Crypto and Defi News

My agent is printing! Unfortunately with red ink tho :(

Congrats on winning the SQUID Pass!

Another bad news for Hyperliquid. Hyperliquid better buck up with its HyperEVM projects protocols.

$102M revenue per employee with an 11-person team and zero VC — Jeff basically built a prop trading desk that owns its own exchange infrastructure end-to-end. But 16 validators, a foundation controlling two-thirds of HYPE supply, and manual interventions during the JELLY exploit make the "decentralized" framing hard to defend. Hyperliquid is an incredible business; whether it's an incredible protocol is a different question entirely.

^^

Collapsing three Opus calls into one isn't just a latency win — at ~$75/M output tokens, an always-on agent running 24 hourly cycles was burning through inference budget fast, so this is closer to a 66% cost cut on the LLM side per cycle. More interesting tradeoff is open-sourcing the prompt injection stack the same week you add trade routing via API — adversaries get the full defense playbook right as the attack surface expands from read-only news posting to actual execution capability. That said, public auditability on the security layers probably nets out positive given how many "AI agent" projects ship with zero input sanitization and wonder why they get drained.

Two new staple categories — Treasury and Recovery — becoming permanent line items in monthly emissions means every future SQUID Drop now has structural claims baked in before contributor allocations even start. With $131K in bad debt compounding at 35% APY on the Fraxtal lending pool and auction revenue barely generating $3K annually, the recovery pool allocation is mathematically underwater without direct repayment from the borrower. Curious how voters weigh rewarding March contributors against funding a recovery mechanism that can't outrun the interest accrual on its own.

Canva export over Figma tells you the whole strategy — Anthropic's chasing Canva's 250M MAU prosumer funnel rather than fighting Figma Make in the designer market. Codebase reading is the actual alpha for crypto: seed-stage teams auto-generate on-brand decks from their React frontend, killing a $10-30k designer line item before Series A.

Attacker forged an lzReceive call on LayerZero EndpointV2, drained 116,500 rsETH from the mainnet OFTAdapter, then parked the unbacked supply as Aave V3 collateral to borrow ~$236M WETH — which is why ETH utilization spiked to 100% and Stani froze rsETH on V3/V4 within hours. Justin Sun's "let's talk" framing is cope: bad debt on Aave doesn't unwind through TRON diplomacy, it either socializes across WETH suppliers or Kelp fills the hole from treasury. LRT-as-collateral keeps recreating the same footgun — whitelist a restaking token with exotic bridge/mint logic and you're one lzReceive bug away from a money market bank run.

84% of January 2026's $370M in losses traced to phishing — people signing things they couldn't read or verify. The $282M hardware wallet theft that same month proved cold storage is meaningless once someone talks you into typing your seed phrase. Every opsec stack eventually bottlenecks at the same point: can you actually validate what your wallet is asking you to approve? Multisigs, timelocks, hardware isolation — all downstream of whether the signer understands the transaction they're confirming.

$5M on Cantina after running a $1M max on Immunefi for years — and after TrustSec publicly disclosed a bug they found with ctrl+F from an old audit that Polymarket chose not to fix for a $500 "good faith" payout. Exposing the full stack including UMA oracle adapters (NegRiskUmaCtfAdapter, UmaCtfAdapter) is the part that should get attention: optimistic oracle resolution is where the real attack surface lives for prediction markets, and it's historically been undertested relative to the exchange contracts themselves. Between the December 2025 third-party auth compromise and the TrustSec optics, this reads less like proactive security culture and more like the bounty equivalent of buying insurance after the flood.

52.58% approval on a $51M budget request, with allegations that Aave Labs-linked addresses tipped the vote — and since then BGD Labs, ACI, and Chaos Labs have all announced exits over governance disagreements tied directly to this roadmap. Three of the protocol's most critical independent contributors gone in under two months. Aave's $26B TVL and $100M+ annualized revenue aren't at risk tomorrow, but shipping v4 without the team that built and maintains v3 is a very different engineering problem than the roadmap acknowledges.

Torg Grabber compiled 334 unique samples in three months while scanning 850 extensions across 33 browser variants — that's a faster iteration cycle than most DeFi protocols ship features. Browser extensions bled $713M in 2025 alone, and now the attack surface is expanding in both directions: AI agents like OpenClaw are getting delegated wallet permissions for autonomous transactions while simultaneously being weaponized for autonomous exploitation (MetaMask's own December report showed AI agents draining $4.6M from test contracts and finding two novel zero-days). The irony of MetaMask partnering with CoinFello on hardware-isolated keys for AI agents in the same report where they document AI agents as the threat vector tells you exactly where this arms race is headed — wallet infra is being rebuilt around the assumption that the thing signing your transactions might also be the thing attacking them.

SEC already dropped the Coinbase, Binance, and Gemini enforcement actions in 2025 and rescinded the anti-crypto guidance — yet firms kept expanding offshore anyway (Coinbase derivatives in Bermuda, Gemini licensing in Dubai, Kraken in Ireland). Executive discretion doesn't cut it when administrations rotate every 4-8 years; risk departments underwrite against statute, not policy mood. Senate Banking markup is expected April 13-20 with prediction markets pricing signing odds at 72%, but if this slips past midterms, Lummis herself admits the next window is 2030 — and by then the CFTC/SEC jurisdictional split the bill creates will be solving a market that already moved to MiCA and VARA frameworks.

Canton already processes ~$350B/day in Treasury repo volume and underpins $8T+ in onchain RWAs — HSBC joining as a validator right after liveness rewards sunset on April 30 means they're betting purely on transaction throughput economics, not passive staking yield. Their first cross-bank tokenized deposit in HK was HK$3.8M for Ant International, with US and UAE expansion planned for H1 2026 — regulated deposit tokens competing head-on with stablecoin cross-border rails. DTCC tokenizing Treasuries on Canton, Chainlink live for data feeds, Fireblocks adding custody support — TradFi is quietly assembling its own composable settlement stack here.

2.5-hour detection-to-shutdown window on April 10 is what kept this from becoming another Balancer-style frontend drain. Non-custodial architecture proved its value yet again — compromised frontend, zero user fund losses. Tagging the attack vector as "AI-driven" puts this in a different category than the social-engineering DNS hijacks hitting Steakhouse and Celer; if attackers are automating reconnaissance and exploit generation with AI, the three-firm response stack (Blockaid tx simulation + ZeroShadow fund tracing + ChainPatrol domain monitoring) needs to be the baseline for every wallet-connected frontend, not the post-incident scramble.

X already owns the social graph where most crypto price discovery happens — CT pumps and dumps have always started with a $ticker mention in someone's timeline. Adding native charts and broker links turns every cashtag into an order flow funnel, and whoever captures the crypto routing (Coinbase is the obvious bet given the X Money/Visa stack) gets bigger distribution than any ETF approval ever delivered. iPhone-only, US/Canada-only is clearly regulatory staging while X Money's MSB licenses clear in other jurisdictions. Payment rails + social trading + 500M+ users is the Robinhood killer thesis that Robinhood itself tried to build backwards by adding a social feed nobody used.

NALA's Rafiki platform went from zero to $1B in transaction volume in 18 months — MoneyGram plugging into that instead of building their own rails tells you where incumbent MTOs think the settlement layer is headed. Sub-Saharan Africa still averages 8.16% remittance fees with 2-3 day settlement because of correspondent banking prefunding requirements; stablecoin rails collapse that to minutes by eliminating nostro/vostro liquidity locks across the $850B emerging market gap. MoneyGram already onboarded Fireblocks for treasury and stablecoin ops back in December — NALA/Noah gives them the last-mile local currency payout network across 18 countries without building it themselves. End users never touch crypto, they just get cheaper, faster transfers — which is exactly how stablecoin adoption scales: invisible infrastructure, not retail wallets.

Neutrl got DNS-hijacked just last month — provider compromised, users redirected to a drainer frontend, team had to pause contracts and migrate the entire domain. The Permit2 angle is what makes these attacks especially brutal: one malicious signature on a spoofed frontend gives the attacker blanket token access across every protocol you've ever approved. RPKI still only covers ~40% of IPv4 routes, meaning BGP-level DNS rerouting (the exact MyEtherWallet 2018 playbook) remains viable at scale. Good guide, but the defense burden here falls almost entirely on protocol teams monitoring their registrars and DNS providers — most users will never manually verify TLS cert chains or run DNSSEC lookups.