Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Crypto World

Kaspersky Flags Malware Framework Aimed at Crypto Investors

Published

on

Crypto Breaking News

Two separate cybersecurity reports point to a growing trend in crypto-related malware: attackers are no longer relying only on obvious phishing emails. Instead, they are moving closer to the workflows people already use—recruiting pipelines, developer code trials, and wallet-related software behavior.

Kaspersky says it has uncovered a cryptocurrency-targeting malware framework dubbed “OkoBot,” which initiates an infection chain through social engineering, malicious commands, and trojanized GitHub applications. Separately, SlowMist describes a campaign aimed at Web3 developers that starts with fake LinkedIn recruitment offers and ends with poisoned repositories designed to deliver remote access.

Key takeaways

  • Kaspersky links the OkoBot framework to wallet theft activity, including harvesting wallet files and capturing browser and credential data.
  • OkoBot is designed to steal assets by injecting malicious browser extensions and collecting wallet application windows, Kaspersky reports.
  • SlowMist warns that fake “recruitment” messages are being used to trick developers into running malicious GitHub repositories that resemble legitimate interview tasks.
  • SlowMist says the campaign’s goal is to deliver a remote access trojan that can exfiltrate project keys and cloud or wallet extension data.
  • Both reports emphasize social engineering paths—ClickFix-like tactics or developer-targeted collaboration scenarios—that make the attacks harder to spot.

Kaspersky: OkoBot targets crypto investors through wallet and credential theft

In a report released this week, Kaspersky describes OkoBot as a malware framework built to compromise cryptocurrency investors by chaining together multiple stages of intrusion. The first step is not purely technical; it relies on social engineering methods intended to get victims to act.

According to Kaspersky, initial access can come from tactics such as ClickFix, a technique that aims to trick users into running malicious commands. Alternatively, attackers may deliver similar outcomes by distributing trojanized GitHub apps that include backdoors once installed.

After gaining a foothold, Kaspersky says OkoBot has capabilities specifically relevant to crypto users and their systems. The malware can harvest crypto wallet files, collect browser data and user credentials, and manipulate the victim’s environment by injecting malicious extensions. It also reportedly captures wallet application windows, which can give attackers a more direct path to stolen assets than credential theft alone.

Advertisement

Kaspersky added that it has observed multiple attacks involving the OkoBot malware family since January 2026, suggesting the framework is not a one-off operation but part of an active campaign.

Evolution from TookPS: more orchestration, more reach

Kaspersky also frames OkoBot as an evolution of a prior threat. The company says the malware framework evolved from “TookPS,” a campaign first identified in 2025 that distributed a Trojan downloader via fake software websites. That earlier stage matters because it signals a progression in how attackers deliver and manage malicious payloads: from initial trickery and download into a more structured compromise process.

A distinctive operational detail in Kaspersky’s account is how OkoBot manages its payloads. The report states that it orchestrates all 20 malicious payloads via an SSH tunnel, allowing remote transport of data from infected computers to infrastructure controlled by attackers.

For investors and defenders, this design choice matters because it can complicate incident response. Data exfiltration over an SSH tunnel may blend with normal encrypted traffic patterns, and the multi-payload architecture suggests victims may not see a single obvious “binary” responsible for damage.

Advertisement

SlowMist: fake LinkedIn recruiting and “try before interview” repositories

In a separate report, SlowMist describes another approach to malware delivery: it targets Web3 developers by disguising an attack as recruitment. Rather than sending victims a generic phishing link, attackers reportedly contact developers through LinkedIn while posing as Web3 recruiters.

SlowMist says the attackers follow up with instructions to download and run code from fake GitHub repositories. The bait is framed as a realistic recruitment process: the repository is presented as a “minimum viable product” that the developer should try before the interview, which aligns closely with how technical screenings often work.

The company notes that the workflow looks and feels like a genuine interview assignment: developers are expected to pull code, install dependencies, and launch the project. That resemblance is a key factor in why the attack can be difficult to detect—there may be no obvious sign that a “try it now” task is actually weaponized.

Remote access trojan goals: keys, credentials, and extension data

According to SlowMist, the end goal of the LinkedIn-and-GitHub tactic is to deliver a complete remote access trojan onto the victim’s device. Once installed, SlowMist says attackers can steal sensitive information relevant to Web3 work, including project keys, cloud credentials, or wallet extension data.

Advertisement

SlowMist also emphasizes that this is not an isolated tactic. The report argues that attackers are increasingly exploiting scenarios that encourage developers to run code—such as recruitment tasks, code reviews, and project collaborations—turning normal professional behavior into an infection vector.

It is also notable that SlowMist’s write-up arrives amid a broader pattern of recent warnings. The security firm had also previously cautioned about a separate malware campaign targeting macOS users, designed to steal credentials, hijack Telegram sessions, and ultimately pressure victims into entering wallet recovery phrases via fake websites.

For readers and builders, the common thread across both reports is the same: attackers are calibrating their intrusions to the moments when people are most likely to click “run,” install, or test code—whether that happens after a recruiter message on LinkedIn or after a malicious “app” appears to be a legitimate GitHub tool. The next thing to watch is whether these campaigns expand into more standardized tooling for developers and more automation for account-level compromise, since both Kaspersky and SlowMist describe activity that looks organized and iterative rather than sporadic.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

Advertisement

Source link

Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Crypto World

Tokenization has become a strategic priority for 84% of financial firms

Published

on

Tokenization has become a strategic priority for 84% of financial firms

On Wednesday, DTCC completed its first live production trades involving tokenized securities, marking a major step toward bringing blockchain technology into traditional financial markets.

Broadridge’s findings suggest those efforts are influencing the broader industry. Sixty-eight percent of respondents said tokenization will at least partially reshape financial markets within the next three to five years, while nearly one-third plan to increase investment in tokenization projects by 26% to 50% or more over the next two years.

The survey also found firms are not preparing for an all-onchain future. Instead, 92% expect digital and traditional assets to coexist for the foreseeable future, and 69% plan to integrate tokenization into existing infrastructure rather than build separate blockchain-native systems.

That mirrors the approach taken by many large financial institutions, which have generally focused on connecting blockchain networks to existing trading, custody and settlement systems instead of replacing them.

Advertisement

Adoption remains uneven across the industry. Forty-four percent of capital markets firms said they already have tokenization initiatives in production or operating at scale, compared with 20% of asset managers and 9% of wealth managers.

The survey also pointed to where firms expect tokenization to gain traction first. About 80% of respondents believe tokenized mutual funds and money market funds will play a meaningful role within five years, reflecting the rapid growth of tokenized Treasury products. By comparison, only about half expect tokenized equities to achieve similar adoption over that period.

Source link

Advertisement
Continue Reading

Crypto World

Kaspersky Flags Malware Framework Targeting Crypto Investors

Published

on

Crypto Breaking News

Cybersecurity researchers are flagging a fresh wave of malware tactics aimed at people who hold, build, and advise on crypto-related software. Kaspersky, for instance, says it has discovered a new malware framework—dubbed OkoBot—that targets cryptocurrency investors by combining social engineering with data theft capabilities.

At the same time, SlowMist warns of a separate intrusion campaign that targets Web3 developers through seemingly legitimate recruitment messaging on LinkedIn, pushing victims to run poisoned code hosted on GitHub. Together, the incidents underscore how attackers are increasingly using everyday work routines—interviews, code trials, and app installs—as delivery mechanisms for malware.

Key takeaways

  • OkoBot is designed to steal crypto-related data by harvesting wallet files, browser information, credentials, and injected browser or extension activity.
  • Kaspersky says it has observed multiple OkoBot-linked attacks since January 2026, and that the framework evolved from an earlier campaign called TookPS.
  • OkoBot’s infrastructure reportedly routes all payload delivery through an SSH tunnel, enabling remote data transport to attacker-controlled systems.
  • SlowMist reports LinkedIn-based “recruiter” scams that deliver malicious GitHub repositories disguised as technical interview tasks for Web3 developers.
  • The recruitment workflow mirrors legitimate developer interviews closely enough to lower suspicion, increasing the chance victims will run the malicious code.

OkoBot targets crypto holders through wallet and browser theft

In a report released this week, Kaspersky described OkoBot as a malware framework that kickstarts an infection chain using social engineering and “malicious app” delivery tactics. According to Kaspersky, the initial entry includes tricks such as ClickFix, which aims to persuade users to execute harmful commands, as well as trojanized GitHub applications that can introduce a backdoor to a compromised device.

Once a system is under attacker control, Kaspersky says OkoBot is capable of collecting sensitive information that is directly relevant to crypto ownership. The company reports that the malware can:

  • Harvest cryptocurrency wallet files.
  • Extract browser data and user credentials.
  • Inject malicious extensions.
  • Capture wallet application windows, potentially enabling theft through on-screen or session-related data.

Kaspersky also stated that it identified multiple attacks using this malware family since January 2026. For investors, the practical concern is not only that wallets could be accessed, but also that browser activity and stored authentication data can be used to move faster toward account takeovers or transfer operations.

How the infrastructure works: payload orchestration via SSH

A notable detail in Kaspersky’s analysis is that OkoBot allegedly differs from prior campaigns by how it manages its malicious payloads. Kaspersky said the framework orchestrates all 20 malicious payloads via an SSH tunnel, which supports remote transport of data from compromised computers to systems controlled by attackers.

Advertisement

That matters because it points to an operational model where the attacker retains strong control over follow-on stages after initial compromise. Instead of relying solely on static behavior, a tunneled architecture can help attackers adapt to victims and collect information more reliably, depending on what the malware finds on each host.

Kaspersky also described OkoBot as an evolution of TookPS, a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites. By evolving from an earlier delivery approach and adding more coordinated payload handling, the OkoBot framework appears positioned to increase both infection success and post-compromise effectiveness.

LinkedIn recruitment scams push Web3 devs into running poisoned repositories

Separate research from SlowMist focuses on a different target set: Web3 developers. In a report published on Saturday, the firm said attackers are reaching developers through LinkedIn messages that impersonate Web3 recruiters.

SlowMist’s description of the workflow suggests attackers are deliberately choosing a high-trust, familiar entry point. After initial contact, victims are sent what appear to be fake GitHub repositories, framed as a “minimum viable product” that the developer should install and try before an interview.

Advertisement

The technique is effective, SlowMist argues, because it resembles a real technical interview process. The report notes that a legitimate developer workflow often involves pulling code, installing dependencies, and launching a project—steps victims naturally perform while preparing for an interview. In that environment, malicious code can be less obvious, especially if the victim does not expect a security risk from a repository “connected” to a recruiting conversation.

What attackers aim to steal from developer systems

SlowMist said the end goal is to deliver a complete remote access trojan to the victim’s device. Once established, the malware could enable attackers to steal sensitive materials associated with development and operations, including project keys, cloud credentials, or data tied to wallet extensions.

SlowMist also emphasized that the recruitment approach is part of a broader pattern: attackers are increasingly leveraging scenarios such as recruitment, code reviews, and project collaborations to trick developers into running malicious repositories. In other words, this is not only about deception, but also about timing—waiting for the moment a developer is likely to execute code as part of normal work.

Importantly, this LinkedIn-focused warning came after SlowMist reported another campaign targeting macOS users. That earlier effort, as SlowMist described it, aimed to steal credentials and hijack Telegram sessions in order to coerce victims into submitting wallet recovery phrases through fake websites. While the TTPs differ between the campaigns, both point to the same underlying threat: attackers are methodically chaining social engineering and credential theft to ultimately compromise crypto access.

Advertisement

Going forward, both reports suggest readers should watch for more “legitimate-looking” pathways into compromise—especially where code execution is requested via recruiters, interview workflows, or third-party repositories. For investors and developers alike, the immediate question is not only whether malware is present, but whether attackers can leverage everyday trust and authenticated sessions to reach wallet-relevant secrets quickly.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

Source link

Advertisement
Continue Reading

Crypto World

Adam Back Talks About Bitcoin BIP-110 Controversy. “Satoshi Was Not Retarded”

Published

on

A 1997 Mailing List Holds a Clue to the Satoshi Puzzle

Adam Back, Blockstream’s CEO, dismissed claims that Satoshi Nakamoto backed BIP-110, a contested Bitcoin (BTC) soft fork proposal. He mocked its backers on X for failing to fund what he called a cypherpunk summer celebration.

The exchange unfolded on July 18, 2026, as the debate over BIP-110 proposal approaches a critical signaling deadline. Back predicted the fork attempt would collapse within weeks of that deadline.

Adam Back Questions the Satoshi Assumption

A user on X argued Nakamoto would still back BIP-110 if he were alive today. Back rejected the premise outright. He then questioned whether Nakamoto is even dead, calling it pure speculation either way.

Back also denied being Nakamoto himself. The remark reopened a long-running debate over Bitcoin governance and who speaks for its founding vision. Back has weighed in on this dispute before, in his earlier fork risk warning.

Bitcoin, meanwhile, traded near $63,944 on the Bitcoin price chart, up 1.43% in 24 hours.

BIP-110 Struggles to Gain Miner Support

BIP-110 would temporarily cap the size of arbitrary data miners can embed in Bitcoin transactions, targeting Ordinals-style inscriptions. However, miner backing has stayed minimal so far. Signaling data show just 0.86% of blocks in the current difficulty period support the proposal. That is far short of the 55% threshold needed for lock-in.

Advertisement

Back mocked the proposal’s backers directly, pointing to their failure to monetize the campaign.

sad part is we didnt manage to get the 110 fork to pay for the cypherpunk summer afterparty. no airdrop, no liquidity, no fork futures. no money where their mouth is. ofc as they too know it’s failed.

Back

The comment, meanwhile, echoes the long-running BIP-110 dispute that has split developers for months.

What Happens When Signaling Turns Mandatory

Mandatory signaling begins around block 961,632, roughly three weeks from Friday’s chain tip near block 958,529. Back predicted the fork would stall almost immediately afterward.

Advertisement

He said the first mandatory signaling block would trigger an automatic split. Bitcoin nodes always follow the chain with the most cumulative work.

Miners would have little reason to keep mining once their chain fell behind, Back said. He compared the abandoned fork to a “Pompeii chain,” frozen as a monument to the attempt’s failure.

The prediction follows Back’s earlier pushback against separate claims that Bitcoin would effectively fire noncompliant miners in August.

It also lands alongside renewed chatter about Satoshi’s dormant coins, another flashpoint in the identity debate.

Advertisement

Whether BIP-110 activates or fades away may hinge on how many miners flip the switch once signaling turns mandatory.

The post Adam Back Talks About Bitcoin BIP-110 Controversy. “Satoshi Was Not Retarded” appeared first on BeInCrypto.

Source link

Advertisement
Continue Reading

Crypto World

SpaceX Stock Sinks Below IPO Price: The Hype Is Over?

Published

on

SpaceX Stock Sinks Below IPO Price: The Hype Is Over?

SpaceX (SPCX) shares slipped below their $135 initial public offering (IPO) price this week. The stock had peaked above $200 in the weeks following its record Nasdaq debut. Elon Musk dismissed the retreat and predicted the company will eventually outvalue Earth itself.

The stock was priced at $135 a share in June, raising $75 billion in the largest IPO on record. It has now lost roughly a third of its value from that peak. Short interest surged as the price fell.

SpaceX Stock Price Chart. Source: Yahoo Finance

SpaceX’s Bold Claim Meets a Falling Stock

Musk’s forecast followed a SpaceX stock crash that wiped billions from his fortune this month. Musk responded directly to entrepreneur Peter Diamandis on X.

Diamandis argued that all owned material wealth on Earth totals about $600 trillion. Space, in his view, holds nearly infinite quantities of the same resources.

Advertisement

Musk’s math rests on that comparison, though it hinges on SpaceX reaching goals he never specified. The claim, however, is not new. Musk floated a similar SpaceX outvalue Earth argument earlier this month, well before the stock tested its IPO floor.

SpaceX Stock Price
SpaceX Stock Price. Source: TradingView

Short Sellers Draw Musk’s Ire

Bearish bets against SpaceX climbed sharply as the stock fell. Short interest reportedly reached about 185 million shares, or 29% of the tradable float.

That figure stood at roughly 40 million shares just three weeks earlier. It represents close to $25 billion in bearish wagers. Short sellers already hold an estimated $8.7 billion in paper profits.

The rapid buildup followed SpaceX’s historic IPO, which also sparked a rally in tokens tied to Musk, including Dogecoin. One widely shared post mocked the Ivy League pedigrees of short sellers. Musk then issued a warning of his own on X.

He offered no evidence for that claim, and the stock kept sliding regardless.

What Comes Next for SpaceX

The stock now trades near a level flagged in a recent falling wedge pattern. That pattern points to a possible rebound toward $158. Investors will also watch August share unlocks. That date lets insiders sell shares for the first time since the IPO, adding potential fresh supply.

SpaceX also scrubbed a Starship test flight this week. Automated safety systems halted the countdown at T-minus zero after several Raptor engines failed to ignite. Musk said two engines need replacement, with the next attempt likely early the following week.

Musk has separately argued that the scarcity of goods and services will eventually disappear. It reflects a related piece of his broader worldview on abundance.

Advertisement

That vision, though, remains untested against SpaceX’s near-term performance. Short sellers, meanwhile, appear willing to bet against the stock before the unlock date arrives.

The post SpaceX Stock Sinks Below IPO Price: The Hype Is Over? appeared first on BeInCrypto.

Source link

Advertisement
Continue Reading

Crypto World

Kaspersky exposes OkoBot’s 20-module crypto wallet attack

Published

on

Kaspersky exposes OkoBot’s 20-module crypto wallet attack

Kaspersky has exposed OkoBot, a year-old malware operation that uses roughly 20 modules to steal crypto wallet recovery phrases and has affected users across at least five countries.

Summary

  • Kaspersky uncovered OkoBot using roughly 20 modules to steal crypto wallet credentials.
  • The malware has affected users in Brazil, Vietnam, Canada, Mexico, and Turkey.
  • OkoBot uses fake recovery screens, keylogging, spyware, and ClickFix commands to target victims.

Kaspersky researchers discovered that the malware has remained active for more than a year, according to a report published by Bits.media. Most identified victims were located in Brazil, Vietnam, Canada, Mexico, and Turkey, while the operators blocked IP addresses from Russia and other Commonwealth of Independent States countries.

Distributed through GitHub repositories, OkoBot is disguised as legitimate software, including Microsoft SQL Server Management Studio. Kaspersky found that the attackers rely on the ClickFix social engineering method, which tricks victims into running malicious commands on their own devices.

Advertisement

The technique often presents users with fake error messages, verification steps, or repair instructions. Following those directions causes victims to execute code that installs the malware without realizing the command is malicious.

OkoBot targets seed phrases and wallet credentials

Among OkoBot’s modules, SeedHunter displays a fake recovery interface linked to hardware wallets such as Ledger and Trezor, according to Kaspersky. When users enter their recovery phrases into the fraudulent screen, the module sends the information to the malware operators.

A second module called MC Keylogger records keyboard input and monitors clipboard activity, allowing it to capture passwords, copied wallet addresses, and other credentials. OkoSpyware can track wallet passwords and record videos of open windows, giving attackers another way to observe activity on an infected device.

Advertisement

Once a recovery phrase is exposed, the attackers can use it to take control of the associated wallet and move its assets. Kaspersky warned that victims have little chance of recovering stolen cryptocurrency because blockchain transfers are generally irreversible.

The malware’s modular design also lets its operators collect different types of information from a single infected system. According to the security company’s findings, OkoBot can target both wallet access data and credentials connected to other services used on the device.

ClickFix attacks have also targeted crypto developers

OkoBot is the latest malware campaign found using ClickFix against the cryptocurrency sector. As crypto.news reported in April, North Korea’s state-backed Lazarus Group used the same technique in a macOS campaign known as “Mach-O Man.”

Citing research from CertiK, the report found that Lazarus sent fake online meeting invitations to fintech and crypto executives. Victims were instructed to paste supposed repair or verification commands into the macOS Terminal, which installed malware capable of stealing cryptocurrency and corporate information.

Advertisement

CertiK also found that the Mach-O Man toolkit deleted itself after running, making forensic analysis more difficult. The campaign combined social engineering with terminal-level commands instead of relying only on malicious file downloads.

Developer tools have provided another route into crypto systems. In May, crypto.news reported that TrapDoor malware was distributed through poisoned software packages targeting developers in cryptocurrency, decentralized finance, artificial intelligence, and security infrastructure.

According to that report, TrapDoor sought wallet data, API keys, cloud credentials, and SSH access tied to services and ecosystems including Coinbase, Binance, MetaMask, Brave, Solana, Sui, and Aptos. Researchers also found hidden prompts designed to manipulate Claude and Cursor into running fake security scans that exposed secrets and transmitted them to the attackers.

Advertisement

Source link

Continue Reading

Crypto World

France Orders ISPs to Geoblock Polymarket Over Gambling Rules

Published

on

Crypto Breaking News

France’s gambling regulator has ordered internet service providers to block access to Polymarket, escalating a wave of restrictions aimed at prediction platforms operating outside local authorizations.

In a Friday press release, the Autorité nationale des jeux (ANJ) said prediction websites fall under illegal gambling rules if they are not authorized, adding that advertising or promoting such sites is a criminal offense punishable by fines of up to 100,000 euros.

Key takeaways

  • France’s ANJ has ordered ISPs to block Polymarket, citing lack of authorization and illegal gambling promotion risks.
  • The regulator argues Polymarket’s features resemble regulated gambling, but without “protective mechanisms” found in the legal market.
  • ANJ also raised concerns about possible outcome manipulation, including allegations involving weather-related contracts.
  • Polymarket has already been geoblocked in multiple regions, according to its own documentation.
  • Regulatory scrutiny is not limited to Europe: similar legal disputes have played out in the US between state actors and federal authorities.

France moves to block Polymarket

The ANJ’s order targets access to Polymarket through internet service providers, framing the platform as an unauthorized gambling offering. According to the regulator, Polymarket’s operations are not authorized in France, and the advertising of gambling sites without permission constitutes a criminal offense.

The decision comes as prediction markets continue to gain mainstream attention. Polymarket, in particular, has grown rapidly over the last two years, with trading volume reaching billions of dollars, even as regulators worldwide question whether its event contracts are gambling products, unlicensed offerings, or something closer to financial instruments.

France’s action also reinforces a broader pattern of country-by-country enforcement. Polymarket access has been blocked in places including Singapore, Poland, Portugal, Hungary, Ukraine, Brazil, and Indonesia, while at press time Polymarket said it was geoblocked in 36 regions, based on its published API documentation.

Advertisement

ANJ cites “addictive” mechanics and missing safeguards

Beyond the authorization question, the ANJ’s reasoning focuses on how prediction products are experienced by users. The regulator said Polymarket offers “addictive features” that are comparable to those of legally regulated gambling, but it claims those features are “amplified by the absence of the protective mechanisms found in the legal gambling market.”

This distinction matters for investors and users because it goes to how regulators classify the product. When a platform resembles regulated gambling mechanics but lacks corresponding protections—such as consumer safeguards and oversight—authorities are more likely to pursue takedowns, advertising restrictions, and access blocking, even if the platform markets itself as a different kind of market.

Outcome manipulation concerns and investigation status

The ANJ also pointed to the risk of outcome manipulation in certain event contracts. It cited alleged rigging, including a specific example: bets tied to weather outcomes where the regulator said weather sensors may have been hacked.

“Some of the bets offered on this platform appeared to be rigged: for example, bets on the weather revealed that weather sensors may have been hacked.”

In addition, the cybercrime unit of the Paris Public Prosecutor’s Office opened an investigation in May 2026 and, according to the article’s account of the regulator’s findings, identified a lack of identity verification safeguards such as Know Your Customer checks.

Advertisement

For participants, this kind of enforcement pressure highlights a key operational fault line: regulators are not only focused on contract structure, but also on platform controls—especially around participant verification and the reliability of the information used to settle outcomes.

France builds on earlier warnings, while US regulators escalate

This is not France’s first move. Earlier coverage noted that the ANJ shared plans in November 2024 to block Polymarket after the platform allegedly failed to comply with national gambling laws, and the Friday decision follows through with the required ISP-level blocking.

The French action arrives amid an ongoing legal fight over prediction markets in the United States. On June 17, Kentucky sued five prediction market platforms, including Kalshi and Polymarket, alleging they were operating unlicensed sports betting platforms—according to the earlier reporting cited in the article. Additional states have followed suit. Separately, the Commodity Futures Trading Commission (CFTC) has sued New Mexico, arguing that state-level interference encroached on the federal regulator’s exclusive authority over federally regulated event contracts, as reflected in the referenced CFTC dispute.

Taken together, the US and France developments underscore a persistent regulatory tension: prediction markets sit at the intersection of gambling law, securities and commodities frameworks, and consumer protection rules. Even when platforms frame themselves as market infrastructure for forecasting rather than wagering, regulators appear willing to treat them as gambling-like products when participation mechanics and consumer risk resemble traditional betting.

Advertisement

As France implements the ISP blocking order, the next question for readers and market participants is how Polymarket and other affected platforms will adjust compliance, identity verification, and settlement-risk controls—and whether the broader trend shifts from geoblocking to more formal legal resolutions in major jurisdictions.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

Source link

Advertisement
Continue Reading

Crypto World

Ethereum braces for CLARITY vote as bulls defend crucial support

Published

on

Polymarket chart shows 39% odds of the CLARITY Act becoming law in 2026.

Ethereum has risen 1.8% to $1,845 after Rep. Bryan Steil raised hopes for a Senate vote on the CLARITY Act next week, while ETF inflows and firm chart support kept traders cautiously bullish.

Summary

  • Ethereum rose 1.8% as Bryan Steil raised hopes for a CLARITY Act vote next week.
  • Spot Ethereum ETFs recorded $105 million in weekly inflows, their highest since April.
  • ETH must defend $1,830 and break $1,854 to target the $1,947 resistance zone.

Steil, who chairs the House Financial Services Subcommittee on Digital Assets, told FOX Business that the bill could reach the Senate floor in the coming week. Passage could place ETH under a digital commodity framework and establish federal rules for its trading and oversight.

During a July 17 hearing, Steil urged lawmakers to complete the legislation as the Senate prepares to consider it. “Let’s pass CLARITY,” he stated in remarks published by the House Financial Services Committee.

Advertisement

Polymarket traders raised the probability of the bill becoming law in 2026 to 39% from 30% on July 17. However, unresolved disputes over ethics rules and stablecoin yields have kept the odds below 50%.

Polymarket chart shows 39% odds of the CLARITY Act becoming law in 2026.
Source: Polymarket

Institutional flows have also improved. SoSoValue data showed that spot Ethereum ETFs attracted $105 million between July 13 and July 17, their strongest weekly inflow since April.

Ethereum’s decentralized finance activity has grown alongside the ETF demand. DeFiLlama placed the network’s total value locked at about $40.5 billion, up from roughly $36 billion at the start of July. The network also processed $978.9 million in decentralized exchange volume and 2.46 million transactions over the past 24 hours.

Ethereum must clear $1,854 to reopen the path toward $1,947

Ethereum’s daily chart shows a double-bottom structure formed around $1,511, with the neckline near $1,847. ETH briefly climbed to $1,947 before returning to test the neckline, which now overlaps with the 0.786 Fibonacci retracement at $1,853.82.

Advertisement
Ethereum daily chart shows ETH testing $1,854 resistance after forming a double-bottom pattern.
Ethereum daily price chart — July 18 | Source: crypto.news

A daily close above $1,854 would place the recent $1,947 high and the 100-day exponential moving average near $1,939 back in play. The double-bottom structure has a measured target near $2,180, while crypto analyst Michaël van de Poppe expects $2,200 to $2,400 if the $1,780 support remains intact.

Daily momentum still favors buyers, although the pace has slowed. The MACD line stands at 35.57, above the 21.69 signal line, while the positive histogram has contracted to 13.88. The relative strength index sits at 57.15, leaving ETH below overbought territory.

Advertisement

On the 4-hour chart, Ethereum (ETH) remains inside an ascending channel that has guided the recovery since late June. Its lower boundary and the previous Supertrend support meet around $1,830, while the upper boundary extends toward $2,040. Chaikin Money Flow remains positive at 0.07, but the active Supertrend resistance at $1,908 must fall before buyers can retest the July high.

Ethereum 4-hour chart shows ETH holding near $1,830 support inside a rising channel.
Ethereum 4-hour price chart — July 18 | Source: crypto.news

CoinGlass’ 48-hour liquidation heatmap places the nearest dense leverage cluster between $1,860 and $1,870. More positions sit around $1,900, while downside liquidity has accumulated near $1,810 and $1,790.

Ethereum liquidation heatmap shows major leverage clusters near $1,870, $1,900, and $1,810.
Ethereum liquidation heatmap | Source: CoinGlass

According to analyst Ted Pillows, the $1,820–$1,850 region will decide ETH’s next move.

“If Ethereum holds above it, expect another uptrend towards $1,950–$2,000.”

A break below $1,780 would weaken Ethereum’s recovery

Ethereum would lose its 4-hour channel if sellers force a close below $1,830. Such a move would expose the 50-day EMA near $1,812 and could trigger leveraged long liquidations around $1,810.

A deeper decline below the 61.8% Fibonacci level at $1,780.64 would weaken the double-bottom setup and open the 50% retracement at $1,729.24. Pillows also cited the escalating U.S.-Iran situation as a risk to the $1,820–$1,850 support zone.

Political uncertainty remains another invalidation risk. Failure to resolve the CLARITY Act’s ethics and stablecoin provisions could delay a Senate vote, remove the immediate catalyst behind ETH’s rebound, and place the $1,780 support under renewed pressure.

Advertisement

Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.

Advertisement

Source link

Continue Reading

Crypto World

Wall Street adapts to new era of Federal Reserve communications

Published

on

Fed Chairman Warsh promises inflation will be a ‘thing of the past,’ cites ‘mistake’ of prior policy

F/m Investments’ Washington, D.C., office is just a short drive from the Federal Reserve‘s headquarters. But under the central bank’s new leadership, CEO Alexander Morris has found the distance feeling far greater.

Fed Chairman Kevin Warsh embarked on an overhaul of the central bank’s forward-looking communication since taking the post in May. That move sounded the alarm for market participants like Morris, whose investing theses rely in part on predicting what the Fed will do with interest rates.

“We’ve made a pretty good business out of decoding Fedspeak,” said Morris, referring to the jargon-heavy communication preferred by central bank leaders. “And he just said he was going to go quiet on us.”

Advertisement

This week, Morris’ firm, which manages exchange-traded funds tied to inflation and U.S. Treasurys, released “WarshGPT.” It’s an artificial intelligence-powered tool that parses nearly 1,800 documents and transcripts from Warsh, with the goal of helping users understand how he may analyze issues related to the economy or monetary policy.

F/m Investments is one of many financial institutions readying for an era with less public forecasting from Warsh’s Fed. In some cases, they’re turning to AI models to gain an edge in investing.

“Whether the Fed is providing a lot of information or a little information, investors have to understand what the Fed is likely to do in the future,” said Gary Richardson, a former historian at the central bank who’s now a University of California, Irvine, economics professor. “With limited information, people are going to try to do anything they can to figure out what the Fed is thinking.”

US Federal Reserve Chair Kevin Warsh speaks during his first news conference since taking the helm at the central bank on June 17, 2026 in Washington, DC.

Advertisement

Chen Mengtong | China News Service | Getty Images

Greetings and briefcase sizes

Investors and Fed watchers have wondered if former Chairman Alan Greenspan‘s communication style can serve as a baseline for what to expect under Warsh.

In that era, Richardson said people joked that Greenspan simply saying “good evening” could cause a market decline. Financial media tracked a so-called briefcase indicator, which operated on the theory that Greenspan carrying a bulkier bag meant he accumulated evidence for why borrowing costs should be altered. 

Alan Greenspan

Advertisement

Anjali Sundaram | CNBC

Already, Warsh has made expectations clear for a shift in how the Fed publicizes information. One of his task forces aimed at reshaping the Fed’s operations is focused on how the central bank communicates.

June’s Federal Reserve meeting statement — the first such release under Warsh — contained around 130 words, down from figures above 300 words seen in prior publications, a CNBC analysis found. Warsh, who acknowledged the statement was “shorter” and “simpler,” said it purposefully excluded forward guidance.

In his first post-decision press conference as chairman, Warsh allocated 5% of sentences to policy-relevant topics, according to UBS. That number came in at 27% for an average meeting under predecessor Jerome Powell, the bank said.

Advertisement

‘One word can move dollars’

F/m Investments’ WarshGPT chatbot cost less than $1,000 to build with Anthropic‘s Claude model, despite the name being a riff on rival OpenAI‘s ChatGPT. It took roughly two weeks to create from inception to release, a timeframe that included pre-rollout testing by a group that included Fed alumni and newsletter writers.

In addition to Warsh’s communications, the product also taps into economic and political history to ensure its responses have context. But F/m set limits to what WarshGPT can do: The bot doesn’t talk as Warsh and will not offer offer forward statements or forecasts.

F/m isn’t the only large firm reconsidering its strategies and tools for understanding a Warsh-led central bank. 

UBS runs an interactive dashboard for clients to track the Fed’s policy tone. It allows users to have an unbiased assessment of Warsh’s commentary during meetings, according to Elena Amoruso, a strategist at the Swiss bank.

Advertisement

Following Warsh’s debut policy meeting as chief last month, Amoruso told clients that Warsh’s policy-relevant comments were “overwhelmingly hawkish.” The central bank leader’s stance was driven by his views on the labor market and growth, she said, in addition to the state of inflation.

“Arguably, this is the most high-value data set … in terms of how much one word can move dollars,” Amoruso told CNBC.

At JPMorgan Asset Management, chief global strategist David Kelly has some backup plans if the Fed stops putting out key releases. If the central bank does away with the “dot plot,” for instance, Kelly said his team will more closely mull over speeches by members of the Federal Open Market Committee — the group tasked with setting interest rates — to get a sense of how they would next vote.

To be sure, Kelly said major changes to Fed communication would likely take several months to announce and implement. He said the final decisions may not be as drastic as some expect.

Advertisement

“Just like the Federal Reserve says it can be patient in adjusting interest rates to the economy, we can be patient in adjusting our resources,” Kelly said.

‘Less clarity’

Christopher Waller, governor of the US Federal Reserve, during the Federal Reserve’s Payments Innovation Conference in Washington, DC, US, on Tuesday, Oct. 21, 2025.

Aaron Schwartz | Bloomberg | Getty Images

Retail traders may need to further diversify their portfolios to account for added policy uncertainty under Warsh, according to UC-Irvine’s Richardson. Investment firms looking to get ahead, meanwhile, will be spending big to hire Fed alumni who can help make predictions in a lower-transparency environment, Richardson said.

Advertisement

There are already differing expectations forming for how the Fed will proceed with policy in the coming months.

Fed funds futures traders are pricing in an almost 59% likelihood that the central bank increases interest rates in September, according to CME’s FedWatch tool. On the other hand, Kalshi traders think it’s most likely that the Fed will keep rates unchanged at that meeting.

“For ordinary investors, it’s already really hard for them to figure out what’s going on,” Richardson said. “It’s going to become much harder.”

Fed Chairman Warsh promises inflation will be a ‘thing of the past,’ cites ‘mistake’ of prior policy
Choose CNBC as your preferred source on Google and never miss a moment from the most trusted name in business news.

Source link

Advertisement
Continue Reading

Crypto World

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

Published

on

Kaspersky Uncovers Malware Framework Targeting Crypto Investors

Kaspersky has uncovered a new malware framework targeting cryptocurrency investors.

Dubbed “OkoBot,” the malware initiates an infection chain that starts with social engineering tactics such as ClickFix, which tricks users into running malicious commands, or trojanized GitHub apps that deliver a backdoor to infected devices, the cybersecurity company wrote in a Wednesday report.

The malware can harvest crypto wallet files, browser data and user credentials, inject malicious extensions and capture wallet application windows to steal assets. Kaspersky said it identified multiple attacks involving this malware family since January 2026.

Kaspersky added that the malware framework evolved from “TookPS,” a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites, and that it opens the door to copycat attacks.

Advertisement

It differs from prior campaigns by orchestrating all 20 malicious payloads via an SSH tunnel, which enables the remote transport of data from infected computers to remote machines controlled by attackers.

Original OkoBot infection chain. Source: Kaspersky

Fake LinkedIn recruitment campaigns target Web3 developers with malware

Separately, a new malware campaign is seeking to infiltrate the devices of Web3 developers via fake LinkedIn recruitment opportunities, according to SlowMist.

Attackers contact blockchain developers via LinkedIn, posing as Web3 recruiters. They then send fake GitHub repositories to victims, claiming they contained the minimum viable product that needed to be tried before the interview, the blockchain security company said in a Saturday report.

Advertisement

The workflow closely resembles a legitimate technical interview where developers pull code, install dependencies and launch a project, which makes it difficult to notice the attack, according to SlowMist.

Related: UK sentences 2 hackers tied to $115M crypto ransom scheme

The malware aims to deliver a complete “remote access trojan” that infects devices, enabling attackers to steal project keys, cloud credentials, or wallet extension data from these developers.

“This attack is not an isolated case,” wrote SlowMist, adding that recent incidents illustrate that “attackers are increasingly leveraging scenarios such as recruitment, code reviews and project collaborations to trick developers into actively running malicious repositories.”

Advertisement

The report came a day after SlowMist warned of a separate malware campaign targeting macOS users, aiming to steal their credentials and hijack their Telegram sessions to ultimately trick investors into entering their wallet recovery phrases through fake websites.

Magazine: Does Botanix’s failure prove Bitcoiners don’t care about DeFi?

Source link

Advertisement
Continue Reading

Crypto World

Cathie Wood buys SpaceX dip after stock sinks to post-IPO low

Published

on

SpaceX stock drops 5.43% to close at $123.99 after briefly falling near $122.50.

Cathie Wood’s ARK Invest has bought $18.3 million of SpaceX shares after the stock fell 5.43% to a new post-IPO low, according to the firm’s July 17 trading report.

Summary

  • ARK Invest bought $18.3 million of SpaceX shares after the stock hit a post-IPO low.
  • Four ARK ETFs acquired 147,623 shares as SpaceX closed 8.2% below its IPO price.
  • SpaceX delayed Starship Flight 13 after two Raptor engines failed during pre-flight testing.

According to ARK’s daily disclosure, four of its actively managed exchange-traded funds purchased a combined 147,623 SpaceX shares as the stock closed Friday at $123.99. During the session, shares dropped as low as $122.12.

SpaceX stock drops 5.43% to close at $123.99 after briefly falling near $122.50.
Source: Yahoo Finance

The ARK Innovation ETF made the largest purchase, adding 95,129 shares worth about $11.8 million based on Friday’s closing price. ARK’s Autonomous Technology & Robotics ETF bought 30,464 shares valued at $3.78 million, while its Space Exploration & Innovation ETF added 12,611 shares worth around $1.56 million.

Completing the purchase, the ARK Next Generation Internet ETF acquired another 9,419 SpaceX shares valued at approximately $1.17 million, according to the same disclosure.

Advertisement

ARK adds to its SpaceX position below the IPO price

Friday’s purchase has extended a series of SpaceX investments made by Wood’s firm since the company entered the public market in June.

As crypto.news previously reported, ARK bought roughly $52.1 million of SpaceX shares during the week ending July 10 through the ARKK, ARKQ, ARKW and ARKX funds. Data from Ark Invest Tracker showed that those purchases lifted the firm’s investment since the June IPO above $475 million.

Ark Invest Tracker also reported that ARK acquired about $444 million of SpaceX stock around the company’s June 12 market debut. Its latest purchase came with the shares trading 8.2% below their $135 offer price, based on Friday’s closing value.

Advertisement

While adding to SpaceX, ARK reduced its exposure to Robinhood Markets during the same trading session. The firm’s report showed that ARKW sold 20,089 Robinhood shares and ARKK disposed of another 5,913 shares.

Robinhood ended Friday at $99.96 after losing 5.72% during the session. ARK’s disclosure did not provide a reason for selling the 26,002 shares.

Starship delay adds pressure to SpaceX shares

As crypto.news reported, SpaceX’s latest decline followed the cancellation of Starship Flight 13 shortly before its scheduled launch. According to the report, at least two Raptor engines on the Super Heavy booster failed to ignite during pre-flight testing, prompting the company to stop the mission minutes before liftoff.

Elon Musk later stated that SpaceX would replace the affected engines. The company subsequently rescheduled Flight 13 for July 20 at 6:45 p.m. ET.

Advertisement

Commenting on the stock’s decline, cognitive scientist Gary Marcus linked the latest weakness to rising doubts about Musk’s performance. Marcus expected another record low to be more likely than a sudden and much larger collapse, according to his assessment cited in the report.

Tesla investor Sawyer Merritt offered a different view, arguing that traders had overreacted to a short operational delay. Merritt maintained that postponing the launch by several days did not represent a serious setback for SpaceX.

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025