Crypto World
Researcher uncovers fake Ledger Nano S modified to siphon crypto assets
This article has been updated with comments from a Ledger spokesperson.
A Brazilian security researcher has uncovered a sophisticated counterfeit Ledger device operation after discovering modified hardware designed to siphon cryptocurrency from unsuspecting users.
Summary
- A Brazilian security researcher identified a sophisticated hardware compromise in a counterfeit Ledger Nano S Plus that utilized modified firmware to capture user recovery phrases.
- Physical inspections of the fraudulent device revealed the addition of unauthorized WiFi and Bluetooth components alongside a secondary manufacturer’s chip hidden beneath scraped markings.
- The operation relies on a deceptive QR code included in the packaging to lure users into downloading a malicious application designed to bypass official security checks.
The security researcher, known online as “Past_Computer2901,” shared findings on Reddit after purchasing what appeared to be a standard Ledger Nano S Plus from a Chinese marketplace.
Despite the packaging and price point matching official retail standards, the unit failed a “Genuine Check” when connected to the authentic Ledger Live desktop application.
This red flag led to a physical teardown of the device, revealing that the internal circuitry had been altered to include WiFi and Bluetooth antennas—features entirely absent from the legitimate model.
Hardware manipulation and malicious redirects
Scammers are utilizing these tampered devices to exploit first-time buyers through a deceptive setup process.
A QR code included in the packaging directs users to a fraudulent version of the Ledger Live app, which is programmed to bypass security warnings and issue a fake verification of the hardware’s authenticity.
Once a user follows the prompts to generate or enter a seed phrase, the compromised firmware captures the data, allowing the attackers to drain the wallet at will.
“This isn’t meant to cause panic, but rather to serve as a serious warning — I’m honestly still a bit shaken by the sheer scale of this operation,” the researcher noted.
Internal analysis of the unit showed that the scammers went to great lengths to hide the fraud, including scraping off original chip markings.
Counterfeit Ledger device. Source: Reddit.
While the device initially identified itself as a Nano S Plus 7704 during the boot phase, the final sequence revealed the manufacturer as Espressif Systems, a Shanghai-based semiconductor firm.
These modifications fundamentally break the security premise of Ledger products, which are built to keep private keys in a strictly offline environment.
“When purchasing from a marketplace, Ledger strongly encourages users to verify the identity of the seller. Users should ensure they only download the official Ledger Wallet apps on desktop and mobile. The situation involved counterfeit hardware, paired with a fake companion app flow designed to simulate the onboarding process, distributed through unofficial channels,” a Ledger spokesperson told crypto.news.
“Ledger will never ask users for their 24 words. If anyone claiming to be Ledger, or any app that purports to be a Ledger app, asks for your 24 words, you should immediately assume it is a scam,” they added.
The discovery follows a separate incident earlier this month where a fraudulent app bypassed Apple App Store security via a bait-and-switch tactic. The malicious software successfully tricked over 50 people into revealing their recovery phrases, resulting in the theft of $9.5 million before the platform removed the listing. The app has since been removed for malicious bait-and-switch functionality, according to Apple.
“Stay safe out there. Only download Ledger Live from ledger.com. Only buy hardware from ledger.com. If your device fails the Genuine Check — stop using it immediately,” the researcher cautioned.
Stablecoin issuer Circle has launched USDC Bridge, a new user interface built on top of the Cross-Chain Transfer Protocol (CCTP) that seeks to simplify native cross-chain transfers of the USDC stablecoin.
On Friday, Circle’s USDC X account said the bridge allows users to move the USDC (USDC) stablecoin in a “predictable, transparent way,” citing a native burn-and-mint transfer mechanism and no bridge complexities.
Gas fees will be handled automatically, fees will be shown upfront, and live status updates will be provided throughout the transfer, Circle added.
The USDC Bridge builds on Circle’s CCTP, which was introduced in April 2023 and facilitates hundreds of millions of stablecoin transfers each day.
CCTP eliminated the need for wrapped and synthetic versions of USDC.
Cross-chain bridges seek to make the broader crypto ecosystem interoperable, functioning as a unified network rather than a collection of fragmented, isolated blockchains.
Making bridges as simple and easy to use as possible has been an area of focus for many crypto infrastructure firms.
In the past, bridges have confused users and arguably slowed crypto adoption, especially for beginners struggling to navigate bridge interfaces, trade routes and gas fees.
USDC Bridge supports over a dozen blockchains
Cointelegraph found that USDC Bridge supports USDC transfers between at least 17 Ethereum Virtual Machine-compatible blockchains, including Ethereum, Avalanche, Arbitrum, Base, Monad, Optimism, Polygon, Sonic and World Network.
Related: Ukraine arrests FBI-wanted cybercrime suspect, seizes $11M in assets
Circle’s CCTP supports a broader number of blockchains, including Solana, Sui and Aptos, which are not natively EVM compatible.
On Wednesday, Circle was hit with a class action for failing to freeze around $230 million worth of USDC that moved through its CCTP from the Drift Protocol exploit on April 1.
Circle is accused of aiding and abetting conversion and negligence.
More than 100 members are involved in the class action. The law firm representing them, Mira Gibb, is seeking damages, with the final amount to be determined at trial.
Magazine: Are DeFi devs liable for the illegal activity of others on their platforms?
Crypto World
Solana Price Prediction Targets $108 as Pepeto Eyes 100x and DoubleZero Edge Brings Wall Street Speed to SOL
The solana price prediction just picked up a fresh catalyst after DoubleZero rolled out its Edge data feed on April 16, giving traders real time raw data from the Solana blockchain through a dedicated high speed network that 22% of staked SOL already runs on, per CoinDesk. That single move hands crypto traders the same real time data advantage that Wall Street firms have used for years.
Every solana price prediction points to solid ground ahead, but Pepeto is the exchange layer that helps everyday traders spot what smart money finds before the crowd catches on. With $8,940,333 raised and analysts projecting 100x, this presale closes once the Binance listing drops.
Solana Price Prediction Picks Up Steam as DoubleZero Brings Institutional Grade Speed On Chain
DoubleZero Edge launched its real time data feed on April 16, delivering raw Solana blockchain information to traders through dedicated fiber routes that cut lag below anything the public internet can match, per CoinDesk. Jump Crypto, Galaxy, and Jito already contribute fiber links and engineering resources, and 22% of all staked SOL runs through the network today.
The Solana Foundation still holds a significant treasury outside its staked position. That capital sitting idle instead of hitting sell walls lifts the price floor for years.
Institutional grade speed flowing through Solana rails means new traffic is coming, and the exchange still priced below a fraction of a cent that catches volume when capital moves on chain is where the return math breaks away from anything SOL delivers alone.
Where Presale Returns Outpace the SOL Recovery Before the Final Stage Fills
When Wall Street level infrastructure starts landing on a blockchain, the flood of new tokens, scam contracts, and fast money plays grows quicker than any single trader can follow. Pepeto was designed to cut through that noise, and the full set of tools shipped before the rush even started.
At $8,940,333 raised and $0.0000001863 per token, the 100x projection that analysts keep repeating gets harder to dismiss with each filled stage. The Binance listing opens full access to a risk screener that catches problems before your wallet signs anything, PepetoSwap running at zero trading fees, and a cross chain bridge moving value across ETH, BNB, and SOL at zero cost.
As institutional infrastructure pulls deeper capital into Solana’s chain, Pepeto builds the filter that gives regular holders a read on where that money lands next. Early bags compound at 185% APY while each presale stage keeps filling. SolidProof audited the entire codebase before a single token went on sale, a senior Binance veteran built out the exchange framework, and the architect who turned the original Pepe into an $11 billion project on 420 trillion tokens engineered every piece of the platform from the ground up.
Every bull market starts with one bet placed while the crowd is looking somewhere else, and Pepeto at $0.0000001863 is that bet sitting right in front of you while the Binance listing window stays open. The second trading begins, this entry price vanishes for good and daily volume across five live products builds real value instead of a launch week pump that bleeds out fast.
Solana (SOL) Price at $89.15 as DoubleZero Edge Launches Institutional Data Feed
Solana (SOL) trades near $89.15 as of April 16 according to CoinMarketCap, sitting roughly 71% below its $294.85 all time high from January 2025 while DoubleZero’s Edge data feed adds institutional grade speed to the network.
The SOL forecast depends on reclaiming $90, which opens $108 and puts the year end recovery target within reach. Support holds at $78, with the setup cracking if that breaks. The solana price prediction looks strong for patient holders, but climbing from $89 to $108 is a 27% grind over months, not the 100x the presale packs into one listing event.
Conclusion
DoubleZero just turned Solana into the first chain where traders get Wall Street speed data through dedicated fiber routes with no public internet delay. Institutional grade infrastructure routing through the same network raises the ceiling for everything built on top of it.
But the gains that reshape entire portfolios come from being early in what moves after the listing, not from a slow recovery play. The Pepe founder paired with a full suite of working exchange products and a confirmed Binance listing is the rarest setup crypto produces in any cycle, and the same wallets that bought SOL under $10 back in 2020 are already loading Pepeto before the listing locks their edge in.
Click To Visit Pepeto Website To Enter The Presale
FAQs
What is the solana price prediction based on current technical levels for 2026?
Solana (SOL) faces resistance at $87 and $108 with support at $78, currently trading near $85 down 71% from its all time high. Changelly and Blockchain News project a recovery path toward $108 if the $87 level breaks cleanly.
How does Pepeto’s projected 100x compare to the solana price prediction timeline?
Pepeto compresses months of SOL price recovery into one listing event with analysts projecting 100x from presale levels. The project has raised $8,940,333 at $0.0000001863 per token with a confirmed Binance listing ahead.
Disclaimer: This is a Press Release provided by a third party who is responsible for the content. Please conduct your own research before taking any action based on the content.
TLDR:
- Claude Design enables users to create prototypes, slides, and documents using simple text prompts, reducing manual design work
- Figma and Adobe shares declined following the launch, reflecting investor concern over AI replacing core SaaS features
- The tool supports exports to Canva, PDF, and PowerPoint, streamlining workflows across design and presentation platforms
- Multiple AI labs are now building competing tools, increasing pressure on subscription-based design software models
Anthropic’s latest product launch has stirred fresh debate across the design software market after reports linked its new Claude Design tool to sharp stock declines for Figma and Adobe. The release has raised new questions about how AI could reshape product design workflows.
Claude Design Expands AI Competition in Design Software
A post from Bull Theory on X stated that no SaaS company is safe from Claude after Anthropic launched Claude Design. The post claimed Figma shares fell 12%, while Adobe dropped 4% following the announcement.
According to the post, Claude Design allows users to build prototypes, presentations, slides, and one-page documents through simple text prompts.
Instead of using manual design tools, users can describe what they need, and the system creates the first version automatically.
The tool also supports direct exports to Canva, PDF, and PowerPoint. This removes several manual steps that many teams usually handle inside traditional design platforms.
Bull Theory noted that the product is powered by Claude Opus 4.7, which launched recently. The post also mentioned that users can pass completed designs to Claude Code when they are ready for development.
This setup creates a faster workflow between product design and engineering teams. Rather than switching between separate platforms, users can move from concept to development with fewer steps.
The same post also claimed Anthropic’s stronger internal model, called Mythos, remains unavailable to the public. While that statement has not been officially confirmed, it added more attention around the launch.
As AI tools continue to improve, investors are watching closely to see how software companies respond. Markets often react quickly when products threaten recurring subscription models.
Pressure Builds Around Figma’s Core Subscription Model
Figma has built its business around collaborative design software used by teams for prototypes, product layouts, landing pages, and presentations. Its monthly subscription model depends on users returning regularly for these tasks.
Bull Theory argued that Claude Design now performs many of those same functions from a single sentence. If users can generate prototypes faster through AI prompts, demand for traditional design subscriptions could face new pressure.
The post also stated that three separate AI labs have now launched tools that directly compete with Figma’s core services. This points to a broader shift rather than a single product release.
Adobe faces a similar challenge. While Adobe serves a wider creative market, many of its business tools also depend on design workflows that AI can now automate more quickly.
Faster design generation may appeal to startups, solo founders, and small teams looking to reduce software costs. These users often value speed and lower spending over deep customization.
However, larger companies may still rely on traditional platforms for collaboration, review systems, and team-wide design controls. Enterprise adoption often depends on security, version control, and approval workflows.
Even so, the market reaction shows that investors are paying close attention. AI-generated design is moving from early testing into direct competition with established software products.
The discussion around Claude Design reflects a wider trend across SaaS markets. As AI tools become easier to use, platforms built around repeat manual tasks may face stronger competition.
For now, the focus remains on adoption. Investors and product teams will be watching whether users treat Claude Design as a useful assistant or as a real replacement for existing design software.
Elon Musk’s X is quietly expanding its footprint in on-platform market data with Cashtags, a feature that has already generated roughly $1 billion in trading volume globally since its late-tuesday debut, according to aggregated data from X’s trading pilot. Cashtags let users attach a ticker to a post and immediately pull up live price charts and related posts, aiming to turn X into a more comprehensive hub for market information and discussion.
The rollout is currently limited to US and Canadian users on iPhones, and it sits within Musk’s broader ambition to transform X into an “everything app” that could someday include peer-to-peer payments and e-commerce. With more than 550 million users each month, X’s scale gives it potential to compete with established providers of financial data and market commentary by weaving trading insights directly into social feeds.
In a post to X, Nikita Bier, the platform’s head of product, said the $1 billion trading volume figure was drawn from aggregated data from the trading pilot and reflects activity since the feature launched on Tuesday night. The claim underscores how quickly a social app can become a gateway to market data for a broad user base.
Key takeaways
- The Cashtags feature has driven an estimated $1 billion in trading volume globally since launch, according to X’s product leadership and the platform’s trading pilot data.
- Availability is currently limited to US and Canadian iPhone users. Wealthsimple has partnered with X to route Canadian Cashtag activity to its trading platform, while a US brokerage integration has not yet been implemented.
- An X-branded payments vision, X Money, is in development. An external beta in March demonstrated payments activity between Elon Musk and actor William Shatner, signaling a broader push into payments and financial services.
- Regulatory groundwork remains in place: X holds money transmitter licenses in more than 40 states and has registered with FinCEN to enable peer-to-peer payments on the network.
Cashtags momentum and market data within a social app
Cashtags are designed to fuse social content with real-time market data. Users can select a specific asset or smart contract address when posting a ticker, and tapping the tag reveals live price charts alongside related posts and conversations. This integration points to a broader strategy of embedding financial information into social interactions, potentially lowering the friction for everyday users to engage with markets beyond dedicated trading apps or news sites. The feature’s early traction—measured in the billions of dollars in trading volume—offers a tangible signal that a large, active user base can generate meaningful on-platform market activity.
Canada, US prospects, and the broker link question
The Cashtags rollout is currently restricted to US and Canadian iPhone users, with a notable early collaboration in Canada. Wealthsimple has partnered with X to connect Canadian users to its trading platform when they click on crypto and stock tickers within X posts. This arrangement directs users to a trading experience outside X, leveraging the platform’s audience to funnel traffic to a partner broker. In contrast, a direct US brokerage integration has not yet been announced, leaving one of the largest potential user bases awaiting a similar bridge.
The absence of a US brokerage integration contrasts with the broader ambitions around X Money, the company’s forthcoming peer-to-peer payments initiative. While the Cashtags feature is showcasing market data in social feeds, the longer-term plan appears to blend payments, shopping, and financial services into a single app experience.
X Money: a payments thread in the fabric of the app
X Money has been framed as a flagship aspect of Musk’s “everything app” vision. The platform began an external beta of X Money in March, highlighting a use case that included payments between high-profile individuals, such as Musk and William Shatner, the actor who played Captain Kirk. Beyond simple transfers, X Money is anticipated to offer yield-bearing accounts, a cashback debit card, and other value-added features designed to keep users within the X ecosystem for broader financial activity. Details on how crypto payments would fit into X Money remain uncertain, but the project signals a pathway toward a more comprehensive in-app financial stack.
As part of laying the groundwork, X has pursued regulatory license development and compliance steps to support payments functionality. The company has secured money transmitter licenses in more than 40 states and registered with the Financial Crimes Enforcement Network to enable peer-to-peer payments, providing a regulatory runway for broader service offerings as adoption grows.
Strategic implications for users, traders, and builders
What makes this development noteworthy is not only the volume figure tied to Cashtags but the velocity at which market data and social interaction are converging on one platform. For traders and casual investors, the prospect of seeing price information, analysis, and discussion in a single feed could simplify the way market ideas propagate—a dynamic that could influence sentiment, engagement, and even decision-making. For builders and developers, X’s model raises questions about data access, API exposure, and potential partnerships that could extend market data or payment capabilities beyond traditional ecosystems.
However, several uncertainties remain. The US brokerage integration, a potential driver of deeper trading activity on X, has yet to materialize. The path for crypto payments within X Money is not clearly defined, and the regulatory landscape—while showing progress—will continue to evolve as the service expands. Investors and users should watch how quickly Cashtags expand beyond current jurisdictions and how X negotiates partnerships to bring more trading capabilities on-platform without compromising user experience or regulatory compliance.
With a social platform that already commands hundreds of millions of monthly users and a clear intent to broaden financial services, X’s next moves will be closely watched by market data providers, fintechs, and regulators alike. The coming quarters will reveal whether Cashtags become a persistent on-ramp for everyday market engagement and whether X Money can translate social trust into practical, widely adopted payments and financial services.
Readers should stay tuned for updated disclosures on Cashtag availability, new broker integrations, and the rollout timeline for X Money as X navigates user growth, partnerships, and the evolving regulatory framework that currently underpins its ambitious roadmap.
XRP is starting to outperform in a way that gets attention. The token is up about 8% on the week and around 3% on the day, pushing ahead of bitcoin and ether, but the move still looks controlled rather than explosive. That keeps the focus on whether this is early accumulation or just another range-bound push.
News Background
• Analysts are increasingly pointing to long-term breakout structures, with some framing the current setup as part of a multi-year pattern that could extend toward much higher levels, including speculative $10 targets.
• The rally comes as XRP retests a major structural zone tied to prior cycle expansions, drawing renewed attention from traders watching for early signs of a larger trend shift.
Price Action Summary
• XRP climbed toward $1.43, posting roughly 3% gains on the day and about 8% over the past week.
• The move developed through steady higher lows rather than sharp spikes, pointing to controlled buying.
• Price continues to stall below the $1.44 resistance area despite multiple attempts to break higher.
Technical Analysis
• The key signal is relative strength. XRP is outperforming majors, which often happens early in rotation phases.
• The move is supported by structure, with higher lows forming, but volume remains inconsistent.
• A breakout above the 200-day EMA adds a constructive signal, though follow-through is still limited.
• Without expansion in participation, the rally risks staying within a broader consolidation range.
What traders should watch
• $1.44 is the immediate ceiling. A clean break would strengthen the bullish case.
• $1.40 remains the near-term support that keeps momentum intact.
• Failure to build volume on further upside increases the risk of another rejection within the range.
A new class action lawsuit has put Circle under legal scrutiny over its response to the movement of stolen USDC following the Drift Protocol hack.
Summary
- Circle accused of failing to halt $230M in USDC transfers tied to the Drift exploit.
- Class action suit claims losses could have been reduced if Circle had intervened in time.
- Plaintiffs cite earlier wallet freezes to argue Circle had the ability to act.
According to a filing in a U.S. district court in Massachusetts, Drift investor Joshua McCollum has brought the case on behalf of more than 100 affected users, alleging that Circle failed to stop roughly $230 million in USDC transfers carried out after the April 1 exploit.
Court documents state that the funds were routed across chains using Circle’s Cross-Chain Transfer Protocol over several hours, giving attackers enough time to reposition assets without disruption. Attorneys representing McCollum argued that the outcome could have been different had action been taken sooner.
“Circle permitted this criminal use of its technology and services,” the legal team wrote, adding that the “losses would not have occurred, or would have been substantially reduced, had Circle taken timely action.”
Claims filed in the suit include negligence and aiding and abetting conversion, with damages to be decided at trial. Lawyers from Mira Gibb, acting for the claimants, pointed to a recent enforcement move to challenge any suggestion that intervention was not feasible.
Roughly a week before the Drift breach, Circle froze 16 USDC-linked wallets tied to a sealed civil case in the United States. Claimants argue that the earlier action demonstrates both the technical capability and operational precedent to step in when funds are at risk.
The dispute traces back to a large-scale exploit targeting Solana-based Drift Protocol, where attackers drained more than $285 million, accounting for over 50% of the platform’s total value locked at the time.
Data from DeFiLlama shows that total value locked has since dropped to around $251 million, a sharp fall from its $1.5 billion peak recorded in September 2025.
On-chain analysis showed the attacker rapidly converting assets into stablecoins, including USDC, before bridging a portion to Ethereum and swapping into Ether. Investigators later tracked parts of the proceeds through Tornado Cash, a privacy tool often used to obscure transaction trails.
Elliptic linked the activity to suspected North Korean state-backed actors, noting that more than 100 transactions passed through Circle’s infrastructure during U.S. working hours.
Drift Protocol confirmed the incident as it unfolded, halting deposits and withdrawals while working with security firms and exchanges.
“Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended,” the team said at the time, adding, “This is not an April Fool’s joke.”
Security researchers urged users to revoke wallet approvals and avoid interacting with the platform until conditions stabilise.
Legal limits and judgment calls under scrutiny
Debate has since turned to how much responsibility stablecoin issuers carry when they retain control over token contracts.
Circle has the ability to freeze assets at the contract level, though acting without a legal order can expose firms to regulatory and reputational risks. Industry voices have framed the decision as a balance between immediate harm prevention and adherence to consistent legal standards.
Lorenzo Valente, director of digital asset research at ARK Invest, pointed to the difficulty of setting a clear rule.
“Every future freeze is now a judgment call. Every non-freeze is a political statement. Why freeze the Drift hacker but not that sketchy Nigerian fraud wallet? Why this protester but not that one?”
He added that opinions may differ depending on how those trade-offs are weighed.
“Whether Circle got it right comes down to how much you weigh rule-of-law principles vs concrete harm. Reasonable people disagree.”
Drift moves to rebuild with USDT backing
Steps taken after the exploit indicate a move away from reliance on Circle’s infrastructure.
Drift has secured nearly $150 million in fresh funding to support recovery efforts, including $127.5 million from Tether. The capital is set to be used for compensating affected users and preparing a relaunch centered on USDT as the primary settlement asset on Solana.
Plans include a credit line tied to future revenues, liquidity support for market makers, and ecosystem grants aimed at restoring activity. A recovery token is also in the works, allowing affected users to claim from a pool backed by trading fees and newly raised funds.
Paolo Ardoino, CEO of Tether, said the focus is on restoring stability while rebuilding trust.
“The focus is on restoring user confidence and supporting a strong relaunch, with a structure that aligns recovery with real activity and long-term growth.”
Market response has already begun to show, with DRIFT rising 20% to above $0.061, its highest level since the day of the exploit.
A six-month investigation backed by the Ethereum Foundation has uncovered how North Korean operatives quietly embedded themselves inside dozens of Web3 teams under false identities.
Summary
- Ethereum Foundation backed a six-month probe that identified 100 North Korean operatives inside Web3 firms.
- Ketman Project alerted 53 crypto teams after tracing fake developer identities and suspicious GitHub activity.
- Investigators linked the pattern to long-running DPRK infiltration tied to major exploits involving the Lazarus Group.
The Ethereum Foundation said Thursday that its ETH Rangers initiative funded a security-focused effort that identified 100 individuals linked to the Democratic People’s Republic of Korea operating within crypto companies. The program, launched in late 2024, was designed to support public goods work through stipends for independent researchers.
One of those recipients used the funding to launch the Ketman Project, which focused on tracking “fake developers” working inside Web3 organizations. Over the six-month period, the project flagged 100 suspected DPRK IT workers and reached out to 53 crypto projects that may have unknowingly employed them.
“This work directly addresses one of the most pressing operational security threats facing the Ethereum ecosystem today,” the foundation said.
Findings add to a growing body of evidence showing that North Korean-linked developers have spent years embedding themselves across the crypto industry, often blending into teams through credible technical contributions and fabricated professional identities.
Security researcher and MetaMask developer Taylor Monahan has previously said such activity dates back to the early DeFi era, with DPRK-linked developers contributing to widely used protocols.
“Lots of DPRK IT workers built the protocols you know and love, all the way back to DeFi summer,” she said, noting that more than 40 platforms have relied on such contributors at different points. Claims of extensive experience are not always fabricated, she added, saying their “seven years of blockchain dev experience” is “not a lie.”
Investigators have consistently tied these operations to the Lazarus Group, a state-backed collective linked to some of the largest crypto thefts in recent years. Estimates from R3ACH analysts put total stolen funds at around $7 billion since 2017, including attacks such as the $625 million Ronin Bridge exploit, the $235 million WazirX breach, and the $1.4 billion Bybit incident.
Simple tactics, persistent execution
Despite the scale of damage, many infiltration attempts rely on relatively basic methods rather than advanced exploits. Analysts say persistence, social engineering, and identity layering often prove more effective than technical sophistication.
Independent blockchain investigator ZachXBT noted that many of these operations are “basic and in no way sophisticated,” adding that “the only thing about it is they’re relentless.” Outreach typically happens through job applications, LinkedIn profiles, email exchanges, and remote interviews, allowing operatives to gradually build trust within teams.
Recent incidents have shown how far such tactics can go. Drift Protocol’s $280 million exploit was linked to a North Korean-affiliated group, with attackers using intermediaries and fully constructed professional identities to establish credibility before executing the breach.
Red flags and detection efforts expand
Details from the Ketman Project shed light on how these operatives maintain cover inside development teams. Common indicators include reusing avatars or profile metadata across multiple GitHub accounts, unintentionally exposing unrelated email addresses during screen sharing, and using system language settings that contradict claimed nationalities.
Alongside its investigative work, the project developed an open-source tool designed to flag suspicious GitHub activity. It also co-authored an industry framework for identifying DPRK-linked IT workers in collaboration with the Security Alliance.
Plans to release revised stablecoin yield language in the Clarity Act have been delayed, extending uncertainty around one of the bill’s most divisive provisions.
Summary
- Release of the Clarity Act stablecoin yield draft has been pushed back as lawmakers wait for committee timing clarity.
- Draft language still restricts rewards on idle balances while allowing yield tied to transaction activity.
According to a report from Politico, Senator Thom Tillis said the updated draft is unlikely to be made public this week, as lawmakers wait for clarity on the timing of the Senate Banking Committee’s upcoming markup before proceeding with a release.
Meanwhile, a source familiar with the discussions told The Block that legislative teams are still holding meetings with bank trade groups and crypto firms, suggesting that negotiations remain active despite earlier expectations of an imminent rollout.
The draft, in its current form, continues to follow earlier proposals that would block rewards on idle stablecoin balances held in accounts, while allowing yield tied to transactional activity.
According to the source, making major revisions at this stage would be difficult, pointing to a text that is largely settled even as political agreement remains out of reach.
Work on the language has been led by Tillis in coordination with Angela Alsobrooks, as both lawmakers attempt to settle a dispute that has held up progress on the Digital Asset Market Clarity Act well beyond its initial end of 2025 target.
Earlier remarks from Tillis had suggested the proposal would be released this week, with the senator stating, “I think the language has come together well,” as negotiations appeared to move toward a compromise. That timeline now appears to have slipped, underscoring how difficult it has been to align competing interests.
Tensions around stablecoin rewards have emerged as the most contentious issue in the bill. While the GENIUS Act, passed last year, prevents issuers from paying interest directly to holders, it leaves room for third-party platforms such as exchanges to offer yield, a gap the Clarity Act is attempting to address.
U.S. banks have warned that allowing such rewards could draw deposits away from traditional institutions and weaken funding stability.
Crypto companies, including Coinbase, have pushed back, arguing that banning rewards would limit product development and overlook opportunities for banks to participate in the same market.
Efforts to close the gap have included a series of closed-door meetings convened by the White House since the start of the year. Those talks have yet to produce an agreement, with both sides continuing to hold firm positions as lawmakers weigh how far the legislation should go in restricting yield-bearing stablecoin products.
Finance ministers, central bankers, and senior financiers are increasingly focused on the potential risks posed by Anthropic’s Claude Mythos model, amid fears it could expose critical weaknesses in global financial infrastructure.
Summary
- Global finance leaders warn Anthropic’s Mythos AI could expose critical flaws in financial and core IT systems.
- Banks and governments are testing the model early to identify vulnerabilities before any wider release.
- Officials caution that such tools could help cybercriminals exploit weaknesses even as they strengthen defenses.
The model has already prompted high-level discussions and emergency-style meetings after early testing revealed vulnerabilities across major operating systems and widely used applications. Officials and industry experts say the system may have an “unprecedented” ability to detect and exploit cybersecurity flaws, though some caution that its full capabilities are still not fully understood.
Canadian Finance Minister François-Philippe Champagne said the issue dominated conversations during this week’s International Monetary Fund meetings in Washington.
“Certainly it is serious enough to warrant the attention of all the finance ministers,” he said, adding that unlike physical risks, the challenge with AI is “the unknown, unknown.”
He stressed the need for safeguards, saying authorities must ensure “we have process in place to make sure that we ensure the resiliency of our financial systems.”
Major banks and government agencies are now being given early access to Mythos to assess vulnerabilities before any broader rollout.
C. S. Venkatakrishnan, chief executive of Barclays, said the concerns are significant enough to demand immediate attention.
“It’s serious enough that people have to worry,” he said. “We have to understand it better, and we have to understand the vulnerabilities that are being exposed and fix them quickly.”
He added that the situation reflects a more connected financial system where risks and opportunities are increasingly intertwined.
Anthropic has indicated that Mythos has already uncovered multiple flaws across operating systems, financial platforms, and web browsers. In response, access has been restricted to a small group of institutions, including major technology firms and systemically important banks, allowing them to strengthen defenses before wider exposure.
Authorities in the United States have taken similar steps. The Treasury Department has encouraged leading banks to deploy the model internally to identify weaknesses, while also exploring ways to make a controlled version available to federal agencies. A memo from the White House Office of Management and Budget outlined plans to introduce safeguards before any such access is granted.
Andrew Bailey, governor of the Bank of England, said the implications for cybercrime must be taken seriously.
“We are having to look very carefully now what this latest AI development could mean for the risk of cyber crime,” he said, warning that such tools could make it easier for “bad actors” to identify and exploit system vulnerabilities.
Senior US officials, including Scott Bessent and Jerome Powell, have already convened Wall Street executives to address the risks. Attendees reportedly included leaders from major banks such as Goldman Sachs, Bank of America, Citigroup, and Morgan Stanley, underscoring the systemic importance of the issue.
Industry voices suggest the concerns may not be limited to Anthropic. Sources indicate another US AI company could release a similarly capable model without comparable safeguards.
James Wise of Balderton Capital described Mythos as “the first of what will be many more powerful models” capable of exposing system vulnerabilities. His Sovereign AI unit is investing in companies focused on AI security, adding, “We hope the models that expose vulnerabilities are also the models which will fix them.”
Mythos is part of Anthropic’s Claude family of models, a competing system to offerings from OpenAI and Google. Unlike previous releases, the company has restricted access due to concerns that the tool could be misused to uncover sensitive flaws or break into protected systems.
Internal testing raised alarms after the model identified critical bugs that would typically require highly skilled hackers to discover. Some vulnerabilities reportedly date back decades, highlighting gaps that had gone undetected by traditional security systems.
The concerns have also spilled into policy disputes. The Pentagon recently designated Anthropic as a potential supply chain risk, a move usually reserved for foreign adversaries. The company successfully challenged a proposed ban in court, arguing it would result in significant financial losses.
Within national security circles, Mythos has introduced new uncertainty around how cyber threats are assessed. One official described the impact as comparable to equipping an ordinary hacker with tools akin to those used by elite operators.
Despite the risks, authorities continue to engage with Anthropic. Federal agencies are preparing for possible controlled access, while regulators and financial institutions race to understand and address the vulnerabilities the model has already begun to uncover.
Part 1 of this series explained what quantum computers actually are. Not just faster versions of regular computers, but a fundamentally different kind of machine that exploits the weird rules of physics that only apply at the scale of atoms and particles.
But knowing how a quantum computer works does not tell you how it can be used to steal bitcoin by a bad actor. That requires understanding what it is actually attacking, how bitcoin’s security is built, and exactly where the weakness sits.
This piece starts with bitcoin’s encryption and works through to the nine-minute window it takes to break it, as identified by Google’s recent quantum computing paper.
The one-way map
Bitcoin uses a system called elliptic curve cryptography to prove who owns what. Every wallet has two keys. A private key, which is a secret number, 256 digits long in binary, roughly as long as this sentence. A public key is derived from the private key by performing a mathematical operation on the specific curve called “secp256k1.”
Think of it as a one-way map. Start at a known location on the curve that everyone agrees on, called the generator point G (as shown in the chart below). Take a private number of steps in a pattern defined by the curve’s math. The number of steps is your private key. Where you end up on the curve is your public key (point K in the chart). Anyone can verify that you ended up at that specific location. Nobody can figure out how many steps you took to get there.
Technically, this is written as K = k × G, where k is your private key and K is your public key. The “multiplication” is not regular multiplication but a geometric operation where you repeatedly add a point to itself along the curve. The result lands on a seemingly random spot that only your specific number k would produce.
The crucial property is that going forward is easy and going backward is, for classical computers, effectively impossible. If you know k and G, calculating K takes milliseconds. If you know K and G and want to figure out k, you are solving what mathematicians call the elliptic curve discrete logarithm problem.
It is estimated that the best-known classical algorithms for a 256-bit curve would take longer than the age of the universe.
This one-way trapdoor is the entire security model. Your private key proves you own your coins. Your public key is safe to share because no classical computer can reverse the math. When you send bitcoin, your wallet uses the private key to create a digital signature, a mathematical proof that you know the secret number without revealing it.
Shor’s algorithm opens the door both ways
In 1994, a mathematician named Peter Shor discovered a quantum algorithm that breaks the trapdoor.
Shor’s algorithm solves the discrete logarithm problem efficiently. The same math that would take a classical computer longer than the universe has existed, Shor’s algorithm handles in what mathematicians call polynomial time, meaning the difficulty grows slowly as numbers get bigger rather than explosively.
The intuition for how it works comes back to the three quantum properties from Part 1 of this series.
The algorithm needs to find your private key k, given your public key K and the generator point G. It converts this into a problem of finding the period of a function. Think of a function that takes a number as input and returns a point on the elliptic curve.
As you feed it sequential numbers, 1, 2, 3, 4, the outputs eventually repeat in a cycle. The length of that cycle is called the period, and once you know how often the function repeats, the math of the discrete logarithm problem unravels in a single step. The private key falls out almost immediately.
Finding this period of a function is exactly what quantum computers are built for. The algorithm puts its input register into a superposition (or, in quantum mechanics, a particle exists in multiple locations simultaneously), representing all possible values simultaneously. It applies the function to all of them at once.
Then it applies a quantum operation called the Fourier transform, which causes the number of wrong answers to cancel out while the correct answers are reinforced.
When you measure the result, the period appears. From this period, ordinary math recovers k. That is your private key, and therefore your coins.
The attack uses all three quantum tricks from the first piece. Superposition evaluates the function on every possible input at once. Entanglement links the input and output so the results stay correlated. ‘Interference’ filters the noise until only the answer remains.
Why bitcoin still works today
Shor’s algorithm has been known for more than 30 years. The reason bitcoin still exists is that running it requires a quantum computer with a large enough number of stable qubits to maintain coherence through the entire calculation.
Building that machine has been beyond reach, but the question has always been how large is “large enough.”
Previous estimates said millions of physical qubits. Google’s paper, in early April by its Quantum AI division with contributions from Ethereum Foundation researcher Justin Drake and Stanford cryptographer Dan Boneh, reduced that to fewer than 500,000.
Or a roughly 20-fold reduction from prior estimates.
The team designed two quantum circuits that implement Shor’s algorithm against bitcoin’s specific elliptic curve. One uses approximately 1,200 logical qubits and 90 million Toffoli gates. The other uses approximately 1,450 logical qubits and 70 million Toffoli gates.
A Toffoli gate is a type of gate that acts on three qubits: two control qubits, which affect the state of a third, target qubit. Imagine this as three light switches (qubits) and a special lightbulb (the target) that only turns on if two specific switches are flipped on at the same time.
Because qubits lose their quantum state constantly, as Part 1 explained, you need hundreds of redundant qubits checking each other’s work to maintain a single reliable logical qubit. Most of a quantum computer exists just to catch the machine’s own mistakes before they ruin the calculation. The roughly 400-to-1 ratio between physical and logical qubits reflects how much of the machine exists as self-babysitting infrastructure.
The nine-minute window
Google’s paper did not just reduce qubit counts. It introduced a practical attack scenario that changes how to think about the threat.
The parts of Shor’s algorithm that depend only on the elliptic curve’s fixed parameters, which are publicly known and identical for every bitcoin wallet, can be precomputed. The quantum computer sits in a primed state, already halfway through the calculation, waiting.
The moment a target public key appears, whether broadcast in a transaction to the network’s mempool or already exposed on the blockchain from a previous transaction, the machine only needs to finish the second half.
Google estimates that the second half takes about nine minutes.
Bitcoin’s average block confirmation time is 10 minutes. That means if a user broadcasts a transaction and their public key is visible in the mempool, a quantum attacker has roughly nine minutes to derive a private key and submit a competing transaction that redirects funds.
The math gives the attacker a roughly 41% chance of finishing before your original transaction confirms.
That is the mempool attack. It is alarming but it requires a quantum computer that does not exist yet.
The bigger concern, however, is the 6.9 million bitcoin (roughly one-third of total supply) sitting in wallets where the public key has already been permanently exposed on the blockchain. Those coins are vulnerable to an “at-rest” attack that requires no race against the clock. The attacker can take as long as needed.
A quantum computer running Shor’s algorithm can turn a bitcoin public key into the private key that controls the coins. For coins transacted since Taproot (a privacy upgrade on Bitcoin that went live in November 2021), the public key is already visible. For coins in older addresses, the public key is hidden until you spend, at which point you have roughly nine minutes before the attacker catches up.
What this means in practice, which 6.9 million bitcoin are already exposed, what Taproot changed, and how fast the hardware is closing the gap, is the subject of the next and final piece in this series.
Oil prices drop after Iran says Strait of Hormuz ‘completely open’ for passage of ships
Stem Cell Injections in Spain Fuel Hopes for Lakers Playoff Return
Spring Dresses, Comfy Sandals and More
-
NewsBeat5 days agoPep Guardiola and Gary Neville agree over Arsenal title problem that benefits Man City
-
Crypto World4 days agoThe SEC Conditionalises DeFi Platforms to Be Avoided for Broker Registration
-
Politics6 days agoWorld Cup exit makes Italy enter crisis mode
-
Crypto World4 days agoSEC Signals Exemption for Crypto Interfaces From Broker Registration
-
News Videos3 days agoSecure crypto trading starts with an FIU-registered
-
Sports21 hours agoNWFL Suspends Two Players Over Post-Match Clash in Ado-Ekiti
-
Fashion12 hours agoWeekend Open Thread: Theodora Dress
-
Crypto World4 days agoSEC Proposes Certain Crypto Interfaces Don’t Need to Register as Brokers
-
Business7 days agoIreland Fuel Protests Enter Day 5 as Blockades Spark Shortages and Government Prepares Support Package
-
NewsBeat4 days agoTrump and Pope Leo: Behind their disagreement over Iran war
-
NewsBeat6 days agoJD Vance announces ‘no agreement’ with Iran over nuclear weapons fear
-
Crypto World8 hours agoRussia Pushes Bill to Criminalize Unregistered Crypto Services
-
Sports6 days ago
Dexter Lawrence, Stefon Diggs, Trading for De’Von Achane
-
Crypto World5 days agoTrump whales load up ahead of Mar-a-Lago luncheon.
-
Crypto World5 days ago
Sei Network Enters Quiet Reset Phase as On-Chain Metrics Signal a Slowdown in 2026
-
Business5 days ago
Kering slides after Morgan Stanley downgrade, Gucci woes loom
-
Entertainment4 days agoKarol G’s ‘Ultra Raunchy’ Coachella Set Gave ‘Satanic Vibes’
-
Business1 day agoCreo Medical agree sale of its manufacturing operation
-
Sports5 days agoNWFL opens Pathway for new Clubs ahead of 2026 Season
-
Entertainment4 days agoBrand New Day’ Footage Reveals the Devastating Impact of ‘Now Way Home’
You must be logged in to post a comment Login