OVERVIEW

⚠️ STOP NOW: Hack Flipping Wallet Addresses ⚠️

NEWS
This One Is Bad. Really, Really, Bad. 😱 

When Ledger’s Chief Technology Officer goes on X and makes a huge warning, it’s usually something bad.

And today’s post from Ledger CTO Charles Guillemet is something very bad.

What Happened?

Attackers phished maintainer “qix” via a fake support email and pushed malicious updates to 18 massively used packages like chalk, debug, ansi-styles, strip-ansi, supports-color, etc. We’re talking 2.0 to 2.6B weekly downloads across this set, so the blast radius is, you know, the entire ecosystem.

Here’s An Explanation For Normal People Like Me

• Bad guys sent a fake email to a trusted coder and tricked him into giving them the keys.

• Think costume party villain. Looks real. Isn’t. They got in.

• They changed 18 super-popular coding tools lots of websites use.
  Billions of downloads. That’s basically everyone’s toolbox.

• When you send crypto in your browser, the code can switch the wallet address.

• You think you’re paying your friend. It sends to the crook. The screen still looks normal.

What To Do Right Now

If you use dapps, extensions, or sign in browser:

• Use a hardware wallet.
  Check the address on the little device screen. If it doesn’t match, stop.

• Don’t paste old addresses.
  Get the address fresh from a safe place. Send a tiny test (dust test) first to make sure it lands.

• Remove sketchy permissions.
  If you used new apps today, open your wallet’s approvals page and revoke stuff you don’t trust. That cuts their power cord.

Most Exposed : Browser Extensions

• EVM wallets: MetaMask, Coinbase Wallet, Trust Wallet (ext), Rabby, OKX Wallet, Zerion, Brave Wallet. The payload intercepts, tweaks the send transaction, and rewrites recipients before you sign.

• Solana wallets that implement the standard sign methods: Phantom, Solflare, Backpack.

• Tron: TronLink and similar. The malware recognizes TRX addresses and can swap them mid-flow.

• Bitcoin and other UTXO browser wallets where addresses pass through the page or API calls: UniSat (BTC), Xverse (BTC/STX), etc. It knows BTC formats and can alter DOM or network traffic.

• Litecoin & Bitcoin Cash web wallets or extensions that surface addresses in-page. Those formats are in scope too.

Not claiming these brands shipped bad builds; saying they match the interfaces the malware hijacks. 🔎 

Short version: crooks booby-trapped everyday tools so your money goes to them. Slow down, double-check addresses on the device, and if you ship/build JavaScript, don’t ship new builds until you’ve scrubbed your stack clean. 🫧 

Stay safe everyone. 🎌 

ON-CHAIN ANALYSIS
Leverage Absorption Ratio Check ✔️ 

Open interest screams numbers, not context, so I built the Leverage Absorption Ratio (LAR) to tell me when leverage is being absorbed by price and when it’s about to shatter my stops. 🤯 

LAR - The Cheat-Code Metric 🧠

• > 5 Smooth Sailing

• 3 - 5 Check Engine

• < 3 Danger Zone

Regimes for direction:

• Absorption Up - price up, OI up

• Short-Cover Rally - price up, OI down

• Levered Selloff - price down, OI up

• Deleveraging Drop - price down, OI down

Bitcoin $BTC.X ( ▲ 0.4% ) 

Bitcoin took the clean-out like a champ.

• LAR: 20.00 cap (raw 66.3) 

• Regime: Deleveraging Drop

• Read: Smooth flush - OI and price falling.

This combo says sellers hit spot, longs trimmed, and no fresh pile-on from shorts. Good. You want the rebuild next - OI creeping higher behind price while funding stays sane. Until then, stop trying to knife-catch every 500-point wick. 🕯️ 

Ethereum $ETH.X ( ▼ 3.02% ) 

Ethereum keeps acting like the adult in the room.

• LAR: 11.83

• Regime: Short-Cover Rally

• Read: Smooth short-cover - price up while OI bleeds.

Shorts blinked and handed longs a stair-step higher with less leverage risk under the floorboards. Let OI refill slowly while price holds higher lows, then press with tight invalidation. If funding spikes on a nothingburger headline, cool your jets. ✈️

XRP $XRP.X ( ▲ 4.79% ) 

XRP is mid-rinse cycle, not victory lap.

• LAR: 6.97

• Regime: Deleveraging Drop

• Read: Smooth flush - risk reset, not trend.

Traders/investors de-risked, which is good after a hype top, but trend doesn’t resume until price bases and OI follows. Patience. Let it print a sideways coil and track OI rising after the coil breaks, not into it. 😐️ 

Solana $SOL.X ( ▲ 3.08% ) 

Solana brought energy and then some.

• LAR: 3.97

• Regime: Absorption Up

• Readout: Check engine - OI outrunning price.

Bulls showed up with leverage faster than price could validate it. That’s fine on strong days, fragile on thin books. Trade it like momentum - quick risk, quick exits, and no diamond hands into unlock chatter. 💎 

Chainlink $LINK.X ( ▲ 4.29% ) 

Chainlink is the tidy version of SOL’s setup.

• LAR: 4.16

• Regime: Absorption Up

• Readout: Check engine - watch funding on pops.

OI is growing faster than price but not recklessly. If funding rips during intraday surges, fade the extension and reload where the panic dips back. Otherwise, keep trailing and let the grind work for you. 🤜 

POLL
Take This Poll: Will ETH Lead Altcoins In September? 🤔 

Let us know what you think! 👈️ 

NEWS
Nasdaq Wants Tokenized Stocks On The Main Stage

The Nasdaq just asked the SEC for permission to let listed stocks and ETPs trade in tokenized form on its main market, which would be a first for a major U.S. exchange and a clean path to onchain settlement inside the existing rulebook. 📔

Nasdaq’s rule change keeps everything under the national market system - same order book, same execution priority - as long as the token has the same material rights as the underlying security. If a token strips rights, it trades as a distinct instrument. No wholesale carve-outs.

The Details

• Scope - equities and ETPs can trade “in traditional digital or tokenized form.”

• Market plumbing - routing, pricing, surveillance, reporting stay the same.

• Timeline - token-settled trades could show by Q3 2026 if DTC’s rails are ready.

• Parity principle - Europe’s “tokenized U.S. stocks without real share rights” is the cautionary tale Nasdaq says it wants to avoid.

• Legal frame - Commissioner Hester Peirce: tokenized securities are still securities. Obvious, necessary, binding.

We’ll keep you updated as this story develops. 💡

NEWS IN THREE SENTENCES
AI, Stablecoins, & Privacy News 🕵️

🎭 Deepfakes Surge, Proof-Of-Human Emerges As Defense

From fake CFOs stealing $25M on video calls to Brad Pitt “dating” scams, deepfake fraud is exploding. Detection alone isn’t cutting it - proof-of-human flips the game by cryptographically proving a real person is behind the screen. It’s like stamping every interaction with “certified human” so AI imposters can’t hijack your trust. Worldcoin.

🇰🇷 ZetaChain Taps Kaia To Enter Korea’s Stablecoin Wars

Korea’s big banks and tech platforms are all prepping KRW stablecoins, and Kaia - backed by Kakao’s empire - is set to be the hub. By integrating Kaia, ZetaChain makes those stablecoins usable across Ethereum, Solana, Bitcoin, and more as a single unified asset. For users, it means “KRW anywhere” - like having your won work across every wallet and chain without bridges. ZetaChain.

NEWS IN THREE SENTENCES
Metaverse, NFT, & Gaming News 🎮️

🏠 Decentraland Adds Communities, Finally A Place For Group Chats

Decentraland now lets you form Communities - group hubs with chat, events, and (soon) voice streams. Think Discord servers, but baked right into the metaverse so you don’t have to bounce between apps. A pilot program even pays stipends in MANA for active groups, so your book club or chess night might literally get subsidized. Decentraland.

🕸️ Gala Expands Referral System - 5 Levels Deep, Like A Crypto MLM Without The Shame

Gala’s referral program now pays you not just when your friends spend, but also when their friends, and their friends, and… you get the picture. Rewards hit instantly, covering games, NFTs, and even gas fees, so the bigger your network, the fatter your bag. It’s basically social graph mining - except instead of spam calls from “your cousin,” you’re minting $GALA. GalaGames.

LINKS
Links That Don’t Suck 🔗

🔑 HashKey unleashes $500M+ fund to build Asia’s “Largest institutional bridge” to crypto

🪙 CoinShares set to go public in US via $1.2 billion SPAC merger with Nasdaq-listed Vine Hill

👍️ Axelar and Frax choose Crypto.com for secure digital asset infrastructure

⛏️ BitMine surpasses 2 million Ethereum holdings, invests $20 million in Worldcoin treasury

🤖 Dyson’s Spot+Scrub Ai robot seeks out stains

Get In Touch 📬

Email me (Jonathan Morgan) your feedback; I’d love to hear from you. 📧

Terms & Conditions 📝

Securities Disclaimer: STOCKTWITS IS NOT A TAX ADVISOR, BROKER, FINANCIAL ADVISOR OR INVESTMENT ADVISOR. THE SERVICE IS NOT INTENDED TO PROVIDE TAX, LEGAL, FINANCIAL OR INVESTMENT ADVICE, AND NOTHING ON THE SERVICE SHOULD BE CONSTRUED AS AN OFFER TO SELL, A SOLICITATION OF AN OFFER TO BUY, OR A RECOMMENDATION FOR ANY SECURITY. Trading in such securities can result in immediate and substantial losses of the capital invested. You should only invest risk capital, and not capital required for other purposes. You alone are solely responsible for determining whether any investment, security or strategy, or any other product or service, is appropriate or suitable for you based on your investment objectives and personal and financial situation. You should also consult an attorney or tax professional regarding your specific legal or tax situation. The Content is to be used for informational and entertainment purposes only and the Service does not provide investment advice for any individual. Stocktwits, its affiliates and partners specifically disclaim any and all liability or loss arising out of any action taken in reliance on Content, including but not limited to market value or other loss on the sale or purchase of any company, property, product, service, security, instrument, or any other matter. You understand that an investment in any security is subject to a number of risks, and that discussions of any security published on the Service will not contain a list or description of relevant risk factors. In addition, please note that some of the stocks about which Content is published on the Service have a low market capitalization and/or insufficient public float. Such stocks are subject to more risk than stocks of larger companies, including greater volatility, lower liquidity and less publicly available information. Read the full terms & conditions here. 🔍

Author Disclosure: The author of this newsletter holds positions in ADA, IMX, COPI, MIN, AGIX, ALGO, ZEC, XLM, and NEAR. 📋