Alessandro Rocco Pietrocola

Hong Kong-based crypto investment firm HashKey Capital announced the launch of an XRP fund, with plans to convert it into an exchange-traded fund (ETF) in the future.According to an April 18 announcement, the fund, officially titled the HashKey XRP Tracker Fund, is reportedly “the first investment fund in Asia designed to track the performance of XRP.”XRP developer Ripple will serve as the fund’s anchor investor. In a separate X post, HashKey Capital said the fund aims to bring “more institutional capital into regulated XRP products and the broader digital asset ecosystem.”Close collaboration with RippleIn another X post, HashKey Capital said the fund marks the beginning of a closer collaboration with Ripple. The two firms “are exploring new investment products, cross-border DeFi solutions, and tokenization —including the possibility of launching a money market fund (MMF) on the XRP ledger.”Related: Ripple vs. XRP vs. XRP Ledger: What’s the difference?In the announcement, HashKey Capital partner Vivien Wong said the firm will share its connections with financial institutions, regulators and investors in Asia with Ripple, adding: “Ripple offers us the opportunity to collaborate on more investment products and solutions across cross-border payment solutions, decentralized finance (DeFi), and enterprise blockchain adoption.”A Hong Kong XRP ETF in the works?The XRP (XRP) Tracker Fund is HashKey Capital’s third tracker fund and follows the firm’s Bitcoin (BTC) and Ether (ETH) ETF products. The company noted that this product may also become an ETF in the future.Source: HashKey CapitalRelated: XRP: Why it’s outperforming altcoins — and what comes nextA boon for XRP’s institutional adoption in AsiaHank Huang, CEO of Kronos Research, a crypto investment firm based in Asia, told Cointelegraph that “the launch of the XRP Tracker Fund by HashKey Capital marks a pivotal moment for institutional adoption” in the region. He said regulated and transparent products like Hashkey’s fund are what institutional investors need to enter the market. “XRP’s proven use case in cross-border payments, combined with HashKey’s robust infrastructure, sets the stage for meaningful capital inflows and wider acceptance of crypto assets in global finance,“ Huang said.Magazine: XRP win leaves Ripple and industry with no crypto legal precedent set

Altcoins may see a resurgence in the second quarter of 2025 as regulations for digital assets continue to improve, according to Swiss bank Sygnum.In its Q2 2025 investment outlook, Sygnum said the space has seen “drastically improved” regulations for crypto use cases, creating the foundations for a strong alt-sector rally for the second quarter. However, it added that “none of the positive developments have been priced in.” In April, Bitcoin dominance reached a four-year high, signaling that crypto investors are rotating their funds into an asset perceived to be relatively safer. Still, Sygnum said regulatory developments in the US, such as President Donald Trump’s establishment of a Digital Asset Stockpile and advancing stablecoin regulations, may propel broader crypto adoption.“We expect protocols successful in gaining user traction to outperform and Bitcoin’s dominance to decline,” Sygnum wrote. Increased focus on economic value ignites competitionSygnum also said that competition would increase as the market focuses on economic value. Increased competition in a market often results in better products, ultimately benefiting consumers: “The market’s increased focus on economic value compels greater competition for user growth and revenues, with rising protocols such as Toncoin, Sui, Aptos, Sonic, or Berachain taking different approaches.”Sygnum added that while high-performance blockchains address limitations of the Bitcoin, Ethereum and Solana blockchains, they find it challenging to achieve meaningful adoption and fee income. Sector breakdown by market capitalization. Source: SygnumThe report highlighted that some approaches have been more sustainable. These include Berachain’s approach of incentivizing validators to provide liquidity to decentralized finance (DeFi) applications, Sonic’s rewarding developers that attract and retain users, and Toncoin’s Telegram affiliation to access 1 billion users.Aside from layer-1 chains, Sygnum highlighted that layer-2 networks like Base also have potential. The report pointed out that while the memecoin frenzy on the blockchain pushed its users and revenue to new highs, it made an equally sharp decline after memecoins started losing steam. Despite this, Sygnum noted that Base remains the layer-2 leader in metrics like daily transactions, throughput and total value locked. Related: Italy finance minister warns US stablecoins pose bigger threat than tariffsMemecoins still a leading crypto narrative in Q1Despite recent price declines, memecoins remained a dominant crypto narrative in Q1 2025. A CoinGecko report recently highlighted that memecoins remained dominant as a crypto narrative in the first quarter of 2025. The crypto data company said memecoins had 27.1% of global investor interest, second only to artificial intelligence tokens, which had 35.7%.While retail investors are still busy with memecoins, institutions have a different approach. Asset manager Bitwise reported on April 14 that publicly traded firms are stacking Bitcoin. At least 12 public companies purchased Bitcoin for the first time in Q1 2025, pushing public firm holdings to $57 billion.Magazine: Uni students crypto ‘grooming’ scandal, 67K scammed by fake women: Asia Express

Bitcoinlib, explained Bitcoinlib is an open-source Python library designed to make Bitcoin development easier. Think of it as a toolbox for programmers who want to create Bitcoin wallets, manage transactions, or build apps that interact with the Bitcoin blockchain. Since its launch, it’s been downloaded over 1 million times, showing just how widely trusted and used it is in the crypto community.Here’s what Bitcoinlib does in a nutshell:Creates and manages wallets: It lets developers build Bitcoin wallets to store, send and receive Bitcoin securely.Handles transactions: It simplifies the process of creating, signing and broadcasting Bitcoin transactions.Supports multiple networks: Bitcoinlib works with Bitcoin’s main network (where real money is involved) and test networks (for experimenting without risk).Open-source and flexible: Being open-source, anyone can use, modify or contribute to its code, making it a go-to for developers worldwide.For beginners, Bitcoinlib is like a user-friendly bridge to Bitcoin’s complex world. Instead of wrestling with the blockchain’s technical details, developers can use Bitcoinlib’s ready-made functions to get things done quickly. For example, this library automates tricky tasks like generating private keys or signing transactions, saving developers hours of coding. Bitcoinlib under fire: How PyPI typosquatting put crypto wallets at risk In early April 2025, security researchers raised alarms about a malicious attack targeting Bitcoinlib users. Hackers didn’t attack the Bitcoinlib library itself but instead used a sneaky trick to fool developers into downloading fake versions of the library. This attack involved uploading malicious packages to PyPI, the platform where developers download Python libraries like Bitcoinlib. For developers and enthusiasts, tools like Bitcoinlib make it easier to interact with Bitcoin’s blockchain, create wallets, and build applications. But with great power comes great responsibility — and unfortunately, great risk. The 2025 Software Supply Chain Security Report by ReversingLabs reveals that software supply chain attacks grew more sophisticated in 2024, with particular intensity around cryptocurrency applications. The report highlights 23 malicious campaigns targeting crypto infrastructure, primarily through open-source repositories like npm and PyPI (Python Package Index). Attackers employed both basic typosquatting and advanced tactics, such as creating legitimate-looking packages that were later updated with malicious code. Examples include the “aiocpa” package, which initially appeared benign but was later weaponized to compromise wallets, and the attack on Solana’s web3.js library.ReversingLabs calls cryptocurrency a “canary in the coal mine,” noting that the financial incentives make crypto platforms an attractive target — and a preview of future threats to other industries. The report urges organizations to move beyond trust-based assumptions, especially when dealing with third-party or closed-source binaries.Let’s break down how it happened and why it’s a big deal.How hackers targeted BitcoinlibHere’s a step-by-step look at the attack:Fake packages uploaded to PyPI: Hackers created two fake Python packages called “bitcoinlibdbfix” and “bitcoinlib-dev.” These names were deliberately chosen to sound legitimate, tricking developers into thinking they were updates or fixes for the real Bitcoinlib.Masquerading as solutions: The fake packages were marketed as solutions to a supposed issue with Bitcoinlib that caused error messages during Bitcoin transfers. Developers, eager to fix their code, downloaded these packages without suspecting foul play.Malware embedded in the code: Once installed, the fake packages unleashed wallet-draining malware. This malware replaced a legitimate command-line tool (called clw) with a malicious version. The fake tool was designed to steal sensitive data, such as private keys and wallet addresses, which are the keys to accessing and moving Bitcoin.Stealing crypto assets: With private keys in hand, hackers could access victims’ Bitcoin wallets and transfer funds to their own accounts. Since Bitcoin transactions are irreversible, victims had little chance of recovering their money.Thankfully, security researchers used machine learning to spot the malware. By analyzing patterns in the fake packages, they identified the threat and warned the community, helping to limit the damage.Why does this attack matter?This hack wasn’t about breaking Bitcoin’s blockchain (which remains secure) but about exploiting human trust. Developers who downloaded the fake packages thought they were getting the real library and ended up with malware that could wipe out their Bitcoin (BTC) savings. It’s a reminder that even trusted platforms like PyPI can be used for scams if you’re not careful. How typosquatting made the Bitcoinlib attack so effective The Bitcoinlib attack worked because of a tactic called typosquatting. This is when hackers create fake package names that look almost identical to the real ones (like “bitcoinlibdbfix” instead of “bitcoinlib”). Developers, especially those in a rush, might not notice the difference. Here’s why this trick was so effective:Trust in PyPI: PyPI is the go-to place for Python libraries, so developers assume packages there are safe.Clever naming: The fake packages sounded like official updates, making them seem legitimate.Targeting beginners: New developers, less familiar with spotting scams, were more likely to fall for it.The attack also highlights a broader issue: Open-source platforms rely on community oversight, but they can’t catch every bad actor. Hackers know this and use it to their advantage. New to crypto? Here’s what the Bitcoinlib incident teaches about staying safe If you’re new to crypto, the Bitcoinlib hack might sound scary, but it’s not a reason to avoid Bitcoin or development tools. Instead, it’s a chance to learn how to stay safe in a space that’s full of opportunities — and risks. Bitcoinlib is still one of the ways to dip your toes into blockchain development, as long as you take precautions.Here’s why this matters for you (as a beginner):Crypto is growing: With Bitcoin’s value soaring and governments exploring digital currencies, learning tools like Bitcoinlib can open doors to exciting careers.Security is key: Understanding scams now will make you a smarter, safer crypto user in the future.Community power: The crypto world thrives on collaboration. By staying informed, you can help protect others from scams.Bitcoinlib is a game-changer for developers who want to explore Bitcoin’s potential. It’s easy to use, powerful and backed by a vibrant community. But as the Bitcoinlib attack showed, even the best tools can be targeted by hackers if you’re not careful. By sticking to trusted sources, double-checking package names and keeping security first, you can use Bitcoinlib to build amazing things without worry.The crypto world is full of surprises — some good, others not so good. The Bitcoinlib hack reminds one to stay curious but cautious. Whether you’re coding your first wallet or just learning about Bitcoin, take it one step at a time, and you’ll be ready to navigate this exciting space like a pro.Have you used Bitcoinlib before, or are you thinking about trying it?During your engagement with Bitcoinlib, if you come across anything suspicious, don’t stay silent — spread the word. In a decentralized world, community awareness is one of the strongest defenses. How to protect yourself from similar crypto hacks If you’re a developer or crypto user worried about falling for scams like this, don’t panic. Here are some beginner-friendly tips to stay safe:Double-check package names: Always verify the exact name of the package you’re downloading. For Bitcoinlib, stick to the official package (just “bitcoinlib”) and avoid anything with extra words like “fix” or “dev.”Use trusted sources: Download libraries only from reputable platforms like PyPI’s official site, and check user reviews or download counts to gauge trustworthiness.Keep software updated: Regularly update your Python environment and libraries to avoid bugs that hackers could exploit.Use antivirus software: A good antivirus can catch malware before it causes harm, even if you accidentally download a bad package.Store private keys safely: Never store private keys on your computer or in code. Use a hardware wallet (like a Ledger or Trezor) for extra security.Learn to spot scams: If a package claims to fix an urgent issue or seems too good to be true, take a moment to research it. Google the package name or check crypto forums for warnings.Above all, the lesson is clear for Bitcoinlib users: Stick to the official package and verify everything. For the broader crypto world, this attack underscores the need for better security on open-source platforms.

The Synthetix protocol’s native stablecoin, Synthetix USD (SUSD), has slipped further away from its US dollar peg, reaching new all-time lows under $0.70. However, the firm reiterates that this isn’t the first time the asset has been under significant stress, and several risk measures are in place.“Synthetix and sUSD have weathered multiple bear markets and periods of stablecoin volatility; this is not the first resilience test,” a spokesperson from Synthetix told Cointelegraph.SUSD down almost 31% from its intended 1:1 pegsUSD is a crypto-collateralized stablecoin. Users lock up SNX tokens to mint sUSD, making its stability highly dependent on the market value of Synthetix (SNX). At the time of publication, sUSD (SUSD) is trading at $0.70, 30% below its intended 1:1 peg with the US dollar, according to CoinMarketCap data.sUSD reached as low as $0.66 before rebounding to $0.70 at the time of publication. Source: CoinMarketCapDuring the same period, SNX has held relatively steady, dipping just 1.08% over the past week, trading at $0.63. However, from a broader view of the overall crypto market downturn, SNX has fallen approximately 26% over the past 30 days.The spokesperson explained that sUSD’s short-term volatility is driven by “structural shifts” after the SIP-420 launch, a proposal that shifts debt risk from stakers to the protocol itself. They explained that the firm has short, medium, and long-term plans to mitigate the risks.In the short term, Synthetix said it will continue supporting liquidity for sUSD through Curve pools and deposit campaigns on its derivatives platform, Infinex.For mid-term measures, Synthetix has introduced “simple debt-free” SNX staking that it says will “encourage individual debt repayment.”Over the long term, the firm says it will make capital efficiency changes through the 420 Pool, take over protocol-level management of sUSD supply, and introduce new “adoption-focused mechanisms” across Synthetix products.Related: Crypto in a bear market, rebound likely in Q3 — CoinbaseSynthetix founder Kain Warwick explained on April 2 that the volatility is largely due to the primary driver of sUSD buying having been removed. “New mechanisms are being introduced, but in this transition, there will be some volatility,” Warwick said in an X post.“It is worth pointing out that sUSD is not an algo stable, it is a pure crypto collateralized stable, the peg can and does drift, but there are mechanisms to push it back in line if it goes above or below the peg,” he added.On April 10, Cointelegraph reported that the asset has faced persistent instability since the start of 2025. On Jan. 1, sUSD dropped to $0.96 and only rebounded to $0.99 in early February. Prices continued to fluctuate through February before stabilizing in March. Magazine: 3 reasons Ethereum could turn a corner: Kain Warwick, X Hall of FlameThis article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

There has been a 66% year-on-year decrease in the number of crypto rug pulls this year compared to 2024, but recent data shows the size of each rug pull has been increasing. Rug pulls have dropped in frequency year-over-year, with early 2024 recording 21 separate incidents, compared to only seven so far in 2025, according to an April 16 report from blockchain analytics platform DappRadar.However, since the beginning of 2025, the Web3 ecosystem has lost nearly $6 billion to rug pulls, according to DappRadar’s report. However, the report attributes 92% of that to Mantra’s OM token collapse, which the founders have strongly denied was a rug pull.In comparison, during the same period in early 2024, three months into the year, total losses from rug pulls hit $90 million.“This shift suggests that rug pulls are becoming less frequent, but far more devastating when they do occur,” DappRadar analyst Sara Gherghelas said. “The scams are increasingly sophisticated, often orchestrated by teams with polished branding and well-planned narratives.”Memecoins main culprit for rug pulls Gherghelas says the nature of rug pulls is evolving. In the first quarter of 2024, most originated in DeFi protocols, NFT projects, and memecoins. In the same time frame for 2025, most rug pulls occurred in memecoins.Libertad project’s native Solana token, Libra (LIBRA), is one of the more recent high-profile cases of a rug pull; it rallied to a market capitalization of $4.56 billion on Feb. 14 after Argentina’s president, Javier Milei, posted about it on X.The token then fell by over 94% after he deleted the post, prompting accusations of a pump-and-dump scheme. “Rug pulls and exit scams remain a persistent threat, especially in ecosystems where projects can rapidly gain traction through hype, only to disappear with user funds overnight,” Gherghelas said.“Despite increasing awareness and more tools to detect suspicious behavior, rug pulls remain a recurring issue, particularly in DeFi and newly launched token ecosystems.”Gherghelas says red flags for rug pulls can include a sudden spike in unique active wallets without an apparent reason or unusually high volume paired with low user activity.DappRadar analyst Sara Gherghelas says several red flags could signal a project is a rug pull. Source: DappRadarAt the same time, projects with unverified smart contracts, limited GitHub activity, or anonymous developer teams or DApps that spike overnight can also be a red flag.Related: Savvy memecoin trader makes $988K in 3 hours despite rug pull“As the industry matures, so do the tactics used by bad actors. But the tools available to users are also getting stronger,” Gherghelas said.“While rug pulls may never be fully eradicated, their impact can be drastically reduced when users are equipped with the right information.”  Magazine: Mystery celeb memecoin scam factory, HK firm dumps Bitcoin: Asia Express

Manta Network co-founder Kenny Li says he was targeted by a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to have him download malware. The meeting seemed real with the impersonated person’s camera on, but the lack of sound and a suspicious prompt to download a script raised red flags, Li said in an April 17 X post.“I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file. I immediately left.”Li then asked the impersonator to verify themselves over a Telegram call, however, they didn’t comply and proceeded to erase all messages and block him soon after.Source: Kenny LiLi believes the North Korean state-backed Lazarus Group was behind the attack.The Manta Network co-founder managed to screenshot his conversation with the attacker before the messages were deleted, where Li initially suggested moving the call over to Google Meet instead.Source: Kenny LiSpeaking with Cointelegraph, Li said he believes the live shots used in the video call were taken from past recordings of real team members.“It didn’t seem AI-generated. The quality looked like what a typical webcam quality looks like.”Source: Kenny LiLi confirmed that the real person’s accounts had been compromised by the Lazarus Group.Beware of being asked to download anything, says LiLi advised other members of the crypto community to always be aware of anything they’re asked to download out of the blue.“The biggest red flag will always be a downloadable. Whether it’s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side, don’t do it.”The Manta executive acknowledged that it could easily fool a crypto executive accustomed to being bombarded with messages and accepting sudden meeting requests.“These are hacks that play to your emotional connection and potentially mental fatigue.”Other members of the crypto community share similar storiesLi wasn't the only to be targeted by the hackers in recent days.“They also asked me to download Zoom via their link, and said that it's only for their business. Even though I actually have Zoom on my computer, I couldn’t use it,” a member of ContributionDAO said.Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack“They claimed it had to be a business version that they had registered. When I requested to switch to Google Meet instead, they refused.”Crypto researcher and X user “Meekdonald” said a friend of theirs fell victim to the exact same strategy that Li avoided.Magazine: Meet the hackers who can help get your crypto life savings back