Author: rb809rb

Hyperliquid ($HYPE), one of the prominent projects in the cryptocurrency markets, has recently come back into the spotlight with a noteworthy analysis. Michael Nadeau, an analyst at The DeFi Report, shared significant data pointing to a possible “bearish scenario” for $HYPE.

According to Nadeau’s assessment, one of the biggest risks to the Hyperliquid ecosystem is capital outflows through the Arbitrum bridge. Approximately $500 million in funds have flown out of this bridge in the last few weeks. This indicates that investors are becoming more cautious, especially following a series of hacks in the DeFi sector.

Another element highlighted in the analysis was the structural characteristics of the Arbitrum/Hyperliquid bridge. Currently holding approximately $3.36 billion in assets, this bridge is managed by a structure consisting of only 24 validators. This relatively limited set of validators raises concerns about centralization and security risks for some investors.

Nadeau specifically emphasized that these assessments were not intended to create “FUD” (fear, uncertainty, doubt), but noted that despite the positive developments in the ecosystem over the past year, such risks should not be ignored. According to the analyst, the current picture reveals that while there is a strong growth story for $HYPE, there are also structural risks that need to be considered.

*This is not investment advice.

Not everything in bitcoin is at risk from a quantum computer.

Bitcoin mining, the process by which new blocks get added to the blockchain, uses a type of math called hashing that quantum computers cannot meaningfully break. The ledger itself and the rule that new bitcoin can only be created through mining would survive a quantum attacker. Blocks would still get produced, and the chain would keep running.

What would not survive is ownership.

Bitcoin wallets are protected by a different kind of math that turns a secret private key into a public address anyone can see. The math works easily in one direction and not at all in the other, which is the only thing stopping a stranger from spending your coins.

Part 1 of this quantum computing series went into physics. A quantum computer is not a faster version of a regular computer. It is a fundamentally different kind of machine, starting at a very cold, very small loop of metal where particles behave in ways they do not behave anywhere else on Earth.

Part 2 walked through what happens when you point that machine at bitcoin. Bitcoin wallets depend on a one-way math problem. Turning a secret private key into a public address takes milliseconds. Going the other way, from public address back to the private key, would take a regular computer longer than the age of the universe.

A quantum algorithm called Shor’s collapses the gap. Google’s paper this month showed the attack could be run with far fewer resources than anyone previously estimated, in a window that races against bitcoin’s own block times.

This piece, the last in the series, is about the response. What is actually at risk, what bitcoin has done about it, and whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up.

What’s exposed, what’s safe

The at-risk pool is large.

Roughly 6.9 million bitcoin, about one-third of everything ever mined, sits in wallets whose public keys are already permanently visible onchain. Most of this is early bitcoin from the network’s first years, stored in an address format that published the public key by default. It also includes any wallet that has ever been spent from, because spending reveals the key for whatever remains.

A quantum attacker would not need to race against a transaction in progress. Rather, they could work through the wallets with already exposed keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, holds roughly 1 million bitcoin, untouched since the network’s early days, and this stack now sits in the exposed category.

The 2021 Taproot upgrade expanded the problem. Taproot is a change to how bitcoin addresses work, intended to make transactions more efficient and more private.

A side effect was that any bitcoin spent since Taproot activated has published the key protecting whatever remains at that address. This was not a mistake but a reasonable tradeoff at the time, when quantum timelines looked much longer than they do now.

What’s in the works?

While the quantum threat has sparked a heated debate in recent months, and other blockchains are preparing, nothing concrete has emerged from Bitcoin developers yet.

Ethereum, which can be considered one of Bitcoin’s largest competitors among institutional investors looking at the crypto market, has had a formal quantum-resistant program since 2018.

The Ethereum Foundation runs four teams working on the migration full-time, with more than ten independent developer groups shipping weekly test networks. The plan maps specific upgrades across four upcoming network-wide changes, moving Ethereum’s security to new math that quantum computers cannot break. It has even launched a dedicated website, pq.ethereum.org, to publish its progress.

Bitcoin has no equivalent strategy so far.

That doesn’t mean there aren’t any efforts out there to solve it.

One such formal proposal is BIP-360 from a group of developers and researchers. It would add new quantum-safe address types that holders could voluntarily migrate to. A competing proposal from BitMEX Research would install a detection system that triggers defensive action if a quantum attack is observed on the network.

However, neither has broad support from bitcoin’s core developers, and the two proposals solve different halves of the problem.

Nic Carter, one of bitcoin’s prominent advocates, has called it out in the past months.

“Elliptic curve cryptography is on the brink of obsolescence,” Carter wrote on X, referring to the math that secures bitcoin wallets. He described Ethereum’s approach as “best in class” and bitcoin’s as “worst in class,” citing developers who “deny, gaslight, gatekeep, bury heads in sand” rather than engage with the problem.

Adam Back, the Blockstream CEO and a prominent early bitcoin contributor, disagrees on the urgency but agrees on the direction.

“Quantum computing still has a lot to prove. Current systems are essentially lab experiments,” Back said at a conference earlier this month. But he also said bitcoin should prepare now, with optional upgrades built in advance so the network can migrate when needed, rather than scrambling in a crisis.

The coordination problem

So what’s the biggest challenge in implementing effective solutions against Bitcoin’s quantum threat?

Bitcoin’s migration is harder than Ethereum’s for reasons unrelated to the actual math.

Ethereum has a foundation that funds engineering work and a governance process that regularly passes major upgrades. Bitcoin has neither. Its development culture treats any central authority as a failure mode, and its social consensus holds that changes to the protocol should be rare and hard.

Those priors have kept the network stable for nearly two decades, but they also make the quantum problem structurally harder for bitcoin to solve.

Migrating the 6.9 million exposed coins requires decisions the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to move to new quantum-safe addresses using their original keys? What happens to coins whose owners cannot or will not migrate?

Satoshi’s coins are the sharpest example. Freezing old formats protects the coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means those coins sit as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack.

Setting a migration deadline forces Satoshi to either move the coins, revealing their ownership, or lose them. Every option changes bitcoin’s character in ways the network has historically refused to change it.

What happens next

The Google paper’s own framing is a summary of where the industry stands.

A successful attack on the math bitcoin uses “should not be seen as a wake-up call to adopt post-quantum cryptography as much as a potential signal that PQC adoption has already failed.”

This means that by the time the threat becomes visible, the window to respond may already have closed.

Developers now face a question of whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up to the theory.

Ethereum’s eight-year head start suggests the correct answer is to start now. Bitcoin’s governance culture suggests the likely answer is to wait until the threat is demonstrated, then move.

Only one of those answers works if the timeline turns out to be shorter than the optimists’ estimate.

MemeCore [M] has continued its blistering bullish run. AMBCrypto reported that the retest of the $3 support level acted as a launchpad for a rally to $4.7.

The L1 token and memecoin, aimed at establishing a sustainable meme economy, has been one of the best-performing assets over the past week.

M was within the top 20 crypto assets by market cap, making its weekly gain of 22% more remarkable. As the 4-hour chart above demonstrates, a strong bullish structure was in place.

Neither the RSI nor the OBV exhibited a bearish divergence on this timeframe. This suggested the uptrend can continue, and MemeCore can set new all-time highs beyond $4.82.

The bullish momentum of Bitcoin [BTC] stalled at $79.4k and faced minor losses. At the same time, the M momentum has also slowed down.

AMBCrypto examined what price trends traders can expect over the rest of the week.

Laying out the bullish and bearish cases for M

The bullish short-term case was the cluster of short liquidations around $5. To the south, similarly sized clusters of long liquidations have not built up over the past week.

Therefore, though momentum has slowed down, it remained highly likely that MemeCore prices would climb to the overhead magnetic zone at $5.

From there, it is possible that a surge in bullish enthusiasm and capital inflows drives M prices further higher.

The liquidation map showed that the short liquidations from $4.72 to $4.93 had a greater cumulative liquidation leverage. This meant that it was more likely that M would climb higher than fall toward the $4.36-$4.53 area.

The 1-hour chart made it clear where a potential bearish reversal could come from. As things stand, the bullish internal structure of M remained in place. A drop below $4.13 is needed to break the short-term structure.

Traders already in long positions can set their stop losses below this level and look to follow the uptrend.

On the other hand, the token faced closer scrutiny. Crypto sleuth ZachXBT’s statement that M was one of the altcoins with “highly questionable price action” could strain bullish confidence.

---

Final Summary

• MemeCore was one of the standout tokens among the top 20 in crypto over the past week.
• Its bullish run is set to continue, and the $5 round number resistance may be breached in the coming days.

• Solana price traded in a narrow 24-hour zone, with falls below $85.
• Solana ETFs recorded $7.33 million in daily net inflow, led by Bitwise BSOL.
• MACD turned positive, while RSI near 51 shows room for a possible recovery move.

After consolidation, $SOL0.44% is preparing for price recovery. With bearish trend dominating, bulls are attempting to reclaim their position as Solana ETF flows improve after stable sessions.

Solana Price Stays Rangebound After Brief Drop Below $85

Tracking the ongoing Solana price trend at the time of press, CoinMarketCap data indicates that Solana trades at $85.74 after a narrow 0.37% gain over the last 24 hours. The Solana price moved through a tight range, with repeated swings around the $85.38 reference level. Early movement carried the Solana price above $86.00 before momentum cooled and the price returned lower.

A sharper drop then pushed the price below $85.00, marking the session’s deepest visible pullback. After that move, Solana’s price recovered quickly and moved back above the mid-range area. The $SOL0.44% later climbed toward $86.30, where upward movement slowed again.

Several pullbacks followed, yet Solana kept returning near the $85.50 to $86.00 zone. Later action showed weaker momentum as the price slipped under $85.50 more than once. The final section showed a rebound from the lower range, with Solana moving back near $85.66. Solana price gains remained capped near the upper range, and dips recovered quickly.

Solana ETFs Record $7.33M Daily Inflow as Net Assets Hit $874M

The 24-hour Solana price action comes at a time when the Solana ETFs have resumed their inflow after a zero inflow and outflow streak. According to a recent update by SoSoValue, Solana ETFs recorded $7.33 million in daily total net inflow. Cumulative total net inflow stood at $1.02 billion, while total value traded reached $47.38 million. Total net assets stood at $874.13 million, equal to 1.77% of Solana’s market cap.

BSOL led daily net inflows with $6.20 million and recorded 72.64K $SOL in daily inflows. Its cumulative net inflow reached $825.19 million, while net assets stood at $622.65 million. VSOL recorded $1.13 million in daily net inflow and 13.24K $SOL in daily inflow. FSOL reported no daily net inflow, with cumulative net inflow at $158.01 million. Its net assets stood at $107.90 million, and its daily market price fell 2.03%.

GSOL also posted no daily net inflow and held $104.14 million in cumulative net inflow. SOEZ, QSOL, TSOL, and SOLC each reported $0.00 in daily net inflow. Their cumulative net inflows stood at $9.78 million, $4.77 million, negative $102.69 million, and $1.04 million, respectively. All eight products showed negative daily market price changes, ranging from 2.03% to 2.64%.

Solana Price Consolidation Eyes Uptick as MACD Turns Positive

Solana price continues to trade inside a tight consolidation band between $76.62 support and $90.94 resistance. The price has tested both levels several times since February, keeping movement locked inside a narrow pattern. This range formed after a decline, then Solana price entered consolidation. The ongoing trend shows Solana price trading above the lower support zone, while rebounds continue to see resistance around $90.94. A defined move above that resistance would open a path for upward continuation.

However, failure near that level could keep price inside the same levels. The MACD line sits above the signal line. This positioning shows improving short-term movement after earlier weakness. The gap remains, so positive price action as not yet confirmed a breakout. The RSI stands near 51, placing Solana price next to neutral territory.

This reading shows neither overbought nor oversold conditions. It also leaves room for an upward move before the market reaches overheated levels. Based on the support, resistance, RSI, and MACD, consolidation appears braced for an uptick. A trend toward $90.94 remains the next key test. If $SOL0.44% achieves that level, the recovery pattern could extend toward higher resistance zones.

On Apr. 22, a malicious version of Bitwarden’s command-line interface appeared on npm under the official package name @bitwarden/cli@2026.4.0. For 93 minutes, anyone who pulled the CLI through npm received a backdoored substitute for the legitimate tool.

Bitwarden detected the compromise, removed the package, and issued a statement saying it found no evidence that attackers accessed end-user vault data or compromised production systems.

Security research firm JFrog analyzed the malicious payload and found it had no particular interest in Bitwarden vaults. It targeted GitHub tokens, npm tokens, SSH keys, shell history, AWS credentials, GCP credentials, Azure credentials, GitHub Actions secrets, and AI tooling configuration files.

These are credentials that govern how teams build, deploy, and reach their infrastructure.

Bitwarden serves over 50,000 businesses and 10 million users, and its own documentation describes the CLI as a “powerful, fully-featured” way to access and manage the vault, including in automated workflows that authenticate using environment variables.

Bitwarden lists npm as the simplest and preferred installation method for users already comfortable with the registry. That combination of automation use, developer-machine installation, and official npm distribution places the CLI exactly where high-value infrastructure secrets tend to live.

JFrog’s analysis shows the malicious package rewired both the preinstall hook and the bw binary entrypoint to a loader that fetched the Bun runtime and launched an obfuscated payload. The compromise is fired at install time and at runtime.

An organization could run the backdoored CLI without touching any stored passwords while the malware systematically collected the credentials governing its CI pipelines, cloud accounts, and deployment automation.

Security firm Socket says the attack appears to have exploited a compromised GitHub Action in Bitwarden’s CI/CD pipeline, consistent with a pattern Checkmarx researchers have been tracking.

Bitwarden confirmed that the incident is connected to the broader Checkmarx supply chain campaign.

The trust bottleneck

Npm built its trusted publishing model to address exactly this class of risk.

By replacing long-lived npm publish tokens with OIDC-based CI/CD authentication, the system removes one of the most common paths attackers use to hijack registry releases, and npm recommends trusted publishing and treats it as a meaningful step forward.

The harder surface is the release logic itself, such as the workflows and actions that invoke the publish step. Npm’s own documentation recommends controls beyond OIDC, such as deployment environments with manual approval requirements, tag protection rules, and branch restrictions.

GitHub’s environment settings let organizations require reviewers’ sign-off before a workflow can deploy. The SLSA framework goes further by asking consumers to verify that provenance matches expected parameters, such as the correct repository, branch, tag, workflow, and build configuration.

The Bitwarden incident shows that the harder problem sits at the workflow layer. If an attacker can exploit the release workflow itself, the “official” badge still accompanies the malicious package.

Trusted publishing moves the trust burden upward to the integrity of the workflows and actions that invoke it, a layer that organizations have largely left unexamined.

One token to many doors

For developer and infrastructure teams, a compromised release workflow exposes CI pipelines, automation infrastructure, and the credentials that govern them.

JFrog’s analysis shows that once the malware obtained a GitHub token, it could validate the token, enumerate writable repositories, list GitHub Actions secrets, create a branch, commit a workflow, wait for it to execute, download the resulting artifacts, and then clean up.

Obtaining the token creates an automated chain that transforms a single stolen credential into persistent access across an organization’s automation infrastructure.

A developer’s laptop that installs a poisoned official package becomes a bridge from the host’s local credential store to GitHub access to whatever that GitHub token can reach.

The Bybit incident is a close structural analogy. A compromised developer workstation let attackers poison a trusted upstream interface, which then reached the victim’s operational process.

The difference is that Bybit involved a tampered Safe web UI, while Bitwarden involved a tampered official npm package.

In crypto, fintech, or custody environments, that path can run from a credential store to release signers, cloud access, and deployment systems without ever touching a vault entry.

Within 60 days, Checkmarx disclosed compromised GitHub Actions workflows and OpenVSX plugins, while the Cloud Security Alliance warned that the TeamPCP campaign was actively compromising open-source projects and CI/CD automation components.

JFrog documented how a compromised Trivy GitHub Action exfiltrated LiteLLM’s publish token and enabled malicious PyPI releases, and Axios disclosed that two malicious npm versions circulated for roughly three hours through a compromised maintainer account.

Sonatype counted over 454,600 new malicious packages in 2025 alone, bringing the cumulative total to more than 1.2 million. Bitwarden joins a chain of incidents that confirms release workflows and package registries as the primary attack surface.

The precise root cause is not yet public, as Bitwarden has confirmed a connection to the Checkmarx campaign but has not published a detailed breakdown of how the attacker obtained access to the release pipeline.

The outcomes of the attack

The strongest outcome for defenders is that this incident accelerates a redefinition of what “official” means.

Today, trusted publishing attaches provenance data to each released package, thereby confirming the publisher’s identity in the registry. SLSA explicitly documents a higher standard for verifiers to check if provenance matches the expected repository, branch, workflow, and build parameters.

If that standard becomes default consumer behavior, “official” starts to mean “built by the right workflow under the right constraints,” and an attacker who compromises an action but cannot satisfy every provenance constraint produces a package that automated consumers reject before it lands.

The more plausible near-term path runs in the opposite direction. Attackers have demonstrated across at least 4 incidents in 60 days that release workflows, action dependencies, and maintainer-adjacent credentials yields high-value results with relatively low friction.

Each successive incident adds another documented technique to a public playbook of action compromise, token theft from CI output, maintainer account hijack, and trusted-publish-path abuse.

Unless provenance verification becomes the default consumer behavior rather than an optional policy layer, official package names will command more trust than their release processes can justify.

X Layer has entered a strategic partnership with Ethereum Foundation’s Decentralized AI (dAI) to create a robust launchpad for AI stakeholders planning on utilizing both the Ethereum Mainnet and X Layer. The convergence of AI and blockchain technology will transform the world as we know it and is part of a larger trend to help create an enhanced and more decentralized agentic economy.

Strategic Alignment for the Agentic Economy

The alliance brings together a common vision of independent AI agents capable of affecting complicated financial transactions using blockchain technology without requiring constant human supervision. The partnership with the Ethereum Foundation’s dAI team has positioned X Layer to be the main center for developing decentralized applications (dApps) using AI.

In addition to formal endorsement, the partnership represents a commitment to providing real infrastructure, as well as an ecosystem of support. An illustration of this would be to provide developers with technical assistance for the purpose of managing the costs related to the use of Artificial Intelligence through computing on the Ethereum network. As a result of this technical support system, it helps to ensure each of the systems continues to function and remain secure as they should.

Bridging ZK-Proofs and Decentralized Intelligence

X Layer’s technical structure resides underneath its Polygon Chain Development Kit (CDK) polygon. The scalability and low transaction costs are critical to enabling AI applications that require frequent verification of data and micro-transactions; use of Zero-Knowledge Proof (ZKP) technology enables the network’s scalability and low transaction costs. Through ZK-EVM technology, X Layer’s integration works seamlessly within the broader Ethereum ecosystem; because of this functionality, dAI’s team can implement plans to scale decentralized machine learning models.

AI developers can use X Layer’s ZK infrastructure to verify that their off-chain computations, such as model training and inference, are valid by checking them on-chain. This can be done without incurring the high gas costs typically associated with Layer-1. This ability to conduct “Verifiable Computing” provides developers with a means to prevent centralized AI Silo’s from dominating Web3.

Cultivating a New Wave of AI-Web3 Projects

It is anticipated that this collaboration will catalyze an increase in AI-native blockchain initiative. Aside from providing an infrastructure for these new projects, they are providing ecosystem support through grants, mentoring and assistance with integrating onto the newly developed blockchain. These changes correspond with a broader trend in the industry towards specialized Layer-2 solutions that do not simply provide general-purpose scalability but also offer customized environments for unique applications like gaming, finance and AI.

X Layer has positioned its product as having its own dedicated set of rails for the agentic economy to function on. This indicates that a platform for future applications is being developed in which blockchain technology will be focused primarily on being used by non-human entities.

Conclusion

The dAI team at the Ethereum Foundation has partnered with X Layer to further the evolution of decentralized AI, reflecting a significant milestone in this process. This partnership combines ZK-scaling with the leadership of Ethereum’s core research teams to create the foundation for a successful agentic economy. The development of these types of decentralized and transparent operating systems for AI agents will help to establish trustworthiness between AI agents and humans as they interact with one another through digital channels.