Crypto World
Tokenization has become a strategic priority for 84% of financial firms
On Wednesday, DTCC completed its first live production trades involving tokenized securities, marking a major step toward bringing blockchain technology into traditional financial markets.
Broadridge’s findings suggest those efforts are influencing the broader industry. Sixty-eight percent of respondents said tokenization will at least partially reshape financial markets within the next three to five years, while nearly one-third plan to increase investment in tokenization projects by 26% to 50% or more over the next two years.
The survey also found firms are not preparing for an all-onchain future. Instead, 92% expect digital and traditional assets to coexist for the foreseeable future, and 69% plan to integrate tokenization into existing infrastructure rather than build separate blockchain-native systems.
That mirrors the approach taken by many large financial institutions, which have generally focused on connecting blockchain networks to existing trading, custody and settlement systems instead of replacing them.
Adoption remains uneven across the industry. Forty-four percent of capital markets firms said they already have tokenization initiatives in production or operating at scale, compared with 20% of asset managers and 9% of wealth managers.
The survey also pointed to where firms expect tokenization to gain traction first. About 80% of respondents believe tokenized mutual funds and money market funds will play a meaningful role within five years, reflecting the rapid growth of tokenized Treasury products. By comparison, only about half expect tokenized equities to achieve similar adoption over that period.
Crypto World
Here Are Four Important Crypto Stories You Might Have Missed This Week
It’s easy to get lost in the sea of news coming daily in the cryptocurrency world, from bitcoin price volatility to regulatory battles in Washington and everything in between. Sometimes, interesting stories are just passed by.
Here are four of the most intriguing news developments that went live in the past week and you might have missed.
North Korea-Linked Dev at MetaMask
According to an internal script obtained by Drop Site News, Consensys, the entity behind the popular Ethereum wallet MetaMask, confirmed that a consultant introduced through a third-party provider was later found to have links to North Korea. The reason for concern is that the country’s authorities have long employed hackers to infiltrate popular cryptocurrency projects, find or insert vulnerabilities, and later exploit them for their own benefit.
The developer in question worked with MetaMask for about a month and contributed to code related to the wallet before their access was terminated. Consensys said it temporarily suspended product releases to investigate the incident but found no evidence that assets or data were stolen, malicious code was deployed, or users were affected.
Knaken Goes Bankrupt
A Rotterdam court declared the local crypto exchange Knaken bankrupt after prosecutors alleged that approximately €7 million ($7.6 million) in customer funds were missing and could not be accounted for. Users were unable to access the platform for approximately a month since it halted operations in June.
The court concluded that Knaken did not have enough assets to repay all customers. This collapse comes at an intriguing time as the European Union just implemented its MiCA requirements, and it raises questions about how effectively the new regulatory framework can protect customers from platforms operating without the required authorization.
Injective Submits TA-1
The team behind the popular blockchain project said they submitted Form TA-1 to the US SEC to register as a transfer agent. If approved, Injective could maintain official ownership records for tokenized securities directly on-chain.
Transfer agents traditionally record ownership changes, process transfers, and help issuers maintain shareholder records. However, Injective’s new approach aims to represent a practical attempt to connect public blockchains with regulated US capital markets rather than simply using unregulated stock representations.
Injective has filed its transfer agent registration with the SEC, marking a major step towards becoming a leading blockchain with a regulated pathway to issue securities onchain.
This advances RWA market infrastructure in the New Internet Economy, right here in the US. pic.twitter.com/u97CMk1rBT
— Injective
(@injective) July 16, 2026
Robinhood Chain Gains ETH Traction
Robinhood Chain’s first couple of weeks of existence have been quite overwhelming, especially for Ethereum. Reports emerged a few days ago that over $70 million worth of the altcoin was already bridged to the newly launched chain.
These significant early inflows suggest impressive interest in the new ecosystem, but the real test will be whether the liquidity remains after this initial hype period and develops into sustained trading and application usage. Is this indeed demand for tokenized assets rather than short-term speculative activity?
The post Here Are Four Important Crypto Stories You Might Have Missed This Week appeared first on CryptoPotato.
Crypto World
$2.5 billion in BTC call spreads target $72,000 by the month end when the Fed meets
“This week we have seen some large blocks in BTC topside call spreads,” Jean-David Péquignot, chief commercial officer at Deribit, told CoinDesk.
Options flow of this size and repetition often reflects institutional positioning rather than retail activity, given the capital required and the precision of the strike selection.
The timing is notable for two reasons. First, it suggests confidence in bitcoin’s recent bounce to $64,000 from under $58,000 earlier this month. More importantly, the trade targets the July 31 settlement, two days after the Federal Reserve’s July 29 interest rate decision. The call spread flow suggests that at least some large traders expect the meeting to serve as a catalyst for a move toward $72,000.
Fed funds futures currently point to a hold at the July meeting, with most trackers putting the probability of the central bank keeping its benchmark rate unchanged at 3.5%-3.75% in the 75%-80% range. The remaining odds are split between a rate hike and, to a lesser extent, a cut.
Rate-hike fears have ebbed following June inflation data, which showed a sharp deceleration in price pressures at both the consumer and producer levels. Much of the relief traces to a sharp pullback in oil prices during the month, tied to a ceasefire between the U.S. and Iran; core inflation, which strips out food and energy, was flat.
Crypto World
Analyst Says Long-Term Bullish Setup Could Take Ethereum to $22K
Ethereum (ETH) could be entering the final stage of a long-term bullish pattern that eventually sees it go as high as $22,000, according to new analysis shared by pseudonymous crypto commentator NoName on July 17.
While the projection is highly speculative, it has added to a growing debate over whether ETH’s June lows marked the start of a broader recovery.
Analyst Points to Long-Term Chart Patterns After ETH Rebound
According to a chart the market watcher shared on X, since 2021, Ethereum has been building what technical analysts call an expanding diagonal, consisting of five waves, with each successive wave becoming larger than the last one. They pointed out that the first four waves were already done, with the fourth having found support between $1,072 and $1,385.
“That’s the floor this entire structure was building toward,” NoName explained, adding that expanding diagonals often end with a fifth wave that breaks above the previous cycle high. They also compared ETH’s structure to a historical Dow Jones Industrial Average (DJIA) fractal and said that both charts have a similar formation and could produce a similar breakout. Based on that interpretation, the projected target is anywhere from $12,000 to $22,000.
“Same structure, same resolution,” wrote the analyst. “Wave 5 target: 12k-22k.”
They also described ETH as “one of the most underpriced assets on the market” currently, suggesting that many people had given up on it, which could create an opportunity for long-term investors.
Another analyst, Crypto Patel, reached a similar conclusion using a different framework. In his version, he said that Ethereum has been following a Wyckoff accumulation pattern that could eventually lift the asset toward $10,000 by 2027 or 2028, provided the recent swing low around $1,500 remains intact. The trader also identified resistance between $2,400 and $2,600 and called it the first major hurdle the world’s second-largest cryptocurrency will have to overcome before any larger advance in its price could begin.
CryptoQuant contributor CW8900 also struck an optimistic note, sharing data showing that Ethereum wallets holding more than 100,000 ETH have gone back to green following the latest rebound. According to him, whales have only fallen into loss during major market bottoms, and their return to profit on many occasions has coincided with either a sustained rally or a meaningful short-term recovery.
The Other Side of the Coin
In June, ETH went very close to the $1,500 level, but softer-than-expected US inflation data released this week helped push it up to its highest level in a month and a half at $1,940 before sellers dragged it back below $1,900.
At the time of writing, CoinGecko data showed the asset trading close to $1,800, having dropped by about 5% in 24 hours but still up more than 3% during the past week.
But while those recent gains have improved sentiment, the market is not all rowing in the same direction. According to analyst Crypto Rover, a repeating 1,369-day cycle points to a scenario where ETH could move back below $1,500 before a lasting bottom forms.
The post Analyst Says Long-Term Bullish Setup Could Take Ethereum to $22K appeared first on CryptoPotato.
Crypto World
AI Future Forum 2026 in Dubai!
On December 1–2, 2026, in Dubai, alongside Blockchain Life 2026 — one of the world’s largest events for Web3, crypto, mining, and AI — the all-new AI Future Forum takes the stage.
Expect visionary founders, global investors, breakthrough AI projects, robotics, and the technologies that will shape the next decade of the digital economy.
With 15,000+ attendees from 130+ countries and 200+ industry-leading speakers, the AI Future Forum is set to become the world’s premier destination where AI, Web3, and crypto leaders come together to shape what’s next.
What awaits participants?
🔹 A full week of live networking with key players from around the world: 2 days of the forum, hundreds of side events, exclusive meetings, and the Formula 1 Grand Prix Final.
🔹 200+ top speakers: leading AI experts, founders of technology companies, investors, representatives of top AI startups, and leaders of the digital industry. The focus will be on the practical application of AI, its integration with crypto and business, and the technologies shaping the new digital economy.
🔹 A large-scale expo zone: 200+ leading companies in robotics, AI development, Web3 projects, and the most progressive startups.
🔹 The legendary AfterParty at one of Dubai’s top clubs with a globally known headline artist.
🔹 Startup Pitch – an opportunity to present your project to the international community and attract attention from investors and funds.
🎟️ One ticket. Two world-class events.
Exclusive limited offer! AI Future Forum ticket includes full access to Blockchain Life 2026.
🔥 Get 10% off with promo code WEB3DIGITAL before the prices go up:
Crypto World
Kaspersky Flags Malware Framework Targeting Crypto Investors
Cybersecurity researchers are flagging a fresh wave of malware tactics aimed at people who hold, build, and advise on crypto-related software. Kaspersky, for instance, says it has discovered a new malware framework—dubbed OkoBot—that targets cryptocurrency investors by combining social engineering with data theft capabilities.
At the same time, SlowMist warns of a separate intrusion campaign that targets Web3 developers through seemingly legitimate recruitment messaging on LinkedIn, pushing victims to run poisoned code hosted on GitHub. Together, the incidents underscore how attackers are increasingly using everyday work routines—interviews, code trials, and app installs—as delivery mechanisms for malware.
Key takeaways
- OkoBot is designed to steal crypto-related data by harvesting wallet files, browser information, credentials, and injected browser or extension activity.
- Kaspersky says it has observed multiple OkoBot-linked attacks since January 2026, and that the framework evolved from an earlier campaign called TookPS.
- OkoBot’s infrastructure reportedly routes all payload delivery through an SSH tunnel, enabling remote data transport to attacker-controlled systems.
- SlowMist reports LinkedIn-based “recruiter” scams that deliver malicious GitHub repositories disguised as technical interview tasks for Web3 developers.
- The recruitment workflow mirrors legitimate developer interviews closely enough to lower suspicion, increasing the chance victims will run the malicious code.
OkoBot targets crypto holders through wallet and browser theft
In a report released this week, Kaspersky described OkoBot as a malware framework that kickstarts an infection chain using social engineering and “malicious app” delivery tactics. According to Kaspersky, the initial entry includes tricks such as ClickFix, which aims to persuade users to execute harmful commands, as well as trojanized GitHub applications that can introduce a backdoor to a compromised device.
Once a system is under attacker control, Kaspersky says OkoBot is capable of collecting sensitive information that is directly relevant to crypto ownership. The company reports that the malware can:
- Harvest cryptocurrency wallet files.
- Extract browser data and user credentials.
- Inject malicious extensions.
- Capture wallet application windows, potentially enabling theft through on-screen or session-related data.
Kaspersky also stated that it identified multiple attacks using this malware family since January 2026. For investors, the practical concern is not only that wallets could be accessed, but also that browser activity and stored authentication data can be used to move faster toward account takeovers or transfer operations.
How the infrastructure works: payload orchestration via SSH
A notable detail in Kaspersky’s analysis is that OkoBot allegedly differs from prior campaigns by how it manages its malicious payloads. Kaspersky said the framework orchestrates all 20 malicious payloads via an SSH tunnel, which supports remote transport of data from compromised computers to systems controlled by attackers.
That matters because it points to an operational model where the attacker retains strong control over follow-on stages after initial compromise. Instead of relying solely on static behavior, a tunneled architecture can help attackers adapt to victims and collect information more reliably, depending on what the malware finds on each host.
Kaspersky also described OkoBot as an evolution of TookPS, a malware campaign first identified in 2025 that distributed a Trojan downloader through fake software websites. By evolving from an earlier delivery approach and adding more coordinated payload handling, the OkoBot framework appears positioned to increase both infection success and post-compromise effectiveness.
LinkedIn recruitment scams push Web3 devs into running poisoned repositories
Separate research from SlowMist focuses on a different target set: Web3 developers. In a report published on Saturday, the firm said attackers are reaching developers through LinkedIn messages that impersonate Web3 recruiters.
SlowMist’s description of the workflow suggests attackers are deliberately choosing a high-trust, familiar entry point. After initial contact, victims are sent what appear to be fake GitHub repositories, framed as a “minimum viable product” that the developer should install and try before an interview.
The technique is effective, SlowMist argues, because it resembles a real technical interview process. The report notes that a legitimate developer workflow often involves pulling code, installing dependencies, and launching a project—steps victims naturally perform while preparing for an interview. In that environment, malicious code can be less obvious, especially if the victim does not expect a security risk from a repository “connected” to a recruiting conversation.
What attackers aim to steal from developer systems
SlowMist said the end goal is to deliver a complete remote access trojan to the victim’s device. Once established, the malware could enable attackers to steal sensitive materials associated with development and operations, including project keys, cloud credentials, or data tied to wallet extensions.
SlowMist also emphasized that the recruitment approach is part of a broader pattern: attackers are increasingly leveraging scenarios such as recruitment, code reviews, and project collaborations to trick developers into running malicious repositories. In other words, this is not only about deception, but also about timing—waiting for the moment a developer is likely to execute code as part of normal work.
Importantly, this LinkedIn-focused warning came after SlowMist reported another campaign targeting macOS users. That earlier effort, as SlowMist described it, aimed to steal credentials and hijack Telegram sessions in order to coerce victims into submitting wallet recovery phrases through fake websites. While the TTPs differ between the campaigns, both point to the same underlying threat: attackers are methodically chaining social engineering and credential theft to ultimately compromise crypto access.
Going forward, both reports suggest readers should watch for more “legitimate-looking” pathways into compromise—especially where code execution is requested via recruiters, interview workflows, or third-party repositories. For investors and developers alike, the immediate question is not only whether malware is present, but whether attackers can leverage everyday trust and authenticated sessions to reach wallet-relevant secrets quickly.
Crypto World
Adam Back Talks About Bitcoin BIP-110 Controversy. “Satoshi Was Not Retarded”
Adam Back, Blockstream’s CEO, dismissed claims that Satoshi Nakamoto backed BIP-110, a contested Bitcoin (BTC) soft fork proposal. He mocked its backers on X for failing to fund what he called a cypherpunk summer celebration.
The exchange unfolded on July 18, 2026, as the debate over BIP-110 proposal approaches a critical signaling deadline. Back predicted the fork attempt would collapse within weeks of that deadline.
Adam Back Questions the Satoshi Assumption
A user on X argued Nakamoto would still back BIP-110 if he were alive today. Back rejected the premise outright. He then questioned whether Nakamoto is even dead, calling it pure speculation either way.
Back also denied being Nakamoto himself. The remark reopened a long-running debate over Bitcoin governance and who speaks for its founding vision. Back has weighed in on this dispute before, in his earlier fork risk warning.
Bitcoin, meanwhile, traded near $63,944 on the Bitcoin price chart, up 1.43% in 24 hours.
BIP-110 Struggles to Gain Miner Support
BIP-110 would temporarily cap the size of arbitrary data miners can embed in Bitcoin transactions, targeting Ordinals-style inscriptions. However, miner backing has stayed minimal so far. Signaling data show just 0.86% of blocks in the current difficulty period support the proposal. That is far short of the 55% threshold needed for lock-in.
Back mocked the proposal’s backers directly, pointing to their failure to monetize the campaign.
sad part is we didnt manage to get the 110 fork to pay for the cypherpunk summer afterparty. no airdrop, no liquidity, no fork futures. no money where their mouth is. ofc as they too know it’s failed.
The comment, meanwhile, echoes the long-running BIP-110 dispute that has split developers for months.
What Happens When Signaling Turns Mandatory
Mandatory signaling begins around block 961,632, roughly three weeks from Friday’s chain tip near block 958,529. Back predicted the fork would stall almost immediately afterward.
He said the first mandatory signaling block would trigger an automatic split. Bitcoin nodes always follow the chain with the most cumulative work.
Miners would have little reason to keep mining once their chain fell behind, Back said. He compared the abandoned fork to a “Pompeii chain,” frozen as a monument to the attempt’s failure.
The prediction follows Back’s earlier pushback against separate claims that Bitcoin would effectively fire noncompliant miners in August.
It also lands alongside renewed chatter about Satoshi’s dormant coins, another flashpoint in the identity debate.
Whether BIP-110 activates or fades away may hinge on how many miners flip the switch once signaling turns mandatory.
The post Adam Back Talks About Bitcoin BIP-110 Controversy. “Satoshi Was Not Retarded” appeared first on BeInCrypto.
Crypto World
SpaceX Stock Sinks Below IPO Price: The Hype Is Over?
SpaceX (SPCX) shares slipped below their $135 initial public offering (IPO) price this week. The stock had peaked above $200 in the weeks following its record Nasdaq debut. Elon Musk dismissed the retreat and predicted the company will eventually outvalue Earth itself.
The stock was priced at $135 a share in June, raising $75 billion in the largest IPO on record. It has now lost roughly a third of its value from that peak. Short interest surged as the price fell.
SpaceX’s Bold Claim Meets a Falling Stock
Musk’s forecast followed a SpaceX stock crash that wiped billions from his fortune this month. Musk responded directly to entrepreneur Peter Diamandis on X.
Diamandis argued that all owned material wealth on Earth totals about $600 trillion. Space, in his view, holds nearly infinite quantities of the same resources.
Musk’s math rests on that comparison, though it hinges on SpaceX reaching goals he never specified. The claim, however, is not new. Musk floated a similar SpaceX outvalue Earth argument earlier this month, well before the stock tested its IPO floor.
Short Sellers Draw Musk’s Ire
Bearish bets against SpaceX climbed sharply as the stock fell. Short interest reportedly reached about 185 million shares, or 29% of the tradable float.
That figure stood at roughly 40 million shares just three weeks earlier. It represents close to $25 billion in bearish wagers. Short sellers already hold an estimated $8.7 billion in paper profits.
The rapid buildup followed SpaceX’s historic IPO, which also sparked a rally in tokens tied to Musk, including Dogecoin. One widely shared post mocked the Ivy League pedigrees of short sellers. Musk then issued a warning of his own on X.
He offered no evidence for that claim, and the stock kept sliding regardless.
What Comes Next for SpaceX
The stock now trades near a level flagged in a recent falling wedge pattern. That pattern points to a possible rebound toward $158. Investors will also watch August share unlocks. That date lets insiders sell shares for the first time since the IPO, adding potential fresh supply.
SpaceX also scrubbed a Starship test flight this week. Automated safety systems halted the countdown at T-minus zero after several Raptor engines failed to ignite. Musk said two engines need replacement, with the next attempt likely early the following week.
Musk has separately argued that the scarcity of goods and services will eventually disappear. It reflects a related piece of his broader worldview on abundance.
That vision, though, remains untested against SpaceX’s near-term performance. Short sellers, meanwhile, appear willing to bet against the stock before the unlock date arrives.
The post SpaceX Stock Sinks Below IPO Price: The Hype Is Over? appeared first on BeInCrypto.
Crypto World
Kaspersky Flags Malware Framework Aimed at Crypto Investors
Two separate cybersecurity reports point to a growing trend in crypto-related malware: attackers are no longer relying only on obvious phishing emails. Instead, they are moving closer to the workflows people already use—recruiting pipelines, developer code trials, and wallet-related software behavior.
Kaspersky says it has uncovered a cryptocurrency-targeting malware framework dubbed “OkoBot,” which initiates an infection chain through social engineering, malicious commands, and trojanized GitHub applications. Separately, SlowMist describes a campaign aimed at Web3 developers that starts with fake LinkedIn recruitment offers and ends with poisoned repositories designed to deliver remote access.
Key takeaways
- Kaspersky links the OkoBot framework to wallet theft activity, including harvesting wallet files and capturing browser and credential data.
- OkoBot is designed to steal assets by injecting malicious browser extensions and collecting wallet application windows, Kaspersky reports.
- SlowMist warns that fake “recruitment” messages are being used to trick developers into running malicious GitHub repositories that resemble legitimate interview tasks.
- SlowMist says the campaign’s goal is to deliver a remote access trojan that can exfiltrate project keys and cloud or wallet extension data.
- Both reports emphasize social engineering paths—ClickFix-like tactics or developer-targeted collaboration scenarios—that make the attacks harder to spot.
Kaspersky: OkoBot targets crypto investors through wallet and credential theft
In a report released this week, Kaspersky describes OkoBot as a malware framework built to compromise cryptocurrency investors by chaining together multiple stages of intrusion. The first step is not purely technical; it relies on social engineering methods intended to get victims to act.
According to Kaspersky, initial access can come from tactics such as ClickFix, a technique that aims to trick users into running malicious commands. Alternatively, attackers may deliver similar outcomes by distributing trojanized GitHub apps that include backdoors once installed.
After gaining a foothold, Kaspersky says OkoBot has capabilities specifically relevant to crypto users and their systems. The malware can harvest crypto wallet files, collect browser data and user credentials, and manipulate the victim’s environment by injecting malicious extensions. It also reportedly captures wallet application windows, which can give attackers a more direct path to stolen assets than credential theft alone.
Kaspersky added that it has observed multiple attacks involving the OkoBot malware family since January 2026, suggesting the framework is not a one-off operation but part of an active campaign.
Evolution from TookPS: more orchestration, more reach
Kaspersky also frames OkoBot as an evolution of a prior threat. The company says the malware framework evolved from “TookPS,” a campaign first identified in 2025 that distributed a Trojan downloader via fake software websites. That earlier stage matters because it signals a progression in how attackers deliver and manage malicious payloads: from initial trickery and download into a more structured compromise process.
A distinctive operational detail in Kaspersky’s account is how OkoBot manages its payloads. The report states that it orchestrates all 20 malicious payloads via an SSH tunnel, allowing remote transport of data from infected computers to infrastructure controlled by attackers.
For investors and defenders, this design choice matters because it can complicate incident response. Data exfiltration over an SSH tunnel may blend with normal encrypted traffic patterns, and the multi-payload architecture suggests victims may not see a single obvious “binary” responsible for damage.
SlowMist: fake LinkedIn recruiting and “try before interview” repositories
In a separate report, SlowMist describes another approach to malware delivery: it targets Web3 developers by disguising an attack as recruitment. Rather than sending victims a generic phishing link, attackers reportedly contact developers through LinkedIn while posing as Web3 recruiters.
SlowMist says the attackers follow up with instructions to download and run code from fake GitHub repositories. The bait is framed as a realistic recruitment process: the repository is presented as a “minimum viable product” that the developer should try before the interview, which aligns closely with how technical screenings often work.
The company notes that the workflow looks and feels like a genuine interview assignment: developers are expected to pull code, install dependencies, and launch the project. That resemblance is a key factor in why the attack can be difficult to detect—there may be no obvious sign that a “try it now” task is actually weaponized.
Remote access trojan goals: keys, credentials, and extension data
According to SlowMist, the end goal of the LinkedIn-and-GitHub tactic is to deliver a complete remote access trojan onto the victim’s device. Once installed, SlowMist says attackers can steal sensitive information relevant to Web3 work, including project keys, cloud credentials, or wallet extension data.
SlowMist also emphasizes that this is not an isolated tactic. The report argues that attackers are increasingly exploiting scenarios that encourage developers to run code—such as recruitment tasks, code reviews, and project collaborations—turning normal professional behavior into an infection vector.
It is also notable that SlowMist’s write-up arrives amid a broader pattern of recent warnings. The security firm had also previously cautioned about a separate malware campaign targeting macOS users, designed to steal credentials, hijack Telegram sessions, and ultimately pressure victims into entering wallet recovery phrases via fake websites.
For readers and builders, the common thread across both reports is the same: attackers are calibrating their intrusions to the moments when people are most likely to click “run,” install, or test code—whether that happens after a recruiter message on LinkedIn or after a malicious “app” appears to be a legitimate GitHub tool. The next thing to watch is whether these campaigns expand into more standardized tooling for developers and more automation for account-level compromise, since both Kaspersky and SlowMist describe activity that looks organized and iterative rather than sporadic.
Crypto World
Kaspersky exposes OkoBot’s 20-module crypto wallet attack
Kaspersky has exposed OkoBot, a year-old malware operation that uses roughly 20 modules to steal crypto wallet recovery phrases and has affected users across at least five countries.
Summary
- Kaspersky uncovered OkoBot using roughly 20 modules to steal crypto wallet credentials.
- The malware has affected users in Brazil, Vietnam, Canada, Mexico, and Turkey.
- OkoBot uses fake recovery screens, keylogging, spyware, and ClickFix commands to target victims.
Kaspersky researchers discovered that the malware has remained active for more than a year, according to a report published by Bits.media. Most identified victims were located in Brazil, Vietnam, Canada, Mexico, and Turkey, while the operators blocked IP addresses from Russia and other Commonwealth of Independent States countries.
Distributed through GitHub repositories, OkoBot is disguised as legitimate software, including Microsoft SQL Server Management Studio. Kaspersky found that the attackers rely on the ClickFix social engineering method, which tricks victims into running malicious commands on their own devices.
The technique often presents users with fake error messages, verification steps, or repair instructions. Following those directions causes victims to execute code that installs the malware without realizing the command is malicious.
OkoBot targets seed phrases and wallet credentials
Among OkoBot’s modules, SeedHunter displays a fake recovery interface linked to hardware wallets such as Ledger and Trezor, according to Kaspersky. When users enter their recovery phrases into the fraudulent screen, the module sends the information to the malware operators.
A second module called MC Keylogger records keyboard input and monitors clipboard activity, allowing it to capture passwords, copied wallet addresses, and other credentials. OkoSpyware can track wallet passwords and record videos of open windows, giving attackers another way to observe activity on an infected device.
Once a recovery phrase is exposed, the attackers can use it to take control of the associated wallet and move its assets. Kaspersky warned that victims have little chance of recovering stolen cryptocurrency because blockchain transfers are generally irreversible.
The malware’s modular design also lets its operators collect different types of information from a single infected system. According to the security company’s findings, OkoBot can target both wallet access data and credentials connected to other services used on the device.
ClickFix attacks have also targeted crypto developers
OkoBot is the latest malware campaign found using ClickFix against the cryptocurrency sector. As crypto.news reported in April, North Korea’s state-backed Lazarus Group used the same technique in a macOS campaign known as “Mach-O Man.”
Citing research from CertiK, the report found that Lazarus sent fake online meeting invitations to fintech and crypto executives. Victims were instructed to paste supposed repair or verification commands into the macOS Terminal, which installed malware capable of stealing cryptocurrency and corporate information.
CertiK also found that the Mach-O Man toolkit deleted itself after running, making forensic analysis more difficult. The campaign combined social engineering with terminal-level commands instead of relying only on malicious file downloads.
Developer tools have provided another route into crypto systems. In May, crypto.news reported that TrapDoor malware was distributed through poisoned software packages targeting developers in cryptocurrency, decentralized finance, artificial intelligence, and security infrastructure.
According to that report, TrapDoor sought wallet data, API keys, cloud credentials, and SSH access tied to services and ecosystems including Coinbase, Binance, MetaMask, Brave, Solana, Sui, and Aptos. Researchers also found hidden prompts designed to manipulate Claude and Cursor into running fake security scans that exposed secrets and transmitted them to the attackers.
Crypto World
France Orders ISPs to Geoblock Polymarket Over Gambling Rules
France’s gambling regulator has ordered internet service providers to block access to Polymarket, escalating a wave of restrictions aimed at prediction platforms operating outside local authorizations.
In a Friday press release, the Autorité nationale des jeux (ANJ) said prediction websites fall under illegal gambling rules if they are not authorized, adding that advertising or promoting such sites is a criminal offense punishable by fines of up to 100,000 euros.
Key takeaways
- France’s ANJ has ordered ISPs to block Polymarket, citing lack of authorization and illegal gambling promotion risks.
- The regulator argues Polymarket’s features resemble regulated gambling, but without “protective mechanisms” found in the legal market.
- ANJ also raised concerns about possible outcome manipulation, including allegations involving weather-related contracts.
- Polymarket has already been geoblocked in multiple regions, according to its own documentation.
- Regulatory scrutiny is not limited to Europe: similar legal disputes have played out in the US between state actors and federal authorities.
France moves to block Polymarket
The ANJ’s order targets access to Polymarket through internet service providers, framing the platform as an unauthorized gambling offering. According to the regulator, Polymarket’s operations are not authorized in France, and the advertising of gambling sites without permission constitutes a criminal offense.
The decision comes as prediction markets continue to gain mainstream attention. Polymarket, in particular, has grown rapidly over the last two years, with trading volume reaching billions of dollars, even as regulators worldwide question whether its event contracts are gambling products, unlicensed offerings, or something closer to financial instruments.
France’s action also reinforces a broader pattern of country-by-country enforcement. Polymarket access has been blocked in places including Singapore, Poland, Portugal, Hungary, Ukraine, Brazil, and Indonesia, while at press time Polymarket said it was geoblocked in 36 regions, based on its published API documentation.
ANJ cites “addictive” mechanics and missing safeguards
Beyond the authorization question, the ANJ’s reasoning focuses on how prediction products are experienced by users. The regulator said Polymarket offers “addictive features” that are comparable to those of legally regulated gambling, but it claims those features are “amplified by the absence of the protective mechanisms found in the legal gambling market.”
This distinction matters for investors and users because it goes to how regulators classify the product. When a platform resembles regulated gambling mechanics but lacks corresponding protections—such as consumer safeguards and oversight—authorities are more likely to pursue takedowns, advertising restrictions, and access blocking, even if the platform markets itself as a different kind of market.
Outcome manipulation concerns and investigation status
The ANJ also pointed to the risk of outcome manipulation in certain event contracts. It cited alleged rigging, including a specific example: bets tied to weather outcomes where the regulator said weather sensors may have been hacked.
“Some of the bets offered on this platform appeared to be rigged: for example, bets on the weather revealed that weather sensors may have been hacked.”
In addition, the cybercrime unit of the Paris Public Prosecutor’s Office opened an investigation in May 2026 and, according to the article’s account of the regulator’s findings, identified a lack of identity verification safeguards such as Know Your Customer checks.
For participants, this kind of enforcement pressure highlights a key operational fault line: regulators are not only focused on contract structure, but also on platform controls—especially around participant verification and the reliability of the information used to settle outcomes.
France builds on earlier warnings, while US regulators escalate
This is not France’s first move. Earlier coverage noted that the ANJ shared plans in November 2024 to block Polymarket after the platform allegedly failed to comply with national gambling laws, and the Friday decision follows through with the required ISP-level blocking.
The French action arrives amid an ongoing legal fight over prediction markets in the United States. On June 17, Kentucky sued five prediction market platforms, including Kalshi and Polymarket, alleging they were operating unlicensed sports betting platforms—according to the earlier reporting cited in the article. Additional states have followed suit. Separately, the Commodity Futures Trading Commission (CFTC) has sued New Mexico, arguing that state-level interference encroached on the federal regulator’s exclusive authority over federally regulated event contracts, as reflected in the referenced CFTC dispute.
Taken together, the US and France developments underscore a persistent regulatory tension: prediction markets sit at the intersection of gambling law, securities and commodities frameworks, and consumer protection rules. Even when platforms frame themselves as market infrastructure for forecasting rather than wagering, regulators appear willing to treat them as gambling-like products when participation mechanics and consumer risk resemble traditional betting.
As France implements the ISP blocking order, the next question for readers and market participants is how Polymarket and other affected platforms will adjust compliance, identity verification, and settlement-risk controls—and whether the broader trend shifts from geoblocking to more formal legal resolutions in major jurisdictions.
-
NewsBeat2 days agoLondon Mayor Sadiq Khan handed a peerage by Keir Starmer alongside 15 other Labour figures… just days before the PM leaves No10
-
Fashion21 hours agoWeekend Open Thread – Corporette.com
-
Politics5 hours agoThe House | The City of London can help the new chancellor deliver growth in every postcode
-
Crypto World3 days agoCFTC blocks Kalshi from unwinding Michigan trades after court order
-
Politics3 days agoYoung campaigners urge incoming PM to act on outdoor junk food ads
-
Business3 days agoNvidia Stock Slips After Big Tuesday Rally as Huang Confirms Vera Rubin Chip Is Now in Production Today
-
Crypto World5 hours agoRipple Payments Joins MiCA With 14 Firms, Does It Mean Anything For XRP?
-
Entertainment3 days agoDisney’s Most Ambitious Failed Star Wars Attraction Is Coming to SDCC
-
Crypto World17 hours agoRipple wins EU-wide access as ESMA adds it to MiCA register
-
Tech4 days agoGet Your ESP32 Sunny Side Up With This Solar Dev Board
-
News Videos4 days agoXRP BOMBSHELL… XRP OMBOARDED FOR TRANSACTIONS!!!
-
Crypto World2 days agoInjective Submits SEC Transfer-Agent Registration to Onchain Ownership Records
-
Business2 days agoPalantir Shares Rise After Expanded Nvidia Partnership and Fresh Analyst Upgrades Ahead of Earnings Day
-
NewsBeat1 day agoRegistration is now open for March for Men with Kev 2026
-
Tech4 days agoDark Secrets Emerge When Jailbreaking LLMs
-
Sports3 days agoNew Cornerback Enters Vikings Trade Rumor Mill
-
News Videos1 day agoMoney | Class 12 Economics | CBSE Board Exam 2026-27
-
Business2 days agoBanco Bilbao Vizcaya Argentaria, S.A. (BBVA) Discusses Global Macro Environment and Economic Outlook for Core Markets Transcript
-
Tech5 days agoCloudflare Precursor Watches Your Mouse and Keyboard To Decide If You Are Human
-
NewsBeat10 hours agoDurham County Council to send out electoral registration emails

(@injective)
You must be logged in to post a comment Login