Crypto World
North Korea just stole $577mn from crypto with two attacks, here’s how
In April 2026, two hacks worth $577 million accounted for 76% of all crypto theft this year. Both were the work of North Korea’s Lazarus Group.
Summary
- North Korea-linked Lazarus attacks drained $577 million from Drift Protocol and KelpDAO.
- The Drift exploit relied on social engineering, compromised devices, and multisig approvals.
- KelpDAO’s breach triggered a DeFi bank-run risk after rsETH collateral spread through Aave.
- The attacks show DeFi security now depends on human, operational, and bridge-layer defenses.
Neither was a smart contract exploit. The attackers spent six months posing as a trading firm, attending crypto conferences in person, and building real relationships with engineers at Drift Protocol before extracting the signatures they needed to drain $285 million in twelve minutes.
The other attack drained $292 million from a single vulnerable bridge node. This is no longer a crypto security problem. It is a state-sponsored intelligence operation, run by a country that uses the proceeds to fund its weapons program. And the industry is only just starting to admit it.
Twelve minutes in April
At 16:06:09 UTC on April 1, 2026, an attacker drained the major vaults of Drift Protocol, the largest decentralized perpetual futures exchange on Solana, of roughly $285 million in user assets. The first withdrawal moved 41.72 million JLP tokens. The last moved 2,200 wrapped ETH. The entire treasury was emptied in twelve minutes, about the time it takes to write a long text message.
The team’s first public statement, posted on X within hours, asked the community to confirm the unusual activity they were seeing was not an April Fool’s joke. It was not. It was the culmination of six months of methodical preparation by operatives working for the government of North Korea.
Seventeen days later, on April 18, attackers drained $292 million from KelpDAO, a restaking protocol, by manipulating a single-verifier configuration in its LayerZero bridge. The two attacks combined accounted for roughly 95 percent of April’s $625 million in crypto theft, which made April 2026 the worst month for crypto security in recorded history. Year-to-date theft through April crossed $1 billion. TRM Labs pinned 76 percent of the entire 2026 total on two attacks. Both were the work of the same threat actor.
That threat actor is the Lazarus Group, the umbrella name Western intelligence agencies use for state-sponsored hacking operations run out of the Reconnaissance General Bureau, North Korea’s primary intelligence agency. Since 2017, Lazarus and its sub-units have stolen over $6 billion in cryptocurrency.
By Chainalysis figures, $2.06 billion of that was stolen in 2025 alone, driven primarily by the catastrophic $1.5 billion Bybit hack in February of that year, the largest crypto theft in history. The 2026 pace puts the group on track to comfortably pass the 2025 total.
This is not a crypto security story in any conventional sense. The threats DeFi protocols face today are not the threats they were designed to defend against. The 2020-era worry was smart contract bugs and flash loan exploits, vulnerabilities in code. The 2026 reality is sustained, multi-country, multi-month operations run by intelligence professionals who do not need a code exploit because they already have the keys. They just had to convince someone to hand them over.
That is what the Drift attack was. And understanding it is the most important security education any crypto holder, builder, or executive can get right now.
The Drift operation, step by step
Drift Protocol’s own post-mortem, published in early April, reads more like a counterintelligence report than a security disclosure. It begins in October 2025.
At a major crypto conference, a group of individuals presenting themselves as representatives of a quantitative trading firm approached Drift contributors. They had verified professional backgrounds, demonstrated technical fluency, and asked exactly the kinds of questions a real institutional trading firm would ask about integrating with a perpetuals protocol. Drift contributors, who deal with such requests routinely, treated them like any other potential institutional partner.
Drift has since clarified that the individuals at those in-person meetings were not North Korean nationals. Lazarus operations almost always use third-party intermediaries for face-to-face contact, with the actual technical operators staying inside North Korea or China. Blockchain investigator ZachXBT, who has been tracking DPRK crypto operations for years, has noted this layered identity structure is one of the defining features of Lazarus campaigns.
The group did not stop after the first conference. Over six months, the same operatives, or operatives presenting the same identities, appeared at multiple global industry events, deepening relationships with specific Drift contributors. A Telegram group was set up for ongoing discussion of trading strategies and integration possibilities. From December 2025 through January 2026, the fake trading firm “onboarded an ecosystem vault” with Drift, submitting strategy details and depositing over $1 million into the protocol as a partner. This is not a normal scam operation. This is an intelligence service running a HUMINT campaign with a budget.
By February and March 2026, the relationships were deep enough that contributors trusted these counterparties to share repositories and applications. According to Drift, the attackers used two specific malware vectors. One involved sharing repositories that contained code which, when opened in VSCode or Cursor (the AI-augmented code editor), could trigger silent code execution through a then-unpatched vulnerability. The other involved a contributor downloading what was presented as a wallet product distributed through TestFlight, Apple’s beta-testing platform, which compromised the device.
Once the attackers had access to the right machines, they had access to the right wallets. And once they had the right wallets, the rest of the operation was logistics.
On March 23, more than a week before the theft, the attackers set up four wallets using Solana’s “durable nonce” feature, which lets pre-signed transactions execute at any future point. Two of those wallets belonged to compromised members of Drift’s Security Council, the multisig signer group that controlled the protocol’s most sensitive functions. The other two were under direct attacker control. Through social engineering and the compromised devices, the attackers obtained the multisig approvals from two of the five Security Council signers needed to execute the pre-signed transactions.
On April 1, while the Drift team was carrying out a routine withdrawal from the insurance fund, the attackers executed two of the pre-signed transactions four block slots apart. The transactions seized admin control, introduced a synthetic asset called CarbonVote Token (CVT) into the spot market, manipulated its price through wash trading on two decentralized exchanges to give the false appearance of legitimate value, and raised the protocol’s USDC withdrawal limit to 500 trillion. CVT was then deposited as collateral against the entire treasury. Twelve minutes later, $285 million was gone.
The attackers swapped the stolen assets to USDC through Jupiter, Solana’s largest DEX aggregator, and bridged approximately 129,000 ETH worth $270 million to Ethereum through Circle’s CCTP protocol. They held the stolen USDC for several hours before completing the bridge. Circle did not freeze the funds during that window. Security researcher Specter noted at the time that the attackers had deliberately avoided converting to Tether, which suggested confidence Circle, specifically, would not intervene. They were correct.
Why none of this is new, and why that matters
The temptation, reading the Drift post-mortem, is to treat it as an extraordinary one-off. A six-month operation. Multiple compromised devices. Pre-signed transactions. Wash-traded fake collateral. It reads like a Hollywood script.
But step back, and the architectural fingerprints of every major Lazarus DeFi attack of the past three years are identical. A compromised human signer. A weakened multisig configuration. A delayed or absent timelock. A malicious payload disguised as a routine operation. The Bybit hack in February 2025, the $1.5 billion theft now attributed by the FBI to a Lazarus sub-cluster called TraderTraitor, used the same approach. Bybit’s signers believed they were approving routine cold wallet operations through Safe’s multisig infrastructure. They were not. The Safe infrastructure had been compromised through a developer-side attack, and the transaction they signed transferred control of the wallet contract itself.
Go back further and the pattern holds. The 2022 Ronin Bridge hack, which lost $625 million from Axie Infinity’s bridge, started with fake LinkedIn job offers targeting a developer. A malicious “interview challenge” downloaded malware. The malware compromised validator nodes. The attackers got the five validator signatures they needed and drained the bridge. The 2024 DMM Bitcoin hack, a $300 million loss, started the same way: a fake recruiter contacting an engineer at Ginco, the wallet provider DMM relied on. The 2023 CoinsPaid attack, the same playbook again. The same playbook keeps working because the attack surface, human trust, has not been hardened the way smart contracts have been.
That repetition is the most important thing to understand about the Lazarus problem. Smart contract auditing has become a routine discipline in DeFi. Every serious protocol gets audited, often by multiple firms. Bug bounty programs are widespread. None of that catches a six-month social engineering operation targeting the human signers. The asymmetry between the maturity of code security and the maturity of operational security is the gap Lazarus has spent five years industrializing inside.
The 2026 evolution adds two new wrinkles. One is the use of AI-augmented coding tools as an attack vector. VSCode and Cursor have made it dramatically easier for developers to open and run code from external sources. That convenience also expanded the attack surface. The Drift attack exploited a specific vulnerability where opening a repository in a development environment could trigger silent code execution. This was not a flaw unique to Drift. It was a class of vulnerability sitting under every developer in the industry who uses these tools, which is most of them. The second wrinkle is AI itself. Cybersecurity researchers testifying before US House subcommittees this spring have noted DPRK operatives are now using AI tools to generate more convincing fake personas, draft more plausible communications, and speed up the early-stage reconnaissance of targets. The same productivity tools transforming legitimate businesses are transforming the attackers, too.
What North Korea actually does with the money
It is worth being precise about where the stolen funds end up, because this is where the crypto industry’s discomfort with the story becomes most acute.
The United Nations Panel of Experts on North Korea has estimated that cryptocurrency theft funds a material portion of the DPRK’s missile and nuclear weapons development budget. That estimate is now reflected in formal US Treasury and South Korean intelligence assessments. North Korea’s cumulative crypto theft, at over $6 billion since 2017, makes the activity one of the regime’s largest sources of foreign currency, alongside coal exports to China and the dispatch of overseas IT workers.
The mechanics of getting from “stolen ETH” to “weapons procurement” are well-documented. After the initial theft, funds are typically swapped into Bitcoin or stablecoins, then routed through cross-chain bridges to obscure the trail. THORChain, the cross-chain swap protocol, has become a favored route precisely because its operators have publicly refused to consider freezing or screening transactions, treating any such intervention as counter to the protocol’s decentralization principles. THORChain processed the majority of laundering volume from both the Bybit and KelpDAO heists. From there, funds move through Russian crypto exchanges and Chinese over-the-counter desks before being converted to fiat and channeled into procurement networks that buy components and materials sanctioned by international agreement.
The crypto industry’s role in this pipeline is uncomfortable but unavoidable. Every protocol exploit by Lazarus is, in effect, a transfer of capital from crypto users to weapons development by a state that has threatened nuclear strikes against its neighbors. Every undefended multisig is a contribution to that pipeline. Every developer who clicks a “portfolio company interview” calendar invite without verification becomes, in a real sense, a line item in the DPRK’s missile budget.
This is a hard sentence for an industry built on permissionless access and decentralization. The instinct in crypto, going back to its origins, has been to treat code as the locus of trust, and to be suspicious of intermediary screening, address blocklists, and centralized intervention. That instinct served the industry well in many contexts. It serves it poorly here. THORChain’s refusal to screen transactions is consistent with its stated principles, and it is also why North Korea uses THORChain. Both things are true.
The systemic risk that almost happened
The KelpDAO attack on April 18 is structurally distinct from Drift in one important respect: it produced something the crypto industry has talked about for years but never actually witnessed at scale. A DeFi bank run.
Within hours of the KelpDAO bridge being drained, the stolen rsETH (KelpDAO’s restaking receipt token) was deposited as collateral on Aave and other lending platforms, while the underlying KelpDAO contracts were paused and the token’s true value collapsed. Aave users who had lent ETH against rsETH collateral suddenly found their loans backed by worthless assets. Within 48 hours, more than $8.4 billion in deposits left Aave. Total DeFi TVL across the ecosystem dropped by over $13 billion in the same window, as users withdrew first and asked questions later.
This was not a panic. It was a classic, textbook bank run, the kind banking regulators design deposit insurance and lender-of-last-resort facilities specifically to prevent in traditional finance. DeFi has neither. The fact Aave’s smart contracts kept functioning, that withdrawals kept clearing, and that the system held together is genuinely remarkable, and is largely a credit to the protocol’s design. But the outcome was much closer to a cascading liquidation event than most coverage acknowledged.
The implication is structural. As DeFi has matured, it has built composability, the property that any token can serve as collateral for any other product. That composability is what makes DeFi useful, and it is also what makes a single compromised asset capable of propagating losses across multiple protocols within hours. Aave’s safety module was insufficient to absorb the eventual bad debt from rsETH-backed loans. Estimates suggest $100 to $120 million in losses remained after the insurance fund was depleted, and Aave’s governance is now openly debating who pays for what is left. The proposal under consideration would split losses evenly among lenders who held the affected positions.
This is, in plain language, a depositor-bail-in event for one of the largest lending protocols in DeFi. It is a kind of risk that did not meaningfully exist in the pre-composability version of crypto. It exists now, and Lazarus has just demonstrated how to trigger it.
What actually has to change
A piece that only described the problem would be a downer. The harder question is what would actually have to change for the Lazarus problem to become tractable.
Three things, in order of how difficult they are to implement.
The first is operational security culture inside DeFi protocols. The attack surface Lazarus exploits is not technical. It is human. That means the defenses have to be human too: training contributors to recognize social engineering, hardening hiring and onboarding processes against fake-identity infiltration, requiring multiple-channel verification before signing material transactions, and treating “this seems too good to be true” as the security signal it actually is. Some of this is happening, but it is happening project by project, with no consistent industry standard. The DeFi industry’s auditing infrastructure took five years to professionalize. The operational security equivalent is at year one.
The second is the architectural design of governance and multisig systems. Many of the attacks Lazarus has succeeded with depend on a specific vulnerability pattern: a multisig with relatively few signers, a timelock that is either short or absent, and no automated controls that would flag unusual transactions before they execute. The architectural fix is not exotic. Longer timelocks. More signers. Independent monitoring of pending transactions. Hardware-enforced separation between signing keys and developer machines. Protocols that have put these measures in place have generally not been the ones drained. Protocols that have not, have been.
The third is the infrastructure layer. THORChain’s refusal to screen transactions is an architectural choice, and one with a real principled defense behind it. But that choice has, by 2026, become a load-bearing pillar of the laundering pipeline used by the world’s most prolific state-sponsored crypto thief. At some point, the question of how to handle infrastructure-level neutrality versus systemic complicity will have to be confronted, and it will not be resolved entirely within crypto. It will involve sanctions enforcement, exchange compliance, and international coordination. Some of that is already happening. TRM Labs’ Beacon Network, which alerts member exchanges and protocols when known-bad addresses receive funds, expanded significantly in 2025 and 2026. The pace of those institutional responses, however, lags the pace of the attacks they are trying to catch.
What this means for the industry
The hardest thing about the Lazarus story is that it forces the crypto industry to confront a truth that does not fit cleanly into its self-conception.
For most of its history, crypto has framed itself as a struggle between innovators and outdated regulators, between permissionless systems and gatekeepers, between code and human discretion. In that framing, the threats to the industry came from external pressure: governments trying to restrict it, banks trying to compete with it, journalists writing it off. The Lazarus reality is different. The threat is not external pressure. The threat is a hostile state-sponsored adversary that has industrialized the exploitation of crypto’s specific structural features, the lack of intermediary screening, the prevalence of multisig governance, the speed of cross-chain settlement, the difficulty of recovering laundered funds, against the industry itself.
This adversary does not care about the ideological commitments crypto makes to itself. It cares about extracting value, and the design choices that make crypto useful are the same design choices that make it efficient to steal from. The industry has spent years debating whether it should be more or less like the legacy financial system. The Lazarus problem suggests the more interesting question may be how to build a defensible version of the system crypto has actually become: composable, fast, cross-chain, and now, demonstrably, a target.
The numbers from April 2026 will not be the worst the industry sees. That is not pessimism. It is the trend line. The same Lazarus operations that ran six months of preparation for Drift have almost certainly been running other operations in parallel against other protocols. Some of those will succeed. The question is whether, by the time the next $300 million theft happens, the industry has done the work to make the operation cost more than the payoff, or whether April 2026 is a preview of what happens when state-sponsored adversaries find a target environment that is permanently mispriced.
For now, the answer is unclear. What is clear is that the conversation has moved past “DeFi has a security problem” to something more specific and much harder. A nation-state intelligence service has identified an asymmetric attack surface and has been exploiting it, with growing sophistication, for half a decade. The industry’s defenses have not yet caught up to the reality that this is what it is up against.
That gap is the story. The next year of crypto security will be about whether the industry closes it, or whether the gap closes the industry instead.
This article is for informational purposes and does not constitute security or investment advice. Security incidents, attribution, and recovery efforts evolve quickly; the figures and operational details described reflect reporting available as of mid-May 2026. Always do your own research and consult qualified security professionals.
Lawmakers in Brazil have advanced a bill that would let authorities freeze cryptocurrency assets linked to investigations. This bill is part of an effort to combat online fraud and organized crime in Brazil.
The bill is called PL 5819/2025. A committee in Brazil’s Chamber of Deputies approved it. If this bill becomes a law, courts will have the power to freeze crypto holdings stored on exchanges and other financial platforms when people are under investigation for cyber fraud and related offenses.
Authorities Gain Broader Powers Over Digital Assets
Judges will be able to order the blocking of cryptocurrency balances along with bank accounts. Supporters of this bill say criminals use assets to move and hide funds, making it hard for investigators to recover stolen money.
This bill also aims to strengthen penalties for cyber fraud. Prison sentences for online fraud offenses could rise from four to eight years to six to ten years. People linked to criminal groups may face even harsher punishments.
The proposal builds on Brazil’s efforts to keep an eye on digital assets. This year, President Luiz Inácio Lula da Silva signed a law that lets authorities freeze, seize, and even liquidate cryptocurrencies connected to criminal activities. The law also allows confiscated crypto assets to fund public security programs, including police equipment, intelligence operations, and officer training.
Brazil Tightens Crypto Oversight
Brazil has become one of the most active crypto markets in Latin America, so regulators are introducing stricter rules for the sector. The country’s central bank recently implemented requirements for virtual asset service providers, including stronger anti-money laundering measures and cybersecurity standards.
Regulators say this cyber fraud bill is aimed at stopping criminals from exploiting assets while ensuring law enforcement can respond more effectively to online financial crimes.
Conclusion
Brazil’s latest legislative push shows that the country is serious about stopping cyber fraud and organized crime. By expanding the government’s ability to freeze and recover cryptocurrency assets, lawmakers hope to close loopholes used by criminals while strengthening the framework surrounding digital assets. If this bill is approved, it could make Brazil one of the region’s more proactive regulators of the crypto industry. Brazil and crypto will be closely watched as this bill moves forward.
Here is the thing about capitulation calls. They only sound smart in hindsight. Right now, with Bitcoin price scraping along the low $60,000s, calling for a run to the mid $70,000s feels like wishful thinking. Elon Musk’s SpaceX AI is making predictions anyway, pinning a 30-day target of $72,000 to $78,000 on a coin that just got cut nearly in half.
From $63,000, that is a 14% to 24% bounce, and the entire argument rests on the idea that the people selling right now are the ones who always sell at the bottom.
That is really what the bull case comes down to. More than 50% of supply is sitting in loss, which xAI reads not as weakness but as the classic capitulation flush that has marked the floor in past cycles.
Long-term holders are quietly accumulating into that fear, ETF outflows are drying up, and June has a habit of leaning green historically.
Add even a whiff of macro liquidity relief or regulatory clarity and you get the spark for a violent short-covering rally.
The confident version of this story has BTC pushing through $65,000 resistance and accelerating toward the mid $70,000s by mid July as sentiment flips.
xAI is honest about the other side, though. If $60,000 gives way decisively, capital keeps bleeding into AI and equities, and macro stays heavy, Bitcoin slips toward $55,000 to $58,000.
The interesting tell is that it frames that drop as a higher-probability buy zone rather than the start of a real crash. In other words, even the downside scenario is treated as a discount, not a disaster.
Bitcoin Price Prediction: Where The Sellers Run Out Of Sellers
So does the chart back any of this up. Pull up the daily and the damage is obvious. Bitcoin is at $63,024 after a long ugly slide from the $126,000 peak set back in October, a drop that has erased more than half the move.
The trend is unmistakably down, lower high after lower high, and the latest leg just dumped price into the low $60,000s where it printed a candle near $60,000 before this small bounce.
But that exact zone is the whole story. This $60,000 to $62,000 shelf is where buyers stepped in hard back in February, and it is the floor xAI is leaning on.
Lose it on a daily close and $58,000 opens up quickly, with $55,000 underneath. Hold it, and the first real test is $65,000, the level that has to crack before any of this turns into momentum, with $72,000 and the heavier $76,000 ceiling stacked above.
The RSI is the part that actually agrees with the bulls. It is sitting at 31.95 with the signal line at 25.74, so price momentum has flushed into deeply oversold territory but has already curled back above its own average.
That roughly 6 point gap, with RSI now leading the signal higher, is the early fingerprint of selling exhaustion rather than fresh downside.
It is not a buy signal on its own, but it is exactly what you would expect to see if xAI is right that the weak hands are nearly done. Reclaim $65,000 with this momentum building underneath and that mid $70,000s target stops looking like wishful thinking and starts looking like the path of least resistance.
You Might Like What SpaceX AI Predicts About LiquidChain
Large caps are not in trouble. They are just out of the room. Bitcoin, Ethereum, and XRP have been testing the same ceilings for weeks with nothing breaking through.
Every macro catalyst has a new arrival date. Every institutional wave has a new quarter attached to it. Holding assets where the next leg depends entirely on someone else’s decision is not a trade. It is a waiting room.
The money that wins cycles never announces where it is going.
The capital that actually moves in cycles relocates before the destination has a name.
Small market cap infrastructure plays operate on physics that large caps simply cannot replicate. A rotation that would not register as a rounding error at Bitcoin’s scale can reprice an undiscovered project by multiples.
The opportunity lies in the distance between what something is genuinely worth and what the market has assigned it so far. That distance shrinks to zero the moment discovery happens. Before that moment, it is fully capturable.
Multi-chain fragmentation is one of the most consistently expensive problems in DeFi, and it has never been solved. Bitcoin, Ethereum, and Solana exist as completely isolated systems. No shared architecture. No native interoperability. Every time value moves between them, the disconnection extracts its cost in fees, slippage, and failed transactions. That cost hits every single crossing every single time.
LiquidChain makes the crossing free as SpaceX xAI predicts. All 3 networks inside one execution environment. Single deployment. Complete ecosystem access. No tax on any interaction.
The presale is at $0.01454 with just over $830,000 raised. Early and undiscovered.
Execution is unproven. Adoption is unknown. Established assets offer predictability toward a ceiling that the market already sees. LiquidChain is an entry point that does not exist once the market finds it.
Explore the LiquidChain Presale
The post Elon Musk SpaceX AI Predicts Incredible Bitcoin Price For Next 30 Days appeared first on Cryptonews.
TLDR:
- Litecoin has entered the lower Fibonacci Adjusted Market Mean Price band, a zone tied to past accumulation phases.
- Whale and shark wallets holding at least 10,000 LTC have grown by 7% over the past five months despite flat prices.
- LitVM is bringing smart contract functionality to Litecoin via a zkLTC wrapper, renewing social media interest in LTC.
- Santiment data ranked Litecoin as the top trending coin, with retail volume expected to recover on any price rally.
Litecoin is drawing renewed attention from analysts and on-chain data providers as price action revisits historically significant support levels.
Whale and shark wallet growth continues alongside fresh ecosystem interest from LitVM, a smart contract project building on the Litecoin network.
Together, these developments are placing LTC under the spotlight at a time when broader market conditions remain uncertain.
Litecoin Price Revisits Key Fibonacci Support Region
Litecoin’s price has moved into what analysts describe as a structurally meaningful zone. According to crypto analyst Alphractal, LTC has touched the first lower level of the Fibonacci Adjusted Market Mean Price model.
This metric uses the Market Mean Price as a base and builds proportional Fibonacci bands to map expansion, mean reversion, and accumulation areas.
Historically, Litecoin has found support within the blue and green bands of this model during periods of market stress.
The green band, representing the lowest level, has marked points of strongest selling pressure across previous cycles. The blue region, where LTC currently sits, has also served as a relevant value area in past market structures.
On a logarithmic scale, Alphractal notes that Litecoin is once again approaching zones that historically attracted long-term investor attention.
The upper bands of this model have typically aligned with overheated market conditions and distribution risk. Lower bands, by contrast, tend to reflect discounted pricing relative to the asset’s structural mean.
The analyst added that while Litecoin remains weak in the short term, periods of extreme weakness have also marked the early formation of longer-term value. That framing has resonated with investors monitoring LTC’s positioning within the broader crypto market cycle.
Whale Accumulation and LitVM Fuel On-Chain Interest
On-chain data from Santiment adds another layer to the current Litecoin narrative. The number of whale and shark wallets holding at least 10,000 LTC has climbed by 7% over the past five months, even as price performance has remained relatively flat.
Santiment noted that accumulation from large holders often precedes major trend shifts before retail participants take notice.
Transaction volume tied to these larger wallets has also remained active during this period. Santiment’s data shows that any price rally could quickly draw retail participants back into the market, which would likely support broader volume recovery for LTC.
Much of Litecoin’s current social media traction stems from LitVM, a project introducing smart contract functionality through a zkLTC wrapper.
The platform has sparked debate among traders about whether it can generate meaningful utility and demand for Litecoin going forward.
Santiment confirmed that LTC ranked as the top trending coin across social data at the time of the report. Whether LitVM delivers on its promise remains an open question, but the conversation itself has refreshed interest in an asset that had largely faded from active discussion.
Rug pulls made up over 54% of all newly detected crypto scams, according to the latest data from the on-chain security analysis platform Web3 Antivirus.
The findings suggest that while scam tactics are still evolving, many attackers continue to rely on token projects that appear legitimate at first before contract controls are used to trap investors or drain liquidity.
Rug Pulls Are the Biggest Threat
In a June 9 breakdown on X, Web3 Antivirus also noted that honeypots, a different but related trick, came in second at around 22%, followed by fake tokens at roughly 12% and scam airdrops at just under 12%.
The mechanics behind rug pulls are what make these schemes so effective. As the security firm reported, they are created in such a way that, in their initial phases, they resemble normal market activity with increasing prices, trade volumes, and high activity in online forums.
The risk only becomes visible when the contract owners exercise hidden permissions that either prevent users from selling, remove liquidity, or otherwise lock funds.
“A token can look alive with the chart moving up and the community getting louder, but one owner-side action can change everything in secs,” wrote Web3 Antivirus. “The same contract controls that were invisible during the pump can suddenly become the reason users cannot exit, liquidity disappears and the chart collapses.”
Honeypots work on the same basic principle. Bad actors create a fake token and push it to the public with convincing marketing as a big investment opportunity. They even artificially push up the token’s value by making transactions themselves to create an illusion of high demand to attract unwitting investors.
However, as soon as people buy in, often at inflated prices, the underlying contract prevents any sale, with the scammers withdrawing the profits and exiting. Web3 Antivirus’s latest Scam Pulse data shows more than 425,000 rug pulls detected alongside 172,000 honeypots and over 94,000 scam airdrops.
In addition, of more than 100 million contracts the platform has analyzed, it has flagged almost 4 million as scams, with at least 3.1 million of those appearing within the last 30 days alone.
There has also been an uptick in the impersonation of token contracts, as seen in the security firm’s weekly leaderboard showing Ethereum leading with 291 fake token detections. Tether followed close behind at 270, and USDC at 225, with activity up across nearly every tracked asset compared to the previous week.
Delivery Methods Are Getting Harder to Spot
Beyond the on-chain mechanics, Web3 Antivirus also pointed out that AI is changing how scams are reaching users in the first place. The technology, according to them, now makes phishing emails, fake support chats, and fraudulent social media posts look polished enough to pass a quick visual check.
Per their data, emails are the most common delivery channel at 53%, followed by SMS at 10%, social media at 9%, and online ads at 8%. And there are examples across the industry, including an incident in May, where a fake Uniswap website drained at least $400,000 from users before the alarm was raised.
That same month, Ripple CTO Emeritus David Schwartz issued a warning to XRP investors about a fake airdrop and giveaway campaign targeting XRPL users.
And not long ago, Web3 Antivirus identified a phishing account posing as the Canton Network, complete with the project’s branding, that was using a supposedly official announcement post to redirect unsuspecting users to a scam URL.
The post Report: Rug Pulls Dominate Crypto Scams, Accounting for 54% of Threats appeared first on CryptoPotato.
Crypto World
Anthropic Suspends Fable 5 and Mythos 5 After US Government Issues Export Control Directive
TLDR:
- The US government issued an export control directive ordering Anthropic to suspend all Fable 5 and Mythos 5 access globally.
- Anthropic reviewed the jailbreak report and found the capabilities were already available in models like OpenAI’s GPT-5.5.
- The reported jailbreak involved asking Fable 5 to read a codebase and flag software flaws, with no harmful result disclosed.
- Anthropic warned the recall standard, if applied industry-wide, would effectively halt all frontier AI model deployments.
Anthropic has disabled global access to Fable 5 and Mythos 5 following a US government export control directive.
The order, received at 5:21pm ET, cites national security concerns tied to a reported jailbreak method. All other Anthropic models remain available.
The company says it is complying with the directive while disputing the technical basis for the decision.
Government Directive Targets Reported Jailbreak Method
The US government issued the directive without disclosing specific national security details in writing. Officials communicated verbally that they had learned of a method capable of bypassing Fable 5’s safeguards.
Anthropic reviewed a demonstration of this technique and found it exposed only minor, previously known vulnerabilities.
The company reviewed what it believes is the report behind the government’s decision. Anthropic stated that the level of capability displayed “is widely available from other models, including OpenAI’s GPT-5.5, and is used every day by the defenders who keep systems safe.” That review found no Fable-specific uplift in the findings.
The reported jailbreak essentially involved asking the model to read a codebase and identify software flaws. Anthropic confirmed it “has not even received a disclosure of a concerning non-universal potential jailbreak that led to a harmful result.” The potential jailbreaks disclosed were either entirely benign or classified as minor findings.
The directive requires suspending access for all foreign nationals, including Anthropic employees with foreign national status, both inside and outside the United States. The company said compliance meant disabling the models for all customers to avoid any breach of the order.
Anthropic Disputes the Standard Applied to Commercial Models
Anthropic launched Fable 5 with a defense-in-depth strategy, combining narrow jailbreak resistance with real-time monitoring and mandatory 30-day data retention.
The company acknowledged during launch that “perfect jailbreak resistance is not currently possible for any model provider.”
The 30-day data retention policy was a deliberate trade-off. It drew pushback from customers but allowed Anthropic to detect, study, and respond to jailbreak attempts quickly.
Anthropic described this as making jailbreaks “either narrow or very expensive to produce,” keeping risk levels comparable to other deployed models across the industry.
On the government’s authority to act, Anthropic said it “believes the government should have the ability to block unsafe deployments, as part of a statutory process that is transparent, fair, clear, and grounded in technical facts.” The company argued this directive did not meet those standards.
Anthropic warned that applying this recall standard broadly “would essentially halt all new model deployments for all frontier model providers.”
The company committed to releasing additional technical details within 24 hours and confirmed all other models in its lineup continue to operate without restriction.
Americans rank job loss as their biggest fear about artificial intelligence (AI), while curing diseases like cancer tops their hopes, according to a survey of nearly 52,000 people by Anthropic.
The findings expose a gap between what the public wants from AI and what it dreads, as real layoff data and political pressure over automation build across the United States.
Job Loss Outranks Every Other AI Fear
Anthropic surveyed 51,993 Americans in late 2025 for its first Public Record study. Job loss ranked as the top fear at 64%, leading in every state.
Concern ran from 71% in Iowa to 57% in Mississippi. It led among Democrats at 67% and Republicans at 62%.
“Americans with postgraduate degrees are nearly 10 percentage points more worried about job loss than those with a high school education or less,” the survey found. “At the same time, people who use AI at work every day are notably less worried about job loss than people who don’t use AI at all: 54% versus 70%.”
Follow us on X to get the latest news as it happens
Cognitive dependency followed at 56%, then misinformation at 52%. Only 15% of Americans said they trust AI companies to steer the technology. According to the findings,
“That was the lowest figure for any institution we tested, below the federal government (20%), state and local government (19%), and international bodies (20%), and far below independent experts (43%).”
AI Layoffs and a Billionaire Pushback
The fear is not abstract. BeInCrypto reported that AI drove 38,579 US job cuts in May, about 40% of the month’s total.
For 2026, employers have tied 87,714 cuts to AI. That total already exceeds the 54,836 attributed to the technology across all of 2025.
The pressure has reached Washington. Senators Elizabeth Warren and Bernie Sanders have urged Congress to protect workers now.
Not everyone agrees. Amazon founder Jeff Bezos rejects the job-loss narrative, predicting that AI will create labor scarcity instead. Bezos made the case as his AI startup, Prometheus, raised $12 billion at a $41 billion valuation.
“A lot of people who, for example, today have two-earner households, perhaps one of those earners will choose not to be in the job market, so they’ll become a one-earner household,” Bezos said.
Americans Want Cures and Accountability
On the hopeful side, 48% placed curing diseases like cancer or Alzheimer’s in their top three uses for AI. Helping people with disabilities followed at 36%.
Support for oversight ran high. 71% of respondents want government involvement in AI, including 79% of Democrats and 68% of Republicans.
Asked how to keep AI development steered toward humanity’s interest, 47% backed holding companies legally liable for harm. Another 44% wanted safety prioritized over growth.
Anthropic plans to repeat the Anthropic Public Record as AI adoption deepens. The early reading shows a public eager for breakthroughs yet skeptical of the firms building them.
Subscribe to our YouTube channel to watch leaders and journalists provide expert insights
The post Americans Fear AI Will Take Their Jobs, But Hope It Can Cure Cancer appeared first on BeInCrypto.
Crypto World
MSTR Bears Crushed: Why Strategy’s Bitcoin Balance Sheet Is Built to Outlast Any Bear Market
TLDR:
- Strategy is raising over $130M daily in 2025, marking its highest-ever annual capital-raising pace.
- Historical BTC data shows median 12-month forward returns of +133% from current price MA levels.
- Even at a compressed 0.8x mNAV, covering preferred dividends would require only 6.6% dilution.
- MSTR’s monthly trading volume of $54.79B dwarfs its $148M dividend bill, limiting dilution risk.
MSTR, MicroStrategy’s stock ticker, has become the center of a heated debate as Bitcoin market stress tests the company’s financial structure.
Analysts tracking the firm’s capital-raising activity say Strategy is not just holding on through the current downturn, it is actively accumulating Bitcoin at an accelerated pace.
The numbers behind this argument are drawing significant attention from both bulls and bears in the market.
MSTR’s Balance Sheet Withstands Bitcoin Market Pressure
Strategy’s capital-raising pace in 2025 is on track to be the highest in the company’s history. The firm is averaging over $130 million raised per trading day this year. Even if that access were completely shut off, the math still favors the company’s position.
To illustrate the scale, analyst Adam Livingston scaled the balance sheet down by one million times. At that ratio, the company holds $53,400 in Bitcoin and owes $1,712 annually in preferred dividends. That works out to roughly $148 per month, a negligible obligation relative to the asset base.
Livingston also pulled Bitcoin’s weekly historical price data going back to July 2010. He filtered for periods where Bitcoin traded within ±5% of today’s four-year moving average multiple. That produced 34 historical weekly observations with full forward-return data.
The median forward Bitcoin returns from those comparable historical points are striking: +50% over six months, +133% over 12 months, +232% over 18 months, and +306% over 24 months. If history holds, Strategy’s Bitcoin holdings are positioned for a substantial recovery.
Stress-Testing the Nightmare Scenario for MSTR
Bears have pointed to preferred dividend obligations as a potential pressure point for Strategy. However, even under a severe stress test, the numbers suggest the concern is overstated. The analysis modeled a scenario where MSTR’s mNAV compresses from 1.3x to 0.8x.
At that compressed multiple, the stock would fall from roughly $123.97 to around $76. Market capitalization would drop from approximately $43.9 billion to $27 billion.
Even then, covering a full year of preferred dividends through common stock issuance would require only 6.6% dilution.
On a monthly basis, that comes to roughly 0.55% dilution per month. Meanwhile, monthly MSTR dollar trading volume runs approximately $54.79 billion.
The monthly dividend bill of $148.35 million represents only 0.27% of that volume, a fraction that the market can absorb without disruption.
Strategy’s trading volume alone provides a natural buffer against the preferred dividend risk. The company does not need extraordinary measures to meet its obligations, even in a depressed market environment.
For investors who hold a constructive long-term view on Bitcoin, the argument that Strategy’s structure is unsustainable becomes increasingly difficult to support.
Bitcoin moved closer to the $64,000 level on Saturday after fresh geopolitical developments improved risk sentiment. The cryptocurrency recovered from earlier lows and maintained positive momentum throughout the trading session. Market participants responded after US President Donald Trump confirmed that a new agreement with Iran will be signed soon.
Bitcoin Gains Strength Following US-Iran Agreement Announcement
Bitcoin traded near $63,950 at the time of reporting and recorded modest gains during the day. The cryptocurrency advanced from around $63,500 earlier in the session and sustained its recovery. As a result, the market approached the important $64,000 psychological level once again.
The upward move followed statements from Donald Trump regarding ongoing negotiations between the United States and Iran. According to the announced timeline, both countries are expected to finalize a new agreement within the next day. Consequently, traders reassessed risk conditions across several financial markets.
The latest development also highlighted plans to reopen the Strait of Hormuz after the agreement takes effect. The waterway remains one of the world’s most important energy shipping routes. Therefore, expectations of normalized maritime activity supported broader market confidence.
Hormuz Reopening Prospects Reduce Geopolitical Concerns
The Strait of Hormuz carries a significant portion of global crude oil exports each day. Any disruption in the region often affects commodity prices and financial markets. However, expectations of reopening reduced concerns surrounding supply-chain interruptions.
At the same time, the proposed agreement focuses on long-term restrictions related to Iran’s nuclear programme. US officials continue efforts to secure commitments aimed at limiting future nuclear development activities. Consequently, the agreement represents a major diplomatic development in the region.
Geopolitical tensions have influenced digital asset markets several times during recent years. Bitcoin often reacts to changes in global risk perception and macroeconomic conditions. Therefore, easing regional uncertainty contributed to stronger sentiment across the cryptocurrency sector.
Bitcoin Extends Recovery Amid Broader Market Stability
Bitcoin’s latest advance occurred during a period of consolidation across the crypto market. The asset maintained stability despite several macroeconomic events influencing trading activity this week. As a result, buyers continued supporting prices near key technical levels.
The market also received additional support from comments made by Pakistan Prime Minister Shehbaz Sharif. Earlier on Saturday, Sharif indicated that a US-Iran agreement could be finalized within twenty-four hours. Consequently, expectations surrounding diplomatic progress strengthened throughout the day.
Bitcoin has remained sensitive to major international developments because of its growing role in global financial markets. Large geopolitical events frequently influence short-term trading behavior and market sentiment. Therefore, diplomatic breakthroughs often affect cryptocurrency valuations alongside traditional assets.
The current recovery follows several sessions of price fluctuations driven by macroeconomic and geopolitical headlines. Bitcoin previously faced pressure as traders assessed inflation data and central bank expectations. However, improving geopolitical conditions helped offset some of those concerns.
Meanwhile, the broader digital asset market showed signs of stabilisation during the latest trading session. Several major cryptocurrencies also posted modest gains as risk appetite improved. Consequently, overall market sentiment remained constructive heading into the weekend.
Bitcoin continues to trade below recent highs, yet it has preserved support above key price zones. Market participants now focus on developments surrounding the expected agreement and its implementation. Any progress regarding the reopening of the Strait of Hormuz could influence sentiment across global markets.
The latest rebound highlights how geopolitical developments can affect cryptocurrency performance within short periods. Improved diplomatic relations often reduce uncertainty and support broader market stability. As a result, Bitcoin approached the $64,000 mark while traders responded to expectations of reduced regional tensions.
AI agents have begun completing complicated tasks, including transacting on their own by paying for services or purchasing computing power, all of which is far superior to AI’s early methods of generating texts, images, or simple code.
Ripple wants to have a bigger role, and its latest update, published earlier this week, explains how its native tokens could be at the forefront.
XRP, RLUSD to Power AI
In an attempt to position itself at the center of this emerging machine-to-machine economy, the new update to the XRP Ledger ecosystem, called AI Starter Kit, serves as a suite of tools designed to help developers build autonomous payment apps powered by Ripple’s two tokens, XRP and RLUSD.
The announcement reads that the new product line will allow developers to build such AI agents capable of making and receiving payments through the XRPL. It includes support for X402-powered payments, allowing agents to pay for API access, AI model inference, cloud computing resources, and other digital services using either XRP or RLUSD.
Ripple tries to differentiate itself from other blockchain networks that rely mainly on variable transaction fees and smart contract execution. Instead, XRPL provides settlement finality within 3-5 seconds, predictable transaction costs, and built-in payment functionality.
Developers are aware of the transaction costs in advance, while the AI agents can complete transfers without dealing with gas fee auctions or uncertain settlement times.
The announcement added that XRPL’s native decentralized exchange could be particularly attractive to most devs. An AI agent can send RLUSD while the recipient receives XRP (or vice versa), with a single transaction. The conversion is handled directly by the protocol.
Safety First
Ripple believes its enhanced levels of security are another major selling point. The XRP Ledger has operated continuously for 14 years without transaction rollbacks, while its protocol-level payment system removes many of the smart contract risks that have led to billions of dollars worth of cryptocurrency exploits across many different projects.
The first phase of the new starter kit will include documentation access through AI assistants such as Claude, wallet and payment tools for agent-based apps, and support for the X402 protocol following a collaboration with t54.
The post XRP and RLUSD Power New AI Economy After XRPL’s Latest Big Update appeared first on CryptoPotato.
TLDR:
- TAO price surged over 24% on June 13, closing at $264 after opening near $212 in the session
- RSI bottomed in the low 30s, matching the same zone that marked the prior three swing lows on TAO
- Bittensor subnet activity had been accelerating quietly while the TAO price was trending lower
- The $280 to $320 zone is now the key resistance band TAO must reclaim to confirm the bullish trend
The TAO price recorded one of its largest single-day gains of 2025 on June 13, closing above $264 after opening near $212.
The move ended a seven-month downtrend that had pushed the asset from the $500 region into the low $200s. Multiple technical signals aligned ahead of the breakout.
Sentiment had turned deeply bearish in the weeks before the reversal candle printed.
Technical Signals Preceded the TAO Price Reversal
The TAO price had been compressing for months before Thursday’s session. Each rally attempt during the downtrend met fresh selling pressure near established resistance zones. Buyers were unable to hold any meaningful recovery, and many traders had written off the chart entirely.
However, momentum indicators were signaling a shift beneath the surface. The RSI had bottomed in the low 30s, the same region that marked the three prior swing lows on the chart.
Analyst account @2xnmore noted that oscillators were already curling higher before price confirmed the move.
The MACD histogram had also been compressing for several weeks heading into the reversal. That compression pointed to sellers losing steam rather than buyers gaining strength. It was a quiet warning sign that most traders overlooked during the grind lower.
Volume on the reversal candle removed any doubt about the session. It dwarfed anything seen across the prior two months of sideways action. That kind of participation on a single green candle separates genuine reversals from dead-cat bounces.
Bittensor Network Activity and the Road Ahead for TAO Price
While the TAO price was falling, Bittensor’s subnet activity was quietly accelerating. That divergence between price and network growth went largely unnoticed by retail participants. Institutional attention toward the network, however, had reportedly been building well before Thursday’s session.
The broader AI infrastructure narrative around Bittensor also remained intact throughout the drawdown. Discussions tied to co-founder Jacob Steeves and the network’s role in decentralized AI were still in early stages.
AI-related tokens have historically moved in cycles, with the first recovery candle rarely marking the full extent of a move.
The zone between $280 and $320 now becomes the critical area to monitor. That range previously acted as support before the breakdown and must be reclaimed on a closing basis. A sustained move through that band would add weight to the bullish case.
The 200-day moving average continues to serve as the long-term dividing line for TAO. Reclaiming major support after a multi-month downtrend is one of the stronger technical setups on any chart. Traders who were stopped out near the lows are now watching from the sidelines as price moves higher.
Scotland v Haiti LIVE: World Cup line-ups and team news ahead of must-win return
‘City at your fingertips’: Seattle powers up first digital wayfinding kiosk near tourist hot-spot
LISA MONEY Lyrics (Color Coded Lyrics)
-
NewsBeat6 days agoAlexander Zverev wins the French Open to finally earn a 1st Grand Slam title
-
Entertainment7 days agoThe Best Mystery Series of All Time Is Surging on Streaming 30 Years After It Ended
-
Crypto World6 days agoAnatomy of the June crypto crash: Fed, Iran, Saylor
-
Crypto World2 days agoOppenheimer backs SpaceX as $70 billion retail frenzy builds
-
Crypto World2 days agoMarkets Rally as SpaceX IPO Looms Amid Iran Tensions and Inflation Surge
-
NewsBeat6 days agoAlexander Zverev conquers demons and outlasts Flavio Cobolli to win French Open for first major title
-
Tech7 days agoMicrosoft unveils seven homegrown AI models in new bid for ‘long term self-sufficiency’
-
Business6 days agoHigh Stakes for Wembanyama as New York Pushes for 3-0 Lead
-
Tech6 days agoNotion restores access to Anthropic after service disruption
-
Business7 days agoThe Pain Points Taking a Fragile Tech Rally Down a Notch
-
Crypto World6 days agoEli Lilly (LLY) Stock Surges 4% Following Breakthrough Sleep Apnea Trial Results
-
Business7 days agoThe investment to transform historic St Helen’s ground in Swansea
-
Crypto World6 days agoTrump’s AI Ownership Plan Could Benefit Anthropic at OpenAI’s Expense
-
Sports5 days agoFIFA WC 2026 Group C: Morocco, Scotland challenge Brazil’s hunt for glory | FIFA World Cup 2022
-
Sports4 days agoBangladesh beat Australia after 20 years in ODIs, register only their second win over six-time world champions | Cricket News
-
Tech23 hours agoNanoClaw integrates JFrog registries to secure AI agent downloads
-
Crypto World18 hours agoBitget enters Argentina’s regulated crypto market through PSAV registration
-
Fashion1 day agoWeekend Open Thread: Tuckernuck – Corporette.com
-
Tech1 day agoThis Week In Security: Microsoft On Microsoft, Register Your Domains, Linux On ARM, And FreeBSD Joins The File Cache Club
-
Politics2 days agoPolitics Home | Healey Resignation Is “Colossal Failure Of Government”, Says Former Labour Defence Secretary
You must be logged in to post a comment Login