# Security Related Articles

HTX News Center provides the latest articles and in-depth analysis on "Security", covering market trends, project updates, tech developments, and regulatory policies in the crypto industry.

From Theory to Countdown: Google Sounds the Blockchain Quantum Resistance Alarm with Zero-Knowledge Proofs

An article discusses the significant threat quantum computing poses to blockchain and classical encryption systems, triggered by Google's recent research. By optimizing Shor's algorithm, Google reduced the logical qubits required to break 256-bit elliptic curve encryption from around 6,000 to just 1,200—slashing computational costs by 20 times. This advancement sets a potential countdown, with Google estimating 2029 as the deadline for upgrading to quantum-resistant cryptography. Both Bitcoin and Ethereum face severe risks. About 25-35% of Bitcoin addresses have exposed public keys, making them vulnerable to attacks, especially during transaction processing. Ethereum’s design exposes public keys upon first use, jeopardizing its entire network if signatures aren’t updated. Historical blockchain data remains permanently available for future quantum attacks. The solution lies in adopting post-quantum cryptography (PQC). Ethereum is already implementing account abstraction and PQC-based signatures, leveraging its upgradeable architecture. Bitcoin is considering BIP-360 to introduce quantum-resistant algorithms like FALCON or CRYSTALS-Dilithium, though consensus may delay action. Notably, Google used zero-knowledge proofs to disclose this threat responsibly, aiming to prevent panic. Collaboration with Ethereum Foundation researchers suggests抗量子 (quantum resistance) could become a major narrative, aligning with crypto’s cryptographic roots.

marsbit5h ago

From Theory to Countdown: Google Sounds the Blockchain Quantum Resistance Alarm with Zero-Knowledge Proofs

marsbit5h ago

OpenClaw Goes Viral, Exposing 12 Types of Critical Vulnerabilities; MCP Protocol Security Benchmark Released

The rapid rise of OpenClaw and similar AI Agents highlights the growing security risks associated with the Model Context Protocol (MCP), a standard enabling models to interact with external tools. Researchers from Beijing University of Posts and Telecommunications introduced MSB (MCP Security Bench), a security benchmark identifying 12 types of attacks across MCP’s three core stages: task planning, tool invocation, and response handling. These include name collision, false errors, retrieval injection, and mixed attacks. Notably, more capable models are often more vulnerable, with an average attack success rate (ASR) of 40.35%. The study also proposes a new metric, Net Resilient Performance (NRP), to balance security and utility. MSB evaluates agents in real-world environments, demonstrating that attacks remain effective even when harmless tools are present. The work underscores the urgent need for robust safety measures as AI agents gain broader tool-use capabilities.

marsbit7h ago

OpenClaw Goes Viral, Exposing 12 Types of Critical Vulnerabilities; MCP Protocol Security Benchmark Released

marsbit7h ago

Breaking: Claude Introduces Mandatory Real-Name Verification, Requires Live Selfie with ID, Otherwise Immediate Account Ban

Claude, the AI assistant by Anthropic, has introduced a mandatory real-name verification system, requiring users to submit a government-issued photo ID and a real-time selfie. This move aims to prevent misuse, enforce usage policies, and comply with legal obligations. The verification process, handled by third-party provider Persona, is triggered for certain use cases, platform integrity checks, or security measures. Users from unsupported regions, those under 18, or those violating terms of service risk account suspension—even after successful verification. The policy has sparked significant user backlash, with concerns over increased surveillance, loss of privacy, and potential disruption to workflows. Many fear the stricter controls will drive users to competitors like OpenAI’s ChatGPT, which is perceived as more stable and user-friendly. The announcement emphasizes data protection, stating that verification data is not used for model training or shared with third parties. However, users are advised to backup their data and avoid using personal subscriptions for unauthorized purposes like proxy services or multi-user setups to minimize risks.

marsbit11h ago

Breaking: Claude Introduces Mandatory Real-Name Verification, Requires Live Selfie with ID, Otherwise Immediate Account Ban

marsbit11h ago

Bitcoin Faces Quantum Risk — New Proposal Could Lock Vulnerable Coins

A new Bitcoin security proposal, BIP-361, introduces a three-phase plan to protect the network from the future threat of quantum computers. It specifically addresses the vulnerability of approximately 1.7 million BTC, including Satoshi Nakamoto's fortune, held in old-style P2PK addresses whose public keys are exposed. The proposal would eventually freeze any coins not moved to a new quantum-resistant format after a multi-year grace period. A controversial "rescue window" would allow users who miss the deadline to reclaim funds by proving ownership of their seed phrase. The plan has faced significant community backlash, with critics labeling it authoritarian and confiscatory for rendering old Bitcoin unspendable. Its adoption depends on achieving network consensus.

bitcoinist15h ago

Bitcoin Faces Quantum Risk — New Proposal Could Lock Vulnerable Coins

bitcoinist15h ago

Deutsche Börse Drops $200M On Kraken In Push Toward Hybrid Crypto Markets

Deutsche Börse Group has invested $200 million in Kraken's parent company, Payward, acquiring a 1.5% fully diluted stake. This investment, part of a secondary transaction, aims to advance Deutsche Börse's digital asset strategy and provide institutional clients with regulated crypto services. The deal, expected to close in Q2 2026, deepens a partnership established in 2025. Separately, Kraken reported a security incident where a criminal group accessed limited client support data for about 2,000 accounts, though no funds were at risk. Meanwhile, Bitcoin and Ethereum saw significant price rallies, with Bitcoin climbing back to $75,600.

bitcoinist20h ago

Deutsche Börse Drops $200M On Kraken In Push Toward Hybrid Crypto Markets

bitcoinist20h ago

Bitunix Exchange Secures ISO 27001:2022 Certification, Reinforcing Strong Protection of User Data

Bitunix, a cryptocurrency derivatives exchange, has obtained the ISO/IEC 27001:2022 certification, an international standard for information security management. This certification confirms that Bitunix has established formal systems to manage and protect sensitive user data and assets, following an external audit that evaluated its risk management and security controls. For users, this means stronger protection of personal information and funds, better alignment with global data protection rules, and increased operational transparency. The achievement reinforces user trust and commits the platform to continuous security improvements. Bitunix also maintains additional security measures, including Proof of Reserves with over 100% backing for major cryptocurrencies, real-time Merkle tree verification, a 1:1 asset backing model, and a $30 million USDC care fund for unexpected situations. According to Chief Strategy Officer Steven Gu, the certification reflects the company's commitment to security and transparency, ensuring users can trade with confidence. The exchange plans to continue updating its security practices as it grows.

TheNewsCryptoYesterday 11:12

Bitunix Exchange Secures ISO 27001:2022 Certification, Reinforcing Strong Protection of User Data

TheNewsCryptoYesterday 11:12

Kraken Reveals Extortion Demands After Client Data Incident: ‘We Will Not Pay’, Security Chief Says

Kraken, a major US crypto exchange, has publicly refused extortion demands from a criminal group following two incidents of unauthorized access to limited client support data. Chief Security Officer Nick Percoco stated the exchange identified and terminated access for individuals involved, emphasizing that no systems were breached and user funds remained safe. Approximately 2,000 client accounts (0.02% of users) were affected. Kraken is cooperating with law enforcement and industry partners to investigate what it describes as insider recruitment efforts targeting multiple sectors. The incident has sparked community concerns over insider threats and data security, drawing comparisons to a similar past event at Coinbase.

bitcoinistYesterday 14:02

Kraken Reveals Extortion Demands After Client Data Incident: ‘We Will Not Pay’, Security Chief Says

bitcoinistYesterday 14:02

Web3er Travel Safety Manual: a16z Security Lead's 6-Step Checklist

Web3 Travel Safety Guide: 6-Step Checklist from a16z's Security Lead With increased travel for crypto conferences, a16z's security head and former Secret Service agent Carl Agnelli shares a personal safety guide for Web3 professionals. Step 1: Develop a security mindset. Understand what’s normal, trust your intuition, and create small safety habits. Distance equals safety—avoid confrontation by leaving suspicious situations. Step 2: Stay alert in public. Remain aware of your surroundings, avoid routines, and don’t discuss sensitive travel plans loudly in public or rideshares. Step 3: Day and night safety. Walk with purpose, avoid walking alone at night, share your location with trusted contacts, and never discuss crypto holdings in public. Step 4: Safer travel and hotels. Travel discreetly, familiarize yourself with hotel emergency routes, use the safe, and keep an emergency kit handy. Step 5: Extra precautions for high-risk roles. Use a decoy wallet, avoid company logos, reduce your digital footprint, secure your home, and practice locating exits and cover in public. Step 6: Maintain safety habits. Keep a low profile, avoid sharing family photos online, regularly review home and digital security, and conduct monthly drills.

marsbit2 days ago 08:46

Web3er Travel Safety Manual: a16z Security Lead's 6-Step Checklist

marsbit2 days ago 08:46

In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

On April 1, 2026, Drift Protocol, the largest perpetual futures DEX on Solana, suffered a catastrophic hack resulting in a loss of $285 million. The attack, attributed to a sophisticated social engineering campaign rather than a technical exploit, unfolded over several months. Hackers first infiltrated Drift’s internal circles by posing as a legitimate market maker, building trust over time. They then exploited Solana’s "Durable Nonce" feature to trick core team members into blindly signing transactions that granted administrative control. A critical vulnerability was introduced when Drift migrated to a 2/5 multisig structure without a timelock, allowing instant execution of privileged transactions with just two signatures. The attackers finally triggered the attack by adding a fake token (CVT) to the whitelist, manipulating its oracle price, and using it as collateral to drain the protocol’s treasury. The incident highlights fundamental flaws in DeFi governance, including overreliance on multisig mechanisms that lack intent verification and are vulnerable to social engineering. It underscores the misalignment between retail-grade security tools and institutional-scale treasury management. The hack signals the need for a security paradigm shift in DeFi, including adoption of Hardware Security Modules (HSMs) for key management, intent-based policy engines for transaction validation, and professional third-party custody solutions to ensure institutional-grade safety.

marsbit2 days ago 12:00

In-Depth Reconstruction of the $285 Million Drift Hack: How Should DeFi Governance Move Beyond "Amateur Hour"?

marsbit2 days ago 12:00

1 Billion DOT Minted Out of Thin Air, Yet Hacker Only Made $230,000

On April 13, a security breach occurred involving the Polkadot bridge on the Ethereum network, where an attacker exploited a replay vulnerability in the MMR proof mechanism of Hyperbridge’s ISMP protocol. By reusing a historically valid proof and pairing it with a malicious request, the attacker bypassed verification and gained admin and minting rights over the wrapped DOT contract on Ethereum. They then minted 1 billion wrapped DOT tokens—2,805 times the existing supply—and attempted to liquidate them. However, due to extremely low liquidity in the wrapped DOT market, the massive sell-off crashed the token’s price by 99.98%, from $1.22 to approximately $0.000128. The attacker ultimately exchanged the tokens for only about 108.2 ETH (worth roughly $237,000), with gas costs as low as $0.74. The same exploit had been used previously in attacks on MANTA and CERE tokens, resulting in a total loss of around $242,000. Polkadot confirmed that the incident only affected DOT bridged via Hyperbridge to Ethereum and did not impact the native Polkadot network or DOT on other bridges. Exchanges including Upbit and Bithumb temporarily suspended DOT deposits and withdrawals as a precaution. The event highlights ongoing vulnerabilities in cross-chain infrastructure and the critical role of liquidity in limiting actual damages during large-scale exploits. It also reflects a broader trend of increasing DeFi security incidents in early 2026.

marsbit04/13 10:10

1 Billion DOT Minted Out of Thin Air, Yet Hacker Only Made $230,000

marsbit04/13 10:10

活动图片

Regulatory Policy