hodler

24 Feb 2026, 01:05

Step Finance Shutdown: Devastating $40 Million Hack Forces Complete Solana Ecosystem Closure

BitcoinWorld Step Finance Shutdown: Devastating $40 Million Hack Forces Complete Solana Ecosystem Closure In a stunning blow to the Solana decentralized finance landscape, Step Finance has confirmed its complete and permanent shutdown, a direct consequence of a catastrophic $40 million security breach that has sent shockwaves through the cryptocurrency community. The protocol’s official announcement marks the end for its core aggregation platform, the on-chain derivatives protocol Remora Markets, and the influential media outlet SolanaFloor, highlighting the profound vulnerabilities still present in the rapidly evolving DeFi sector. This closure represents one of the most significant protocol failures on the Solana blockchain to date, raising urgent questions about security, sustainability, and investor protection in high-speed blockchain ecosystems. Step Finance Shutdown: The Anatomy of a Protocol Collapse The decision to cease all business operations did not come lightly. Following the January hacking incident, the Step Finance team embarked on an exhaustive months-long effort to salvage the project. Consequently, they explored multiple avenues for recovery, including emergency fundraising rounds and potential acquisition by larger entities within the crypto space. However, these efforts ultimately proved unsuccessful. The scale of the financial loss, estimated at approximately $40 million in digital assets, created an insurmountable capital deficit. Therefore, the team concluded that continuing operations was no longer viable, leading to the definitive shutdown announcement made via their official X account. This event provides a critical case study in DeFi risk management. Unlike traditional finance, decentralized protocols often operate with minimal legal incorporation and limited recourse for users after a hack. The Step Finance situation underscores the “code is law” paradigm, where exploits in smart contract logic can lead to irreversible losses. Meanwhile, the broader Solana ecosystem, known for its high throughput and low costs, now faces increased scrutiny regarding the security auditing standards of its flagship applications. The Ripple Effect: Remora Markets and SolanaFloor Cease Operations The shutdown extends far beyond the main Step Finance dashboard. Significantly, it encompasses two major subsidiary operations: Remora Markets and SolanaFloor. Remora Markets functioned as a specialized on-chain derivatives protocol built on Solana, allowing users to engage in leveraged trading strategies. Its closure removes a key piece of infrastructure from Solana’s DeFi toolkit, potentially affecting liquidity and trading options for advanced users. Perhaps more impactful for the community is the shuttering of SolanaFloor. This platform served as a primary news and analytics aggregator for the Solana ecosystem, similar to what CryptoPanic or The Block provides for broader crypto. Its loss creates an immediate information gap for traders, developers, and enthusiasts who relied on its curated feeds for real-time updates on Solana network activity, new project launches, and market movements. The void left by SolanaFloor may take considerable time for other media outlets to fill, demonstrating how interconnected and fragile ecosystem support services can be. Expert Analysis: The Inevitable Outcome of a “Black Swan” Hack Industry analysts point to the hack’s magnitude as the primary determinant of this outcome. “A $40 million exploit is a existential event for all but the most heavily capitalized protocols,” explains a veteran blockchain security auditor who has reviewed multiple post-mortems. “The treasury drain is often just the first problem. Subsequently, the collapse in token price and the evaporation of user trust create a negative feedback loop from which recovery is nearly impossible without a massive, immediate external capital injection.” Furthermore, the bear market conditions prevalent in early 2025 complicated rescue efforts. Venture capital interest in distressed crypto assets has waned compared to the bull market of 2021, making fundraising a steep challenge. Acquisition talks likely faltered due to the associated liabilities and the costly integration of compromised codebases. The timeline below illustrates the critical path from the initial incident to the final decision. Timeline: Step Finance from Hack to Shutdown Date Event Impact January 2025 $40 million security exploit occurs. Protocol treasury drained, STEP token price plummets. February 2025 Team announces investigation and begins exploring solutions. User funds locked, operations partially suspended. March-April 2025 Fundraising and acquisition talks take place. No viable rescue plan materializes from external parties. May 2025 Official announcement to cease all operations. Remora Markets and SolanaFloor included in shutdown. Mitigation and Next Steps: The Buyback and Redemption Process In their statement, the Step Finance team outlined a winding-down process focused on user compensation. Acknowledging their responsibility, they have initiated two key processes: STEP Token Buyback: A buyback program for STEP token holders will be based on a snapshot of holdings taken before the January hack. This approach aims to return value to holders who suffered from the token’s collapse through no direct action of their own, though details on valuation and mechanics remain pending. Remora Markets Redemption: A separate redemption process is being established for users with funds or positions directly locked within the Remora Markets protocol. This is a complex undertaking, as it involves reconciling on-chain state from a compromised system. The team promised more concrete details on these processes soon. However, the effectiveness and fairness of these measures will be closely watched by the community. Typically, such post-collapse distributions return only a small fraction of the original value, as they depend on the remaining, non-drained assets within the protocol’s control. Conclusion The Step Finance shutdown delivers a sobering lesson on the real-world risks of decentralized finance. While the promise of permissionless and open financial systems remains powerful, the Step Finance incident underscores that technical failures can have irreversible consequences. The closure of not just a protocol but an entire ecosystem media arm in SolanaFloor shows how deeply interconnected these services are. Ultimately, the planned buyback and redemption processes offer a glimmer of recourse for affected users, but the overall event will likely accelerate calls for improved security standards, insurance mechanisms, and clearer regulatory frameworks within the Solana ecosystem and the broader cryptocurrency industry. The final chapter for Step Finance serves as a stark reminder that in the high-stakes world of DeFi, robust code and resilient economic design are not just features—they are the very foundation of survival. FAQs Q1: What exactly is Step Finance and why does its shutdown matter? Step Finance was a leading “dashboard” or aggregator for the Solana DeFi ecosystem, allowing users to track and manage assets across multiple protocols. Its shutdown matters because it signifies the collapse of a major ecosystem player due to a security failure, affecting user funds, related services like Remora Markets and SolanaFloor, and overall confidence in Solana-based DeFi. Q2: What was the Remora Markets protocol? Remora Markets was an on-chain derivatives protocol built on Solana and operated by the Step Finance team. It enabled advanced financial strategies like leveraged trading. Its closure is part of the wider shutdown, meaning users can no longer access or trade on this platform. Q3: How will the STEP token buyback work? The team has stated the buyback will use a snapshot of holder balances from a point in time before the January 2025 hack. This aims to compensate holders for the token’s devaluation caused by the exploit. Specifics on the buyback price, funding source, and timeline are still to be announced. Q4: What should users of Remora Markets do now? Users with funds or open positions in Remora Markets should await official communication from the Step Finance team regarding the redemption process. They have confirmed a process is being developed. Users should be wary of scams and only follow instructions from the official, now-defunct, Step Finance X account or associated verified channels. Q5: Does this affect the overall Solana blockchain or other Solana DeFi projects? While the Solana blockchain itself continues to operate, the shutdown damages the perception of security within its application layer. Other Solana DeFi projects may face increased scrutiny from users and auditors. However, it does not directly compromise other unrelated protocols, unless they shared similar code vulnerabilities. This post Step Finance Shutdown: Devastating $40 Million Hack Forces Complete Solana Ecosystem Closure first appeared on BitcoinWorld .

23 Feb 2026, 22:25

IoTeX Hack: Urgent $440K Bounty Offer Reveals Critical Cross-Chain Bridge Vulnerability

BitcoinWorld IoTeX Hack: Urgent $440K Bounty Offer Reveals Critical Cross-Chain Bridge Vulnerability In a dramatic move underscoring the persistent vulnerabilities within decentralized finance, the IoTeX blockchain network has publicly offered a 10% bounty, valued at $440,000, to the anonymous hacker responsible for a $4.4 million exploit. The project issued this stark ultimatum on the social platform X, demanding the return of stolen assets within a critical 48-hour window. This incident, centered on the unauthorized minting of 410 million CIOTX tokens via the ioTube cross-chain bridge, immediately sent shockwaves through the crypto security community and raised urgent questions about bridge infrastructure safeguards. Anatomy of the IoTeX Cross-Chain Bridge Exploit The IoTeX security breach represents a sophisticated attack vector targeting cross-chain interoperability. Fundamentally, the hacker discovered and exploited a vulnerability within the ioTube bridge’s smart contract logic. This flaw permitted the unauthorized creation, or minting, of 410 million CIOTX tokens. CIOTX is a cross-chain representation of the native IOTX token, designed to facilitate asset movement between the IoTeX network and other blockchains like Ethereum and Binance Smart Chain. Subsequently, the attacker swiftly converted these illicitly minted tokens into other high-liquidity cryptocurrencies. The primary targets were Bitcoin (BTC) and Ethereum (ETH), which are significantly harder to trace and freeze compared to tokens on their native chain. The total value of the drained assets reached approximately $4.4 million before the exploit was identified and the relevant bridge functions were paused. This sequence highlights a critical two-stage threat: first, the exploitation of minting authority, and second, the rapid obfuscation of funds through cross-chain conversion. Attack Vector: Smart contract vulnerability on the ioTube bridge. Action: Unauthorized minting of 410 million CIOTX. Monetization: Conversion to $4.4M in BTC and ETH. Response: Bridge pause and public bounty offer. The Strategic Calculus Behind the Crypto Bounty Offer IoTeX’s decision to offer a 10% bounty, or “white hat” reward, follows a precedent set by other major DeFi protocols like Poly Network and Cream Finance. This strategy is a pragmatic risk-management calculation rather than an admission of defeat. By offering $440,000 for the return of the remaining $4 million, the project aims to recover a majority of user funds while treating the incident as a costly security audit. The strict 48-hour deadline applies pressure, suggesting the team may be pursuing alternative tracking methods or legal avenues that could become viable after that period. From a cybersecurity perspective, bounty offers serve multiple purposes. Firstly, they create a direct financial incentive for the attacker to cooperate, transforming a purely adversarial relationship into a potentially negotiable one. Secondly, such public offers demonstrate proactive governance to the project’s community and token holders, which can help maintain trust during a crisis. However, experts consistently warn that this approach can also incentivize future attacks if hackers perceive a reliable “profit-sharing” escape route. Expert Insight: Bridge Security as DeFi’s Achilles’ Heel Blockchain security analysts have long identified cross-chain bridges as a primary attack surface. These protocols hold immense value locked in smart contracts to facilitate asset transfers, making them high-value targets. The complexity of verifying transactions and states across two distinct, asynchronous blockchains inherently expands the potential for logical flaws. According to annual reports from major security firms like CertiK and Halborn, bridge exploits accounted for nearly 70% of all major crypto thefts in 2024, with losses exceeding $2 billion. The IoTeX incident fits a familiar pattern where economic incentives for interoperability outpace security validation. Each bridge employs unique trust assumptions—ranging from multi-party signatures to light clients—and a vulnerability in any component can lead to catastrophic failure. This event will likely accelerate ongoing industry efforts toward standardizing bridge security frameworks and implementing more robust, time-locked upgrade mechanisms to prevent instant exploitation. Broader Impact and the Evolving DeFi Security Landscape The immediate aftermath of the hack saw a predictable yet contained market reaction. The IOTX token price experienced volatility but did not collapse, indicating that market participants may have priced in both the exploit and the potential for partial recovery via the bounty. Nevertheless, the event triggers a renewed evaluation of risk for all cross-chain assets. Investors and liquidity providers are now compelled to scrutinize the specific security models and audit histories of the bridges they use, beyond just the underlying blockchain’s security. Furthermore, this incident places regulatory scrutiny squarely on cross-chain activities. Global financial watchdogs, including the U.S. Securities and Exchange Commission and the Financial Action Task Force (FATF), have increasingly focused on how cross-chain transactions complicate anti-money laundering (AML) and capital controls. The hacker’s conversion to BTC and ETH exemplifies the tracing challenges regulators aim to address. Consequently, future bridge designs may need to incorporate more sophisticated on-chain monitoring and compliance tools by default. Recent Major Cross-Chain Bridge Exploits (2023-2025) Protocol Date Approx. Loss Primary Cause Resolution Poly Network 2023 $10M Smart Contract Logic Full bounty return Wormhole 2024 $325M Signature Verification VC-backed replenishment Ronin Bridge 2023 $625M Compromised Validator Keys Government investigation IoTeX (ioTube) 2025 $4.4M Unauthorized Minting 10% Bounty Offered Conclusion The IoTeX hack and the subsequent $440,000 bounty offer illuminate the ongoing tension between innovation and security in the decentralized finance sector. This incident serves as a potent reminder that cross-chain bridge technology, while essential for a multi-chain ecosystem, remains a work in progress with significant associated risks. The outcome of this bounty negotiation will set an important precedent for how DeFi projects manage post-exploit crises. Ultimately, the security of the entire interconnected blockchain landscape depends on learning from each breach, rigorously stress-testing bridge assumptions, and developing more resilient, transparent, and accountable interoperability solutions. FAQs Q1: What exactly was hacked in the IoTeX incident? The exploit targeted the ioTube cross-chain bridge, a protocol that allows assets to move between the IoTeX blockchain and others. A vulnerability allowed the hacker to mint 410 million CIOTX tokens without proper authorization or collateral. Q2: Why would IoTeX offer the hacker a bounty instead of just pursuing them? Offering a bounty is a pragmatic strategy to recover user funds. Tracking and legally prosecuting anonymous blockchain hackers is often slow, difficult, and uncertain. The bounty creates a direct financial incentive for the return of most of the assets, turning a total loss into a partial recovery. Q3: What are CIOTX tokens? CIOTX is a cross-chain wrapped version of the native IOTX token. It is minted when IOTX is locked on the IoTeX chain to represent that value on another chain (like Ethereum), enabling it to be used in DeFi applications there. The hacker minted these tokens illegitimately. Q4: How does this hack affect the average IOTX holder or user? If you were not directly providing liquidity to the ioTube bridge, your personal wallet funds are safe. However, such exploits can cause short-term price volatility for the IOTX token and may temporarily shake confidence in the ecosystem’s infrastructure. Q5: What makes cross-chain bridges so vulnerable to attacks? Bridges are complex smart contracts that must securely lock assets on one chain and mint representations on another. This process involves managing immense value and verifying information across two separate systems, creating a large “attack surface” with potential for logical flaws, code bugs, or governance failures. This post IoTeX Hack: Urgent $440K Bounty Offer Reveals Critical Cross-Chain Bridge Vulnerability first appeared on BitcoinWorld .

23 Feb 2026, 21:31

WLFI Incident: Reassuring News as USD1 Reserves Remain Secure After Social Media Breach

BitcoinWorld WLFI Incident: Reassuring News as USD1 Reserves Remain Secure After Social Media Breach In a crucial clarification for the digital asset community, World Liberty Financial (WLFI) has definitively stated that a recent security incident did not compromise its core protocol or the USD1 stablecoin reserves. The company, addressing concerns directly, confirmed the event stemmed from a compromised social media account belonging to a co-founder. This announcement, made via WLFI’s official channels, provides immediate relief to users and underscores the distinct nature of social engineering attacks versus fundamental protocol vulnerabilities. The integrity of the USD1 reserves remains intact, and all smart contracts continue to operate as designed. WLFI Incident: Dissecting the Social Media Breach World Liberty Financial moved swiftly to control the narrative following unusual activity linked to its ecosystem. The company’s official statement meticulously detailed the incident’s parameters. Importantly, WLFI emphasized that the attack vector was external to its blockchain infrastructure. The breach targeted a co-founder’s personal X (formerly Twitter) account, a platform increasingly used for official communications in the crypto space. Consequently, this event highlights a growing trend of threat actors bypassing complex cryptographic security by exploiting human-centric digital footprints. Furthermore, WLFI’s transparent communication aimed to preempt market speculation and potential panic regarding the safety of user funds. This type of incident, while disruptive, differs fundamentally from a smart contract exploit or a reserve drain. A protocol hack typically involves discovering and exploiting a flaw in the code governing the blockchain or financial application. In contrast, a social media compromise relies on phishing, credential theft, or SIM-swapping to gain control of an account. The distinction is critical for risk assessment. For instance, a protocol hack often requires immediate technical remediation and can lead to irreversible fund loss. Meanwhile, a social media breach, while damaging to reputation and communication, does not directly affect on-chain assets if proper operational security (OpSec) separates social accounts from treasury access. Attack Vector: Compromised X account of a WLFI co-founder. Target: Communication channel, not blockchain infrastructure. Impact: Reputational and communicative, not financial (reserves untouched). Response: Immediate public clarification and account re-securing. Understanding USD1 Reserve Security and Protocol Integrity WLFI’s statement carried a powerful, evidence-backed message: the USD1 reserves are safe. For a stablecoin like USD1, which aims to maintain a 1:1 peg with the US dollar, the sanctity of its backing reserves is paramount. These reserves, often held in a combination of cash, cash equivalents, and short-term government securities, are the bedrock of user trust. WLFI’s assurance implies that the incident did not trigger any unusual minting, burning, or transfer of the USD1 token, and the collateral audit trail remains clean. This stability is a testament to the segregated design often employed by responsible issuers, where social media management and treasury management operate on completely separate security protocols. The company also stressed that no smart contracts were affected. Smart contracts are the self-executing code that powers decentralized applications (dApps) and automated financial protocols on the blockchain. Their security is non-negotiable. A breach here could allow an attacker to manipulate transactions, drain liquidity pools, or mint unauthorized tokens. By confirming contract integrity, WLFI signals that its core technological product—the wallet and protocol infrastructure—passed a real-world stress test. Development roadmaps, therefore, proceed without interruption, as the incident did not reveal flaws requiring architectural overhaul. Expert Analysis: The Evolving Threat Landscape in Crypto Cybersecurity experts consistently note a shift in attacker strategies. “While the industry has made significant strides in securing smart contracts through rigorous auditing and formal verification, the human element remains the most vulnerable attack surface,” observes a veteran blockchain security analyst who prefers anonymity due to their role. “Incidents like the one involving WLFI are not isolated. They represent a strategic pivot by bad actors who find it easier to trick an individual than to crack well-audited code.” This perspective aligns with data from several security firms, which show a rising percentage of crypto-related losses stemming from phishing and social engineering rather than pure technical exploits. The timeline of such events is also instructive. Typically, a rapid public response from the project team, as seen with WLFI, is the first critical step in mitigating damage. It prevents the spread of misinformation (FUD) and stabilizes community sentiment. The next phase involves a forensic investigation into how the social account was compromised, followed by implementing enhanced security measures like hardware security keys for all team members with public profiles. Finally, a post-mortem report, though not always public, helps the wider ecosystem learn and bolster defenses. WLFI’s incident follows this pattern, serving as a case study in crisis management for other projects. Broader Implications for DeFi and User Trust This event carries significant implications for the broader decentralized finance (DeFi) landscape. Firstly, it reinforces the necessity for projects to maintain impeccable operational security beyond their code. Teams must enforce strict policies for personal and corporate social media use, including mandatory two-factor authentication (2FA) and regular security training. Secondly, it tests market resilience. The fact that WLFI’s clarification was largely accepted without causing a de-pegging event for USD1 demonstrates a maturing market that can differentiate between types of risks. For users and investors, the incident is a stark reminder to practice vigilance. It underscores the importance of verifying information directly from multiple official sources—such as the project’s website, official blog, or verified community channels—rather than relying solely on social media posts, even from seemingly legitimate accounts. Trust in a project should be based not only on its technology but also on its transparency and responsiveness during crises. WLFI’s handling of this situation, by providing clear, factual, and timely information, directly contributes to its long-term trustworthiness (E-E-A-T) in a sector where trust is the primary currency. Comparison: Protocol Hack vs. Social Media Compromise Aspect Protocol/Smart Contract Hack Social Media Account Compromise Primary Target Blockchain code, liquidity pools Communication channels, reputation Financial Impact Direct, often severe fund loss Indirect, via market panic or scams Remediation Code patches, fork, reimbursements Account recovery, enhanced OpSec User Action May need to migrate assets Verify info, avoid phishing links Example Bridge exploit draining funds Fake announcement causing sell-off Conclusion The WLFI incident serves as a pivotal reminder of the multifaceted nature of security in the cryptocurrency domain. While the company successfully confirmed that the event was not a protocol hack and that USD1 reserves remain fully secure, the episode highlights the persistent threat of social engineering. The rapid, factual response from WLFI helped contain potential fallout and demonstrated responsible crisis management. Ultimately, this event reinforces the critical need for both projects and users to maintain vigilance across all digital touchpoints, separating the security of underlying technology from the vulnerabilities of human-operated communication platforms. The safety of the USD1 reserves stands as the most reassuring outcome, allowing the project’s development to continue on its scheduled path. FAQs Q1: Was the WLFI protocol or USD1 stablecoin hacked? A1: No. WLFI has confirmed that the incident involved only a co-founder’s compromised social media (X) account. The core protocol, smart contracts, and the reserves backing the USD1 stablecoin were not accessed or affected. Q2: Are my USD1 tokens safe following this incident? A2: According to WLFI’s official statement, the USD1 reserves remain secure and fully backed. The incident was unrelated to the blockchain infrastructure or treasury management, so the tokens themselves and their peg are not impacted. Q3: What is the difference between a social media hack and a protocol hack? A3: A social media hack compromises an online account used for communication, potentially leading to false announcements or phishing. A protocol hack exploits a vulnerability in the blockchain’s smart contract code, which can directly lead to the theft or loss of user funds. Q4: How can users protect themselves from similar incidents? A4: Users should always verify important announcements through multiple official channels (e.g., the project’s official website, blog, or verified Discord). Never click on links from unsolicited messages, even if they appear to come from a known figure, and be skeptical of offers that seem too good to be true. Q5: Will this event delay WLFI’s development roadmap? A5: WLFI has stated that development will continue as scheduled. Since the security of the smart contracts and protocol was not breached, no technical delays related to the incident are anticipated. This post WLFI Incident: Reassuring News as USD1 Reserves Remain Secure After Social Media Breach first appeared on BitcoinWorld .

23 Feb 2026, 20:20

World Liberty Financial draws unwanted attention after ZachXBT teased an upcoming investigation report

World Liberty Financial has accused critics of targeting a “coordinated attack” against its USD1 stablecoin. This news follows speculation that the Trump-backed crypto project could be the target of an upcoming insider trading investigation conducted by popular blockchain detective ZachXBT. The allegations surfaced after ZachXBT posted on his X account that he would release a “major investigation dropping February 26 on one of crypto’s most profitable businesses where multiple employees abused internal data to insider trade over a prolonged period of time.” There was no mention of a name or company, but the crypto community immediately began speculating about who the potential target was. World Liberty’s token ( WLFI ) has since steadied after dipping as low as $0.1088 today, while the USD1 stablecoin briefly fell under its $1 peg. The timing also coincided with other observations that Eric Trump had deleted a WLFI-related post, thus fueling even more speculation that the investigation might be aimed at WLFI. WLFI claims hacked accounts and paid FUD campaign World Liberty Financial wasted no time in clearing up the rumors, posting an official statement today declaring that “a coordinated attack was launched against USD1 this morning.” The project also claimed that “attackers hacked several WLFI cofounder accounts, paid influencers to spread FUD, and opened massive $WLFI shorts to profit from the manufactured chaos.” In its statement, WLFI emphasised that the attack “didn’t work,” noting that its token continues to trade smoothly thanks to its “sound mint-and-redeem mechanism and full 1:1 backing.” However, World Liberty Financial did not provide any blockchain evidence for the alleged hacked accounts, and did not verify which influencers were paid. There is also no on-chain data to support the claim of coordinated short positions as well. Eric Trump doubles down with Maldives project announcement Amid all the speculation about the Trump-backed project, Eric Trump posted on X about WLFI’s tokenized luxury resort project in the Maldives, which plans to build 100 beach and overwater villas that will be tokenized at the development level. “Extremely excited to bring The Trump Organization to the Maldives and combine these two incredible worlds – Hard Assets with Digital Assets,” Eric Trump stated. Earlier this month, Apex Group, a firm with $3.5 trillion in assets, also agreed to pilot the token . However, the activity on Eric Trump’s X profile appeared to have been enough of a smoking gun, as community members noticed that he had deleted an earlier WLFI message. Nonetheless, WLFI says the tokenization approach aims to unlock high-margin returns usually achieved by financial institutions. World Liberty avoids major drama USD1 currently has about 4.8 billion tokens in circulation. It has since returned to its $1 peg after the brief fall during the speculation saga. USD1 market data. Source: CoinMarketCap However, despite weathering the storm from the “coordinated attack,” President Trump’s ties to the WLFI and its USD1 stablecoin remain a frequent target of opposition inquiries. Cryptopolitan reported this month that Senators Elizabeth Warren and Andy Kim called for Treasury head Bessent to review a $500 million stake in the Trump-linked crypto project by a UAE government-linked entity. As things stand, ZachXBT’s intended target remains unknown. All anyone has to go on is that it is “one of crypto’s most profitable businesses.” On the other hand, WLFI has not provided any updates since it claimed a coordinated attack involving hacked accounts and paid influencers targeted its tokens. In the meantime, speculation will continue to grow, and the focus may soon shift from World Liberty Financial if a new target gains traction on Crypto Twitter. If you're reading this, you’re already ahead. Stay there with our newsletter .

23 Feb 2026, 17:55

Trump-backed World Liberty Financial hit by ‘coordinated attack’

World Liberty Financial (WLFI), the cryptocurrency project associated with President Donald Trump and his family, has reported a sophisticated “coordinated attack” on its USD1 stablecoin . The alleged incident temporarily led to the stablecoin dipping below its $1 peg. According to an official WLFI statement posted on X on February 23, attackers compromised several co-founder accounts, paid influencers to spread fear, uncertainty, and doubt (FUD), and opened large short positions on WLFI. The statement alleged that the attackers’ goal was to trigger market panic and profit from the resulting volatility. A coordinated attack was launched against USD1 this morning. Attackers hacked several WLFI cofounder accounts, paid influencers to spread FUD, and opened massive $WLFI shorts to profit from the manufactured chaos. It didn’t work. Thanks to USD1’s sound mint-and-redeem mechanism… — WLFI (@worldlibertyfi) February 23, 2026 The team emphasized that USD1, a U.S. dollar-pegged stablecoin backed 1:1 by reserves including cash, U.S. Treasuries, and government money market funds held in custody by regulated provider BitGo, maintained its stability through its transparent mint-and-redeem mechanism. Despite the pressure, USD1 quickly recovered and is now trading steadily at or near par, according to WLFI. USD1 recovers Market data showed USD1 briefly falling as low as $0.994 before rebounding to around $0.998–$0.999. At the same time, the WLFI governance token experienced short-term price pressure, with some observers noting heightened volatility amid the claims. Co-founder Zach Witkoff reinforced the project’s resilience in a follow-up post , highlighting USD1’s “100% backed” and “radically transparent” design, with verifiable reserves available on the official website. The project urged users to rely exclusively on verified official channels for information and avoid unconfirmed claims amid heightened manipulation risks in politically linked crypto ventures. WLFI has previously dealt with account compromises, including a February 2025 hack of Witkoff’s personal X account that promoted a fake meme coin tied to Barron Trump. Earlier user-side phishing exploits in 2025 also affected some holders, though the core protocol was not directly breached in those cases. As of press time, no independent verification of the alleged account hacks or influencer payments has been publicly detailed by WLFI, and investigations into the claims remain ongoing. Featured image from Shutterstock The post Trump-backed World Liberty Financial hit by ‘coordinated attack’ appeared first on Finbold .

23 Feb 2026, 17:15

World Liberty Financial Claims Coordinated Attack on USD1 as Stablecoin Briefly Slips From $1 Peg

World Liberty Financial said its USD1 stablecoin was targeted in a coordinated attack that included hacked cofounder accounts, paid influencer campaigns, and aggressive short positions — but insisted the effort failed. USD1 Drops to $0.994 Before Recovering Amid Alleged Short Attack World Liberty Financial (WLFI), a crypto protocol tied to members of the Trump family,