Security researchers have uncovered a malicious Chrome extension that secretly diverts SOL from users conducting swaps on the Solana blockchain. The extension, called Crypto Copilot, injects an undisclosed transfer into every Raydium transaction, quietly routing funds to a hardcoded attacker wallet.
The tool presents itself as a convenience app that enables Solana swaps directly from X posts, connecting to wallets such as Phantom and Solflare. Behind the interface, the code appends a hidden SystemProgram.transfer instruction to each transaction.
The fee is set at either 0.0013 SOL or 0.05% of the trade amount, whichever is higher, and remains invisible unless the user inspects the complete instruction list.
External services lend the app legitimacy, utilising DexScreener data, Helius RPC calls, and a backend dashboard that provides no actual functionality. Researchers warn that the disposable infrastructure, misspelt domains, and obfuscated code point to clear malicious intent, not an unfinished product.
On-chain analysis indicates limited gains for attackers so far, likely due to the low distribution. The mechanism, however, scales directly with swap volume, placing high-frequency and large-volume traders at the most significant risk.
Security teams are urging users to avoid closed-source trading extensions and to scrutinise Solana transactions before signing.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
EU regulators are preparing for a significant shift in crypto oversight as new rules take effect on 1 January 2026. Crypto providers must report all customer transactions and holdings in a uniform digital format, giving tax authorities broader visibility across the bloc.
The DAC8 framework brings mandatory cross-border data sharing, a centralised operator register and unique ID numbers for each reporting entity. These measures aim to streamline supervision and enhance transparency, even though data on delisted firms must be preserved for up to twelve months.
Privacy concerns are rising as the new rules expand the travel rule for transfers above €1,000 and introduce possible ownership checks on private wallets. Combined with MiCA and upcoming AML rules, regulators gain deeper insight into user behaviour, wallet flows and platform operations.
Plans for ESMA to oversee major exchanges are facing pushback from smaller financial hubs, which are concerned about higher compliance costs and reduced competitiveness. Supporters argue that unified supervision is necessary to prevent regulatory gaps and reinforce market integrity across the EU.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A South Tyneside family has spoken publicly after an elderly man lost almost £3,000 to a highly persuasive cryptocurrency scam, according to a recent BBC report. The scammer contacted the victim repeatedly over several weeks, initially offering help with online banking before shifting to an ‘investment opportunity’.
According to the family, the caller built trust by using personal details, even fabricating a story about ‘free Bitcoin’ awarded to the man years earlier.
Police said the scam fits a growing trend of crypto-related fraud. The victim, under the scammer’s guidance, opened multiple new bank accounts and was eventually directed to transfer nearly £3,000 into a Coinbase-linked crypto wallet.
Attempts by the family to recover the funds were unsuccessful. Coinbase said it advises users to research any investment carefully and provides guidance on recognising scams.
Northumbria Police and national fraud agencies have been alerted. Officers said crypto scams present particular challenges because, unlike traditional banking fraud, the transferred funds are far harder to trace.
Community groups in Sunderland, such as Pallion Action Group, are now running sessions to educate older residents about online threats, noting that rapid changes in technology can make such scams especially daunting for pensioners.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The Swiss Federal Council has approved significant updates to the Ordinance on the International Automatic Exchange of Information in Tax Matters. The new rules are set to take effect across Switzerland on 1 January 2026, assuming no referendum intervenes.
The revisions expand Switzerland’s international exchange of financial account information, updating the Common Reporting Standard (CRS) and introducing the new Crypto-Asset Reporting Framework (CARF).
Crypto service providers in Switzerland will now have reporting, due diligence, and registration obligations under the AEOI Ordinance, although these provisions will not apply until at least 2027.
The updated Ordinance also extends CRS rules to Swiss associations and foundations while excluding certain accounts if specific conditions are met. Transitional measures aim to facilitate the implementation of the amended CRS and CARF by affected parties more smoothly.
Deliberations on partner states for Switzerland’s crypto data exchange have been paused by the National Council’s Economic Affairs and Taxation Committee. The CARF will become law in Switzerland in 2026, but full implementation is delayed, keeping crypto-asset rules inactive for the first year.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
According to the 2025 Identity Fraud Report by verification firm Sumsub, the global rate of identity fraud has declined modestly, from 2.6% in 2024 to 2.2% this year; however, the nature of the threat is changing rapidly.
Fraudsters are increasingly using generative AI and deepfakes to launch what Sumsub calls ‘sophisticated fraud’, attacks that combine synthetic identities, social engineering, device tampering and cross-channel manipulation. These are not mass spam scams: they are targeted, high-impact operations that are far harder to detect and mitigate.
The report reveals a marked increase in deepfake-related schemes, including synthetic-identity fraud (the creation of entirely fake but AI-generated identities) and biometric forgeries designed to bypass identity verification processes. Deepfake-fraud and synthetic-identity attacks now represent a growing share of first-party fraud cases (where the verified ‘user’ is actually the fraudster).
Meanwhile, high-risk sectors such as dating apps, cryptocurrency exchanges and financial services are being hit especially hard. In 2025, romance-style scams involving AI personas and deepfakes accounted for a notable share of fraud cases. Banks, digital-first lenders and crypto platforms report rising numbers of impostor accounts and fraudulent onboarding attempts.
This trend reveals a significant disparity: although headline fraud rates have decreased slightly, each successful AI-powered fraud attempt now tends to be far more damaging, both financially and reputationally. As Sumsub warned, the ‘sophistication shift’ in digital identity fraud means that organisations and users must rethink security assumptions.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Americans may soon be able to pay federal taxes in Bitcoin under a new bill introduced in the House of Representatives. The proposal would send BTC tax payments straight into the US strategic reserve and spare taxpayers from capital gains reporting.
Representative Warren Davidson says that BTC tax payments allow the government to build an appreciating reserve without purchasing coins on the open market. He says that Bitcoin-based revenue strengthens the national position as the dollar continues to lose value due to inflation.
Supporters say the plan expands the reserve in a market-neutral way and signals a firmer national stance on Bitcoin adoption. They argue a dedicated reserve reduces the risk of future regulatory hostility and may push other countries to adopt similar strategies.
Critics warn that using seized or forfeited BTC to grow the reserve creates harmful incentives for enforcement agencies. Some commentators say civil asset forfeiture already needs reform, while others argue the reserve is still positive for Bitcoin’s long-term global position.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Binance Japan and PayPay have launched a new service that enables users to purchase crypto assets using PayPay Money and PayPay Points. The integration allows funds deposited from PayPay Money to be used directly for spot trading on Binance Japan.
Users can also withdraw proceeds from crypto sales back into their PayPay Balance. Previously, trading and withdrawals were restricted to Japanese yen transfers via domestic banks or external wallets.
The new system allows one-click deposits and withdrawals, starting from JPY 1,000.
The service works 24 hours a day, 365 days a year, offering a smoother trading experience for both mobile and web users. To activate the integration, users enable the linkage via the PayPay icon within Binance Japan’s trading platform.
The initiative reflects growing collaboration between PayPay and Binance Japan, aiming to enhance convenience and accessibility for both first-time traders and experienced users while expanding crypto adoption in Japan.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
Security researchers have confirmed that the Ultralytics YOLO library was hijacked in a supply-chain attack, where attackers injected malicious code into the PyPI-published versions 8.3.41 and 8.3.42. When installed, these versions deployed the XMRig cryptominer.
The compromise stemmed from Ultralytics’ continuous-integration workflow: by exploiting GitHub Actions, the attackers manipulated the automated build process, bypassing review and injecting cryptocurrency mining malware.
The maintainers quickly removed the malicious versions and released a clean build (8.3.43); however, newer reports suggest that further suspicious versions may have appeared.
This incident illustrates the growing risk in AI library supply chains. As open-source AI frameworks become more widely used, attackers increasingly target their build systems to deliver malware, particularly cryptominers.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
A rising number of young, high-earning Americans are moving away from wealth advisers who fail to offer crypto access, signalling a sharp generational divide in portfolio expectations.
New survey results from Zerohash show that 35 percent of affluent investors aged 18 to 40 have already redirected funds to advisers who support digital-asset allocations, often shifting between $250,000 and $1 million.
Confidence in crypto has strengthened as major financial institutions accelerate adoption. Zerohash reported that more than four-fifths of surveyed investors feel more assured in the asset class thanks to involvement from BlackRock, Fidelity and Morgan Stanley.
Wealthier respondents proved the least patient. Half of those earning above $500,000 said they had already replaced advisers who lack crypto exposure, and 84 percent plan to expand their holdings over the coming year.
Demand now extends well beyond Bitcoin and Ethereum. Ninety-two percent want access to a wider range of digital assets, mirroring expanding interest in altcoin-based ETFs and staking products.
Asset managers are responding quickly, with 21Shares launching its Solana ETF in the US and BlackRock preparing a staked Ether product. The Solana category alone has attracted more than $420 million in inflows, underscoring the rising appetite for institutional-grade exposure.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
The UAE has taken a major step in its digital finance strategy as the Central Bank of the UAE approved Zand to launch Zand AED, the nation’s first regulated, multi-chain AED-backed stablecoin. The new asset places the dirham on global blockchain rails under the oversight of a fully licensed bank.
Zand AED is fully backed by reserves in regulated accounts, with real-time transparency through independently audited smart contracts and attestations.
Being available on multiple public blockchains enables fast cross-border settlement and simpler integration for developers, enterprises, and financial institutions.
Zand leadership described the launch as a significant advancement for the UAE’s position in global financial innovation. They highlighted that Zand AED bridges traditional and decentralised finance, enabling payments, tokenisation, and digital asset applications.
Analysts expect the global stablecoin market to expand to trillions, and Zand AED positions the UAE as a leading hub for regulated digital finance. The stablecoin offers a secure, scalable foundation for institutions and FinTechs in a leading global financial ecosystem.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
