security

QCP Group analysis indicates that the negotiations between the U.S. and Iran have once again broken down, the ceasefire in the Middle East continues, and the overall geopolitical landscape remains static. A shooting incident occurred at the White House Correspondents' Dinner, with Trump suspected to be the target. After the Asian market opened, BTC briefly surpassed $79,000 and ETH broke through $2,400, but concerns arose following news of the Iranian foreign minister's visit to Russia for talks with Putin, leading to a rapid pullback in gains.The current key resistance level in the market is the CME gap around $82,000. The funding rate for BTC perpetual contracts continues to be negative, and if the price breaks upward, it may trigger short covering. Implied volatility continues to decline, and the risk reversal skew has narrowed, with market interest in upward exposure gradually increasing. Key focus this week: April 29 earnings reports from Microsoft, Amazon, Meta, and Google, as well as the FOMC interest rate decision; April 30 earnings report from Apple, U.S. Q1 GDP, and March PCE data.

According to Solid Intel, Trump will hold a National Security Council meeting today to review proposals to reopen the Strait of Hormuz and end hostilities.

According to a report by Jinshi citing Xinhua News Agency, Iranian Foreign Minister Amir-Abdollahian called on regional countries to establish a collective security mechanism "not subject to U.S. interference." During a meeting with Oman's Sultan Haitham in the capital Muscat, Amir-Abdollahian stated that Iran's experience shows that the U.S. military presence in regional countries only leads to turmoil and division in the region. He urged regional countries to jointly build an independent collective security mechanism without U.S. interference.

According to Jinshi reports, U.S. President Trump stated in response to a reporter's question that the incident that occurred at the White House Correspondents' Association dinner that day was "completely shocking." He heard a noise but thought it was a tray falling to the ground."I was observing the situation at the time," he said, "but his wife reacted faster, seemingly realizing what was happening quickly." Trump expressed his hope to continue holding the dinner and promised to reschedule the dinner date as soon as possible.Trump stated that he had not received any briefings about threats before the dinner. He also mentioned previous assassination attempts against him and called on the American public to "resolve their differences." He noted that members of both parties condemned the related events that night. Trump also expressed gratitude to media personnel, stating that the media "acted very responsibly in their reporting."When asked if the shooting incident was related to the conflict with Iran, Trump said, "I don't think so."

According to CoinDesk, while quantum computers cannot disrupt the Bitcoin mining mechanism or the blockchain ledger, they may potentially crack the elliptic curve encryption system that protects wallet ownership through Shor's algorithm. Currently, about 6.9 million BTC (approximately one-third of the total supply) face potential risks due to public keys being visible on-chain, including around 1 million early holdings by Satoshi Nakamoto; transactions generated after the Taproot upgrade in 2021 are also affected due to public key exposure.Ethereum has established a formal quantum resistance migration plan since 2018, with 4 full-time teams and over 10 independent development groups, and has launched a dedicated progress website at pq.ethereum.org. In contrast, Bitcoin currently lacks a unified response roadmap, and the existing BIP-360 proposal and BitMEX Research detection scheme have not received widespread support from core developers. Notable Bitcoin advocate Nic Carter pointed out that Bitcoin's response is "the worst," while Blockstream CEO Adam Back believes that current quantum systems are still in the laboratory stage, but he also agrees that optional upgrade solutions should be deployed in advance.Analysts point out that Bitcoin's anti-centralization governance culture makes coordinating large-scale security upgrades extremely difficult, and how to handle historical legacy issues such as Satoshi Nakamoto's holdings is particularly challenging. A related paper from Google warns that once quantum attacks become a reality, the window for response may have already closed.

Project Eleven today awarded the Q-Day prize to researcher Giancarlo Lelli, who successfully derived a 15-digit elliptic curve private key from a public key using publicly accessible quantum hardware, marking the largest scale demonstration of its kind to date, a 512-fold increase from the 6-digit demonstration in September 2025.Lelli used a variant of Shor's algorithm for the elliptic curve discrete logarithm problem, which is the mathematical foundation of the Bitcoin signature scheme, with the awarded hardware featuring approximately 70 qubits. Currently, no known quantum computer can crack real Bitcoin wallets, and the security of Bitcoin's 256-bit elliptic curve remains far beyond current quantum capabilities. Notably, Google lowered its resource estimates for ECDLP-256 on March 31 and set a target for the migration to quantum cryptography after 2029, followed by Cloudflare, and the UK's NCSC also set migration milestones from 2028 to 2035.On-chain data shows that approximately 6.93 million BTC are at potential quantum risk due to exposed public keys. The Bitcoin community has proposed BIP 360 and BIP 361 to promote the migration to quantum-resistant output types, but the coordination challenges of a decentralized network remain the biggest hurdle.

According to The Information, Anthropic and OpenAI have both experienced security incidents, raising market concerns about the safety of AI models themselves.Currently, Anthropic is investigating potential unauthorized access to its Claude Mythos model by users. Almost simultaneously, OpenAI was also reported to have accidentally exposed several unreleased models in its Codex application. Industry opinions indicate that these vulnerability incidents have intensified scrutiny on the security governance capabilities of AI companies and reflect that the security systems of current AI technology still need improvement as it rapidly develops. Analysts believe that even AI model providers that focus on cybersecurity capabilities face significant security challenges themselves. As AI is gradually used to defend against cyberattacks, issues related to platform security and access control have also become critical risk points.

Lido has released the latest developments regarding the Kelp security incident, stating that its Earn series vaults are working with the management to address the issues, which involve two major risk points: the rsETH exposure and the liquidity tension in the lending market. Lido emphasizes that the core staking protocol has not been affected, and both stETH and wstETH remain safe and stable.Currently, only the EarnETH vault has an approximately 9% TVL exposure to rsETH, and related deposits and withdrawals have been suspended by the management, awaiting a solution. Approximately $70 million in ETH has been recovered from the previous attack, and the subsequent asset recovery and loss distribution are still in progress. In response to liquidity pressure, the management has reduced leverage and optimized the position structure, significantly decreasing the wETH debt exposure. If losses ultimately occur, EarnETH will activate a $3 million "first loss protection mechanism" (funded by the DAO). As for other vaults, DVV and EarnUSD have not been affected and are operating normally; the GGV sub-vault is currently experiencing negative returns due to the combination of circular staking strategies and rising lending rates, but adjustments are ongoing. Withdrawal requests submitted by users will be processed based on valuations prior to the incident.

According to CertiK senior blockchain investigator Natalie Newson, real-time deepfakes, phishing, supply chain attacks, and cross-chain vulnerabilities will be the main sources of crypto hacking attacks.To date, the industry has lost over $600 million due to hacking attacks, including the $293 million vulnerability incident at Kelp DAO and the $280 million theft incident at Drift Protocol, both of which are related to North Korean hacker groups. Newson warned that the accelerated development of AI will make attack methods more complex, including more realistic deepfakes, autonomous attack agents, and "agent AI" that can automatically scan for vulnerabilities in smart contracts, but AI can also serve as a defense tool. CertiK advises investors to verify the authenticity of URLs and use cold wallets to store assets to reduce risk.

Vercel's CEO Guillermo Rauch tweeted that the team has completed an in-depth security investigation, analyzing nearly 1 PB of complete Vercel network and API logs, far exceeding the initial Context.ai account breach incident.The investigation revealed that the attackers' activities extended beyond Context.ai and have distributed malware on a broader scale, targeting account keys from platforms like Vercel. Once the keys are obtained, the attackers quickly and comprehensively enumerate non-sensitive environment variables. Current measures include deepening collaboration with industry partners such as Microsoft, AWS, and Wiz to jointly protect the broader internet ecosystem; other suspected victims have been notified and advised to immediately rotate credentials and strengthen security best practices.

According to Decrypt, Admiral Samuel Paparo, the commander of the U.S. Pacific Command, stated during a hearing before the U.S. House Armed Services Committee that the U.S. government is currently running a Bitcoin node for cybersecurity-related testing, but is not engaged in mining.Paparo indicated that the U.S. military's interest in Bitcoin primarily focuses on its value as a computer science tool, including cryptography, blockchain, and reusable proof-of-work mechanisms, with the aim of using the Bitcoin protocol to strengthen cybersecurity and enhance military capabilities, which is still in the experimental stage. He also mentioned that maintaining the global dominance of the U.S. dollar aligns with U.S. military interests and gave a positive evaluation of the stablecoin legalization bill, the GENIUS Act, signed by Trump last summer, believing that the bill helps to solidify the global position of the dollar.

According to BeInCrypto, Mastercard has joined the Blockchain Security Standards Committee (BSSC) as a charter-level member, collaborating with members such as Coinbase, Fireblocks, Anchorage Digital, and BitGo to develop a security framework for blockchain networks and tokenized assets.Mastercard will also join a working group focused on security and privacy guidelines, with Claire Le Gal from the security solutions department, responsible for fraud prevention, cyber resilience, disputes, and threat intelligence, representing Mastercard on the BSSC board. The executive director of BSSC stated that Mastercard's payment experience is of significant value in establishing robust blockchain security rules. Mastercard has launched multi-token networks and crypto credential products aimed at embedding trust in blockchain and tokenized infrastructure.

The "Quantum Computing and Blockchain Independent Advisory Committee" established by Coinbase has released its first position paper. The core conclusion of this position paper is that the core infrastructure of Bitcoin is fundamentally secure. Quantum computing does not pose a substantial threat to Bitcoin mining, hash functions, and the historical records of the blockchain. The real vulnerability lies at the wallet level, and Ethereum has laid out a clear roadmap to address this issue in the near future.Previously, Coinbase announced the establishment of the Quantum Computing and Blockchain Independent Advisory Committee in January this year, with committee members including researchers from Stanford University, the University of Texas at Austin, and the Ethereum Foundation.

SuiLend posted on platform X stating that all functions of the platform are currently operating normally, including deposits, loans, withdrawals, and repayments, and user funds are secure.At the same time, the team is closely monitoring the progress of the previous Volo Protocol security incident and will continue to release subsequent updates.

Ethena officially announced that the LayerZero cross-chain bridge functionality for sUSDe and USDe has been relaunched on all chains. To enhance security, Ethena has upgraded the decentralized verification network (DVN) configuration on each chain from 2/2 to 4/4, while maintaining the existing rate limit of $10 million per hour. The official statement indicated that further updates will be provided as necessary.

According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a Senate Armed Services Committee hearing that Bitcoin is a "valuable computer science tool," and its proof-of-work technology has significant applications in cybersecurity, increasing the cost of attacks for adversaries and can be used to protect data, information, and command signals, helping to support U.S. national security interests.Paparo noted, "Beyond the economic aspect, it has very important computer science application value in cybersecurity." Previously, Jason Lowery, a member of the U.S. Space Force, also made similar points in 2023.

Jefferies, a Wall Street investment bank, pointed out that the approximately $293 million attack incident on Kelp DAO exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes that the attackers triggered market sell-offs and liquidity strains by minting uncollateralized tokens and engaging in cross-platform lending. This incident is thought to be related to the Lazarus Group and also highlights the single point of failure issues in the verification mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), the associated risks may cause some banks and asset management institutions to delay deployment and prioritize examining system security. Especially in scenarios that rely on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Under the backdrop of regulatory advancements and continuous improvements in infrastructure, applications such as stablecoins still have growth potential. However, the industry as a whole is still in the early stages of development and requires time to enhance system robustness.

The Coinbase Quantum Computing and Blockchain Independent Advisory Committee has released its first position paper stating that sufficiently powerful quantum computers may be able to crack the encryption mechanisms used by mainstream blockchains to protect digital assets in the future. However, such devices do not currently exist, and encrypted assets remain secure for now. The industry should begin preparing for quantum resistance upgrades starting now.The document points out that there are currently no substantial risks associated with Bitcoin mining, hash functions, and on-chain historical records; the main vulnerability lies in the digital signatures at the wallet layer. Ethereum has proposed a clearer migration roadmap, and Solana, Algorand, and Aptos have also begun to provide or plan quantum resistance solutions.

Market news: Security personnel disclosed a critical vulnerability in Cosmos CometBFT 0-day, which may cause block synchronization phase stagnation affecting over $8 billion in assets.