cover

The 360 vulnerability mining agent recently discovered and reported 1 high-risk and 2 medium-risk high-value vulnerabilities related to OpenClaw, totaling 3 vulnerabilities. Currently, all newly discovered vulnerabilities have been officially patched and publicly disclosed.It is understood that the three newly discovered vulnerabilities directly target the core operating mechanism of AI agents, directly affecting the core security of user devices, data, and accounts.

Liquid Capital founder Jack Yi posted on social media that the crypto asset recovery service provider imBack successfully unlocked an iPhone that had been sealed for 18 years and recovered BTC that was previously thought to be permanently lost.Jack Yi stated that he had no expectations of recovering the wallet, and imBack's technical capabilities exceeded expectations. Based on this experience, he has quickly completed an investment in imBack. It is reported that imBack can provide recovery services for early users who hold assets like BTC and ETH but are unable to access their wallets due to device lock or lost private keys.

According to the official blog, Circle's institutional-grade blockchain Arc has released a phased upgrade roadmap for post-quantum cryptography (PQ), planning to introduce post-quantum signature schemes at the launch of the mainnet, gradually covering full-stack layers such as private state protection, infrastructure hardening, and validator authentication.The Arc mainnet will support post-quantum signatures from the outset, using an opt-in mechanism that does not require mandatory migration or a full network reset, allowing users to independently create wallets with long-term security. The recent goal is to extend quantum resistance to the private virtual machine (VM) layer, protecting private balances, private transactions, and private payees, with public keys additionally encapsulated in a symmetric encryption layer under privacy mode.The mid-term plan is to advance the upgrade of the infrastructure layer, aligning with industry standards such as TLS 1.3, covering access control, cloud environments, and hardware security modules (HSM). The long-term goal is to complete the hardening of validator signatures. Given that Arc's block finalization time is less than 1 second, the current assessment considers the risk of quantum attacks in this phase to be relatively limited, and it will be steadily advanced after the post-quantum consensus toolchain matures.Circle also warns that attackers may adopt a "collect now, decrypt later" strategy, and institutions should plan their cryptographic migration paths as early as possible.

AI company Anthropic announced that starting from April 4 at 15:00 Eastern Time, it will prohibit access to third-party tools through the Claude subscription service, including the open-source project OpenClaw. The new regulations require that related features can only be used through additional packages or billed on a pay-as-you-go basis via API.This adjustment means that many developers and teams relying on OpenClaw to build automated workflows will shift from a fixed subscription cost model to an unlimited pay-as-you-go system, significantly increasing overall usage costs. Some developers have indicated that the original usage cost of about $20/month could soar to hundreds or even thousands of dollars.The market generally believes that this move is related to OpenClaw founder Peter Steinberger's recent joining of OpenAI. Meanwhile, Anthropic is accelerating the promotion of its own tool ecosystem, including native integration solutions for Claude, to replace third-party toolchains.It is worth noting that Anthropic has previously tightened third-party access through technical restrictions, updates to service terms, and feature replacements. This policy is seen as a "final blockade" and will be extended to more tools.Industry analysis points out that this event reflects an intensifying trend of "ecosystem tightening" in AI platforms, with leading companies strengthening control through vertical integration. At the same time, the developer ecosystem faces rising cost uncertainties and platform dependency risks, which may further drive some users toward more open alternatives.

According to Decrypt, the U.S. Attorney's Office for the District of Connecticut announced that it has recovered and seized over $600,000 in cryptocurrency after a Ledger hardware wallet user fell victim to a phishing scam, being lured into performing a so-called security check by a letter impersonating "Ledger Security and Compliance," resulting in approximately $234,000 in crypto assets being stolen.The FBI and state police tracked the flow of funds, successfully seizing about $600,000 in USDT and filing a civil forfeiture lawsuit, alleging that the source of the funds involved wire fraud and money laundering. It is reported that this is one of a series of phishing incidents targeting hardware wallet users, where scammers used physical mail letters featuring company logos, holograms, and QR codes to enhance the credibility of the fraud. Similar incidents have affected companies like Ledger and Trezor, accompanied by data breaches and vulnerabilities in third-party services, leading to ongoing phishing attacks.

According to the official announcement, Binance has launched 13 new AI Agent skills, and the AI Agent can now access the full range of Binance products: from advanced derivatives trading and algorithm execution to fiat, payments, yield generation, and tokenized securities.Through a unified interface, the AI Agent can now fully execute end-to-end workflows ------ from research and discovery to trading, settlement, and portfolio management, without the need to switch any tools.

According to The Block, investment firm Benchmark has initiated coverage on Securitize for the first time, giving it a buy rating with a target price of $16. Analyst Mark Palmer compared it to the "shovels and picks" of the tokenization field, believing that Securitize can benefit regardless of which type of tokenized product or issuer ultimately prevails.The report points out that tokenization is one of the most profound transformations in the capital markets since the introduction of electronic trading, and Securitize is at the core of this transformation. Currently, the company holds about 70% of the U.S. tokenization market and has partnered with leading asset management firms such as BlackRock. Securitize plans to go public on Nasdaq through a merger with Cantor Equity Partners II, with the stock ticker SECZ.

Resolv Labs co-founder Ivan released an update on the protocol security incident and subsequent recovery progress. It is reported that whitelisted USR users can redeem first, mainly because their wallets have been verified, and the Resolv team can manually process within 24 hours to control risks. Currently, 98% of related redemptions have been completed.For non-whitelisted USR holders before the vulnerability occurred, Resolv promises to redeem at a 1:1 ratio as well, but the relevant redemption technical plan is still being finalized.Regarding whether there are internal personnel involved, Ivan stated that no evidence of internal participation has been found so far. For USR holders, LPs, and RLP holders after the vulnerability occurred, the subsequent processing involves legal, technical, and ecological coordination among multiple parties, and there is no single solution at this time. A complete recovery plan does not yet have a clear timetable, and the follow-up will be completed as soon as possible while ensuring prudent progress.Previously, the Resolve attacker used 200,000 USDC to mint 80 million USR.

DeFi project Steakhouse Financial disclosed yesterday that it encountered a phone social engineering attack targeting OVH Cloud, where the attacker changed the DNS A records of the main site and app subdomains to point to a malicious IP, and attempted to initiate a 5-day domain transfer. The related changes have been revoked, the DNS records have been cleared, and they are working with OVH to resolve the issue. All vaults and contracts were unaffected, depositor funds are safe, and no other service accounts were compromised. Please do not interact with the official website and emails until the issue is resolved; a detailed post-incident report will be released as soon as possible.Early this morning, Steakhouse Financial stated that during the period when the official website domain DNS records were cleared, the vault could still be accessed directly through Morpho, and all functions such as deposits and withdrawals were operating normally. Confirmation will be provided once the front end is restored.

The globally oriented Web3 intellectual property (IP) infrastructure project BeatSwap will launch its core product "Space" in Q2. This product is defined as the SocialFi layer in the ecosystem, aimed at directly connecting creators with users and achieving deep integration with other modules of the platform.As a result, a complete user behavior closed loop is formed within the platform: Discovery; Participation; Consumption; Rewards; Trading. The announcement states that the launch of this product marks BeatSwap's evolution towards a full-stack Web3 infrastructure. Through the integration of IP certification and on-chain registration, revenue distribution, incentive mechanisms, and other aspects, the platform constructs an end-to-end closed-loop path, allowing IP rights to complete the full cycle of "creation---usage---monetization" within the same ecosystem.

BNB Chain posted on platform X that the first phase of the BNB Beacon Chain recovery tool will stop operating in 3 days. If users hold BEP2 tokens on the BNB Beacon Chain, they should migrate them to BSC as soon as possible to expedite processing.

Cointelegraph Research's latest report shows that the United Nations Development Programme is applying blockchain technology to the construction of public digital infrastructure, focusing on addressing issues of transparency, collaborative efficiency, and trustworthy data sharing in government systems.The report "New Tech, New Partners" outlines 42 practical cases covering areas such as digital payments, financial inclusion, climate funding, data governance, and community investment, among which 7 focus on digital identity and data systems, primarily distributed in developing economies in Africa, Latin America, Asia, and Eastern Europe. The research points out that UNDP adopts a "pilot---validate---scale" approach, collaborating with governments, developers, and local businesses to first implement small-scale projects and then gradually promote them based on actual results. It also emphasizes a "platform-agnostic" architecture to maintain system openness and interoperability. Furthermore, the report highlights the importance of governance and risk control, stating that the application of blockchain in public systems requires accompanying privacy protection, regulatory frameworks, and audit mechanisms to prevent data misuse and smart contract risks. Overall, blockchain is extending from financial scenarios to public governance infrastructure, becoming one of the important technological options for digital transformation in various countries.

According to Bloomberg ETF analyst James Seyffart's post on platform X, data shows that Bitcoin ETFs recorded a large outflow of approximately $9 billion, but have currently recovered about $3 billion of the outflow.Although the overall net outflow still exceeds $6 billion, looking at the performance this year, the inflows and outflows of Bitcoin ETFs have nearly balanced out, indicating a certain recovery in market sentiment.

The crude oil market has seen a corrective rebound after previous fluctuations. International oil prices have generally strengthened, with Brent crude (XBR) currently at $101.03, up 2.16% in 24 hours; WTI crude (XTI) is currently at $93.80, up 2.02%, showing a volatile upward trend.Against the backdrop of intensified price fluctuations, the trading activity of crude oil contracts remains high. According to CoinGlass data, the 24-hour trading volume of XTI contracts on the Gate platform reached $5.1763 million; at the same time, the open interest of XBR contracts reached $3.1472 million, both maintaining a leading position in the industry, reflecting the platform's liquidity advantage and increasing market participation in energy derivatives trading.Gate contracts pioneered the commodity contract segment, covering XBRUSDT (Brent crude), XTIUSDT (WTI crude), and NG (natural gas) perpetual contract trading, providing 24/7 trading, USDT settlement, and up to 100x leverage, helping users with cross-market asset allocation and strategic layout in volatile markets.

According to Gate market data, the S&P 500 index futures recovered from losses to remain flat, while the Nasdaq index futures rose by 0.1%.

According to monitoring by BitcoinTreasuries.NET, GameStop has pledged 4709 of its 4710 bitcoins as collateral, staked to Coinbase for a covered call option strategy.

Resolv Labs issued an update regarding a security incident, stating that a malicious attacker illegally accessed Resolv's infrastructure through a stolen private key and minted approximately $80 million worth of uncollateralized USR. The relevant smart contracts have been quickly paused, and approximately 9 million USR held by the attacker have been destroyed to mitigate potential impact.Currently, the protocol holds about $141 million in assets, with the confirmed actual impact being only about $500,000 in redemptions processed before the pause. The current USR supply consists of approximately 102 million tokens before the incident and about 71 million newly minted illegal tokens. As the first step towards recovery, Resolv plans to allow redemptions of pre-incident USR starting from March 23, 2026, for whitelisted users. Affected users should coordinate directly with RDAL through official channels.The announcement stated that the incident stemmed from unauthorized actions by a third party, including targeted infrastructure attacks. Resolv's underlying collateral has not been directly compromised. The team is tracking and attempting to control the illegally minted USR and other affected assets, coordinating with partners and counterparties, and working with law enforcement and on-chain analysis companies to trace the responsible parties. Resolv strongly advises against trading USR or related Resolv tokens during the implementation of recovery measures, as user trading behavior after the incident may affect the recovery process.

Fluid stated on platform X that the team has secured a short-term loan sufficient to cover 100% of the bad debt currently in the agreement. These funds are committed by Lomashuk, cyberfund, weremeow, and the Fluid core team to ensure the safety of user funds.ResolvLabs has confirmed that it will cover all USR positions generated before the security incident occurred and will open the necessary redemptions to close related debt positions. Additionally, several investors have expressed interest in purchasing FLUID from the treasury when additional funds are needed to further strengthen the protocol's backup support. The Fluid smart contracts are operating normally, all other markets are functioning as usual, the protocol safeguards remain effective, and users may encounter temporary interest rate fluctuations during the liquidation period.

According to Gate market data, the S&P 500 futures have recovered from the early morning decline, the Nasdaq futures are currently down 0.1%, and the Dow futures are up 0.15%.