Crypto
Warning Crypto Investors—This Malicious Code Could Empty Your Wallet
Bitcoin emblem over a graph.
Recent reports have uncovered a series of malicious extensions in the Visual Studio Code, or VSCode, marketplace, targeting software developers and cryptocurrency enthusiasts with sophisticated attacks designed to compromise their systems and steal sensitive data. VSCode is a popular code editor used by millions of developers worldwide.
Security researcher Amit Assaraf recently revealed how attackers are exploiting the VSCode marketplace. Assaraf uncovered extensions that appeared to offer valuable features but were, in fact, Trojan horses for malware. One extension, masquerading as an official Zoom integration, seemed legitimate, boasting numerous installs and positive reviews. However, upon installation, the extension downloaded a malicious script from a Russian server, executing unauthorized commands on victims’ machines.
The attackers had carefully crafted their extensions to look authentic. They used fake reviews, linked to reputable repositories, and inflated download counts to make the tools appear credible—practices that can lull even experienced developers into a false sense of security.
Crypto in the VSCode Crosshairs
Further investigations revealed that this malicious activity is part of a broader campaign targeting developers working in blockchain and cryptocurrency environments. Reporting from BleepingComputer noted that some of these extensions claimed to support Ethereum development or blockchain toolkits. They also provided the following list of ones that were submitted to the VSCode marketplace:
- EVM.Blockchain-Toolkit
- VoiceMod.VoiceMod
- ZoomVideoCommunications.Zoom
- ZoomINC.Zoom-Workplace
- Ethereum.SoliditySupport
- ZoomWorkspace.Zoom (three versions)
- ethereumorg.Solidity-Language-for-Ethereum
- VitalikButerin.Solidity-Ethereum (two versions)
- SolidityFoundation.Solidity-Ethereum
- EthereumFoundation.Solidity-Language-for-Ethereum (two versions)
- SOLIDITY.Solidity-Language
- GavinWood.SolidityLang (two versions)
- EthereumFoundation.Solidity-for-Ethereum-Language
Adding to these findings, researchers at ReversingLabs uncovered how the VSCode campaign overlaps with similar malicious activity in the npm package repository. An npm package is a piece of reusable code that can be easily shared, distributed and integrated into software projects. These packages are used to build applications faster by reusing common functionalities, rather than writing everything from scratch. In their report, ReversingLabs explained how attackers often use multiple platforms to spread their malware, creating a more extensive attack surface that targets developers across ecosystems.
The Vulnerabilities Of The VSCode Ecosystem
While VSCode is celebrated for its versatility and user-friendly extension system, these same features make it a prime target for attackers. The issues stem from several vulnerabilities within the extension ecosystem:
- Unverified Publishers: Most of the extensions in the VSCode marketplace come from unverified publishers. This leaves developers with little assurance about an extension’s authenticity.
- Trust in Metrics: Developers often rely on install counts and reviews to gauge an extension’s credibility. Attackers exploit this trust by inflating these metrics and posting fake reviews.
- Limited Oversight: Despite Microsoft’s efforts to monitor and remove malicious extensions, the sheer volume of offerings in the marketplace makes it challenging to detect threats promptly.
VSCode: A Secondary Threat
Cryptocurrency wallets, whether stored on a computer or secured with a hardware wallet, are critical tools for managing digital assets. While these wallets are designed to protect private keys and transactions, the surrounding software environment—such as VSCode—can introduce vulnerabilities that put funds at risk, especially for wallets stored on a computer. Recent discoveries of malicious VSCode extensions demonstrate how a compromised development environment can lead to significant crypto losses, even for those who believe their wallets are secure.
The VSCode Threat to Computer Wallets
For users storing cryptocurrency on a desktop wallet, the risks posed by malicious VSCode extensions are immediate and direct. Here’s how it can happen:
- Keystroke Logging: A malicious VSCode extension, installed unknowingly, can quietly monitor and log every keystroke. If a user types in their wallet password, private keys or recovery phrases, this sensitive information is captured and sent to the attacker. Even the most secure desktop wallet becomes vulnerable if its credentials are exposed.
- Clipboard Hijacking: During transactions, users often copy and paste wallet addresses to avoid manual errors. Malware embedded in a VSCode extension can intercept clipboard activity, replacing the intended wallet address with the attacker’s. Without double-checking the address, the user may unknowingly send funds directly to the hacker.
- Fake Prompts or Interfaces: Some malicious extensions inject phishing-style prompts into the software environment, asking users to “verify” their wallet credentials or seed phrases. These prompts appear legitimate, but the data entered is captured by the attacker.
- Manipulated Transactions: For developers working with blockchain APIs, malicious extensions can intercept and alter transaction details. For instance, if a wallet is used to send funds programmatically, an attacker could change the destination address or transaction parameters without the user noticing.
Imagine a blockchain developer using VSCode to build an app that integrates with their desktop wallet for testing purposes. They install an extension claiming to simplify Ethereum contract deployment. Unbeknownst to them, the extension is malicious. It begins logging keystrokes and steals the wallet password. When the developer initiates a test transaction, the extension intercepts the API call and replaces the intended recipient address with one controlled by the attacker. The funds are irretrievably sent to the wrong destination.
These revelations are a wake-up call for developers and platform administrators alike. The trust users place in extension marketplaces is being weaponized. Relying on trust metrics alone—such as download counts or reviews—is not sufficient. Developers must remain vigilant and take proactive measures to protect their environments and their cryptocurrency.
Crypto
Hyperliquid Helps VALR Launch Over 200 Perpetual Markets as Decentralized Liquidity Gains Ground
Key Takeaways
- VALR and Hyperliquid debut 200+ markets as on‑chain perps volume tops hundreds of billions daily.
- Gianluca Sacco says VALR’s 24/7 access to FX, equities and crypto expands South Africa’s regulated perp trading.
- Hyperliquid’s rise and 2023–2026 perp growth push multi‑asset contracts like BTC, S&P 500 and WTI into mainstream.
Evolution of the Perpetuals Market
Cryptocurrency exchange VALR announced it is preparing to roll out a major expansion of its derivatives offering with the launch of “Perps,” a cross-asset perpetual futures product that will introduce more than 200 new markets.
The upgrade allows customers to take leveraged long or short positions across global equities, commodities, precious metals, stock indices, foreign exchange pairs and crypto assets within the VALR app.
According to a company announcement, the move builds on VALR’s initial perpetuals launch in 2023 and arrives during a period of rapid evolution in the global perpetuals market. Over the past several months, perpetual futures have surged in scale and diversity, with decentralized venues gaining ground and traditional-asset perpetuals accelerating in adoption.
Industry data shows that perpetual futures now dominate derivatives activity, regularly exceeding hundreds of billions of dollars in daily volume and expanding into tokenized equities, commodities and forex. Decentralized perpetual exchanges — led by Hyperliquid — have grown into sophisticated competitors, capturing rising market share as on-chain liquidity deepens.
VALR’s new product is powered by an integration with Hyperliquid. It allows users to open and manage positions directly on VALR while trades execute via Hyperliquid’s permissionless infrastructure. According to the company, this marks the first time a major regulated exchange has natively integrated an on-chain protocol to source liquidity for cross-asset perpetuals.
The expanded suite includes perpetual contracts on global equities such as SpaceX, NVIDIA, Tesla, Apple, SK Hynix, Samsung and Palantir Technologies, as well as benchmarks such as the S&P 500. Also included are Brent and WTI crude oil, natural gas, gold, silver, platinum and copper. Forex pairs such as EUR/USD, GBP/USD and USD/JPY, alongside digital currencies, round out the offerings.
VALR representatives said the breadth of markets will allow traders to express macro views and capitalize on volatility across sectors, ranging from energy shocks to equity earnings cycles and crypto-native catalysts.
The launch comes as perpetual futures undergo a structural shift. Centralized exchanges have historically dominated liquidity, but decentralized perpetuals have grown sharply, with Hyperliquid helping push decentralized exchange market share to new highs. At the same time, traditional-asset perpetuals — including commodities and equities — have expanded rapidly, moving from niche experiments to multibillion-dollar weekly markets as traders seek 24/7 access to real-world assets.
Gianluca Sacco, VALR’s chief operating officer, said the launch places “over 200 perpetuals markets directly inside the VALR app,” offering round-the-clock access to crypto, commodities, currencies and equities — including pre-IPO companies — through a regulated platform.
“Perps are how crypto traders take a view on price — a market now exceeding hundreds of billions of dollars in daily volume,” Sacco said. “We believe they will become how people trade every market. Our integration of Hyperliquid will give our users the deepest on-chain liquidity available anywhere.”
Crypto
Zcash Price Climbs 13% in a Week as Network Preps Ironwood Upgrade
Key Takeaways
- Zcash targets July 21, 2026 for Ironwood mainnet activation after sealing the Orchard pool.
- ZEC trades at $462.33 on July 4, up 13.3% in seven days and over 1,000% in a year.
- Node operators must migrate to Zebra or updated clients before Ironwood’s mainnet launch.
The upgrade traces back to a discovery on May 29. Security researcher Taylor Hornby, working under contract for Shielded Labs, found a soundness flaw inside the Orchard shielded pool’s elliptic curve code. The bug lived in a piece of the halo2_gadgets crate handling point multiplication. A prover could swap in the wrong base point and still get the circuit to accept an invalid proof.
That flaw mattered because Orchard hides sender, receiver and amount by design. A counterfeit note created inside the pool would look identical to a real one. The bug had sat in the code since Orchard went live in May 2022 as part of the NU5 upgrade.
Rapid Patch, No Confirmed Losses
Zcash’s core engineers, including Daira-Emma Hopwood, Kris Nuttycombe and Jack Grigg, confirmed the issue within hours of Hornby’s report. A soft fork disabled new Orchard actions around June 1 to contain exposure. A hard fork, NU6.2, followed on June 3 with a corrected verifying key, restoring full Orchard functionality.
Orchard transactions paused for roughly a day during the rollout. Transparent and Sapling transfers kept running the whole time. Zcash Open Development Lab and Shielded Labs both say they found no evidence that the bug was ever exploited, and the network’s turnstile accounting, which tracks value entering and leaving each pool, showed no signs of unauthorized minting.
There’s a catch developers can’t patch away. Orchard’s privacy means nobody can prove a negative. No cryptographic method exists to confirm counterfeiting never happened, only that it probably didn’t.
Ironwood Closes the Gap
Announced June 6, Ironwood is the fix for that remaining uncertainty. It ships as NU6.3 and was built by ZODL alongside Tachyon, Valar Group, the Zcash Foundation and Shielded Labs.
The upgrade opens a new Ironwood shielded pool built on the patched Orchard circuit, now backed by ongoing formal verification and added independent audits. At the same time, the old Orchard pool gets sealed. Wallets will block new deposits into it, internal transfers between users inside the pool get disabled, and funds can only leave through the turnstile toward Ironwood or a transparent address.
That sealing is the actual fix. Once the legacy pool stops taking new value and stops circulating internally, any theoretical counterfeit notes get boxed in. Anyone running a full node can then add up balances across the active pools and confirm the total supply lines up with what the protocol allows, without waiting on developer assurances or a full migration.
Ironwood also carries ZIP 2005, a set of note format changes meant to support recovery in a future quantum computing scenario. It doesn’t make Zcash quantum-secure today, but it lays the groundwork for a smoother transition later.
Timeline and What Users Need to Do
Testnet activation for Ironwood landed around July 3 and 4. Zebra, the Rust client maintained by the Zcash Foundation, and Valar Group’s independent implementation are both running release candidates against it.
Mainnet activation is targeted for around July 21, tied to a zcashd end-of-support block. Developers say hashrate signaling looks ready, and existing testnet time gives wallets enough runway, so a delay isn’t currently on the table.
Node operators on older zcashd builds will need to move to Zebra or an updated client before that date. Wallets are expected to prompt users to migrate shielded funds out of the old Orchard pool with minimal friction, often a single approval.
Market Response
ZEC’s price tells its own story of the past six weeks. The token fell more than 50% from around $630 down to the $250 to $300 range once the vulnerability became public, then rebounded sharply once the patch and Ironwood plan landed.
As of July 4, ZEC trades at $462.33, up 13.3% over the past seven days, even after a flat 24-hour session. Zooming out, the coin is up more than 1,000% over the past year, a stretch that includes both a run to a 52-week high near $744 in November 2025 and the Orchard scare in late May.
Investor Chamath Palihapitiya has publicly flagged Ironwood’s supply verification model as a meaningful step for the coin, adding outside attention to what started as a bug fix.
For now, the work left is coordination. Formal verification results are due before mainnet, and wallet, exchange, and infrastructure providers still need to ship updated support in the next two and a half weeks.
Crypto
Trump made money off his meme coin, did its investors?
US President Donald Trump has made $US1.4 billion ($2b) from cryptocurrency in the past 12 months.
$US635 million came from celebration coins royalties and $US236m came from cryptocurrency “token sales”, while the rest of his income came from assorted cryptocurrency wallets.
His celebration coin income is linked to meme coins he launched before returning to office, namely $TRUMP.
But what are meme coins and has anyone other than the Trump family profited?
Meme coins
Cryptocurrencies are a type of digital asset, not unlike a stock, which can be used as an exchangeable form of money online.
Much like paper currencies since the gold standard was ended, crypto has value because investors collectively agree it does, in part due to its security and scarcity.
Meme coins on the other hand are a bit harder to pin down.
“Meme coins are cryptocurrencies that leverage popular memes or internet trends to create a community-driven, often playful approach to digital currency,” according to crypto broker Blockchain.com.
Meme coins have no inherent value and, unlike Bitcoin, have varying limits of scarcity, rendering the price of any coin vulnerable to the rise and fall in popularity of whatever meme or trend inspired the item.
As an example Hailey Welch, an American woman, launched her own brand of meme coin after she rose to internet fame in June 2024.
The $HAWK coin released in December 2024 reached a market capitalisation of $500m before it crashed to $25m by late January.
Investors have since sued $HAWK.
The $TRUMP coin
The $TRUMP coin is valued at $US1.65 as of July 1, 2026. (Supplied: GetTrumpMemes.com)
Mr Trump’s own meme coin $TRUMP launched days before his second inauguration, also in January 2025.
At its peak it sold for almost $US75 a coin, but by the end of February its value had plummeted to about $US20 and as of July 1, 2026 its value sits at $US1.65.
This is where the bulk of Mr Trump’s $US635m in royalties and $US236m in token sales are believed to have come from.
In April 2026, Democratic Senator for California Adam Schiff said he and other senators would be investigating a Mar-a-Lago conference which invited the top 297 $TRUMP token holders to attend and offered VIP access to Mr Trump.
In a statement he said CIC Digital and Fight Fight Fight LLC, which controlled 80 per cent of $TRUMP supply, received trading revenue from all $TRUMP activity.
“The announcement of the conference ‘set off a quick but brief run-up in the price of the $TRUMP meme coin, which reached $3.08 before tumbling back down,’” the senators highlighted.
“President Trump financially benefits from the market value and activity of the $TRUMP cryptocurrency.“
Mr Schiff and his fellow senators asserted “not all” investors of $TRUMP and the similarly branded first ladies meme coin, $MELANIA, benefited from their investment.
“According to recent reports, $TRUMP, and the First Lady’s meme coin, $MELANIA, “erased an estimated $4.3 billion in retail wealth,” they said.
“Insiders, however, reportedly made a fortune: 45 ‘early-deployment wallets’ earned $1.2 billion off the meme coins, meaning that for every dollar insiders earned, retail investors lost $20.”
World Liberty Financial, another Trump family-linked business which distributed Mr Trump’s royalty and token sale revenue, provided him with an additional $65m in income.
Eric Trump and Donald Trump Jr are involved in its management and it was co-founded by Zach Witkoff, the son of Mr Trump’s special envoy to the Middle East Steve Witkoff.
Donald Trump Jr and Eric Trump with Zach Witkoff. (Reuters: Eduardo Munoz)
Mr Trump’s $236m in token sale revenue is a marked leap in profits collected compared to Mr Trump’s 2025 disclosure which only reported $US57m from token sales.
World Liberty Financial launched another cryptocurrency in May, 2025 called USD1.
USD1 rose to US$1.016 after launch and is now valued at $U0.99.
It was also used to pay bonuses to UFC fighters performing at the White House in June.
On July 1, after his disclosure came out, Mr Trump said his wealth was the result of the US stock market’s success.
“”You know why I’m profiting? Because the stock market’s going up, everybody’s profiting,” Mr Trump said, according to Reuters.
-
Hawaii3 minutes agoFatal crash closes H-1 West near Aala St. overpass
-
Idaho6 minutes agoIdaho woman reunites with biological family in Moldova after being kidnapped at birth
-
Illinois18 minutes agoGeorgia man saved rare 1998 Lamborghini Diablo SV from Illinois just in time before it was destroyed
-
Indiana21 minutes agoIndy Fourth Fest delayed due to severe weather
-
Iowa26 minutes agoIowa DNR pushes ‘Operation Dry Water’ to promote boater safety during holiday weekend
-
Kentucky36 minutes agoFormer Kentucky guard Kerr Kriisa arrested by FBI in multi-million dollar fraud scheme
-
Louisiana41 minutes agoLouisiana Purchase & Gardens Zoo holds “Red, White and Blue Day”
-
Maine48 minutes agoMaine lumber mill co-owner dies, bringing explosion death toll to 3