Category: Business

The North Korean state-run Lazarus Group is running a new campaign known as “Mach-O Man” that turns routine business communication into a direct path to credential theft and data loss, security experts warned Wednesday.

The collective, with cumulative loot estimated at $6.7 billion since 2017, is targeting fintech, cryptocurrency and other high-value executives and firms, Natalie Newson, a senior blockchain security researcher at CertiK, told CoinDesk on Wednesday.

In the past two weeks alone, the North Korean hackers have siphoned more than $500 million from the Drift and KelpDAO exploits in what appears to be a sustained campaign. The crypto industry needs to start viewing Lazarus the same way banks view nation-state cyber actors: “as a constant and well-funded threat, not just another news headline,” she said.

“What makes Lazarus especially dangerous right now is their activity level,” Newson said. “KelpDAO, Drift, and now a new macOS malware kit, all within the same month. This isn’t random hacking; it’s a state-directed financial operation running at a scale and speed typical of institutions.”

North Korea has turned crypto theft into a lucrative national industry, and Mach-O Man is just the latest product from that process, she said. While Lazarus created it, other cybercrime groups are also using it.

“It is a modular macOS malware kit created by Lazarus Group’s infamous Chollima division. It uses native Mach-O binaries tailored for Apple environments where crypto and fintech operate,” she said.

Newson said Mach-O Man uses a delivery method known as ClickFix. “It’s important to be clear because a lot of coverage is mixing up two separate things,” she noted. ClickFix is a social engineering technique where the victim is asked to paste a command into their terminal to fix a simulated connection issue.

It works by Lazarus sending executives an “urgent” meeting invite over Telegram for a Zoom, Microsoft Teams or Google Meet call, according to Mauro Eldritch, a security expert and founder of threat intelligence firm BCA Ltd.

The link leads to a fake, but convincing, website that instructs them to copy and paste one simple command into their Mac’s terminal to “fix a connection issue.” In doing so, the victims provide immediate access to corporate systems, SaaS platforms and financial resources. By the time they find out they were exploited, it is usually too late.

There are several variations of this attack, security threat researcher Vladimir S. said on X. There are already cases where Lazarus attackers have hijacked decentralized finance (DeFI) projects’ domains with this new malware by replacing their websites with a fake message from Cloudflare, asking them to enter a command to grant access.

“These fake ‘verification steps’ guide victims through keyboard shortcuts that run a harmful command,” said Certik’s Newson. “The page looks real, the instructions seem normal, and the victim initiates the action themselves — which is why traditional security controls often miss it.”

Most victims of this hack will not realize their security has been breached until the damage has been done, at which time, the malware will have already erased itself as well.

“They likely don’t know it yet,” she said. “If they do, they probably can’t identify which variant affected them.”

Memecoin season keeps printing life-changing trades for people willing to take a shot.
An anonymous wallet bought 2.79 billion ASTEROID tokens for $575 on April 17 and sold the entire position for 503 ETH on Tuesday, worth roughly $1.17 million, according to on-chain tracker Lookonchain. The round trip took five days and produced a return of more than 2,000x.

ASTEROID is an Ethereum-based memecoin branded as “First Shiba In Space.” It is themed after a Shiba Inu drawing by Liv Perrotto, a teenage cancer patient who died in January 2026 after a five-year battle with the disease.

Two years before her death, Perrotto sketched the dog while serving as a volunteer on SpaceX’s Polaris Dawn ground support team. The design, inspired by Musk’s own Shiba Inu named Floki, flew on the Polaris Dawn mission in September 2024 as the crew’s zero-gravity indicator.

Before she passed, Perrotto had written down eight questions she hoped to ask Musk. The final one asked whether Asteroid could become SpaceX’s official mascot. Her mother shared the list publicly after her death, and media personality Glenn Beck amplified it on April 16. The post went viral, reached Musk, and he said “ok” in response to making Asteroid the official SpaceX mascot.

That response ignited the token. ASTEROID’s market cap ran from roughly $50,000 to more than $20 million within hours of Musk’s reply, then pushed past $100 million over the following days on more than $100 million in 24-hour trading volume.

At its peak the token briefly entered the top 200 cryptocurrencies by market cap. As of European morning hours on Wednesday, it trades at $0.0004435 with a $186.5 million market cap and $24 million in 24-hour volume.

The token has no formal SpaceX endorsement, no licensing arrangement, and no confirmed Musk involvement beyond the social media replies.

It trades on Uniswap against wrapped ether with a market cap of $186.5 million and 24-hour trading volume of $24.3 million. Price is up 20.69% over 24 hours, 28.54% over six hours, and has climbed about 10x from the wallet’s entry point on April 17, according to DEX Screener data.

Brian Armstrong, the head of the leading US exchange, has endorsed a new documentary about Satoshi, claiming that it is the most “thoughtful take” yet on the identity of Bitcoin’s anonymous creator.

The 101-minute film, which is debuting this Wednesday, is the culmination of a four-year investigation led by New York Times bestselling investigative journalist William D. Cohan and private investigator Tyler Maroney.

The new documentary is being billed as part investigative thriller and part human portrait.

The documentary features interviews with industry heavyweights of the likes of Michael Saylor (MicroStrategy), Joseph Lubin (Ethereum), Fred Ehrsam (Coinbase), and Brian Brooks. It also includes former SEC Chair Gary Gensler, journalist Kara Swisher, Haun Ventures CEO Katie Haun, and Bitcoin security engineer Jameson Lopp.

The Coinbase CEO praised the film’s conclusion and announced that Coinbase users were granted exclusive early access to the documentary via the exchange’s mobile app.

Investment manager Ross Gerber also lauded the release, calling it a “very well done” and “in-depth look” for crypto fans.

A crowded field

The media has had a long-time obsession with unmasking the Bitcoin creator.

A recent HBO documentary controversially pointed the finger at early core developer Peter Todd.

Journalist John Carreyrou recently stated with “99% confidence” that cryptography pioneer Adam Back is Satoshi. Back has vehemently denied the claim while arguing that Satoshi might indeed be British.

However, some believe that Satoshi’s identity should remain hidden, and the cryptocurrency community should protect it.

The ongoing conflict between the U.S. and Iran is accelerating Wall Street’s transition into tokenized real-world assets (RWAs) to allay the risk of geopolitical volatility. The crisis has solidified RWAs as essential “always-on” infrastructure for Wall Street, exposing the limitations of traditional financial markets that close during weekends.

As of April 2026, financial institutions are increasingly adopting blockchain-based tokenized trading to reduce the risks posed by 24/7 geopolitical tensions that traditional markets are ill-equipped to handle.

Closing on weekends when many geopolitical escalations occur has emerged as a critical vulnerability in traditional financial markets. Major attacks, such as the U.S. strikes on Iran in February 2026, have frequently happened during off-market hours.

Accordingly, Wall Street desks now use tokenized assets and perpetual futures on platforms like Hyperliquid as the only open window for pricing gold, oil, and war risk when legacy exchanges are offline. The disruption of physical trade routes, particularly in the Strait of Hormuz, has accelerated the shift toward instant “atomic” settlement.

Tokenized U.S. Treasuries market surges to over $12B in April

The tokenized U.S. Treasuries market has surged to $12.78 billion as of April 2026, as investors seek liquid collateral that can be moved instantly across borders. Tokenized commodities like gold and oil have also seen surging volumes as traders seek around-the-clock hedges against energy supply shocks.

Meanwhile, institutional players are also transitioning from pilot programs to full-scale deployment of tokenized assets. Major firms like BlackRock and Franklin Templeton have integrated tokenized funds into their core offerings to avoid the bottlenecks of the traditional banking system during crises.

These firms provide a digital-native structure that remains operational even as physical infrastructure, like in the Gulf, faces drone threats. As of April 2026, BlackRock has accumulated approximately $1.9 billion in tokenized U.S. Treasuries within its BUIDL fund.

On the other hand, some nations, including Iran, are experimenting with blockchain to exchange value outside the U.S.-dollar-denominated system to bypass sanctions and naval blockades. Crypto-native platforms effectively became “the market” during critical moments, such as the February 2026 airstrikes. Legacy exchanges are now under intense pressure to adopt 24/7 trading models to compete with these digital-native structures, according to media reports.

Consequently, on-chain perpetual futures for commodities like gold and oil now account for more than 67% of builder-deployed contracts on decentralized exchanges, with weekend volumes increasing ninefold since the beginning of 2026. The need for blockchain-based instant settlement has become a structural necessity, providing products that remain liquid even when physical trade routes are disrupted.

IMF chief economist says U.S.-Iran war creates bigger risk than Trump’s tariffs

IMF chief economist Pierre-Olivier Gourinchas has emphasized that the U.S.-Iran conflict creates a far bigger risk to the global economy than President Donald Trump’s initial wave of steep tariffs a year ago.

He further notes that several countries are likely to undergo outright recessions under this scenario, with oil prices averaging $110 per barrel in 2026 and $125 in 2027.

“What’s happening in the Gulf is potentially much, much larger, and that’s what our scenarios are kind of documenting.”

–Pierre-Olivier Gourinchas, Chief Economist at the IMF

Based on these claims, the U.S.-Iran war is prompting investors to turn to tokenized oil and decentralized finance (DeFi) platforms for hedging, with major financial players fast-tracking the launch of tokenized securities platforms. Traders are using 24/7 crypto-native markets to hedge against oil price volatility stemming from the conflict.

The IMF also predicts that global GDP growth could fall to 2.5% under an adverse scenario of a longer conflict that would keep oil prices around $100 per barrel this year. The fund’s worst-case scenario assumes a deepening, prolonged conflict that could drive oil prices higher, prompting major financial market dislocations and tighter financial conditions, slashing global growth to 2%.

Russia, where the use of Bitcoin (BTC) and cryptocurrencies is very high, continues to take regulatory steps.

According to the Russian local news agency TASS, the Russian State Duma has approved a bill on cryptocurrencies in its first reading.

At this point, the Duma approved a bill titled “On Digital Currency and Digital Rights”.

The essence of the bill is to appoint the Central Bank of Russia as the regulatory authority for cryptocurrencies and to allow the use of cryptocurrencies in foreign trade payments.

According to the draft law, the Central Bank of Russia will be designated as the key institution overseeing the cryptocurrency market, granting broad powers to issue licenses, approve or prohibit transactions, and determine legality.

The bill also defines the procedures for banks and brokerage firms to enter the cryptocurrency market. Accordingly, regulations regarding cryptocurrency investment will be applied differently depending on the eligibility criteria.

Specifically, the limit for purchasing cryptocurrency is capped at 300,000 rubles per person for unqualified investors. However, this limitation will not apply to qualified investors.

The bill also recognizes cryptocurrencies as property under the Russian legal system.

Finally, the bill needs to pass second and third readings in the State Duma before being submitted to the Federal Council and ultimately to the President for approval. According to the report, if officially approved, the bill is expected to come into effect on July 1, 2026.

*This is not investment advice.

As $XRP continues to expand globally, it has received positive news from the US.

According to The Block, US-based fintech platform SoFi has announced that it has enabled $XRP investment.

However, SoFi has enabled $XRP deposits and portfolio tracking support in its application, allowing users to manage their $XRP directly in their accounts.

“We are excited to now support $XRP deposits, alongside some of the most popular coins like Bitcoin (BTC), Ethereum (ETH), and Solana (SOL).”

This has expanded access to regulated cryptocurrencies for individual users in the US.

Furthermore, SoFi’s move has brought $XRP onto a nationally licensed banking platform.

In contrast, while SoFi announced support for $XRP deposits, it faced user complaints for not enabling withdrawals to external wallets. Users criticized SoFi for not allowing its customers to withdraw their cryptocurrencies to external wallets.

One user, X, stated that the service offered by SoFi is essentially no different from spot ETFs.

The user commented, “SoFi doesn’t allow $XRP withdrawals. It’s basically just a spot ETF. It doesn’t benefit the $XRP ecosystem at all.”

In response to these criticisms, the company stated that they also plan to support withdrawal functionality in the future.

Ripple celebrated this move with the following statement:

“With SoFi, increased access to $XRP means more people can participate, and that’s exactly how the benefit increases.”

*This is not investment advice.

The crypto market is on the brink of a major breakout with bitcoin trading at $78,000, the level it failed to breach on Friday and a price it has not topped since January.

A break above this level would trigger upside momentum to $80,000 as $180 million worth of futures positions are due to be liquidated between $77,000 and $78,000, according to CoinGlass’ liquidation heatmap.

However, there is also a $71 million long position that will be liquidated if the price fails to gain and descends back below $77,300, creating a defensive trading environment on both sides.

The market is higher after U.S. President Donald Trump extended the ceasefire in Iran, saying that country’s government was “seriously fractured.”

Nasdaq 100 futures and S&P 500 futures rose by 0.77% and 0.6%, respectively, since midnight UTC following the announcement, suggesting improving broader market sentiment.

Derivatives positioning

• $BTC‘s breakout to $78,000 caught the bears off guard, leading to $286 million in marketwide short liquidations on derivative exchanges. Longs, or bullish plays, suffered liquidations of just $132 million.
• Still, overall crypto futures open interest (OI) has increased by over 4% to $126 billion in 24 hours. Notably, OI grew across the major tokens, including bitcoin and ether (ETH), outpacing spot price gains, indicating renewed capital inflows and rising demand for leverage.
• Funding rates have flipped positive for most tokens, including $BTC, indicating a renewed bias for bullish bets. The 24-hour cumulative volume delta also paints the same picture.
• M token stands out with annualized funding rates above 200%, signaling an overheated market crowded with bullish bets. Meanwhile, the HYPE and XML markets show a bias toward bearish short plays.
• Broadly speaking, crypto futures activity suggests scope for further market gains. Also supporting the bull case are bitcoin and ether’s 30-day implied volatility indices, which remain under pressure, pointing to market calm.
• On Deribit, bitcoin and ether risk reversals continue to print negative values across all time frames. That’s a sign of the richness of protective put options relative to calls.
• Block flows featured investor bias for call ratio spreads, a strategy used by traders to profit from a moderately bullish, sideways or slightly rising market. Traders also chased bitcoin and ether straddles, a volatility strategy.

Token talk

• The altcoin market was also in a buoyant mood on Wednesday, with all major CoinDesk indexes posting gains of at least 1.5% since midnight UTC.
• The CoinDesk MemeCoin Index (CDMEME) was the top performer, rising 3.4%, with one person turning $575 into more than $1 million on recently released token ASTEROID.
• Popular memecoins TRUMP and DOGE added 6% and 3.8%, respectively, reflecting broader optimism across the sector.
• There was also a boost in privacy coins DASH and XMR, both of which gained 6%-7% over the past 24 hours before tailing off slightly since midnight.
• CoinDesk’s overnight rate (CDOR) for USDC rose to the highest level since 2024, hitting 15%. CDOR measures stablecoin lending & borrowing activity on the Aave platform, which spiked following the weekend’s $290 million exploit on KelpDAO. A high interest rate reflects high demand.