吴区块链周报:美国提议放宽加密货币投资401(k)计划规则、谷歌强调密码学的量子威胁、Drift 黑客攻击导致 2.85 亿美元被盗等1。美国劳工部提出 401(k) 另类资产规则链接美国劳工部提出了一项规则,以放宽将私募股权和加密资产等另类投资纳入 401(k) 退休计划的限制。它明确,受托人在引入此类资产之前必须根据业绩、费用、流动性、估值和复杂性等因素进行审慎评估。遵守这一流程的受托人将获得“安全港”保护,以降低诉讼风险。该规则是执行唐纳德·特朗普行政命令的第一步,目前正处于公众意见征询期。2。阿拉巴马州成为美国第二个承认 DAO 的州链接阿拉巴马州州长 Kay Ivey 签署了 DUNA(去中心化非法人非营利协会)法案,使阿拉巴马州成为继怀俄明州之后第二个授予 DAO 合法地位的美国司法管辖区。该法案规定,符合条件的 DAO 必须拥有至少 100 名成员,且以非营利集体为目的而成立。
SE,并可以通过区块链和智能合约进行治理,提案和投票机制可在链上记录。经认可后,DAO应具有完全的法人地位,可以持有财产、签订合同和起诉,并为其成员和管理人员提供有限责任保护。 3.新罕布什尔州计划发行 1 亿美元的比特币支持市政债券 新罕布什尔州商业金融管理局计划发行以比特币为抵押的市政债券,总规模约为 1 亿美元。该产品已被穆迪投资者服务公司授予 Ba2 评级(比投资级别低两个等级)。债券的本金和利息将从比特币抵押资产产生的资金中偿还,如果比特币能够实现,可能会带来额外的回报
WuBlockchain Weekly: US Proposes Relaxing Rules for 401 (k) Plans to Invest in Crypto, Google Highlights Quantum Threats to Cryptography, Drift Hacked with $285 Million Stolen, etc
1. US Labor Dept Proposes 401(k) Alternative Asset Rules link
The U.S. Department of Labor has proposed a rule to ease restrictions on including alternative investments such as private equity and crypto assets in 401(k) retirement plans. It clarifies that fiduciaries must conduct a prudent evaluation based on factors including performance, fees, liquidity, valuation, and complexity before introducing such assets. Fiduciaries complying with this process will be granted “safe harbor” protection to reduce litigation risks. This rule serves as an initial step to implement an executive order by Donald Trump and is currently in the public comment period.
2. Alabama Becomes Second US State to Recognize DAOs link
Alabama Governor Kay Ivey has signed the DUNA (Decentralized Unincorporated Nonprofit Association) Act, making Alabama the second U.S. jurisdiction after Wyoming to grant legal status to DAOs. The Act stipulates that eligible DAOs must have at least 100 members and be formed for a nonprofit collective purpose, and may conduct governance through blockchain and smart contracts, with proposal and voting mechanisms recordable on-chain. Upon recognition, a DAO shall have full legal person status, may hold property, enter into contracts and be sued, and shall provide limited liability protection for its members and managers.
3. New Hampshire Plans $100M Bitcoin-Backed Muni Bonds link
The New Hampshire Business Finance Authority plans to issue municipal bonds collateralized by Bitcoin, with a total size of approximately $100 million. The product has been assigned a Ba2 rating by Moody’s Investors Service (two notches below investment grade). Principal and interest on the bonds will be repaid from funds generated by the Bitcoin-collateralized assets, potentially offering additional returns if Bitcoin prices rise, while price-triggered liquidation clauses are in place to safeguard repayment. The debt is not backed by the state government’s credit or taxation.
4. US Senators Introduce Mined in America Act for BTC Reserves link
U.S. Senators Bill Cassidy and Cynthia Lummis have introduced the Mined in America Act, which aims to boost domestic cryptocurrency mining and related infrastructure by establishing a voluntary certification mechanism. The bill requires certified mining facilities to phase out mining equipment linked to foreign competitors, while leveraging existing energy and rural development programs to support the transition and promote domestic mining hardware manufacturing. Additionally, the legislation codifies into law President Donald Trump’s executive order on establishing a strategic Bitcoin reserve.
5. Cuba’s Central Bank Approves 10 Firms for Crypto Cross-Border Payments link
The Central Bank of Cuba (BCC) has approved 10 enterprises, including 9 micro, small and medium-sized enterprises and 1 joint venture, to use cryptocurrencies for international payments for the first time. The relevant licenses were published in the Official Gazette on March 23. The licenses are valid for one year and may be renewed. Enterprises may only use crypto assets for cross-border payments related to their main business, and must conduct operations through virtual asset service providers (VASPs) licensed by the Central Bank of Cuba. They are also required to report transaction amounts, currencies used and information on intermediary service providers to regulators on a quarterly basis. This is the first time Cuba has issued operational licenses for cryptocurrencies directly used for cross-border payments to domestic enterprises.
6. Bithumb Delays IPO to 2028 Amid Issues link
Bithumb has announced that its IPO plan is expected to be delayed until 2028, further postponing its previous target of listing in the second half of 2025. The company is still in the preparation stage, focusing on improving accounting policies, internal controls and internal review procedures, and has signed a consulting agreement with Samjong KPMG through 2027. Despite posting revenue of approximately 651 billion won (about 430 million US dollars) in 2025 and holding a market share of over 30%, recent internal issues and regulatory pressure continue to affect its listing process.
7. Dunamu 2025 Revenue ₩1.56T, Down 10% YoY link
According to Dunamu, the operator of Upbit, in its 2025 annual audit report, the company posted revenue of 1.56 trillion won (approximately 1.027 billion US dollars) in 2025, a year-on-year decrease of 10.04%; operating profit of 869.2 billion won (approximately 573 million US dollars), down 26.7% year on year; and net profit of 708.9 billion won (approximately 467 million US dollars), a year-on-year drop of 27.9%. The company stated that the performance decline was mainly due to lower trading volume of crypto assets compared with 2024. According to another announcement, Dunamu plans to pay a cash dividend of 5,827 won per share, totaling about 199.99 billion won (approximately 132 million US dollars).
8. Google Quantum AI: Crypto Wallet Breakable With Less Quantum Resources link
In a new whitepaper, Google Quantum AI states that the resources required for future cryptographically capable quantum computers to crack the 256-bit elliptic curve cryptography (ECC) wallet signature systems widely used in cryptocurrencies are lower than previously estimated. According to Google, under standard hardware assumptions, fewer than 500,000 physical qubits could complete the crack within minutes. The company is urging the blockchain industry to expedite its migration to post-quantum cryptography (PQC) to mitigate long-term security risks.
Haseeb, Managing Partner at Dragonfly, commented that Google’s research has made the quantum cracking of ECDSA approximately 20 times more efficient than prior estimates, advancing the industry’s timeline for post-quantum migration to around 2029. He noted that Google did not even disclose the specific quantum circuits, instead verifying the results via zero-knowledge proofs, underscoring the high level of concern regarding this risk.
9. Coinbase Gets OCC Conditional Nod for National Trust Bank link
Coinbase Global has received conditional preliminary approval from the U.S. Office of the Comptroller of the Currency (OCC) to establish a national trust bank. This license is positioned for custody and market infrastructure businesses. The OCC federal trust charter will provide a unified federal regulatory framework for Coinbase’s custody business, enabling Coinbase to offer regulated services including digital asset custody, tokenized asset management, and transaction settlement.
10. Drift Protocol Hacked for $285M link
Around April 2, 2026, multiple on-chain analytics firms and media outlets reported abnormal capital outflows from Drift Protocol, an integrated derivatives and lending protocol in the Solana ecosystem. The project confirmed it was under attack, which ultimately resulted in approximately $280 million worth of funds being stolen from the protocol. The protocol has suspended deposits and withdrawals and is cooperating with security firms, cross-chain bridges, and trading platforms to handle the incident.
Drift Protocol issued a statement on the security incident, saying a malicious actor gained unauthorized access to the protocol through a new attack method involving durable nonce and quickly seized control of the Drift Security Council. Drift stated that this was a highly sophisticated attack operation, apparently planned over several weeks and executed in phases, including techniques such as pre-signing transactions via durable nonce accounts and delayed execution.
According to Drift’s current investigation findings, the incident was not caused by vulnerabilities in Drift’s programs or smart contracts, and there is no evidence that the relevant mnemonic phrases were compromised. Drift believes the attacker obtained unauthorized or disguised transaction approvals prior to execution, with the durable nonce mechanism and complex social engineering tactics likely playing a key role. A total of approximately $280 million in assets were transferred out of the protocol in the incident.
Drift outlined the main steps that allowed the attacker to carry out the breach: first, pre-deploying an access path through durable nonce accounts; then obtaining sufficient approval authority within the multi-signature setup, specifically 2/5 multi-signature approvals; subsequently executing a malicious admin privilege transfer within minutes to gain protocol-level control; and finally using that authority to introduce malicious assets and remove all existing withdrawal restrictions, enabling the theft of held funds.
All funds deposited in the lending module, vaults, and trading accounts have been affected. Unaffected assets include DSOL not deposited into Drift, including assets staked with Drift Validator, as well as insurance fund assets, which will be withdrawn from the protocol and moved to a more secure environment for protection.
As a preventive measure, Drift has frozen all remaining protocol functions and updated its multi-signature configuration to remove compromised wallets.
The incident has spilled over to multiple DeFi protocols in the Solana ecosystem. Projects including Reflect Money, Ranger Finance, Neutral Trade, Elemental DeFi, Project 0, Lulo Finance, Asgard Finance, DeFi Carrot, Pyra, xPlace, and Fuse Wallet have confirmed being affected, with some suspending minting, redemption, or deposit and withdrawal functions. Ranger Finance reported an exposure of approximately $900,000, accounting for about 6% of its TVL. Pyra stated it has suspended related card services as user funds earning yields on Drift were impacted.
Charles Guillemet, Chief Technology Officer of Ledger, stated that the attack was not a smart contract vulnerability but a long-term covert compromise of the multi-signature mechanism. The hacker is suspected to have gained control of multi-signature holders’ devices or private keys and misled operators into approving malicious transactions. The method closely resembled the Bybit incident last year, which was linked to the North Korean hacking group (DPRK). He called on the industry to improve endpoint detection capabilities and adopt hardware-backed clear-text signing to prevent operational risks.
Hayden Adams, founder of Uniswap, stated bluntly that centralized projects must stop labeling themselves as DeFi; if admin keys can drain all funds, they are essentially CeFi. Omer Goldberg, founder of Chaos Labs, added that Drift’s signing keys held full control over market creation, oracle assignment, and withdrawal limits with no time locks, and the attacker reportedly completed the fund theft in roughly 10 seconds.
Fundraising
- YZi Labs makes a strategic follow-on investment in prediction market platform Predict. link
- Midas announces $50 million Series A funding led by RRE and Creandum. link
- Valinor, a startup founded by former private equity professionals at Blackstone, completes $25 million seed funding. link
- Starcloud, a space computing startup, secures $170 million Series A funding to launch satellites equipped with Bitcoin miners. link
- Keyrock completes Series C funding at a $1.1 billion valuation, led by SC Ventures, a subsidiary of Standard Chartered. link
- Payments startup OpenFX raises $94 million in funding at a valuation of approximately $500 million. link
- U.S. fintech bank Cross River Bank announces a new $50 million funding round. link
- The Better Money Company, a stablecoin settlement service provider, announces $10 million seed funding. link
- Latitude, a cross-border payments startup founded by former employees of Stripe and Coinbase, announces $8 million in funding. link
- Cango completes $65 million in strategic investment and signs a $10 million convertible bond financing agreement. link
- Kulipa, a stablecard issuing infrastructure platform, completes $6.2 million seed funding. link
- Web3 chess project Pixie Chess completes $5.2 million seed funding. link
Learn more, check out crypto-fundraising.info.
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish