Connect with us

Coin Market

Bitcoin price taps 3-week lows as SEC fears liquidate $250M of crypto longs

Published

on

Panic over regulatory enforcement sees Bitcoin and altcoins give up recent gains, costing long traders over a quarter of a billion dollars in a single day.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Coin Market

Washington moves on crypto: Stablecoin and blockchain bills signal regulatory momentum

Published

on

By

In this week’s episode of Byte-Sized Insight, on Decentralize with Cointelegraph, we break down a pivotal moment for US crypto legislation. 

In a 66–32 procedural vote on May 19, the US Senate advanced the GENIUS Act, a landmark bill aimed at establishing a comprehensive regulatory framework for stablecoins. Meanwhile, across the Capitol, Representative Tom Emmer reintroduced the Blockchain Regulatory Certainty Act, backed by bipartisan support.

Breaking down GENIUS

The GENIUS Act — short for “Guiding and Establishing National Innovation for U.S. Stablecoins Act” — seeks to answer foundational questions around stablecoin issuance and oversight.

“It defines this idea of a payment stablecoin,” explained Rashan Colbert, director of US policy at the Crypto Council for Innovation, in this week’s interview. Colbert emphasized that the bill doesn’t stop at definitions. 

“It outlines in a robust way just who’s allowed to do this and what they need to look like.” 

By this, he’s referring to guidelines on who can be permitted issuers like bank subsidiaries, credit unions and approved non-bank entities.

Related: Interest groups, lawmakers to protest Trump’s memecoin dinner

This bipartisan momentum seen backing the GENIUS Act is both exciting and significant. 

“There has been latent support within Congress, including within the Democratic caucus,” Colbert said. “They just haven’t had the opportunity to take meaningful votes.”

Blockchain dev protection

On the House side, the Blockchain Regulatory Certainty Act, co-sponsored by Representatives Emmer and Ritchie Torres, aims to give legal clarity to developers and service providers who don’t custody customer funds.

“It clarifies that they are not money transmitters,” said Colbert. “That’s the clarity these builders and entrepreneurs need to continue operating successfully.”

With crypto adoption on the rise — particularly among minority communities — Colbert said the pressure is on. “Something like one in five Americans hold crypto. That number is even larger in the Black, Latino and Asian-American communities,” he noted.

Looking ahead, the push toward broader market structure reform will be more complex. Colbert’s advice? Get involved. “It really is, at the end of the day, the people making their voices heard,” he said. “Crypto is a big deal — and Capitol Hill is finally starting to listen.”

Listen to the full episode of Byte-Sized Insight for the complete interview on Cointelegraph’s Podcasts page, Apple Podcasts or Spotify. And don’t forget to check out Cointelegraph’s full lineup of other shows! 

Magazine: Legal Panel: Crypto wanted to overthrow banks, now it’s becoming them in stablecoin fight

Continue Reading

Coin Market

Twice lucky? Cetus’ recovery plan on Sui mirrors a Solana blueprint

Published

on

By

The bounty offer to recover stolen funds from Sui-based decentralized exchange (DEX) Cetus closely resembles a successful strategy used by a Solana project three years ago.

It turns out that Cetus shares the same development team as Crema Finance, a Solana-based DeFi project that suffered a $9-million hack in 2022 but recovered most of the funds by negotiating with its hacker. Now, Cetus is relying on the same strategy.

Cetus is asking the hacker to return all but $6 million, or 2,324 Ether (ETH), of the stolen funds in exchange for a promise not to pursue legal action. The protocol lost $223 million to an exploit on May 22.

The size of the bounty has sparked backlash from users, with many calling for a formal compensation plan instead. Several community members argue that even if funds are recovered, most of the damage has already been done — especially to holders of the CETUS token, which plummeted in value following the incident.

Meanwhile, Sui validators are also under fire for their role in freezing the funds. The move is aimed at aiding recovery, yet critics say it exposes centralization risks in the network.

CETUS immediately dropped around 35% following the hack. Source: CoinGecko

Sui’s Cetus devs have a phantom exchange on Solana

A similar negotiation strategy used by the Cetus team on Sui was successfully employed years ago to recover funds for Crema. The Solana project hasn’t posted on its X account since March 2023, and its trading platform now sees negligible volume, but it still didn’t end well for the hacker.

Crema suffered an approximately $9-million hack in 2022. Much like the Cetus case, the Crema hacker was offered a deal to return the funds while keeping $1.6 million in exchange for not reporting the attack to law enforcement.

Cetus offers a $6-million reward and exemption from further legal action from the project if the remaining funds are returned. Source: SuiVision

The hacker is believed to have been caught and sent to prison. In April 2024, the US Attorney’s Office for the Southern District of New York sentenced Shakeeb Ahmed to three years in prison for hacking two separate cryptocurrency exchanges. One was identified as Nirvana Finance, while the other was not named.

Related: Which senators invest in crypto? 11 lawmakers have blockchain-related investments

The details of the unnamed exchange’s case match Crema’s hack, including the exact date of the exploit and the terms of the agreement. 

Norbert Bodziony, founder of Nightly App, claims the Cetus team was behind Crema Finance.

Crema Finance suffered a hack in July 2022. Source: Norbert Bodziony

Bodziony declined to disclose how he learned of the relationship to Cointelegraph but added that the connection is “commonly known” in Sui’s developer circles. 

Cointelegraph reached out to Cetus to confirm the connection between the two projects, but the team had not responded by publication.

Cointelegraph has separately learned that both projects are founded by Henry Du.

Save Cetus; centralize Sui

Sui’s validators have collectively blocked transactions from the hacker’s addresses, effectively freezing $162 million of the stolen funds on Sui. Around $63 million had already been bridged to Ethereum before these controls were implemented.

Although the coordinated effort has been effective in preventing the funds from being laundered, the cryptocurrency community has criticized Sui for being too centralized.

“SUI’s validators are colluding to CENSOR the hacker’s TXs right now! Does that make SUI centralized? The short answer is YES; what matters more is why? The ‘founders’ own the majority of supply & there are only 114 validators!” Justin Bons, founder of Cyber Capital, wrote on X.

Some users challenge Bons’ claim, arguing that decentralization doesn’t mean a free-for-all. Source: Squatch/Justin Bons

As Bons pointed out, Sui has just 114 validators — far fewer than its more established smart contract peers. Ethereum has over 1 million validators, while Solana has 1,157.

Meanwhile, members of the Sui community defended the move, arguing that this is how real-world decentralized chains should function.

“Decentralization isn’t about standing by while people get hurt, it’s about the power to act together, without needing permission,” said one member of the Sui community.

Related: WLFI’s DeFi credentials under fire after Sui partnership

Following the hack, Sui developers committed code for a proposed function that would have allowed specific transactions to bypass all signing and safety checks by adding them to a whitelist. 

While the function could have been used to help recover stolen funds, it also raised concerns about centralized control and the erosion of decentralization. The code was ultimately not merged and is not live on the network.

SUI’s price has also been damaged by the Cetus exploit. Source: CoinGecko

Sui and Cetus backlash contrasts recent hacks

The Cetus exploit has spotlighted the persistent security challenges in DeFi while raising deeper questions around who holds the reins in supposedly decentralized networks like Sui.

The team’s $6-million offer to the hacker mirrors the playbook it used with Crema — but this time, the crypto community isn’t as forgiving. With CETUS tanking, trust fractured and validators freezing funds, critics are asking whether Sui’s decentralization is more appearance than reality.

The debate over decentralization isn’t unique to Sui. When Bybit lost $1.4 billion in a February hack linked to North Korean state actors, security experts and users urged platforms like THORChain and eXch to block the funds. 

In that case, THORChain received some backlash for not stepping in, which is the exact opposite of what Sui is being criticized for now.

As of now, the hacker hasn’t accepted Cetus’ offer. Two Ethereum wallets tied to the exploiter still hold over $60 million in ETH, with no movement at the time of writing. The Sui addresses remain paralyzed.

Magazine: TradFi is building Ethereum L2s to tokenize trillions in RWAs: Inside story

Continue Reading

Coin Market

What is DNS hijacking? How it took down Curve Finance’s website

Published

on

By

Understanding the Curve Finance DNS hijacking

On May 12, 2025, at 20:55 UTC, hackers hijacked the “.fi” domain name system (DNS) of Curve Finance after managing to access the registrar. They began sending its users to a malicious website, attempting to drain their wallets. This was the second attack on Curve Finance’s infrastructure in a week.

Users were directed to a website that was a non-functional decoy, designed only to trick users into providing wallet signatures. The hack hadn’t breached the protocol’s smart contracts and was limited to the DNS layer.

The DNS is a critical component of the internet that functions like a phonebook. It allows you to use simple, memorable domain names (such as facebook.com) instead of complex numerical IP addresses (like 192.168.1.1) for websites. DNS converts these user-friendly domain names into the IP addresses computers require to connect.

This is not the first time Curve Finance, a decentralized finance (DeFi) protocol, has suffered such an attack. Back in August 2022, Curve Finance faced an attack with similar tactics. The attackers had cloned the Curve Finance website and interfered with its DNS settings to send users to a duplicate version of the website. Users who tried using the platform ended up losing their money to the attackers. The project was using the same registrar, “iwantmyname,” at the time of the previous attack.

How attackers execute DNS hijacking in crypto

When a user types a web address, their device queries a DNS server to retrieve the corresponding IP address and connect to the correct website. In DNS hijacking, fraudsters interfere with this process by altering how DNS queries are resolved, rerouting users to malicious sites without their knowledge.

Fraudsters execute DNS hijacking in several ways. Attackers might exploit vulnerabilities in DNS servers, compromise routers, or gain access to domain registrar accounts. The objective is to change the DNS records so that a user trying to visit a legitimate site is redirected to a fake, lookalike page containing wallet-draining code. 

Types of DNS hijacking include:

Local DNS hijack: Malware on a user’s device changes DNS settings, redirecting traffic locally. Router hijack: Attackers compromise home or office routers to alter DNS for all connected devices. Man-in-the-middle attack: Intercepts DNS queries between user and server, altering responses on the fly. Registrar-level hijack: Attackers gain access to a domain registrar account and modify official DNS records, affecting all users globally.

Did you know? During the Curve Finance DNS attack in 2023, users accessing the real domain unknowingly signed malicious transactions. The back end was untouched, but millions were lost through a spoofed front end.

How DNS hijacking worked in the case of Curve Finance

When attackers compromise a website with DNS hijacking, they can reroute traffic to a malicious website without the user’s knowledge. 

There are several ways DNS hijacking can occur. Attackers might infect a user’s device with malware that alters local DNS settings, or they may gain control of a router and change its DNS configuration. They may also target DNS servers or domain registrars themselves. In such cases, they modify the DNS records at the source, affecting all users trying to access the site.

In the case of Curve Finance, the attackers infiltrated the systems of the domain registrar “iwantmyname” and altered the DNS delegation of the “curve.fi” domain to redirect traffic to their own DNS server. 

A domain registrar is a company authorized to manage the reservation and registration of internet domain names. It allows individuals or organizations to claim ownership of a domain and link it to web services like hosting and email.

The precise method of the breach is still under investigation. By May 22, 2025, no evidence of unauthorized access or compromised credentials was found.

Did you know? DNS hijacking attacks often succeed by compromising domain registrar accounts through phishing or poor security. Many Web3 projects still host domains with centralized providers like GoDaddy or Namecheap. 

How Curve Finance responded to the hack

While the registrar was slow to respond, the Curve team took measures to deal with the situation. It successfully redirected the “.fi” domain to neutral nameservers, thus taking the website offline while efforts to regain control continued. 

To ensure safe access to the frontend and secure fund management, the Curve team quickly launched a secure alternative at “curve.finance,” now serving as the official Curve Finance interface temporarily.

Upon discovering the exploit at 21:20 UTC, the following actions were taken: 

Users were immediately notified through official channelsRequested the takedown of the compromised domainInitiated mitigation and domain recovery processesCollaborated with security partners and the registrar to coordinate a response.

Compromise of the domain notwithstanding, the Curve protocol and its smart contracts remained secure and fully operational. During the disruption of the front end, Curve processed over $400 million in onchain volume. No user data was at risk, as Curve’s front end does not store any user information.

Throughout the compromise, the Curve team was always available through its Discord server, where users could raise issues with them.

After implementing immediate damage control measures, the Curve team is now taking additional steps to prepare for the future.

Assessing and enhancing registrar-level security, incorporating stronger protections and exploring alternative registrarsInvestigating decentralized front-end options to eliminate dependence on susceptible web infrastructurePartnering with the broader DeFi and Ethereum Name Service (ENS) communities to advocate for native browser support for “.eth” domains.

Did you know? Unlike smart contract exploits, DNS hijacks leave no trace onchain initially, making it hard for users to realize they have been tricked until funds are gone. It is a stealthy form of crypto theft.

How crypto projects can deal with DNS hijacking vulnerability

The Curve Finance attack is concerning because it bypassed the decentralized security mechanisms at the protocol level. Curve’s backend, meaning its smart contracts and onchain logic, remained unharmed, yet users lost funds because they were deceived at the interface level. This incident underscores a significant vulnerability in DeFi. 

While the backend may be decentralized and trustless, the front end still depends on centralized Web2 infrastructure like DNS, hosting and domain registrars. Attackers can exploit these centralized choke points to undermine trust and steal funds. 

The Curve attack serves as a wake-up call for the crypto industry to explore decentralized web infrastructure, such as InterPlanetary File System (IPFS) and Ethereum Name Service (ENS), to reduce reliance on vulnerable centralized services.

To address the gap between decentralized backends and centralized frontends, crypto projects must adopt a multi-layered approach. 

Here are various ways crypto projects can deal with this gap:

Minimize reliance on traditional DNS: They can minimize reliance on traditional DNS by integrating decentralized alternatives of DNS like the ENS or Handshake, which reduce the risk of registrar-level hijacks. Use decentralized file storage systems: Hosting frontends on decentralized file storage systems such as IPFS or Arweave adds another layer of protection.Implement domain name system security extensions (DNSSEC): Teams should implement DNSSEC to verify the integrity of DNS records and prevent unauthorized changes. Secure registrar accounts: Registrar accounts must be secured with strong authentication methods, including multifactor authentication (MFA) and domain locking. Train users: Educating users to verify site authenticity, such as bookmarking URLs or checking ENS records, can reduce phishing success rates. 

Bridging the trust gap between decentralized protocols and centralized interfaces is essential for maintaining security and user confidence in DeFi platforms.

Continue Reading

Trending