Welcome to Galaxy Research's Weekly Top Stories. Subscribe to get this newsletter delivered to your inbox every Friday morning.
In this week's edition, Lucas Tcheyan considers the implications for crypto of Anthropic’s powerful new AI model Mythos; Alex Thorn assesses reports that Iran has been demanding bitcoin to allow ships passage through the Strait of Hormuz; and Zack Pokorny examines the latest chapter in the ongoing drama of the Aave DeFi protocol.
Got feedback on this newsletter? Email [email protected]. We’d love to hear from you.
Market Update
The total crypto market cap stands at $2.52tn, up 5.91% from last week (when it stood at $2.38tn). Bitcoin's network value is 4.42% of gold's market cap. Over the last seven days, BTC is up 8.04%, ETH is up 7.53%, and SOL is up 4.34%. Bitcoin dominance is 57.41%, up 98 basis points from last week.
Iran Said to Demand Bitcoin for Passage Through Strait of Hormuz
Iran is reportedly requiring ships to pay tolls in bitcoin prior to crossing the Strait of Hormuz. According to a Wednesday report from the Financial Times, Iran is asking ships seeking to pass through the Strait of Hormuz to pay $1 for every barrel of oil they carry using the oldest, most valuable cryptocurrency. Ships must email detailed information about their cargo and, after an assessment is completed, Iranian authorities will give ships “a few seconds to pay in bitcoin, ensuring they can’t be traced or confiscated due to sanctions,” Hamid Hosseini, a spokesperson for Iran’s Oil, Gas and Petrochemical Products Exporters’ Union, was quoted as saying.
If true, it wouldn’t be the first time Iran used crypto. Citing blockchain analytics firm Chainalysis, Bloomberg reported that “Iran’s crypto ecosystem reached $7.8b last year” and data from a second analytics firm, Elliptic, indicated that “during the peak of crypto mining, the state mined bitcoin and sold it to the central bank to pay for imports beyond the reach of dollar-denominated systems.”
However, other reports appear to contradict Hosseini’s statement to the FT. A Bloomberg report from April 1 suggested that the $1/barrel Iranian toll would be paid either in stablecoins or yuan. Citrini Research’s April 6 report, citing on-the-ground sources, said that ships traversing the Iranian-controlled portion of the Strait were largely paying the toll by having their governments unfreeze Iranian assets. And Ari Redbord, global head of policy and government affairs at TRM Labs, a third blockchain analysis firm, told Decrypt: “we don’t have data at this point indicating that crypto is being used at scale for something like transit tolls through the Strait of Hormuz.”
In response to the Wednesday FT report quoting the Iranian union official, Strike CEO Jack Mallers posted on X “there is no second best.” He meant that Iran’s reported choice of Bitcoin highlighted the network’s effectiveness as a censorship-resistant payment system.
According to FT and Citrini Research, ship transits across the Strait have dwindled to 10-20 per day, down from the normal daily average of 100+ during peacetime.
Our Take
One of the many memes that Bitcoiners share to describe the protocol is “Bitcoin is for enemies,” a refrain that highlights the network’s censorship-resistance and permissionlessness. The idea is that the network is so secure and requires so little trust in counterparties that even mutually distrustful parties can use it safely. Iran accepting BTC for tolls to transit the Strait of Hormuz would be an apt illustration. From this perspective, native digital assets like BTC would be a much more effective payment mechanism for Iran than tokenized assets like stablecoins, which issuers can freeze and seize.
The quote from the Iranian union spokesperson is worth unpacking, however. It suggests that sending the bitcoin very quickly would somehow enhance its privacy and protection from confiscation. As a technical matter, this is untrue, unless the ships are paying over the layer-2 Lightning Network, which is indeed extremely fast and better at preserving privacy than layer-1 Bitcoin transactions. However, Lightning requires significant bilateral liquidity and expertise to send such large payments. Specifically, the capacity of tankers in the Persian Gulf ranges from ~200k barrels to ~2m barrels, suggesting that BTC payments would need to be in the $200k-$2m range. The largest known payment ever made through Lightning is $1m in January 2026.
More likely, the Iranian authorities would provide a QR code or alphanumeric Bitcoin address to the ships upon approval of their requests to pass through the Strait. The speed with which the ships pay that invoice would have no bearing on the privacy or censorship-resistance of the payment.
Galaxy Research is conducting our own analysis of network transactions to determine whether any suspected transactions are identifiable. Our analysis will marry ship AIS data with bitcoin transaction data to identify possible toll payment transactions. Stay tuned.
Iran’s use of crypto over the years, to the extent it has occurred (reports have indicated bitcoin mining and other activities, but hard data is scant), has mostly been in service of supporting the sanctioned country’s access to trade and global markets. This contrasts sharply with North Korea’s use. The DPRK famously employs black-hat hackers like Lazarus Group, UNC4899, and APT38 to identify vulnerabilities in blockchain protocols and applications and exploit them to drain user funds. While we cannot support sanctions evasion in any form, it’s important to distinguish these two different uses by hostile nation-states. The juxtaposition is striking – Iran uses permissionless blockchains for economic survival; DPRK steals money from others (including regular people) to fund its nuclear weapons program (according to the U.S. Treasury Department). Solana DeFi application Drift was hacked and drained for $285m just last week; the Drift team blamed UNC4736. That said, money (including BTC) is fungible, so it’s still possible that Iran uses proceeds from its onchain activities for similarly objectionable purposes.
Gold is used worldwide, including by America’s enemies. That doesn’t make gold bad. If the Iranian spokesman’s account is at all accurate, this development is another feather in Bitcoin’s hat that makes it look a lot like digital gold. – Alex Thorn
The Myth(os) of Cybersecurity: Anthropic’s New Model Raises Alarm
Anthropic on Tuesday unveiled Claude Mythos Preview, a frontier AI model it says is so capable at finding and exploiting software vulnerabilities that it cannot be released to the public. Instead, access has been restricted to roughly 40 organizations (including Apple, Microsoft, Google, Amazon, JPMorgan Chase, and the Linux Foundation) under a new defensive cybersecurity initiative called Project Glasswing.
The capabilities appear significant. Mythos identified thousands of previously unknown vulnerabilities across every major operating system and web browser, including bugs that had survived decades of human review and millions of automated security scans, according to Anthropic. In one test, Mythos developed working exploits 181 times where Anthropic's previous best model managed twice. In another, it wrote a full remote root exploit — granting an attacker complete control of a server — autonomously, with no human involvement after the initial prompt, for less than $50. Anthropic says these capabilities were not explicitly trained: they emerged from general improvements in coding and reasoning, meaning every future model that gets better at writing code should also get better at breaking it. The accompanying 244-page system card also revealed that the model can reason about how to game its own evaluators inside its internal activations while writing something entirely different in its visible output — detectable only through specialized interpretability tools.
The announcement comes on the heels of Anthropic disclosing that its annualized revenue jumped from $19 billion in March to $30 billion in April, and reports that the company is evaluating an IPO as early as October.
Our Take
Regardless of how much you take Anthropic's claims at face value, the direction of travel is clear. AI capabilities are accelerating at a pace that demands attention from anyone with money or data to protect, and crypto sits squarely in the crosshairs. Mythos identified critical weaknesses in widely used cryptography libraries, including TLS, AES-GCM, and SSH — protocols that underpin the infrastructure DeFi platforms and centralized exchanges depend on.
Mythos also identified vulnerabilities in TCP, or Transmission Control Protocol, that were believed to have been fixed 27 years ago. TCP underpins roughly 80% of internet traffic, including HTTP and HTTPS, email protocols, and file transfers. An attacker exploiting these flaws could disrupt core internet infrastructure, including the rails that crypto depends on to function. Anthropic also warned that friction-based security measures "may become considerably weaker against model-assisted adversaries."
In DeFi, friction-based defenses such as multisignature wallets, timelocks, and audits often are the security model. Anthropic's researchers argue that once the security landscape reaches a new equilibrium, AI will benefit defenders more than attackers. But the transitional period will be turbulent, and in the short term the advantage belongs to whichever side deploys these tools first.
There are also reasons for skepticism about the framing. Anthropic founder and CEO Dario Amodei was still at OpenAI when the company used the same "too dangerous to release" narrative for GPT-2 in 2019. He left and founded Anthropic the following year. For a company approaching an IPO amid a revenue sprint, "too dangerous to release" is a competitive narrative as much as a safety disclosure, especially against the backdrop of OpenAI announcing $24 billion annual recurring revenue. There is also some evidence that the capabilities are less unique than the announcement implies. One cybersecurity firm tested the showcase vulnerabilities on small, cheap, open-weight models and found that eight out of eight detected the flagship exploit, including a 3.6 billion-parameter model costing $0.11 per million tokens. The moat, the cybersecurity firm argues, is the system (the scaffolding, triage, and domain expertise) not any single model.
The pattern emerging here matters. The most consequential AI capabilities are increasingly gated behind closed access programs, and Project Glasswing may become the template for how frontier models reach the world. As AI capabilities continue to advance, the question of who controls access to the most powerful models, and on what terms, will only sharpen. Decentralized AI infrastructure offers one counterforce. But the counterargument is real too. There are genuine capabilities that the world may not benefit from distributing freely, and the line between responsible stewardship and competitive moat-building is blurry.
Navigating that tension will be one of the defining challenges of the coming years, and crypto — simultaneously a high-value target for AI-assisted exploits and a builder of the alternative infrastructure — sits on both sides of it. – Lucas Tcheyan
Chaos Labs Joins Exodus From Aave
Chaos Labs announced this week that it will no longer be contributing code to Aave. This comes after BGD Labs and Aave Chan Initiative (ACI) each announced that it will also be leaving Aave in the aftermath of the passage of the Aave Will Win proposal temp check.
Chaos Labs cited three core reasons for its departure: 1) the flight of core Aave contributors meaningfully increased the workload and operational risk of the DeFi protocol, 2) the introduction of Aave V4 expands the scope of the risk function, increasing the operational and legal burden, and 3) Chaos Labs has run its Aave engagement at a loss, and even with increased compensation of $1 million/year it would still operate Aave’s risk with negative margin. The group further noted that even if the economic leg of its rationale to depart were resolved it still disagrees on how risk should be prioritized and managed at Aave.
Chaos Labs reached a point where it could continue to provide services to what is now a competing service against its vaults, or stop doing that work and focus on its own product and margin expansion.
Our Take
Aave has been undergoing a structural shift throughout the last four months. It all started with a post in the Aave governance forum in December raising concerns around the redirection of fees generated from the in-UI swap feature away from the decentralized autonomous organization (DAO). This sparked debate around where value accrues in Aave’s organizational stack, what recourse the DAO has against the actions of Labs (and vice versa), and what the AAVE token actually grants holders. This eventually led to the “Aave Will Win” proposal, which laid out a plan to restructure Aave around a model where the DAO (and, as a result, tokenholders) is the primary economic beneficiary of Aave-branded products—but not without cost.
At its core, the proposal asked the DAO to fund Aave Labs with a ~$25m annual operating budget plus 75,000 AAVE, alongside additional milestone-based grants that could bring total compensation to ~$40m+. In exchange, revenue (defined as product revenue net of partner revenue sharing, rebates, and user incentives) would accrue to the DAO treasury, though what constituted “revenue,” and how much could be deducted before it reached the DAO, became a contested aspect of the proposal. Alongside this shift, the proposal also contemplates a more formal structure around brand and intellectual property, with Aave trademarks and related assets potentially held by a foundation to ensure consistency and governance-aligned usage.
Now, the evolution of Aave is reaching a new stage where most key historical contributors are no longer present while it is advancing a new version of its lending markets. Aave has lost many of its service providers, though TokenLogic, Chainlink, and Certora remain. While the (possible) financial savings of doing so can be funneled back to Aave Labs and the providers that are still present, the human capital loss is noteworthy. It will take some time for those who stuck around to get up to speed on the processes the defectors ran, adopt their own implementation strategies, and restore service levels for users on the risk management and protocol development fronts. In coding terms, the protocol now has:
Aave Labs = SUM_EFFORT(BGD Labs, ACI, Aave Labs)
LlamaRisk = SUM_EFFORT(Chaos Labs, LlamaRisk)
The following questions now stand; can these teams effectively backfill the human capital voids that have been created? Is all of this actually what the DAO wants? And how will the composition of the DAO look like after a number of key contributors and maintainers left? These questions will only be answered in time.
On the V4 launch side of the equation, Aave now faces a parallel set of challenges. The rollout of a new lending architecture is not happening in isolation. It is occurring alongside a meaningful reconfiguration of its contributor base and operating model. As a result, Aave must simultaneously maintain and refine its markets while rolling out and battle-testing V4 with a reduced and restructured set of service providers.
Beyond execution risk, the transition to V4 introduces a capital coordination problem. Aave will need to compete directly with established players such as Morpho to attract new TVL, while convincing existing users to re-underwrite the protocol under a new design and set of contracts in the event they want to migrate. This challenge is non-trivial: new architectures inherently introduce uncertainty, and large allocators may require stronger incentives and greater confidence in risk management before reallocating capital.
More broadly, the success of V4 will depend not just on its technical design, but on Aave’s ability to coordinate across governance, contributors and capital providers at a time when each of those layers is in flux. The protocol is effectively attempting to upgrade its architecture, realign its economic model, and rebuild its contributor base simultaneously — raising the bar for execution at precisely the moment its margin for error may be the slimmest. – Zack Pokorny
Other News
🏦White House report says stablecoin rewards won’t drain bank deposits
🤯StarkWare proposes “Quantum-Safe Bitcoin Transactions Without Softforks”
🧠Treasury proposes AML/CFT rules under GENIUS Act...
🪙....as FDIC floats stablecoin issuance rules for banks
🔐Treasury also launches crypto cybersecurity info-sharing initiative
⚠️JPMorgan CEO shareholder letter warns of competition from crypto
🎣U.S. Secret Service freezes $12m of crypto stolen in ‘approval phishing’ scams
Charts of the Week: Morgan Stanley ETF’s Strong Debut
On Wednesday, Morgan Stanley launched its first in-house cryptocurrency ETF, the Morgan Stanley Bitcoin Trust (MSBT), with a management fee of 14 basis points, making it the least expensive spot bitcoin ETF available in the U.S. market.
On its first day of trading, MSBT attracted $31 million in assets, ranking it 14th among all crypto spot ETF debuts in U.S. history. While that figure is modest compared to the $112 million BlackRock's iShares Bitcoin Trust (IBIT) drew on its opening day, MSBT’s performance was still notable. IBIT launched as part of the first wave of spot bitcoin ETFs in January 2024, a historic moment after years of pent-up institutional demand. MSBT, by contrast, entered a more crowded and mature market.
On a same-day flow basis, MSBT was the second-largest recipient of inflows on April 8, trailing only IBIT's $40 million, on a day when BTC rose 2.9%, a strong showing for a new entrant competing against established products. – Jianing Wu
Legal Disclosure:
This document, and the information contained herein, has been provided to you by Galaxy Digital Inc. and its affiliates (“Galaxy Digital”) solely for informational purposes. This document may not be reproduced or redistributed in whole or in part, in any format, without the express written approval of Galaxy Digital. Neither the information, nor any opinion contained in this document, constitutes an offer to buy or sell, or a solicitation of an offer to buy or sell, any advisory services, securities, futures, options or other financial instruments or to participate in any advisory services or trading strategy. Nothing contained in this document constitutes investment, legal or tax advice or is an endorsement of any of the stablecoins mentioned herein. You should make your own investigations and evaluations of the information herein. Any decisions based on information contained in this document are the sole responsibility of the reader. Readers should consult with their own advisors and rely on their independent judgement when making financial or investment decisions.
Participants, along with Galaxy Digital, may hold financial interests in certain assets referenced in this content. Galaxy Digital regularly engages in buying and selling financial instruments, including through hedging transactions, for its own proprietary accounts and on behalf of its counterparties. Galaxy Digital also provides services to vehicles that invest in various asset classes. If the value of such assets increases, those vehicles may benefit, and Galaxy Digital’s service fees may increase accordingly. The information and analysis in this communication are based on technical, fundamental, and market considerations and do not represent a formal valuation. For more information, please refer to Galaxy’s public filings and statements. Certain asset classes discussed, including digital assets, may be volatile and involve risk, and actual market outcomes may differ materially from perspectives expressed here.
For additional risks related to digital assets, please refer to the risk factors contained in filings Galaxy Digital Inc. makes with the Securities and Exchange Commission (the “SEC”) from time to time, including in its Quarterly Report on Form 10-Q for the quarter ended September 30, 2025, filed with the SEC on November 10, 2025, available at www.sec.gov.
Certain statements in this document reflect Galaxy Digital’s views, estimates, opinions or predictions (which may be based on proprietary models and assumptions, including, in particular, Galaxy Digital’s views on the current and future market for certain digital assets), and there is no guarantee that these views, estimates, opinions or predictions are currently accurate or that they will be ultimately realized. To the extent these assumptions or models are not correct or circumstances change, the actual performance may vary substantially from, and be less than, the estimates included herein. None of Galaxy Digital nor any of its affiliates, shareholders, partners, members, directors, officers, management, employees or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of any of the information or any other information (whether communicated in written or oral form) transmitted or made available to you. Each of the aforementioned parties expressly disclaims any and all liability relating to or resulting from the use of this information. Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Galaxy Digital and, Galaxy Digital, does not assume responsibility for the accuracy of such information. Affiliates of Galaxy Digital may have owned, hedged and sold or may own, hedge and sell investments in some of the digital assets, protocols, equities, or other financial instruments discussed in this document. Affiliates of Galaxy Digital may also lend to some of the protocols discussed in this document, the underlying collateral of which could be the native token subject to liquidation in the event of a margin call or closeout. The economic result of closing out the protocol loan could directly conflict with other Galaxy affiliates that hold investments in, and support, such token. Except where otherwise indicated, the information in this document is based on matters as they exist as of the date of preparation and not as of any future date, and will not be updated or otherwise revised to reflect information that subsequently becomes available, or circumstances existing or changes occurring after the date hereof. This document provides links to other Websites that we think might be of interest to you. Please note that when you click on one of these links, you may be moving to a provider’s website that is not associated with Galaxy Digital. These linked sites and their providers are not controlled by us, and we are not responsible for the contents or the proper operation of any linked site. The inclusion of any link does not imply our endorsement or our adoption of the statements therein. We encourage you to read the terms of use and privacy statements of these linked sites as their policies may differ from ours. The foregoing does not constitute a “research report” as defined by FINRA Rule 2241 or a “debt research report” as defined by FINRA Rule 2242 and was not prepared by Galaxy Digital Partners LLC. Similarly, the foregoing does not constitute a “research report” as defined by CFTC Regulation 23.605(a)(9) and was not prepared by Galaxy Derivatives LLC. For all inquiries, please email [email protected].
©Copyright Galaxy Digital Inc. 2026. All rights reserved.