Autor Cointelegraph by Amin Haqshanas

The vulnerability that led to ZetaChain’s recent exploit had been flagged through its bug bounty program before the attack, but was dismissed as intended behavior.In a post-mortem published Wednesday, the team said the incident has prompted a review of how it handles bug bounty submissions, particularly reports involving chained attack vectors that may appear harmless in isolation but are dangerous in combination.“This bug was reported and they simply ignored it,” one user wrote on X. “That’s how bug bounty programs work with these protocols currently; they incentivize losses for the protocol, the TVL, and the user’s balance instead of paying the researcher for discovering and fixing the bug,” they added.ZetaChain lost approximately $334,000 to a premeditated exploit on Sunday that targeted its cross-chain gateway contract. The exploit drained funds across nine transactions on four chains, including Ethereum, Arbitrum, Base and BSC, all from ZetaChain-controlled wallets. No user funds were affected.Related: Crypto hackers stole $17B over past 10 years: DefiLlamaAttacker exploits small design flawsZetaChain said in its post-mortem that the attacker exploited three design flaws that, individually, might have seemed minor, but together opened the door to a full drain. First, the gateway allowed anyone to send arbitrary cross-chain instructions with no restrictions. Second, on the receiving end, it would execute almost any command on any contract, with a blocklist so narrow it missed basic token transfer functions.Third, wallets that had previously used the gateway had left unlimited spending permissions in place that were never cleaned up. By combining all three, the attacker simply told the gateway to transfer tokens from victim wallets to their own, and the gateway complied.Source: ZetaChain“This was not an opportunistic attack,” ZetaChain said in its post-mortem. The attacker funded their wallet through Tornado Cash three days before the exploit, deployed a purpose-built drainer contract on ZetaChain and ran an address poisoning campaign before seeding it into their transaction history via dust transfers.ZetaChain added that a patch permanently disabling the arbitrary call functionality is being rolled out to mainnet nodes. The platform also removed unlimited token approvals from its deposit flow, replacing them with exact-amount approvals going forward.Related: Ethical hacker intercepts $2.6M in Morpho Labs exploitAI DeFi exploit success rate increasesA new study by a16z tested whether an off-the-shelf AI agent could go beyond identifying DeFi vulnerabilities and actually produce working exploits. Using OpenAI’s Codex against a dataset of 20 real Ethereum price manipulation incidents, researchers ran the agent in a sandboxed environment with no access to future transaction data and no guidance on how the attacks worked. The agent succeeded in just 10% of cases.However, when researchers fed the agent structured knowledge about common attack patterns and exploit workflows, the success rate jumped to 70%.Magazine: How to fix suspected insider trading on Polymarket and KalshiCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

South Korea’s Hana Financial Group, POSCO International and Dunamu, the operator of the crypto exchange Upbit, have signed a trilateral memorandum of understanding (MoU) to launch their blockchain-based remittance system, with POSCO International serving as the first real-world test case.The agreement, signed Tuesday at Hana Financial Group’s Seoul headquarters, follows a successful proof-of-concept (PoC) completed earlier this year by Hana and Dunamu, which showed that blockchain could reduce settlement times and costs compared to the traditional SWIFT framework. That pilot used Dunamu’s proprietary GIWA Chain to replace SWIFT’s messaging network for cross-border transfers.The new MoU allows the system to be tested on real trade transactions for the first time, with POSCO International handling the actual fund flows, the company said in a Wednesday announcement.Traditional cross-border payments use SWIFT, where sending the payment instruction and actually moving the money are two separate steps, which slows things down and adds costs. The blockchain system combines both into a single real-time process, making transfers faster and cheaper.Related: South Korea to pilot tokenized deposits for government spendingDunamu’s GIWA Chain to power blockchain remittance systemUnder the deal, POSCO International’s trading arm will handle business application using real transaction flows, Hana Financial will manage remittance processing, fund settlement and foreign exchange, while Dunamu provides the blockchain infrastructure through GIWA Chain and maintains the transaction record.“We have established a foundation for mid-to-long-term partnerships with leading domestic companies in the fields of digital finance and digital assets,” Lee Gye-in, president of POSCO International, said.From left to right: Hana Financial Group vice chairman Lee Eun-hyung, POSCO International president Lee Gye-in, and Dunamu CEO Oh Kyung-seok. Source: POSCOThe three companies plan to establish a working model for real-time blockchain remittances before the end of the year.Related: Naver-Dunamu filing sets IPO committee, listing timeline for fintech groupPOSCO International deepens crypto pushThe deal adds to POSCO International’s broader push into digital finance. The company recently issued blockchain-based foreign currency digital bonds worth approximately 140 billion won (about $95 million) with HSBC, and last year introduced a blockchain-based global payment system with JP Morgan.As Cointelegraph reported, South Korean internet-only bank Kbank has also partnered with Ripple to test blockchain-based cross-border remittances.Magazine: South Korea gets rich from crypto… North Korea gets weaponsCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Japan’s financial, law enforcement and real estate regulators have issued a joint guidance request warning that crypto assets pose money laundering risk in property transactions.The request, published on Tuesday, was issued by the Ministry of Land, Infrastructure, Transport and Tourism, the Financial Services Agency, the National Police Agency and the Ministry of Finance. It was addressed to major real estate and crypto industry bodies, including the Japan Cryptocurrency Business Association and several national real estate federations.“Crypto assets, which have the nature of being transferred instantly across national borders, are considered to pose a high risk of being used as a payment method in real estate transactions for the purpose of money laundering,” the request states.Japan sends request regarding crypto usage in property deals. Source: FSAThe multi-agency request instructed real estate agents to conduct customer due diligence on any crypto-involved transaction under Japan’s Act on Prevention of Transfer of Criminal Proceeds, file suspicious transaction reports with regulators and notify police when criminal activity is suspected, bringing bank-style Anti-Money Laundering (AML) expectations into crypto property deals.Related: Japan approves bill to classify crypto as financial instrumentsJapan warns against unregistered crypto in property dealsThe request warned that converting crypto to fiat on behalf of clients may constitute “crypto asset exchange business” under the Payment Services Act, an activity that requires registration and carries legal risk if conducted without it.It also asked crypto exchanges to watch for cases where a customer receives property sale proceeds in crypto and then attempts unusually large transactions that don’t match their financial background.Furthermore, the document reminded firms that under Japan’s Foreign Exchange and Foreign Trade Act, anyone receiving crypto worth more than 30 million Japanese yen (approximately $180,000) from overseas must file a payment report with authorities.Related: Japan to test government bonds as digital collateral on CantonJapan classifies crypto as financial instrumentEarlier this month, Japan amended its Financial Instruments and Exchange Act to classify crypto assets as financial instruments, moving them out of the payments category and into the same regulatory framework as traditional securities.The change bans insider trading and other market manipulation involving undisclosed information, and requires crypto issuers to publish annual disclosures. Penalties for unregistered crypto exchanges have also been stiffened under the amendment, while the government separately backed plans late last year to cap the tax rate on crypto profits at a flat 20%.Magazine: Will the CLARITY Act be good — or bad — for DeFi?Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Ondo Finance has teamed up with financial technology giant Broadridge to give holders of tokenized stocks and exchange-traded funds (ETFs) the ability to participate in proxy voting.Broadridge has built a Web3-enabled relay system where tokenholders connect their crypto wallet to Broadridge’s ProxyVote platform, submit their voting preference, and Ondo’s issuer then votes the real shares accordingly, with the entire process recorded onchain for transparency, according to a Tuesday announcement.“By working with Broadridge, we are enabling holders of our on-chain tokenized stocks to access governance and voting capabilities, with all the additional benefits on-chain tokens provide,” Matthieu de Vergnes, global head of institutional at Ondo Finance, said.Proxy voting is when a shareholder authorizes someone else to vote on corporate matters on their behalf. It has long been a standard feature of traditional equity ownership, but tokenized stocks have largely lacked it. The Broadridge integration addresses this gap, letting investors sign in via their crypto wallets, confirm their holdings and submit votes.Related: SEC ‘on the cusp’ of onchain tokenized securities exemption: AtkinsTokenized stocks hit $1.15 billionTokenized stocks have surged to $1.15 billion in distributed value, up 25.46% over the past 30 days, according to data from RWA.xyz. Monthly transfer volume stands at $2.27 billion, with over 217,000 holders, up 9.26% in the last month alone.Tesla, NVIDIA, and S&P 500-linked products are among the most prominent assets by value, alongside Circle Internet and Strategy-linked tokens.Tokenized stocks continue to grow. Source: RWA.xyzOndo, which claims roughly 70% of the tokenized stock market with over $700 million in total value locked, offers its products across Solana (SOL), Ethereum (ETH) and BNB Chain (BNB). The tokens are backed by the corresponding stocks or ETFs.Related: UK plans payments rule changes for stablecoins, tokenized depositsFranklin Templeton, Ondo bring tokenized ETFs to crypto walletsLast month, Franklin Templeton and Ondo Finance announced a partnership to bring tokenized versions of Franklin’s ETFs onchain, giving investors access through crypto wallets rather than traditional brokerage accounts. The initial offering covers five funds spanning US equities, fixed income, and gold, available across Europe, Asia-Pacific, the Middle East and Latin America, with US access pending regulatory clarity.Meanwhile, Binance has listed 10 tokenized assets from Ondo Global Markets on its Binance Alpha platform, including tokens tracking Apple, Nvidia and the Invesco QQQ ETF.Magazine: Should users be allowed to bet on war and death in prediction markets?Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

Bitcoin miner Core Scientific plans to scale its Texas operations into a large artificial intelligence-focused data center campus with up to 1.5 gigawatts of gross power capacity.In a Monday announcement, the company said it is developing its Pecos, Texas, site into a high-density colocation hub designed to support AI workloads amid rising demand for computing infrastructure. Of the planned capacity, about 1 GW is expected to be available for leasing.“We continue to leverage our deep in-house expertise to differentiate how we build and scale next generation artificial intelligence infrastructure,” Adam Sullivan, CEO of Core Scientific, said.As part of the transition, roughly 300 megawatts currently used for Bitcoin mining at the site are being repurposed for data center operations, Core Scientific said. The company added that the first data hall has completed foundational work and is moving into vertical construction, with initial capacity expected in early 2027.Core Scientific shares are up 44% YTD. Source: Yahoo! FinanceThe company has also secured an additional 300 megawatts of power under contract with its utility provider, while outlining plans for further expansion through a behind-the-meter solution.Aside from Core Scientific, other miners are also exploring alternative revenue streams as mining margins tighten, with a focus on AI. In February, MARA Holdings acquired a 64% stake in French infrastructure company Exaion, expanding into AI services. Other miners, including Hive, Hut 8, TeraWulf and Iren, are also repurposing mining facilities into data centers.Related: CoreWeave shows how crypto-era infrastructure quietly became AI’s backboneCore Scientific acquires 200 acresTo support the buildout, Core Scientific said it has acquired more than 200 acres of land in the area.Last week, the company also announced plans to raise $3.3 billion through senior secured notes due 2031 to fund data center expansion across Georgia, Texas, North Carolina and Oklahoma. The move follows a separate $1 billion credit facility secured from Morgan Stanley in March.Core Scientific has historically generated most of its revenue from mining digital assets, but has been increasing its focus on infrastructure services. The company operates facilities across several US states, including Texas, Georgia and North Carolina.Related: Core Scientific Q4 Earnings Miss Moves Shares LowerNYDIG to buy idle New York smelterAs Cointelegraph reported, Alcoa is close to selling its long-dormant Massena East smelter in upstate New York to Bitcoin mining firm NYDIG, with the deal expected to close by the middle of the year. The plant has sat unused since 2014, when it was shut down due to high energy costs and global competition.Earlier this year, Century Aluminum also sold its Hawesville smelter in Kentucky for $200 million to crypto miner TeraWulf, which plans to convert it into a high-performance computing and AI facility.Magazine: Bitcoin will not hit $1M by 2030, says veteran trader Peter BrandtCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.