News
16 May 2026, 09:25
Thorchain Opens $10M Compensation Portal for Hack Victims Across Four Blockchains

BitcoinWorld Thorchain Opens $10M Compensation Portal for Hack Victims Across Four Blockchains The Thorchain Foundation has officially launched a compensation portal for victims of a recent exploit that drained approximately $10 million from the decentralized cross-chain liquidity protocol. The foundation has allocated an equivalent compensation pool to reimburse affected users, with applications now open for eligible wallets. Eligibility and Application Process According to a report from Cointelegraph, the compensation pool covers 12,847 wallets across four blockchain networks: Bitcoin, BNB Chain, Ethereum, and Base. Victims holding funds in these wallets at the time of the exploit are eligible to apply directly through the portal. The foundation has urged users to verify their eligibility before submitting claims to ensure a smooth process. Timeline and Unclaimed Funds Applications will be accepted until June 4. After this deadline, any remaining funds in the compensation pool will be transferred to the protocol’s insurance fund, which is designed to cover future security incidents and strengthen the platform’s resilience. This mechanism ensures that unclaimed resources are not wasted but repurposed for broader ecosystem protection. Why This Matters for DeFi Users The incident underscores persistent security vulnerabilities in decentralized finance protocols, where smart contract exploits and bridge attacks remain a significant risk. Thorchain’s decision to establish a dedicated compensation pool is a notable step toward rebuilding user trust, but it also raises questions about the long-term sustainability of relying on discretionary reimbursement rather than automated insurance mechanisms. For affected users, the window to file claims is limited, making prompt action essential. Conclusion Thorchain’s compensation portal represents a concrete effort to address the financial losses from the recent hack, covering thousands of wallets across major blockchains. The June 4 deadline adds urgency for victims, while the transfer of unclaimed funds to the insurance fund signals a commitment to future security. This case highlights the ongoing challenges DeFi protocols face in balancing innovation with robust user protection. FAQs Q1: How do I know if my wallet is eligible for compensation? Eligible wallets are those that held funds in the affected Thorchain pools at the time of the exploit across Bitcoin, BNB Chain, Ethereum, or Base. The foundation has provided a verification tool on the compensation portal for users to check their eligibility. Q2: What happens if I miss the June 4 deadline? Any unclaimed funds after the deadline will be transferred to Thorchain’s insurance fund, which is used to cover future security incidents. Late applications will not be accepted. Q3: Is this compensation guaranteed for all affected users? The foundation has allocated a pool equal to the estimated losses, but individual reimbursement amounts depend on the specific holdings and verification of claims. Users are advised to apply promptly and provide accurate information to ensure processing. This post Thorchain Opens $10M Compensation Portal for Hack Victims Across Four Blockchains first appeared on BitcoinWorld .
16 May 2026, 07:25
rsETH Net Outflows Signal Recovering Investor Confidence in Kelp DAO After Hack

BitcoinWorld rsETH Net Outflows Signal Recovering Investor Confidence in Kelp DAO After Hack Investor confidence in Kelp DAO appears to be on the mend, as on-chain data reveals a notable shift in rsETH token flows. According to Santiment, exchanges recorded a net outflow of 435 rsETH on May 15, a reversal from the day of the protocol’s hack roughly a month earlier, when a net 563 rsETH flowed into exchanges. This change suggests that holders are moving tokens off trading platforms, often interpreted as a sign of reduced selling pressure and renewed trust in the project. Context of the Recovery The turnaround comes after Kelp DAO, a liquid restaking protocol, suffered a security breach approximately one month ago. In the immediate aftermath, a net inflow of 563 rsETH into exchanges indicated that many investors were preparing to sell or hedge against further downside. However, the recent net outflow of 435 rsETH points to a behavioral shift among holders, who now appear more willing to store their tokens in personal wallets or participate in the protocol’s staking activities. Santiment attributed this change directly to Kelp DAO’s full resumption of rsETH withdrawals, bridging, and protocol operations. The restoration of normal functionality appears to have alleviated immediate liquidity concerns and restored a degree of operational normalcy, which is critical for restoring user trust in decentralized finance (DeFi) platforms. Implications for the DeFi Ecosystem The recovery of investor confidence in Kelp DAO is not an isolated event but reflects broader dynamics within the DeFi sector. Hacks and exploits often trigger panic selling and a loss of trust, but protocols that respond quickly—by pausing operations, communicating transparently, and fully restoring services—can often regain user confidence over time. Kelp DAO’s ability to reverse the net flow of rsETH within a month is a positive signal, though the full impact on its total value locked (TVL) and long-term user retention remains to be seen. What This Means for rsETH Holders For current and potential rsETH holders, the net outflow suggests that the immediate panic phase has passed. However, investors should remain vigilant. The DeFi space continues to face security challenges, and the resumption of operations does not eliminate underlying risks. The data from Santiment provides a useful sentiment indicator, but it is not a guarantee of future stability. Users are advised to conduct their own research and consider the protocol’s security upgrades before making decisions. Conclusion The net outflow of 435 rsETH from exchanges on May 15 marks a meaningful reversal from the panic-driven inflows seen after Kelp DAO’s hack. This shift, driven by the full restoration of protocol functions, indicates that investor confidence is slowly recovering. While the DeFi sector remains volatile, this development offers a measured, data-driven view of how trust can be rebuilt after a security incident. FAQs Q1: What is rsETH? rsETH is a liquid restaking token issued by Kelp DAO. It represents a claim on restaked ETH and can be used across various DeFi protocols while earning rewards. Q2: Why are net outflows from exchanges considered a positive sign? Net outflows suggest that investors are moving tokens off exchanges into personal wallets or staking contracts, which often indicates reduced selling pressure and a longer-term holding strategy. Q3: Is Kelp DAO safe to use now after the hack? Kelp DAO has resumed all operations, including withdrawals and bridging. However, as with any DeFi protocol, users should assess the platform’s security measures and updates before engaging. No protocol is entirely risk-free. This post rsETH Net Outflows Signal Recovering Investor Confidence in Kelp DAO After Hack first appeared on BitcoinWorld .
16 May 2026, 05:50
Binance Online draws 680,000 viewers in the global crypto future debate

Binance brought together leaders from BlackRock, Ripple, the Solana Foundation, and other major crypto and finance companies for the Binance Online event on 13 May, 2026, held at Binance Square. The live programming streamed for more than four hours, attracting over 680,000 livestream viewers. The livestream the live on Binance Square garnered nearly 65,000 chat replies throughout the event. The high turnout demonstrated a growing need for more in-depth discussions about the factors shaping the digital asset industry’s next stage. Binance leaders target a 3 billion users goal Yi He and Richard Teng, co-CEOs of Binance, launched Binance Online by discussing the company’s long-term goal of scaling cryptocurrency adoption from 300 million users to 3 billion. According to Yi He, Binance’s goals go much beyond running a cryptocurrency exchange. In line with the company’s goal of expanding its role in the global financial system, she noted that reaching 3 billion users would imply becoming “the financial infrastructure for the world.” “If you want to be the best company in the world, you should think big, you should think crazy. And when you set a really big goal, your whole team will think about how to achieve a bigger goal. Three billion — that means not just an exchange.” -Yi He, Co-CEO of Binance. Richard Teng emphasized the potential of cryptocurrency to expand access to financial services, given that 1.4 billion people worldwide are still shut out of traditional financial systems. According to Teng, Binance is motivated by the idea that digital assets can help close this gap and encourage greater financial freedom in frontier and emerging regions. The conversation shaped Binance’s growth strategy around practical utility rather than focusing solely on trading. The company is attempting to facilitate payments, savings, and other financial services accessible via blockchain technology by presenting itself as an infrastructure provider. The event’s initial topic gave way to a broader discussion of how capital, infrastructure, and innovation are rapidly converging within the digital asset ecosystem. In a panel titled “The Evolution Era,” Richard Teng joined Lily Liu and Brad Garlinghouse to discuss stablecoin growth, tokenized real-world assets, and the increasing overlap between traditional financial and cryptocurrency markets. The conversation also emphasized the importance of legislative clarity in influencing wider institutional adoption. The discussion then shifted to how emerging technologies and changing investment trends are influencing the upcoming innovation cycle. Participants in the panel “Where Smart Money Is Moving Now,” which included Anthony Pompliano, Changpeng Zhao, the founder of Binance, and Chamath Palihapitiya, discussed how artificial intelligence, cryptocurrency, and physical infrastructure are converging. The panel also highlighted opportunities in computing, energy, robotics, digital payments, and tokenized assets as major factors influencing future market expansion. BlackRock and Binance explore the future of tokenization Following the broader discussions on capital flows and emerging technologies, BlackRock Chief Operating Officer Rob Goldstein and Binance SVP of Finance Kaiser Ng led a concentrated session on tokenization and the future of capital markets. Goldstein noted that the amount of wealth held in digital wallets is expected to increase, highlighting their growing importance in the global financial system. He emphasized that placing capital-market exposures on the blockchain as tokenized assets could serve as a bridge between traditional finance and digital assets to meet the growing demand from customers seeking cryptocurrency exposure within traditional portfolios. Goldstein further highlighted Binance’s significant contribution to this development, stating that the exchange provides a “better, faster, cheaper” value proposition. He positioned Binance as a crucial link between conventional financial systems and blockchain-based marketplaces, arguing that the success of tokenization depends not only on technological advancements but also on effective implementation and transparent communication.
16 May 2026, 05:50
Crypto Crime Fighters Recover 11% of Illicit Funds in 2025, Outpacing Traditional Finance 55-Fold

BitcoinWorld Crypto Crime Fighters Recover 11% of Illicit Funds in 2025, Outpacing Traditional Finance 55-Fold In a striking demonstration of blockchain technology’s transparency, authorities and exchanges recovered or froze approximately 11% of all illicit funds circulating in the global crypto-asset market during 2025. This recovery rate is roughly 55 times more efficient than that achieved in traditional financial systems, according to a new report from Binance Research. Blockchain’s Built-in Audit Trail The report attributes the dramatically higher recovery rate to the fundamental architecture of public distributed ledgers. Unlike fiat currency transactions, which can be obscured through shell companies, offshore accounts, and complex correspondent banking networks, every cryptocurrency transaction is permanently recorded on a publicly verifiable blockchain. This immutable record creates a permanent, traceable audit trail that investigators can follow in real time. Blockchain analytics firms have developed sophisticated tools to cluster addresses, identify exchange deposits, and flag suspicious activity patterns, making it significantly harder for criminals to launder proceeds undetected. Comparing Recovery Rates: Crypto vs. Traditional Finance The 11% recovery rate in crypto stands in stark contrast to the estimated 0.2% of illicit funds recovered in traditional finance, as cited by various international law enforcement agencies. This disparity highlights a fundamental advantage of digital asset ecosystems for anti-money laundering (AML) efforts. Binance Research noted that while the total value of illicit crypto transactions remains a concern, the ability to trace and recover funds is improving rapidly. The firm emphasized that collaboration between exchanges, blockchain analytics providers, and law enforcement has been a key driver of this success. Implications for the Crypto Industry For legitimate users and investors, this data point is a double-edged sword. On one hand, it demonstrates that the crypto ecosystem is not a lawless haven for financial crime, countering a common criticism. On the other, it underscores that privacy-focused technologies and decentralized finance (DeFi) protocols may face increased scrutiny as regulators push for even greater transparency. The report also suggests that the high recovery rate could serve as a deterrent to would-be criminals, knowing that blockchain-based crimes have a significantly higher chance of being traced and reversed compared to traditional financial crimes. Conclusion The 11% recovery rate for illicit crypto funds in 2025, as reported by Binance Research, provides a data-driven counter-narrative to the perception that cryptocurrency is a preferred tool for money laundering. The inherent transparency of blockchain technology, combined with advancing forensic tools and industry collaboration, is creating a more accountable financial environment. As the regulatory landscape evolves, this traceability will likely become a cornerstone of crypto’s legitimacy in the global financial system. FAQs Q1: How is the 11% recovery rate calculated? The rate is calculated by comparing the total value of illicit crypto funds identified in 2025 (from hacks, scams, and ransomware) against the value that was subsequently frozen, seized, or returned to victims, as tracked by Binance Research and blockchain analytics firms. Q2: Why is crypto recovery so much higher than traditional finance? Because all crypto transactions are recorded on a public, immutable ledger, investigators can trace the movement of funds with precision. In traditional finance, money can be moved through multiple jurisdictions and opaque banking systems, making tracing far more difficult and slow. Q3: Does this mean crypto is safer than traditional banking? Not necessarily for everyday users. The high recovery rate applies to funds that have been identified as illicit by investigators. For individual users, security still depends on personal practices like using strong passwords, hardware wallets, and avoiding scams. However, the data suggests the system-level ability to combat crime is stronger in crypto than often perceived. This post Crypto Crime Fighters Recover 11% of Illicit Funds in 2025, Outpacing Traditional Finance 55-Fold first appeared on BitcoinWorld .
16 May 2026, 02:55
Bhutan’s Sovereign Wealth Fund Dismisses Claims of Bitcoin Sell-Off

BitcoinWorld Bhutan’s Sovereign Wealth Fund Dismisses Claims of Bitcoin Sell-Off Druk Holding and Investments (DHI), the sovereign wealth fund of Bhutan, has publicly refuted recent speculation that it has been actively selling its Bitcoin holdings. In a direct statement to CoinDesk, DHI CEO Ujjwal Deep Dahal stated he could not recall the last time the fund had sold any Bitcoin, directly challenging a report from blockchain analytics firm Arkham Intelligence. Arkham Data Sparks Market Speculation The controversy began when Arkham Intelligence flagged on-chain movements suggesting that the Bhutanese government had moved or sold over $200 million worth of Bitcoin since the start of the year. Arkham further projected that, based on the observed transaction pace, the government could fully liquidate its entire Bitcoin position by October. These claims triggered widespread discussion within the cryptocurrency community about the motivations and financial strategy of the Himalayan kingdom. DHI’s Official Position and Strategy CEO Dahal’s denial provides a crucial counterpoint to the on-chain data. He emphasized that DHI has not been an active seller of its digital assets, leaving the question of whether the observed transactions represent internal transfers, custodial adjustments, or other non-sales activity. Bhutan, a nation known for its unique Gross National Happiness index, has been a relatively early and quiet adopter of Bitcoin mining, leveraging its abundant hydropower resources. DHI manages a portfolio that includes both traditional assets and a significant cryptocurrency allocation, a strategy that is uncommon among sovereign wealth funds. Why This Matters for the Crypto Market The distinction between a government selling its Bitcoin and merely moving it between wallets is significant. Large-scale, real government sell-offs can exert downward pressure on Bitcoin’s price and signal a lack of institutional confidence. DHI’s denial helps to stabilize market sentiment by removing a potential narrative of sovereign selling pressure. For investors and analysts, this event highlights the ongoing challenge of interpreting on-chain data, where wallet movements do not always equate to market sales. Conclusion While Arkham’s data indicated a clear pattern of large Bitcoin transfers from wallets associated with Bhutan, DHI’s leadership has categorically denied that these movements represent sales. The situation underscores the opacity of government-held cryptocurrency holdings and the difficulty of accurately gauging market supply from public blockchain data alone. The market will now watch for any further clarification from DHI or additional on-chain evidence that could resolve the discrepancy. FAQs Q1: Did Bhutan sell its Bitcoin or not? According to DHI CEO Ujjwal Deep Dahal, the fund has not been selling its Bitcoin. However, blockchain data from Arkham Intelligence shows significant BTC movements from wallets linked to the Bhutanese government. The discrepancy may be due to internal transfers or custodial changes, which are not sales. Q2: Why is this story important for Bitcoin investors? If a sovereign wealth fund were to sell a large position, it could indicate a loss of confidence in Bitcoin as a long-term asset and potentially drive prices down. DHI’s denial removes a key piece of negative sentiment from the market, suggesting the supply overhang feared by some traders may not materialize. Q3: How much Bitcoin does Bhutan own? The exact size of Bhutan’s Bitcoin holdings is not publicly disclosed. Arkham’s analysis suggested the government held a substantial position, but DHI has not confirmed the total amount. Estimates from on-chain data prior to the recent movements placed the value in the hundreds of millions of dollars. This post Bhutan’s Sovereign Wealth Fund Dismisses Claims of Bitcoin Sell-Off first appeared on BitcoinWorld .
16 May 2026, 00:52
Node-ipc supply chain attack targets crypto devs

Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer credentials, private keys, exchange API secrets, the works, straight out of .env files. node-ipc is a popular Node.js package that lets different programs talk to each other on the same machine, or sometimes across a network. SlowMist catches the breach Blockchain security firm, SlowMist, spotted the breach through their MistEye threat intel system. Versions 9.1.6, 9.2.3, and 12.0.1 MistEye found three malicious versions including: Version 9.1.6. Version 9.2.3. Version 12.0.1. All of the above verions carried the same obfuscated 80 KB payload. Node-ipc handles inter-process communication in Node.js. It basically helps Node.js programs send messages back and forth. Over 822,000 people download it each week. Node-ipc is used all over the crypto space. It’s used in the tools developers use to build dApps , in the systems that automatically test and deploy code (CI/CD), and in everyday developer tools. Each infected version had the same hidden malicious code bolted onto it. The moment any program loaded node-ipc, the code ran automatically. Screenshot from MistyEye showing malicious node-ipc packages. Source: SlowMist via X. Researchers at StepSecurity figured out how the attack happened. The original developer of node-ipc had an email address tied to the domain atlantis-software[.]net. However, the domain expired on January 10, 2025. On May 7, 2026, the attacker bought the same domain through Namecheap, which gave them control of the developer’s old email. From there, they just hit “forgot password” on npm, reset it, and walked right in with full permission to publish new versions of node-ipc. The real developer had no clue any of this was happening. The malicious versions stayed live for about two hours before removal. The stealer looks for 90+ credential types The embedded payload hunts for over 90 types of developer and cloud credentials. AWS tokens, Google Cloud and Azure secrets, SSH keys, Kubernetes configs, GitHub CLI tokens, all on the list. For crypto devs , the malware specifically raids .env files. Those usually hold private keys, RPC node credentials, and exchange API secrets. To sneak the stolen data out, the payload uses DNS tunneling. It basically hides the files inside normal-looking internet lookup requests. Most network security tools don’t catch that. Security teams are saying any project that ran npm install or had auto-updated dependencies during that two hour window should assume compromise. Immediate steps, per guidance from SlowMist: Check lock files for node-ipc versions 9.1.6, 9.2.3, or 12.0.1. Roll back to the last version you know is safe. Change every credential that might have leaked. Supply chain attacks on npm have become a regular thing in 2026. Crypto projects get hit harder than most because stolen logins can be turned into stolen money fast. If you're reading this, you’re already ahead. Stay there with our newsletter .










































