News linked to both this project and an event.
Grayscale Research Head Zach Pandl stated that perpetual contracts, as a core product of the crypto market, have long been limited to crypto assets such as BTC and ETH. However, Hyperliquid is changing this landscape through its HIP-3 upgrade. HIP-3 allows for the permissionless deployment of perpetual contract markets on the Hyperliquid infrastructure, and a S&P 500 perpetual contract product has already been launched on Hyperliquid.Data shows that the HIP-3 market reached a peak open interest of approximately $3.2 billion in June 2026, with a cumulative trading volume of about $200 billion. These markets are not directly operated by Hyperliquid but adopt a "permissionless infrastructure" model: any qualified developer can create derivatives trading markets on its underlying network. This makes Hyperliquid more akin to an open financial infrastructure similar to AWS, with the HYPE token capturing the overall transaction value flow.
the U.S. government's export controls and access restrictions on Anthropic's models, Fable 5 / Mythos 5, were partly driven by Amazon's cybersecurity research and AWS CEO Andy Jassy's communications with the White House.It is understood that research submitted by Amazon indicated that through a series of prompt tests, researchers could induce Fable 5 to output sensitive information potentially usable for cyberattacks, raising security concerns. Subsequently, Andy Jassy reported these findings to the U.S. government level, prompting the White House to implement further restrictions, including banning foreign users from accessing the model.Meanwhile, former U.S. Commerce Department official Kate Koren revealed that the White House's existing policy stance towards Anthropic may have also influenced this decision. This is because Anthropic has disagreements with the White House over the boundaries of AI safety, including refusing to use its models for mass surveillance or lethal autonomous weapons systems. Although the two sides had eased tensions and expanded cooperation earlier this year, this incident could reignite strained relations between them. (The Wall Street Journal)
Coinbase has released a post-mortem report on the large-scale service outage that occurred on May 7, 2026. The disruption lasted approximately 8 hours, with full recovery taking about 12 hours. During this period, trading, deposits, withdrawals, and most core services were either unavailable or severely degraded.Coinbase stated that the outage was triggered by the simultaneous failure of multiple chillers in the cooling system of a data center within an Availability Zone (use1-az4) of the AWS us-east-1 region. This led to thermal shutdown protection for server racks, causing EC2 instances and EBS volumes to go offline, and impacting multiple internet services.During the recovery process, Coinbase's trading matching engine lost quorum after its cluster architecture, deployed within a single AWS data center, lost the majority of its nodes. Emergency code adjustments and the formation of new node groups were required to restore operations, with market trading being gradually restarted throughout the recovery.Additionally, the AWS Managed Streaming for Kafka (MSK) service experienced a control plane failure, preventing automatic re-election of partition leaders. This further blocked order books, fee calculations, and parts of the settlement and data streaming systems, expanding the overall impact. After Coinbase and the AWS engineering teams collaborated on manual partition migrations, the system gradually returned to normal.Coinbase indicated that this incident exposed deficiencies in its cross-Availability Zone automatic failover capabilities and the disaster recovery of managed middleware. The company will upgrade its cross-region hot standby architecture, strengthen regular disaster recovery drills, migrate its Kafka systems from a dual-AZ to a triple-AZ deployment, and work jointly with AWS to address root causes and implement improvements.
According to on-chain analyst PeckShield (@PeckShieldAlert), SlowMist’s threat intelligence system MistEye has detected a cross-registry supply chain attack targeting developers. Malicious packages have spread across three major registries—npm, PyPI, and Crates.io—comprising over 34 malicious packages and more than 384 related versions. The attack targets developer communities in cryptocurrency, DeFi, Solana, Sui/Move, and AI. It may lead to the theft of cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and other sensitive developer information. Some malicious payloads also attempt persistence via mechanisms including `.cursorrules`, `CLAUDE.md`, Git hooks, cron, systemd, and SSH. SlowMist recommends immediately removing affected packages, isolating compromised systems, rotating exposed credentials, rebuilding CI environments and developer machines from clean images, and conducting comprehensive reviews of GitHub, cloud, SSH, and wallet-related activities.
According to research by security firm Socket Security, a cryptocurrency-stealing supply chain attack dubbed “TrapDoor” spans npm, PyPI, and Crates.io, involving over 34 malicious packages and 384 related versions and artifacts. The attack targets cryptocurrency, DeFi, Solana, Sui, Move, and AI developers. Attack samples can steal sensitive information including SSH keys, wallet data, AWS credentials, GitHub tokens, browser data, and environment variables. Specifically, npm packages execute the shared payload `trap-core.js` via the `postinstall` hook; PyPI packages execute remote JavaScript upon import; and Crates.io packages steal local keystores via `build.rs`. Socket has flagged all related packages as malicious and reported them to the respective package registries.
The BNBAgent SDK has officially launched on the BSC mainnet, providing core infrastructure for scaling AI agents on-chain. The SDK comprises four modular components: identity and trust based on ERC-8004; commerce and custody based on ERC-8183 (APEX); autonomous payments integrating MPP and x402; and memory and storage built on BNB Greenfield. This framework addresses key challenges faced by AI agents—including identity verification, commercial collaboration, automated settlement, and cross-execution-environment memory continuity—enabling developers to build, deploy, and monetize AI agents on BNB Chain. Initial partners include Google, AWS, Virtuals, Binance Pay, Trust Wallet, Binance Wallet, and United Stables.
Wasabi Protocol released a security incident update, stating that the attacker exploited a Spring Boot Actuator configuration vulnerability in its AWS infrastructure to steal private keys controlling EVM smart contracts, and subsequently drained approximately $4.8 million in user funds and $900,000 from the protocol’s treasury—totaling roughly $5.7 million in losses. The attack chain originated from a public-facing analysis server whose Actuator heap dump was not properly password-protected, enabling the attacker to obtain credentials for another server and ultimately gain control of the smart contract private keys. This incident affected only EVM deployments—including certain treasuries on Ethereum, Base, Blast, and Berachain—while Solana deployments and the Prop AMM remained unaffected. No final user compensation plan has been announced yet; however, “ensuring all affected users are compensated” remains the team’s top priority. Updates on the investigation will be shared with the community via Discord.
Coinbase stated that, at approximately 8:00 a.m. Beijing Time on May 8, its systems detected elevated error rates across multiple services. The issue was subsequently traced to AWS’s US-EAST-1 Region Availability Zone use1-az4. Although Coinbase’s systems were originally designed to recover from failures in a single availability zone, this incident affected multiple availability zones, resulting in an extended outage of core trading services. The primary issues have now been fully resolved. The team will conduct a comprehensive postmortem analysis and provide further updates once AWS releases its official post-incident report.
According to The Block, Amazon Web Services (AWS) has partnered with Coinbase and Stripe to launch Amazon Bedrock AgentCore Payments, enabling AI agents to conduct transactions using stablecoins. Coinbase stated that developers can build “agent-based payment” solutions using the x402 protocol, allowing AI agents to make micro-payments in USDC. This feature enables AI agents to instantly pay for web content, APIs, MCP servers, and other agents. AWS noted that developers can choose between Coinbase and Stripe wallets and fund those wallets using either stablecoins or fiat currency.
: Stripe officially announced a partnership with Amazon Web Services (AWS) to provide AI Agent payment capabilities for Amazon Bedrock AgentCore. AWS launched the AgentCore Payments feature on the same day, allowing AI Agents to instantly access and pay for web content, APIs, MCP servers, and other AI Agent service fees. Among them, Privy (a Stripe-owned company) will collaborate with Coinbase to provide wallet infrastructure and payment channels, supporting the initial stablecoin payment capabilities for AgentCore.
PrimePiper has launched an enterprise-grade prime broker platform for AI agents, designed to address challenges including fragmented account management, inadequate risk control, inability to reconcile across venues, and insufficient compliance auditing in AI-driven automated trading. According to the company, its infrastructure supports unified connectivity to multiple trading venues—including Hyperliquid, OKX, Tiger Brokers, and Interactive Brokers (IBKR). For risk control, PrimePiper offers enterprise-grade API key management, spending limits, and circuit-breaker mechanisms to constrain AI agent trading behavior. At the execution layer, it enables automated strategy execution via SDK or the Model Context Protocol (MCP). For compliance and auditing, it provides audit-grade reporting capabilities tailored for funds and traders. PrimePiper has been selected for the latest cohort of Founders Inc’s accelerator program; its product is currently in the Alpha stage. Team members hail from Galois Capital, Kraken, DRW, and AWS.
SlowMist TI Alert reports that MistEye has received threat intelligence from the community regarding an active macOS information-stealing malware dubbed “MacSync Stealer” (v1.1.2). This malware targets macOS users and is capable of stealing cryptocurrency wallets, browser credentials, system keychains, and infrastructure keys (SSH / AWS / K8s). It employs a spoofed AppleScript system dialog to trick users into entering their login password. After data exfiltration, it displays a fake “Not Supported” error message. SlowMist states it has shared relevant IOCs with its customers and urges users not to execute unverified macOS scripts and to remain vigilant against unusual system password prompts.
According to Nikkei Asia, Amazon announced it will invest up to $25 billion more in Anthropic, the parent company of Claude, with $5 billion available immediately and the remaining $20 billion disbursed in tranches contingent upon achieving commercial milestones. Amazon has previously invested a total of $8 billion in Anthropic; following this round, its total investment will reach $33 billion. In exchange, Anthropic has committed to spending over $10 billion on Amazon Web Services (AWS) over the next decade and plans to deploy approximately 1 gigawatt of computing capacity by year-end using Trainium2 and Trainium3 chips; its long-term goal is 5 gigawatts. Following the announcement, Amazon’s after-hours stock price rose approximately 2.7%. Notably, earlier this year Amazon announced it would invest up to $50 billion in OpenAI, underscoring its strategy of simultaneously backing multiple leading AI companies to reinforce its leadership position in cloud infrastructure.
Odaily News The x402 protocol, incubated by Coinbase, has announced the launch of a unified platform called Agent.market, positioned as an "AI Agent App Store" for centrally showcasing and integrating various tools and services built on the protocol. According to the introduction, Agent.market already covers seven major categories at launch: inference, data, media, search, social, infrastructure, and trading. It integrates service providers including OpenAI, Bloomberg, CoinGecko, LinkedIn, X, and AWS Lambda, and supports permissionless integration.Erik Reppel, Engineering Lead at Coinbase Developer Platform, stated that the platform is essentially "an app store for agents." Currently, there are approximately 69,000 active agents on the x402 network, which have cumulatively completed over 165 million transactions, with a transaction volume reaching $50 million. Most services on Agent.market adopt a pay-per-use model, with some charging an "agentic premium" for AI agents. However, costs can be reduced through subscriptions in high-frequency usage scenarios. Meanwhile, the "agent economy" based on x402 is lowering customer acquisition and integration costs for businesses, unlocking previously constrained demand due to API keys, subscriptions, and micro-payment mechanisms.The x402 protocol is named after the HTTP 402 "Payment Required" status code, enabling websites, APIs, and AI agents to conduct instant micropayments via blockchain and traditional payment channels. The protocol is governed as an open standard by the x402 Foundation under the Linux Foundation and has received support from over 20 technology and crypto institutions including Cloudflare, Stripe, Amazon Web Services, Google, and Visa. (The Block)
According to an official incident post-mortem report on the CoW Swap attack, its domain cow.fi was compromised via a supply-chain attack on April 14, 2026. Attackers exploited social engineering tactics to infiltrate the .fi domain registration process and hijack DNS resolution, causing users attempting to access swap.cow.fi to be redirected to a phishing site for several hours. During this period, attackers deployed a counterfeit trading interface and attempted to trick users into connecting their wallets and signing malicious transactions. The report states that this incident did not impact CoW Protocol’s on-chain smart contracts, backend systems, or user fund security; core infrastructure—including services hosted on AWS and Vercel—remained uncompromised. The attack occurred exclusively during the domain registration and transfer process: attackers gained control by forging identity documents and exploiting vulnerabilities in the registration workflow, briefly modifying the domain’s DNS records. The team detected the anomaly within 19 minutes and initiated emergency response procedures, subsequently migrating to cow.finance and fully restoring the cow.fi domain within approximately 26 hours. CoW’s team noted that affected users were primarily those who visited the official website during the domain hijacking window. Preliminary estimates place losses at around $1.2 million. The cow.fi domain has since been reactivated with enhanced security measures—including RegistryLock—and the team has launched external security audits, legal proceedings against the perpetrators, and is developing a potential user compensation plan. The official statement emphasizes that the vulnerability has been patched and outlines plans to improve domain infrastructure security through governance initiatives and industry collaboration.
According to Cointelegraph, researchers from the University of California recently revealed security risks in certain third-party AI large language model (LLM) routers that could lead to the theft of cryptocurrency assets. The study found that LLM routers—acting as API intermediaries—can read plaintext information; some routers were discovered injecting malicious code and stealing credentials. The research team tested 28 paid and 400 free routers, identifying nine routers that actively injected malicious code, two that deployed trigger-avoidance mechanisms, and 17 that accessed Amazon Web Services (AWS) credentials. One router even transferred ETH using the researchers’ Ethereum private key. The study notes that malicious behavior by routers is difficult to detect, and the “YOLO mode” present in some AI agent frameworks—which automatically executes commands—further increases security risks. Researchers recommend that developers avoid transmitting private keys or mnemonic phrases through AI agents and urge AI companies to implement cryptographic signing of responses to enhance security.