hodler

22 May 2026, 19:54

F2Pool Chief Commands SpaceX Mars Mission as ARMA Locks US BTC for 20 Years

Bitcoin News Chun Wang, the Chinese-born Maltese-Kittitian co-founder of mining giant F2Pool, has been tapped as Mission Commander for SpaceX's first crewed interplanetary voyage to Mars. Wang's po...

22 May 2026, 19:47

F2Pool founder who controls 11% of bitcoin's hashrate to lead first SpaceX mission to Mars

Chun Wang, the first Mission Commander for SpaceX’s first commercial spaceflight to Mars, is crucial for the future transport of millions of tons of cargo and a million citizens to the Red Planet.

22 May 2026, 18:21

Verus Bridge Exploiter Returns $8.5M, Keeps $2.8M as Bounty Reward

The exploiter who drained the Verus-Ethereum bridge of over $11 million has returned $8.5 million to the project’s team, while keeping $2.8 million as a white-hat bounty. This comes barely a day after the Verus community and its developers offered the reward in exchange for the hacker meeting a set of terms. Hacker Accepts $2.8 Million Bounty The incident took place on May 17, with the hacker taking advantage of a missing validation step on one of its cross-chain bridge contracts, which allowed them to drain approximately 103.6 tBTC, 1,625 ETH, and 147,000 USDC. Following the hack, the project’s team decided to stop its block-producing nodes to prevent further transfers and issued an emergency patch. Verus later said on social media that it was offering the Ethereum bridge exploiter a 1,350 ETH bounty in exchange for returning 4,052 ETH within 24 hours, adding that it would stop any investigations and not pursue charges if the conditions were met. “If you return a total of 4052.4 ETH to the address 0xF9AB…C1A74 within 24 hours specified above, we will understand that as your agreement to these terms, and we will uphold our stated agreement to cease further investigation of you,” wrote the team. Blockchain security firm PeckShieldAlerts has since reported that the hacker transferred 4,052 ETH back to the team’s address, recovering 75% of the stolen funds while retaining a 25% bounty of 1.350 ETH. However, Verus has yet to issue a formal acknowledgment of the recovery on their platforms as stipulated in their initial statement. Developer Flags Possible AI Use in Hack The update comes as the crypto sector is dealing with a rise in the number of bridge exploits, with the Verus incident being the eighth of this kind this year. According to PeckShield, attackers have made off with a total of $328.6 million from several cross-chain protocols like THORchain, ZetaChain, KelpDAO, HyperBridge, CrossCurve, Squid Router, and IoTeX.io as of Mid-May. But the Verus case is notable because the complexity of the exploit suggests hackers are using AI to help execute it. The protocol’s lead developer, Mike Toutonghi, explained in an article how the technology might have helped them understand the system’s rules closely enough to design transactions that bypassed checks and tricked the Ethereum contract into accepting the malicious cross-chain transfer. Elsewhere, Vitalik Buterin shared insights on how AI can still be used to strengthen security instead of breaking it. Responding to community concerns about the technology creating non-stop exploitation opportunities, the Ethereum co-founder countered by saying that AI-assisted formal verification could be used as a strong defense against security failures in the crypto industry. The post Verus Bridge Exploiter Returns $8.5M, Keeps $2.8M as Bounty Reward appeared first on CryptoPotato .

22 May 2026, 12:58

Verus recovers 4,052 ETH after $11.5 million bridge hack

🚨 4,052 ETH has been recovered in $ETH after the Verus bridge hack. The attacker returned the funds following a 1,350 ETH reward deal. Continue Reading: Verus recovers 4,052 ETH after $11.5 million bridge hack The post Verus recovers 4,052 ETH after $11.5 million bridge hack appeared first on COINTURK NEWS .

22 May 2026, 11:06

Quantum Computing and Crypto: Is Blockchain Security Ready for the Next Threat?

Quantum computing is moving from theory to prototypes, rekindling a hard question for crypto: will tomorrow’s machines break today’s blockchains? The short answer is nuanced. Some core tools that secure wallets and consensus could be vulnerable to future quantum attacks. Others—especially hash-based primitives that defend proof-of-work and Merkle trees—look comparatively robust. If you hold assets, build wallets, or run infrastructure, you don’t need panic—you need a plan. The timelines are uncertain, but migration takes years. The teams that inventory their cryptography, add algorithm agility, and sketch a post-quantum (PQ) roadmap will be positioned to adapt without rushing under pressure. This article separates signal from noise: what quantum threatens, what likely survives, the readiness of major networks, and concrete steps to reduce risk now—without hype or fatalism. PointDetailsPrimary quantum riskShor’s algorithm could break widely used public-key signatures (ECDSA, Ed25519, Schnorr, BLS). That’s a long-term but high-impact risk.What likely holds upHash-based primitives (SHA-256, Keccak-256), Merkle trees, and STARK-style proofs remain comparatively resilient; Grover’s algorithm offers only a quadratic speedup.Network exposure variesBitcoin addresses that hide public keys until spend reduce exposure; Taproot and many L1/L2 accounts that directly reveal public keys are more exposed in a post-Shor world.Standards progressNIST has selected PQC algorithms (Kyber; Dilithium, Falcon, SPHINCS+) and circulated draft FIPS in 2024; real-world deployment still takes years.Practical mitigationAdd crypto agility (hybrid signatures, account abstraction), avoid address reuse, plan UTXO sweeps, and monitor vendor roadmaps for PQ support.Investor takeawayNo immediate collapse is likely, but preparation now reduces future migration costs and key-exposure risks. The Quantum Threat Model for Blockchains Quantum computers exploit superposition and entanglement to accelerate specific computations. Two algorithms matter for cryptography: Shor’s algorithm threatens discrete logarithm and factoring problems—the foundation for ECDSA, Ed25519, Schnorr, RSA, and BLS signatures. Grover’s algorithm gives a quadratic speedup for brute-forcing symmetric keys and hashes. That halves the “effective” bits of security (e.g., 256-bit hash to roughly 128-bit search effort), which is still considered strong in practice with parameter adjustments. For blockchains, signatures protect funds and consensus identities. If a sufficiently powerful, fault-tolerant quantum computer becomes available (“Q‑day”), an attacker who sees a public key could compute the corresponding private key and forge signatures. Important nuance: the “harvest now, decrypt later” risk that plagues encrypted data is less direct for signatures. Attackers cannot decrypt your private key from an address hash they see on-chain. They can, however, archive exposed public keys today and attempt key recovery later if those funds remain unmoved when quantum machines arrive. Pro tip: Limiting public key exposure and avoiding address reuse are low-cost steps that improve your posture against future signature forgery. What Breaks Under Shor vs. Grover Different blockchain components depend on different primitives. Here’s a high-level map of potential impact. ComponentMain PrimitiveQuantum ImpactCommentWallet signatures (BTC ECDSA, ETH ECDSA/Schnorr, Ed25519, BLS)Discrete log on elliptic curvesVulnerable to ShorAttacker could derive private keys from exposed public keys and forge spends.Consensus keys (e.g., BLS for validator aggregation)BLS over pairing-friendly curvesVulnerable to ShorWould require protocol-level migration; aggregation benefits complicate alternatives.PoW hashing (SHA-256) and Merkle treesHash functionsResists; Grover reduces marginParameter increases or double hashing mitigate; no known catastrophic break.zk-SNARKs on pairings (Groth16/Plonk variants)Elliptic curves + pairingsVulnerable to ShorUnderlying group assumptions break; PQ alternatives include STARKs.zk-STARKsHash-based with FRI protocolsRelatively resilientSecurity rests on hash assumptions; adjust parameters for Grover.Address hashing (BTC P2PKH, ETH addresses)Hash + encodingResists; Grover reduces marginAddresses that hide public keys buy time until spend/signature exposure. On the defense side, several PQ signature families show promise: Lattice-based (e.g., CRYSTALS-Dilithium, Falcon) offer performance close to today’s systems, with larger keys/signatures. Hash-based (e.g., SPHINCS+) avoid number-theoretic assumptions, but signatures are larger and verification is heavier. Code-based and multivariate schemes exist, but most blockchain discussions center on lattice and hash-based options due to tooling and standardization momentum. The U.S. National Institute of Standards and Technology (NIST) has selected CRYSTALS-Kyber (key encapsulation) and three digital signatures—CRYSTALS-Dilithium, Falcon, and SPHINCS+—for standardization, with draft Federal Information Processing Standards circulating in 2024. See the program page for status updates at NIST PQC . State of Major Networks: Bitcoin, Ethereum, Solana and Beyond Bitcoin Most Bitcoin outputs (P2PKH/P2WPKH) commit to a hash of the public key. Your public key is only revealed when you spend, limiting pre-spend exposure. However, Taproot (P2TR) places an x-only public key directly in the output, which could be attractive to a quantum-capable attacker if such machines existed. In practice, no cryptographically relevant, fault-tolerant quantum computer exists today that can execute Shor at required scales—but the design detail matters for future planning. The Bitcoin Script system is flexible enough to add new opcodes or tapscript paths for PQ signatures, and to support hybrid conditions (e.g., spendable with ECDSA now or with a PQ signature later). That said, consensus changes are conservative and take time. There is no widely adopted BIP that enshrines a standard PQ signature yet; discussions remain active in research forums. Ethereum Externally Owned Accounts sign transactions with ECDSA; the public key can be recovered from transaction signatures, so any used account effectively exposes its public key. Ethereum’s beacon chain uses BLS signatures for validator aggregation, which are also based on discrete logarithms. The good news: Ethereum’s programmability enables crypto agility. Account abstraction (e.g., ERC-4337-style smart contract wallets) allows alternative verification logic, so chains and wallets can adopt PQ or hybrid signatures without an immediate hard fork. Replacing BLS at the consensus layer is a larger research and engineering task because aggregation and performance are integral to validator operations. Solana and other high-throughput L1s Solana addresses are Ed25519 public keys, which would be directly vulnerable to a sufficiently powerful quantum adversary. Migrating to PQ signatures at Solana’s throughput and latency targets raises engineering questions about signature sizes and verification costs, but the runtime allows for new verification programs and staged migrations. Across the Cosmos, Polkadot, and other ecosystems, most default signature schemes are Schnorr/EdDSA variants over elliptic curves and share similar exposure to Shor’s algorithm. The specific migration levers depend on governance and upgrade mechanisms of each chain. Layer 2 and proofs Rollups that use zk-SNARKs on pairing-friendly curves inherit discrete log assumptions and would need PQ alternatives in the long run. STARK-based systems rest primarily on hash assumptions and are comparatively better positioned with parameter tuning. Nonetheless, L2 accounts and bridges often rely on ECDSA/EdDSA at the edges, so full-stack planning is needed. Regulatory posture signals urgency without alarm: U.S. guidance such as NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) outlines a phased PQ migration for government systems into the 2030s, emphasizing early inventory and crypto agility. See the NSA notice for context at NSA CNSA 2.0 . Migration Playbooks: From Crypto-Agile Wallets to L1 Upgrades Hybrid signatures and algorithm agility Wallet-level hybrids: Require both a classical signature (ECDSA/Schnorr) and a PQ signature to spend, or allow either path under policy. This enables gradual rollout while preserving compatibility. Scriptable commits: For UTXO chains, commit to a PQ public key’s hash today (cheap) and reveal PQ verification only when needed. Smart contract wallets: In account-based chains, customizable validation logic can accept PQ signatures as soon as precompiles or libraries exist. L1 consensus and protocol changes New address types or opcodes: Introduce PQ-verify operations and new address encodings. Expect extensive review because signature sizes and verify costs affect fees and block limits. Consensus key migration: For chains using BLS, research targets include PQ signatures with aggregation or alternative consensus designs that reduce signature load. Bridges and cross-chain: Many bridges rely on threshold signatures or multisig over elliptic curves. Plans should evaluate PQ-ready quorum schemes or hybrid attestations. Key management, hardware, and custody Inventory your cryptography: Map where ECDSA/EdDSA/BLS are used across wallets, custodial flows, validator tooling, and off-chain services. Hardware wallet roadmaps: Ask vendors about implementing Dilithium/Falcon/SPHINCS+ and how firmware upgrades will be authenticated as the trust anchor transitions to PQ. Rotation and sweeping: Prepare to rotate keys and sweep funds from addresses that expose public keys (including Taproot and any reused accounts) to PQ or hybrid outputs before any credible Q‑day. Cost, Performance, and UX Trade-offs of Post-Quantum Signatures Post-quantum signatures are larger and often heavier to verify than today’s ECDSA/Ed25519 or BLS. That reality affects chain limits, fees, and user experience. Footprint: Typical PQ signature sizes range from roughly a few hundred bytes up to tens of kilobytes depending on the scheme and security level. Public keys can also be larger. Larger payloads increase bandwidth and storage needs. Verification cost: Lattice-based verification is generally fast but still costlier than Ed25519 per signature. Hash-based signatures (e.g., SPHINCS+) can be slower and bigger, trading performance for conservative assumptions. Aggregation: BLS’s compact aggregation is a major win in current consensus designs. PQ aggregation is an active research area; today’s PQ schemes don’t yet match BLS’s combination of compactness and speed. Stateless and one-time signatures: Some hash-based options (e.g., XMSS/WOTS variants) require careful state handling or produce large signatures. They may suit niche uses (e.g., infrequent rotations) rather than high-throughput wallets. Given these trade-offs, many teams pursue hybrid strategies: add PQ validation where the cost is acceptable (e.g., treasury moves, validator keys) while keeping classical paths for mass retail usage until better PQ tooling matures. A Practical Checklist for Teams and Treasuries For protocol and wallet developers Map dependencies: List every place signatures are used—wallets, consensus, bridges, admin keys, CI/CD signing, binary updates. Minimize public key exposure: Avoid address reuse; prefer address types that don’t reveal public keys until spend where possible. Add crypto agility: Design interfaces so signature algorithms can be swapped without rewriting apps. Consider hybrid verification in scripts or smart contracts. Run PQ pilots: Experiment with Dilithium/Falcon/SPHINCS+ in devnets. Measure size, verification cost, and UX impact. Engage standards early: Track NIST PQC, IETF CFRG drafts, and ecosystem proposals. Align encodings and parameter choices with emerging norms to avoid costly rewrites later. See IETF CFRG . Have a sweep plan: Create playbooks to move funds from exposed public keys to PQ/hybrid outputs on short notice. Test fees, batching, and operational throughput. Vendor diligence: Ask HSM, hardware wallet, and custody providers for PQ timelines, firmware auth plans, and migration tooling. For institutions and treasuries Assess key exposure today: Identify assets held at addresses that reveal public keys (e.g., Taproot, Solana accounts, used Ethereum EOAs) and prioritize rotation sequencing. Choose crypto-agile custody: Require contracts that include PQ roadmaps and service-level objectives for migration readiness. Diversify controls: Prefer multisig or smart contract wallets that can add PQ paths, rate limits, and time locks to slow down potential key-forgery attacks. Incident drills: Simulate a sudden step-change in estimated quantum risk. Can you rotate thousands of keys in days? Who signs off? What’s the communications plan? Monitor policy signals: NSA CNSA 2.0 and NIST guidance won’t dictate blockchain timelines, but they provide credible migration pacing for critical systems. Risk reminder: The dominant threats today are still classical—phishing, malware, key mismanagement, smart-contract bugs, and bridge exploits. Preparing for quantum should not distract from basic operational security. Myths, Edge Cases, and Open Questions “Quantum will kill Bitcoin overnight.” Not likely. Even if a credible quantum threat emerges, networks can soft-fork in PQ options and coordinate sweeping to safer outputs. The harder challenge is logistics at scale, not a lack of cryptographic candidates. “Proof-of-Work collapses under quantum.” Grover’s algorithm offers only a quadratic speedup for hashing. Practical quantum hardware capable of challenging global hash rates appears far off, and parameter tweaks (e.g., difficulty, hash output length) help maintain margins. “Address hashes make me safe forever.” Address hashing helps until you spend and reveal a signature or public key. If funds sit behind a public key (e.g., Taproot, many account-based chains), exposure is immediate in a post-Shor world. “We can just switch to PQ in a week.” Real migrations touch wallets, nodes, fee markets, hardware, and user education. Expect multi-year, staged rollouts—hence the value of crypto agility now. zk-proof ecosystems. SNARKs built on elliptic curves face the same Shor risk as signatures, while STARKs lean on hash assumptions and look more robust. Either way, account keys and bridges may still rely on classical signatures until upgraded. Aggregation gap. Today’s PQ signatures don’t replicate BLS’s elegant aggregation properties. Research into PQ-friendly aggregation or alternative consensus accounting remains ongoing. For authoritative guidance and status updates on standardization, track NIST’s PQC project at csrc.nist.gov and draft FIPS for Kyber, Dilithium, and SPHINCS+ (circulating in 2024). Ethereum developer resources on account design are collected at ethereum.org , and Bitcoin’s transaction formats are documented at bitcoin.org . If you’d like ongoing coverage of the post-quantum journey across chains, Crypto Daily follows standards, protocol roadmaps, and vendor announcements—visit Crypto Daily for the latest analysis. Frequently Asked Questions How soon could quantum computers threaten blockchain signatures? No one can give a precise date. Public assessments suggest fault-tolerant, cryptographically relevant machines are not imminent, but standards bodies encourage early migration planning because swapping foundational cryptography takes years. Treat this as a long-tail, high-impact risk: plan now, execute in phases. Are my Bitcoin holdings safe if I never reused addresses? Using address types that hide your public key until spend reduces exposure. However, funds behind outputs that directly reveal a public key (e.g., Taproot) would be at risk in a post-Shor world. Regardless, developing a plan to sweep into PQ or hybrid outputs before any credible quantum threat is prudent. Does Ethereum expose my public key? For EOAs, a transaction’s signature allows recovery of the public key, so any used account effectively exposes it. Account abstraction and smart contract wallets can help by supporting alternate or hybrid verification paths over time. Will Grover’s algorithm break SHA-256 mining? No. Grover offers a quadratic speedup, not an exponential break. While it narrows security margins, parameter adjustments and the immense practical challenges of building such hardware make a near-term disruption to PoW unlikely. Which post-quantum signatures look most practical for blockchains? Lattice-based schemes such as Dilithium and Falcon are front-runners due to performance, with SPHINCS+ valued for conservative assumptions. Exact choices depend on chain limits, desired signature sizes, verification costs, and whether aggregation is needed. What should teams do first to prepare? Inventory where signatures are used, minimize public key exposure, build crypto agility into wallets and contracts, and test PQ schemes on devnets. Coordinate with custody and hardware providers on their migration roadmaps. Is this financial advice? No. This article is educational. Crypto assets are volatile and involve security, technical, and regulatory risks. Always do independent research and consider professional guidance for treasury decisions. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

22 May 2026, 10:15

Polymarket Confirms User Funds Safe After Exploit, Core Infrastructure Unaffected

BitcoinWorld Polymarket Confirms User Funds Safe After Exploit, Core Infrastructure Unaffected Polymarket, the leading decentralized prediction market platform, has moved to reassure users following a security incident involving its UMA CTF adapter contract. In an official statement, the platform confirmed that user funds and market settlements remain secure, with the exploit limited to a specific operational wallet. Details of the Incident Polymarket protocol developer Shantikiran Chanal addressed the situation on X, stating that the company is aware of a security incident related to reward payments. The ongoing investigation indicates that a private key for an internal operations wallet was exposed, but the platform’s core smart contracts and infrastructure were not compromised. This distinction is crucial, as it means the underlying mechanics of the prediction markets themselves were not attacked. Scale of the Exploit While Polymarket works to contain the breach, on-chain data from Santiment reveals the exploit’s impact. The attacker has been systematically draining 5,000 POL tokens approximately every 30 seconds. At current market rates, the total amount stolen has reached an estimated $520,000. The exploit specifically targeted the UMA CTF (Capture The Flag) adapter contract, which is used for reward distribution in certain platform activities. What This Means for Users For the average Polymarket user, the primary takeaway is that their positions and funds are safe. The platform has emphasized that market settlements are proceeding normally and that no user assets were directly accessed. However, the incident highlights the ongoing risks associated with operational security in the decentralized finance (DeFi) space, where even isolated private key compromises can lead to significant financial losses. Broader Implications for Prediction Markets This event serves as a reminder of the layered security challenges faced by crypto platforms. While smart contract vulnerabilities often dominate headlines, this exploit underscores the importance of securing internal operational wallets and private key management. For Polymarket, which has seen a surge in user activity and trading volume ahead of major political events, maintaining user trust is paramount. The platform’s swift and transparent communication regarding the incident is a positive signal for its commitment to security. Conclusion The Polymarket exploit, while concerning, appears to be contained to a specific, non-critical part of the platform’s operations. User funds remain secure, and the core infrastructure continues to function. The incident, however, has resulted in the loss of over half a million dollars in POL tokens and serves as a critical case study in the importance of comprehensive security protocols that extend beyond smart contract audits. FAQs Q1: Were my funds on Polymarket affected by the exploit? A1: No. Polymarket has confirmed that user funds and market settlements were not affected. The exploit was limited to a specific internal operations wallet used for reward payments. Q2: What was the cause of the exploit? A2: The investigation indicates that a private key for an internal operations wallet was exposed. The platform’s core smart contracts and infrastructure were not attacked. Q3: How much was stolen in the Polymarket exploit? A3: On-chain data from Santiment shows that the attacker has stolen approximately $520,000 worth of POL tokens, draining 5,000 POL every 30 seconds. This post Polymarket Confirms User Funds Safe After Exploit, Core Infrastructure Unaffected first appeared on BitcoinWorld .