hodler

27 Mar 2026, 17:06

Solana memo feature exploited to run hidden malware

Hackers are moving away from normal servers and using decentralized systems to attack developers and steal their crypto funds. They are are replacing traditional command-and-control (C2) servers entirely with decentralized options. In this attack, the malware abuses the Solana blockchain. It uses the memo field of Solana transactions to run stealth malware that steals crypto wallet data, and even hardware wallet recovery phrases. The memo field was originally designed for simple transaction notes, but attackers are now using it as a hidden communication layer. This turns a public blockchain feature into a covert channel for malware control. Decentralized memos like Solana’s are public and permanent and they cannot be taken down by any single party. In addition, attackers can update instructions without changing malware. The campaign is considered a new version of the GlassWorm malware, which has been active since at least 2022. Solana memos act as a dead drop resolver According to security researchers from Aikido, the attack has three stages or three payloads. The first stage/payload is just an entry point. It begins when a developer installs a malicious package from open source repositories like npm, PyPI, GitHub, or the Open VSX marketplaces. The malware then checks if the system locale is Russian and if so, it does not proceed with the attack. This is because the attackers are likely based in Russia and do not want to get caught by authorities. Once installed, the malware uses the Solana blockchain to fetch the attacker’s command-and-control (C2) server IP address. It looks for a specific transaction on Solana that contains the C2 server’s IP address in the memo field. The malware then connects to the C2 server and starts the second stage of the attack. In this stage, the malware looks for crypto data like seed phrases, private keys, and even screenshots of wallets. It targets browser extension wallets like MetaMask , Phantom, Coinbase, Exodus, Binance, Ronin, Keplr, and more. The malware also looks for browser data like login sessions, session tokens, and cloud access. This means it can access centralized exchange accounts, npm, GitHub, and AWS accounts. After collecting the data, the malware compresses it into a ZIP file, and sends it to the attacker’s server. Source: Aikido Security . Hardware wallets targeted via phishing The last payload splits into two parts. The first part is a .NET binary that looks for hardware wallets like Ledger and Trezor. If it finds one, it shows a fake error message that tricks the user into entering their recovery phrase. The second part is a WebSocket-based JavaScript RAT (remote access trojan) that steals browser data. It also installs a fake Chrome extension that monitors specific sites like exchanges and steals cookies in real time. It’s downloaded through a Google Calendar event as a dead drop resolver. This approach allows the attacker to hide the real server, bypass security filters and it acts as an indirect delivery layer. Unlike the second stage, where the malware only steals browser data, this RAT has live control. It stays active and monitors the browser. It captures new cookies, tracks active sessions like logged-in exchange accounts, logs keystrokes, and takes screenshots. Moreover, it allows the attacker to run commands on the victim’s machine. Its difficult to remove GlassWorm. The malware can re-download itself and it can survive reboots. It also uses fallback methods like DHT (Distributed Hash Table) lookups and Solana memos to find the control server. Since there’s no central server, and the data is shared across many computers, it becomes difficult for defenders to block the attack at the network level. This attack is very dangerous. It highly severe because it combines crypto theft, full system control, and unremovable network. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

27 Mar 2026, 15:43

ECB's March 2026 report puts regulatory microscope on DeFi projects and their tokens

The March 2026 paper by the European Central Bank (ECB) has put the regulatory microscope on DeFi projects, piling on a difficult period when most DeFi projects are facing a different type of headache when it comes to consistently posting revenue levels that justify participation or even maintain infrastructure. The paper by the EU’s central bank specifically named Aave (Ethereum’s leading lending protocol), MakerDAO (the protocol behind the DAI stablecoin), UniSwap (one of the first AMMs and largest DEXs), and Ampleforth as examples of tokens that are difficult to cover with existing regulations such as the Markets in Crypto-assets (MiCA) laws because of the absence of any “centralised intermediaries who are subjcet to regulations and can be held accountable.” ECB targets DAO governance tokens According to the ECB paper, it tracked data and traced on-chain behavior during two periods in November 2022 and May 2023, and found that the distribution of governance tokens aligned with previously published papers that claimed DeFi governance is concentrated among small groups that hold a strong chokehold over their protocols. In the paper: “While the governance tokens are held by a five or six-digit number of unique addresses, the top 100 holders account for over 80 percent of all token holdings for the four protocols.“ One of the protocols mentioned in the ECB paper, Aave, is embroiled in a governance battle over a hotly contested upgrade to V4. As reported by Cryptopolitan , Aave Chan Initiative founder Marc Zeller challenged the legitimacy of the governance process after the “Aave Will Win” funding proposal cleared its first major governance hurdle on March 1 with a slim 52.58% approval. According to Zeller , whose ACI has since announced it would abandon the Aave ecosystem, three clusters, including one delegation from Aave Labs co-founder Stani Kulechov, swayed the outcome. His statements implied that Kulechov exerted undue influence to secure that vote, in line with the ECB’s claims. The paper also pointed out the 3% of Uniswap and 22% of Aave’s DAO tokens were held by CEXs and DEXs as of October 2022, with the caveat that its researchers could not differentiate between exchange-owned wallets and customer holdings. The ECB insists that “full decentralisation is not achieved” and that DeFi exists on a spectrum. All that ambiguity is the crux of why the ECB is waving the white flag on its inability to present a regulatory regime that accounts for the decentralized nature of DeFi protocols. DeFi protocols are not turning profits Despite the headline-grabbing findings from the ECB paper, it used data compiled in 2022 and 2023, and by 2026 the DeFi landscape had changed radically, with OG participants such as Uniswap conceding their early lead to newer entrants like Hyperliquid and Pump.fun. More than five years on from the highs of the DeFi summer of 2021, DeFi protocols are struggling across the board. Total value locked across DeFi is at $93 billion as of writing, down almost $70 billion from October last year, when it retested all-time records of almost $180 billion set in 2021. DeFi TVL is down since late last year when it launched a resurgence to 2021 levels. Source: Defillama The numbers are just as bad in terms of revenue too. Of the $34 million in revenue collected by 1,301 tracked protocols over the last 24 hours, Tether and Circle accounted for more than $23 million. Between Hyperliquid and Pump.fun, they collected another $2 million, which leaves $9 million split among the others. Revenue generated across DeFi in the last 24 hours. Source: Defillama Uniswap contributed $126,944 to the grand total. Uniswap remains in the top spot among DEXs by volume, processing over $1 billion spot volume in the last 24 hours, but Hyperliquid reported almost $6.4 billion over the same period. Aave, the lending category leader mentioned in the ECB report, has almost 4 times the TVL and revenues posted by Morpho, the next largest protocol in its category. Making up the rear, Zora, Blast, Hypertek, NaBet, Hegic, and Kairos Timeboost actually posted negative revenues over the last 30 days, with Kairos down more than $200,000. ECB is behind in DeFi regulation framework The ECB referred to the Danish FSA’s 2024 framework, which advises regulators to assess autonomy, smart contract immutability, human intervention, and embedded control mechanisms in their approach to regulating DeFi DAO tokens. However, there remains a significant gap between regulators’ views of these tokens and how they are presented by their issuing entities, as evidenced by the differences between the DeFi landscape studied by the ECB and the current market. MakerDAO goes by a different name these days, and as for Ampleforth , it is no longer the token it was in 2022/2023. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

27 Mar 2026, 14:55

Bitcoin Network Activity Plummets: Active Addresses Crash Over 30% From 2025 Peak

BitcoinWorld Bitcoin Network Activity Plummets: Active Addresses Crash Over 30% From 2025 Peak March 25, 2025 – A startling decline in Bitcoin’s fundamental network health has emerged, with the number of active BTC addresses plunging by over 30% from its 2025 peak. This significant drop, reported by U.Today and confirmed by on-chain analytics firm CryptoQuant, raises critical questions about current network engagement and future price trajectories for the world’s leading cryptocurrency. Bitcoin Active Addresses Show Sharp Decline Data from CryptoQuant reveals a concerning trend for Bitcoin network activity. As of March 25, 2025, the blockchain recorded only 655,908 active addresses. This figure represents a dramatic 30.1% decrease from the 2025 peak of 938,609 active addresses observed on August 8. Analysts consistently monitor this specific metric because it serves as a direct proxy for user engagement and network utility. Consequently, a sustained drop often precedes or accompanies broader market sentiment shifts. Network analysts define an “active address” as a unique blockchain identifier that participates in a transaction as either a sender or receiver within a 24-hour period. Therefore, this metric filters out dormant wallets and provides a clearer picture of daily economic activity. The current data suggests a substantial cooling-off period following the earlier 2025 highs. Understanding the Core Metric The active address count is more than just a number; it is a vital pulse check for the Bitcoin ecosystem. Historically, strong correlations exist between rising active addresses and increasing Bitcoin prices. Conversely, periods of declining activity frequently coincide with market consolidation or downtrends. This relationship exists because heightened transaction activity typically signals growing adoption, utility, or speculative interest. Several factors can influence this metric independently of price. For instance, increased use of layer-2 solutions like the Lightning Network might move transactions off the main chain, potentially reducing on-chain address counts without indicating lower usage. Additionally, changes in exchange wallet management strategies or the rise of institutional custody solutions can consolidate funds into fewer addresses, skewing the data. Historical Context and Market Cycles Examining past cycles provides essential context for the current 30% drop. During the 2021 bull market peak, active addresses also experienced volatility, but sustained declines often marked local tops or periods of extended correction. The drop from August 2025 to March 2025 represents one of the sharpest contractions in recent years, warranting close attention from both traders and long-term holders. Market experts emphasize that while a single metric never tells the whole story, the active address trend forms a crucial part of the on-chain analysis toolkit. Other metrics, such as exchange net flows, miner reserves, and realized capitalization, must be analyzed in conjunction to form a complete market picture. Potential Implications for Bitcoin’s Price The significant reduction in active addresses carries several potential implications for Bitcoin’s market valuation. First, lower network activity can reduce the fee revenue for miners, potentially impacting network security economics if sustained. Second, it may indicate a reduction in new user onboarding or a decrease in speculative trading frequency among existing users. However, some analysts caution against overly bearish interpretations. Periods of low activity have often preceded major accumulation phases by long-term investors, sometimes called “smart money.” Furthermore, the metric’s decline could simply reflect a healthy market cooldown after the speculative fervor that likely drove the August 2025 peak. Key considerations for investors include: Network Health vs. Speculation: Is the decline due to less utility or less speculation? Macro Environment: How do global interest rates and regulations impact participation? Technological Shift: Is activity moving to layer-2 scaling solutions? Data Lag: On-chain data is definitive but retrospective. Expert Analysis and Future Outlook Leading blockchain analysts stress the importance of trend direction over single data points. A 30% decline from a local peak is notable, but the critical question is whether this marks the start of a prolonged downtrend or a temporary reset. Monitoring the coming weeks for stabilization or further decline will be essential. The broader cryptocurrency market context in Q1 2025 also plays a role. Regulatory developments, institutional adoption news, and macroeconomic factors all influence user willingness to transact on-chain. Therefore, isolating the cause of the address decline requires a multi-faceted analytical approach. The Role of Institutional Players The growing presence of institutional investors and Bitcoin exchange-traded funds (ETFs) adds a new layer of complexity to address analysis. Large custodial holdings can mask underlying retail activity, as millions of dollars in value may move between a handful of addresses. This structural shift in the market means historical comparisons require careful adjustment. Conclusion The over 30% drop in Bitcoin active addresses from the 2025 peak presents a clear signal of changing network dynamics. While this decline in a key on-chain metric suggests cooling user engagement and warrants caution, it must be analyzed within the broader context of technological evolution and market maturation. Investors and observers should watch for confirmation in other data series while considering the complex, evolving structure of the Bitcoin network. The trajectory of active addresses in the coming months will provide crucial evidence about the underlying health of the Bitcoin ecosystem and its potential price direction. FAQs Q1: What does “active Bitcoin address” mean? An active Bitcoin address is a unique wallet identifier that has participated in a transaction, either as a sender or receiver, within a specific time period, typically 24 hours. It is a key metric for gauging daily network usage. Q2: Why is a decline in active addresses significant? A decline can signal reduced network usage, lower speculative trading, or decreased new user adoption. Historically, sustained drops have sometimes correlated with bearish or consolidating market phases, making it a watched indicator for potential price movements. Q3: Could the drop be caused by something other than lower usage? Yes. Increased use of off-chain scaling solutions (like the Lightning Network), consolidation of funds into custodial services or exchange wallets, and changes in user behavior can all reduce the on-chain active address count without necessarily meaning less economic activity. Q4: Where does the data on active addresses come from? The data is sourced from blockchain analysis firms like CryptoQuant, Glassnode, and others. They parse the public Bitcoin blockchain to count unique addresses transacting each day, providing transparent and verifiable metrics. Q5: How should investors interpret this 30% drop? Investors should view it as one important data point among many. It suggests a network cooldown but requires confirmation from other indicators like trading volume, exchange flows, and macroeconomic factors. It is a signal for closer observation, not necessarily an immediate sell signal. This post Bitcoin Network Activity Plummets: Active Addresses Crash Over 30% From 2025 Peak first appeared on BitcoinWorld .

27 Mar 2026, 14:37

Joining the Dots: SWIFT Names SG-FORGE in Blockchain Push as XRP Ledger Ties Emerge

Is SG-FORGE Bridging XRP Ledger and SWIFT’s Blockchain Future? SWIFT has named $1.8 trillion European banking giant Société Générale–FORGE (SG-FORGE) a key architect of its blockchain ledger for cross-border payments, signaling traditional finance’s embrace of distributed ledger technology to modernize global transactions. Interestingly, SG-FORGE is not just participating in SWIFT’s blockchain experiments, it has already gone live with its own regulated euro stablecoin, EURCV, on the XRP Ledger (XRPL). Launched in February 2026, MiCA-compliant EURCV uses Ripple’s custody tech and is set to integrate with Ripple Payments and Liquidity Hub. Real-world adoption is underway, with tokenized bond settlements executed alongside BNP Paribas and Intesa Sanpaolo, moving beyond pilot trials. Market analysts, including Diana, note that SG-FORGE is a key player in SWIFT’s cross-border payment initiative while already operating on the XRPL. Therefore, this highlights a convergence of legacy finance and blockchain innovation. Although Ripple lacks a direct SWIFT partnership, major institutions like Deutsche Bank are leveraging both networks, recently combining Ripple’s technology with SWIFT rails to create faster, more efficient cross-border settlements, showing that the two systems are becoming increasingly complementary rather than competitive. SG-FORGE Bridges Legacy and Blockchain Networks to Redefine Cross-Border Payments SG-FORGE CEO Jean-Marc Stenger pointed out that their SWIFT collaboration leverages prior test transactions to deliver scalable, resilient market infrastructure. By operating a regulated euro stablecoin on XRPL while shaping SWIFT’s blockchain strategy, SG-FORGE demonstrates how top financial institutions are seamlessly bridging legacy systems and emerging payment networks. As SWIFT rolls out its new retail payments framework, the spotlight turns to the bigger question: what’s slowing full-scale blockchain adoption? With SG-FORGE active on both Ripple and SWIFT networks, the blueprint for a hybrid system is emerging, one that could transform cross-border payments. SG-FORGE’s approach underscores a pivotal trend that the future of global finance isn’t about picking blockchain or legacy systems, it’s about bridging them, linking regulated stablecoins, distributed ledgers, and traditional payment rails into a seamless global network. Conclusion SG-FORGE shows how traditional banks can bridge legacy finance and blockchain innovation. By launching a regulated euro stablecoin on the XRP Ledger while helping shape SWIFT’s blockchain infrastructure, the bank proves that the future of cross-border payments isn’t about choosing one system, but integrating them. As leading institutions experiment with hybrid models, faster, more transparent, and globally connected payments are emerging, signaling a new era where blockchain and conventional finance operate seamlessly together.

27 Mar 2026, 14:32

BTC Crashes to $66K, ETH Dips Below $2K as Middle East War Drags On: Weekly Recap

It was another eventful week on the Iran – Israel/US front, with multiple big developments, including some twists and turns, that continue to influence the risk-on crypto market. Recall that bitcoin was stopped at $76,000 last Wednesday after it had gained $13,000 since the initial shock when the first strikes in the Middle East began. It slipped to and below $70,000 in the following days as the US Fed refused to change the interest rates, but managed to maintain that level during the weekend. Then, it dipped to $69,000 on Sunday evening and Monday morning when the impact of the weekend developments reached the legacy financial markets. However, once Trump claimed that the US and Iran have made significant progress in their negotiation talks, BTC exploded by several grand to just under $72,000. Unfortunately, it retraced to $69,000 hours later as Iran denied his statement. Nevertheless, more information emerged that both countries have indeed carried out some sort of talks, and BTC tapped $72,000 on Wednesday. It was rejected once again there, and even though it maintained $69,000 and $70,000 by yesterday, it crumbled below both these levels today, dropping to a three-week low of just over $66,000 as of now. This came as the Royal Government of Bhutan kept transferring BTC, likely to sell, and the US has reportedly begun preparing to send thousands of troops to the hot Middle East region. The reality check compared to last Friday shows that BTC is down by approximately 6%, while some assets, such as ETH, XRP, and SOL, have marked even more painful declines. There are a few exceptions, of course, led by TAO (15%) and WLFI (7.5%). Market Data Cryptocurrency Market Overview Weekly Mar 27. Source: QuantifyCrypto Market Cap: $2.360T | 24H Vol: $112B | BTC Dominance: 56% BTC: $66,400 (-5.4%) | ETH: $1,975 (-7%) | XRP: $1.33 (-7.8%) This Week’s Crypto Headlines You Can’t Miss Fannie Mae Shockwave: Crypto-Backed Mortgages Coming to the US . One of the most significant news developments this week came from the behemoth in US mortgages, Better Home & Finance. A report from WSJ indicated that the company has partnered with Coinbase to allow home buyers to pledge BTC and USDC when getting a mortgage backed by Fannie Mae. NYSE Parent Invests Another $600 Million in Polymarket as Prediction Market Volume Soars . The giant behind the New York Stock Exchange continues with its massive crypto-related investments, this time allocating another $600 million in Polymarket. Its total investment in the crypto-based prediction market has grown to $2 billion. Analyst: Bitcoin Could Bottom at $46K as ‘Electric Cost’ Falls . Bitcoin has not bottomed out yet – this is what a popular analyst, Ted Pillows, asserted this week. By comparing the asset’s estimated “electric cost,” he determined that BTC might fall below $50,000 and down to $45,000 this cycle. Gold Fails Safe Haven Test as Prices Plunge Amid War and Uncertainty . Although BTC has retraced in the past few days, it’s still slightly in the green since the war against Iran began. The same cannot be said about gold, whose price has plunged quite significantly since its all-time high in late January. Post-Hack Pressure Pushes Balancer Labs to Wind Down Operations, Restructure Protocol . The popular DeFi protocol Balancer was hacked a few years back, and even though the entity behind it tried to restructure its operations, it announced earlier this week that it will be scaling down. Saylor’s Strategy Buys Over 1,000 BTC as Unrealized Losses Mount Up . After a few consecutive multi-billion-dollar BTC purchases, Saylor’s Strategy announced a more modest one this week. It spent $76.6 million to acquire an additional 1,031 BTC, and its total stash has grown to over 762,000 units. Charts This week, we have a chart analysis of Ethereum, Ripple, Cardano, Binance Coin, and Hyperliquid – click here for the complete price analysis . The post BTC Crashes to $66K, ETH Dips Below $2K as Middle East War Drags On: Weekly Recap appeared first on CryptoPotato .

27 Mar 2026, 14:32

Bitcoin Researcher Explains Why Block Reorg Was Not Malicious Attack

A blockchain researcher has stepped in to debunk circulating rumors of a malicious "selfish-mining" attack.