WuBlockchain Weekly: US Proposes Relaxing Rules for 401 (k) Plans to Invest in Crypto, Google Highlights Quantum Threats to Cryptography, Drift Hacked with $285 Million Stolen, etc
1. US Labor Dept Proposes 401(k) Alternative Asset Rules link
The U.S. Department of Labor has proposed a rule to ease restrictions on including alternative investments such as private equity and crypto assets in 401(k) retirement plans. It clarifies that fiduciaries must conduct a prudent evaluation based on factors including performance, fees, liquidity, valuation, and complexity before introducing such assets. Fiduciaries complying with this process will be granted “safe harbor” protection to reduce litigation risks. This rule serves as an initial step to implement an executive order by Donald Trump and is currently in the public comment period.
2. Alabama Becomes Second US State to Recognize DAOs link
Alabama Governor Kay Ivey has signed the DUNA (Decentralized Unincorporated Nonprofit Association) Act, making Alabama the second U.S. jurisdiction after Wyoming to grant legal status to DAOs. The Act stipulates that eligible DAOs must have at least 100 members and be formed for a nonprofit collective purpose, and may conduct governance through blockchain and smart contracts, with proposal and voting mechanisms recordable on-chain. Upon recognition, a DAO shall have full legal person status, may hold property, enter into contracts and be sued, and shall provide limited liability protection for its members and managers.
3. New Hampshire Plans $100M Bitcoin-Backed Muni Bonds link
The New Hampshire Business Finance Authority plans to issue municipal bonds collateralized by Bitcoin, with a total size of approximately $100 million. The product has been assigned a Ba2 rating by Moody’s Investors Service (two notches below investment grade). Principal and interest on the bonds will be repaid from funds generated by the Bitcoin-collateralized assets, potentially offering additional returns if Bitcoin prices rise, while price-triggered liquidation clauses are in place to safeguard repayment. The debt is not backed by the state government’s credit or taxation.
4. US Senators Introduce Mined in America Act for BTC Reserves link
U.S. Senators Bill Cassidy and Cynthia Lummis have introduced the Mined in America Act, which aims to boost domestic cryptocurrency mining and related infrastructure by establishing a voluntary certification mechanism. The bill requires certified mining facilities to phase out mining equipment linked to foreign competitors, while leveraging existing energy and rural development programs to support the transition and promote domestic mining hardware manufacturing. Additionally, the legislation codifies into law President Donald Trump’s executive order on establishing a strategic Bitcoin reserve.
5. Cuba’s Central Bank Approves 10 Firms for Crypto Cross-Border Payments link
The Central Bank of Cuba (BCC) has approved 10 enterprises, including 9 micro, small and medium-sized enterprises and 1 joint venture, to use cryptocurrencies for international payments for the first time. The relevant licenses were published in the Official Gazette on March 23. The licenses are valid for one year and may be renewed. Enterprises may only use crypto assets for cross-border payments related to their main business, and must conduct operations through virtual asset service providers (VASPs) licensed by the Central Bank of Cuba. They are also required to report transaction amounts, currencies used and information on intermediary service providers to regulators on a quarterly basis. This is the first time Cuba has issued operational licenses for cryptocurrencies directly used for cross-border payments to domestic enterprises.
Sponsored by FinTax
6. Bithumb Delays IPO to 2028 Amid Issues link
Bithumb has announced that its IPO plan is expected to be delayed until 2028, further postponing its previous target of listing in the second half of 2025. The company is still in the preparation stage, focusing on improving accounting policies, internal controls and internal review procedures, and has signed a consulting agreement with Samjong KPMG through 2027. Despite posting revenue of approximately 651 billion won (about 430 million US dollars) in 2025 and holding a market share of over 30%, recent internal issues and regulatory pressure continue to affect its listing process.
7. Dunamu 2025 Revenue ₩1.56T, Down 10% YoY link
According to Dunamu, the operator of Upbit, in its 2025 annual audit report, the company posted revenue of 1.56 trillion won (approximately 1.027 billion US dollars) in 2025, a year-on-year decrease of 10.04%; operating profit of 869.2 billion won (approximately 573 million US dollars), down 26.7% year on year; and net profit of 708.9 billion won (approximately 467 million US dollars), a year-on-year drop of 27.9%. The company stated that the performance decline was mainly due to lower trading volume of crypto assets compared with 2024. According to another announcement, Dunamu plans to pay a cash dividend of 5,827 won per share, totaling about 199.99 billion won (approximately 132 million US dollars).
8. Google Quantum AI: Crypto Wallet Breakable With Less Quantum Resources link
In a new whitepaper, Google Quantum AI states that the resources required for future cryptographically capable quantum computers to crack the 256-bit elliptic curve cryptography (ECC) wallet signature systems widely used in cryptocurrencies are lower than previously estimated. According to Google, under standard hardware assumptions, fewer than 500,000 physical qubits could complete the crack within minutes. The company is urging the blockchain industry to expedite its migration to post-quantum cryptography (PQC) to mitigate long-term security risks.
Haseeb, Managing Partner at Dragonfly, commented that Google’s research has made the quantum cracking of ECDSA approximately 20 times more efficient than prior estimates, advancing the industry’s timeline for post-quantum migration to around 2029. He noted that Google did not even disclose the specific quantum circuits, instead verifying the results via zero-knowledge proofs, underscoring the high level of concern regarding this risk.
9. Coinbase Gets OCC Conditional Nod for National Trust Bank link
Coinbase Global has received conditional preliminary approval from the U.S. Office of the Comptroller of the Currency (OCC) to establish a national trust bank. This license is positioned for custody and market infrastructure businesses. The OCC federal trust charter will provide a unified federal regulatory framework for Coinbase’s custody business, enabling Coinbase to offer regulated services including digital asset custody, tokenized asset management, and transaction settlement.
10. Drift Protocol Hacked for $285M link
Around April 2, 2026, multiple on-chain analytics firms and media outlets reported abnormal capital outflows from Drift Protocol, an integrated derivatives and lending protocol in the Solana ecosystem. The project confirmed it was under attack, which ultimately resulted in approximately $280 million worth of funds being stolen from the protocol. The protocol has suspended deposits and withdrawals and is cooperating with security firms, cross-chain bridges, and trading platforms to handle the incident.
Drift Protocol issued a statement on the security incident, saying a malicious actor gained unauthorized access to the protocol through a new attack method involving durable nonce and quickly seized control of the Drift Security Council. Drift stated that this was a highly sophisticated attack operation, apparently planned over several weeks and executed in phases, including techniques such as pre-signing transactions via durable nonce accounts and delayed execution.
According to Drift’s current investigation findings, the incident was not caused by vulnerabilities in Drift’s programs or smart contracts, and there is no evidence that the relevant mnemonic phrases were compromised. Drift believes the attacker obtained unauthorized or disguised transaction approvals prior to execution, with the durable nonce mechanism and complex social engineering tactics likely playing a key role. A total of approximately $280 million in assets were transferred out of the protocol in the incident.
Drift outlined the main steps that allowed the attacker to carry out the breach: first, pre-deploying an access path through durable nonce accounts; then obtaining sufficient approval authority within the multi-signature setup, specifically 2/5 multi-signature approvals; subsequently executing a malicious admin privilege transfer within minutes to gain protocol-level control; and finally using that authority to introduce malicious assets and remove all existing withdrawal restrictions, enabling the theft of held funds.
All funds deposited in the lending module, vaults, and trading accounts have been affected. Unaffected assets include DSOL not deposited into Drift, including assets staked with Drift Validator, as well as insurance fund assets, which will be withdrawn from the protocol and moved to a more secure environment for protection.
As a preventive measure, Drift has frozen all remaining protocol functions and updated its multi-signature configuration to remove compromised wallets.
The incident has spilled over to multiple DeFi protocols in the Solana ecosystem. Projects including Reflect Money, Ranger Finance, Neutral Trade, Elemental DeFi, Project 0, Lulo Finance, Asgard Finance, DeFi Carrot, Pyra, xPlace, and Fuse Wallet have confirmed being affected, with some suspending minting, redemption, or deposit and withdrawal functions. Ranger Finance reported an exposure of approximately $900,000, accounting for about 6% of its TVL. Pyra stated it has suspended related card services as user funds earning yields on Drift were impacted.
Charles Guillemet, Chief Technology Officer of Ledger, stated that the attack was not a smart contract vulnerability but a long-term covert compromise of the multi-signature mechanism. The hacker is suspected to have gained control of multi-signature holders’ devices or private keys and misled operators into approving malicious transactions. The method closely resembled the Bybit incident last year, which was linked to the North Korean hacking group (DPRK). He called on the industry to improve endpoint detection capabilities and adopt hardware-backed clear-text signing to prevent operational risks.
Hayden Adams, founder of Uniswap, stated bluntly that centralized projects must stop labeling themselves as DeFi; if admin keys can drain all funds, they are essentially CeFi. Omer Goldberg, founder of Chaos Labs, added that Drift’s signing keys held full control over market creation, oracle assignment, and withdrawal limits with no time locks, and the attacker reportedly completed the fund theft in roughly 10 seconds.
Fundraising
YZi Labs makes a strategic follow-on investment in prediction market platform Predict. link
Midas announces $50 million Series A funding led by RRE and Creandum. link
Valinor, a startup founded by former private equity professionals at Blackstone, completes $25 million seed funding. link
Starcloud, a space computing startup, secures $170 million Series A funding to launch satellites equipped with Bitcoin miners. link
Keyrock completes Series C funding at a $1.1 billion valuation, led by SC Ventures, a subsidiary of Standard Chartered. link
Payments startup OpenFX raises $94 million in funding at a valuation of approximately $500 million. link
U.S. fintech bank Cross River Bank announces a new $50 million funding round. link
The Better Money Company, a stablecoin settlement service provider, announces $10 million seed funding. link
Latitude, a cross-border payments startup founded by former employees of Stripe and Coinbase, announces $8 million in funding. link
Cango completes $65 million in strategic investment and signs a $10 million convertible bond financing agreement. link
Kulipa, a stablecard issuing infrastructure platform, completes $6.2 million seed funding. link
Web3 chess project Pixie Chess completes $5.2 million seed funding. link
Learn more, check out crypto-fundraising.info.
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish
The 401(k) proposal is interesting but the framing around it tends to skip over a critical structural issue: 401(k) participants are not uniformly sophisticated investors, and the primary draw of crypto in a retirement account is typically momentum, not diversification theory. The Labor Department's fiduciary standard exists precisely because the average plan participant does not have the bandwidth to evaluate protocol risk, exchange counterparty risk, or custody setup. The Drift hack losing $285 million in the same week this proposal is floated is almost poetically bad timing. DeFi's security track record over the last three years, with over $3 billion lost to exploits annually on average, is the data point that any 401(k) rule change should have to answer to directly before it moves forward.