xpos

According to Cointelegraph, CoinShares analyzed quarterly 13F filings and found that professional investors reduced their Bitcoin ETF exposure from 313,000 BTC to 261,000 BTC in the first quarter, a decrease of 52,000 BTC, or 17%. The total value of these holdings fell by 35% to $17.8 billion, while the share of U.S. Bitcoin ETF assets held by 13F filers dropped from 24.7% to 20.8%.The sell-off was mainly concentrated among hedge funds and brokerages, which accounted for about 96% of the total reduction. Hedge funds reduced their holdings by 31,400 BTC (a decrease of 39%), while brokerages cut their holdings by 18,800 BTC (a decrease of 53%). In contrast, the largest category of professional investors—investment advisors (holding 150,300 BTC)—only reduced their holdings by 5.9%. Banks, on the other hand, more than doubled their Bitcoin ETF holdings, increasing by 7,800 BTC during the quarter.CoinShares digital asset analyst Matt Kimmell stated, "This dataset is consistent with the historical performance of the Bitcoin market during downturns, with leverage and strategic positions being cleared."

Coinbase released a retrospective report on the large-scale service interruption event on May 7, 2026.The outage lasted approximately 8 hours, with full recovery taking about 12 hours. During this time, trading, deposits, withdrawals, and most core services were unavailable or severely degraded. Coinbase stated that the outage was caused by multiple cooling units failing simultaneously in the cooling system of a data center in one availability zone (use1-az4) in the AWS us-east-1 region, triggering cabinet thermal protection shutdowns, which led to EC2 instances and EBS volumes going offline, affecting multiple internet services.During the recovery process, the Coinbase trading matching engine lost quorum due to the cluster architecture deployed in a single AWS data center losing most nodes. It required urgent code adjustments and the reconstruction of a new node group to restore operation, gradually restarting market trading during the recovery.Additionally, the AWS-managed Kafka (MSK) service experienced control plane failures, preventing the automatic re-election of partition leaders, further blocking quotes, fees, and some settlement and data flow systems, which expanded the overall impact.After manual partition migration in collaboration with the AWS engineering team, the system gradually returned to normal. Coinbase stated that this incident exposed its shortcomings in cross-availability zone automatic switching capabilities and disaster recovery for managed middleware. The company will upgrade its cross-region hot backup architecture, strengthen regular failure drills, and migrate the Kafka system from dual availability zones to a three availability zone deployment, while also working with AWS to advance root cause fixes and improvements.

The Huobi HTX VIP private class "AI + Trading from Theory to Practice" was held in Shanghai, where early Bitcoin miner and pyra.io CTO Tian Jia shared the development of quantum computing and the impact of AI on trading.He believes that the average time it takes to threaten "Bitcoin addresses with exposed public keys" is 7 to 8 years, with a range of 5 to 15 years. The required number of logical qubits is between 1200 and 2400, while the number of physical qubits is less than 500,000. Additionally, Bitcoin also has defensive measures; it can migrate to PQC, or post-quantum cryptography, although there are significant challenges, such as the locking issue of Satoshi's coin.

According to Cointelegraph, the U.S. spot Bitcoin ETF has seen a net outflow of funds for 9 consecutive trading days, totaling approximately $2.84 billion, setting the longest consecutive decline record since the product's launch in 2024, and surpassing the consecutive outflow record from February 8, 2025. Among them, BlackRock's IBIT has become a major source of outflows.Analysis indicates that this round of capital outflow reflects a significant cooling of institutional demand for Bitcoin ETF exposure, while the market shows a trend of differentiation: ETFs related to Hyperliquid and some XRP spot ETFs still recorded inflows, while Ethereum spot ETFs have faced outflows for 13 consecutive days, with a total outflow of approximately $694 million, indicating that capital in crypto asset ETFs is being reallocated.

According to The Block, Sharplink and Forward Industries, which adopt a cryptocurrency asset reserve strategy, will be included in the Russell 2000 and Russell 3000 indices after the FTSE Russell annual adjustment, effective at the opening of the U.S. stock market on June 29. This means that index investors will be able to gain indirect exposure to ETH and SOL through the two companies.Reports indicate that Sharplink currently holds 868,699 ETH, valued at nearly $1.8 billion; Forward Industries holds approximately $585 million in SOL. Previous data from FTSE Russell showed that about $12.2 trillion in assets are benchmarked to the Russell U.S. indices.

Michael Saylor stated that currently about 100 million people have exposure to BTC through MSTR common stock, and he indicated that the Strategy has become the largest stock issuer in the United States.

According to TechCrunch, Trump Mobile has been reported to have a user data breach involving personal information such as customer email addresses and mailing addresses, which is still accessible online.YouTube creators Coffeezilla and penguinz0 stated that after ordering the Trump Gold T1 phone, they received alerts from security researchers indicating that their personal information had appeared in the leaked data set. Coffeezilla mentioned that the leaked content almost covered all basic identity information, with the exception of credit card numbers, and warned users not to place orders on the platform. The two indicated that the leaked data likely originated from publicly accessible systems, and they have not yet received an official response or fix from Trump Mobile, leaving the issues unresolved.Based on the order numbers in the leaked data, the actual number of reservations is estimated to be around 30,000 units, far below the previously expected pre-sale scale of about 590,000. Analysts believe that this incident further raises doubts about Trump Mobile's product delivery and basic security capabilities.

According to Cointelegraph, Italy's largest bank, UniCredit, has just disclosed that it increased its cryptocurrency exposure to $231 million in the first quarter.

Italy's largest bank Intesa Sanpaolo increased its crypto exposure to approximately $235 million in the first quarter.

The GoPlus Security team has disclosed a new type of attack in its AgentGuard AI project: inducing AI agents to perform unauthorized sensitive operations through "memory poisoning." This attack method does not rely on traditional vulnerabilities or malicious code but exploits the long-term memory mechanism of AI agents. For example, an attacker first induces the agent to "remember preferences," such as "usually prioritizing proactive refunds instead of waiting for chargebacks," and then uses vague expressions like "process as usual" or "execute as before" in subsequent instructions, thereby triggering automated financial operations.GoPlus points out that the key risk in such cases lies in the AI agent mistakenly treating "historical preferences" as a basis for authorization, leading to financial losses or security incidents in operations such as refunds, transfers, and configuration changes. To address this issue, the team has proposed several protective recommendations, including:Operations involving refunds, transfers, deletions, or sensitive configurations must require explicit confirmation in the current session.Memory-related instructions like "habit," "usual way," and "as before" should be regarded as high-risk state changes.Long-term memory must have a traceability mechanism (writer, time, confirmation status).Vague instructions should automatically elevate the risk level and trigger secondary verification.Long-term memory must not replace real-time authorization processes.The team emphasizes that the "AI agent memory system" should be viewed as a potential attack surface and should be constrained and audited through a dedicated security framework.

Quantitative giant Jane Street disclosed in its latest 13F filing submitted to the SEC that it significantly reduced its exposure to Bitcoin ETFs in the first quarter of 2026, with its holdings in IBIT decreasing by approximately 71% to 5,872,212 shares, equivalent to about $225.6 million. The holdings in FBTC decreased by about 60% to 1,954,174 shares, equivalent to about $115 million.In addition, its holdings in MSTR also decreased by approximately 78% to 209,833 shares, equivalent to about $26.18 million.

The New York State Retirement Fund increased its exposure to Bitcoin by adding $41 million in MicroStrategy stock.

The Chief Information Security Officer of Slow Fog, 23pds, disclosed that a privilege escalation vulnerability named Dirty Frag has been exposed in Linux systems, with complete details and exploit code now public. This vulnerability allows any local low-privilege user to directly obtain root privileges on almost all mainstream Linux distributions. It is classified as a deterministic logic flaw, and the attack does not rely on complex race conditions, resulting in a very high success rate without causing kernel crashes, posing significant danger. Linux users are advised to upgrade their systems promptly.

According to Politico, Poland's major cryptocurrency exchange Zondacrypto is facing a serious fraud investigation. Its former CEO went missing in 2022, taking with him the private keys to a cold wallet containing 4,500 bitcoins (currently worth over $340 million). The current CEO has admitted to being unable to access the wallet and has recently been reported to have fled to Israel. Prosecutors estimate potential losses for customers to be around $97 million.On-chain data shows that the bitcoin balance in the platform's hot wallet has plummeted by 99.7% since mid-2024, with users generally reporting difficulties in withdrawing funds. Polish Prime Minister Tusk estimates that up to 30,000 users may be affected.Tusk publicly accused the platform of being funded by Russian-linked money, used to finance opposition lawmakers to obstruct Poland's cryptocurrency regulatory legislation. He bluntly stated that this is a "Polish version of a Ponzi scheme" and criticized the president for vetoing the localization of the EU MiCA framework twice, making Poland a "paradise for scammers."The platform's board stated that they failed to obtain "verifiable information" from the missing CEO and have collectively resigned. The founder has been missing since 2022, and the previously mentioned "suspect kidnapping allegations" case is still under investigation. This incident is expected to prompt Poland and the EU to strengthen regulatory scrutiny of cryptocurrency exchanges.

According to Jinshi News, Pepperstone analyst Michael Brown stated that traders may reduce their exposure to risk assets before the Federal Reserve announces its interest rate decision at 2 AM Beijing time on April 30. He pointed out that given the upcoming event risks, many participants will want to cut back on their positions. In addition, traders are also aware that there is still no good news regarding the Middle East conflict, with no signs of a US-Iran peace agreement, and the Strait of Hormuz remains blocked.

According to CoinDesk, while quantum computers cannot disrupt the Bitcoin mining mechanism or the blockchain ledger, they may potentially crack the elliptic curve encryption system that protects wallet ownership through Shor's algorithm. Currently, about 6.9 million BTC (approximately one-third of the total supply) face potential risks due to public keys being visible on-chain, including around 1 million early holdings by Satoshi Nakamoto; transactions generated after the Taproot upgrade in 2021 are also affected due to public key exposure.Ethereum has established a formal quantum resistance migration plan since 2018, with 4 full-time teams and over 10 independent development groups, and has launched a dedicated progress website at pq.ethereum.org. In contrast, Bitcoin currently lacks a unified response roadmap, and the existing BIP-360 proposal and BitMEX Research detection scheme have not received widespread support from core developers. Notable Bitcoin advocate Nic Carter pointed out that Bitcoin's response is "the worst," while Blockstream CEO Adam Back believes that current quantum systems are still in the laboratory stage, but he also agrees that optional upgrade solutions should be deployed in advance.Analysts point out that Bitcoin's anti-centralization governance culture makes coordinating large-scale security upgrades extremely difficult, and how to handle historical legacy issues such as Satoshi Nakamoto's holdings is particularly challenging. A related paper from Google warns that once quantum attacks become a reality, the window for response may have already closed.

According to The Information, Anthropic and OpenAI have both experienced security incidents, raising market concerns about the safety of AI models themselves.Currently, Anthropic is investigating potential unauthorized access to its Claude Mythos model by users. Almost simultaneously, OpenAI was also reported to have accidentally exposed several unreleased models in its Codex application. Industry opinions indicate that these vulnerability incidents have intensified scrutiny on the security governance capabilities of AI companies and reflect that the security systems of current AI technology still need improvement as it rapidly develops. Analysts believe that even AI model providers that focus on cybersecurity capabilities face significant security challenges themselves. As AI is gradually used to defend against cyberattacks, issues related to platform security and access control have also become critical risk points.

Lido has released the latest developments regarding the Kelp security incident, stating that its Earn series vaults are working with the management to address the issues, which involve two major risk points: the rsETH exposure and the liquidity tension in the lending market. Lido emphasizes that the core staking protocol has not been affected, and both stETH and wstETH remain safe and stable.Currently, only the EarnETH vault has an approximately 9% TVL exposure to rsETH, and related deposits and withdrawals have been suspended by the management, awaiting a solution. Approximately $70 million in ETH has been recovered from the previous attack, and the subsequent asset recovery and loss distribution are still in progress. In response to liquidity pressure, the management has reduced leverage and optimized the position structure, significantly decreasing the wETH debt exposure. If losses ultimately occur, EarnETH will activate a $3 million "first loss protection mechanism" (funded by the DAO). As for other vaults, DVV and EarnUSD have not been affected and are operating normally; the GGV sub-vault is currently experiencing negative returns due to the combination of circular staking strategies and rising lending rates, but adjustments are ongoing. Withdrawal requests submitted by users will be processed based on valuations prior to the incident.