hodler

13 May 2026, 06:05

Ethereum Foundation and Major Wallets Launch “Clear Signing” Standard to End Blind Transaction Approvals

The last few years have shown that the biggest vulnerability in crypto wallets today is blind signing. This is the practice of approving raw hex strings without knowing what they actually do. However, on Tuesday, the Ethereum Foundation officially announced that this standard is going to be phased out and replaced with clear signing alongside some of the leading wallets and hardware infrastructure that actually run Ethereum for most users. This includes names like Ledger, Trezor, MetaMask, WalletConnect, Fireblocks and Cyfrin. In practice, this means users will be able to see a plain, human readable summary of what a signature authorizes. 0/ Clear signing is now live. An open standard to end blind signing, making human-readable transactions default. This effort brings a major UX and Security upgrade to transaction signing on Ethereum. pic.twitter.com/nIGRCBQh6G — Ethereum Foundation (@ethereumfndn) May 12, 2026 The reason this is happening is simple and it comes down to the recent high profile hacks that have taken place over the past two years. The $1.5 billion Bybit hack, which remains the largest hack in crypto till date, happened in part because signers approved a transaction they could not actually read. Similarly, in July 2024, the WazirX hack that saw around $235 million stolen from the Indian crypto exchange’s multi-sig wallet played out in pretty much the same way. According to the Ethereum Foundation, blind signing has been a structural flaw in the ecosystem for years and has fed into billions of dollars in cumulative losses across hacks, phishing scams and approval exploits. What Clear Signing Actually Does Authorizations and signatures currently have a specific flaw. Users interacting with smart contracts are able to view accurate data but this is usually a string of low-level data that is pretty much unreadable to anyone without a developer or technical background. Clear signing basically flips that script. Wallets that support the new standard will pull up a descriptor file that converts a contract’s function into readable text while providing a summary of it to the user before signing anything. The technical foundation comes from two existing improvement proposals. ERC-7730, which Ledger first proposed back in 2024, defines an open format for describing transactions in human-readable JSON. ERC-8176 then adds an attestation layer on top, allowing independent auditors to cryptographically vouch that a descriptor matches what the contract is actually going to do. The descriptors themselves live off-chain in a neutral registry at clearsigning.org, which means existing contracts can adopt the standard without needing any redeployment. A Coalition That Touches Where Users Actually Live This is not a single-wallet rollout. The contributor list reads like every piece of infrastructure that touches Ethereum users today, with Ledger and Trezor on hardware, MetaMask and WalletConnect on software, Fireblocks on the institutional custody side, Cyfrin on audits and Sourcify and Argot supporting tooling. Ledger originally built clear signing as an internal security feature back in 2021, formalized it as ERC-7730 in 2024, and earlier this year handed over governance to the Foundation specifically to make the standard credibly neutral and not tied to any one company. Why The Timing Lines Up With Institutional Money The timing here is also not really a coincidence. The Foundation’s Trillion Dollar Security Initiative, which is now stewarding the Clear Signing registry, was set up specifically to prepare Ethereum for the kind of institutional-scale value that is now sitting directly on-chain. Fireblocks being part of the rollout matters in particular, as it is the custody provider that most traditional finance firms actually use when they start touching crypto rails. Blind signing was always a tolerable level of risk for retail users moving small amounts. For an asset manager moving real size, however, it is essentially a non-starter, as you cannot really put a compliance signoff behind a transaction that your operations team isn’t able to read in the first place. Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free .

13 May 2026, 04:40

British Pound Holds Above 1.3500 but Remains Vulnerable Near Two-Week Low

BitcoinWorld British Pound Holds Above 1.3500 but Remains Vulnerable Near Two-Week Low The British pound is trading near a two-week low against the US dollar, with the GBP/USD pair holding just above the 1.3500 psychological level. The currency remains under pressure as markets weigh diverging monetary policy expectations between the Bank of England and the Federal Reserve. Key Drivers Behind the Pound’s Weakness The pound’s recent decline is primarily driven by a strengthening US dollar, which has rallied on the back of robust US economic data and hawkish signals from the Federal Reserve. Markets are now pricing in a slower pace of rate cuts from the Fed compared to earlier expectations, providing a tailwind for the greenback. On the UK side, the Bank of England has maintained a cautious tone, with recent economic indicators showing mixed signals. While inflation remains above the BoE’s 2% target, growth data has been sluggish, complicating the central bank’s policy path. This uncertainty has left the pound exposed to further downside if US economic outperformance continues. Technical Outlook for GBP/USD From a technical perspective, the 1.3500 level is acting as a key support zone. A decisive break below this level could open the door for a move toward the 1.3400 region, which represents a major support area from earlier this year. On the upside, resistance is seen near 1.3600, followed by the 1.3650 level. Traders are closely watching upcoming UK GDP data and US non-farm payrolls for the next directional catalyst. Any downside surprise in US jobs data could trigger a relief rally for the pound, while strong UK growth figures might provide a temporary boost. Market Implications for Traders For forex traders, the current environment demands caution. The pound’s vulnerability suggests that short-term bounces may be selling opportunities unless there is a clear shift in the fundamental backdrop. The 1.3500 level is critical; a daily close below this level would signal a bearish breakout, potentially accelerating selling pressure. Longer-term, the pound’s trajectory will depend on whether the BoE can maintain a hawkish stance relative to the Fed. If UK inflation proves sticky, the BoE may be forced to keep rates higher for longer, which could support the pound. However, if the US economy continues to outperform, the dollar is likely to remain dominant. Conclusion The British pound remains under pressure near a two-week low, with the 1.3500 level serving as a critical near-term support. The currency’s fate hinges on upcoming economic data and central bank guidance. While a bounce from current levels is possible, the broader trend favors the US dollar unless UK fundamentals improve significantly. FAQs Q1: Why is the British pound falling against the US dollar? The pound is under pressure due to a stronger US dollar, driven by robust US economic data and hawkish Federal Reserve signals. Additionally, mixed UK economic data and uncertainty about the Bank of England’s policy path have weighed on sterling. Q2: What is the key support level for GBP/USD? The 1.3500 level is the immediate support. A break below this could lead to a move toward 1.3400. On the upside, resistance is at 1.3600 and 1.3650. Q3: What should traders watch for next? Traders should monitor upcoming UK GDP data and US non-farm payrolls. Any surprise in either data set could provide the next significant move for the pair. Central bank commentary from the BoE and Fed will also be crucial. This post British Pound Holds Above 1.3500 but Remains Vulnerable Near Two-Week Low first appeared on BitcoinWorld .

13 May 2026, 04:38

Aave and Kelp burn 117,000 rsETH on Arbitrum after $292 million exploit

🚨 Aave and Kelp burned 117,000 attacker rsETH tokens worth $292 million in $ETH recovery on Arbitrum. The hack exploited the LayerZero bridge in April and enabled the creation of fake rsETH collateral. Continue Reading: Aave and Kelp burn 117,000 rsETH on Arbitrum after $292 million exploit The post Aave and Kelp burn 117,000 rsETH on Arbitrum after $292 million exploit appeared first on COINTURK NEWS .

13 May 2026, 03:30

Aave and Kelp burn exploiter’s rsETH on Arbitrum as recovery plan moves forward

Aave and Kelp burned the exploiter’s rsETH holdings on Arbitrum on May 12, Aave said in an X post, confirming the first phase of the technical recovery plan has been completed. The first set of steps in the rsETH technical recovery plan are complete, including burning the exploiter's rsETH on Arbitrum. Progressively refilling the LayerZero OFT adapter and reopening rsETH operations will follow over the coming days. https://t.co/p1tiIzp5Nr — Aave (@aave) May 12, 2026 The action removes the last remaining unbacked rsETH from circulation following the April 18 LayerZero bridge exploit that drained $292 million from the protocol. The attack involved 116,500 unbacked rsETH minted through a vulnerability in Kelp’s LayerZero-powered bridge between Unichain and Ethereum, according to an incident report posted on Aave’s governance forum . The route relied on a 1-of-1 verifier configuration, meaning a single verifier approval was sufficient to validate cross-chain transfers. The attacker forged a message that falsely indicated rsETH had been burned on the source chain, releasing unbacked tokens on Ethereum. Those tokens were then deposited into Aave V3 markets as collateral, allowing the attacker to borrow between $190 million and $236 million in WETH and wstETH. What completes Phase 1 DeFi United, the coalition formed to address the exploit, raised over $327 million in ETH commitments to restore rsETH backing without socializing losses. Contributors include Lido (2,500 stETH), EtherFi (5,000 ETH), LayerZero (10,000 ETH), Ethena, Mantle, Golem (1,000 ETH), and Aave founder Stani Kulechov personally (5,000 ETH). On May 9, U.S. District Judge Margaret Garnett issued an order modifying a prior asset freeze, clearing the Arbitrum Security Council to transfer approximately 30,765 ETH worth roughly $71 million to an Aave LLC-controlled wallet. The ruling removed the last legal hurdle to executing the recovery plan after a May 1 restraining notice tied to unrelated North Korean terrorism judgments had blocked the transfer. As Cryptopolitan reported , Aave’s DAO had previously voted to liquidate the attacker’s frozen ETH funds, with approval from 90% of voting addresses backed by 190 million ARB tokens. Galaxy Digital’s vice president of research, Thaddeus Pinakiewicz, said the overall recovery effort is now approximately 90% complete. What happens over the next two weeks Kelp said 117,132 rsETH will be “progressively refilled from Aave Recovery Guardian and Kelp Recovery Safe into the LayerZero OFT adapter on mainnet” over the next two weeks. Kulechov wrote on X that “the last step is to refill the rsETH bridge lockbox,” adding that withdrawals converting rsETH into ETH would begin within 24 hours to normalize the markets. Aave’s total value locked stabilized above $15 billion after initial outflows of over $10 billion in the days following the exploit. WETH lending utilization sits at 93%, with USDT at 92% and USDC at 91%, signaling the withdrawal pressure has ended. How the response differs from past DeFi exploits The rsETH recovery has followed a different route from earlier major hacks. The Ronin Bridge attack required heavy outside funding and recovered assets to compensate users for losses exceeding $600 million. The Euler Finance exploit ended with the attacker returning most of the stolen funds after negotiations and public pressure. Aave and Kelp took neither path. Instead, the recovery focused on isolating bad collateral, liquidating the attacker’s positions on-chain, removing exploiter-controlled tokens from circulation through the May 12 burn, and rebuilding reserves inside the bridge infrastructure through coalition-funded refills. It is also the first major DeFi exploit recovery to navigate a U.S. federal court intervention and proceed with user funds flowing back through governance-coordinated channels. If you're reading this, you’re already ahead. Stay there with our newsletter .

12 May 2026, 19:10

Logic flaw drains $101K from Huma's old Polygon contracts

An attack on the V1 smart contracts of Huma Finance on Polygon resulted in a loss of $101,400 USDC. The exploit added to what’s already been a difficult time for DeFi protocols on the network. The exploit was reported by web3 security firm Blockaid. The attacker targeted BaseCreditPool deployments related to Huma’s older V1 infrastructure. The total loss was ~$101,400 in USDC and USDC.e coins across various contracts. Huma Finance confirmed the incident on X, saying “No user funds at risk and PST is not impacted.” The team said its V2 system, which runs on Solana, was built from scratch. It shares no code with the compromised contracts. Huma’s V1 flaw was in one function The smart contract flaw was found inside a function named refreshAccount() . Its a function located within the V1 BaseCreditPool contracts. Blockaid security researchers identified the bug. They shared more information on X, saying: “Bug: refreshAccount() unconditionally promotes a Requested credit line to GoodStanding, bypassing the EA approval step and enabling drawdown().” refreshAccount() labelled accounts with ‘good standing’ without actual verification or conditions. The attacker took advantage of this flaw and drained funds from the protocol’s treasury pools The losses were found in three contracts according to Blockaid’s on-chain analysis. One account lost ~82,300 USDC. A second lost ~17,300 USDC.e. And a third account lost ~1,800 USDC.e. According to on-chain data, the entire exploit was completed in one transaction. There was no cryptographic issue. The attacker just changed the contract’s state machine to trick it into treating an unauthorized account as legit. Huma’s team wrote on X, “Earlier today a vulnerability in Huma’s legacy v1 contracts on Polygon was exploited for 101,400 USDC.” They continued, “Huma’s v2 system on Solana is a complete rewrite and this issue does not apply to v2 systems.” Huma said it had already been winding down V1 operations before the exploit occurred. The team said on X, “The teams were already in the process of sunsetting all the legacy v1 pools, and have paused v1 completely now.” After the incident, the team fully paused all remaining V1 contracts. The company said that user deposits on V2 were untouched and that the newer platform continues to operate normally. Victim contracts: https://t.co/eLxi7skhsI (Huma V1 BaseCreditPool – 82,315.57 USDC) https://t.co/EnPLFdvOM8 (Huma V1 BaseCreditPool – 17,290.76 USDC.e) https://t.co/prR0lxoD7L (Huma V1 BaseCreditPool – 1,783.97 USDC.e) Attacker: https://t.co/S0zOa5ClJk Exploit contract:… — Blockaid (@blockaid_) May 11, 2026 Polygon had a bad day According to a recent report from Cryptopolitan , the exploit took place on the same day that Ink Finance lost almost $140,000 from its Workspace Treasury Proxy contract on Polygon. The attacker deployed a contract matching a whitelisted claimer address to bypass eligibility checks. In both incidents, the attackers found logic mistakes in smart contract design. The back-to-back exploits on Polygon come after April 2026, setting the record for the worst month of smart contract losses. If you're reading this, you’re already ahead. Stay there with our newsletter .

12 May 2026, 18:12

Roaring Kitty’s Deleted X Post Triggers 90% Crash in RKC Meme Coin

Roaring Kitty’s deleted post on X triggered a crash in the meme coin RKC, wiping out 90% of its value within hours. Traders who bought into the hype lost hundreds of thousands of dollars, while the coin’s developer reportedly cashed out over $600,000 before it collapsed. RKC Dev Profited Over $600K from Token Keith Gill’s verified X account, popularly known by his 1.6 million followers as Roaring Kitty, ended a 16-month silence on May 11 with a post that sent traders into a frenzy. At around 21:13 GMT, the account shared a Solana Pump.fun contract address for a newly launched meme coin called Red Kitten Crew (RKC), alongside a short cartoon clip. Minutes later, the account shared a second post featuring an image captioned “red bandit crew 4 life,” which was later deleted. The sudden activity started a rush of speculative trading that briefly sent RKC soaring before the deletions triggered panic selling, causing the token to crash 90% and wiping millions from its market cap. Blockchain analytics firm Lookonchain later reported that the meme coin’s developer had already cashed out 6,260 SOL, worth around $611,000, before the posts were removed. According to them, the individual used 20 SOL worth roughly $1,950 across 10 wallets to acquire 395.18 million RKC tokens, representing 39.52% of the total supply, before selling the entire stash for $495,000. Lookonchain also revealed that the developer earned an additional 1,209 SOL, worth approximately $118,000, through creator fees. Roaring Kitty Meme Coin Posts Cause Hack Speculation On-chain analysts are saying that the incident followed a pattern they’ve seen many times in crypto, where influencers create hype, developers cash out, and retail traders are left with losses. Others also questioned the authenticity of the posts, noting Keith Gill has built his online presence around GameStop commentary and has never publicly promoted meme coins before, leading to speculation that the account may have been hacked. There’s been a trend of high-profile X accounts being compromised to promote meme coins, with similar breaches in the past targeting major public figures and companies such as Michael Saylor and Kylian Mbappé. The former’s account was used to push a fake Bitcoin giveaway, while the latter’s promoted a Solana meme coin scam, with both incidents resulting in a spike in trading volumes before a collapse. At the same time, Pump.fun has also been involved in controversy, with researchers claiming that a large percentage of tokens launched on the platform display characteristics commonly associated with scams or wash trading. The Solana-based meme coin maker has also been targeted by two class-action lawsuits in the past, with both accusing it of violating U.S. securities laws by facilitating the launch of unregistered tokens and allegedly collecting up to $500 million in related fees. The post Roaring Kitty’s Deleted X Post Triggers 90% Crash in RKC Meme Coin appeared first on CryptoPotato .