Kategorie: Ethereum News

Ethereum news about the ETH blockchain and its crypto ecosystem.

Veröffentlicht am

Shai Hulud malware hits NPM as crypto libraries face a growing security crisis

  • The infection includes at least 10 major crypto packages linked to the ENS ecosystem.
  • A previous NPM attack in early September resulted in 50 million dollars in stolen crypto.
  • Researchers found more than 25,000 affected repositories during the investigation.

A new round of NPM infections has triggered concern across the JavaScript community as the Shai Hulud malware continues to move through hundreds of software libraries.

Aikido Security has confirmed that more than 400 NPM packages have been compromised, including at least 10 widely used across the crypto ecosystem.

The scale of the issue places developers under immediate pressure to assess the risk, especially those working with blockchain tools and applications.

The disclosure came on Monday when Aikido Security released a detailed list of contaminated libraries following a review of unusual behaviour on NPM.

A separate post from researcher Charles Eriksen also highlighted the infection list on X, drawing attention to key ENS packages involved in the incident.

The infections appear to be tied to an active supply chain attack that has been unfolding in recent weeks, adding momentum to a pattern of escalating security incidents within JavaScript infrastructure.

Threat expands beyond earlier NPM attacks

The surge in infections follows a major NPM breach in early September. That earlier case ended with attackers stealing 50 million dollars worth of crypto, making it one of the largest supply chain incidents linked directly to digital asset theft.

According to Amazon Web Services, the attack was followed within a week by the appearance of Shai Hulud, which began spreading autonomously across projects.

While the initial September incident targeted crypto assets directly, Shai Hulud operates differently. It focuses on collecting credentials from any environment that downloads an infected package. If wallet keys happen to be present, they are treated like any other secret and extracted.

This shift in behaviour makes the new incident broader in scope.

Instead of aiming at a single objective, the malware integrates itself into developer workflows and moves through dependency chains, increasing the chance of accidental exposure across both crypto and non-crypto projects.

ENS packages heavily affected

The crypto packages affected in the latest review show a clear concentration around the Ethereum Name Service ecosystem. Several ENS-related libraries, many with tens of thousands of weekly downloads, appear on the compromised list.

These include content-hash, address-encoder, ensjs, ens-validation, ethereum-ens, and ens-contracts.

To support the findings, Eriksen shared a detailed X post outlining the compromised ENS packages. Shortly after, a second X update from Eriksen expanded on the wider spread of infections affecting additional repositories.

Each ENS package supports functions used across wallet interfaces, blockchain applications, and tools that convert human-readable names into machine-readable formats.

Their popularity means that the impact may stretch beyond direct maintainers to downstream developers who rely on them for core operations.

A separate crypto library, crypto-addr-codec, was also identified among the compromised packages. Though unrelated to ENS, it is used in wallet-related processes and carries high weekly traffic, making its contamination another priority area for security reviews.

Growing impact across non-crypto software

The spread is not limited to digital asset tools. Several non-crypto libraries have also been impacted, including packages associated with the workflow automation platform Zapier.

Some of these report weekly downloads well above forty thousand, indicating the malware has reached parts of the JavaScript ecosystem unrelated to blockchain activity.

Additional libraries highlighted in later posts show even higher levels of distribution. One package appeared close to seventy thousand weekly downloads.

Another recorded weekly traffic above one and a half million, reflecting a much wider footprint than early reports suggested.

The rapid expansion has drawn attention from other security teams. Researchers at Wiz stated that they had identified more than twenty-five thousand affected repositories linked to around three hundred and fifty users.

They also noted that one thousand new repositories were being added every thirty minutes in the early stages of the investigation.

This level of growth demonstrates how quickly supply chain contamination can accelerate when packages replicate across dependency networks.

Developers working with NPM have been advised to perform immediate checks, validating environments and scanning for possible exposure.

With dependency chains being interlinked across multiple industries, even teams outside the crypto sector could unknowingly integrate infected packages.

The post Shai Hulud malware hits NPM as crypto libraries face a growing security crisis appeared first on CoinJournal.

Veröffentlicht am

Coinbase rolls out Ethereum-backed loans for users to borrow USDC without selling

  • Ether holders on the exchange can borrow up to $1M in USDC using ETH as collateral.
  • That ensures access to liquidity/cash without selling their holdings.
  • The service is available in all US states, excluding New York.

Leading exchange Coinbase has introduced a new feature that will likely reduce selling pressure amid the current broader crypto market turmoil.

The trading platform has launched Ethereum-backed loans, allowing users in most American states to access on-chain cash without offloading their holdings.

Notably, borrowers can use ETH assets as collateral and receive loans of up to $1,000,000 in USDC stablecoin.

The team has confirmed on X:

ETH-backed loans are here. You can borrow USDC against your Ethereum, unlocking liquidity without selling.

This move is vital for Ethereum holders who want liquidity without dumping their tokens.

Rather than selling ETH and possibly missing out on potential price gains, Coinbase users can leverage their balances while keeping them intact.

How do ETH-backed loans work?

The process is straightforward. Users deposit Ethereum on their Coinbase accounts as collateral to borrow USDC.

They receive back their collateral after repayment.

Meanwhile, customers will enjoy top-notch flexibility.

Individuals can borrow while maintaining exposure to their holdings, access funds almost instantly, and leverage USDC for various on-chain activities, including day-to-day expenses and trading.

Nevertheless, borrowers should consider the fact that Ethereum’s price movements can impact their loans.

For instance, a swift decline in the alt’s value could demand increasing collateral to avoid liquidation.

Why should you care?

Accessing cash online means selling assets for most cryptocurrency investors, even sometimes facing tax consequences.

Coinbase solves that through Ethereum-backed loans, offering access to liquidity without offloading assets.

The development reflects how cryptocurrency firms are expanding beyond trading services.

Most networks are integrating lending, borrowing, and earning solutions for their users as digital assets’ adoption continues.

Moreover, it confirmed Coinbase’s trust in Ethereum as a legitimate financial instrument, equal to real-world assets (like real estate and stocks) that can serve collateral purposes.

Notably, Coinbase introduced cryptocurrency-backed loans in mid-January this years, and starget with Bitcoin.

The goal was to give users control over their finances while ensuring safety, speed, and transparency.

The team emphasized:

Crypto-backed loans are another major step towards empowering our customers with greater control over their financial lives. Coinbase customers can now get easier, faster access to everyday financial services.

The new addition signals demand for such services as cryptocurrencies go mainstream.

ETH price outlook

The news comes as Ethereum battles overwhelming bearish sentiments.

It is trading at $2,837 after losing more than 3% and 13% the past day and week.

ETH should hold above the $2,800 support to prevent massive declines.

Ethereum requires massive trading volumes and renewed institutional interest, through ETFs, to recover from its current slumber.

The post Coinbase rolls out Ethereum-backed loans for users to borrow USDC without selling appeared first on CoinJournal.

Veröffentlicht am

Crypto.com launches SOL App Campaign with $20K ETH reward pool

  • The campaign runs between 19 November and 3 December.
  • Eligible users should buy or deposit SOL worth over $50 using the Crypto.com App.
  • The top 2,000 participants will receive $10 in ETH each.

While the broader market seeks footing, with Bitcoin at $90,000, Crypto.com has announced a remarkable opportunity for its users.

The exchange took it to X on November 19, to confirm the official launch of the SOL App Campaign, which offers $20,000 Ethereum reward pool for participants who interact with SOL.

Solana has been among the hottest tokens the past month, propelled by its reputation, flourishing Web3 and DeFi projects, and scalability.

Crypto.com’s campaign invites newcomers and experienced traders interested in navigating the Solana blockchain.

How does the SOL App Campaign work?

The initiative requests individuals to buy or deposit SOL tokens into the Crypto.com App throughout the campaign period.

The exchange will rank users based on their returns from the Solana deposits and purchases.

Meanwhile, the top 2,000 participants will receive ETH worth $10 each, credited to their Crypto.com App accounts within three months after the campaign concludes.

Notably, the cryptocurrency exchange will notify qualified recipients through email 14 days after completing reward distribution.

Moreover, it will apply ETH-USD’s exchange rate based on the market rate during the distribution.

With this structure, Crypto.com aims to reward only active engagement and encourage individuals to explore Solana’s benefits, including its speed and thriving ecosystems of dApps, and earn Ethereum in return.

What’s next?

Crypto.com’s Solana campaign is more than an opportunity for users to earn Ethereum.

It represents a strategic approach to enhance blockchain adoption and enrich user engagement.

Crypto.com is incentivizing user activity with tangible rewards, which will likely cement its status as an exchange that facilitates trading while actively supporting its community.

The SOL App Campaign allows individuals to interact with a flourishing blockchain and increase their ETH balances.

Solana continues to expand as a blockchain powerhouse, whereas Ethereum maintains its position as the second-largest cryptocurrency project.

Digital asset enthusiasts looking to capitalize on this opportunity can install the Crypto.com App, navigate Solana, and join the campaign.

The event will end next month, on December 3, with $20K in Ethereum up for grabs.

SOL and ETH price outlooks

The altcoins maintain bullish trajectories in attempts to recover from the latest broader market crash.

Solana has gained more than 2% over the past 24 hours to $140.

Also, Ethereum gained roughly 1.70% in that time frame to press time’s $3,091.

The duo exhibits faded daily trading volumes, reflecting the prevailing broader weakness.

Nonetheless, Tom Lee of Fundstrat expects Ethereum to bottom this week, citing its flourishing ecosystem (TVL) and its ratio with Bitcoin.

Lee trusts ETH can rebound to historic all-time highs of $12,000. Such a rally from Ethereum would mean explosive surges for altcoins, including SOL.

The post Crypto.com launches SOL App Campaign with $20K ETH reward pool appeared first on CoinJournal.

Veröffentlicht am

Kraken boosts global strategy as Citadel joins fresh investment wave with $200 mn funding

  • Citadel Securities made a strategic investment at a $20 billion valuation.
  • Institutional investors led the first tranche of funding.
  • Kraken plans to grow across Latin America, APAC, and EMEA.

Kraken is entering a new phase of global expansion after securing fresh capital that places the company at a valuation of $20 billion.

The update outlined how this raise will support the firm’s plans for 2026 and strengthen its position across regulated markets, tokenized products, and institutional services.

The company also linked the funding to its broader push into global regions, deeper derivatives activity, and new financial tools.

The announcement signalled a shift toward long-term growth supported by new infrastructure and a wider product lineup rather than short-term market conditions.

Institutional backing drives Kraken capital raise

Kraken raised $800 million through two funding tranches.

The first tranche was led by major institutional players, including Jane Street, DRW Venture Capital, HSG, Oppenheimer Alternative Investment Management, and Tribe Capital.

The company added that Kraken Co CEO Arjun Sethi’s family office made a significant commitment to the round.

A further $200 million strategic investment came from Citadel Securities at the confirmed $20 billion valuation.

Kraken said the new capital will support its vertically integrated model that includes equities, derivatives, spot markets, tokenized assets, staking, custody, clearing, and payments.

The company had raised only $27 million in primary capital before this round and continued to operate profitably, reporting $1.5 billion in revenue for 2024 and surpassing that figure in the first three quarters of 2025.

Sethi posted on X that the raise reflected long-term conviction in the company’s strategy.

He noted that more than $100 million for the round came from his family office.

Product growth strengthens derivatives and tokenized asset plans

Kraken linked the funding to several important developments that took place across its ecosystem in recent months.

On Nov. 14, the company reported strong Q3 results that included $198 million in adjusted EBITDA, up 28% from the previous quarter, and more than $1.5 billion in revenue over the first nine months of 2025.

Kraken also completed its latest proof of reserves audit, confirming 1:1 plus backing for major assets.

This audit was the first to use distributed validator technology for Ethereum staking within the platform.

The company expanded its US derivatives presence through the acquisitions of NinjaTrader and Small Exchange.

Small Exchange was a $100 million transaction finalised in early October.

These acquisitions give traders new ways to access crypto-connected futures in addition to existing stock and commodity contracts.

To support high-frequency and institutional traders, Kraken introduced a new colocation service in partnership with Beeks Exchange Cloud.

The company said this upgrade offers faster and more direct trading connectivity.

Expansion plans target global markets

Kraken outlined its next steps across key regions as it works toward its 2026 strategy.

The company plans to enter new markets in Latin America, the Asia Pacific region, and EMEA.

Kraken said these expansions will coincide with the launch of new asset types, upgrades to staking services, and new trading features that widen customer use cases.

The company also plans to strengthen its payments network and expand its institutional product suite.

Kraken said these steps will help bridge traditional and open finance through regulated global infrastructure.

Wider financial ecosystem supports long term growth

Kraken positioned the new funding as part of a broader plan to support a growing financial ecosystem that connects regulated markets, tokenized assets, and cross-border financial services.

The company said its vertically integrated approach provides the structure needed for sustainable product development and regional expansion.

The funding also helps the firm invest in infrastructure, compliance systems, and service lines that support both retail and institutional customers.

Kraken said it aims to use this momentum to build a wider presence across global markets while continuing to advance tokenized financial products and regulated trading.

The post Kraken boosts global strategy as Citadel joins fresh investment wave with $200 mn funding appeared first on CoinJournal.

Veröffentlicht am

Crypto loopholes across Canada enable silent cash transfers

  • A Toronto outlet handed over $1,900.00 in cash using only a $5 bill for verification.
  • Ukraine-based exchange 001k offered to deliver $1,000,000.00 in cash in Montreal.
  • Over 20 crypto-to-cash services were found operating unregistered across Canada.

A report by CBC has revealed how Canada is witnessing the rise of unregulated crypto-to-cash services that enable large-scale anonymous financial transfers.

These operations not only bypass anti-money laundering laws but also establish an untraceable money trail that financial intelligence agencies are unable to track.

Across cities from Toronto to Montreal, crypto platforms are facilitating discreet cash handovers worth thousands and even millions, without requiring any identification from users.

Despite rules that demand full verification for transactions over $1,000.00, services continue to hand over cash using only minimal confirmation.

Experts have raised alarm over the role of these services in enabling potential money laundering, illicit trade, and financial crime.

Investigative efforts have now revealed how this silent financial movement is escaping oversight in plain sight.

Crypto-for-cash deals avoid ID checks

In one midtown Toronto branch of a registered money transfer business, a $1,900.00 cash pickup was arranged through encrypted messages using the Telegram app.

The only verification required was a photo of a Canadian $5 bill.

The customer, who had earlier transferred 2,000 tether tokens to Ukraine-based crypto exchange 001k, showed the physical bill and received $100 notes from the teller with no further questions.

Such transactions breach Canada’s anti-money laundering regulations, which require personal identification and transaction documentation for any transfer exceeding $1,000.

The company later claimed that the arrangement had been made by a rogue manager using personal funds off the official books.

The teller involved, they said, acted without knowledge of the transaction’s real nature.

001k is not registered with FINTRAC, the Canadian financial intelligence agency, and therefore is not legally permitted to conduct business with Canadians.

Yet the transaction went ahead and passed under the regulatory radar.

Platforms offer million-dollar handovers

The same pattern was uncovered in Montreal.

Journalists engaged in anonymous conversations with crypto services, including 001k and another unnamed provider.

Both offered to deliver $1,000,000.00 and $890,000.00 in cash, respectively, in exchange for tether sent to designated wallets.

No identification was asked for at any stage.

These platforms operate online, contactable via web directories and Telegram channels.

Many advertise in plain sight and offer face-to-face cash deals in locations ranging from Halifax to Vancouver.

According to experts, more than 20 such services were found in Canada, most operating without proper registration or regulatory checks.

Despite Canada’s attempt to regulate the sector through FINTRAC, enforcement remains limited.

The agency oversees over 2,600 registered money service businesses, but lacks the resources to track unregistered and underground operators.

A growing global laundering channel

Crypto analysis firm Crystal revealed to CBC that crypto-to-cash services in Hong Kong alone processed $2.5 billion in 2024.

Canada’s rapidly growing market could mirror that figure if enforcement continues to lag.

With the rise of digital tokens like Bitcoin, Ethereum, and Tether, it has become easier for money to move across borders and be converted into untraceable cash.

Law enforcement depends on access to user identity at the point where crypto enters or exits the system.

When transactions are carried out without registration, those points vanish, and the blockchain’s transparency becomes meaningless.

Investigators lose visibility once digital assets are converted into physical currency anonymously.

The flexibility of these services creates risk.

Anyone can now move large sums in or out of Canada without detection, including organised crime networks and individuals involved in illegal activity.

Without active compliance monitoring, these transactions take place without leaving any traceable connection.

Canada struggles to enforce crypto regulations

Canadian regulators are under-equipped to deal with the scale of the problem.

Crypto platforms can connect users in seconds, bypassing traditional financial systems and enabling instant access to large volumes of cash.

FINTRAC’s oversight is stretched, and its inability to track foreign operators or monitor encrypted platforms like Telegram leaves a major gap in financial security.

The use of small signals, like a $5 bill serial number, to validate multi-thousand-dollar exchanges highlights just how far removed these services are from compliance.

Unless significant regulatory action is taken, Canada could continue to serve as a silent hub for crypto cash transfers that avoid scrutiny, recordkeeping, and legal obligations.

The post Crypto loopholes across Canada enable silent cash transfers appeared first on CoinJournal.