March Blockchain Technology Update: Rare BTC Block Reorganization, Ethereum Upgrade Roadmap

Written by | GaryMa, Wu Blockchain

The WuBlockchain summarizes key developments in the blockchain technology space for March:

Bitcoin

The development main branch of the Bitcoin client, Bitcoin Core, has merged the Cluster Mempool update (PR #34616), which is expected to be included in the future Bitcoin Core 31.0 version. This upgrade will redesign how nodes manage pending transactions (mempool) by processing related transactions in groups to improve block packaging efficiency and optimize fee calculations for RBF (Replace-By-Fee) and CPFP (Child Pays For Parent) transactions. Bitcoin Core 31.0 is expected to be released in the second half of 2026.

Quantum technology company BTQ Technologies announced the successful deployment of the first functional implementation of Bitcoin Improvement Proposal BIP-360 on its Bitcoin Quantum testnet (v0.3.0). BIP-360 aims to address potential threats from quantum computing to Bitcoin, with its core being the introduction of a new output type called “Pay-to-Merkle-Root” (P2MR) to minimize the exposure risk of elliptic curve public keys. The proposal was formally merged into the Bitcoin BIP codebase earlier this year.

The Bitcoin network recently experienced a relatively rare two-block reorganization (reorg). Near block height 941,880, mining pools Foundry USA, AntPool, and ViaBTC formed two brief fork chains during a mining competition. Subsequently, Foundry USA mined consecutive subsequent blocks, making its chain the main chain and completing the reorganization. Researchers stated that such events are a normal part of the Bitcoin consensus mechanism’s operation and are not indicative of an attack or system failure.

Ethereum

Glamsterdam Upgrade: Ultimate L1 scaling and MEV fairness. Progress: The development team has been testing on Devnet-5, and several core EIPs have entered “Considered for Inclusion” (CFI) status, with activation expected around June.

Hegota Upgrade: Censorship resistance, privacy enhancement, and node slimming. Progress: Frame Transactions were originally planned for introduction to support post-quantum cryptography and more advanced account abstraction. However, due to high complexity, they have been postponed or streamlined in recent development meetings to ensure that Hegota can be released on schedule by the end of 2026.

Vitalik Buterin stated that the two core directions for the Ethereum execution layer upgrade are state tree reconstruction and virtual machine adjustments, aiming to solve the primary bottleneck of proof efficiency. At the state level, EIP-7864 proposes replacing the current hexary Merkle Patricia Tree with a binary tree structure based on more efficient hash functions to shorten Merkle branches, reduce bandwidth and proof costs, and optimize storage access structures. Regarding long-term direction, he proposed gradually replacing the EVM with a more proof-friendly virtual machine (such as RISC-V) to improve execution and ZK-proof efficiency. The transition path may involve first using it for precompiles, then opening contract deployment, and finally turning the EVM into a compatibility layer, maintaining backward compatibility while only involving Gas cost adjustments.

Ethereum co-founder Vitalik stated that EIP-8141 will complete the Account Abstraction upgrade, introducing a “Frame Transactions” mechanism to make features like batch operations, Gas sponsorship, and private payments native protocol capabilities. Vitalik mentioned that this upgrade may be implemented via the Hegota fork within a year.

Virtuals Protocol announced that it has co-proposed and released ERC-8183 (Agentic Commerce) with the Ethereum Foundation’s dAI team, aiming to provide an open, permissionless on-chain commercial settlement standard for AI Agents. The core of this standard is the “Job” primitive: composed of Client, Provider, and Evaluator parties, with funds locked in contract escrow and settled according to an Open→Funded→Submitted→Terminal (Completed/Rejected/Expired) state machine; the Evaluator is responsible for on-chain confirmation or rejection of deliverables, and related records can be used for composable applications such as reputation systems.

Ethereum co-founder Vitalik Buterin introduced a new fast confirmation rule mechanism for Ethereum on X. This mechanism allows users to obtain a hard guarantee that an Ethereum transaction will not be reverted (Non-revert) after just one Slot (12 seconds). Vitalik pointed out that the security of this rule is based on two premises: first, the vast majority of validators are honest nodes, and second, network latency is lower than approximately 3 seconds. Although its security is slightly lower than economic finality, it already provides extreme reliability for many application scenarios.

The Ethereum Foundation published an article outlining the future ecological vision for L1 and L2. The article notes that L1 will maintain its role as the global settlement and DeFi hub, while the core task of L2 has shifted from pure scaling to providing differentiated and customized services. The Foundation suggests that L2s should reach at least Stage 1 security standards and encourages them to evolve toward Stage 2, synchronous composability, and “Native Rollups.” Meanwhile, the Ethereum Foundation committed to continuing L1 and Blob scaling (currently only about 30% loaded) and focusing on solving cross-chain experience fragmentation caused by the multi-chain ecosystem.

Ethereum released its most detailed upgrade plan ever: seven upgrades, five goals, and one massive reconstruction. The system that allows all operators to reach consensus is called the “consensus mechanism”; Ethereum’s current consensus mechanism is functioning normally and has been battle-tested, but it was designed for an earlier era, limiting the network’s capacity ceiling. Whatever privacy scheme Ethereum builds, it must simultaneously possess quantum resistance — two difficult problems that must be solved together. Once resolved, a major obstacle to mass adoption will disappear.

Ethereum L2s

Gnosis and Zisk proposed building the “Ethereum Economic Zone” (EEZ) framework, aimed at achieving collaborative operation between the Ethereum mainnet and various Layer 2 networks through shared infrastructure, reducing redundant development and technical friction, and improving user experience; the Ethereum Foundation has participated in funding the project. The scheme intends to alleviate Layer 2 ecological fragmentation through a unified execution environment and a default mechanism for paying with ETH.

Polygon announced the launch of the AI tool Agent CLI, which supports AI agents in creating wallets and performing fund transfers and management on the Polygon chain. It provides functions such as token sending, swapping, cross-chain bridging, fiat on-ramps, and balance and transaction history queries; it also supports registering agents as on-chain NFT identities with reputation scores via the ERC-8004 standard and provides HTTP-based x402 micro-payment functions, supporting stablecoin payments for Gas fees and local key storage.

Optimism announced that it will stop supporting op-geth and op-program on May 31, 2026; security patches and critical vulnerability fixes will still be provided until then, but new feature development, including the next Karst hard fork, will only take place on op-reth. Meanwhile, the fault-proof program for op-program will migrate to kona-client, and current deployments are expected to remain usable until the Karst hard fork.

Solana

Solana governance proposal SIMD-0266 has been passed. Proposed by Anza last year, the proposal introduces a new p-tokens model to improve computational efficiency, which could theoretically increase Solana transaction efficiency by up to approximately 19 times. The VP of Technology at the Solana Foundation stated that the upgrade is expected to go live on the mainnet in April.

The Solana Foundation released a report titled “Privacy on Solana,” proposing a privacy framework for institutional adoption. It argues that the next phase of applications in the crypto industry will rely more on customizable privacy mechanisms rather than pure transparency. The report proposes four privacy modes, including pseudonymization, confidentiality, anonymity, and full privacy systems, noting that Solana’s high throughput and low latency can support privacy technologies such as zero-knowledge proofs, satisfying regulatory compliance needs while protecting transaction data through mechanisms like audit keys or compliance proofs for controlled disclosure.

Security Related

Security firm BlockSec re-tested EVMBench and concluded that the benchmark overestimates AI’s automation capabilities in smart contract auditing. By expanding to 26 model configurations and introducing 22 real attack events that occurred after February 2026 for testing, results showed that in 110 sets of tests, AI’s success rate in exploiting real attacks was 0%. However, its performance in vulnerability detection was close to the original report, with some models able to identify known pattern vulnerabilities.

According to GoPlus Security, a new type of malware named Infiniti Stealer is targeting Mac users’ crypto wallets. It induces users to execute malicious code in the terminal via forged Cloudflare verification pages, subsequently stealing browser credentials, macOS Keychain, crypto wallets, and sensitive developer information. It also possesses stealth capabilities such as sandbox detection and delayed execution. Users are reminded not to click on unknown links or execute commands from unknown sources.

According to cybersecurity firm Aikido, the GlassWorm malware recently upgraded, utilizing the Solana transaction memo field as a covert communication channel to obtain C2 instructions and implement multi-stage attacks. The malicious program spreads by impersonating open-source packages such as npm and PyPI, and can steal private keys, mnemonic phrases, browser cookies, session data, and deploy Remote Access Trojans (RAT). The attack can also target hardware wallets like Ledger and Trezor by popping up forged interfaces to induce the entry of mnemonic phrases, while supporting keylogging, screenshots, and remote command execution. Researchers remind developers to be cautious when installing dependencies and to verify package sources.

According to security firm Socket, researchers discovered 5 malicious npm packages targeting Ethereum and Solana developers, inducing installation through typosquatting (name impersonation) to steal private keys and send them back to attackers via Telegram. Four of these targeted Solana, and one targeted Ethereum. The malicious packages hijack key functions called by developers, uploading private key data before returning normal results. Researchers have submitted takedown requests to npm and reminded affected private keys to transfer assets immediately.

Vercel CEO Guillermo Rauch posted that a user utilizing Opus 4.6 and OpenClaw for development experienced a situation where an AI Agent, despite knowing the correct project ID, hallucinated a fake GitHub repository ID (repoId) and triggered a deployment via API. Since this random ID happened to correspond to a real open-source project, it resulted in a “deployment offset” of unrelated code on the user’s server. In response, SlowMist CISO 23pds warned that with the popularization of AI Agents, attacking automated deployment processes through means such as GEO (AI search marketing) poisoning and AI search offset will become a new challenge in the security field.

Security research institution Ctrl-Alt-Intel disclosed that a group of hackers suspected to be related to North Korea targeted staking platforms, exchange software providers, and crypto exchanges. Attackers exploited the React2Shell vulnerability (CVE-2025–55182) and acquired AWS access credentials to breach cloud environments, enumerating resources such as S3, EC2, RDS, EKS, and ECR, and extracting keys and credentials from Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers. Researchers stated that the attackers downloaded 5 Docker images and stole source code, including software components related to ChainUp customers. The attack infrastructure involved a South Korean server 64.176.226[.]36 and the domain itemnania[.]com. The report stated the activity is consistent with North Korean-linked attack characteristics, though attribution confidence is medium and the source of AWS credentials remains unclear.

SlowMist CISO 23pds tweeted that the Python AI gateway library LiteLLM, which has 97 million monthly downloads, suffered a PyPI supply chain attack. Attackers can steal sensitive information on user devices through the pip install litellm command. Stealable sensitive data includes: SSH keys, cloud service credentials (AWS / GCP / Azure), Kubernetes configuration files, Git credentials, API keys in environment variables, Shell history, cryptocurrency wallet information, and database passwords. SlowMist CISO 23pds warned that the LiteLLM vulnerability attackers have already stolen about 300GB of data and approximately 500,000 credentials. He recommends that all cryptocurrency developers immediately perform self-checks, rotate relevant keys and credentials as soon as possible, and verify logs, access records, and sensitive data exposure to avoid serious losses similar to the Trust Wallet incident.

SlowMist CISO 23pds issued an alert urging all iOS users to update their systems as soon as possible. According to monitoring, an attack program named DarkSword has been leaked. The core capability of this program is to extract forensic-grade data from iOS devices via HTTP interfaces. In actual attack scenarios, attackers may induce users to fall for the trap through social engineering or watering hole attacks, thereby stealing internal data from iPhones or iPads and uploading it to a controlled server.

Others

The Sui development team announced that its new virtual machine (VM) has been publicly released and has opened a bug bounty program, inviting the community to conduct security reviews before mainnet deployment. This version is a rewrite of the execution layer, introducing per-package caching and next-generation Move features; it has completed internal reviews and security audits by institutions such as OSEC and Zellic.

Sui officially announced that the mainnet has been upgraded to V1.68.1 and the protocol has been upgraded to version 118. The main content of this upgrade includes enabling the address aliases feature on the mainnet, enhancing metadata security in the Sui System, and fixing an issue where simulating abnormal transactions containing invalid fund withdrawals could cause full nodes to crash.

Polkadot officially announced that its issuance model upgrade officially started on March 14 (Pi Day). This protocol change primarily introduces two core measures: first, establishing a maximum supply cap of 2.1 billion DOT (approximately 80% currently issued); second, reducing the emission rate of DOT by approximately 53% starting March 14, with plans for further reductions in the future. Officials stated that these changes were proposed by the community and approved via OpenGov, aiming to limit long-term issuance, maintain incentive mechanisms, and provide a transparent, predictable issuance schedule.

Cosmos Labs posted that a vulnerability affecting some chains using the Cosmos EVM stack was recently discovered, involving a feature used by certain chains, and has already impacted the Saga production environment. Cosmos Labs stated it has worked with Saga and ecological partners to complete the investigation of the problem, coordinate mitigation measures, and release repair patches to the relevant chains.

Brevis today launched Brevis Vera, a media authenticity certification system powered by zero-knowledge proofs (ZK), used to verify whether published images and videos come from real devices and confirm they have only undergone provable, legitimate editing. The system combines C2PA hardware-level capture signatures with zero-knowledge proofs generated by the Brevis Pico zkVM, thereby continuously maintaining cryptographic proof of media origin throughout the editing process. Brevis Vera is now live and supports open-source libraries.

Stacks Labs, the development team for the Bitcoin Layer 2 Stacks, stated that its SIP-034 upgrade has completed mainnet implementation. By optimizing how transaction resource limits are handled, the network’s “effective capacity” has been increased by up to approximately 30 times in certain DeFi applications. The upgrade adjusted the previous mechanism where “hitting any resource budget cap resets all limits” to only resetting the specific single limit that was exhausted, thereby increasing available throughput within a block. The team stated that the upgrade does not directly change STX token economics but may bring more transactions and fees as network activity increases.

Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish