Article content

DUBLIN, Ohio, Dec. 19, 2024 (GLOBE NEWSWIRE) — reAlpha Tech Corp. (“reAlpha” or the “Company”) (Nasdaq: AIRE), a real estate technology company developing and commercializing artificial intelligence (“AI”) technologies, today announced that its board of directors has approved an investment policy for the purchase of cryptocurrencies and to adopt Bitcoin, Ethereum and Solana (collectively, the “cryptocurrencies”) as reAlpha’s primary treasury reserve assets. The Company plans to allocate up to 25% of its cash in excess of its estimated 6-month period operating expenses, if any, towards cryptocurrency purchases, subject to market conditions and actual operating needs of the Company, reflecting the Company’s commitment to innovative capital management and diversification strategies.

Article content

Cryptocurrencies are recognized as a decentralized store of value, and the decision to adopt cryptocurrencies as reAlpha’s primary treasury reserve assets is part of its strategy to diversify its treasury holdings, which is currently only comprised of cash.

“This board-approved initiative demonstrates our forward-looking approach to capital management,” said Giri Devanur, Chief Executive Officer of reAlpha. “By adopting this new investment policy and allocating a portion of our excess cash to cryptocurrencies after accounting for our operating needs and acquisition opportunities, we aim to diversify our treasury holdings and position reAlpha to adapt to changing market conditions and growing global acceptance of cryptocurrencies, while retaining the flexibility to execute our growth initiatives.”

The cryptocurrencies are expected to serve as reAlpha’s primary treasury reserve assets on an ongoing basis, subject to market conditions and the anticipated cash needs of reAlpha. reAlpha will monitor its future cryptocurrencies holdings closely to adjust its allocation strategy in response to market conditions or evolving regulatory frameworks, if needed.

Article content

For more details regarding reAlpha’s cryptocurrency treasury strategy and investment policy, please refer to the Current Report on Form 8-K to be filed with the U.S. Securities and Exchange Commission (the “SEC”) and supplemental disclosures included therein.

About reAlpha Tech Corp.

reAlpha Tech Corp. (Nasdaq: AIRE) is a real estate technology company developing an end-to-end commission-free homebuying platform. Utilizing the power of AI and an acquisition-led growth strategy, reAlpha’s goal is to offer a more affordable, streamlined experience for those on the journey to homeownership. For more information, visit www.reAlpha.com.

About the reAlpha Platform

reAlpha (previously called “Claire”), announced on April 24, 2024, is reAlpha’s generative AI-powered, commission-free, homebuying platform. The tagline: No fees. Just keys.™ – reflects reAlpha’s dedication to eliminating traditional barriers and making homebuying more accessible and transparent.

reAlpha’s introduction aligns with major shifts in the real estate sector after the National Association of Realtors agreed to settle certain lawsuits upon being found to have violated antitrust laws, resulting in inflated fees paid to buy-side agents. This development is expected to result in the end of the standard six percent sales commission, which equates to approximately $100 billion in realtor fees paid annually. The reAlpha platform offers a cost-free alternative for homebuyers by utilizing an AI-driven workflow that assists them through the homebuying process.

Article content

Homebuyers using the reAlpha platform’s conversational interface will be able to interact with Claire, reAlpha’s AI buyer’s agent, to guide them through every step of their homebuying journey, from property search to closing the deal. By offering support 24/7, Claire is poised to make the homebuying process more efficient, enjoyable, and cost-efficient. Claire matches buyers with their dream homes using over 400 data attributes and provides insights into market trends and property values. Additionally, Claire can assist with questions, booking property tours, submitting offers, and negotiations.

Currently, the reAlpha platform is under limited availability for homebuyers located in 20 counties in Florida, but reAlpha is actively seeking new MLS and brokerage licenses that will enable expansion into more U.S. states.

For more information, please visit www.reAlpha.com.

Forward-Looking Statements

The information in this press release includes “forward-looking statements”. Forward-looking statements include, among other things, statements about reAlpha’s adoption of its cryptocurrency treasury strategy and investment policy; the anticipated benefits of the cryptocurrency treasury strategy and investment policy; reAlpha’s ability to anticipate the future needs of the short-term rental market; future trends in the real estate, technology and artificial intelligence industries, generally; and reAlpha’s future growth strategy and growth rate. In some cases, you can identify forward-looking statements by terminology such as “may”, “should”, “could”, “might”, “plan”, “possible”, “project”, “strive”, “budget”, “forecast”, “expect”, “intend”, “will”, “estimate”, “anticipate”, “believe”, “predict”, “potential” or “continue”, or the negatives of these terms or variations of them or similar terminology. Factors that may cause actual results to differ materially from current expectations include, but are not limited to: risks inherent with investing in cryptocurrencies, including related price volatility, cybersecurity threats, potential loss of investment, regulatory oversight and others; reAlpha’s ability to timely respond to any changes in its operating needs, market conditions or regulatory framework related to digital assets, including cryptocurrencies; risks relating to implementing a new treasury strategy and investment policy; reAlpha’s limited cash position and ability to have excess cash in order to advance its cryptocurrency treasury strategy and investment policy; reAlpha’s ability to accurately estimate its operating expenses for any subsequent 6-month period in order to advance its cryptocurrency treasury strategy and investment policy; reAlpha’s limited operating history and that reAlpha has not yet fully developed its AI-based technologies; reAlpha’s ability to commercialize its developing AI-based technologies; whether reAlpha’s technology and products will be accepted and adopted by its customers and intended users; reAlpha’s ability to integrate the business of its acquired companies into its existing business and the anticipated demand for its acquired companies’ products and services; reAlpha’s ability to successfully enter new geographic markets; reAlpha’s ability to obtain the necessary regulatory and legal approvals to expand into additional U.S. states and maintain, or obtain, brokerage licenses in such states; reAlpha’s ability to generate additional sales or revenue from having access to, or obtaining, additional U.S. states brokerage licenses; the inability to maintain and strengthen reAlpha’s brand and reputation; reAlpha’s ability to expand its operations nationwide by the end of 2025; reAlpha’s ability to scale its operational capabilities to expand into additional geographic markets; the potential loss of key employees of its acquired companies, including, but not limited to, the broker providing services on behalf of US Realty, one of reAlpha’s subsidiaries; reAlpha’s inability to accurately forecast demand for short-term rentals and AI-based real estate focused products; the inability to execute business objectives and growth strategies successfully or sustain reAlpha’s growth; the inability of reAlpha’s customers to pay for reAlpha’s services; changes in applicable laws or regulations, and the impact of the regulatory environment and complexities with compliance related to such environment; and other risks and uncertainties indicated in reAlpha’s SEC filings. Forward-looking statements are based on the opinions and estimates of management at the date the statements are made and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements. Although reAlpha believes that the expectations reflected in the forward-looking statements are reasonable, there can be no assurance that such expectations will prove to be correct. reAlpha’s future results, level of activity, performance or achievements may differ materially from those contemplated, expressed or implied by the forward-looking statements, and there is no representation that the actual results achieved will be the same, in whole or in part, as those set out in the forward-looking statements. For more information about the factors that could cause such differences, please refer to reAlpha’s filings with the SEC. Readers are cautioned not to put undue reliance on forward-looking statements, and reAlpha does not undertake any obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

Company Contact

Investor Relations

investorrelations@realpha.com

Media Contact

Alliance Advisors IR on behalf of reAlpha

fbhabrawala@allianceadvisors.com

Recent reports have uncovered a series of malicious extensions in the Visual Studio Code, or VSCode, marketplace, targeting software developers and cryptocurrency enthusiasts with sophisticated attacks designed to compromise their systems and steal sensitive data. VSCode is a popular code editor used by millions of developers worldwide.

Security researcher Amit Assaraf recently revealed how attackers are exploiting the VSCode marketplace. Assaraf uncovered extensions that appeared to offer valuable features but were, in fact, Trojan horses for malware. One extension, masquerading as an official Zoom integration, seemed legitimate, boasting numerous installs and positive reviews. However, upon installation, the extension downloaded a malicious script from a Russian server, executing unauthorized commands on victims’ machines.

The attackers had carefully crafted their extensions to look authentic. They used fake reviews, linked to reputable repositories, and inflated download counts to make the tools appear credible—practices that can lull even experienced developers into a false sense of security.

Crypto in the VSCode Crosshairs

Further investigations revealed that this malicious activity is part of a broader campaign targeting developers working in blockchain and cryptocurrency environments. Reporting from BleepingComputer noted that some of these extensions claimed to support Ethereum development or blockchain toolkits. They also provided the following list of ones that were submitted to the VSCode marketplace:

• EVM.Blockchain-Toolkit
• VoiceMod.VoiceMod
• ZoomVideoCommunications.Zoom
• ZoomINC.Zoom-Workplace
• Ethereum.SoliditySupport
• ZoomWorkspace.Zoom (three versions)
• ethereumorg.Solidity-Language-for-Ethereum
• VitalikButerin.Solidity-Ethereum (two versions)
• SolidityFoundation.Solidity-Ethereum
• EthereumFoundation.Solidity-Language-for-Ethereum (two versions)
• SOLIDITY.Solidity-Language
• GavinWood.SolidityLang (two versions)
• EthereumFoundation.Solidity-for-Ethereum-Language

Adding to these findings, researchers at ReversingLabs uncovered how the VSCode campaign overlaps with similar malicious activity in the npm package repository. An npm package is a piece of reusable code that can be easily shared, distributed and integrated into software projects. These packages are used to build applications faster by reusing common functionalities, rather than writing everything from scratch. In their report, ReversingLabs explained how attackers often use multiple platforms to spread their malware, creating a more extensive attack surface that targets developers across ecosystems.

The Vulnerabilities Of The VSCode Ecosystem

While VSCode is celebrated for its versatility and user-friendly extension system, these same features make it a prime target for attackers. The issues stem from several vulnerabilities within the extension ecosystem:

• Unverified Publishers: Most of the extensions in the VSCode marketplace come from unverified publishers. This leaves developers with little assurance about an extension’s authenticity.
• Trust in Metrics: Developers often rely on install counts and reviews to gauge an extension’s credibility. Attackers exploit this trust by inflating these metrics and posting fake reviews.
• Limited Oversight: Despite Microsoft’s efforts to monitor and remove malicious extensions, the sheer volume of offerings in the marketplace makes it challenging to detect threats promptly.

VSCode: A Secondary Threat

Cryptocurrency wallets, whether stored on a computer or secured with a hardware wallet, are critical tools for managing digital assets. While these wallets are designed to protect private keys and transactions, the surrounding software environment—such as VSCode—can introduce vulnerabilities that put funds at risk, especially for wallets stored on a computer. Recent discoveries of malicious VSCode extensions demonstrate how a compromised development environment can lead to significant crypto losses, even for those who believe their wallets are secure.

The VSCode Threat to Computer Wallets

For users storing cryptocurrency on a desktop wallet, the risks posed by malicious VSCode extensions are immediate and direct. Here’s how it can happen:

• Keystroke Logging: A malicious VSCode extension, installed unknowingly, can quietly monitor and log every keystroke. If a user types in their wallet password, private keys or recovery phrases, this sensitive information is captured and sent to the attacker. Even the most secure desktop wallet becomes vulnerable if its credentials are exposed.
• Clipboard Hijacking: During transactions, users often copy and paste wallet addresses to avoid manual errors. Malware embedded in a VSCode extension can intercept clipboard activity, replacing the intended wallet address with the attacker’s. Without double-checking the address, the user may unknowingly send funds directly to the hacker.
• Fake Prompts or Interfaces: Some malicious extensions inject phishing-style prompts into the software environment, asking users to “verify” their wallet credentials or seed phrases. These prompts appear legitimate, but the data entered is captured by the attacker.
• Manipulated Transactions: For developers working with blockchain APIs, malicious extensions can intercept and alter transaction details. For instance, if a wallet is used to send funds programmatically, an attacker could change the destination address or transaction parameters without the user noticing.

Imagine a blockchain developer using VSCode to build an app that integrates with their desktop wallet for testing purposes. They install an extension claiming to simplify Ethereum contract deployment. Unbeknownst to them, the extension is malicious. It begins logging keystrokes and steals the wallet password. When the developer initiates a test transaction, the extension intercepts the API call and replaces the intended recipient address with one controlled by the attacker. The funds are irretrievably sent to the wrong destination.

These revelations are a wake-up call for developers and platform administrators alike. The trust users place in extension marketplaces is being weaponized. Relying on trust metrics alone—such as download counts or reviews—is not sufficient. Developers must remain vigilant and take proactive measures to protect their environments and their cryptocurrency.

Bitcoin fell for the first time in four days with speculative bets being pared across financial markets after Federal Reserve officials suggested greater caution over how quickly they can continue reducing borrowing costs.

The original cryptocurrency fell as much as 5.3% to $100,752, a day after climbing above $108,000 for the first time in what’s been a record-breaking rally this year. The seven largest digital tokens as measured by market value were all lower, data compiled by Bloomberg show.