fec

Dragonfly Managing Partner Haseeb published a statement regarding the recently patched Zcash vulnerability, indicating that there are many misunderstandings in the market about this event. He pointed out that even if the vulnerability had been exploited before it was fixed, attackers could only profit by faking ZEC in the privacy pool, and these tokens must first be converted from a privacy address to a transparent address to enter mainstream trading platforms.Since the supply of ZEC in transparent addresses can be publicly verified, any abnormal transfers exceeding the maximum supply will be detected and blocked, so the vast majority of investors holding transparent ZEC and exchange users will not be affected.Haseeb stated that the Zcash team plans to introduce a new "Turnstile" mechanism and a brand new privacy pool in future upgrades to verify that there is no inflation issue in the current privacy pool. He also mentioned that formally verified cryptographic systems can reduce implementation errors from a design perspective. Haseeb finally disclosed that Dragonfly still holds ZEC, and he is also a ZODL investor.

The founder of the Liebit Mining Pool (B.TOP), Jiang Zhuoer, stated that Bitcoin has not effectively broken below the strong support of $60,000. The price difference between Coinbase and Binance is narrowing, indicating that the selling volume from U.S. institutions like ETFs is decreasing, and the crypto market may see a rebound over the weekend.In yesterday's news, Jiang Zhuoer announced that he has "bottom-fished" and bought back all ETH positions at $1,645, expecting to start selling after a rebound in 1 to 3 days.

According to Jinshi reports, Russian President Putin stated that the "theft" of Russian assets has affected the US dollar and the euro.

Affected by profit-taking from AI concept assets and a decline in market risk appetite, Bitcoin has fallen to around $62,000, a cumulative drop of nearly 16% from last week's high of over $74,000. Market analysis suggests that if it falls below the key level of $60,000, the next key technical support for Bitcoin may be around $55,000. In addition, the U.S. spot Bitcoin ETF has recorded net outflows for 15 consecutive trading days, totaling over $4.7 billion, while Strategy disclosed this week that it sold Bitcoin for the first time since 2022, further weakening market expectations for institutional buying.

According to the official announcement from Sui Network, the Sui mainnet has resumed normal operation, and transaction processing and network activity have both returned to normal. The official disclosure states that the two network outages that occurred yesterday and the day before were related to an interaction issue between the "Address Balances" feature introduced in version 1.72 and the Gas billing logic. The Sui core team indicated that the fix deployed yesterday was only a temporary measure aimed at quickly restoring network operation, but this solution carried a known and low-probability risk of outage. Today, the network triggered a variant of the known issue, causing the mainnet to pause again. Currently, the validators have completed the deployment of a long-term fix, and the official claims that the known issues caused by the original vulnerability have been thoroughly resolved, with the network now operating normally. The Sui team stated that they will release a more detailed incident review report in the future, explaining the cause of the failure and the repair process.

According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.

According to BBX data, the pressure from market regulation suddenly intensified over the weekend, and institutional-level crypto derivatives product lines expanded simultaneously. The core dynamics are as follows:On May 22, James Comer (Republican, Kentucky), Chairman of the House Oversight and Government Reform Committee, officially issued investigation letters to Kalshi (privately held) and Polymarket (privately held), initiating a formal congressional investigation into insider trading on prediction market platforms. The investigation focuses on two suspicious bets: one betting on the early capture of Venezuelan President Maduro, and another betting on the direction of the Iranian conflict. Both transactions recorded unusually large amounts just hours before the related events were made public. According to media reports, the Wisconsin Attorney General has recently listed Robinhood Markets, Inc. (NASDAQ: $HOOD), along with Kalshi, Polymarket, and Crypto.com, as defendants, accusing them of providing unlicensed sports betting services in Wisconsin. This is the latest escalation of the prediction market facing legal challenges in 13 states to congressional scrutiny. Both Kalshi and Polymarket stated their willingness to cooperate with the committee's investigation, asserting that their platforms have robust anti-insider trading mechanisms.On May 23, the U.S. Securities and Exchange Commission (SEC) officially approved a proposal submitted by Nasdaq, Inc. (NASDAQ: $NDAQ) to launch cash-settled Bitcoin index options on its Philadelphia Stock Exchange, which does not involve physical delivery of Bitcoin. This product will allow institutional investors to hedge or invest in Bitcoin price fluctuations through standardized options contracts, filling a market gap for cash-settled Bitcoin index derivatives on regulated exchanges in the U.S. The timing of the approval coincided with significant fluctuations in Bitcoin over the week (with a low of $74,500 and a high rebound to $77,800), reflecting the accelerating release of genuine demand for volatility management tools in the market.

According to Cointelegraph, SpaceX plans to conduct a $75 billion IPO in June, and if its valuation reaches $1.75 trillion to $2 trillion after going public, it may enter the Nasdaq 100 index within 15 trading days through Nasdaq's "fast track" rule, thereby increasing the index's exposure to Bitcoin.According to SpaceX's latest S-1 filing, it holds 18,712 BTC, valued at approximately $1.45 billion. If combined with Tesla's 11,509 BTC, the two companies under Musk will become significant holders of Bitcoin in the Nasdaq 100.Strategy CEO Phong Le stated that with the SpaceX IPO, Mag 7 will become Mag 8, with 25% of the companies' balance sheets holding Bitcoin.However, analyst Nic Puckrin believes that the SpaceX IPO could be bad news for tech stocks. After being included in the Nasdaq 100, passive funds will need to buy SpaceX and sell existing components like Nvidia, Apple, and Microsoft, potentially creating a large-scale capital siphoning effect.Reports indicate that Bitcoin has recently been highly correlated with large tech stocks, with a 30-day correlation of approximately 0.81 between BTC and the Magnificent Seven ETF (MAGS). Analysts suggest that if tech stocks face pressure due to index rebalancing, Bitcoin may also face downward risks in the short term.

According to the official status page of Pyth, Pythnet/Hermes has been down for over 4 hours, affecting both Price Feeds and Sponsored Feeds. The page indicates that the root cause of the problem has been identified, and validators are coordinating to restart the network, with services expected to resume at 20:30.

According to a report by 21st Century Business Herald, Futu Holdings' US stock pre-market once fell over 40%. In terms of news, the China Securities Regulatory Commission plans to decide to confiscate all illegal gains of Tiger, Futu, and Changqiao's domestic and foreign related entities, and impose severe penalties according to the law.In response, the company's customer service staff stated that the company has been paying attention to relevant regulatory developments and is carefully studying the related content. Once the information is complete, the company will respond uniformly. Currently, the company's business operations are normal, and customers' account assets and various services are not affected.

The DAO infrastructure service provider Syndicate announced that it will gradually cease operations. It stated that after five years of continuous development of on-chain developer infrastructure, the Rollup market has undergone fundamental changes. Currently, the Rollup market size has significantly shrunk, with some Rollup projects gradually shutting down, and the market has shifted from EVM Rollups to custom chain models built from scratch by consulting teams, resulting in a significant decline in reusable technology and network value.Syndicate stated that its system consists of two parts: Syndicate Labs, responsible for development, will shut down, while the independent entity Syndicate Network Collective (Wyoming DUNA), which holds SYND tokens and has governance rights, will continue to exist, and SYND governance will not be affected in the short term.In addition, Syndicate emphasized that this decision to cease operations is unrelated to recent cross-chain security incidents, and affected users and SYND holders have received full compensation through treasury reserves, while team and investor tokens are still locked.

According to Jinshi reports, the Federal Reserve meeting minutes show that participants generally believe the Middle East conflict could have a significant impact on risk balance and the appropriate policy path.

Drift Protocol stated on platform X that after the protocol is restored online, users who have staked in the Insurance Fund will be able to withdraw their corresponding shares normally. The Insurance Fund is designed to maintain the protocol's solvency in the event of liquidation or bankruptcy. Since the protocol was paused before losses were completed through normal liquidation or bankruptcy processes, the Insurance Fund was not affected by the related vulnerabilities or attacks.Drift Protocol added that the assets of the protocol's own Insurance Fund will be used to support system restart and user recovery, and plans to publicly disclose the relevant on-chain addresses so that the community can track the use of funds and subsequent deployments.

LayerZero Labs released a report on the KelpDAO attack incident, confirming that the KelpDAO rsETH cross-chain bridge built on its cross-chain communication protocol was attacked, resulting in the theft of approximately 116,500 rsETH (about $292 million). Several security agencies, including Mandiant, CrowdStrike, and independent researchers, attributed the attack to the North Korean-related hacker group TraderTraitor (UNC4899).The report indicates that the attack began on March 6, 2026, when the attackers used social engineering techniques to compromise a LayerZero developer account, obtain session keys, and infiltrate the RPC cloud environment, further contaminating internal RPC node data and manipulating return results to deceive monitoring systems and the decentralized verification network (DVN).LayerZero Labs officially announced that it will adjust its security strategy, including no longer allowing its DVN to act as the sole signer in a single validation configuration, while also rebuilding the affected cloud infrastructure and introducing short-term credentials, instant permission upgrades, and multi-party approval mechanisms to enhance security.

The open-source data visualization tool Grafana has released the latest progress on the investigation of the security incident on May 16. The investigation found that this incident was limited to the GitHub environment of Grafana Labs, including both public and private source code as well as internal GitHub repositories, and did not affect customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to the source code, also included some repositories used by the team for collaboration and storage of internal operational information and business details, involving business contact names and email addresses, rather than data from production systems or the cloud platform.Grafana Labs has made it clear that the codebase was downloaded but not tampered with, and currently, customers and open-source users do not need to take any action. The incident originated from a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response, but a credential was overlooked, allowing the attacker to gain access. After receiving a ransom demand on May 16, the company decided not to pay the ransom and has rotated automated credentials, implemented enhanced monitoring, audited all commits since May 11, and significantly strengthened GitHub security configurations. The company has notified federal law enforcement, and the investigation is ongoing.

According to CoinPost, the Financial Services Agency of Japan announced a cabinet order amendment, officially recognizing foreign trust beneficiary rights that are "equivalent" to Japan's electronic settlement system as electronic settlement methods under the Fund Settlement Act. The amendment will take effect on June 1.This revision clarifies: first, it establishes a legal basis for qualified foreign trust-based stablecoins to provide services within Japan; second, it stipulates that electronic settlement method operators should use equivalence with the Japanese system as the eligibility criterion when handling foreign electronic settlement methods. At the same time, relevant foreign trust beneficiary rights will be excluded from the Financial Instruments and Exchange Act's securities and will only be regulated as electronic settlement methods.The Liberal Democratic Party of Japan has officially approved the "AI + Blockchain Finance" proposal, supporting yen stablecoins and tokenized deposits.

On May 19, the Financial Services Agency of Japan announced the revised Cabinet Office Ordinance related to electronic payment methods and transaction operators, clearly including trust beneficiary rights established under foreign laws that are equivalent to the Japanese system within the scope of electronic payment methods under Japan's Fund Settlement Act, providing a legal basis for the compliant circulation of trust-type stablecoins issued by specific foreign entities within Japan. The new regulations will take effect on June 1, 2026, and also clarify that the relevant foreign trust beneficiary rights are not considered securities under the Financial Instruments and Exchange Act.

Echo Protocol announced that its eBTC deployment on Monad experienced unauthorized activity, resulting in abnormal minting and financial losses. Preliminary investigations indicate that the issue stemmed from the compromise of the administrator keys related to the Monad deployment, with approximately $816,000 in assets currently confirmed to be affected.Echo stated that the Monad network itself was not affected and continues to operate normally. The team has regained control of the administrator keys and has destroyed the remaining 955 eBTC held by the attacker. The project further clarified: the current incident appears to be limited to the Monad deployment; there is no evidence to suggest that the Aptos side has been affected; aBTC on Aptos and eBTC on Monad are independent, non-bridgeable assets; the current related risk exposure on Aptos is approximately $71,000.As an additional precaution, Echo has suspended the cross-chain functionality of the Monad deployment and has begun upgrading the related EVM bridging contracts and permission control mechanisms, while reminding users not to interact with any unofficial claims, refund, or recovery pages.

Keone Hon, co-founder of Monad, posted on the X platform that the Monad network is unaffected and operating normally, while security researchers are investigating the eBTC-related incident of the Echo Protocol. Researchers have determined that the vulnerability led to approximately $816,000 being stolen. Previously, it was reported that the Echo Protocol was attacked on the Monad chain, where hackers minted 1,000 eBTC and withdrew funds via Curvance.

Galxe released a security update stating that a leaked internal key affected the retired Galxe SpaceStation V2 contract. Galxe emphasized that this incident did not affect the security of any user wallets or funds, and even if users had previously interacted with the relevant contract, their wallet assets are "completely safe."The platform stated that the issue is limited to the relevant contract level, and the root cause has been confirmed. They are currently updating security controls and will publish a complete report after the investigation is completed.