The layer-1 blockchain Algorand has released its plan to tackle the potential threat of quantum computing, with a roadmap to update the network’s infrastructure by the end of 2027.

Algorand Foundation technology chief Bruno Martins said Thursday that the updates will aim to give the network broad quantum resilience, a threat it has been researching and preparing for several years.

“Governments, standards bodies, and security experts around the world are already preparing for a future where quantum computers may break many of the cryptographic systems that protect today’s digital infrastructure,” Martins said. 

Algorand is the latest crypto project to plan for quantum computing as users share increasing concerns that the technology could soon break the encryption underpinning the ecosystem, putting billions of dollars worth of value at risk of exploitation.

Quantum computers, a technology set to be vastly more powerful than today’s supercomputers, are only in their early stages, but Google researchers said in a paper in March that they may need fewer resources than previously estimated to break the cryptography protecting blockchains.

That paper also noted that Algorand was likely the most quantum-ready blockchain, while Ethereum and Solana are also actively exploring solutions to be prepared for quantum computers.

Algorand’s Martins said the roadmap includes new accounts based on its signature scheme, Falcon, designed with quantum-resistant cryptography.

Source: Algorand

He added that the blockchain will also update its consensus mechanism from its current cryptography, which is not quantum-resistant. It will also update how accounts participating in consensus operate and is researching options, including a “hybrid mix” of classic and quantum-resistant signatures.

Related: Nearly 10% of Bitcoin supply is ‘structurally unsafe’ from quantum breakthrough: Glassnode

Quantum threats to cryptography are a growing concern among governments and businesses, with many companies putting plans in place before quantum computers are powerful enough to break encryption, which could happen as soon as 2030. 

France’s cybersecurity agency ANSSI said on Tuesday that it will stop certifying security products that lack quantum-resistant encryption to encourage businesses to create only quantum-safe products by 2030.

The US National Security Agency has also required all new national security systems to use its quantum-resistant algorithms starting Jan. 1, 2027, while nonquantum-resistant systems must be phased out by the end of 2030. 

Google has set a deadline for 2029 to be ready for the event due to rapid progress in quantum computing hardware and error correction.

Last month, Tezos launched a prototype blockchain for payments designed to resist quantum computing attacks, and stablecoin issuer Circle released a roadmap in April for its Arc blockchain to become quantum-ready.

California Institute of Technology researchers have also theorized that a functional quantum computer may require far fewer resources than previously believed, and one could be deployed before 2030.

Magazine: Nobody knows if quantum-secure cryptography will even work

Bitcoin miners are being recast as potential “AI infrastructure” plays, but turning that story into funded, operational capacity may demand a scale of investment that many public operators currently do not have. A framework highlighted in Blocksbridge Consulting’s Miner Weekly newsletter estimates that miners could require roughly $50 billion in near-term capital to build AI- and high-performance computing (HPC) data center facilities from their existing power assets.

The idea is gaining traction as mining difficulty and hashprice pressures intensify. In parallel, Miner Weekly points to a major June shift in the mining network—difficulty fell sharply after an estimated 100 exahashes per second (EH/s) of computing power went offline—raising fresh questions about how much of miners’ future energy allocation will remain tied to producing Bitcoin.

Key takeaways

• Miner Weekly argues that financing needs for AI/HPC-grade data centers are materially higher than for traditional Bitcoin mining operations, potentially pushing total near-term capital demand for miners toward ~$50 billion.
• Estimated AI data center funding gaps vary by miner, with IREN facing the largest gap at about $21.1 billion, followed by Riot Platforms ($7.2 billion) and HIVE Digital ($4.6 billion).
• The network saw a historically large difficulty drop—down 10.09% to 124.93 trillion on June 14—after an estimated 100 EH/s went offline.
• Miner Weekly suggests the AI pivot could alter future hashrate growth patterns, as miners redirect some energy capacity from Bitcoin production toward data center services.
• Underlying mining economics have been stressed since the 2024 halving, with CoinShares and other analysts describing hashprice falling to levels where a meaningful share of miners may run unprofitably.

Why “AI miner” narratives imply very real capex

Miner Weekly’s central point is that power is only the starting point. Converting energy access into AI-ready data center capacity requires upgrading infrastructure standards—especially around reliability and performance. According to Miner Weekly, a Bitcoin mine can often function with “relatively simple buildings,” modular setups, and ASIC fleets that can tolerate fast curtailment. AI and HPC facilities, by contrast, require higher uptime commitments and greater system redundancy, including more demanding cooling, electrical backup, networking capacity, and ongoing customer support.

That shift in requirements matters because it changes how investors should interpret “miner-to-AI” announcements. If miners truly aim to monetize their power assets by hosting or operating AI/HPC infrastructure, the bottleneck is no longer only securing power; it becomes securing the long-term financing needed for complex data center buildouts.

Miner Weekly’s framework relies on VanEck data to argue that the move could require billions per large public miner and adds up to a much larger aggregate figure across the sector.

Difficulty drop highlights how fragile mining economics can be

Even as the AI narrative spreads, the near-term mechanics of mining are still dominated by network conditions. Miner Weekly points to one of the largest percentage declines in Bitcoin mining difficulty on record: difficulty fell 10.09% to 124.93 trillion on June 14 after an estimated 100 EH/s of computing power went offline.

Miner Weekly attributes the decline to a combination of weaker mining economics and seasonal power curtailments. But the bigger implication the newsletter draws is about future behavior. If miners increasingly view data centers as a path to different revenue streams, the way hashrate grows—or contracts—may begin to reflect that reallocation of energy capacity.

In other words, a “difficulty down” moment is not just a snapshot of the mining cycle. It can also be a stress test for the industry’s broader strategy: whether miners can fund the pivot while competing in a market where profitability is sensitive to network difficulty and hashprice.

The funding gaps public miners would face

Miner Weekly highlights estimated AI data center funding gaps among public Bitcoin miners pursuing AI infrastructure. In its framework, IREN tops the list, needing an estimated $21.1 billion to complete its AI data center plans. Riot Platforms is shown with a $7.2 billion gap, and HIVE Digital with $4.6 billion.

These are not minor shortfalls. They also help explain why the AI pivot is still best understood as a longer-duration capital project rather than a quick re-rating. If miners must meet higher uptime and redundancy requirements, they need sustained investment—often through structured finance, project funding, or new equity/debt—before the AI story can translate into operating cash flows.

The funding discussion also aligns with earlier market commentary. Cointelegraph previously noted that Bernstein flagged IREN as the public miner most likely to move away from Bitcoin mining toward an AI cloud business, projecting a $3.7 billion annualized revenue run rate once AI operations are fully built out. The gap estimates in Miner Weekly underscore the practical challenge embedded in those forward-looking projections: building those operations requires substantial capital at the outset.

Pressures on mining since the halving—and what “hashprice” signals

Beyond network-level changes, Miner Weekly frames the AI pivot as increasingly appealing because traditional mining economics have been under pressure since Bitcoin’s 2024 halving. The core issue is that hashprice—the daily revenue earned per unit of computing power—has fallen sharply from highs seen around Bitcoin’s all-time peak in October.

Earlier coverage summarized in the article described how the environment worsened through 2024. In a December report, TheEnergyMag characterized Q4 as the “harshest margin environment of all time” for public miners, citing hashprice dropping to roughly $35 per PH/s. In the first quarter, CoinShares data in prior reporting indicated hashprice falling further to around $28 per PH/s, a level at which, the coverage notes, up to 20% of miners may be operating at a loss—particularly those with older hardware or higher electricity costs.

This is where the AI pivot’s investor relevance becomes sharper. When mining margins compress, balance sheets become more sensitive to financing costs and to the ability to withstand volatility in hashprice. By emphasizing that AI/HPC infrastructure demands higher reliability standards, Miner Weekly effectively argues that miners shouldn’t treat AI as a simple extension of their existing operations. It’s a transition that could reshape capital allocation—and potentially influence which operators can sustain both sides of the story.

At the same time, the broader AI buildout is continuing. The article references Cointelegraph coverage that Nvidia is reportedly planning a $20 billion bond offering to help fund AI-related investments, reinforcing the backdrop of sustained demand for compute infrastructure.

For investors and operators, the next signal to watch is whether public miners can close the estimated AI data center funding gaps without undermining their core mining operations during periods of difficulty volatility and depressed hashprice. The strategic pivot may still be plausible, but the timing—and the ability to finance higher-grade AI infrastructure—will likely determine how quickly the narrative turns into measurable results.

Key Takeaways

• STRC finished Thursday at $88.59, reaching an intraday bottom of $82.50 — representing the most extended period below $100 par since its July 2025 launch
• Volume exploded to 10.7 million shares, significantly exceeding the typical 3.4–3.5 million daily range
• Analyst Jeff Dorman from Arca suggests Strategy could be forced to liquidate $3B–$4B in Bitcoin holdings to bring STRC back to par
• TD Cowen upheld its Buy rating on MSTR with a $400 target, even as MSTR shares dropped 4% to $112.53
• The company has suspended STRC’s ATM offering while shares remain under par value

Strategy’s preferred equity STRC ended Thursday’s trading at $88.59, representing back-to-back closes beneath $90 and the most prolonged period trading under its $100 par value since its initial offering in July 2025.

Strategy Inc, MSTR

Intraday action saw STRC plunge to $82.50 before staging a modest comeback. The security was structured to maintain par value through a flexible dividend mechanism — presently yielding 12.9% with monthly recalibrations.

Share volume exploded to roughly 10.7 million on Thursday, dwarfing the standard daily turnover of approximately 3.4 to 3.5 million. This marked one of the most active trading sessions since the preferred stock’s inception.

With STRC languishing below par, Strategy has temporarily halted the security’s ATM offering. Under normal circumstances when STRC exceeds $100, Strategy issues additional shares to acquire Bitcoin.

The company’s common equity also experienced turbulence, declining 4% to settle at $112.53.

Potential Remedies for STRC’s Par Value Problem

Jeff Dorman, Arca’s Chief Investment Officer, outlined the available pathways on X, characterizing it as the “MSTR pickle continues.”

Dorman’s primary projection — assigned a 70% likelihood — envisions Strategy gradually offloading modest quantities of MSTR shares monthly at dilutive prices. He contends this approach provides STRC investors “a glimmer of hope” while preserving most Bitcoin reserves, though he cautions MSTR equity “would get hammered.”

His secondary forecast, weighted at 25% probability, involves more aggressive intervention: liquidating $3 billion to $4 billion in Bitcoin holdings. Dorman suggests this would “buy a ton of time” and benefit STRC holders, despite creating short-term headwinds for Bitcoin prices.

The final alternative — what Dorman labels the “nuclear” option at 5% probability — would see Strategy suspending dividend payments on its preferred securities. This could leave preferred shareholders recovering just 30 to 40 cents per dollar and potentially exclude Strategy from capital markets indefinitely. However, it would eliminate what Dorman calculates as approximately $1.7 billion in annual cash obligations.

TD Cowen Maintains Optimistic Stance

Despite mounting concerns, TD Cowen reaffirmed its Buy recommendation on MSTR Thursday, preserving its $400 price objective while expressing confidence in Strategy’s preferred stock portfolio, including STRC.

The investment bank characterized Strategy as evolving beyond merely functioning as a leveraged Bitcoin vehicle toward establishing what it describes as a “Bitcoin capital markets platform.”

TD Cowen analysts referenced three investor briefings with CFO Andrew Kang, observing that Strategy may emphasize reserve reconstruction and preferred stock stabilization over fresh Bitcoin acquisitions during challenging market environments.

Critic Peter Schiff escalated warnings on social platforms, suggesting potential litigation against Michael Saylor’s Strategy regarding STRC’s persistent deterioration.

Dorman additionally scrutinized MSTR’s broader valuation metrics, calculating the firm possesses approximately $35.2 billion in unencumbered Bitcoin assets against a $40.4 billion equity capitalization — positioning MSTR at 1.15x modified NAV. He argues the shares “should trade at a discount to NAV now” and face continued downside pressure absent a swift Bitcoin recovery.

The CFTC and SEC have asked the public to comment on how U.S. rules define swaps, security-based swaps, and related derivatives products. 

The joint request focuses on Title VII of the Dodd-Frank Act, the law that split parts of the swaps market between the two agencies.

The request seeks input on swap exclusions, mixed swaps, jurisdictional questions, alternative compliance, and new products. The agencies said comments will remain open for 60 days after publication in the Federal Register.

The agencies said market structures and trading practices have changed since the original rules took shape. They asked whether current definitions still match the way derivatives products now trade.

The review also gives both agencies a common record as they weigh products that may touch both commodities and securities laws. It could also shape future staff guidance for market participants and courts.

CFTC Chair Michael Selig said the request could address “longstanding ambiguities” in Dodd-Frank. SEC Chair Paul Atkins said clarification is “long overdue,” including for event-based products.

CME lawsuit raises pressure

The public comment request came as CME Group sued the CFTC over the agency’s treatment of crypto perpetual futures. CME argues that Kalshi’s perpetual futures should fall under swaps rules, not ordinary futures rules.

As previously reported by crypto.news, CME accused the CFTC of bypassing congressional requirements when approving Kalshi’s crypto perpetual contracts. The exchange said the agency created a path for new competitors without using the swap framework set by Dodd-Frank.

CME Chief Executive Terrence Duffy had already said the company planned to sue after the CFTC cleared platforms such as Kalshi and Coinbase to offer regulated crypto perpetual futures. CME says the products compete for retail derivatives customers.

Perpetual futures test old categories

Perpetual futures are derivatives contracts without expiry dates. Traders can hold positions without rolling into a new contract, which makes them common on offshore crypto exchanges.

The CFTC allowed Kalshi’s Bitcoin perpetual futures to remain listed under existing futures rules, subject to compliance with the Commodity Exchange Act and CFTC regulations. Crypto.news earlier reported that Kalshi later expanded into other crypto-linked perpetual products.

The dispute now turns on legal definitions. If regulators treat crypto perps as swaps, platforms may face different rules for clearing, reporting, execution, and oversight. If regulators treat them as futures, venues can list them through the futures exchange process.

Prediction markets add another layer

The CFTC and SEC also asked for views on event contracts and other new products. That part of the request matters because prediction markets have grown quickly and now face questions over federal and state oversight.

Crypto.news has reported several CFTC fights involving Kalshi and state gaming regulators. The CFTC has argued that federally regulated event contracts fall under its authority, while states have claimed some sports-linked products look like gambling.

The SEC has also shown interest. Crypto.news earlier reported that Atkins told lawmakers some event contracts may fall under securities law, depending on how they are written.

The new comment process does not settle the CME case or the prediction market disputes. It gives exchanges, crypto firms, legal experts, and the public a chance to tell regulators where the current definitions need clearer lines.

Algorand has unveiled a roadmap aimed at making its network resistant to future quantum computing attacks. The plan, discussed by Algorand Foundation technology chief Bruno Martins, targets upgrades to the protocol’s infrastructure by the end of 2027.

The move comes as researchers and security agencies increasingly warn that sufficiently capable quantum computers could eventually undermine today’s widely used cryptographic schemes. While quantum hardware is still in early development, businesses and regulators are already planning for “migration” to quantum-safe cryptography rather than waiting for a break to occur.

Key takeaways

• Algorand says it will pursue broad “quantum resilience” with protocol and cryptographic upgrades scheduled through end-2027.
• The roadmap includes shifting to quantum-resistant signatures based on Falcon for new accounts involved in consensus.
• Algorand also plans to update parts of its consensus design that currently rely on cryptography it says is not quantum-resistant.
• The network is considering migration approaches such as a “hybrid mix” of classical and quantum-resistant signatures.
• The announcement adds to a growing list of crypto and government efforts to prepare for quantum-era cryptography timelines.

Algorand targets quantum upgrades by end-2027

In remarks posted Thursday, Bruno Martins said the foundation has been researching the quantum threat for several years and is now formalizing an infrastructure update path. According to Martins, governments, standards bodies, and security experts are already planning for a world where quantum computers could break cryptographic systems that protect modern digital infrastructure.

Algorand’s approach focuses on ensuring that the network can keep operating securely as the cryptographic assumptions underpinning current systems become obsolete. The project frames the roadmap as a way to prevent quantum-enabled attackers from exploiting weaknesses in how blockchain participants authenticate and how the network reaches agreement.

Falcon signatures and changes to consensus cryptography

A central part of Algorand’s plan is a shift toward quantum-resistant digital signatures. Martins said the roadmap includes introducing new accounts that use Falcon, a signature scheme designed for post-quantum cryptography.

Algorand also intends to update its consensus mechanism, noting that its current cryptography is not quantum-resistant. In addition, the network will revise how accounts involved in consensus operate, alongside research into possible transition strategies.

One of the options under exploration is a “hybrid mix” that combines classic signatures with quantum-resistant ones—an acknowledgement that migrations in distributed systems often require careful coordination rather than a single abrupt switch.

Why this matters as “migration deadlines” spread

Algorand’s announcement lands amid heightened concern across the crypto market. Quantum computing is expected to be vastly more powerful than today’s supercomputers, but it is still early enough that practical “break crypto” scenarios remain uncertain. Even so, multiple efforts are underway to reduce the risk of being caught unprepared.

Earlier coverage highlighted that Google researchers, in a March paper, suggested quantum computers may need fewer resources than previously estimated to compromise certain cryptographic protections used by blockchains. That same paper pointed to Algorand as likely among the most quantum-ready networks, while also noting that Ethereum and Solana are exploring preparations.

Beyond crypto, governments have been setting expectations for quantum-resistant upgrades. The French cybersecurity agency ANSSI said it will stop certifying security products that do not include quantum-resistant encryption, aiming to push businesses toward quantum-safe systems by 2030. In the United States, the NSA has required new national security systems to use its quantum-resistant algorithms starting Jan. 1, 2027, with non-quantum-resistant systems expected to be phased out by end-2030.

Meanwhile, Google has reportedly set an internal readiness deadline of 2029, citing the pace of progress in quantum computing hardware and error correction. While these deadlines are not directly comparable across organizations, they underline the same core logic: once quantum capabilities grow, timelines for migration may not be long enough to handle complex security changes later.

Quantum readiness is becoming a competitive network feature

Algorand is not alone in addressing quantum risk. Tezos has launched a prototype blockchain for quantum-resistant private payments, while Circle has released a roadmap aimed at making its Arc blockchain quantum-ready. Academic research also continues to explore whether a functional quantum computer might require fewer resources than originally believed, with some scenarios suggesting deployment could occur before 2030.

What distinguishes Algorand’s plan is its focus on both authentication and consensus mechanics. Many “quantum-safe” efforts start at the cryptographic layer—upgrading signatures or encryption—yet blockchain security depends on a broader set of protocol assumptions. By highlighting consensus updates and considering transitional methods such as hybrid signature approaches, the roadmap emphasizes that quantum resilience is not just about swapping algorithms, but about maintaining safe system behavior throughout the transition.

Looking ahead, market participants will likely watch for how Algorand phases these changes from research into implementation, including whether the network targets staged activation milestones beyond the end-2027 timeline. Just as importantly, readers should monitor how closely other major protocols align their migration strategies, since the risk posed by quantum advances will depend not only on theoretical capability, but on how quickly systems can evolve without disrupting users and validators.

The U.S. Commodity Futures Trading Commission (CFTC) has settled its enforcement action against Celsius Network founder Alex Mashinsky. 

A federal court consent order permanently bans him from trading in markets overseen by the agency. It also bars him from registering with the CFTC.

The order ends the CFTC case filed in July 2023 against Mashinsky and Celsius. The agency said the action was its first case against a digital asset lending platform. Celsius had already settled with the regulator, leaving Mashinsky as the final defendant in the matter.

The ban covers commodities, futures, and derivatives markets under CFTC oversight. It gives the regulator a final court order against the former Celsius chief, who once promoted the company as a safer way for customers to earn yield on crypto deposits.

Regulator cites customer fraud claims

The CFTC said Mashinsky and Celsius misled customers about the safety, profits, and legal status of the company’s crypto lending business. The agency alleged that they ran a “scheme to defraud” hundreds of thousands of customers while promoting Celsius as a safe place for digital assets.

Ireland has released a national risk assessment on digital assets for the first time in seven years, detailing “very significant” concerns around money laundering and terrorism financing while also warning that crypto can be attractive to fraudsters and may help criminals evade sanctions.

The assessment, published by the Irish Department of Finance as part of the government’s policy priorities, comes as Ireland moves toward implementing industry standards on how crypto-related activities are accepted as a source of funds by the second half of 2027.

Key takeaways

• Ireland’s 2026 national risk assessment describes crypto assets as posing “very significant” risks for money laundering and terrorism financing.
• The government cites increased enforcement pressure, including more prosecutions related to money laundering and fraud incidents in which the use of crypto is “particularly attractive” to criminals.
• The report flags vulnerabilities beyond illicit finance, including potential sanctions evasion and difficulties in tax compliance and enforcement.
• Ireland highlights regulatory inconsistency internationally as a risk for Irish service providers, alongside gaps in oversight for largely unregulated areas such as decentralized finance.
• Political donation concerns remain part of the picture, even as Ireland has already prohibited cryptocurrency donations to political parties for more than four years.

Seven-year gap and a sharper focus on illicit finance

In the risk assessment released Thursday, Ireland said crypto-related activity presents “very significant” risks connected to money laundering and terrorism financing. The Department of Finance framed the assessment as a response to the evolving threat landscape, pointing to higher levels of legal and criminal activity involving digital assets since the last time such a country-specific evaluation was published.

According to the Department of Finance, the period since the previous assessment has included an increase in prosecutions tied to money laundering, along with incidents of fraud where crypto was “particularly attractive” to criminal groups. The government also described how digital assets can be leveraged to exploit compliance and enforcement weaknesses.

Beyond money laundering: sanctions, taxation, and bribery

Ireland’s assessment did not limit itself to illicit finance channels alone. It also warned that crypto assets present vulnerabilities that “may facilitate sanctions evasion.” In parallel, the government highlighted challenges for tax compliance and enforcement, suggesting that the way crypto is used can complicate oversight and detection.

The report further notes risks associated with corruption. Ireland stated that crypto has been used to bribe officials involved in decisions affecting the sector. While the assessment describes vulnerabilities broadly across criminal use cases, it also emphasizes how administrative and regulatory roles can be exploited when oversight is weak or fragmented.

Regulatory patchwork and uneven protections

A central theme in the assessment is the uneven regulatory environment around crypto. Ireland pointed to “inconsistent international regulation” as a vulnerability affecting Irish service providers, implying that companies operating in Ireland may face risks not only from domestic enforcement but also from cross-border standards and gaps.

The government also singled out parts of the ecosystem that remain comparatively less regulated. The risk assessment highlights “largely unregulated areas of the industry such as decentralized finance,” indicating concern that oversight and controls may not be aligned with the same expectations applied to more traditional financial intermediaries.

Ireland’s approach is notable given its relatively high crypto participation compared with some other markets. The report references research from the Central Bank of Ireland published in December, which said about 10% of the population invested in crypto.

Where policy is heading: standards by 2027 and ongoing enforcement

Ireland’s assessment was issued alongside a wider policy direction tied to implementing industry standards relating to the acceptance of crypto-related activities as a source of funds, with a target of the second half of 2027. The framing suggests the government wants to reduce ambiguity around how crypto can be treated within the financial compliance system—particularly in contexts tied to anti-money laundering and related safeguards.

Recent enforcement actions in the country also underscore that the issue is not purely theoretical. In November 2025, the Central Bank of Ireland fined Coinbase Europe Limited about $24 million for Anti-Money Laundering and Countering the Financing of Terrorism violations, citing delayed reporting failures in its transaction monitoring system.

On the political side, the assessment references that concerns about crypto being used to pay corrupt officials are persistent—yet Ireland has already moved to restrict political donations. According to the risk assessment, official cryptocurrency donations to political groups have been banned in Ireland for more than four years. In April 2022, Irish officials proposed that no Irish political parties be allowed to accept cryptocurrencies such as Bitcoin, Ether, privacy coins, and others.

What to watch next

With Ireland targeting implementation of relevant standards by mid-to-late 2027, the immediate question for users, exchanges, and service providers will be how quickly regulatory expectations tighten around acceptance of crypto-related funds, compliance controls, and oversight of riskier parts of the ecosystem. Readers should also monitor how Ireland’s “very significant” risk framing translates into concrete supervisory actions and guidance over the next reporting cycle.

Microsoft Threat Intelligence is warning Windows users about a cryptocurrency clipper strain of malware transmitted via USB drives. 

The malware, which has been affecting users since February, steals clipboard data to extract wallet credentials using “high-frequency clipboard theft, screenshot exfiltration, and wallet-address substitution,” Microsoft said Wednesday.

The crypto clipper also hides legitimate files and replaces them with lookalike shortcuts, so victims unknowingly execute malware while a worm component propagates automatically to USB storage devices. 

This malware is insidious because it’s more than just an info stealer, it functions as a backdoor, meaning that attackers can push and execute arbitrary code on infected machines at any time, turning a simple crypto theft into a persistent foothold for ransomware. 

The execution of this clipper is also notable because it does not depend on a traditional installer or exposed IP-based infrastructure, the Microsoft researchers said.

“This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking.”  

Tor network used for obfuscation 

The malware deploys two obfuscated JavaScript payloads in the Windows Documents directory and creates scheduled tasks for both the worm and stealer components.

The malware also secretly installs a copy of Tor on the victim’s computer but renames it ugate.exe to disguise it as something innocent. It then uses the anonymizing Tor network to connect to its malicious operators at hidden “onion” addresses.

Related: ‘TrapDoor’ malware targets crypto dev tools in supply chain attack

“The combination of Tor-routed C2, clipboard targeting, screenshot capture and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices,” Microsoft said. 

Crypto clipper execution flow. Source: Microsoft

Private keys and seed phrases targeted 

The crypto clipper focuses on “high-value financial artifacts” from the clipboard, including BIP39 mnemonic seed phrases and Bitcoin and Ethereum private keys. 

It also replaces copied wallet addresses with attacker-controlled ones across Bitcoin, Tron and Monero and takes screenshots every ten seconds for additional context. 

Microsoft Defender Antivirus detects the malware as Trojan:Win32/CryptoBandits.A.

Microsoft recommended disabling autoplay on removable media, blocking .lnk execution from USB drives, and monitoring for proxy activity and spawned scripts. 

2026 has seen a significant escalation in Windows-based crypto stealers. A new Windows malware strain called Lucid Stealer that targets browser extensions and crypto wallets was identified earlier this month by the Foresiet Threat Intel Team. 

Magazine: The end of anon? AI could unmask crypto’s hidden identities

Former Ethereum Foundation contributor Trent Van Epps has warned that Ethereum could face a core development funding gap within the next three to nine months. 

In a new article, he said the network may enter a “slow-burning funding crisis” as the Foundation reduces spending and a major client funding program ends.

Van Epps worked at the Ethereum Foundation from May 2021 to April 2026. He focused on core development coordination, Protocol Guild funding, and Ethereum’s political economy. His comments add a new layer to debate over who should fund the people who maintain Ethereum’s base software.