hodler

20 May 2026, 23:30

Crypto Bank Charter Battle Grows as OCC Clears Coinbase, Ripple, Bitgo and Others

National trust charters pushed crypto custody into a broader regulatory clash as U.S. Senator Elizabeth Warren pressed the OCC over approvals tied to Coinbase, Ripple, Bitgo, and other firms. Bitgo CEO Mike Belshe countered that fiduciary custody separates client property from lending risks. OCC Charter Fight Puts Digital Asset Custody Under Scrutiny The crypto bank

20 May 2026, 23:07

XRP deposit wave on Bybit ends as sales pressure drops

🚨 XRP deposits on Bybit plunged to near zero in May. The halt of $XRP inflows eased selling pressure built up in April. Continue Reading: XRP deposit wave on Bybit ends as sales pressure drops The post XRP deposit wave on Bybit ends as sales pressure drops appeared first on COINTURK NEWS .

20 May 2026, 22:53

Key Bitcoin price metric used by bulls falls to six-week low, but there’s a silver lining

Profit-taking by Bitcoin traders pushed the Coinbase BTC premium to a six-week low, but demand from longer-term traders put a clear support under the range lows.

20 May 2026, 21:21

GitHub Internal Repos Breached; Binance’s CZ Urges Urgent Key Rotation

Earlier today, hackers gained access to GitHub’s internal repositories by exploiting an employee’s computer with the use of a tainted VS Code extension. Following the incident, reports emerged that a threat actor using the alias TeamPCP was now allegedly selling what they claim is roughly 4,000 of GitHub’s private repositories on a cybercriminal forum, with a minimum asking price of $50,000. What GitHub Says Happened GitHub confirmed the breach through several tweets posted on its X account, where it detailed what it knew thus far. As per the hosting platform, the attacker gained access to its internal repository via a malicious extension of VS Code loaded onto one of the devices of its employees. GitHub claims that once it realized there was an attack, it promptly deleted the malicious software from the infected machine. Critically, it pointed out that there is currently no evidence that customer data held outside its internal systems, meaning individual users’ enterprises, organizations, or repositories, was accessed. The hosting service also confirmed it moved quickly to rotate credentials, moving the highest-impact secrets first. It will also be examining logs to see whether there has been any additional activity, and it will be providing more details on the matter after the investigation concludes. Meanwhile, French researcher Sébastien Latombe flagged a listing on a criminal message board by a threat actor calling themselves “TeamPCP,” claiming to be the one behind the hack, containing mentions of repositories related to GitHub Actions, GitHub Enterprise, GitHub Copilot, Azure, CodeQL, billing, and authentication services. Allegedly, they are not looking to ransom GitHub but want a single buyer for the stolen data, with the minimum asking price being $50,000. However, it must be noted that there has been no official confirmation of the content in the forum listing from GitHub or Microsoft, and any claims made in such cybercriminal sites may be taken with a pinch of salt, as any data they provide in such cases may be out of date or overblown to inflate its perceived value. Security Concerns Spread Through Crypto The reaction online to the breach was swift, with Binance co-founder Changpeng Zhao (CZ) posting a direct message to crypto developers: “If you have API keys in your code, even private repos, now is the time to double check and change them.” The replies painted a familiar picture of an industry-wide problem. Topaz DEX founder Aaron Shames called it “bad practice to have API keys in any repo, private or not,” though he acknowledged the heads-up. Others pointed out that for builders managing hundreds of keys across projects, this is not a simple fix. “This entire practice of key storage needs an update,” wrote digital artist Tuteth_. Security commentator Dhanush Nehru went further: “No one knows what all permissions each VS Code extension owns. The cybersecurity threat landscape is scary.” The timing of this incident also contributed to pre-existing worries about crypto security following multiple high-profile hacks this month, which included an attack on Echo Protocol, where hackers managed to mint $76.7 million worth of eBTC. That particular incident came just days after two other multimillion-dollar attacks were carried out on THORChain and the Verus-Ethereum Bridge. This spate of events has led to renewed debates on the issues of code verification and software supply chain vulnerabilities, where Vitalik Buterin asserts that with the help of AI, formal verification can make software safer by mathematically proving its behavior. The post GitHub Internal Repos Breached; Binance’s CZ Urges Urgent Key Rotation appeared first on CryptoPotato .

20 May 2026, 20:35

Bitfinex Bitcoin longs peak at 80,636 BTC as price slides

20 May 2026, 19:45

Drift Protocol triggers frustrated response with Insurance Fund withdrawal update

Drift Protocol has announced that its Insurance Fund depositors will be able to pull their stakes once the protocol restarts. However, the update drew a frustrated response from a user base that seems to have grown visibly impatient with the pace of Drift’s recovery process. The update, which was shared on X on Wednesday, May 20, comes seven weeks after a $280 million exploit forced the Solana-based exchange offline. Since the April 1 attack, which is linked to a DPRK-affiliated threat actor, Drift’s community has pushed back at the platform’s recovery milestones. A governance proposal to convert remaining borrow/lend assets into stablecoins resulted in accusations of unfairness. Redemption terms that penalize early withdrawers have also drawn criticism. And now, an update confirming what depositors already knew was their right is not being seen as reassurance but more of a reminder of how far recovery still has to go. What is Drift’s Insurance Fund for? Drift’s Insurance Fund was put in place as the protocol’s first line of defense when leveraged positions go bankrupt. Users staked USDC, SOL, BTC, or ETH into asset-specific pools and earned a share of trading and liquidation fees in exchange for absorbing bad debt when liquidations fall short. The latest update by Drift confirms this feature and its use case, stating that the fund “exists to maintain protocol solvency in the event of bankruptcies.” However, since the protocol has been paused since April 1, Insurance Fund stakers have been locked out of their capital with no yield accruing. Now, users who fall under this category can look forward to receiving their funds when the protocol goes live again. Why is Drift’s recovery plan drawing criticism? Drift published its recovery framework on May 5, laying out a token-based compensation system. The protocol stated that “Every wallet impacted by the April 1 exploit will be issued a recovery token that represents their verified loss and proportional claim on the recovery pool.” According to Drift, each recovery token is equivalent to $1. It also mentioned in the same thread that it has created a recovery pool, which will be seeded with roughly $3.8M, which is the protocol’s remaining assets converted to USDT . It stated that redemption opens after the recovery pool crosses $5 million, and it currently plans to grow that pool through three capital streams, which are quarterly exchange revenue, the $127.5 million commitment made by Tether to support the relaunch, and up to $20 million from strategic partners. Users who redeem early are going to forfeit their remaining claim and will receive a pro-rata share of whatever the pool holds at that point. The next day, on May 6, Drift made a post on X to clarify its position, stating, “Users are able to redeem at any time after redemption opens; however, early redemption occurs at a discount to the full claim value as users receive a pro-rata share of the current pool.” It added that “Holders who wait may benefit from a higher recovery price as the pool continues to grow.” However, the update did not receive a warm reception from its community, with one user on the Drift governance forum calling the DAO vote on reallocating Insurance Fund assets “effectively an attempt at money laundering” and warning that “anything other than a full return of funds would constitute wire fraud.” Others questioned why governance was voting on converting remaining spot assets to stablecoins before Drift or Tether had disclosed specific contribution amounts to the recovery pool. Another commenter pointed out that the proposal “favors simplicity over distributional fairness,” pointing out that some users had spot-only exposure to assets that were never actually drained. The DeFi United comparison compounds the frustration Cryptopolitan has previously reported on the rsETH bridge recovery coordinated through DeFi United following the April 18 LayerZero exploit. That process moved from exploit to operational restart in 26 days, with Aave transferring the first 25,000 rsETH tranche back into the bridge adapter on May 13. The contributions and ecosystem supports ensured that the affected platforms did not have to negotiate with the attacker. A federal court order cleared the way for recovered ETH to move, and contracts began unpausing for withdrawals within 24 hours. For Drift’s users, it is hard to hide frustrations, especially after observing how the Aave and KelpDAO incident was handled, especially for an incident that occurred a few weeks after the Drift exploit. What will happen to Drift users? Drift has said it aims to relaunch in Q2 2026 as a leaner, perpetual-focused exchange. Key governance votes on the recovery pool methodology and Insurance Fund treatment are still pending. The protocol’s TVL sits at roughly $243 million, according to DefiLlama , down from over $550 million before the exploit. The DRIFT token trades near its all-time low at $0.028. Drift’s fortunes are now tied to its relaunch timeline and how well its revenue-based recovery can credibly close a $280 million gap, as it will go a long way in determining if what it left of its community sticks around. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .