Key Takeaways

• On April 15, the S&P 500 reached 7,022.95, breaking its January 28 record, while the Nasdaq achieved an unprecedented high of 24,016
• Tom Lee contends the US market is absorbing elevated oil prices more effectively than global counterparts, despite crude exceeding $100/barrel following Hormuz Strait disruptions
• Monthly defense expenditures approaching $30 billion are strengthening corporate earnings and providing economic support amid US-Iran tensions
• Historical patterns suggest oil price spikes may produce milder inflation effects than current market fears indicate, according to Lee
• Cash-heavy institutional investors face pressure to enter markets at record levels, generating fresh demand — Lee holds firm on his 7,300 S&P 500 projection

Both the S&P 500 and Nasdaq established fresh all-time records this week, recovering from declines associated with escalating US-Iran tensions that have weighed on investor sentiment since late January. The S&P 500 finished trading at 7,022.95 on April 15, eclipsing its prior benchmark from January 28. Meanwhile, the Nasdaq concluded at 24,016, marking its own historic milestone.

Fundstrat’s founder Tom Lee joined CNBC’s Closing Bell to outline his view that current market conditions are fundamentally stronger than those present during earlier 2026 peaks. He presented three distinct rationales supporting this position.

Lee’s opening argument centered on oil prices. Crude prices jumped past the $100 threshold after disruptions to shipping through the Hormuz Strait. While recognizing this challenge, Lee emphasized that American markets are weathering the situation more successfully than international peers.

“The stock market finds itself in superior condition compared to where we stood at the year’s outset,” Lee stated. He highlighted that elevated energy costs are constraining other economies more severely, while US equities have demonstrated resilience in absorbing this pressure.

Crude prices experienced some retreat from peak levels as market participants anticipated potential diplomatic resolution between Washington and Tehran.

Earnings Strength Persists

Lee’s second rationale emphasized corporate financial performance. He observed that company profitability has maintained momentum throughout the conflict period, suggesting the geopolitical situation has actually provided economic stimulus rather than hindrance to American businesses.

Defense sector expenditures play a central role in this dynamic. Lee highlighted that monthly defense outlays currently hover around $30 billion, with scenarios suggesting potential expansion to $60 billion. These funds are circulating directly through the domestic economy.

He drew a contrast with oil-related costs, estimating American consumers collectively shoulder approximately $12 billion monthly in elevated energy expenses — yielding a net economic benefit when compared against defense spending inflows.

Technology sector firms have delivered robust first quarter 2026 earnings, frequently surpassing analyst projections. These results have helped validate current Nasdaq price levels.

Inflation Concerns May Be Overblown

Lee’s third point challenged widespread inflation anxieties. Numerous market observers have cautioned that triple-digit oil prices will cascade into broader consumer price increases. Lee offered a contrary perspective.

“Historical examination of energy price fluctuations reveals that their influence on core inflation metrics proves less pronounced than we initially expected,” he explained. He anticipates the inflationary impact will be more modest than current market pricing suggests.

Institutional Capital Deployment Accelerates

Throughout the recent market correction, substantial institutional capital remained uncommitted as fund managers accumulated cash positions. With equity indices now establishing new records, these investors confront mounting pressure to allocate reserves or risk underperforming their respective benchmarks.

Lee reaffirmed his year-end S&P 500 forecast of 7,300, implying approximately 4% appreciation potential from present levels.

Bitcoin alongside other digital assets have traditionally correlated with technology equities during risk-on market phases, while blockchain analytics reveal increased capital flows into institutional Bitcoin investment vehicles throughout recent weeks.

Sanctioned crypto exchange Grinex halted trading after a suspected state-level cyberattack drained up to $15 million in crypto.

Grinex said Thursday it had suspended operations after losing more than 1 billion Russian rubles, roughly $13.7 million, from 54 wallets in what it described as a highly sophisticated breach. The Kyrgyzstan-registered exchange pointed to signs that the attackers had access to resources typically associated with foreign intelligence agencies.

“Due to the attack, the Grinex exchange has been forced to suspend operations. All available information has been transferred to law enforcement agencies. A criminal complaint has been filed at the location of the infrastructure,” the exchange said.

Details shared by Grinex suggested a coordinated operation rather than a routine exploit. The platform said the digital footprint and execution pointed to “an unprecedented level of resources and technology available only to entities of hostile states.”

The incident adds fresh scrutiny to an exchange already under watch from Western authorities. Grinex has been widely linked to Russia’s sanctioned crypto infrastructure and has been described by blockchain analysts as a continuation of the previously blacklisted Garantex platform.

Earlier findings from Global Ledger indicated that Garantex shifted liquidity and user balances to Grinex following its shutdown in March 2025. On-chain data showed funds moving through one-time-use wallets before landing in Grinex accounts, while some users reported that balances frozen on Garantex later appeared on the new platform. Investigators also pointed to similarities in website design and internal confirmations, suggesting operational overlap between the two entities.

Garantex had been sanctioned by the United States in 2022 for facilitating illicit finance and was later targeted by European Union restrictions. Operations formally ceased in March 2025 after Tether froze nearly $2.5 billion worth of ruble-backed stablecoins tied to the exchange. Authorities in India also arrested co-founder Aleksej Bešciokov shortly after the shutdown.

Multiple platforms may have been exposed

According to TRM Labs, activity tied to the attacker may extend beyond Grinex. The blockchain intelligence firm identified two wallets linked to Kyrgyzstan-based exchange TokenSpot that sent about $5,000 to the same consolidation address used in the Grinex breach.

TokenSpot acknowledged a temporary disruption earlier this week. A notice on its Telegram channel mentioned technical work and a brief outage on April 15, followed by confirmation a day later that full services had resumed.

Further analysis from TRM Labs uncovered at least 16 additional addresses connected to the incident, beyond those disclosed by Grinex. Funds from the attack were funneled into a single address holding around 45.9 million TRON, valued close to $15 million.

Funds routed to avoid freezing risk

Blockchain analytics firm Elliptic has traced roughly $15 million in USDt leaving Grinex-linked accounts and moving across the Tron and Ethereum networks. The firm said the attacker converted the stablecoins into other assets soon after the theft.

“This USDT was then converted to another asset, either TRX or ETH. By doing so, the thief avoided the risk of the stolen USDT being frozen by Tether,” Elliptic said.

Past incidents show a pattern of exchanges tied to sanctioned jurisdictions becoming targets for politically motivated or financially driven attacks. Iran-based platform Nobitex lost $81 million in June 2025, with a pro-Israel hacker group claiming responsibility.

Attention now turns to whether Grinex can resume operations and how authorities respond, especially given its alleged role in facilitating sanction evasion and links to previously blacklisted entities.

The Ethereum ecosystem has expanded its security toolkit with a six-month initiative funded through its ETH Rangers program. The Ketman Project, described as a public‑goods security effort, identified a network of North Korean operatives embedded in Web3 companies, pinpointing 100 DPRK IT workers and alerting about 53 projects that could be employing such operatives. The Ethereum Foundation summarized the findings in a recent recap, underscoring the importance of the project for the broader ecosystem.

According to the Ethereum Foundation, the Ketman Project was built during a six‑month period under the ETH Rangers program, which launched in late 2024 to fund individuals performing security work for the ecosystem. One recipient used the stipend to tackle the Ketman initiative, focusing on exposing fake developers and other actors impersonating legitimate crypto engineers.

During the stipend period, Ketman identified 100 DPRK IT workers operating within Web3 organizations and reached out to about 53 projects to alert them to potential DPRK involvement. The Foundation framed the effort as a direct response to a pressing operational security threat facing the Ethereum ecosystem today.

The Ketman Project’s own materials outline the tactics, behaviors, and patterns used by DPRK-linked actors. The project describes several red flags used to spot impersonators and suspicious activity, including the reuse of avatars and profile metadata across multiple GitHub accounts, exposure of unlinked email addresses during screen sharing, and default language settings—such as Russian—that contradict the operators’ claimed nationality.

Beyond identification, Ketman co‑developed an open‑source detection tool to flag suspicious GitHub activity and helped author an industry-standard framework for identifying DPRK IT workers in partnership with the blockchain‑focused nonprofit Security Alliance. The Ketman site provides deeper dives into the operational methods employed by DPRK operatives and how attackers blend into crypto teams.

Key takeaways

• Ethereum Foundation funded the Ketman Project through the ETH Rangers program for six months, revealing a DPRK‑linked presence in Web3 and alerting dozens of projects.
• The effort identified 100 North Korean IT workers and prompted alerts to roughly 53 projects over the course of the program.
• Ketman developed an open‑source detection tool and co-authored an industry‑standard framework for identifying DPRK IT workers with the Security Alliance.
• Red flags highlighted by Ketman include reused avatars across GitHub accounts, exposed emails from screen sharing, and default language settings that conflict with stated nationality.
• The work illustrates a broader push to harden the crypto economy against state‑backed threat actors, leveraging community‑driven intelligence alongside formal governance bodies.

Operational security gains and investor implications

The Ethereum Foundation’s recap frames Ketman as a pragmatic response to a persistent risk: state‑backed actors tied to DPRK have repeatedly targeted the crypto sector, contributing to significant losses over the years. By mapping specific operational patterns and distributing defensive signals to projects, the initiative helps reduce the attack surface for startups and established protocols alike. For investors and builders, the development signals a maturing security culture where threat intel is disseminated more quickly and translated into concrete protections rather than remaining in isolated analysis.

From a risk management perspective, the Ketman project embodies a shift toward proactive defense in public ecosystems. The combination of detection tooling and a formal framework provides participants with repeatable methods to vet contributors and contractors, potentially lowering the likelihood of insider risks or compromised open‑source projects slipping through governance gaps. While it is not a silver bullet, the approach adds a data‑driven layer to ongoing security work in the space where rapid innovation often clashes with evolving threat models.

Context: DPRK actors, Lazarus, and the crypto threat landscape

Threat actors associated with North Korea have long loomed over crypto infrastructure, with high‑profile breaches attributed to groups such as Lazarus. Analysts note that as the market grows, so does the fingerprint of these actors—ranging from social engineering and fake personas to sophisticated supply‑chain compromises. The Ketman Project’s findings fit within this larger pattern of state‑linked crypto threats, reinforcing the case for heightened due diligence, better attribution signals, and more transparent security collaborations among projects and communities.

That context matters for investors and practitioners alike. Enhanced threat intelligence—especially when backed by open‑source tools and cross‑organizational collaboration—can help teams prioritize security spend and adopt stronger onboarding and verification practices. It also raises questions about how to balance openness with security in open ecosystems where contributors span the globe and operate under varying regulatory regimes.

What to watch next

Several questions remain as the Ketman initiative wraps its six‑month window. How widely will the open‑source detection tool be adopted by projects and exchanges? Will the Security Alliance and Ketman publish ongoing, standardized benchmarks to measure the effectiveness of the DPRK‑identification framework? And how will platforms translate these threat signals into concrete changes—such as enhanced contributor vetting, more robust identity checks, or stricter code‑review processes?

The Ethereum Foundation’s involvement signals continued institutional support for security tooling that is broadly usable across the ecosystem. If Ketman’s tools and methodologies gain traction, we could see a shift from ad hoc security reviews to more coordinated, sector‑wide threat intelligence sharing. That development would be a meaningful catalyst for ecosystem resilience, especially as decentralized finance, layer‑2 scaling, and new Web3 use cases proliferate.

In the near term, what remains uncertain is the scalability and sustainability of such programs. Will funding through ETH Rangers translate into a larger, repeatable budget for security research? How will other ecosystems—ranging from alternative smart contract platforms to fiat‑onramp operators—adopt similar threat intelligence frameworks? The coming months will reveal whether Ketman’s approach can be generalized into a standard practice for securing crypto projects against sophisticated, state‑backed adversaries.

Readers should monitor announcements from the Ketman Project and the Security Alliance for updates on the framework, as well as any new threat alerts tied to DPRK‑linked actors. The effort underscores a broader industry trend: security is increasingly a collaborative, community‑driven discipline that complements technical development with actionable intelligence and governance‑level responses.

For those evaluating risk in personal or institutional deployments, this development offers a reminder to emphasize transparency, contributor verification, and proactive security monitoring as core components of any long‑term crypto strategy. The fight against sophisticated threat actors is ongoing, but initiatives like Ketman mark a tangible step toward a safer, more resilient ecosystem.

Former Treasury Secretary Henry Paulson has called on U.S. policymakers to prepare an emergency response plan for a potential breakdown in demand for U.S. Treasurys, warning that the consequences could be severe.

Speaking in a Bloomberg interview on Thursday, Paulson urged authorities to have a “break-the-glass” framework ready in advance, describing it as a targeted and short-term intervention designed for moments of extreme stress.

“We need an emergency break-the-glass plan, which is targeted and short-term, on the shelf, so it’s ready to go when we hit the wall,” he said. “When we hit it, it will be vicious, so we have to prepare for that eventuality.”

Concerns around the Treasury market have been building as U.S. government debt continues to climb past $39 trillion, raising questions about long-term sustainability and investor appetite. 

Treasurys remain the foundation of global finance, serving as the benchmark against which assets such as corporate bonds, mortgages, and equities are priced. Any disruption in that market risks cascading effects across the financial system.

Economists have long warned of a potential feedback loop where rising debt levels push investors to demand higher yields, increasing borrowing costs, and increasing the fiscal deficit. A scenario where the Treasury struggles to attract sufficient buyers could leave the Federal Reserve stepping in more aggressively, effectively absorbing supply to stabilize markets.

A breakdown in the Treasury market would not leave digital assets untouched, with both upside and downside risks coming into play.

On one side, a loss of confidence in U.S. debt or a wave of monetary expansion could drive capital toward alternative stores of value, including Bitcoin and gold. Inflation concerns and pressure on the dollar have historically strengthened the case for non-sovereign assets.

At the same time, stablecoins introduce a direct link between crypto markets and U.S. government debt. Tether, the largest stablecoin issuer, holds a significant portion of its reserves in Treasurys, including Treasury bills and overnight reverse repurchase agreements.

U.S. Treasury officials have already taken steps aimed at improving market functioning, including a large-scale debt buyback announced on Thursday.

Authorities accepted $15 billion worth of older securities maturing between 2026 and 2028, marking the largest such operation to date. The program is designed to retire less liquid bonds and inject cash back into the system, giving investors room to reallocate capital.

Liquidity management measures like these are intended to keep trading conditions stable, though concerns around long-term demand continue to shape discussions among policymakers and market participants.

Key takeaways 

• Pi Network’s PI token holds steady at $0.1730, up 4.5% from the previous day. 
• The Pi Core Team’s upgrade to enable smart contracts, with a deadline set for April 27, is a potential catalyst. 

Pi Network’s PI token has managed to hold steady around $0.1770 as of Friday, adding a 4.5% gain from the previous day. 

The Pi Core Team (PCT) is driving momentum with the impending upgrade to the mainnet, which will enable smart contract functionality—expected to be a key catalyst for price movement.

PI rallies ahead of the Protocol 22 upgrade

PI is up 4.5% in the last 24 hours, outperforming the broader cryptocurrency market. The rally comes after the Pi Core Team announced that April 27 is the final deadline for all mainnet nodes to complete necessary steps for remaining connected to the network, as part of the Stellar Protocol version 22 upgrade. 

While this upgrade will cause a brief 15-minute downtime during internal data transfer, it lays the groundwork for future improvements. Additionally, the full upgrade to version 26 is slated for June 22, ahead of Pi2Day on June 28.

Will PI rally higher in the near term?

The PI/USD 4-hour chart is bearish and efficient, trading above the $0.1770 level. However, Pi Network remains in a bearish posture, with the token still trading below the 50-, 100-, and 200-day Exponential Moving Averages (EMAs). 

The immediate resistance level is marked at $0.1785, corresponding to the 50-day EMA, followed by stronger resistance at $0.1865 (100-day EMA) and $0.2334 (200-day EMA).

However, momentum indicators present mixed signals. The Relative Strength Index (RSI) at 71 is above the neutral 50 line, and is heading into the overbought region.

The Moving Average Convergence Divergence (MACD) crossing above its signal line indicates growing bullish momentum. 

On the downside, key support is found at $0.1556, near the February 23 low, with further weakness potentially exposing $0.1310 if the market slips below this level.

The cryptocurrency market has entered a “sustained crypto winter,” according to CoinGecko, as spot trading volumes on centralized crypto exchanges rapidly fell over the first quarter of 2026.

Crypto market capitalization fell by more than 20% during the first quarter as “bearish momentum from late 2025 collided with global geopolitical instability,” CoinGecko said in a report on Thursday.

That caused the top 10 centralized exchanges by spot volume to record a 39% decrease in trading volume over the quarter ended in March, dropping to $2.7 trillion from $4.5 trillion in the fourth quarter of 2025.

The drop comes as the crypto market has struggled to maintain positive momentum after Bitcoin (BTC) hit a record high of more than $126,000 six months ago, as the wider market reacted to fears of an economic slowdown and uncertainty over the fallout from US-Israeli strikes on Iran in February.

March was the “weakest month,” according to CoinGecko, with $800 billion in trading volume, the lowest since November 2023.

CoinGecko said that the contraction in crypto markets was worsened by Kevin Warsh’s nomination as US Federal Reserve chair, which signaled “a potential hawkish shift in US monetary policy.”

Related: Three things Bitcoin must do to hold highs above $76K: Analysts

It added that daily trading activity across the crypto market saw “a significant decline” over the first quarter, with average daily trading volumes at $117.8 billion, a drop of 27% compared to the fourth quarter of 2025.

All of the top 10 spot centralized exchanges recorded declining volumes in the first quarter, CoinGecko said, with HTX, formerly Huobi, seeing “the biggest slump” quarter-on-quarter as volumes dipped 55% to $133.6 billion.

It said that Bitcoin fell 22% over the first quarter, “continuing to underperform all assets, despite US equity indexes such as NASDAQ and S&P 500 falling -7.1% and -4.8% respectively, their worst quarterly returns since 2022.”

Big Questions: Should you sell your Bitcoin for nickels for a 43% profit?