Tron's Founder Takes the Trump Family's Crypto Venture to Federal Court

Justin Sun, the billionaire founder of the Tron blockchain and one of the most polarizing figures in crypto, has filed a federal lawsuit against World Liberty Financial - the DeFi project backed by the Trump family - alleging fraud, breach of contract, and what he describes as a hidden "backdoor" built into the project's smart contracts.

The complaint, filed April 22 in the U.S. District Court for the Northern District of California, accuses WLFI of using that alleged backdoor to freeze approximately 2.9 billion of Sun's unlocked WLFI tokens after he allegedly declined to keep investing - or to mint the project's USD1 stablecoin on WLFI's terms.

The Alleged Setup

Sun says he invested $45 million in WLFI in 2024, drawn in part by the Trump name and what he describes as representations about token rights and governance access. What he got instead, he alleges, was a rug pull by smart contract.

According to the suit, WLFI secretly installed a blacklisting function in its token contracts - a mechanism that could prevent specific wallets from trading their tokens. Sun alleges that once it became clear he was not going to deepen his investment or participate in USD1 promotion, that function was activated against him. At peak valuation, his frozen holdings were reportedly worth over $1 billion. After market declines and liquidity constraints, that figure has dropped to roughly $75 million - still not nothing.

WLFI co-founder Zach Witkoff pushed back immediately, calling the lawsuit "a desperate attempt to deflect attention" from Sun's own alleged misconduct, and stated that WLFI had acted to protect itself and its users. Neither side has offered a full public accounting of what Sun's alleged misconduct actually refers to.

This Could Get Worse for All Parties, Fast…

A few things make this lawsuit worth tracking closely.

First, it involves the Trump family's most prominent crypto project - one that has already collected hundreds of millions from investors including foreign nationals, drawing scrutiny from congressional Democrats over potential conflicts of interest. A federal fraud suit alleging hidden smart contract manipulation puts fresh legal pressure on a project that has largely avoided meaningful oversight.

Second, the alleged blacklisting function itself is significant. Smart contracts are supposed to be trustless and transparent by design. If WLFI did in fact install an undisclosed admin function that could freeze individual wallets post-launch, that cuts against the project's entire DeFi credibility - and potentially raises securities law questions about what exactly investors were being sold.

Third, Justin Sun is not a sympathetic plaintiff. He is under investigation by the SEC over separate allegations of market manipulation and illegal celebrity promotions - accusations he denies - and this lawsuit will inevitably be framed as two controversial figures fighting over money. But messy lawsuits can expose genuinely important information through discovery.

The crypto industry has spent years arguing that smart contracts represent a more trustworthy, transparent financial system. A case alleging that a major project secretly built in a kill switch - and used it - is exactly the kind of story that complicates that argument.

---------------

Author: Blake Taylor
New York News Desk

The UK's Financial Watchdog Just Conducted Its First Physical Crypto Crackdown

On April 22, officers from the UK Financial Conduct Authority, working alongside HM Revenue and Customs and the South West Regional Organised Crime Unit, raided eight premises across London suspected of running illegal peer-to-peer cryptocurrency trading operations. It was the first coordinated physical enforcement action the FCA has ever taken against the illegal crypto sector.

At each of the eight sites, officials issued cease-and-desist notices and gathered evidence now feeding into active criminal investigations. None of the sites operated with FCA registration. Under UK law, businesses facilitating crypto exchange services for others must be registered and must maintain anti-money laundering controls. None of these operations had either.

What These Sites Were Doing

The FCA's concern was not primarily that people were trading crypto - it's that unregistered P2P operations create a conduit for dirty money. Without AML checks, criminals can use informal exchange networks to move, layer, and withdraw illicit funds with minimal traceability.

Reporting from CoinDesk notes that the FCA has signaled a harder enforcement posture in recent months, ahead of a new regulatory licensing regime expected to open in September 2026 - with full compliance requirements kicking in by October 2027. That timeline gives legitimate operators a window to get registered. It gives illegitimate ones a shrinking runway before they become targets.

Consumers who traded through unregistered P2P services are in a bad position if anything goes wrong. There is no access to the Financial Ombudsman Service, no compensation scheme, and a real risk that funds they handled could be linked to criminal activity they had no idea about.

A Tightening Noose

The UK has taken its time getting here. Compared to the US - where the DOJ, SEC, CFTC, and FinCEN have been filing crypto enforcement actions for years - the FCA's physical raids represent a meaningful escalation in ground-level enforcement, not just regulatory letters and fines.

Currently no peer-to-peer crypto trading platform or individual is registered with the FCA. That is not because the market does not exist - it is because the FCA's registration process has been brutal. The regulator rejected or saw the withdrawal of roughly 90% of crypto business applications in its initial program, citing AML deficiencies as the primary concern. The informal market filled the gap left by those rejections.

What is different now is the visible willingness to act in the physical world. Cease-and-desist letters, evidence gathering, and open criminal investigations signal that operating informally in the UK crypto market carries real personal risk - not just regulatory paperwork.

For traders who have been using informal P2P networks for convenience or to sidestep exchange KYC requirements, this is probably a good time to reconsider. The FCA now knows these operations exist, knows where they operate, and has demonstrated it is willing to show up in person.

---------------

Author: Reginald Bailey
Europe News Desk

How North Korea Stole $292 Million From DeFi's Plumbing

DeFi had a rough week - and when I say rough, I mean "almost-existential-crisis" rough. On April 18, attackers later identified as North Korea's Lazarus Group exploited Kelp DAO's cross-chain bridge to drain 116,500 rsETH, worth approximately $292 million. Within 48 hours, the shockwave had erased more than $13 billion in total value locked across decentralized finance.

It is the largest DeFi exploit of 2026, and it exposed a vulnerability that the industry has been warned about for years.

What Actually Happened

The root of the exploit was embarrassingly simple in concept, even if technically sophisticated in execution. Kelp DAO's bridge relied on LayerZero for cross-chain messaging - but it was configured with a 1-of-1 verifier, meaning a single node was responsible for validating all cross-chain messages before funds could move.

Lazarus did not need to crack the verifier directly. Instead, the group compromised two remote procedure call (RPC) nodes that fed data to that verifier. With those nodes under their control, they injected fake cross-chain messages through LayerZero, tricking the bridge into releasing funds it never should have touched. according to CoinDesk, the stolen rsETH spread across more than 20 blockchain networks, making rapid containment nearly impossible.

The 1-of-1 setup is the critical failure point. A multi-validator configuration would have required the attacker to compromise multiple independent nodes simultaneously - a dramatically harder lift. Instead, a single point of failure collapsed under a well-funded nation-state hacking operation.

The Fallout: A Near-Death Experience for DeFi

Because rsETH served as collateral across protocols on multiple layer 2 networks, the damage did not stay contained to Kelp DAO. Aave, SparkLend, and Fluid moved quickly to freeze the asset, but not before the broader market reacted. Aave alone saw $8.45 billion in deposits exit over 48 hours.

The sector's total value locked dropped more than $13 billion in two days. Crypto.news reported that April 2026 is now the worst month for crypto hacks since the $1.4 billion Bybit breach in February 2025, with over $606 million lost across 18 days.

In a coordinated response, Aave founder Stani Kulechov joined forces with Lido Finance and EtherFi to propose covering the shortfall using ether reserves - an unusual display of cross-protocol cooperation that may have prevented a wider bad-debt cascade.

LayerZero has formally attributed the attack to TraderTraitor, the Lazarus sub-group responsible for some of the most lucrative crypto heists of recent years, including the Ronin Bridge exploit in 2022 and the Bybit exchange hack earlier this year.

What This Means for Bridge Security

If the Kelp DAO exploit proves anything, it's that crypto bridges remain the industry's most dangerous attack surface. Nearly every major protocol hack in recent memory has exploited the same basic problem: a cross-chain message that was trusted when it should not have been.

The fix is not complicated in theory. Multi-validator setups, decentralized RPC node networks, and independent security audits of bridge infrastructure would all raise the bar considerably. The challenge is that cutting corners on infrastructure often gets rationalized as a "move fast" decision - until a nation-state with unlimited patience decides to take advantage.

DeFi's recovery from this hack looks manageable. Aave's safety module held, protocols coordinated quickly, and no major platform appears to have collapsed. But the sector absorbed a $13 billion shock in 48 hours. The next bridge that runs a 1-of-1 verifier might not be so lucky.

---------------

Author: Ryan Gardner
Silicon Valley News Desk

The U.S. Treasury claimed its biggest on-chain trophy yet on Friday, announcing a freeze of roughly $344 million worth of Tether (USDT) sitting in two wallets that officials say belong to the Central Bank of Iran. Treasury Secretary Scott Bessent unveiled the action as part of a broader pressure campaign Washington is calling "Economic Fury," aimed at choking off Tehran's access to dollar-denominated liquidity while the conflict in the Middle East drags on.

According to OFAC's announcement, the wallets are alleged to be linked to the IRGC's Quds Force and to Hezbollah, with Tether coordinating directly with U.S. law enforcement to immobilize the balances. Blockchain analytics firm TRM Labs confirmed Friday that the action represents the largest single on-chain freeze of Iranian sovereign crypto reserves ever made public.

How a Stablecoin Freeze Actually Works

For anyone newer to the mechanics: USDT is centrally controlled by Tether, which means the issuer can blacklist any wallet at any moment, blocking it from sending or receiving tokens. Once an address is frozen, the assets technically still exist on-chain. The holder just cannot move them. It is the closest thing crypto has to a bank account being asset-frozen by court order, only faster and far cheaper to enforce.

That setup has long been a sore spot for stablecoin maximalists who argue it makes USDT functionally indistinguishable from traditional banking rails. Friday's announcement will only sharpen that debate. For sanctions hawks, it is proof the toolkit works. For privacy advocates, it is another reminder that "trustless" only goes so far when one company holds the kill switch.

Why Tether Played Ball

Tether, headquartered in El Salvador and long criticized for opaque reserves, has spent the past two years openly courting U.S. regulators and law enforcement. The company has frozen billions of dollars in USDT linked to alleged criminal activity and sanctions violations since 2023, and it now publishes regular cooperation reports. Friday's action looks like another step in that strategy: get ahead of regulation by becoming the model citizen of the stablecoin space.

It also helps explain why a senior Tether executive is reportedly on the speaker list for the Mar-a-Lago crypto gala this weekend. Public goodwill with the current administration appears to be a top corporate priority.

What It Means for the Market

Iran has, for years, used cryptocurrency to route around sanctions, both for state-level moves and for facilitating proxy financing. The IRGC and Hezbollah have been named repeatedly in U.S. enforcement actions tied to digital assets. A $344 million seizure does not bankrupt the regime, given that oil revenues dwarf this number, but it is a meaningful shot across the bow, and it signals that other state actors using stablecoins should expect similar treatment.

USDT itself barely budged on the news, hovering at its peg as it usually does during enforcement headlines. That is, in a way, the bigger story. The market has fully priced in the fact that Tether will burn balances when asked. There is no longer any pretense that holding USDT is a sovereign-grade hedge against Western financial pressure.

For Tehran, the message is unsubtle. For everyone else, it is a reminder that the rails crypto runs on are not as neutral as the marketing suggests. The age of stablecoin sovereignty was always more pitch deck than policy.

---------------

Author: Blake Taylor
New York News Desk

Apple's App Store, marketed for years as the safest place on the internet to download an app, just delivered a sharply embarrassing episode for crypto-curious users. Researchers say at least 26 fraudulent apps slipped through review and onto the storefront, every one of them dressed up to look like a legitimate cryptocurrency wallet.

The campaign, dubbed "FakeWallet" by the analysts who flagged it, allegedly impersonates major names including MetaMask, Ledger, Coinbase, Trust Wallet, TokenPocket, imToken and Bitpie. The icons mirror the originals closely enough to fool a quick glance, while names rely on subtle typos (think "LeddgerNew" or stretched spellings) to evade Apple's automated checks. Once installed, the apps either route victims to phishing pages or hook directly into the screen where users type their recovery phrases.

Why the Asia-Pacific Angle Matters

While the bait list reads global, several of the impersonated wallets, including Bitpie, imToken and TokenPocket, have especially deep user bases across China, Hong Kong, Taiwan and Southeast Asia. Security researchers first reported that mainland users were among the earliest targeted, and several variants were configured with Chinese-language phishing flows. That regional skew is not surprising. Self-custody adoption has been climbing fast across Asia, and many users get their wallets through the App Store rather than a desktop browser.

The targeting also underscores a longstanding gap in mobile wallet security culture. Hardware wallet vendors have spent years drilling into customers that seed phrases never go into a phone, ever. The reality is that millions of users do exactly that during onboarding, and a convincing fake interface is enough to drain a wallet in a single tap of "submit."

How the Scam Pulls Off the Theft

Two attack patterns have been observed. In the first, the malicious app launches and immediately redirects the user to a browser page styled to mimic the App Store, prompting them to install a second "real" wallet that is itself trojanized. In the second, the app loads what appears to be the legitimate wallet onboarding flow but inserts a fake verification step demanding the recovery phrase, which is then quietly exfiltrated to an attacker-controlled server.

Either way, the result is the same: the operators capture the master key and drain assets within minutes. Apple Insider reported earlier that one such app alone is alleged by independent researchers to have netted around $9.5 million before being removed. Apple has not confirmed any specific dollar figures.

What Apple Is, and Isn’t Doing

Apple has pulled most of the identified apps after disclosure. The company has not commented publicly on how the apps cleared review, nor on whether the same developer accounts have been blocked from publishing future updates. For users who installed any of the flagged apps, the only safe assumption is that the seed phrase entered into them is already compromised, and any funds tied to that phrase need to be moved to a new wallet immediately.

The broader picture is uglier than 26 takedowns. App-Store-led trust assumptions are wearing thin in the crypto space, and reviewers seem perpetually one move behind the people building these clones. Until that changes, the safest install path remains the one that crypto veterans have been preaching for a decade: download from the wallet provider's own website, verify the developer signature, and never type a seed phrase into anything that asked for it first.

---------------

Author: Seta Tsuruki
Asia Newsroom

Bitcoin's gains have brought a lot of pain for those who were betting against it. Bitcoin's push back toward the high $70,000 range has looked impressive on screen, but the real story is the carnage underneath it - roughly $826 million in crypto liquidations in 24 hours, with short positions taking the worst of it and BTC accounting for the biggest share of the damage, according to CoinGlass data.

That matters because this was not just a casual bounce. Reports also pointed to a large BTC short liquidation around $15.75 million on Hyperliquid, which is the kind of forced unwind that can extend a move far beyond the original catalyst.

When BTC starts squeezing shorts this hard, traders usually get one of two outcomes - follow-through into a real trend or a fast mean-reversion once the forced buying dries up.

What to Watch For...

The key question now is whether spot demand can actually support price after the derivatives flush. One analysis noted that Bitcoin briefly pushed above $75,000, but weak spot buying capped the move, which is exactly the sort of detail that matters when the market is leaning on leverage rather than conviction. If spot buyers stay lazy, the market can give back gains just as quickly as it made them.

For traders, this is the kind of tape that rewards discipline more than heroics. Liquidations can create momentum, but they can also expose how thin the bid really is once the forced orders clear.

---------------

Author: Rowan Marrow
Seattle Newsroom

Goldman Sachs has filed for its first bitcoin ETF product, and the structure is more income-focused than maximalist-Bitcoin purist friendly. The proposed fund would buy bitcoin-linked exchange-traded products and sell call options on them, a setup meant to generate regular income while sacrificing some upside when BTC rips higher.

That matters because it signals another big traditional finance player is not just tolerating crypto exposure, but packaging it for clients who want something closer to yield than moonshot exposure. Reuters reported the filing on April 14, and the market's reaction was predictably split between "institutional adoption keeps widening" and "yes, finance will turn everything into an income product if given enough time."

The immediate trading relevance is straightforward. If large banks keep rolling out structured Bitcoin products, they may help expand demand from investors who want exposure but dislike direct ownership or wild volatility. That does not automatically boost spot BTC in a straight line, but it can deepen the market and normalize Bitcoin further inside mainstream portfolios.

It is also a subtle sign of where the market is in the adoption cycle. Goldman is not entering crypto because the story is new anymore - it is entering because the client demand has gotten too large to ignore. That is usually when Wall Street starts acting like it discovered the asset class five minutes ago.

---------------

Author: Dorian Fenwick
Silicon Valley Newsroom

The Drift Protocol exploit remains one of the most damaging crypto security stories of the year, with investigators and security firms describing a roughly $285 million attack tied to suspected North Korean actors. Chainalysis and Elliptic both said the incident was the result of a highly coordinated operation, and Elliptic said the on-chain behavior is consistent with DPRK-linked tactics.

Drift is a major Solana-based perpetuals venue, so the damage was never going to stay confined to one protocol. The hack reportedly wiped out more than half of Drift's total value locked and triggered a suspension of deposits and withdrawals while teams worked to contain the fallout.

For traders, the important part is not only the size of the theft, but what it says about confidence in DeFi plumbing. Large exploits tend to hit sentiment across the chain they live on, especially when the protocol sits near the center of liquidity, leverage, and active trading. Solana has plenty of supporters, but a $285 million hack is not the sort of headline anyone wants attached to a network trying to sell speed and scale.

The other reason this story still matters is that the laundering trail and recovery efforts can take weeks or months to resolve. That keeps the event alive in market memory longer than the original attack window, which is bad news for anyone hoping the ecosystem simply shrugs and moves on. Security risk is rarely a one-day event, no matter how much everyone wishes it were.

---------------

Author: Rowan Marrow
Seattle Newsroom