disco

OKX founder Star commented on OKX Boost while retweeting a post from RootData, stating that it is not just an incentive but also an early discovery and price discovery mechanism for new projects.In the tweet, RootData, in collaboration with OKX, released the first quarter report for OKX Boost, which shows that during the event, 23 projects distributed over $11 million in incentives, with an average of about 20,000 active participants per event and an average transparency score of over 70%. The listing rate for OKX spot or futures reached 45%.

The Humanity Foundation has recently made significant adjustments to the $H token allocation plan, requiring investors to make a final choice between two options by April 26 at 09:00 UTC: one, extend the distribution, pushing the Cliff to September 25, 2026, and changing to equal distribution over 12 quarters; two, a 3:10 discounted immediate unlock, replacing the original 16,666,666 tokens with 5,000,000 $H (a 70% reduction), to be fully distributed on June 25, 2026.It is understood that the Humanity Foundation has sent adjustment notifications to over 100 investors. Early investment firm Trix Ventures has publicly disclosed its choice of the discounted immediate unlock.It is reported that this firm invested during the project's valuation phase of approximately $60 million, and even after the 3:10 discounted replacement, it can still achieve about 7 times return. Notably, the Humanity Protocol previously reached an in-depth cooperation with payment giant Mastercard, and the project's fundamentals have received endorsement from traditional financial institutions. The on-chain identity verification sector it belongs to is currently in its early market stage, but with the continuous expansion of AI-generated content and automated accounts, the demand for on-chain real identity verification is widely believed to grow exponentially, giving this sector long-term potential to become a leading project in the Web3 infrastructure field.The project is about to face a test of significant selling pressure from a one-time massive unlock, and whether it can grow explosively alongside the AI sector is crucial. Analysts point out that choosing the one-time unlock on June 25 is a safer decision. In the current market cycle, "certain liquidity" far outweighs paper numbers. The deferred plan extends the cycle to 3 years, with huge uncertainties regarding the protocol's survival and team stability.From a market structure perspective, June 25 faces obvious concentrated selling pressure risks: the Sablier contract release node is transparent on-chain, and quantitative and short-selling funds will precisely target this node; institutions may lock in profits by hedging in advance during the two-month window; market makers may withdraw buy depth in advance, causing the actual realization value to be less than 10% of the nominal value. Historically, large-scale concentrated unlocks of Starknet (STRK) and ApeCoin (APE) have triggered severe selling pressure, with the former dropping over 95% from its peak and the latter declining 77% within 7 months.

According to on-chain analyst Axel Adler Jr (@AxelAdlerJr), the discount for short-term holders (STH) has narrowed from -21.6% to -5.7%, and the 7-day moving average of STH-SOPR has risen back above 1, indicating that short-term sellers are no longer clearly in a loss position. However, the current price is still below the cost basis of $83,000, and the market has not yet entered a true risk appetite phase.

Meta Pool indicates that a suspicious contract has been found attempting to impersonate a legitimate staking pool and tokens. Meta Pool emphasizes that this contract is not associated with Meta Pool or any official NEAR liquidity staking provider.

X product lead and Solana advisor Nikita Bier posted to announce two product changes for organizing communities on X, including:XChat now supports a joinable link feature for group chats. Users can create a public link to share directly on their timeline. Each group chat supports 350 members (and is still increasing).Due to declining usage, the X platform will officially deprecate X Communities on May 6.

According to Decrypt, Mozilla recently revealed that Anthropic's latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser, and the related vulnerabilities have been fixed this week.In comparison, a previous version of the Anthropic model only found 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities were within the scope of top human researchers' findings. Claude Mythos was officially released in March 2026 and is Anthropic's most powerful model in the fields of reasoning, coding, and cybersecurity, currently available for use by vetted partners such as Amazon, Apple, and Microsoft through the "Project Glasswing" initiative.

According to on-chain analyst Yu Jin (@EmberCN), due to Aave suspending WETH withdrawals, the deposit certificate aEthWETH has experienced a discount.Whale address 0x8ad withdrew 13,000 ETH (approximately 30 million USD) from the exchange, purchased 13,143 aEthWETH through Swap, and then repaid its ETH loan on Aave at a 1:1 ratio, netting a profit of 143 ETH (approximately 330,000 USD).

According to The Block, the Solana ecosystem decentralized exchange Stabble issued an emergency notice urging liquidity providers to withdraw their funds immediately, due to a North Korean employee who previously worked on the project. This warning appears to have been triggered by information from on-chain detective ZachXBT, who disclosed that a North Korean developer had worked for many years on the Solana DeFi infrastructure project Elemental.U.S. authorities had previously issued warnings that North Korean technicians were infiltrating crypto companies using false identities. Over the weekend, Drift Protocol stated that its $280 million attack incident was likely carried out by the same North Korean hackers responsible for the October 2024 Radiant Capital attack. Stabble responded that the North Korean employee seemed to have joined a year ago, and a new team took over the project four weeks ago, emphasizing that no attacks have occurred so far and that the warning was merely a precaution. Stabble stated that it would conduct a new audit to ensure LP safety.

The 360 vulnerability mining agent recently discovered and reported 1 high-risk and 2 medium-risk high-value vulnerabilities related to OpenClaw, totaling 3 vulnerabilities. Currently, all newly discovered vulnerabilities have been officially patched and publicly disclosed.It is understood that the three newly discovered vulnerabilities directly target the core operating mechanism of AI agents, directly affecting the core security of user devices, data, and accounts.

On April 2, Mustafa, a member of the Polymarket team, responded affirmatively to the community member's question about whether the platform would support using POLY tokens to pay for fee discounts.

According to a warning from on-chain detective ZachXBT, the Discord link for Trust Wallet (discord[.]gg/trustwallet) has been hijacked by hackers and currently points to a phishing server.ZachXBT reminds users not to join through the Discord link in official channels such as the official website, Telegram, or blog to avoid asset loss.

According to Jiemian News, OpenAI plans to discontinue the Sora standalone application six months after its high-profile launch to streamline its artificial intelligence product line. The company launched the Sora application at the end of September last year, promising users a more convenient way to generate and share realistic AI videos in a quasi-social network.This free application quickly topped the Apple App Store rankings but has since fallen in rank. In addition to shutting down this standalone application, OpenAI will also close the application programming interface (API) for developers using Sora.

According to a report by Jinshi citing CCTV, starting from the afternoon of the 18th local time, most areas of Iran, including the capital Tehran, entered a state of complete disconnection from the international internet, and communication between diplomatic missions in Iran and those outside of Iran was almost entirely interrupted. It is reported that there are still some networks available within Iran.

The China Academy of Information and Communications Technology, in collaboration with Shanghai Jiao Tong University and Nanjing University, discovered a high-risk vulnerability driven by LLM command injection in the bash-tools module of the open-source autonomous intelligent agent framework OpenClaw during a security audit.This vulnerability arises from the system's failure to strictly escape command line parameters generated by LLM, allowing attackers to bypass regex defenses through inducive prompts, achieving remote code execution on the host machine and stealing sensitive data.The research team has completed attack verification in various mainstream model environments, initiated a responsible vulnerability disclosure process, and submitted repair suggestions to the NVDB Artificial Intelligence Product Security Vulnerability Professional Database (CAIVD) and the GitHub community.

White hat hacker f4lc0n posted on the X platform revealing that he discovered a "critical" vulnerability in the Injective protocol that could lead to over $500 million in assets being directly withdrawn from the blockchain. However, the project team only offered him a $50,000 bounty, far below the planned maximum limit of $500,000 for this level of severity.f4lc0n stated that the vulnerability allows any user to empty any account on the blockchain without special permissions. After submitting a report through Immunefi, the Injective team initiated a mainnet upgrade vote the next day to fix the vulnerability, but they were "unreachable" for the following three months.Currently, f4lc0n has disputed the amount of the bounty and stated that the $50,000 bounty has not yet been paid. He announced that he will allocate 10% of future bug bounty earnings to continue publicizing this matter until Injective pays the compensation as per the standard.

According to Jinshi reports, the financial blog Zero Hedge pointed out that the panic index VIX is currently only one-third of the level on the United States' "Liberation Day" (April 2, 2025), supported by the capital expenditure expectations of the "seven giants" in the U.S. stock market, while overall market volatility is comparable to that during the crash in April 2025.

According to The Block, Ledger's security research team Donjon has discovered a vulnerability in the secure boot chain of MediaTek processors, allowing attackers to extract encryption keys via USB connection before the operating system loads, provided they have physical access to the phone. This could enable them to decrypt device storage and obtain the device PIN code and encrypted wallet mnemonic within approximately 45 seconds.In proof-of-concept tests, the vulnerability successfully extracted sensitive data from wallet applications such as Trust Wallet, Kraken Wallet, and Phantom. Researchers indicate that this vulnerability may affect about 25% of Android phones, involving models that use MediaTek chips and Trustonic's Trusted Execution Environment. Ledger's Chief Technology Officer Charles Guillemet stated that smartphones were never designed to be vaults. Although the vulnerability can be patched, it highlights the inherent risks of storing keys on non-secure devices, and users are advised to update security patches as soon as possible.According to data from TRM Labs, over 80% of the $2.1 billion in stolen crypto assets in the first half of 2025 stemmed from infrastructure attacks such as private key theft, mnemonic theft, and front-end hijacking. Chainalysis data shows that losses from crypto asset theft exceeded $3.41 billion in 2024, with the proportion of stolen personal wallets rising from 7.3% in 2022 to 44% in 2024.