Binance co-founder Changpeng Zhao (CZ) confirmed he is officially divorced and offered OKX founder Star Xu a $1 billion bet to prove it.
The challenge came after Xu questioned CZ’s marital status as part of a broader dispute triggered by CZ’s 457-page memoir “Freedom of Money,” released on April 8.
I typically ignore all these false claims attacks. But…
You can apologize now. I am officially divorced.
I won’t post any legal docs online, as I respect privacy of my ex-wife, and I appreciate the time we spent together.
Xu demanded that CZ produce a divorce agreement signed by both parties.
He said he would publicly apologize if CZ could present the document. If not, he argued, the claim would amount to public misrepresentation.
I typically ignore all these false claims and attacks. But… You can apologize now. I am officially divorced,” wrote CZ.
CZ responded by confirming his divorce and proposing a permanent wager of $1 billion. He stated he would not share legal documents online out of respect for his ex-wife’s privacy.
However, he offered to have lawyers verify the agreement if Xu accepted the bet.
“I am happy to bet $1 billion USD (or any number you choose) that: I am officially divorced (way before today),” CZ added.
He gave Xu a 24-hour window to respond, adding that silence would reveal who had been misleading the public.
A Feud Rooted in a Decade of Rivalry
The divorce dispute is the latest front in a conflict that dates back to 2014. CZ served as chief technology officer at OKCoin, the predecessor to OKX.
Their falling out over equity, a Bitcoin.com domain contract, and forgery allegations have resurfaced multiple times.
CZ’s memoir also claims Huobi founder Li Lin told him in 2025 that Xu had reported him to Chinese authorities. Xu has denied that claim.
“Both OKX and Binance are regulated by multiple regulators. As the UBO of a regulated company, publicly offering a $1 billion bet is hardly professional conduct,” Xu responded to CZ’s invitation.
The OKX executive also called on the attention of Binance’s regulators to CZ’s offer, questioning whether Changpeng Zhao’s Binance stake has been legally separated with his ex-wife.
“Bill Gates and Jeff Bezos have already shown what proper asset separation looks like in a divorce,” he added.
Yi He, the co-CEO of Binance, is the long-term life partner (romantic and business) and the mother of three of CZ’s children. Reportedly, CZ has five kids total, two from his previous marriage.
They met in 2014 while working at the crypto exchange OKCoin (she recruited him), and became a couple around that time, and co-founded Binance together in 2017.
Amid the ongoing talks between CZ and Star Xu, Yi He has come to her own defense, highlighting her role as the second largest shareholder and Co-CEO of Binance.
“I’m not some delicate wife literature female protagonist; I’m the second largest shareholder and Co-CEO of Binance who continues to fully suppress competitors even after CZ stepped down,” she articulated.
The Operation Atlantic joint law enforcement effort involving authorities from the United Kingdom, the United States, and Canada has frozen $12 million and identified over 20,000 victims of approval phishing scams, according to coordinated press releases today.
Binance also reported that it provided on-the-ground support for this phase of Operation Atlantic, helping to identify scam accounts in real time. However, it did not freeze any accounts on its platform.
Binance joins Operation Atlantic
Binance joined forces with law enforcement agencies from the United Kingdom, the United States, and Canada to target cryptocurrency fraud in an operation named “Operation Atlantic.” The multinational, interagency group focused on disrupting a specific type of scam known as “approval phishing,” which has led to hundreds of millions in stolen digital assets.
The operation was led by the UK’s National Crime Agency (NCA) and ran for one week in March 2026. Today, the NCA confirmed that law enforcement has frozen more than $12 million in suspected criminal proceeds across various platforms and protocols.
Furthermore, authorities have identified more than $45 million stolen in cryptocurrency fraud schemes globally. The operation also successfully identified over 20,000 victims located across the United Kingdom, Canada, and the United States.
Approval phishing is a scam technique where victims unknowingly hand over control of their crypto wallets. Scammers trick users into signing a malicious blockchain transaction that gives the scammer permission, or “approval,” to move tokens out of the victim’s wallet whenever they want.
During Operation Atlantic, investigators discovered that scammers often sent fake pop-ups or alerts. These messages appeared to come from legitimate apps or popular investment services. Victims were asked to approve access to their wallets to solve a fake problem or secure an investment.
Once the victim clicked approve, the criminal gained full control of the wallet.
The operation identified and disrupted over 120 web domains that scammers were actively using to run these fraudulent schemes. One victim in the UK alone lost more than £52,000 (approximately $66,000) to this scheme.
How did Binance and the agencies work together?
Binance provided on-the-ground intelligence and screening support to freeze assets and find victims. Its Special Investigations Team was present at the NCA’s headquarters in London during the operation week.
Due to the pseudonymous nature of blockchain transactions, Binance helped in identifying which accounts were linked to the scam addresses in real time. It assisted in identifying malicious websites that were still defrauding victims during the operation and also provided intelligence on potential bad actors and their addresses to support asset seizure efforts.
Binance confirmed that no funds were frozen on its own platform as part of this specific action.
Cryptopolitan reported that during the first phase of Operation Atlantic, authorities warned potential victims and helped them secure their assets with help from private industry partners.
The Royal Canadian Mounted Police (RCMP), the City of London Police, the US Attorney’s Office for the District of Columbia, and the UK’s Financial Conduct Authority (FCA) participated in that operation.
Miles Bonfield, Deputy Director of Investigations at the NCA, stated that the operation is a “powerful example of what is possible when international agencies and private industry work side by side.” He added that it “stopped criminals in their tracks.”
Still letting the bank keep the best part? Watch our free video on being your own bank.
Cybersecurity researcher Taylor Monahan has claimed that North Korea-linked IT workers have been operating within the decentralized finance ecosystem for years. Monahan stated that these actors have contributed to many well-known protocols during the “DeFi summer” era of 2020.
According to her latest tweet, the years of blockchain development experience listed on their resumes were often genuine, which was indicative of real technical contributions rather than fabricated credentials.
Years of DeFi Infiltration
When asked for examples, she pointed to several prominent projects, including SushiSwap, THORChain, Yearn, Harmony, Ankr, and Shiba Inu, among many others. Monahan also revealed that some teams, like Yearn, stood out for their strict approach to security, relying heavily on peer review and maintaining a high level of skepticism toward contributors.
This, she implied, helped limit potential exposure compared to other projects. Additionally, Monahan warned that the tactics have evolved, and these groups are now potentially using non-North Korean individuals to carry out parts of their operations, including in-person interactions. According to the security expert’s estimates, these entities may have collectively extracted at least $6.7 billion from the crypto space during this period.
North Korea has continued to dominate crypto-related cybercrime, emerging as the largest state-backed threat in the sector. According to an earlier report by Chainalysis, DPRK hackers stole at least $2.02 billion in digital assets in 2025 alone, which is a 51% increase from 2024 and accounts for 76% of all service-related breaches.
While there were fewer attacks, the scale was significantly larger. Chainalysis attributed this scale to the state-backed groups’ use of infiltrated IT workers who gain access to crypto firms, including exchanges and custodians, before major exploits take place.
Once funds are stolen, these actors typically move assets in smaller transactions, with more than 60% of transfers under $500,000. Their laundering methods rely heavily on cross-chain tools, mixing services, and Chinese-language financial networks.
Security Alliance (SEAL) had previously found that cyberattacks using fake Zoom or Microsoft Teams calls were carried out by these groups to infect victims with malware. These operations often begin through compromised Telegram accounts, where attackers pose as known contacts and invite targets to join a video call.
During the meeting, pre-recorded videos are used to appear legitimate before victims are told to install a supposed update, which instead grants attackers access to their devices. Once inside, these actors steal sensitive data and reuse hijacked accounts to spread the attack further.
Expanding Attack Surface
North Korea-linked hackers were also suspected to be behind the March 1 breach of Bitrefill. The attackers reportedly gained entry through a compromised employee device and managed to extract credentials that allowed deeper access into internal systems.
From there, they moved into parts of the database and drained funds from hot wallets while also exploiting gift card supply flows. Indicators such as malware patterns, on-chain behavior, and reused infrastructure matched previous operations tied to the Lazarus and Bluenoroff groups.
Iran Threatens U.S. Tech Giants as Middle East Conflict Escalates — Crypto Coin Show
Breaking News · Middle East · Geopolitics
Iran Threatens U.S. Tech Giants as Middle East Conflict Escalates
Oracle’s Dubai tower takes debris strike. Iran’s Revolutionary Guard names Nvidia, Apple, Microsoft and Google as targets. A missing U.S. airman, two downed aircraft and a 48-hour ultimatum from Trump.
AA
Ashton AddisonFounder & CEO · Crypto Coin Show · Since 2014
5 April 2026
Refinitiv TV · 600K+ Subscribers
Location
Dubai Internet City — Oracle Building
Threats Intercepted (UAE)
Dozens in 24 hours
U.S. Aircraft Lost
F-15E downed · A-10 crashed (Kuwait)
Trump Ultimatum
48 hours · Hormuz Strait
01 —
Oracle Building Hit as American Corporate Sites Enter the Blast Zone
Iran launched a broad wave of missile and drone attacks across the Middle East on Saturday, marking a significant shift in the conflict’s geography. The UAE said it intercepted dozens of incoming projectiles in the 24 hours prior — and debris from one intercept struck the facade of the Oracle building in Dubai Internet City.
The Dubai Media Office confirmed no injuries and described the incident as minor. Damage was limited. But the symbolic weight was not: American corporate infrastructure in the Gulf is no longer sitting outside the blast zone.
Iran’s Revolutionary Guard simultaneously issued direct threats against a wider group of U.S. technology companies operating across the region — naming Nvidia, Apple, Microsoft and Google by name.
⚠ Iran’s Revolutionary Guard has directly threatened U.S. tech infrastructure in the Middle East, including Nvidia, Apple, Microsoft and Google.
02 —
Missing Airman, Two Downed Aircraft and Trump’s 48-Hour Warning
The U.S. military continued searching Saturday for a missing airman after an F-15E was shot down over southwestern Iran on Friday — the first U.S. combat aircraft successfully downed by Iranian forces since the conflict began in late February. One crew member was rescued. The second remained missing, with both U.S. and Iranian forces searching the same area.
In a separate incident, an A-10 Warthog pilot ejected after the aircraft was struck by Iranian fire over Kuwait. Two Black Hawk helicopters deployed in the search operation also came under fire inside Iranian airspace, though both returned safely. U.S. officials privately expressed concern the missing airman could be captured and used as political leverage by Tehran.
“Time is running out — 48 hours before all Hell will reign down on them.“
Donald Trump · Truth Social · 5 April 2026
President Trump posted on Truth Social on Saturday referencing his earlier ultimatum over the Strait of Hormuz, warning Iran it had 48 hours before consequences. The threat followed his earlier demand that Iran open the strait or make a deal within ten days.
03 —
India Resumes Iranian Crude as Bushehr Plant Takes Strike
India’s oil ministry confirmed its refiners had secured crude supplies including Iranian oil, after disruptions to Strait of Hormuz shipping lines cut into global supply. India had not received Iranian crude since May 2019, when U.S. pressure pushed buyers away from Tehran’s exports. The ministry also confirmed that 44,000 metric tons of Iranian liquefied petroleum gas had berthed at Mangalore this week aboard a sanctioned vessel.
The move signals a realignment in energy trade. The United States had temporarily removed sanctions on Iranian oil and refined products to reduce supply shortages — a decision now being tested by the ongoing strikes.
Near Bushehr, a projectile struck close to Iran’s nuclear power plant overnight, killing at least one worker and damaging part of the site. The International Atomic Energy Agency confirmed radiation levels remained normal but issued a warning against further strikes near nuclear facilities. Iran’s Foreign Minister said Tehran was not ready to rush into negotiations and would accept only a “conclusive and lasting” resolution to the war.
Russian state nuclear company Rosatom evacuated an additional 198 staff from the Bushehr site. It has been withdrawing workers since the conflict began at the end of February.
This article is based on reporting from Reuters, official statements from the Dubai Media Office, India’s oil ministry, the International Atomic Energy Agency, and Truth Social. Crypto Coin Show has not independently verified all claims made by parties to the conflict.
Our Avalanche price prediction anticipates a high of $22.10 in 2026.
In 2028, the price range is expected to be between $29.97 and $35.18, with an average price of $30.82.
In 2031, the range is likely to be between $95.99 and $109.93, with an average price of $99.25.
AVAX experienced significant price fluctuations this year. This record came amid a drop in the crypto market valuation and regional tensions in the Middle East.
While the Avalanche network has been making strides, the AVAX price has left investors particularly questioning its trajectory. Will AVAX go up? Is AVAX a good investment? Let’s explore these and more in our Cryptopolitan price prediction from 2026 to 2032.
Overview
Cryptocurrency
Avalanche
Symbol
AVAX
Current price
$9.00
Market cap
$3.88B
Trading volume
$191.42M
Circulating supply
431.77M
All-time high
$146.22 on Nov 21, 2021
All-time low
$2.79 on Dec 31, 2020
24-hour high
$9.13
24-hour low
$8.65
Avalanche price prediction: Technical analysis
Metric
Value
Volatility (30-day variation)
4.48% (Medium)
50-day SMA
$9.34
200-day SMA
$14.43
Sentiment
Bearish
Green days
16/30 (53%)
Fear and Greed Index
9 (Extreme Greed)
Avalanche price analysis
On April 3, the AVAX price rose 4.20% over 24 hours and fell 5.60% over 30 days. Its trading volume dropped (33.62%) to $191M in 24 hours, showing less trading interest.
This month, AVAX remained bearish, falling below $10 and recently below $9. The coin now has a bearish Relative Strength Index (RSI). The William Alligator trendlines indicate waning volatility, while the MACD histograms show negative momentum. AVAX has support at $8.58.
Over the short term, AVAX remained volatile, ranging between $8 and $10. Its momentum rose in the last 24 hours as it bounced off support levels. Its relative strength index (53.83) shows it is in neutral territory.
Avalanche technical indicators: Levels and action
Daily simple moving average (SMA)
Period
Value ($)
Action
SMA 3
10.90
SELL
SMA 5
9.94
SELL
SMA 10
9.22
SELL
SMA 21
9.39
SELL
SMA 50
9.34
SELL
SMA 100
11.02
SELL
SMA 200
14.43
SELL
Daily exponential moving average (EMA)
Period
Value ($)
Action
EMA 3
9.28
SELL
EMA 5
9.59
SELL
EMA 10
10.44
SELL
EMA 21
11.46
SELL
EMA 50
12.97
SELL
EMA 100
15.48
SELL
EMA 200
18.54
SELL
What to expect from the AVAX price analysis next?
Technical analysis of Avalanche price movements suggests it is bearish. The charts show that its momentum is rising, suggesting it will drop over the short term.
Why is Avalanche down?
AVAX is caught in a market-wide downdraft, with its technical breakdown amplifying the sell-off. While positive developments like the ETF filing provide long-term optionality, they are not offsetting near-term macro fears.
Will AVAX reach $50?
According to the Cryptopolitan price prediction, AVAX is expected to cross $50 in 2029, reaching a maximum price of $52.03.
Will AVAX reach $100?
According to the Cryptopolitan price prediction, AVAX will reach $100 in 2031, with a maximum price of $109.93.
Can Avalanche reach $1,000?
It remains highly unlikely that AVAX will reach $1,000 before 2031. At that market capitalization, it could be more valuable than Ethereum.
Can Avalanche reach $10,000?
It remains highly unlikely that AVAX will reach $10,000 before 2031.
How much will Avalanche be worth in 2026?
As 2026 unfolds, we anticipate it will trade between $7.00 and $22.10, with an average price of $18.89.
Does Avalanche have a good long-term future?
According to Cryptopolitan price predictions, AVAX will trade higher in the coming years. However, factors like market crashes or negative regulations could invalidate this bullish theory.
Is Avalanche a good crypto to buy?
Chart analysis suggests that Avalanche is recovering and currently gearing up for a closer move to $20 despite the overall bearish momentum.
AVAX price prediction April 2026
For April, AVAX will trade between $9.10 and $13.10, with an average price of $10.01.
Month
Potential low ($)
Potential average ($)
Potential high ($)
April
7.59
10.01
13.10
Avalanche price prediction 2026
As 2026 unfolds, its future price movements suggest it will trade between $7.00 and $22.10, with an average price of $12.89.
Year
Potential low ($)
Potential average ($)
Potential high ($)
2026
7.00
12.89
22.10
Avalanche price prediction 2027-2032
Year
Potential low ($)
Potential average ($)
Potential high ($)
2027
20.4900
22.2100
24.7600
2028
29.9700
30.8200
35.1800
2029
43.5500
44.7900
52.0300
2030
62.8400
65.07
74.7400
2031
95.9900
99.25
109.9300
2032
141.6400
145.6100
164.6400
AVAX price prediction 2027
Avalanche price prediction climbs even higher into 2027. According to the projection, the price will range from $20.49 to $24.76, with an average trading price of $22.21.
Avalanche crypto price prediction 2028
Our Avalanche price prediction indicates further price acceleration. It will trade between $29.97 and $35.18, with an average of $30.82.
Avalanche price prediction 2029
According to the AVAX coin price prediction for 2029, the price of AVAX will range from a minimum price of $43.55 to a maximum price of $52.03. The average price will be $44.79.
Avalanche AVAX price prediction 2030
According to the Avalanche price prediction for 2030, we anticipate a range of $62.84 to $74.74, with an average price of $65.07.
Avalanche price prediction 2031
The Avalanche price forecast ranges from $95.99 to $109.93, with an average closing price of $99.25.
Avalanche price prediction 2032
The Avalanche AVAX price forecast indicates it will trade between $141.64 and $164.64, with an average trading price of $145.61.
Our predictions indicate that Avalanche will achieve a high level of $22.10 in 2026. In 2027, it will range between $20.49 and $24.76, with an average price of $22.10. In 2031, the range will be between $95.99 and $109.93, with an average of $99.25. Note that the predictions are not investment advice. Seek independent consultation or do your own research.
In July 2020, Avalanche completed its public sale, raising $42 million in under 4.5 hours. The tokens were distributed after the mainnet launch in September.
On Dec 31, 2020, it fell to an all-time low of $2.79.
In September 2021, the Ava Labs Foundation received a $230 million investment from Polychain and Three Arrows Capital Group by purchasing AVAX.
In November 2021, following an agreement with Deloitte to improve US disaster relief funding, AVAX moved to the top 10 cryptocurrencies by market capitalization. At that time, AVAX reached an all-time high of $146.22.
In Aug 2022, a whistleblower, ‘crypto leaks’, published a report accusing Ava Labs of secret deals with a law firm to destabilize its competitors. Ava Labs CEO Emin Gün Sirer denied any involvement in a shady deal with the Roche Freedman law firm.
In 2023, AVAX maintained a bullish trend from January to May, after which bears took control of the market. It resumed the positive momentum in October, rising to $49.96.
In 2024, it crossed the $60 mark in March.
The rise coincided with a record high in AVAX inscriptions, with over 100 million ASC-20 minted since their introduction in June 2023.
The uptrend reversed in April 2024; by July, it had fallen to $24.40. In August, it was at $21, and in September and October, it was at $27.
It turned bullish in November 2024, rising from as low as $23 to $55 in December.
It corrected later and traded at $42 into 2025. The drop continued into January; by June, it had fallen below $20. In July, it traded at $18, and in September, at $23. In October, it rose above $30.
It then reversed, and by December, had dropped to $14. It maintained the price into January 2026. It later turned bearish, and in March and April, it reached $9.
X to Auto-Lock and Verify Accounts Posting Crypto Content for the First Time | Crypto Coin ShowBreaking News
X to Auto-Lock and Verify Accounts Posting Crypto Content for the First Time
Nikita Bier, a product advisor at X, says the platform will detect first-time crypto posters with large followings and require account ownership verification — directly targeting one of the most common vectors for crypto scams.
Crypto Coin Show·April 2, 2026·Industry News
X is preparing to automatically lock accounts that post crypto content for the first time, requiring those users to verify account ownership before their posts can be seen. The update was announced by Nikita Bier, a product advisor at the platform, in response to widespread criticism about crypto scams tied to compromised high-follower accounts.
“If you have more than 10k followers and you drop a meme coin without any prior connection to crypto, it is always a hack.”
— Nikita Bier, Product Advisor, X
Bier’s statement directly addressed a Community Notes flag that challenged the original Cointelegraph report, clarifying that X’s system is specifically targeting a well-known attack pattern: bad actors gain access to large, established accounts with no history in crypto, then use those accounts to promote fraudulent meme coins or token schemes to unsuspecting followers.
How the New System Works
According to Bier, the detection mechanism focuses on a specific behavioral signal — accounts with significant followings that have no prior connection to crypto suddenly posting meme coin content. Under the new policy, those accounts will be automatically locked and required to complete an ownership verification step before the posts go live.
The goal, as Bier described it, is to “reduce the incentive to phish X accounts” — addressing the financial motive behind account takeovers. If bad actors can no longer easily monetize a hacked account by pushing a token launch, the value of stealing those accounts drops significantly.
Key Points
→X will auto-lock accounts posting crypto content for the first time if they have over 10,000 followers
→Account ownership verification will be required before locked posts can go live
→The system specifically targets accounts with no prior crypto history — a signature pattern of hacked accounts
→The policy aims to reduce the financial incentive for phishing and account takeovers
→Nikita Bier corrected a Community Notes flag, clarifying the system’s intent and scope
Why This Matters
Crypto scams tied to compromised social media accounts have cost users millions of dollars over the past several years. The pattern is well-established: a high-profile account is phished or hacked, the attacker quickly posts token promotion content to the account’s existing audience, and followers who trust the account buy in before the fraud is detected. The entire cycle can play out in minutes.
X’s approach — intervening at the moment of first crypto post rather than after the fact — is a meaningful shift from reactive moderation to predictive detection. It doesn’t require X to evaluate whether a token is legitimate; it simply flags the behavioral anomaly and pauses until a human confirms they control the account.
Context
This announcement follows a broader push by X under its current leadership to crack down on financial scams on the platform. It comes as regulators in multiple jurisdictions continue to scrutinize social media platforms’ roles in facilitating crypto fraud.
The policy is likely to have minimal impact on legitimate crypto-native accounts, which will have established posting history in the space. The burden falls almost entirely on the attack vector the system is designed to close.
₿
Reported by Crypto Coin Show · Blockchain media since 2014 · cryptocoinshow.com
Drift Protocol Drained of $285 Million in One of
2026’s Biggest DeFi Hacks
A coordinated exploit struck the Solana-based perpetual futures exchange on April 1 — no joke — stripping nearly half its treasury in under an hour and sending its token into freefall.
AA
Ashton Addison
Founder & CEO · Crypto Coin Show · Since 2014
cryptocoinshow.com
Refinitiv TV · London Stock Exchange
Live Incident — 1 April 2026, ~18:54 UTC
$285M
Estimated Stolen
~50%
of Protocol TVL
−17%
DRIFT Token Drop
<60m
Duration of Exploit
All figures preliminary as of 18:54 UTC, 1 April 2026. Source: PeckShield · Lookonchain · Arkham Intelligence · CoinGecko.
On the afternoon of 1 April 2026, a single wallet address began quietly draining one of Solana’s most prominent DeFi protocols. Within the hour, nearly $285 million in digital assets had vanished from Drift Protocol’s vaults — transferred, swapped and bridged with the cold precision of a pre-planned heist. The platform’s team scrambled to confirm the obvious: this was not a prank. “This is not an April Fools joke,” they wrote on X, in a line that said everything about the moment.
Drift Protocol is a non-custodial perpetual futures exchange built on Solana. It allows traders to take leveraged positions across crypto assets without a centralised intermediary, using a virtual automated market maker and multi-asset collateral. At the time of the attack, it ranked among the most liquid DeFi venues on Solana, with a total value locked of approximately $309 million. By the time blockchain sleuth accounts had finished counting, that figure had collapsed to an estimated $24 million.
01—
The Attack: How It Unfolded
On-chain data captured by Lookonchain and PeckShield tells a methodical story. The exploit began around 4:00 PM UTC with a transfer of approximately $155 million in JLP tokens — Jupiter’s liquidity pool token — from a Drift vault to a freshly created Solana wallet. The suspected attacker’s address then received a cascade of additional inflows: USDC, cbBTC, Wrapped Ethereum and a range of other tokens, suggesting a coordinated, multi-asset drain of protocol-linked vaults rather than a single opportunistic strike.
Community monitors flagged suspicious outflows as early as 1:30 PM Eastern. Mert Mumtaz, co-founder and CEO of infrastructure firm Helius, posted on X that there was a high likelihood of a major exploit and urged Circle — whose USDC stablecoin is used as collateral on Drift — to respond. His warning, unusually specific and from a credible Solana insider, cut through the noise even as many in the crypto community assumed the alerts were an April 1 prank.
🔴 Suspected Attacker Wallet — Solana
HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES
Flagged by PeckShield, Lookonchain and Arkham Intelligence. Track live via Solscan and SolanaFM.
Once the initial drain was complete, the attacker moved swiftly to liquidate. Stolen assets were converted into USDC and bridged to Ethereum. By 17:49 UTC, the Ethereum-side wallet held approximately 19,913 ETH — worth around $42.6 million — acquired in minutes. The Solana wallet also deposited SOL to Hyperliquid and Binance, pointing to an attacker comfortable navigating both decentralised and centralised infrastructure simultaneously.
02—
Drift Confirms the Breach
Drift Protocol’s initial public response was characteristically restrained. The team acknowledged “unusual activity” and asked users not to deposit, stopping short of calling it an attack. The hedging was brief. Within hours, the protocol had escalated its language sharply, posting a direct confirmation to its X account.
“Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke.”
Drift Protocol — Official X Account, 1 April 2026
The team said it was working with multiple security firms, bridge operators and centralised exchanges to contain and trace the movement of funds. No official loss figure was published by the protocol itself, though PeckShield placed the total at approximately $285 million, while other estimates ranged between $270 million and $300 million. As of publication, deposits and withdrawals remain suspended.
03—
Market Reaction and Token Collapse
DRIFT, the protocol’s native token, reacted immediately. CoinGecko data shows the token declined more than 13% over the 24-hour period, with a steep intraday drop occurring within minutes of the suspicious transfers being flagged publicly. At its low, DRIFT traded at approximately $0.05 — down nearly 20% from pre-incident levels — as traders unwound positions under uncertainty about the protocol’s solvency.
The broader Solana ecosystem felt the tremors. Arkham Intelligence’s dashboard for Drift’s vaults confirmed a near-total evacuation of holdings, with the platform’s balance visible collapsing in real time. DeFi Development Corp. (Nasdaq: DFDV), a US-listed public company with a Solana-focused treasury strategy, issued a statement confirming it holds no exposure to Drift and was not impacted by the exploit.
04—
Scale and Context
To understand the magnitude of what happened to Drift, it helps to place it against the backdrop of 2026’s DeFi security landscape. Industry data shows that crypto theft declined more than 69% between January and February 2026, with February losses estimated between $26.5 million and $35.7 million — the lowest monthly figure in nearly a year, and a world away from the $1.5 billion Bybit breach that opened the previous year.
Set against that declining trend, a potential $270–285 million loss at Drift is a dramatic outlier. If confirmed, it ranks as the largest exploit on the Solana network since the Wormhole bridge hack of February 2022 — when approximately $320 million in wrapped Ether was drained — and one of the most significant DeFi incidents globally in 2026.
The breach represents roughly 50% of Drift’s total value locked at the time of the attack. The coordinated drain of multiple vault types, the immediate conversion and bridging of funds, and the use of both decentralised and centralised infrastructure all point to a sophisticated, pre-planned operation — not an opportunistic probe.
05—
What Users Must Do Now
Immediate Actions for Drift Users
Revoke all wallet approvals connected to Drift Protocol. Phantom wallet users can review and revoke connected app permissions directly in the wallet interface under Settings → Connected Apps.
Do not deposit into or interact with the protocol until Drift publishes an official all-clear. The team has explicitly asked users to stand down.
Track the suspect wallet on Solscan, SolanaFM or Arkham Intelligence for further outflows, swaps or bridge activity.
Monitor Drift’s official X account and any post-mortem reports for updates on recovery efforts, compensation plans or protocol restarts.
If you had open leveraged positions at the time of the attack, document your position data now as evidence for any future claims process.
06—
Looking Ahead
The questions that follow an exploit of this scale are always the same, and always hard. Can the stolen funds be traced and frozen at centralised exchanges before the attacker cashes out? Will Drift be able to compensate affected users, and if so, from what source? Does the protocol survive, or does this become one of DeFi’s cautionary tombstones?
The attacker’s decision to route funds through Hyperliquid and Binance — centralised venues with mandatory KYC — is either a mistake that will prove costly, or a calculated use of high-liquidity venues before authorities can respond. The race between the attacker’s exit strategy and the security firms, exchanges and bridges now coordinating with Drift’s team is very much still live.
What is not in doubt is what the Drift exploit says about the state of DeFi in 2026. The industry entered this year pointing to declining hack totals as evidence of a maturing security posture. In less than an hour on April 1, a single sophisticated actor erased months of that narrative. In a space where hundreds of millions can move in minutes, protocol-level security remains — as it has always been — the most consequential unsolved problem in crypto.
— ◆ —
CCS will continue to update this story as new information becomes available. This article is based on verified on-chain data, official statements from Drift Protocol and reports from PeckShield, Lookonchain and Arkham Intelligence as of 1 April 2026, 18:54 UTC. All figures are preliminary and subject to revision.
What looks like a geopolitical threat aimed at US multinationals could quickly become a crypto story too.
That is because several of the companies threatened by Iran now sit inside the infrastructure, payments, and corporate treasury layers that parts of the digital-asset industry rely on.
According to the Wall Street Journal, the IRGC warned that US companies in the region would be targeted from April 1 and named firms including Microsoft, Google, Apple, Intel, IBM, Tesla, and Boeing. Other multinationals mentioned in the reports included JPMorgan Chase, Oracle, Palantir, Cisco, HP, and Nvidia.
Why this matters: Crypto is no longer exposed only through exchanges and token prices. It now depends on cloud platforms, banking rails, and public companies with Bitcoin exposure, which means geopolitical threats aimed at mainstream firms can spill into digital assets faster than many investors expect.
The group said those companies would be treated as “legitimate targets” in retaliation for US and Israeli strikes on Iran.
For crypto markets, the significance is not that these are digital-asset companies in the narrow sense. It is that several of the firms named by Iran sit inside the operating stack that now supports large parts of the industry, from cloud computing and data processing to tokenized payments, treasury management, and corporate Bitcoin exposure.
The threat also comes after the war had already begun to hit infrastructure across the Gulf. Last month, Amazon Web Services data centers in the United Arab Emirates and Bahrain were damaged by drone strikes, disrupting cloud services and prolonging recovery efforts.
Meanwhile, the broader conflict has already expanded well beyond a conventional military exchange. Over more than a month of fighting, the US and Israel have struck Iranian energy and other national infrastructure, while Iran has launched more than 3,000 drones and missiles toward the United Arab Emirates, Saudi Arabia, Bahrain, and Kuwait.
Against that backdrop, the IRGC’s threat points to a wider phase of economic and corporate pressure, one that could extend into parts of the infrastructure surrounding crypto.
Which crypto-related firms are affected?
Not all of the companies named by the IRGC are crypto-native businesses. Still, several already have direct or indirect ties to the industry, making them relevant to the market beyond the usual reaction of Bitcoin and other tokens to war headlines.
Google is the clearest example because it sits deep inside crypto’s operating stack, and its Web3 business is not a peripheral effort.
Google Cloud, a subsidiary of Google, offers managed node infrastructure, analytics tools, and developer services for blockchain applications, and works with firms such as Cardano-backed Midnight blockchain, Coinbase, and others.
In fact, the firm recently took a major step into blockchain infrastructure development with the launch of the Google Cloud Universal Ledger (GCUL). This is a Layer 1 blockchain network designed to enable faster payments and cross-border settlement.
Rather than acquiring mining companies outright, the Alphabet-owned company has provided at least $5 billion in disclosed credit support tied to a handful of miners’ AI projects.
That backing has helped reframe some previously unrated Bitcoin miners as infrastructure-linked borrowers that lenders can view less as pure commodity businesses and more as counterparties with strategic data-center potential.
All of this does not make Google a crypto company, but it does place the firm close to one of the industry’s most important restructurings.
JPMorgan’s link is different, but just as relevant.
For context, JP Morgan launched Kinexys in 2020 as a digital-asset service platform and has since processed more than $3 trillion of transactions.
The bank describes Kinexys as a blockchain-based payment rail that allows participating clients to move funds around the clock, including across borders, with availability spanning Europe, the Middle East, and Africa.
The bank reportedly plans to double daily transaction values on its Kinexys blockchain platform to $10 billion.
Apart from that, JPMorgan has also pushed further into on-chain finance through its asset-management arm.
Tesla is the most direct balance-sheet link among the companies named.
The Elon Musk-led company is not part of crypto’s infrastructure in the same way as Google or JPMorgan, but it remains one of the listed firms with measurable digital-asset exposure on its books.
According to data from BitcoinTreasuries.com, Tesla holds 11,509 Bitcoin as of press time, making it one of the top 20 public firms worldwide with BTC exposure. In fact, Tesla is the only top 10 company by market capitalization with exposure to the top crypto.
This stands it out in the broader market and confirms its conviction in the emerging industry.
Outside of Bitcoin, the company has also shown significant adoption for Dogecoin, the largest memecoin by market capitalization.
These efforts, alongside Musk’s enduring interest in the crypto industry, make it a significant player within the sector.
The core shift here is simple: crypto risk is no longer confined to crypto-native companies.
As the sector becomes more entangled with big tech, banks, and public-company treasuries, threats aimed at those firms can become market-relevant for digital assets even when no exchange or blockchain company is directly named.
Other firms with crypto links
Beyond those first-order examples, the IRGC list also includes companies with looser but still notable ties to digital assets.
NVIDIA is one of them. The company is now defined primarily by AI computing and data-center revenue, but it previously had a long and sometimes contentious history with crypto mining.
However, NVIDIA is no longer central to mining as it once was, but its historical connection to the sector remains part of the market’s memory, especially when crypto and AI capital spending begin to overlap.
The company’s crypto exposure has centered on enterprise blockchain through Azure rather than direct token holdings. It has accepted Bitcoin through BitPay in limited contexts, while also pursuing blockchain-as-a-service tools, decentralized identity work through ION, and research into secure computing systems relevant to digital infrastructure.
At the corporate treasury level, Microsoft has kept its distance. Its shareholders voted against adding Bitcoin to the balance sheet after the board recommended rejecting it. The board said such an assessment was unnecessary and preferred stable, low-risk investments over the volatility of crypto.
Taken together, the companies named by Iran show how far crypto’s exposure now extends beyond exchanges and token prices.
The industry’s links to cloud providers, global banks, AI infrastructure, and corporate treasuries mean geopolitical threats aimed at mainstream US firms can quickly become relevant to digital assets as well.
The next test is whether this threat remains rhetorical or starts to affect the companies and infrastructure layers that parts of crypto now depend on. If that happens, the market impact may show up first through cloud resilience, payments flows, and risk sentiment before it appears in token prices themselves.
Cardano’s price is expected to surpass $1.33 in 2026.
By 2029, ADAUSD could reach $4.72.
By 2032, Cardano might reach a maximum price of $4.46.
Cardano is a third-generation blockchain platform launched in 2017 by Ethereum co-founder Charles Hoskinson. Designed for decentralized applications and smart contracts, it uses Ouroboros—a unique, energy-efficient Proof-of-Stake consensus mechanism.
Cardano’s two-layer architecture separates transactions from smart contracts, enhancing scalability and flexibility. Its native cryptocurrency, ADA, is used for transaction fees, staking, and governance, allowing holders to influence the platform’s future. Emphasizing a research-driven, peer-reviewed development approach, Cardano aims to address challenges in blockchain, such as scalability and sustainability, making it a strong alternative to platforms like Ethereum.
Perhaps you’re wondering: with its innovative technology, can Cardano’s ADA reach new all-time highs soon?
Let’s uncover what the future holds for Cardano.
Overview
Cryptocurrency
Cardano
Token
ADA
Price
$0.2417
Market Cap
$8.71B
Trading Volume (24-hour)
$479.76M
Circulating Supply
44.99B ADA
All-time High
$3.10 on Sept 02, 2021
All-time Low
$0.01735 on Oct 01, 2017
24-hour High
$0.2486
24-hour Low
$0.2361
Cardano price prediction: Technical analysis
Metric
Value
Volatility (30-day Variation)
4.10% (Medium)
50-day SMA
$ 0.2745
14-Day RSI
40.14 (Neutral)
Sentiment
Bearish
Fear & Greed Index
11 (Extreme Fear)
Green Days
13/30 (40%)
200-day SMA
$ 0.4569
Cardano (ADA) price analysis
ADA failed to hold above $0.26 leading to continued selling pressure
Price is forming lower highs showing a clear short term downtrend
Weak momentum and low demand are preventing any strong recovery
Cardano price analysis 1-day chart: Cardano holds near $0.24 as bearish pressure persists
On the daily chart on Mar 31, Cardano (ADA) shows a continued downtrend with weakening bullish attempts. After peaking near $0.29, price faced strong rejection and has since formed lower highs and lower lows, confirming bearish momentum. Currently, ADA is consolidating around the $0.24 level, with small candles indicating reduced volatility and indecision.
While buyers are defending lower levels, repeated rejections near $0.29–$0.30 indicate strong resistance. Momentum remains neutral, with no clear trend dominance. A sustained break above $0.28 could signal bullish continuation, while a drop below $0.25 may resume downside pressure. Overall, ADA is consolidating within a defined range.
ADA price analysis 4-hour chart: Cardano slides toward $0.24 as bearish momentum persists
On the 4H-chart, Cardano (ADA) shows a clear bearish structure with brief recovery attempts failing to hold. After topping near $0.29, price entered a downtrend marked by consistent lower highs and lower lows. Recently, ADA dropped toward the $0.235–$0.240 support zone, where a minor bounce is forming. The rebound lacks strong momentum, suggesting weak buyer conviction.
Resistance is now seen around $0.250–$0.260, while support remains near $0.235. If bulls fail to push above resistance, downside pressure may continue. Overall, ADA remains bearish in the short term with signs of tentative stabilization near support.
ADA technical indicators: Levels and action
Daily simple moving average (SMA)
Period
Value
Action
SMA 3
$0.3076
SELL
SMA 5
$ 0.2769
SELL
SMA 10
$ 0.2626
SELL
SMA 21
$ 0.2677
SELL
SMA 50
$ 0.2745
SELL
SMA 100
$ 0.3222
SELL
SMA 200
$ 0.4569
SELL
Daily exponential moving average (EMA)
Period
Value
Action
EMA 3
$ 0.2660
SELL
EMA 5
$ 0.2776
SELL
EMA 10
$ 0.3042
SELL
EMA 21
$ 0.3349
SELL
EMA 50
$ 0.3878
SELL
EMA 100
$ 0.4737
SELL
EMA 200
$ 0.5700
SELL
What to expect from the Cardano price analysis next?
Cardano (ADA) is likely to remain under short-term bearish pressure while attempting to stabilize near the $0.235–$0.245 support zone. The recent downtrend with lower highs suggests sellers still dominate, but the slowing decline indicates possible consolidation. If buyers defend support and push price above $0.250–$0.260, a recovery toward $0.270 could follow. However, failure to hold current levels may trigger another drop toward $0.220. Momentum remains weak, and volume appears limited, reflecting cautious sentiment. Overall, ADA is expected to trade sideways with a bearish bias until a clear breakout confirms the next directional move.
Why is Cardano down today?
Cardano (ADA) is down today mainly due to continued bearish market structure and weak buying momentum. After failing to hold gains near the $0.26–$0.29 resistance zone, sellers regained control, pushing price lower. The formation of lower highs has reinforced negative sentiment, prompting traders to exit positions. Additionally, low trading volume and lack of strong catalysts have limited any recovery attempts. Broader crypto market softness is also contributing, as capital rotates or remains cautious. Overall, the decline reflects a technical continuation of the downtrend, resistance rejection, and subdued demand, rather than any major fundamental issue.
Is Cardano a good investment?
Cardano (ADA) presents a mixed investment opportunity. It is a third-generation blockchain that aims to solve scalability issues and enhance security through its Proof-of-Stake mechanism. While some analysts predict significant price increases by 2030, others caution that it remains a high-risk investment due to the volatile nature of the crypto market.
Investors should consider their risk tolerance and research before investing, as Cardano’s future performance is uncertain and contingent on market conditions and technological advancements.
Will Cardano recover?
Cardano’s recovery potential depends on market sentiment and adoption. Despite past challenges, its projected price increase in 2026, potentially reaching $1, has significantly bolstered confidence in the coin’s future.
Will Cardano reach $5?
Cardano hitting $5 seems quite achievable given past levels. With its ATH around $3.10, $5 would only need to beat that peak by about 60%. A solid bull run and significant adoption could drive the unit price to $5.
Will Cardano reach $10?
Cardano hitting $10 is a long shot. Its all-time high was around $3.10 back in 2021, so $10 would mean more than tripling that peak. From current prices, that’s over a 13x jump. While crypto can be unpredictable, that would need massive adoption and a bull run far beyond what we saw in 2021.
Will Cardano reach $50?
Cardano hitting $50 is extremely likely. With ADA’s current supply of around 35 billion tokens, a $50 price would require a market cap of approximately $1.75 trillion. Even in crypto’s craziest bull runs, that kind of valuation doesn’t happen for altcoins.
What is the Cardano forecast for 2040?
Predicting Cardano’s (ADA) price in 2040 is highly speculative as it depends on multiple factors, including adoption, regulatory developments, technological advancements, and macroeconomic conditions. However, if Cardano continues its development in smart contracts, decentralized applications (dApps), and blockchain efficiency, it could see widespread adoption, driving its price higher.
Some optimistic projections suggest that ADA could reach double-digit prices, possibly ranging from $10 to $50 or more. However, in a bearish scenario, where regulatory hurdles and competition slow its progress, ADA could struggle to maintain high valuations.
What will be the future price of Cardano in 2050?
Predicting Cardano’s (ADA) price in 2050 is highly speculative, but if blockchain adoption continues to grow and Cardano successfully scales its smart contract ecosystem, its price could see significant appreciation. What that number will be remains to be seen.
Does Cardano have a good long-term future?
Cardano (ADA) has the potential for a positive long-term future, primarily driven by its technological advancements and growing ecosystem. The platform’s unique features, such as its focus on scalability and partnerships with various institutions, position it well for future adoption. However, its success will depend on overcoming regulatory scrutiny and challenges related to developer engagement.
Recent news/opinion on Cardano
Cardano gains retail adoption as $ADA becomes accepted payment at 137 SPAR supermarkets in Switzerland through Cardano Foundation and DFX partnership.
JUST IN: Cardano $ADA is now accepted as payment at 137 SPAR supermarkets across Switzerland. 🇨🇭
Cardano Foundation secured the integration in partnership with @DFX_swiss.
Cardano’s February 2026 forecast is expected to be $0.3134-$0.4006, averaging $0.3513, driven by steady network development, including smart contract enhancements and scaling upgrades. The growing use of Cardano-based DeFi, NFTs, and governance projects supports moderate bullish sentiment. However, cautious market conditions and slow institutional momentum may limit rapid price expansion, maintaining this controlled range.
Cardano Price Prediction
Potential Low
Potential Average
Potential High
Cardano price prediction March 2026
$0.3134
$0.3513
$0.4006
Cardano price prediction 2026
According to the Cardano price prediction, ADA might reach a maximum price of $1.33, with an average trading price of about $1.20 and a minimum price of $1.03
Cardano Price Prediction
Potential Low
Potential Average
Potential High
Cardano price prediction 2026
$1.03
$1.20
$1.33
Cardano price predictions 2027-2032
Year
Minimum Price
Average Price
Maximum Price
2027
$0.4838
$0.5282
$0.5725
2028
$1.19
$1.29
$1.39
2029
$3.71
$4.21
$4.72
2030
$1.73
$1.91
$2.09
2031
$2.33
$2.48
$2.63
2032
$3.81
$4.13
$4.46
Cardano price prediction 2027
Cardano price is forecast to reach a lowest possible level of $0.4838 in 2027. As per analysts, the ADA price could reach a maximum possible level of $0.5725, with the average forecast price of $0.5282. This growth is driven by Cardano’s expanding DeFi ecosystem, Hydra scalability upgrades, and rising institutional adoption.
Cardano price prediction 2028
The Cardano price is forecast to reach a minimum of $1.19 in 2028. As per findings, the ADA price could reach a maximum possible level of $1.39, with the average forecast price of $1.29. This is expected as network upgrades, DeFi expansion, and institutional integration strengthen ADA’s utility and demand, supporting steady long-term growth.
Cardano price prediction 2029
According to detailed market projections and historical trend analysis, Cardano (ADA) could trade at a minimum of $3.71 in 2029, reaching as high as $4.72, with an average price of $4.21. This anticipated rise is fueled by ecosystem expansion, broader institutional adoption, and increasing real-world blockchain implementations.
Cardano price forecast 2030
Based on comprehensive technical evaluation and market trends, Cardano (ADA) could see its price bottom around $1.73 in 2030, with highs near $1.91 and an average of $2.09. This projection stems from expanding real-world utility, growing institutional participation, and continued upgrades enhancing Cardano’s scalability and ecosystem strength.
Cardano price prediction 2031
The price of 1 Cardano (ADA) is expected to reach a minimum level of $2.33 in 2031, with a potential peak of $2.63 and an average of $2.48. This forecast is driven by Cardano’s expanding enterprise adoption, stronger smart contract capabilities, and growing integration in global blockchain infrastructure, supporting steady long-term value growth.
Cardano price prediction 2032
As per the forecast and technical analysis, in 2032, ADA coin price prediction is expected to reach a minimum of $3.81, a maximum of $4.46, and an average of $4.13. This upward outlook is supported by Cardano’s full ecosystem maturity, large-scale enterprise integration, and increasing global adoption of decentralized applications built on its network, driving long-term demand and value appreciation.
Cardano price prediction 2026-2032
Cardano ADA price prediction: Analysts’ ADA price prediction
Firm Name
2026
2027
DigitalCoinPrice
$0.31
$0.31
Coincodex
$ 0.3915
$ 0.6216
Cryptopolitan’s Cardano price prediction
According to Cryptopolitan projections, the price of ADA could reach a maximum of $0.35 in 2026. By 2027, Cardano’s price could trade at a maximum of $0.51.
ACH launched near $0.02 in 2020, surged to $0.1975 in August 2021, then slid below $0.10 by year end.
During 2022 and 2023, it fell to $0.0133, later rebounded toward $0.049, but stayed volatile
In 2024, it dropped to $0.0145, recovered above $0.02, and briefly ranged up to $0.0397 in December.
Early 2025 saw swings between $0.016 and $0.040, before weakening again toward $0.020 by mid-year.
Late 2025 into early 2026 marked heavy losses to $0.0070–$0.0078, followed by stabilization near $0.0082.
In early January 2026, Cardano traded around the $0.36 to $0.38 range as buyers tried to stabilize the price after the December decline and defend support in the mid $0.30 area.
By late January into February 7 price slipped toward roughly $0.33 to $0.34, showing continued corrective pressure and consolidation near a key support zone.
Cardano traded around $0.40 on Jan 7, 2026 but steadily declined through the month, falling to roughly $0.29 by Feb 1 as selling pressure increased across the broader altcoin market.
The price briefly recovered afterward, rising from about $0.25 on Feb 5 to around $0.27 on Feb 7, showing a short-term rebound after the early February dip.
Claude Mythos: The Model That Leaked Itself | Ashton AddisonAI & Cybersecurity
Claude Mythos: The Model That Leaked Itself
Inside Anthropic’s accidental unveiling of Claude Mythos — the most powerful AI model ever built, held back because it might be too dangerous to release — and the market meltdown that followed.
AA
Ashton Addison
March 28, 2026 · 8 min read
EXCLUSIVE INVESTIGATIVE
~3,000Assets Exposed
−7%CrowdStrike Drop
−3%IGV ETF Decline
500+Zero-Days Found by Opus 4.6
30Orgs Breached via Claude Code
In one of the more ironic data incidents in recent AI history, Anthropic — a company whose newest model is being held back specifically because of its unprecedented cybersecurity capabilities — accidentally exposed that model to the public through a basic configuration error on its own website.
The fallout was immediate: cybersecurity stocks cratered, crypto slid, and the broader tech sector sold off. But the real story is what the leak revealed about where AI is headed — and whether the industry is ready for a model its own creator calls too dangerous to release.
01 — The LeakHow 3,000 Files Went Public Overnight
On the evening of March 26, 2026, two independent cybersecurity researchers discovered something unusual sitting in a publicly accessible corner of Anthropic’s web infrastructure. Alexandre Pauwels of the University of Cambridge and Roy Paz, Senior AI Security Researcher at LayerX Security, had stumbled into what appeared to be a fully staged product launch — headings, body copy, images, PDFs, and a publication date — all sitting unprotected in an unencrypted, publicly searchable data store.
The disclosure was not a malicious breach. Digital assets — including images, PDF files, and audio files — were set to public by default upon upload, unless explicitly marked private. A toggle switch in Anthropic’s content management system was left in the wrong position, making approximately 3,000 assets linked to Anthropic’s blog publicly accessible. In total, there appeared to be close to 3,000 assets that had not previously been published to the company’s public-facing news or research sites that were nonetheless fully visible.
⚠ Configuration Error
The leak was not a cyberattack. Anthropic attributed it to “human error” in its content management system — a default-public setting that exposed staged assets before any editorial review. The same model the documents warned could trigger AI-powered cyberattacks was revealed by a misconfigured checkbox.
Among those exposed materials: a draft blog post detailing the existence, capabilities, and extraordinary risks of Anthropic’s next-generation AI model — a system called Claude Mythos.
02 — What Is Claude Mythos?A New Tier Above Opus
Anthropic currently markets its models in three tiers: Haiku (small and fast), Sonnet (balanced), and Opus (most capable). The leaked materials introduced a fourth category, internally named Capybara — larger and more intelligent than Opus, and significantly more expensive to run.
From the Leaked Draft
“Capybara is a new name for a new tier of model: larger and more intelligent than our Opus models — which were, until now, our most powerful.”
Two versions of the draft blog post surfaced — one calling the model “Mythos,” the other “Capybara” — suggesting Anthropic was still deciding between name candidates. The subtitle of the Capybara version still read: “We have finished training a new AI model: Claude Mythos.” Both versions explained the name was chosen to evoke “the deep connective tissue that links together knowledge and ideas.”
The draft described Claude Mythos as “by far the most powerful AI model we’ve ever developed.” When Fortune contacted Anthropic for comment, the company acknowledged the project without hesitation: “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. Given the strength of its capabilities, we’re being deliberate about how we release it. We consider this model a step change and the most capable we’ve built to date.”
4th TierNew “Capybara” model class above Opus
↑↑↑Dramatic gains in coding, reasoning & cyber
LimitedEarly access: cyber defenders only
$$$“Very expensive to serve” — no general release
03 — CybersecurityThe Dimension That Stopped the Release
If Anthropic was simply excited about Claude Mythos’s capabilities, it would have launched quietly with the usual product post. Instead, the company is holding it back. The reason, spelled out in the leaked documents, is cybersecurity — and the concern is not hypothetical.
“Currently far ahead of any other AI model in cyber capabilities… it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.”
— Anthropic Internal Draft Blog Post, March 2026
The core issue is what researchers call the dual-use dilemma. The model demonstrated an ability to surface previously unknown vulnerabilities in production codebases — a capability that could help defenders patch flaws just as easily as it helps attackers find and exploit them. The same model that could harden a bank’s infrastructure could be the tool that breaks into it.
⬡ Frontier Red Team Finding — February 2026
Anthropic’s own Frontier Red Team documented that Claude Opus 4.6 — already publicly available — discovered over 500 high-severity zero-day vulnerabilities in production open-source codebases. Some of these bugs had been present for decades despite expert review and millions of hours of accumulated fuzzer CPU time. One vulnerability required conceptual understanding of the LZW compression algorithm — a class of reasoning no fuzzer can replicate. That was the model before Mythos.
The already-public Opus 4.6 raised serious enough flags. Anthropic simultaneously confirmed that hacking groups, including those linked to the Chinese government, had attempted to exploit Claude in real-world cyberattacks. In one documented case, a Chinese state-sponsored group ran a coordinated campaign using Claude Code to infiltrate roughly 30 organizations — including tech companies, financial institutions, and government agencies — before the company detected it. AI handled an estimated 80–90% of the operation.
“In preparing to release Claude Capybara, we want to act with extra caution and understand the risks it poses — even beyond what we learn in our own testing. In particular, we want to understand the model’s potential near-term risks in the realm of cybersecurity — and share the results to help cyber defenders prepare.” — Anthropic Internal Document
For Mythos specifically, Anthropic’s Responsible Scaling Policy (RSP) looms large. The policy defines AI Safety Levels: ASL-3 was activated in May 2025 for models that “substantially increase the risk of catastrophic misuse.” ASL-4, not yet formally triggered, applies when AI models become “the primary source of national security risk in a major area such as cyberattacks or biological weapons.” Based on the language in the leaked drafts, Mythos may be approaching that threshold.
If Mythos truly represents a step change in cyber capabilities, patch cycles that once had days or weeks of breathing room could compress to hours. The cyber arms race, already accelerating, could become asymmetric in a new and dangerous direction — with attackers using AI to discover vulnerabilities faster than human defenders can respond.
04 — Market ImpactStocks, Crypto, and the Selloff
Within hours of Fortune’s reporting, markets reacted sharply. The concerns weren’t irrational: if an AI model can autonomously discover and exploit zero-day vulnerabilities at scale, it threatens the core value proposition of every legacy cybersecurity vendor whose defenses are built on known signatures and historical threat intelligence.
Company
Ticker
Drop (Mar 27)
Sector
CrowdStrike
CRWD
−7.0%
Endpoint Security
Palo Alto Networks
PANW
−6.0%
Network Security
Zscaler
ZS
−4.5%
Cloud Security
Okta
OKTA
−3.0%
Identity & Access
SentinelOne
S
−3.0%
AI-Powered Security
Fortinet
FTNT
−3.0%
Network Security
iShares Tech-Software ETF
IGV
−3.0%
Broad Tech
Bitcoin
BTC
↓ $66K
Crypto / Risk-Off
Raymond James analyst Adam Tindle outlined several risks: compression of traditional defensive advantages, higher attack complexity and cost to defend, and potential shifts in security architecture and spending. Defensive approaches based on known signatures, vulnerability databases, or prior threat intelligence telemetry could be pressured as AI enables continuous discovery of novel attack surfaces.
“We read this as having the potential to become the ultimate hacking tool — one that can elevate any ordinary hacker into a nation-state adversary.”
— Analyst Note, March 27, 2026
Paradoxically, however, not every analyst read the Mythos news as a pure negative for cybersecurity. The same analyst argued that announcements like this should continue elevating cybersecurity as a top IT priority, driving spend towards modernizing cyber defenses and away from legacy tools. If AI-powered attacks are coming, companies will need AI-powered defenses — and that is a significant market opportunity.
05 — The Deliberate RolloutDefenders Get a Head Start
Anthropic’s planned release strategy for Mythos was unlike anything the company had done before. Rather than a broad API launch, the rollout was designed to be defensive-first: early access would go exclusively to cybersecurity organizations, giving them a window to harden their systems before the model — or its inevitable imitators — reached bad actors.
Phase 1 — Now
Small cohort of early-access customers, focused on cybersecurity defense. Evaluating model behavior and risks in controlled environments.
Phase 2 — TBD
Expanded Claude API access, after efficiency improvements bring down cost. Model currently described as “very expensive to serve.”
Phase 3 — No Date Set
General release, contingent on safety evaluation outcomes and cost reduction milestones. Timeline entirely open-ended.
The irony of the situation is layered. Anthropic wanted to give cyber defenders a head start — to publish benchmarks showing Mythos’s offensive potential, allow security teams to study its techniques, and harden defenses accordingly. Instead, the existence of the model, its capabilities, and Anthropic’s own alarming internal risk assessment landed in public simultaneously, with no safety preparation, no controlled disclosure, and no ability to brief the security community in advance.
06 — The IronyThe Most Cybersecurity-Aware Leak in History
The Punchline
A company warning the world about AI-powered cyberattacks was undone by a checkbox. The model described as posing “unprecedented cybersecurity risks” was revealed through a default-public CMS configuration — not by a sophisticated nation-state, not by a zero-day exploit, but by a toggle left in the wrong position.
The tech community was quick to note the absurdity. In an enormously ironic twist, the draft blog obtained by Fortune — which was “available in an unsecured and publicly-searchable data store” — was the very document claiming the new model poses unprecedented cybersecurity risks. As one observer put it: let’s hope the new model wasn’t responsible for the security of Anthropic’s company blog.
It is a test for the company, which has received significant media attention for its Claude Code and Claude Cowork tools. The successes of those products have rattled competitors. The Mythos leak adds a different kind of pressure — one rooted not in capability rivalry but in questions about Anthropic’s own operational security posture at the exact moment it is asking the world to trust its judgment on frontier AI safety.
07 — What Comes NextIPOs, Lawsuits, and Open Questions
The Mythos story does not exist in a vacuum. Anthropic is simultaneously navigating a federal lawsuit against the Pentagon over a supply-chain risk designation rooted in its refusal to remove safety guardrails from Claude. Reports also surfaced this week that the company has been discussing a Q4 2026 IPO. The revelation that Anthropic is sitting on a model it considers potentially too dangerous for general release adds new dimensions to both of those threads.
For the Pentagon dispute, it provides ammunition to critics who argue Anthropic selectively applies its safety principles. For investors and IPO watchers, it raises questions about when and how Mythos revenue appears on a balance sheet — and whether regulators might weigh in before a general release is possible.
For the broader cybersecurity industry, the implications are structural. If Mythos — and the wave of similar models it is expected to inspire — can discover zero-day vulnerabilities faster than human analysts and patch systems can respond, the entire architecture of defensive cybersecurity shifts. Signature-based detection, historical threat intelligence, and human-speed incident response all face obsolescence. The question is whether the defenders, now armed with early access to Mythos itself, can adapt faster than the attackers who will inevitably get access to similar capabilities.
⬡ The Core Risk Equation
Anthropic’s own framing: give cyber defenders a head start with Mythos → they harden systems → when similar models reach bad actors, defenses are already stronger. The flaw in that plan: the deliberate head start was eliminated the moment the leak happened. Defenders and the public now know simultaneously.
For now, Mythos remains behind closed doors — tested quietly, released carefully, and very much on the world’s radar after a week nobody at Anthropic planned for. The name was chosen to evoke the deep connective tissue that links knowledge and ideas. Instead, it became the story of how a single misconfigured setting linked a company’s most sensitive secrets to anyone with a search engine.
