News

"I don't know how long this statement will hold; information changes sides too quickly. Last time, they announced the opening for less than 24 hours." He was referring to late April this year, when there was also news proclaiming the reopening of the Hormuz Strait, but in less than 24 hours, the information changed.

Jinse Finance reported that a controversy has erupted within the Hyperliquid community regarding the positioning of HyperEVM. The community believes that HyperEVM was not designed as a general-purpose Ethereum execution environment but is instead a specialized execution layer intended for compositional interaction with Hypercore. Its core design should rely on corewriter and precompiled contracts, rather than being used as a general-purpose L1. However, the current learning curve for developers is quite steep, and the complexity of system address interactions results in cross-asset operations requiring multiple transactions, leading to inefficiency; in most cases, asset swaps are not even as efficient as AMM mechanisms. In addition, HyperEVM has long suffered from being “overlooked,” possibly because the team’s resources have been concentrated on core products such as HIP-3, HIP-4, and portfolio margin, leading to insufficient investment in ecosystem development. According to the community, to increase activity in the HyperEVM ecosystem, it is necessary to improve developer tools, optimize the corewriter mechanism, and incentivize more on-chain experimental applications in the style of DeFi Summer; otherwise, innovation in smart contracts may continue to stagnate.

Odaily reported that Microsoft's threat intelligence team officially disclosed a Windows crypto malware threat that has been active since February 2026. This malicious software combines "worm-like propagation + clipboard hijacking + Tor anonymous communication" to launch attacks targeting digital asset users. Microsoft's analysis indicates that the malicious program spreads via disguised shortcut (.lnk) files across removable storage devices, leveraging WScript and ActiveX to execute script logic. It automatically deploys a local Tor client, connecting through 127.0.0.1:9050 as a proxy. The onion hidden service C2 server enables anonymous control and data transfer. The attack chain includes multiple malicious capabilities: ongoing clipboard content monitoring, theft of mnemonics and private keys, screenshot uploads, and "address replacement" when users copy cryptocurrency addresses, substituting the target address with a wallet address controlled by the attacker to hijack funds. Additionally, the trojan possesses worm propagation abilities, automatically replicating itself onto devices such as USB drives, creating scheduled tasks for persistent operation, and basic anti-analysis features (detecting Task Manager to evade debugging). On the detection side, Microsoft has identified it as part of the Trojan:Win32/CryptoBandits series, intercepting it using behavioral characteristics such as abnormal WScript calls, localhost:9050 proxy traffic, and PowerShell screenshot behavior. Security researchers recommend focusing on protecting script execution paths and monitoring abnormal local proxy traffic.