Crypto
The $40 Billion Opportunity: Why Nubank and Revolut Are Betting Big on Mexico
Key Takeaways
- In Q1 2026, Nubank reached a market break-even in Mexico, hitting 15 million customers as the 3rd top bank.
- Highlighting a digital shift for the 46% banked market, Revolut gained 290K users and $218M in deposits.
- Next, Nubank will invest $4.3B through 2030, while Revolut scales its $167M investment to capture users.
Mexico Becomes A Hotbed for Alternative Neobanks
The Mexican market, with over 90 million adults demanding financial solutions, is showing increasing adoption levels of digital alternatives to traditional banking.
Revolut and Nubank, two large neobanks, have disclosed milestones that indicate Mexico has reached an inflection point in its shift toward these solutions.
During its recent 2026 Q1 earnings call, Nu Holdings highlighted that for the first time, it had reached break-even since its entrance to Mexico in 2019.
David Vélez, founder and CEO of Nubank, stated that they had “achieved break-even and become the third largest financial institution in the market, reaching 15 million customers.” Furthermore, during the earnings call, the company stated that Mexico presented opportunities similar to those of the Brazilian market a decade ago, with its addressable profit pool exceeding $40 billion per year, growing faster than major banking markets.
Nubank expects to invest $4.3 billion through 2030, as it prepares to launch banking operations in the country, targeting a sector currently underserved by traditional banks.
Revolut, a UK-based neobank that only started operating in Mexico in January, is also ramping up investments to prepare itself for a similar influx of customers. The company reported that it had scaled its investment to $167 million, signaling its trust in the upcoming growth of its operations.
By the end of March, Revolut had reached over 290,000 customer registrations in Mexico, holding $218 million in deposits.
Revolut Mexico CEO Juan Guerra highlighted that the reception of the Mexican market had exceeded their expectations. “Clearly, there is a strong appetite for a banking app that offers everything in one place: attractive returns, a credit card, instant transfers within and outside of Mexico, investments, and much more,” he stressed.
The two companies’ push to reach more customers in Mexico, and their corresponding investments, underscore that the Mexican market is ready to shift to digital-first operations in an ecosystem where only 46% of individuals aged 15 and older hold a bank account.
Crypto
FBI arrests man accused of using Steam games to drain victims’ crypto wallets | TechCrunch
U.S. prosecutors have accused a Florida man of uploading fake video games that contained malware to Steam, the popular PC games platform. Once victims downloaded and installed the games, the malware was designed to infect their computers, steal their passwords and other data, and drain their crypto wallets, according to a criminal complaint.
On Tuesday, the FBI arrested Zyaire Wilkins, a 21-year-old Florida resident and student. On Wednesday, prosecutors accused him and a number of unnamed co-conspirators of hacking crimes. Over the past two years, Wilkins and his partners allegedly published several malware-laden video games on Steam, including BlockBlasters, Dashverse, Lampy, Lunara, and PirateFi. Using that malware, says the FBI, Wilkins and his accomplices infected around 8,000 victims, and then hacked around 80 cryptocurrency wallets to steal at least $220,000 worth of crypto.
Wilkins and the others marketed their malicious video games on Discord, LinkedIn, and Telegram, according to the authorities.
Wilkins’ lawyer did not respond to a request for comment.
In March, the FBI announced that it was investigating a hacker suspected of using malware-embedded video games published on Steam to hack victims. In the announcement, the bureau called for people who downloaded the malicious games, which included those named in this week’s complaint, to come forward and provide evidence to aid the investigation.
In the last year, Steam’s maker Valve has removed several video games from its platform after they were found to contain malware, including PirateFi. All the games were designed to look legitimate, to the point that players could install them and play them, but they all contained malware.
After the FBI identified another person involved in the crimes, according to the complaint, federal agents interviewed them. The unnamed person said they worked with other people to raise money to launch and market the malicious games in return for sharing some of the stolen cryptocurrency. The FBI identified a specific crypto account involved in the scheme, and then traced cryptocurrency payments made with that account to buy several gift cards, including for Uber Eats. After subpoenaing Uber, the feds were able to see that the gift cards were linked to an account that made deliveries to Wilkins, who went by the nickname Sibel.eth online, according to the complaint.
The feds then got a search warrant for Wilkins’ residence, where they seized his MacBook laptop, cellphones, other devices, and digital wallets. According to the complaint, he refused to speak or answer any questions.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Crypto
DeFi’s Newest Threat: How Malicious Liquidity Pools Are Trick-Quoting Ethereum and Polygon Users
Key Takeaways
- Enso’s July 16 report exposed “toxic pools” that fake quotes, causing tens of thousands of dollars in losses on a Curve pool.
- The exploit threatens DeFi front-ends, with one malicious Uniswap v4 hook causing a 99.1% failure rate.
- Enso updated its Enso Shield product to detect fake quotes across 2 different blockchain environments.
A ‘Jekyll and Hyde’ Tactic
A newly uncovered class of malicious decentralized finance ( DeFi) liquidity pools is targeting the core infrastructure that cryptocurrency traders rely on to find the best prices, according to new research published July 16 by DeFi infrastructure firm Enso.
The company is calling the deceptive setups “toxic pools.” Unlike typical cryptocurrency hacks that drain funds directly from smart contracts, these pools are engineered to systematically trick transaction simulations. They return attractive, highly competitive price quotes when a crypto wallet or decentralized exchange ( DEX) aggregator runs a simulation, but they alter their behavior the moment the transaction is actually executed on the blockchain.
The result is a subtle, systemic drain: traders receive significantly worse execution prices than they were quoted, or their transactions fail, burning network fees in the process.
“Our investigation leads us to believe this is not simply another isolated smart contract exploit,” said Milos Costantini, co-founder and chief product officer at Enso. “The industry has spent years optimizing price discovery. Our findings suggest the next challenge is verifying execution integrity.”
According to Enso’s report, toxic pools exploit the off-chain “dry-run” simulations that wallets use to preview trades. The malicious contracts detect when they are running in a read-only simulation environment and return an artificially optimized price. Once the transaction is actually broadcast on-chain, the pool alters its mathematical logic to execute the trade at a degraded rate.
To remain hidden from security systems, these pools alternate between honest and malicious states, rendering static code scanners and historical reputation filters ineffective. This bait-and-switch design degrades the user experience and drains user funds through failed transactions. In one case study, a manipulated Curve pool triggered more than 37,000 reverted trades, forcing users to burn nearly $30,000 in gas fees.
Attackers are also exploiting next-generation, modular exchange architectures. On Polygon, a malicious “hook” — a smart contract plugin used in platforms like Uniswap v4 — lured routing systems with fake rates before triggering a 99.1% transaction failure rate.
Findings From On-Chain Forensic Analysis
The research, which spanned roughly two months of on-chain forensic analysis, combined historical archive- node data, transaction trace analysis and smart contract inspections. Enso engineers, with support from contacts at major DeFi protocols Curve Finance and Oku, identified active toxic pools operating across both the Ethereum and Polygon blockchains.
In one documented case study on Ethereum, a manipulated Curve pool processed more than 129,000 swaps. While the pool appeared to be the optimal route, it delivered worse execution than quoted, leading to approximately $225,000 in overstated quotes.
Furthermore, Enso’s team identified multiple blockchain oracle contracts deployed by the same operator to support additional pools, indicating the tactic is likely more widespread than the two documented cases and could represent an emerging template for on-chain extraction.
The findings present a direct challenge to the user-facing layer of the DeFi ecosystem. Popular wallets, consumer-facing interfaces and aggregators depend heavily on automated simulations to guarantee the “best path” for a user’s trade.
Enso’s report highlights that if routing infrastructure cannot distinguish between a legitimate quote and a manipulated one, front-ends will continue to steer users toward these traps. This creates potential legal and financial liability risks for wallet providers and interface operators who promise “best execution” but routinely deliver toxic routes.
In response to the threat, Enso announced it has updated its execution-protection product, Enso Shield, to include dedicated toxic-pool detection. The security tool is designed to bypass standard simulation methods by analyzing live on-chain context, monitoring quote history and using transaction traces to spot execution discrepancies.
Rather than blaming individual decentralized exchanges, Enso has called on the wider cryptocurrency industry to conduct further research into the manipulation of transaction simulations.
“If transaction simulations can be manipulated while real execution tells a different story,” Costantini said, “we need better ways to verify what users actually receive.”
Crypto
New law protects consumers from cryptocurrency kiosk/ATM fraud | Maui Now
July 16, 2026, 5:00 AM HST
Starting Oct. 1, cryptocurrency kiosk/ATMs that accept deposits will no longer be allowed in Hawai’i as a new consumer protection law takes effect.
Hawai’i is now the 35th state to enact a law to protect consumers from losing money in scams involving cryptocurrency kiosk/ATMs and is the first state to ban kiosks that accept deposits. Four other states have completely banned these machines. Other states have imposed transaction limits, mandated refunds for fraud, increased warning signs, required printed receipts and passed other consumer safeguards.
“The use of cryptocurrency kiosks in scams was increasing exponentially in Hawai’i and across the nation. Last year, the FBI said Hawai’i consumers reported losing $3.85 million through fraud involving cryptocurrency kioks. That’s nearly four times the amount reported lost in 2024,” said Keali’i Lopez, AARP Hawai‘i state director. “That’s why AARP fought hard to pass Act 224. We’re grateful to our advocacy volunteers and others who shared fraud stories, testified, called and sent letters and emails to help pass the law. We’re also thankful to lawmakers who acted decisively to protect consumers.”
The FBI said kupuna were especially vulnerable to cryptocurrency kiosk/ATM fraud and accounted for the majority of the losses. The machines look like bank ATMS and could be found in grocery stores, convenience stores, pharmacies, gas stations and other locations.
“Fraudsters use cryptocurrency kiosks like a getaway car in a bank robbery,” Lopez said. “They convince consumers through romance scams, by posing as an IRS agent or other official, or through a technology scam, to take money out of their banks and deposit it in the cryptocurrency kiosk and once the money is put into a scammer’s cryptocurrency wallet, it is gone.”
-
Crypto5 minutes agoFBI arrests man accused of using Steam games to drain victims’ crypto wallets | TechCrunch
-
Finance11 minutes agoButterfield Readies CIBC Caribbean Purchase
-
Fitness17 minutes agoThe bridge variation women over 40 need to build deep core strength – without a single crunch
-
Movie Reviews29 minutes ago‘3 Weeks After’ Review: A High-School Field Trip Goes Off the Rails in a Skillful but Sadistic Serbian Shocker
-
World41 minutes agoSitges Film Festival’s Monica Garcia at the Costa Rica Media Market: ‘We’re Waiting for the Next Issa Lopez’
-
News47 minutes ago
How ICE’s Traffic Stops Led to Fatal Confrontations
-
Science1 hour agoThe Latest Texas Floods Tested Warning Systems. This Time, They Passed.
-
Lifestyle1 hour ago‘I Want You to Be Happy’ takes on modern-day dating