third-party

According to market news, researchers from the University of California recently disclosed that some third-party AI large language model (LLM) routers have security risks that could lead to the theft of cryptocurrency assets. The research shows that LLM routers, acting as API intermediaries, can read plaintext information, and some routers have been found to inject malicious code and steal credentials.The team tested 28 paid and 400 free routers, finding that 9 routers actively injected malicious code, 2 deployed evasion triggers, and 17 accessed Amazon Web Services credentials. Some routers even transferred ETH using the researchers' Ethereum private keys.The study pointed out that the malicious behavior of the routers is difficult to detect, and some AI agent frameworks' "YOLO mode" can automatically execute commands, increasing security risks. The research recommends that developers should not allow private keys or mnemonic phrases to be transmitted through AI agents and calls on AI companies to encrypt signatures in responses to enhance security.

OpenAI stated that during a recent industry-wide security incident, potential security issues were discovered in the third-party development library Axios that they use. After investigation, no evidence was found of user data being accessed, systems being compromised, or software being tampered with.Out of caution, OpenAI has initiated security reinforcement measures, focusing on strengthening the authentication mechanism of the macOS application to prevent malicious parties from distributing counterfeit official applications. OpenAI also reminds all macOS users to update to the latest version of the application as soon as possible, either through in-app updates or official channels, to reduce potential risks.

AI company Anthropic announced that starting from April 4 at 15:00 Eastern Time, it will prohibit access to third-party tools through the Claude subscription service, including the open-source project OpenClaw. The new regulations require that related features can only be used through additional packages or billed on a pay-as-you-go basis via API.This adjustment means that many developers and teams relying on OpenClaw to build automated workflows will shift from a fixed subscription cost model to an unlimited pay-as-you-go system, significantly increasing overall usage costs. Some developers have indicated that the original usage cost of about $20/month could soar to hundreds or even thousands of dollars.The market generally believes that this move is related to OpenClaw founder Peter Steinberger's recent joining of OpenAI. Meanwhile, Anthropic is accelerating the promotion of its own tool ecosystem, including native integration solutions for Claude, to replace third-party toolchains.It is worth noting that Anthropic has previously tightened third-party access through technical restrictions, updates to service terms, and feature replacements. This policy is seen as a "final blockade" and will be extended to more tools.Industry analysis points out that this event reflects an intensifying trend of "ecosystem tightening" in AI platforms, with leading companies strengthening control through vertical integration. At the same time, the developer ecosystem faces rising cost uncertainties and platform dependency risks, which may further drive some users toward more open alternatives.

According to market news, Judge Katherine Polk Failla of the U.S. District Court for the Southern District of New York has dismissed the class action lawsuit against Uniswap Labs and its founder Hayden Adams. This ruling ends a long-standing legal attempt to hold DEX developers accountable for "fraud tokens" traded on their platform.In her ruling, the judge stated that holding the creators of smart contract code responsible for third-party abuses of decentralized platforms is "illogical," and emphasized that merely providing a platform does not equate to substantial assistance in fraud. Since the plaintiffs failed to present valid legal claims even after multiple amendments to the complaint, the judge decided to "dismiss the case with prejudice," meaning the plaintiffs cannot sue again on the same grounds.Uniswap's General Counsel Brian Nistler stated that this ruling sets an important precedent for the DeFi industry, reaffirming that developers are not responsible for illegal activities conducted by third parties using open-source code.

A U.S. federal judge ruled to dismiss the remaining state law claims against Uniswap Labs and its founder Hayden Adams, ending a years-long class action lawsuit.The plaintiffs attempted to hold the platform liable for losses incurred from "scam tokens" traded on the Uniswap protocol. Judge Katherine Polk Failla of the Southern District of New York issued the ruling on Monday, dismissing the plaintiffs' second amended complaint "with prejudice," stating that the plaintiffs failed to present a viable legal claim. The court noted that the plaintiffs had multiple opportunities to amend their complaint but still could not demonstrate that Uniswap was responsible for the misconduct of unnamed third-party token issuers.The plaintiffs claimed to have suffered losses due to actions such as "rug pulls" and "pump-and-dump" schemes, arguing that Uniswap "aided fraud" by providing a platform for buyers and sellers to trade. However, the court clearly stated that merely providing a decentralized trading platform does not constitute "substantial assistance" to fraudulent activities. Judge Failla reiterated her previous view that holding developers of smart contract code responsible for the abusive actions of third parties on decentralized platforms is "logically difficult to sustain."The case was initially filed in 2022 and originally included federal securities law claims. The related securities claims were dismissed in 2023, and the Second Circuit Court of Appeals upheld that ruling, remanding the remaining state law claims to the district court for consideration. This ruling signifies the formal conclusion of the case and further tightens the boundaries of state law liability for DeFi platform developers.

According to Valor, the Central Bank of Brazil (BC) has issued rules for banks and brokerage firms wishing to engage in cryptocurrency activities. The directive requires such institutions to hire a qualified independent company to demonstrate their compliance with the regulatory requirements for virtual asset service providers (PSAV) set by the monetary authority. The certifying entity must clearly indicate that there is no conflict of interest with the audited party.

According to The Block, the crypto prediction market platform Polymarket confirmed on December 24 that multiple user accounts were hacked due to a security vulnerability in a third-party authentication provider. Affected users reported on social media that their funds were drained even with two-factor authentication enabled. The issue appears to be related to the email login service provided by Magic Labs, which is a common registration method for many first-time cryptocurrency users.Polymarket stated that it has resolved this security issue and there is currently no ongoing risk, but it did not disclose the number of affected users or the amount of losses.

According to The Block, the crypto prediction market platform Polymarket has confirmed that multiple user accounts were hacked due to a security vulnerability in a third-party authentication provider. Affected users reported on social media that their funds were drained even with two-factor authentication enabled.The issue appears to be related to the email login service provided by Magic Labs, which is a common registration method for many first-time cryptocurrency users. Polymarket stated that it has resolved this security issue and that there is currently no ongoing risk, but it did not disclose the number of affected users or the amount of losses.

The Argentine cryptocurrency platform Lemon Cash confirmed on December 4 that some users' names and email addresses were leaked due to a hacking incident at its external analytics service provider Mixpanel on November 9. Lemon Cash emphasized that its own platform was not attacked, and sensitive information such as users' private keys, recovery phrases, funds, and account balances were not affected.The company has sent emails to affected users, warning them to be vigilant against potential phishing attacks. Notably, OpenAI is also a client of Mixpanel and has terminated its partnership with the service provider following this incident.

According to the latest research released by the Federal Reserve, there is a high concentration risk at the "third-party service provider" level between the top 100 banks in the United States and 100 non-bank financial institutions (NBFIs). If key cloud, payment, or core IT service providers experience a failure, it will quickly evolve into a systemic event across markets. The model shows that in extreme scenarios, the tail losses caused by systemic incidents can far exceed normal operational risks, with operational disruptions becoming a major source of losses rather than traditional credit events.From a macro-financial perspective, this study quantitatively confirms for the first time that "digital infrastructure failure" itself can serve as a trigger for financial crises, rather than merely being an ancillary risk. When key third-party nodes fail, it will simultaneously impact payment clearing, liquidity allocation, credit transmission, and risk hedging mechanisms, temporarily increasing demand for dollars, compressing global dollar liquidity, and causing credit spreads and volatility to spike. Although banks have lower nominal exposures than non-bank institutions, their extreme losses relative to revenue are even greater, indicating that the vulnerability of the large traditional financial system to tail risks has been long underestimated by the market.The cryptocurrency market is more sensitive to such "functional risks." Exchanges, wallets, custody, oracle services, and settlement layers are highly dependent on cloud and third-party authorized services. Once there is a regional or vendor-level disruption, it can easily lead to a chain reaction of clearing and liquidity vacuum. Historical experience shows that such non-price shocks often lead to passive deleveraging of short-term leveraged funds, with volatility sharply amplified. The short-term Bitcoin structure support will test high-leverage dense areas, and if the liquidity below is penetrated, one must be wary of the risk of a "liquidity spiral decline."Bitunix analysts: The core significance of this report is that the market is transitioning from "financial risk pricing" to a new stage of "infrastructure risk pricing." Future capital allocation will not only consider interest rates and growth but will also simultaneously assess the stability of system operations and the concentration of supply chains. Risk appetite will become more event-driven, and true structural opportunities will arise when resilient assets and decentralized infrastructure values are repriced.

According to Cointelegraph, Bitcoin Core has passed its first third-party security audit, confirming that the software securing the Bitcoin network is highly mature, with no serious vulnerabilities found.The audit was conducted by the French security company Quarkslab, commissioned by the Open Source Technology Improvement Fund (OSTIF) and implemented on behalf of the Bitcoin Core development funding organization Brink. During the 104-day audit period from May to September, the reviewers assessed the most sensitive components of the project, with particular attention to the P2P layer and block validation logic. The report noted that despite the large size of the Bitcoin Core codebase, which contains over 200,000 lines of C++ code and more than 1,200 deployed test cases, the auditors assessed it as "the most mature and well-tested." The team found no high or medium severity vulnerabilities, only two low severity issues, along with a series of recommendations for improvements mainly related to fuzz testing tools and test coverage. These findings did not impact the consensus mechanism, denial-of-service resistance, or transaction validation.

ChainCatcher message, Binance founder CZ posted on the X platform stating that all DAT companies should use third-party crypto asset custody services and have their account setups audited by investors. He emphasized that this is a prerequisite for any investment by Yzi Labs in BNB DAT projects, aimed at ensuring asset security and investment transparency.

ChainCatcher message, Ethena Labs posted on social media, "USDe reserve proofs are typically provided weekly by independent third-party verification agencies, including companies such as Chaos Labs, Chainlink, Llama Risk, and Harris & Trotter.In response to community requests, we have provided an unconventional pace reserve proof based on market events from the past 24 hours, which is linked below this message.These independent third parties have confirmed that USDe still has approximately $66 million in over-collateralization."

ChainCatcher news, according to IT Home, the social media platform Discord announced that its third-party customer service provider was hacked, and some customer information was stolen and used to extort Discord.This cybersecurity incident affected some Discord users who had contacted the customer support team or the trust and safety team, involving chat logs, real names, usernames, email addresses, IP addresses, transaction history, payment information, and the last four digits of credit cards, as well as a small number of ID photos used to verify age. After discovering this issue, Discord immediately revoked the third party's access to Discord's ticketing system. According to preliminary analysis, the unauthorized third party that launched the attack did not have the capability to directly access Discord.

According to ChainCatcher, as reported by Crypto In America, Vanguard, the world's second-largest asset management company, is preparing to allow clients to invest in cryptocurrency ETFs on its brokerage platform. Anonymous sources revealed that due to strong client demand for digital assets and the changing regulatory environment, Vanguard has begun preparations for this and has engaged in external discussions; currently, Vanguard does not have plans to launch its own products like BlackRock, but is considering allowing brokerage clients to invest in certain third-party cryptocurrency ETFs. However, it is still unclear when a decision will be made and what products will be offered.

ChainCatcher news, State Street, the world's largest ETF service provider, announced that it has become the first third-party custodian to access JPMorgan's digital debt services, providing institutional clients with blockchain-based debt securities custody services.JPMorgan's digital debt services support the issuance, settlement, and lifecycle management of bonds through the Kinexys digital asset platform, utilizing blockchain technology to achieve precise T+0 settlement and automated operations. The first transaction was completed by State Street's investment management division, purchasing $100 million in commercial paper, marking the modernization of the short-term debt market.

ChainCatcher news, according to Zhito Finance, Hong Kong listed company Ruihe Digital Intelligence (03680.HK) announced that the group has reached a cooperation framework agreement with an independent third-party institution on the joint development of a virtual cryptocurrency trading platform on July 29, 2025.

ChainCatcher news, according to official sources, Bitwise has announced the launch of a third-party asset reserve proof transparency service for the Bitcoin spot ETF (BITB) and the Ethereum spot ETF (ETHW), provided by the U.S. registered accounting firm The Network Firm.

ChainCatcher news, the Movement Network Foundation announced a third-party review of the abnormal situation regarding external market makers, and has commissioned the professional intelligence agency Groom Lake in the digital asset field to carry out this review. After the review is completed, the foundation will release the results of the review and the measures taken.