vaults in under 12 minutes, according to Bloomberg. The breach ranks as one of the largest DeFi hacks in Solana’s history and triggered a sharp selloff in SOL, which dropped 9% to $78.60 on the day.

PeckShield was among the first blockchain security firms to flag the incident, placing total losses at roughly $285 million. On-chain data later revealed that 31 transactions were executed across approximately 12 minutes. The attacker withdrew 66.4 million USDC, 42.7 million JLP, 23.3 million MOODENG, 5.6 million USDT, 5.2 million USDS, 2.6 million JUP, 583,000 RAY, and 477,000 WETH. A portion of the JLP tokens were burned, while the remaining assets were largely converted to SOL and distributed across multiple wallets.

The attack vector did not involve a flaw in the protocol’s smart contracts. Instead, a compromised Drift administrator key was used to list a new spot market and raise withdrawal limits across USDC and four other markets to 500 trillion — effectively disabling the platform’s security mechanisms and allowing the attacker to use fraudulent collateral to empty the vaults.

Solana Defends Its Infrastructure

Lily Liu, chair of the Solana Foundation, addressed the incident on X, stating: “The Drift incident has far-reaching effects, impacting the entire ecosystem. The Drift team is working around the clock to investigate and control the situation, and we are doing our best to provide support. The smart contract itself has withstood the test. The real target of the attack is ‘people’ — more related to social engineering and operational security vulnerabilities rather than exploits at the code level.”

Vibhu Norby, Chief Product Officer of the Solana Foundation, echoed that assessment, writing on X that the incident “is not caused by a program or smart contract vulnerability, but is more likely related to operational security or social engineering attacks.” He was also careful to contextualize the breach, noting that “any protocol relying on a multi-signature mechanism across various chains may face similar risks,” and calling the Drift security incident “an isolated case” that does not indicate systemic issues within Solana DeFi.

Cross-Chain Ripple Effects

Cross-chain bridge Wormhole also confirmed on X that its user assets were not at risk and that bridge functionality remained operational. However, the protocol warned that some Solana cross-chain transfers may experience delays due to built-in security mechanisms triggered by the incident. Wormhole said its core contributors were in active communication with the Solana ecosystem team.

The attack lands in a broader context of rising social engineering threats across crypto. As crypto.news reported in January, most major crypto breaches now stem from phishing, impersonation, and operational access failures rather than broken code — a pattern that the Drift incident reinforces. Only weeks prior, the Solana-based memecoin platform Bonk.fun was similarly compromised via a domain hijack that deployed a malicious wallet drainer, resulting in user losses exceeding $273,000.

The DRIFT token, which had already lost more than 86% of its value over the prior year, fell sharply from approximately $0.072 to $0.055 amid the chaos. The protocol had previously raised $25 million in a Series B round led by Multicoin Capital, bringing its total funding to over $52.3 million, according to crypto.news. At the time of the hack, its total value locked had stood at hundreds of millions of dollars, making it one of Solana’s most significant DeFi platforms.

The Solana Foundation said the community will continue to receive updates as the investigation concludes and noted that important operational security lessons are expected to emerge for the broader industry once the full picture is known.