Crypto World
Ketman Project Identifies 100 North Korean IT Workers Working in Web3
The Ketman Project, funded by an Ethereum Foundation stipend, identified 100 North Korean IT workers and alerted about 53 projects employing DPRK operatives.
The Ethereum Foundation said it funded a six-month project that exposed 100 North Korean operatives who had infiltrated Web3 companies under fake identities.
The foundation on Thursday shared a recap of its ETH Rangers program, which was launched in late 2024 to provide “stipends for individuals doing public goods security work” within the ecosystem.
One of the recipients used the capital to build the Ketman Project to focus on investigating “fake developers” embedded within crypto, particularly operatives from the People’s Republic of Korea.
During the six-month stipend period, the Ketman Project identified “100 different DPRK IT workers operating within Web3 organizations” and reached out to about 53 projects to alert them about having potentially employed active DPRK operatives.
“This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today,” the Ethereum Foundation said.
North Korean operatives have been plaguing the crypto sector, leading to billions worth of crypto stolen over the years. One of the highest-profile hacking groups from North Korea is known as the Lazarus Group.
The Ethereum Foundation did not go into detail about how the Ketman Project was able to identify the DPRK operatives. However, the project’s website has an extensive range of articles explaining the types of “tactics, behaviors and operational patterns” the operatives deploy.
Related: CIA to integrate AI ‘co-workers’ to process intelligence, catch spies
They include technical red flags such as reusing avatars and profile metadata across multiple GitHub accounts, exposing unlinked email addresses during accidental screen sharing, and displaying default language settings, such as Russian, that contradict their claimed nationality.
Alongside identifying North Korean operatives, the Ketman Project also developed an open-source detection tool to identify suspicious GitHub activity and co-authored an industry-standard framework for identifying DPRK IT workers in partnership with blockchain-focused nonprofit organization the Security Alliance.
Magazine: Nobody knows if quantum secure cryptography will even work
Sanctioned crypto exchange Grinex halted trading after a suspected state-level cyberattack drained up to $15 million in crypto.
Summary
- Grinex suspended trading after a suspected state-linked attack drained about $13.7 million from 54 wallets.
- On-chain data shows roughly $15 million in USDT moving through Tron and Ethereum, with funds converted to avoid freezing.
Grinex said Thursday it had suspended operations after losing more than 1 billion Russian rubles, roughly $13.7 million, from 54 wallets in what it described as a highly sophisticated breach. The Kyrgyzstan-registered exchange pointed to signs that the attackers had access to resources typically associated with foreign intelligence agencies.
“Due to the attack, the Grinex exchange has been forced to suspend operations. All available information has been transferred to law enforcement agencies. A criminal complaint has been filed at the location of the infrastructure,” the exchange said.
Details shared by Grinex suggested a coordinated operation rather than a routine exploit. The platform said the digital footprint and execution pointed to “an unprecedented level of resources and technology available only to entities of hostile states.”
The incident adds fresh scrutiny to an exchange already under watch from Western authorities. Grinex has been widely linked to Russia’s sanctioned crypto infrastructure and has been described by blockchain analysts as a continuation of the previously blacklisted Garantex platform.
Earlier findings from Global Ledger indicated that Garantex shifted liquidity and user balances to Grinex following its shutdown in March 2025. On-chain data showed funds moving through one-time-use wallets before landing in Grinex accounts, while some users reported that balances frozen on Garantex later appeared on the new platform. Investigators also pointed to similarities in website design and internal confirmations, suggesting operational overlap between the two entities.
Garantex had been sanctioned by the United States in 2022 for facilitating illicit finance and was later targeted by European Union restrictions. Operations formally ceased in March 2025 after Tether froze nearly $2.5 billion worth of ruble-backed stablecoins tied to the exchange. Authorities in India also arrested co-founder Aleksej Bešciokov shortly after the shutdown.
Multiple platforms may have been exposed
According to TRM Labs, activity tied to the attacker may extend beyond Grinex. The blockchain intelligence firm identified two wallets linked to Kyrgyzstan-based exchange TokenSpot that sent about $5,000 to the same consolidation address used in the Grinex breach.
TokenSpot acknowledged a temporary disruption earlier this week. A notice on its Telegram channel mentioned technical work and a brief outage on April 15, followed by confirmation a day later that full services had resumed.
Further analysis from TRM Labs uncovered at least 16 additional addresses connected to the incident, beyond those disclosed by Grinex. Funds from the attack were funneled into a single address holding around 45.9 million TRON, valued close to $15 million.
Funds routed to avoid freezing risk
Blockchain analytics firm Elliptic has traced roughly $15 million in USDt leaving Grinex-linked accounts and moving across the Tron and Ethereum networks. The firm said the attacker converted the stablecoins into other assets soon after the theft.
“This USDT was then converted to another asset, either TRX or ETH. By doing so, the thief avoided the risk of the stolen USDT being frozen by Tether,” Elliptic said.
Past incidents show a pattern of exchanges tied to sanctioned jurisdictions becoming targets for politically motivated or financially driven attacks. Iran-based platform Nobitex lost $81 million in June 2025, with a pro-Israel hacker group claiming responsibility.
Attention now turns to whether Grinex can resume operations and how authorities respond, especially given its alleged role in facilitating sanction evasion and links to previously blacklisted entities.
The Ethereum ecosystem has expanded its security toolkit with a six-month initiative funded through its ETH Rangers program. The Ketman Project, described as a public‑goods security effort, identified a network of North Korean operatives embedded in Web3 companies, pinpointing 100 DPRK IT workers and alerting about 53 projects that could be employing such operatives. The Ethereum Foundation summarized the findings in a recent recap, underscoring the importance of the project for the broader ecosystem.
According to the Ethereum Foundation, the Ketman Project was built during a six‑month period under the ETH Rangers program, which launched in late 2024 to fund individuals performing security work for the ecosystem. One recipient used the stipend to tackle the Ketman initiative, focusing on exposing fake developers and other actors impersonating legitimate crypto engineers.
During the stipend period, Ketman identified 100 DPRK IT workers operating within Web3 organizations and reached out to about 53 projects to alert them to potential DPRK involvement. The Foundation framed the effort as a direct response to a pressing operational security threat facing the Ethereum ecosystem today.
The Ketman Project’s own materials outline the tactics, behaviors, and patterns used by DPRK-linked actors. The project describes several red flags used to spot impersonators and suspicious activity, including the reuse of avatars and profile metadata across multiple GitHub accounts, exposure of unlinked email addresses during screen sharing, and default language settings—such as Russian—that contradict the operators’ claimed nationality.
Beyond identification, Ketman co‑developed an open‑source detection tool to flag suspicious GitHub activity and helped author an industry-standard framework for identifying DPRK IT workers in partnership with the blockchain‑focused nonprofit Security Alliance. The Ketman site provides deeper dives into the operational methods employed by DPRK operatives and how attackers blend into crypto teams.
Key takeaways
- Ethereum Foundation funded the Ketman Project through the ETH Rangers program for six months, revealing a DPRK‑linked presence in Web3 and alerting dozens of projects.
- The effort identified 100 North Korean IT workers and prompted alerts to roughly 53 projects over the course of the program.
- Ketman developed an open‑source detection tool and co-authored an industry‑standard framework for identifying DPRK IT workers with the Security Alliance.
- Red flags highlighted by Ketman include reused avatars across GitHub accounts, exposed emails from screen sharing, and default language settings that conflict with stated nationality.
- The work illustrates a broader push to harden the crypto economy against state‑backed threat actors, leveraging community‑driven intelligence alongside formal governance bodies.
Operational security gains and investor implications
The Ethereum Foundation’s recap frames Ketman as a pragmatic response to a persistent risk: state‑backed actors tied to DPRK have repeatedly targeted the crypto sector, contributing to significant losses over the years. By mapping specific operational patterns and distributing defensive signals to projects, the initiative helps reduce the attack surface for startups and established protocols alike. For investors and builders, the development signals a maturing security culture where threat intel is disseminated more quickly and translated into concrete protections rather than remaining in isolated analysis.
From a risk management perspective, the Ketman project embodies a shift toward proactive defense in public ecosystems. The combination of detection tooling and a formal framework provides participants with repeatable methods to vet contributors and contractors, potentially lowering the likelihood of insider risks or compromised open‑source projects slipping through governance gaps. While it is not a silver bullet, the approach adds a data‑driven layer to ongoing security work in the space where rapid innovation often clashes with evolving threat models.
Context: DPRK actors, Lazarus, and the crypto threat landscape
Threat actors associated with North Korea have long loomed over crypto infrastructure, with high‑profile breaches attributed to groups such as Lazarus. Analysts note that as the market grows, so does the fingerprint of these actors—ranging from social engineering and fake personas to sophisticated supply‑chain compromises. The Ketman Project’s findings fit within this larger pattern of state‑linked crypto threats, reinforcing the case for heightened due diligence, better attribution signals, and more transparent security collaborations among projects and communities.
That context matters for investors and practitioners alike. Enhanced threat intelligence—especially when backed by open‑source tools and cross‑organizational collaboration—can help teams prioritize security spend and adopt stronger onboarding and verification practices. It also raises questions about how to balance openness with security in open ecosystems where contributors span the globe and operate under varying regulatory regimes.
What to watch next
Several questions remain as the Ketman initiative wraps its six‑month window. How widely will the open‑source detection tool be adopted by projects and exchanges? Will the Security Alliance and Ketman publish ongoing, standardized benchmarks to measure the effectiveness of the DPRK‑identification framework? And how will platforms translate these threat signals into concrete changes—such as enhanced contributor vetting, more robust identity checks, or stricter code‑review processes?
The Ethereum Foundation’s involvement signals continued institutional support for security tooling that is broadly usable across the ecosystem. If Ketman’s tools and methodologies gain traction, we could see a shift from ad hoc security reviews to more coordinated, sector‑wide threat intelligence sharing. That development would be a meaningful catalyst for ecosystem resilience, especially as decentralized finance, layer‑2 scaling, and new Web3 use cases proliferate.
In the near term, what remains uncertain is the scalability and sustainability of such programs. Will funding through ETH Rangers translate into a larger, repeatable budget for security research? How will other ecosystems—ranging from alternative smart contract platforms to fiat‑onramp operators—adopt similar threat intelligence frameworks? The coming months will reveal whether Ketman’s approach can be generalized into a standard practice for securing crypto projects against sophisticated, state‑backed adversaries.
Readers should monitor announcements from the Ketman Project and the Security Alliance for updates on the framework, as well as any new threat alerts tied to DPRK‑linked actors. The effort underscores a broader industry trend: security is increasingly a collaborative, community‑driven discipline that complements technical development with actionable intelligence and governance‑level responses.
For those evaluating risk in personal or institutional deployments, this development offers a reminder to emphasize transparency, contributor verification, and proactive security monitoring as core components of any long‑term crypto strategy. The fight against sophisticated threat actors is ongoing, but initiatives like Ketman mark a tangible step toward a safer, more resilient ecosystem.
Former Treasury Secretary Henry Paulson has called on U.S. policymakers to prepare an emergency response plan for a potential breakdown in demand for U.S. Treasurys, warning that the consequences could be severe.
Summary
- The Former Treasury Secretary has warned U.S. authorities to prepare an emergency plan for a potential collapse in Treasury demand.
- Rising U.S. debt and higher yields have raised concerns about a feedback loop that could strain the financial system.
- Heavy Treasury exposure among stablecoin issuers like Tether has added risk for crypto markets during periods of stress.
Speaking in a Bloomberg interview on Thursday, Paulson urged authorities to have a “break-the-glass” framework ready in advance, describing it as a targeted and short-term intervention designed for moments of extreme stress.
“We need an emergency break-the-glass plan, which is targeted and short-term, on the shelf, so it’s ready to go when we hit the wall,” he said. “When we hit it, it will be vicious, so we have to prepare for that eventuality.”
Concerns around the Treasury market have been building as U.S. government debt continues to climb past $39 trillion, raising questions about long-term sustainability and investor appetite.
Treasurys remain the foundation of global finance, serving as the benchmark against which assets such as corporate bonds, mortgages, and equities are priced. Any disruption in that market risks cascading effects across the financial system.
Economists have long warned of a potential feedback loop where rising debt levels push investors to demand higher yields, increasing borrowing costs, and increasing the fiscal deficit. A scenario where the Treasury struggles to attract sufficient buyers could leave the Federal Reserve stepping in more aggressively, effectively absorbing supply to stabilize markets.
A breakdown in the Treasury market would not leave digital assets untouched, with both upside and downside risks coming into play.
On one side, a loss of confidence in U.S. debt or a wave of monetary expansion could drive capital toward alternative stores of value, including Bitcoin and gold. Inflation concerns and pressure on the dollar have historically strengthened the case for non-sovereign assets.
At the same time, stablecoins introduce a direct link between crypto markets and U.S. government debt. Tether, the largest stablecoin issuer, holds a significant portion of its reserves in Treasurys, including Treasury bills and overnight reverse repurchase agreements.
U.S. Treasury officials have already taken steps aimed at improving market functioning, including a large-scale debt buyback announced on Thursday.
Authorities accepted $15 billion worth of older securities maturing between 2026 and 2028, marking the largest such operation to date. The program is designed to retire less liquid bonds and inject cash back into the system, giving investors room to reallocate capital.
Liquidity management measures like these are intended to keep trading conditions stable, though concerns around long-term demand continue to shape discussions among policymakers and market participants.
Key takeaways
- Pi Network’s PI token holds steady at $0.1730, up 4.5% from the previous day.
- The Pi Core Team’s upgrade to enable smart contracts, with a deadline set for April 27, is a potential catalyst.
Pi Network’s PI token has managed to hold steady around $0.1770 as of Friday, adding a 4.5% gain from the previous day.
The Pi Core Team (PCT) is driving momentum with the impending upgrade to the mainnet, which will enable smart contract functionality—expected to be a key catalyst for price movement.
PI rallies ahead of the Protocol 22 upgrade
PI is up 4.5% in the last 24 hours, outperforming the broader cryptocurrency market. The rally comes after the Pi Core Team announced that April 27 is the final deadline for all mainnet nodes to complete necessary steps for remaining connected to the network, as part of the Stellar Protocol version 22 upgrade.
While this upgrade will cause a brief 15-minute downtime during internal data transfer, it lays the groundwork for future improvements. Additionally, the full upgrade to version 26 is slated for June 22, ahead of Pi2Day on June 28.
Will PI rally higher in the near term?
The PI/USD 4-hour chart is bearish and efficient, trading above the $0.1770 level. However, Pi Network remains in a bearish posture, with the token still trading below the 50-, 100-, and 200-day Exponential Moving Averages (EMAs).
The immediate resistance level is marked at $0.1785, corresponding to the 50-day EMA, followed by stronger resistance at $0.1865 (100-day EMA) and $0.2334 (200-day EMA).
However, momentum indicators present mixed signals. The Relative Strength Index (RSI) at 71 is above the neutral 50 line, and is heading into the overbought region.
The Moving Average Convergence Divergence (MACD) crossing above its signal line indicates growing bullish momentum.
On the downside, key support is found at $0.1556, near the February 23 low, with further weakness potentially exposing $0.1310 if the market slips below this level.
The cryptocurrency market has entered a “sustained crypto winter,” according to CoinGecko, as spot trading volumes on centralized crypto exchanges rapidly fell over the first quarter of 2026.
Crypto market capitalization fell by more than 20% during the first quarter as “bearish momentum from late 2025 collided with global geopolitical instability,” CoinGecko said in a report on Thursday.
That caused the top 10 centralized exchanges by spot volume to record a 39% decrease in trading volume over the quarter ended in March, dropping to $2.7 trillion from $4.5 trillion in the fourth quarter of 2025.
The drop comes as the crypto market has struggled to maintain positive momentum after Bitcoin (BTC) hit a record high of more than $126,000 six months ago, as the wider market reacted to fears of an economic slowdown and uncertainty over the fallout from US-Israeli strikes on Iran in February.
March was the “weakest month,” according to CoinGecko, with $800 billion in trading volume, the lowest since November 2023.
CoinGecko said that the contraction in crypto markets was worsened by Kevin Warsh’s nomination as US Federal Reserve chair, which signaled “a potential hawkish shift in US monetary policy.”
Related: Three things Bitcoin must do to hold highs above $76K: Analysts
It added that daily trading activity across the crypto market saw “a significant decline” over the first quarter, with average daily trading volumes at $117.8 billion, a drop of 27% compared to the fourth quarter of 2025.
All of the top 10 spot centralized exchanges recorded declining volumes in the first quarter, CoinGecko said, with HTX, formerly Huobi, seeing “the biggest slump” quarter-on-quarter as volumes dipped 55% to $133.6 billion.
It said that Bitcoin fell 22% over the first quarter, “continuing to underperform all assets, despite US equity indexes such as NASDAQ and S&P 500 falling -7.1% and -4.8% respectively, their worst quarterly returns since 2022.”
Big Questions: Should you sell your Bitcoin for nickels for a 43% profit?
Crypto World
Federal Authorities Transfer Bitcoin (BTC) From Bitfinex Hack to Coinbase Prime Custody
Key Takeaways
- Federal authorities transferred approximately $606,000 worth of Bitcoin (8 BTC) connected to the 2016 Bitfinex security breach to Coinbase Prime
- The cryptocurrency is associated with Ilya Lichtenstein, responsible for stealing 119,756 BTC from Bitfinex in 2016, valued at roughly $72M during the theft
- Legal statutes mandate the confiscated Bitcoin must be returned directly to Bitfinex rather than liquidated for government revenue
- Bitfinex has outlined plans to utilize recovered assets for redeeming Recovery Right Tokens and burning LEO tokens
- Federal wallets currently contain 328,361 BTC with an estimated value approaching $24 billion
Federal authorities executed a transfer of roughly $606,000 in Bitcoin to Coinbase Prime this past Thursday. On-chain records verified the movement of 8 BTC, with the assets directly traceable to cryptocurrency stolen during the 2016 Bitfinex security incident.
Blockchain intelligence provider Arkham detected and reported the transaction, establishing a connection between the coins and Ilya Lichtenstein, the individual responsible for orchestrating one of the digital currency industry’s first significant exchange compromises.
When government-held cryptocurrency moves to trading platforms, it typically sparks speculation about possible liquidation. However, this particular situation differs significantly—legal requirements explicitly mandate the coins be restored to Bitfinex rather than converted to cash.
This transaction represents the third such movement from government wallets, following similar transfers documented on March 3 and April 10, both relating to distinct cryptocurrency enforcement actions.
On August 2, 2016, Lichtenstein leveraged a security flaw in Bitfinex’s multi-signature wallet infrastructure. Through fraudulent authorization of more than 2,000 separate transactions, he successfully diverted 119,756 Bitcoin into a wallet under his exclusive control.
The stolen Bitcoin represented approximately $72 million in value when the breach occurred. With current market prices hovering around $74,000 per unit, that identical quantity now carries a valuation of roughly $8.9 billion.
Following the security breach, Lichtenstein collaborated with his spouse, Heather Morgan, in an extensive five-year operation attempting to obscure the funds’ origins. Their methods included utilizing cryptocurrency mixing services, darknet marketplace transactions, cross-chain transfers, and physical gold acquisitions.
During February 2022, FBI investigators successfully decrypted archived files within Lichtenstein’s cloud storage infrastructure. The breakthrough revealed a detailed spreadsheet cataloging more than 2,000 private cryptographic keys, providing law enforcement complete access to virtually all stolen assets. Officials ultimately seized approximately 94,636 Bitcoin, representing $3.6 billion at that time.
Disposition of Recovered Cryptocurrency Assets
Early in 2025, federal judicial proceedings established definitively that confiscated coins require in-kind restoration to Bitfinex. Government agencies lack authorization to liquidate the cryptocurrency and redirect revenues to federal coffers.
Bitfinex has publicly outlined its strategy for handling returned assets. The platform commits to completely redeeming all outstanding Recovery Right Tokens, which represent digital instruments issued to account holders who sustained losses during the breach.
No less than 80% of any surplus net proceeds will fund the repurchase and permanent removal of its UNUS SED LEO token from circulation, adhering to previously established whitepaper obligations.
Lichtenstein received a five-year federal prison sentence in November 2024. Morgan was assigned 18 months.
Federal Cryptocurrency Portfolio Overview
Lichtenstein secured release in January 2026 through provisions of the First Step Act. He publicly expressed gratitude to President Donald Trump via X platform following his release.
Federal authorities presently maintain custody of 328,361 Bitcoin distributed across various government wallets, representing approximately $24 billion in current valuation. Additional holdings include roughly $146 million in Ethereum alongside diverse alternative cryptocurrencies.
Government officials announced previously that confiscated Bitcoin reserves would contribute toward establishing a national strategic Bitcoin reserve program.
A Texas man found guilty of helping orchestrate a cryptocurrency scam project that defrauded $20 million from nearly 1,000 investors has been sentenced to 23 years behind bars by a US judge on Tuesday.
US District Judge LaShonda Hunt sentenced Robert Dunlap, who served as a trustee of the project that sold the fictional token Meta-1 Coin, to prison and ordered him to pay restitution to victims of the fraud, according to the Illinois US Attorney’s office.
Assistant US attorneys Jared Hasten and Paige Nutini said in the government’s sentencing memorandum that Dunlap was “unrepentant” and that his lies grew “over the years.”
“Would-be criminals planning to engage in similar conduct need to know that such actions will be met with a serious repercussion that includes loss of one’s liberty for an extended period of time,” they added.
Regulators and authorities are turning up the heat on crypto scammers. In March, a man accused of hacking defunct DeFi platform Uranium Finance was charged with one count of computer fraud and one count of money laundering.
Token backed by $44 billion in gold, rare artworks
A federal jury in the Northern District of Illinois convicted Dunlap in November on two counts of mail fraud, each carrying a possible sentence of up to 20 years in federal prison.
He was accused of conspiring with others to market and sell Meta-1 Coin through a Meta-1 Coin Trust from 2018 to 2023, making false and misleading statements to investors, including that the token was backed by a $1 billion art collection made up of works by Pablo Picasso and Vincent van Gogh and $44 billion in gold.
Related: There’s more to crypto crime than meets the eye: What you need to know
Dunlap and his co-conspirators used automated trading bots to artificially inflate the market price and trading volume of the Meta-1 Coin on the Meta Exchange, a website Dunlap created, according to authorities.
In March 2020, the US Securities and Exchange Commission (SEC) ordered an asset freeze and other emergency relief orders to stop Dunlap, another alleged accomplice, Nicole Bowdler and former Washington state Senator David Schmidt from marketing and selling Meta-1 Coin.
The defendants allegedly told investors that Meta-1 Coin was risk-free and could offer returns of up to 224,923%. Instead, the coins were never distributed and the funds were used to cover personal expenses and buy luxury cars, including a Ferrari, according to the SEC.
Magazine: Forget stablecoin yield, how does the CLARITY Act treat DeFi?
Crypto World
Bitcoin (BTC) Surges Past $76K as Ceasefire Optimism Fuels Rally and Short Squeeze Potential
Key Takeaways
- Bitcoin surged to approximately $76,000 this week, marking its strongest performance in several months, propelled by diplomatic progress between the United States and Iran.
- President Trump’s announcement of a 10-day Israel-Lebanon truce provided additional momentum, briefly pushing BTC toward the $75,000 threshold.
- Technical analysts emphasize that a decisive weekly close above $76,000 is essential to validate a genuine trend reversal, with subsequent price objectives ranging from $84,000 to $96,000.
- Perpetual funding rates for Bitcoin have plunged into deeply negative territory, indicating heavy short positioning that could catalyze a violent short squeeze.
- Spot Bitcoin exchange-traded funds recorded $451 million in net inflows on Tuesday, though market watchers stress the need for sustained daily flows to maintain upward momentum.
Bitcoin has emerged as one of the most closely monitored assets over the past several days, reaching a multi-month peak near $76,000 before moderating to approximately $74,700 by Friday morning Asian trading hours. The upward movement reflects a combination of easing geopolitical tensions and renewed appetite from institutional capital.
The principal driver behind this rally has been growing confidence surrounding the U.S.-Iran ceasefire agreement, which has influenced pricing across various risk-sensitive assets. An additional 10-day cessation of hostilities between Israel and Lebanon, unveiled by President Trump, further bolstered market sentiment. Bitcoin’s price advanced from an intraday bottom near $73,000 to peak at $74,800 in the immediate aftermath of Trump’s statement.
According to Polymarket prediction market data, traders are assigning an 87% likelihood that the U.S.-Iran ceasefire will be prolonged beyond its April 21 deadline. Pakistani officials quoted by Al Jazeera referenced a “major breakthrough” in discussions concerning Iran’s nuclear ambitions, which had represented the primary obstacle during initial negotiation rounds.
Global equity markets participated in the rally, with the MSCI All Country World Index recording a fresh all-time high on Thursday. The S&P 500 similarly achieved a historic peak. This broad risk-on environment provided tailwind support to cryptocurrency markets, with Ether posting weekly gains of 6%, XRP advancing 6.4%, and Dogecoin climbing 5.6%.
Critical Levels According to Market Experts
Analyst Crypto Patel identified “$76K as the level that decides everything,” noting that a higher-timeframe candle close beyond this zone would clear the path toward the $84,000–$96,000 price range. Glassnode data reveals that over 2 million BTC were accumulated within that zone throughout the previous six months.
Trading analytics platform Material Indicators highlighted several layers of technical resistance, including the yearly opening price at $87,500 and the 50-week moving average positioned at $97,000. Analyst Rekt Capital emphasized that BTC requires a weekly close above $72,800 simply to “confirm a breakout.”
The bull score index, a composite measure of overall Bitcoin market strength, climbed to 40 on April 15—its most elevated reading since late October 2025. CryptoQuant analyst Arab Chain observed that the index remains within neutral territory and must breach the 60 threshold to indicate robust bullish conditions.
Extreme Short Positioning Creates Squeeze Scenario
Bitcoin perpetual funding rates have collapsed into deeply negative territory during recent trading sessions, touching levels not observed since 2023. Negative funding rates indicate that short position holders are compensating long position holders—a clear signal of heavy bearish positioning.
Daniel Reis-Faria, CEO of ZeroStack, explained to CoinDesk: “Funding rates this negative tell you the market is heavily short. If Bitcoin continues to move higher despite that, a lot of those positions could get liquidated, and the move can accelerate quickly.” Reis-Faria projected that BTC could climb to $125,000 within the next 30 to 60 days if short positions face forced liquidation.
On-chain analyst CryptoVizArt presented an alternative perspective, observing that Bitcoin’s “True Market Mean” indicates the average active holder is currently holding unrealized losses. Historically, prolonged periods trading beneath this metric have aligned with Bitcoin’s most severe downturns.
Spot Bitcoin ETF activity shows mixed signals, with Tuesday’s trading session producing $451 million in net inflows. Bitcoin’s daily transaction volume recently touched 17-month peaks.
Hyperbridge has revised losses from its April 13 exploit to roughly $2.5 million. That is about 10 times the original estimate of $237,000.
The team disclosed the new figure in a post-incident update on April 16. The revision adds losses from associated incentive pools. It also reflects forensic work across four EVM chains.
What the Revised Figure Includes
According to initial reports, an attacker minted 1 billion bridged DOT tokens and liquidated the entire amount in a single transaction, generating 108.2 ETH (roughly $237,000).
However, the team noted that the figure did not reflect the complete situation.
“Following reconciliation of attacker activity across each of the four chains, the two-phase nature of the attack, and losses from the associated incentive pools, the revised total realized loss is approximately $2.5 million, denominated in ETH and DOT at the time of the exploit,” the blog read.
Follow us on X to get the latest news as it happens
The analysis also clarified the sequence of events leading to the breach. What looked like a single exploit was in fact two linked events about an hour apart.
The attacker initially extracted approximately 245 ETH from the Token Gateway contract. Roughly an hour later, they carried out unauthorized minting of nearly 1 billion bridged DOT tokens.
These were subsequently offloaded into available liquidity across decentralized exchanges.
“On April 13, 2026, an attacker exploited a vulnerability in the Merkle Mountain Range (MMR) proof verification logic, allowing the culprit to mint assets and drain escrowed assets on Token Gateway. This affected DOT token pools on connected EVM networks: Ethereum, Base, BNB Chain, and Arbitrum,” the team explained.
The team emphasized that the exploit remains contained within the Token Gateway and the impacted bridged token contracts on the EVM networks.
Hyperbridge Recovery Path and Compensation
The blog revealed that a significant portion of stolen funds has been traced to Binance. Hyperbridge said it is working with the exchange’s compliance team and law enforcement on asset freezes. The team cautioned that meaningful recovery could take months to a year.
If recovery falls short, affected users will be made whole in BRIDGE tokens, the native asset of the Hyperbridge network. The compensation mechanism and disbursement schedule will be shared on April 13, 2027, exactly one year after the exploit.
“Pursuing recovery first, before any token-based compensation, is in service of affected users. Issuing token compensation prematurely, before on-chain tracing, exchange compliance processes, and law enforcement coordination have been given the time they need to produce results, would dilute the very asset we are committing to affected users and reduce the real value they ultimately receive,” Hyperbridge mentioned.
The team added that the Token Gateway remains paused and will not resume operations until the vulnerability is fully patched, the fix has undergone an independent audit with the report made public, and additional safeguards are implemented and operational. The coming months will test whether Hyperbridge can recover a meaningful share of the stolen funds.
The post Hyperbridge Confirms Bridged Polkadot Exploit Was 10x Worse Than First Reported appeared first on BeInCrypto.
TLDR:
- Public miners sold over 32,000 BTC in Q1 2026, breaking the previous record set during the 2022 Terra-Luna collapse..
- Hashprice sits near $33/PH/s/day, below the ~$35 breakeven, leaving roughly 20% of miners operating at a loss.
- American Bitcoin holds 7,000+ BTC with $25/PH/s production costs, choosing accumulation over selling amid the downturn.
- New West Data pays under $0.02/kWh using flared gas power, keeping older mining hardware profitable at current hashprice levels.
Public bitcoin miners have unloaded over 32,000 BTC in Q1 2026, setting a new quarterly record. This figure already surpasses total net sales for all of 2025.
Major operators including MARA, CleanSpark, Riot, Cango, Core Scientific, and Bitdeer contributed to the tally. Hashprice currently sits around $33 per PH/s per day, below the estimated $35 breakeven.
Roughly 20% of miners are now operating at a loss amid rising network difficulty and reduced block rewards.
Record Liquidations Reflect Deepening Mining Pressures
The Q1 2026 sell-off exceeds even the roughly 20,000 BTC liquidated during Q2 2022. That quarter saw market turmoil triggered by the Terra-Luna collapse.
The scale of current selling marks a sharp reversal from just over a year ago. Miners ended 2024 with a net addition of 17,593 BTC, pushing combined reserves above 100,000 BTC.
Network difficulty today stands approximately ten times higher than it did in 2021. Block rewards were also cut in half following the 2024 halving event.
Bitcoin’s price remains above its previous cycle peak despite retreating from all-time highs above $120,000. Even so, compressed margins are forcing many operators to liquidate holdings to fund daily operations.
For many miners, selling bitcoin remains the fastest way to shore up balance sheets. Meeting debt obligations in a selective financing environment has become a pressing priority.
Hashprice hovering near all-time lows leaves little room for operators with older, less efficient fleets. Those paying higher electricity costs face the sharpest margin compression.
Total BTC holdings across miners have slipped from roughly 1.86 million in 2023 to around 1.8 million today. The trend points to sustained selling pressure rather than a one-time event.
Aggressive hashrate expansion following China’s 2021 mining ban laid the groundwork for today’s difficult economics. The industry is now absorbing the consequences of that rapid, unchecked growth.
Diverging Strategies Emerge Across the Mining Sector
Not all miners are responding to the downturn by selling. American Bitcoin, the proprietary mining arm of Hut 8, has been actively accumulating.
The company held more than 7,000 BTC as of early April, up from zero a year earlier. Its all-in cash production cost was around $55,000 per bitcoin in Q4 2025, or roughly $25 per PH/s.
Meanwhile, operators with ultra-low power costs maintain a structural edge. New West Data, a Canadian firm mining with flared natural gas, pays below $0.02 per kilowatt-hour for power.
That cost level keeps even older hardware profitable at current hashprice levels. The company tripled its compute capacity in 2025 and plans to do so again this year.
Software optimization is also gaining traction as an alternative to hardware upgrades. Luxor recently launched Commander, a fleet management tool that adjusts power settings every five minutes.
The platform reportedly delivers 8% to 14% profitability gains over traditional curtailment methods. It currently manages about 5 EH/s of customer hashrate since its recent launch.
The broader industry is no longer operating as a uniform block. Power economics, balance sheet strength, and operational sophistication now separate survivors from those under strain.
What was once a scale-driven business is fragmenting into distinct strategic camps. That divergence is likely to grow more pronounced as hashprice pressure continues through 2026.
Sanctioned crypto exchange Grinex suspends trading after $14M hack
How I Perform a Financial Analysis With AI in 5 minutes
Tucker Carlson Slams Trump’s AI Jesus Picture
-
Politics7 days agoUS brings back mandatory military draft registration
-
Sports7 days agoMan United discover Nico Schlotterbeck transfer fee as defender reaches Dortmund agreement
-
Fashion7 days agoWeekend Open Thread: Veronica Beard
-
Politics5 days agoWorld Cup exit makes Italy enter crisis mode
-
Business6 days agoTesla Model Y Tops China Auto Sales in March 2026 With 39,827 Registrations, Beating Cheaper EVs and Gas Cars
-
Crypto World4 days agoThe SEC Conditionalises DeFi Platforms to Be Avoided for Broker Registration
-
Crypto World3 days agoSEC Signals Exemption for Crypto Interfaces From Broker Registration
-
News Videos2 days agoSecure crypto trading starts with an FIU-registered
-
NewsBeat4 days agoPep Guardiola and Gary Neville agree over Arsenal title problem that benefits Man City
-
Business6 days agoIreland Fuel Protests Enter Day 5 as Blockades Spark Shortages and Government Prepares Support Package
-
Business7 days agoOpenAI Halts Stargate UK Data Centre Project Over Energy Costs and Copyright Row
-
Crypto World6 days agoFederal judge blocks Arizona from bringing criminal charges against Kalshi
-
NewsBeat3 days agoTrump and Pope Leo: Behind their disagreement over Iran war
-
Crypto World3 days agoSEC Proposes Certain Crypto Interfaces Don’t Need to Register as Brokers
-
NewsBeat5 days agoJD Vance announces ‘no agreement’ with Iran over nuclear weapons fear
-
Business6 days agoIMF retains floor for precautionary balances at SDR 20 billion
-
Business6 days agoFormer Liverpool CEO eviscerates FIFA for World Cup ticket pricing
-
Crypto World4 days ago
Sei Network Enters Quiet Reset Phase as On-Chain Metrics Signal a Slowdown in 2026
-
Business6 days ago
Coreweave CSO Venturo sells $5.5m in class a common stock
-
Sports6 days ago
1st-Round WR Enters Vikings Mock Draft Orbit
You must be logged in to post a comment Login