The Kelp restaking exploit underscores a broader vulnerability in DeFi: non-isolated lending and tightly integrated protocols can create rapid, cross-platform contagion. Industry insiders say the incident serves as a stress test for how risk can cascade beyond a single smart contract when assets and incentives are interconnected across multiple chains and products.

According to Michael Egorov, founder of Curve Finance, allowing lending frameworks to treat a wide array of collateral as interchangeable leverage exposes users to the risk of a single point of failure within the broader collateral ecosystem. In practical terms, a breach or misstep tied to one token can ripple through all assets backed by that same architecture, amplifying losses beyond the original target. Egorov’s observations align with a growing emphasis in DeFi risk management on collateral design and vault hygiene as the ecosystem grows more complex.

The Kelp project, which operates a restaking mechanism tied to the rsETH token, became the centerpiece of a weekend security incident when it was attacked, forcing a halt to Kelp’s smart contracts and triggering an urgent security review. Early estimates pegged misappropriated funds at around $293 million, with the platform moving quickly to investigate and mitigate the damage. The incident illustrates how nuanced DeFi constructs—restaking, liquidity provision, and cross-protocol guarantees—can present an expanded attack surface when combined with cross-chain functionality.

In the wake of the attack, Egorov urged DeFi teams to enhance asset vetting before accepting tokens as lending collateral, warning against single points of failure or exploitable surface areas within new digital assets. His guidance points to a broader industry push toward stronger due diligence on novel assets and more granular risk assessments for collateral acceptance on lending platforms.

The Kelp incident also spotlights the cross-chain dimension of the risk vector. Egorov cautioned that cross-chain frameworks and bridges, while enabling liquidity and interoperability, introduce significant attack surfaces. “Cross-chain is hard and potentially risky. Only use cross-chain infrastructure when absolutely necessary, and do it really carefully,” he said in an interview. The message arrives at a time when users increasingly depend on multi-chain strategies to access liquidity and yield opportunities, but security architectures have not always kept pace with rapid product innovation.

Crypto-security researchers framed the incident as a contagion event rather than a single-contract exploit. Cyvers, a blockchain security firm, described the Kelp attack as crossing protocol boundaries almost immediately. The incident affected at least nine DeFi protocols and platforms, including Aave, Fluid, Compound Finance, SparkLend, and Euler, all of which took steps to freeze rsETH markets or otherwise mitigate the fallout. The rapid cross-protocol response underscores how decentralized systems rely on a network of dependent components—lenders, oracles, bridges, and liquidity pools—to function. When one piece falters, others must quickly reconfigure risk controls to prevent broader losses.

“This was not just a protocol exploit. It immediately became a cross-protocol contagion event,” Cyvers CEO Deddy Lavid told Cointelegraph. The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols.

The ripple effects from Kelp are not isolated to a handful of DeFi shops. The attack followed Drift Protocol’s about $280 million hack earlier in the month, and Cointelegraph notes that a string of other crypto platforms and DeFi exploits have marked a period of heightened risk activity for the sector. In total, losses from crypto hacks, code exploits, and scams in Q1 2026 were reported to be substantial, reinforcing the need for improved security, governance, and incident response across DeFi ecosystems.

Key takeaways

• Interconnected risk amplifies losses. Non-isolated lending means collateral attacks can spread through multiple tokens and protocols, increasing the potential scope of exploit losses beyond a single project.
• Cross-chain design as both enabler and hazard. Bridges and cross-chain liquidity foster innovation but also widen the attack surface, making careful, deliberate use essential.
• Contagion across nine protocols. The Kelp incident prompted immediate actions from Aave, Fluid, Compound Finance, SparkLend, Euler, and others to pause or mitigate rsETH exposure, illustrating real-time containment challenges in integrated DeFi networks.
• Asset vetting remains a priority. Industry voices emphasize rigorous evaluation of new collateral and the pursuit of resilient, multi-layer risk controls before broadening lending collateral acceptance.
• Sector context matters. The episode sits within a sequence of high-profile exploits, including Drift Protocol, signaling a broader imperative for stronger incident response and security architectures as DeFi grows more interconnected.

Kelp, rsETH, and the evolving DeFi security landscape

The Kelp incident is a concrete reminder that highly specialized DeFi constructs—such as restaking mechanisms—do not exist in a vacuum. The rsETH token, while offering potential yield and staking mechanics, also creates dependencies on the health of the restaking pipeline and the security of the tokens used as collateral. When a vulnerability emerges in one component, other protocols relying on the same token or the same cross-chain infrastructure can be pulled into the crisis, sometimes within hours or minutes of the initial breach.

From a risk-management perspective, the episode underscores several practical steps for builders and operators. First, strengthening the governance and vetting process for new assets used in lending markets is critical. Second, there is a clear case for tighter, more auditable cross-chain interaction patterns—reducing trust assumptions where possible and defaulting to more conservative bridge usage. Third, incident response playbooks must embrace rapid cross-protocol coordination, including predefined withdrawal or pause criteria that can be executed decisively to limit losses.

For investors and traders, the unfolding narrative reinforces a cautious stance toward complex DeFi products that rely on multi-layer architectures. While such products can unlock innovative yield opportunities, they also carry layered risk—asset design risk, cross-chain risk, and governance risk—that can compound quickly in fast-moving market environments. As the sector digests this latest episode, market participants will be watching not only for immediate recoveries and protocol updates but also for longer-term shifts in collateral standards and security best practices across DeFi lending.

Broader implications for DeFi stability and policy

Analysts suggest that the Kelp incident could influence how regulators and industry groups frame risk disclosures and capital adequacy for DeFi platforms. As ecosystems become more interconnected, there is a growing call for standardized risk reporting around cross-chain activities, collateral diversification, and incident response metrics. While regulatory approaches vary by jurisdiction, the shared industry objective remains clear: build resilient infrastructure capable of withstanding rapid, multi-protocol shocks without compromising user funds.

The road ahead will likely feature a combination of enhanced asset vetting, more cautious cross-chain deployment, and stronger protocol-to-protocol coordination. The lessons from Kelp are not just about recovering from a single attack; they are about reshaping the safety net for an increasingly interconnected DeFi landscape.

Watching the next set of protocol updates and audits will be essential. As developers and security researchers digest the Kelp fallout, the market will likely see renewed emphasis on collateral risk controls, faster detection of cross-chain anomalies, and tighter governance processes to prevent similar contagion events from reoccurring.

Readers should stay tuned for further disclosures from affected platforms as they publish findings from post-incident reviews, patch timelines, and any changes to rsETH-related risk parameters. The evolving response from the DeFi community will be a critical barometer for how quickly the sector can translate security lessons into practical safeguards for users, traders, and liquidity providers.

TLDR:

• Bitcoin pierced $126,200 resistance on Friday and Saturday but failed to hold, signaling a likely pivot high.
  
• Analyst Aaron Dishner targets $60,000 first, followed by $49,000 and $38,555 if a full bear market unwinds.
  
• Weekly TBT bullish divergences on BTC and TOTALES are not being treated as confirmed trend-reversal signals yet.
  
• Ethereum, altcoins, and macro indicators including DXY and S&P futures add further weight to the bearish outlook.

Bitcoin analyst Aaron Dishner is warning of a significant pullback after price briefly pierced the $126,200 resistance level last week.

The move failed to hold, and Dishner, known on X as @MooninPapa, sees the reaction as a pivot high rather than a breakout.

With short-term support giving way across multiple indicators, he expects Bitcoin to move substantially lower through May and June, with firm downside targets already mapped out.

$126,200 Resistance Rejection Sets the Stage for Deeper Losses

Bitcoin pierced overhead resistance at $126,200 across Friday and Saturday but failed to sustain the move. The price reaction that followed has left Dishner unconvinced that bulls have retaken control.

He views the current structure as a pivot high, with the short-term support fan beginning to break down beneath it.

RSI has already completed its expected role within this price cycle, according to Dishner. Any bounce toward the $75,500 area, he noted, looks more like a retest than a recovery. He sees that level as a potential entry point for continued selling pressure rather than a base for renewed upside.

In a post on X, Dishner laid out his broader expectations for the months ahead. He is calling for red conditions through both May and June, with $60,000 as his first major downside target. From there, he sees $49,000 as a realistic follow-through level if selling pressure persists.

If a full bear market unwind plays out, Dishner places $38,555 as his deepest target. Weekly TBT bullish divergences have appeared on Bitcoin and TOTALES, but he is not treating them as trend-change signals.

He pointed out that similar readings have appeared before real bottoms formed in prior cycles, making them unreliable as standalone reversal signals.

Altcoins and Macro Risks Add Further Weight to the Bearish Outlook

Stablecoin dominance continues to support the bearish case heading into the anticipated pullback. The OTHERS index has already been rejected at the top of the cloud, reinforcing the view that broad market weakness remains intact.

Last week’s upper wick into the fast line on Bitcoin looked more like a warning than a confirmed breakout, Dishner noted.

Ethereum confirmed a weekly TBT bullish divergence but has not impressed with its price action. Dishner still sees a move toward $1,000 as a possibility for ETH, given how weak it has been relative to expectations.

The divergence alone, he argued, does not make a case for turning bullish during what he considers a bottom year.

On the macro side, the DXY still looks capable of closing the gap at 99.516, which could add pressure across risk assets.

S&P futures appear overly extended following a sharp reversal, while NK225 looks stretched at current levels. USDJPY remains a key risk factor if dollar strength returns.

Among altcoins, BNB is back at a fast line retest and AAVE may see a short reflex bounce after an exploit-driven flush. CFX and LDO still look like exhaustion rallies, while ZBCN looks heavy ahead of a support break.

Dishner is watching TAO but prefers to wait for Bitcoin to complete its pullback before taking any position.

RaveDAO’s RAVE token fell sharply over the past two days, dropping from $26 to below $1 and extending losses on Monday. 

Data cited in the report showed the token lost about 95% on Sunday before falling more than 60% again in the following 24 hours.

The decline followed public calls for an investigation by on-chain investigator ZachXBT. On April 18, he asked Binance, Bitget, and Gate.io to review suspected market manipulation tied to RAVE. He first offered a $10,000 bounty for information and later raised it to $25,000 the same day.

ZachXBT said he had contacted RaveDAO co-founder Yemu Xu on April 13 and April 14 about his concerns but did not receive a response before the token collapsed. He later shared findings that linked the project’s early token distribution to a small group of wallets.

According to his review, addresses tied to the initial distribution controlled about 95% of RAVE’s 1 billion token supply. He also flagged activity involving wallets connected to Bitget and Gate.io deposit addresses. ZachXBT said the scale of the sell-off looked unusual when compared with liquidation data across the market.

Meanwhile, Bitget publicly responded to the request for an investigation within hours. Binance and Gate.io also acknowledged the calls later in the day. At the same time, RaveDAO said it had no role in the recent price movement.

In a later update, ZachXBT said a multisig wallet linked to the initial distribution moved about 23 million RAVE, worth around $23 million, to two Bitget deposit addresses. After that transfer, the token’s price dropped below $0.60. 

He also wrote that roughly $6 billion in market value was erased while 24-hour liquidations stood near $52 million, which he described as a sign of an unstable market structure.

RaveDAO denies involvement as wider scrutiny grows

RaveDAO issued a public response rejecting claims that it drove the price move. The team said it was ”not engaged in, nor responsible for, recent price action.” It also addressed claims about token control, though it did not confirm the figures mentioned by ZachXBT.

The team added that it aims to act ”sustainably and transparently” as it builds its platform. Meanwhile, ZachXBT said similar price patterns have appeared in other tokens, including SIREN, MYX, COAI, M, PIPPIN, and RIVER. He also said he held no trading position in RAVE and that the bounty for verified information remains open.

At the time of writing, RAVE traded at $0.64 with a 24-hour trading volume of $297.6 million. The token was down 46% over 24 hours, leaving it with a market capitalization of about $161.3 million.

Bitcoin reserves on Binance have dropped to about 619,000 BTC, their lowest level since October 2025, according to CryptoQuant analyst Arab Chain. 

The decline points to continued Bitcoin outflows from the exchange after reserves climbed sharply earlier this year.

In February 2026, Binance’s Bitcoin reserves rose to nearly 670,000 BTC, their highest level since 2024. That increase came during a strong market rally and suggested that more investors were moving coins to exchanges, often to sell or lock in profits as prices moved higher.

Since the February peak, reserves have moved lower in a steady trend. The change suggests that investors have shifted from exchange deposits to withdrawals and off-exchange storage. This type of movement usually shows that holders are choosing to keep Bitcoin rather than sell it at current prices.

The decline in reserves has happened while Bitcoin has seen sharp price swings. Even with that volatility, fewer coins remain on Binance. The data points to stronger holding behavior as traders move assets into cold storage or other long-term custody options.

At the same time, spot Bitcoin ETFs posted strong accumulation last week. Data showed ETF holdings rose from 1.3141 million BTC on Monday to 1.3397 million BTC by Friday. That means the funds added 25,600 BTC over five trading days.

The latest increase brought ETF balances close to levels last seen in November. It also marked one of the strongest weekly additions in recent months. The combined trend of lower Binance reserves and rising ETF balances suggests that Bitcoin supply is moving away from exchanges and into longer-term investment vehicles.

Bitcoin price stays volatile amid geopolitical pressure

Bitcoin price action remained unstable over the weekend. The asset rose above $78,300 late Friday, its highest level since early February, before falling back to the $75,000 to $76,000 range. The retreat followed renewed tension tied to the US military seizure of an Iranian cargo ship and rising concern over oil routes in the Strait of Hormuz.

Late Sunday, Bitcoin briefly dropped below $74,000 as the market reacted to the latest developments between the US and Iran. The two-week ceasefire that had helped calm markets is due to end on Wednesday. 

At press time, Bitcoin traded near $74,800, down slightly over 24 hours but still up 5% over the past week.

XRP trading through WhatsApp has started after wrapped XRP, known as wXRP, went live on the Solana blockchain. 

The setup allows users to swap assets inside the messaging app without leaving the chat window. The move followed the April 17 launch of wXRP on Solana through a partnership involving LayerZero and Hex Trust. 

On Solana, wXRP exists as an SPL token, which means it can work with decentralized exchanges, wallets, and other apps built on the network.

A screenshot shared by X user @sol_nxxn showed a WhatsApp chat that swapped 0.1 SOL for about 5.99 wXRP. The user wrote, ”I just bought XRP on Solana through WhatsApp. Solana is officially ready for boomers.”

The trading flow uses AI-powered bots connected to a user’s noncustodial wallet. A person sends a text command such as ”Buy 0.1 SOL worth of wXRP,” and the system reads the request, then routes the trade through a Solana DEX aggregator. This lets the user complete a token swap through a chat-based interface.

Moreover, once wrapped on Solana, XRP can move through the network like other Solana-based tokens. That makes it usable across decentralized finance products that support SPL assets.

The report said wXRP can already be used with Solana platforms such as Raydium and Orca for trading, Kamino and Marginfi for lending and borrowing, and wallets such as Backpack. This gives XRP another route into onchain activity outside its native network and expands where holders can use the asset.

Market attention stays on XRP’s broader setup

The WhatsApp use case arrives as XRP remains in focus across the wider market. Analysts have recently pointed to a symmetrical triangle on XRP’s daily chart, with some watching for a possible 35% move if price breaks out of the pattern.

At the same time, the new Solana route adds a separate market angle centered on access and utility. The combination of broader DeFi use and chat-based trading shows how XRP is being adapted for different platforms.

The aftershocks of the Saturday’s KelpDAO hack are spreading through stablecoin markets in ways that were not immediately obvious.

Int he first 24 hours post the attack, users on Aave borrowed approximately $300 million against their tether deposits of stablecoin tether USDT$1.0002 on the platform, according to Chaos Labs data.

The borrowing spike isn’t a sign of demand; it is a sign users can’t withdraw. With stablecoin pools maxed out, depositors are taking loans against their own funds at a loss just to access liquidity.

Think of it this way: Imagine a bank refusing to process customer fiat deposit withdrawal requests. So, out of desperation, customers take out loans on these deposits. This credit creation isn’t healthy, but a desperate move for liquidity.

“We’re now seeing some negative secondary effects of illiquidity in Aave stablecoin markets,” said monetsupply.eth, the pseudonymous head of strategy at Spark, a rival DeFi lending platform. “Because users can’t withdraw due to 100% utilization, there has been a ~$300 million increase in borrowing with USDT collateral in just the past day since the rsETH exploit.”

To understand how a single exploit on KelpDAO ended up locking every stablecoin exit on Aave simultaneously, you need to understand how the system is supposed to work — and exactly where it broke.

What is Aave and how it’s supposed to work

Aave is a decentralized finance (DeFi) protocol that enables users to lend and borrow cryptocurrencies without intermediaries. Think of it as a bank, except it runs entirely on code on a public blockchain, with no human gatekeepers.

Users deposit assets into lending pools and earn interest. Others borrow from those same pools by posting crypto assets as collateral, which exceeds the loan amount. The system is designed to self-correct automatically through interest rates. When lots of people want to borrow, rates rise, making borrowing more expensive and encouraging lenders to deposit more. When demand falls, rates drop.

The whole system operates on one core assumption: that there is always enough liquidity – enough assets in the pool – for lenders to withdraw their deposits when they want to, and for borrowers to unwind their positions when they need to.

When that assumption breaks down, everything else breaks with it. That’s what happened after the KelpDAO exploit.

rsETH and the KelpDAO exploit

rsETH is a liquid re-staking ether token issued by KelpDAO.

When you stake ether (ETH), you lock it up to help secure the Ethereum network in exchange for a yield, similar to earning interest on a bond. Some protocols issue a liquid staking token (LST) that represents your staked ETH.

Re-staking goes a step further, reusing those already-staked assets to secure additional systems, effectively stacking yield on yield. In return, you receive a receipt token representing your position. rsETH is one such receipt token and it has been widely used as collateral across the DeFi world.

On April 18, an attacker manipulated KelpDAO’s bridge infrastructure into releasing 116,500 rsETH — roughly 18% of the token’s circulating supply, worth approximately $292 million. These fake, unbacked tokens were immediately deposited into lending protocols, mostly Aave, to borrow real ETH and other assets such as wrapped ether (wETH) against them. Fake tokens in, real money out.

“That [borrowed] WETH is gone. The rsETH holding its place in the vaults is worth whatever an unbacked claim is worth — approaching zero on the L2 side, where 20+ chains held bridged rsETH backed by a now-empty mainnet lockbox,” 0xyanshu, a pseudonymous crypto operator known for work around on-chain finance and risk, said.

Aave froze rsETH markets on V3 and V4 within hours, with founder Stani Kulechov affirming the exploit was external and Aave’s contracts were not compromised. That freeze stopped the bleeding. But it also set off the chain reaction that produced the $300 million borrowing surge.

How $300 million in borrowing materialized in a single day

When the exploit news broke, whales and big funds withdrew billions of dollars worth of cryptocurrencies from Aave’s liquidity pools within hours. Because they moved first and in large numbers, their withdrawals drained liquidity pools.

“When the rsETH exploit happened and AAVE incurred bad debt, whales like Justin Sun, MEXC exchange, and others immediately withdrew billions from AAVE,” analyst Duo Nine, said in an explainer. “Initially, the ETH market hit 100% utilization, meaning you could not withdraw your ETH from AAVE.”

This soon spread to USDT and USDC pools, raising their utilization rates to 100%, as over $6 billion in assets left the protocol within hours. Every lending pool holds a fixed amount of assets deposited by users. When every dollar of those assets has been borrowed out, nothing remains for withdrawals.

“That’s because AAVE lost over $6 billion in liquidity in the past 24h,” Duo Nine wrote. “As whales took out their money, USDT and USDC also hit 100% utilization. These markets are now also stuck with money locked.”

This is when the $300 million secondary borrowing surge began.

Trapped USDT and USDC depositors, unable to simply withdraw their money, reached for the only exit still available to them. They began by drawing loans from their locked deposits.

“Some users decided to borrow against USDT/USDC and exit via other markets at a 10-25% loss,” Duo Nine explained. “Basically you borrow GHO/DAI/USDe against your locked USDT/C.” It was not a trading strategy.

It has been a desperate act of borrowing against their own money at a loss, accepting 75 cents on the dollar, just to extract any liquidity from the system at all. Aave allows users to borrow up to 75% of the total loan-to-value (LTV) of their deposited collateral, depending on the asset and its risk parameters.

“With a 75% max LTV, users with stuck USDT deposits can take out up to 3/4 of the value of their Aave position. But this ends up reducing liquidity in other markets, with USDC and USDe markets now at 100% utilization as well,” monetsupply.eth, the pseudonymous head of strategy at Spark, a rival DeFi lending platform, observed.

For anyone watching DeFi from the outside, the message is clear: “Decentralized” does not mean “without risk.”

Coinbase is accelerating its internal use of AI by piloting agents that assist employees with day-to-day work, including integration with Slack and email. The rollout marks another step in the crypto exchange’s broader push to weave artificial intelligence into its operations, a trend unfolding across the tech sector as firms lean on automation to cope with hiring constraints and scale knowledge work.

In a post on X this weekend, Coinbase chief executive Brian Armstrong announced that the company has already deployed two AI agents modeled after former Coinbase executives. He suggested that the number of agents could eventually exceed the company’s human headcount, signaling a future where AI handles a growing share of internal tasks and decision-making. The comments come as Coinbase has publicly foregrounded AI as a strategic lever, including ambitions to push more of the company’s coding work toward AI-assisted workflows.

Coinbase’s AI push sits within a broader industry context where tech giants have been trimming staff while expanding AI capabilities. Armstrong has been explicit about ambitions to automate more workflows, including a notable claim last year that AI could contribute to a substantial portion of the company’s code. The exchange has also highlighted plans to transform its workforce into “AI-Natives,” a goal it described as part of its productivity strategy. In parallel, Coinbase operates the x402 protocol, a framework introduced to enable agentic AI payments on crypto and fiat rails, illustrating how AI agents could move beyond internal use to handle real-world financial transactions.

Key takeaways

• Coinbase is testing AI agents to support internal work processes, with a Slack and email workflow integration as the initial environment.
• The two agents are named Fred and Balaji, each designed with distinct roles reflecting Coinbase’s culture and governance needs.
• Fred serves as a strategic executive agent, while Balaji acts as an “agent of chaos and creativity” to challenge assumptions and spark innovation.
• The initiative aligns with Coinbase’s broader AI strategy, including a push toward an AI-native workforce and the x402 agentic AI payments protocol.

Coinbase’s AI agents: Fred and Balaji

Armstrong introduced the two agents with a nod to Coinbase’s history. Fred, named after co-founder Fred Ehrsam, is envisioned as the company’s strategic executive agent. In practice, Fred is meant to help teams maintain strategic clarity and align priorities, offering executive-level feedback that can guide high-impact decisions. Balaji, modeled after former Coinbase chief technology officer Balaji Srinivasan, is described as the “agent of chaos and creativity.” The intent behind Balaji is to push employees to rethink assumptions, explore unconventional approaches, and catalyze innovative thinking across projects.

The naming of the agents is not just symbolic. It signals Coinbase’s approach to embedding AI into leadership and ideation processes—using AI personas that mirror the company’s own leadership archetypes to guide how the agents prompt, critique, and shape workstreams. The experiment also reflects a broader trend of “agentic” AI, where digital assistants aren’t merely task bots but integral partners in strategic initiatives and experimentation.

From internal pilots to a payments rails ecosystem

Coinbase’s internal AI experiment sits alongside the firm’s ongoing broader AI strategy. In May 2025, Coinbase rolled out the x402 protocol to enable agentic AI payments on both crypto and fiat rails, a development that signals how AI-driven agents could eventually perform real-world financial transactions within a regulated framework. The x402 framework is positioned as a precursor to widespread use of AI agents for financial operations, potentially expanding the scope of automation from internal productivity to customer-facing and partner-facing payments processes.

Armstrong’s public remarks this year have underscored a belief that AI agents will increasingly transact online, with him suggesting that “more AI agents transacting online than humans very soon.” Those views echo similar forecasts from other tech leaders who see AI agents as a new class of actors in the digital economy. Earlier commentary from Circle CEO Jeremy Allaire has — at times — pointed toward billions of AI agents operating on-chain within a few years, highlighting the scale at which such agents could participate in financial ecosystems. While these predictions illustrate a powerful narrative about AI-enabled commerce, they also place Coinbase’s initiative within a wider debate about governance, reliability, and the regulatory considerations surrounding automated agents in finance.

Industry context remains nuanced. While industry leaders have celebrated the potential of AI agents to reduce friction and accelerate decision-making, they have also warned of the challenges involved in aligning AI behavior with corporate goals, maintaining security, and ensuring accountability when AI agents act on behalf of human teams. The emergence of agentic AI in crypto payments—still in its early stages—will likely attract close scrutiny from investors, regulators, and users alike as practical pilots mature and scale.

What to watch next for AI in crypto tooling

Investors and builders should monitor how Coinbase scales its internal AI agent program: whether traditional workflows see measurable productivity gains, how governance and oversight evolve as agents take on more complex tasks, and what new security and compliance controls emerge as agents interact with internal systems. The broader crypto industry will also be watching for how the x402 protocol evolves, and whether other exchanges or crypto companies adopt similar agent-based models for payments, settlement, and governance-related processes.

Beyond Coinbase, the momentum around AI agents in crypto payments raises questions about the mix of internal automation and external-facing capabilities. As major players debate the balance between automation and human oversight, the market will likely see a split between tasks that benefit most from AI-assisted decision-making and those requiring direct human input or regulatory compliance checks. For now, Coinbase’s two-armed experiment with Fred and Balaji signals both the ambition and the caution that define enterprise-grade AI in crypto—an approach that blends internal productivity gains with a longer-term bets on how AI agents could reshape the payments landscape.

Readers should watch for updates on the agents’ performance metrics, any expansion beyond internal Slack and email tasks, and how regulators respond to increasingly autonomous decision-making within crypto infrastructures. As Armstrong and his peers push the envelope on AI-native operations, the coming quarters will test whether the promised productivity gains translate into durable competitive advantages while preserving the trust and safeguards that define responsible crypto innovation.

Key Takeaways

• Following a two-day trading pause, ARK Invest executed significant portfolio adjustments on Friday
• The firm acquired 26,161 Netflix shares valued at approximately $2.5M following a nearly 10% post-earnings decline
• Circle holdings worth $1.21M were liquidated as the company faces legal challenges related to the Drift Protocol incident
• ARK divested $1.36M in Bullish shares while Bitcoin climbed past $76,000
• The firm invested roughly $11.96M in Alamar Biosciences during its Nasdaq debut

Cathie Wood’s ARK Invest resumed active trading Friday, April 17, 2026, following a 48-hour hiatus. The investment firm executed a notable strategic pivot: liquidating cryptocurrency-related equities while accumulating positions in established technology and biotechnology companies.

The firm purchased 26,161 Netflix shares representing approximately $2.5 million in capital. This move came immediately after Netflix disclosed its Q1 financial results, revealing revenue of $12.25 billion alongside profits reaching $5.28 billion — figures that surpassed analyst expectations.

Netflix, Inc., NFLX

Despite delivering impressive financial metrics, Netflix stock plummeted nearly 10% to settle at $97.31. The decline followed co-founder Reed Hastings’ announcement that he wouldn’t pursue board reelection, coupled with the company’s conservative revenue projections for the remainder of 2026.

ARK’s acquisition indicates confidence that the market overreacted to the news. Netflix continues expanding into live sports broadcasting and advertising initiatives, with revenue projections approaching $3 billion for the current year.

Cryptocurrency-Linked Stock Divestment

Regarding sales activity, ARK liquidated Circle shares totaling $1.21 million. Circle operates as the issuer of USDC, ranking among the most significant stablecoins by total market capitalization.

The company currently confronts a class-action legal proceeding stemming from the Drift Protocol security breach. Plaintiffs allege Circle neglected to freeze compromised assets during the incident, introducing considerable legal exposure for shareholders.

Additionally, ARK disposed of $1.36 million in Bullish stock, despite the shares appreciating approximately 5% that trading session amid declining Middle East tensions.

Bitcoin maintained levels above $76,999 Friday, experiencing temporary upward momentum following reports of the Strait of Hormuz reopening. Crude oil prices declined roughly 10% on this development.

The optimism proved fleeting. By Saturday evening, Iranian officials declared the Strait closed once more, citing a U.S. naval blockade. This reversal underscored persistent geopolitical volatility.

Biotech Investment on Debut Trading Day

ARK acquired 537,463 Alamar Biosciences shares for approximately $11.96 million during the company’s inaugural Nasdaq trading session.

Alamar experienced a remarkable 33% surge during its debut, achieving a market capitalization of $1.53 billion. This transaction demonstrates ARK’s ongoing commitment to emerging biotechnology ventures alongside established technology positions.

Combined cryptocurrency-related divestments totaled $2.57 million spanning Circle and Bullish. Both positions saw reductions despite the broader cryptocurrency market maintaining strength above critical price thresholds.

These transactions illustrate a calculated adjustment in ARK’s Friday holdings — transitioning capital from elevated-risk cryptocurrency exposures toward large-capitalization technology and biotechnology assets amid continued global uncertainty.

ARK’s simultaneous purchases of Netflix and Alamar Biosciences shares represents one of the firm’s most substantial single-session portfolio rebalancing events in recent trading periods.

The National Security Agency is utilizing Anthropic’s most sophisticated AI model, Mythos Preview, despite the Department of Defense labeling the startup a “supply chain risk.”

Two sources told Axios that the NSA has secured access to the high-powered model, which Anthropic has kept under tight wraps due to its potent offensive cyber capabilities. 

While the Pentagon officially moved to sever ties with the company in February—even directing its vendors to do the same—internal demand for the technology appears to be overriding that directive. 

This friction has led to a legal standoff where military officials are arguing in court that Anthropic’s tools threaten national security, while simultaneously expanding their use of those same tools across various departments.

The standoff over “all lawful purposes”

Renegotiations between the two parties soured earlier this year when the Pentagon demanded the company make its Claude model available for “all lawful purposes.” 

Anthropic leadership pushed back, insisting on specific prohibitions against mass domestic surveillance and the development of autonomous weaponry. As a result of this, some Defense officials claimed the company cannot be trusted in critical military scenarios, a characterization Anthropic has denied.

The government’s interest in the model stems largely from its specialized utility. Most of the 40 organizations granted access to Mythos Preview use the tool to scan their own digital environments for exploitable vulnerabilities. 

While Anthropic has publicly named only 12 of these partners, including the U.K.’s AI Security Institute, the NSA is reportedly among the undisclosed group of agencies.

Recent efforts to resolve the impasse have moved beyond the Pentagon’s halls. Anthropic CEO Dario Amodei met on Friday with White House Chief of Staff Susie Wiles and Treasury Secretary Scott Bessent to discuss how Mythos could be integrated across other government sectors. 

Sources described the meeting as productive, indicating that the administration may look for ways to bypass the Pentagon feud to ensure other departments can utilize the cutting-edge technology.