ledger

Ripple officially announced its quantum resistance roadmap, with the core goal of making the XRP Ledger (XRPL) quantum-resistant by 2028. The roadmap primarily addresses the potential attack mode of "harvest now, decrypt later," where attackers collect encrypted data now and wait for future quantum computers to mature before cracking it.The entire plan will be implemented in four phases:Phase 1: Q-Day Emergency Preparedness (Already Started). Establish a Q-Day emergency response mechanism. If the existing classical encryption system is suddenly compromised, the network will immediately stop accepting traditional public key signatures, forcing a migration to quantum-safe accounts. At the same time, explore asset ownership verification solutions based on Post-Quantum ZK-proofs, allowing existing account holders to safely recover funds in emergencies without exposing vulnerable keys.Phase 2: Risk Assessment and Algorithm Testing (First Half of 2026). Conduct a comprehensive assessment of the impact of post-quantum cryptography on the performance, storage, and bandwidth of the XRP Ledger network. Collaborate with Project Eleven to conduct validator-level testing and Devnet benchmarking, deploy NIST standardized ML-DSA quantum-safe signature schemes, and develop prototypes for post-quantum custodial wallets. Core engineer Denis Angell has already deployed ML-DSA signatures on XRPL's AlphaNet.Phase 3: Devnet Hybrid Integration (Second Half of 2026). Parallel integration of candidate post-quantum signature schemes with existing elliptic curve signatures on the developer network (Devnet), allowing developers to test performance and system impacts without affecting the mainnet. At the same time, explore post-quantum zero-knowledge proof primitives and homomorphic encryption technologies for Confidential Transfers to enhance the privacy and compliance capabilities of tokenized real-world assets on XRPL.Phase 4: Full Mainnet Upgrade (Target 2028). Submit a formal protocol amendment, which will be fully enabled on the mainnet after being approved by validator votes, to implement native post-quantum cryptography. Focus on production-ready optimization: throughput tuning, validator reliability assurance, and coordinated migration of the ecosystem, ensuring a complete transition without affecting network speed and settlement finality.

According to Finance Feeds, Apple has confirmed that it has removed a fraudulent app impersonating Ledger Live self-custody wallet from the App Store after an on-chain investigation revealed that over 50 victims lost a total of $9.5 million in cryptocurrency within a week.Previously, on-chain detective ZachXBT disclosed that this counterfeit Ledger Live app was available from April 7 to April 13, 2026. The losses involved multiple blockchains, including Bitcoin, Ethereum, Solana, Tron, and Ripple.

XRP Ledger announced the integration of zero-knowledge infrastructure provider Boundless to support banks and asset management institutions in executing transactions on the public chain that balance privacy protection and compliance.According to reports, this solution can hide sensitive information such as transaction size, frequency, and counterparties, while still allowing regulatory agencies to conduct audits through selective disclosure and role-based access control, thus achieving a balance between privacy and compliance. This integration will support institutional scenarios such as cross-border B2B payments, fund and capital management, over-the-counter (OTC) trading, tokenized asset issuance, and on-chain trading and lending.Industry insiders believe that the contradiction between the transparency of public chains and the demand for privacy has always been a significant barrier to institutional adoption, and this solution aims to reduce the so-called "transparency tax." Meanwhile, competition in the privacy track continues to heat up. Technologies such as zero-knowledge proofs (ZK) and fully homomorphic encryption (FHE) are accelerating implementation, pushing privacy capabilities from optional features to underlying infrastructure. Data shows that the market size of tokenized assets has reached approximately $29.25 billion, with a monthly increase of about 7.9%.

According to on-chain analyst ZachXBT, a counterfeit Ledger Live application was launched on the Apple App Store, resulting in over 50 users' assets being stolen, with total losses amounting to approximately $9.5 million, involving various assets such as Bitcoin, EVM chain assets, TRON, Solana, and XRP.The stolen funds were subsequently transferred through more than 150 KuCoin deposit addresses and laundered using a centralized mixing service called AudiA6. Data shows that the largest single loss reached $3.23 million. The application has recently been removed by Apple.

American musician Garrett Dutton (stage name G. Love) lost 5.9 BTC, amounting to approximately $420,000, after downloading and using a fake Ledger wallet app from the App Store and entering his recovery phrase.On-chain analyst ZachXBT discovered that the attacker had laundered the stolen Bitcoin through the KuCoin platform. This incident once again exposes the security risks of counterfeit wallet applications and reminds users to be vigilant when downloading and using cryptocurrency-related apps, avoiding entering sensitive information through unofficial channels.

American Philadelphia musician G.Love posted on the X platform that during the process of changing computers and reconfiguring Ledger, he mistakenly downloaded a malicious counterfeit application from the Apple App Store, resulting in the theft of his retirement funds, with approximately 5.92 bitcoins transferred all at once.On-chain detective ZachXBT subsequently stated that he had traced the flow of the stolen funds and pointed out that the relevant assets had been laundered through the recharge addresses of a centralized exchange (CEX). ZachXBT also questioned the review mechanism of the Apple App Store, claiming that there is an issue that allows counterfeit applications to be listed on the Apple platform, further amplifying the security risks to user assets. The incident has once again sparked market concerns about wallet security and the application ecosystem review mechanism.

According to tracking data from the Web3 asset data platform RootData X, over the past 7 days, the largest digital asset exchange globally, Binance, has been the project with the most new followers among X (Twitter) top personalities. New influential figures on X who have followed this project include cryptocurrency trader Loomdart(@loomdart), Zeneca(@Zeneca), and crypto trader James Wynn(@JamesWynnReal).In addition, the projects with the most followers among X top personalities also include Axie Infinity, StarkWare, Ledger, and DeFi Pulse.

According to CoinDesk, SBI Ripple Asia has completed the development of a token issuance platform based on the XRP Ledger and has registered as a prepaid payment tool issuer in Japan. Corporate users can now issue tokenized payment tools through this platform.

According to Decrypt, the U.S. Attorney's Office for the District of Connecticut announced that it has recovered and seized over $600,000 in cryptocurrency after a Ledger hardware wallet user fell victim to a phishing scam, being lured into performing a so-called security check by a letter impersonating "Ledger Security and Compliance," resulting in approximately $234,000 in crypto assets being stolen.The FBI and state police tracked the flow of funds, successfully seizing about $600,000 in USDT and filing a civil forfeiture lawsuit, alleging that the source of the funds involved wire fraud and money laundering. It is reported that this is one of a series of phishing incidents targeting hardware wallet users, where scammers used physical mail letters featuring company logos, holograms, and QR codes to enhance the credibility of the fraud. Similar incidents have affected companies like Ledger and Trezor, accompanied by data breaches and vulnerabilities in third-party services, leading to ongoing phishing attacks.

Ledger's Chief Technology Officer Charles Guillemet stated that the attack method used in the Drift Protocol exploit is similar to the 2025 Bybit hacking incident, which is widely believed to be linked to North Korean hackers.Guillemet pointed out that this attack did not target any smart contracts; instead, the attackers infiltrated the devices of multi-signature signers over a long period, tricking them into approving malicious transactions. The signers may have always thought they were authorizing legitimate operations. He emphasized that the root of the problem lies in the lack of security at the personnel and operational levels, rather than in the code itself.

According to official news, SWIFT (Society for Worldwide Interbank Financial Telecommunication) has announced significant progress in its blockchain-based shared ledger project, having completed the design phase with several global banks. It has now officially entered the construction phase of the first Minimum Viable Product (MVP) iteration and plans to launch real transactions within 2026.The ledger aims to achieve interoperability of tokenized deposits between banks and supports 24/7 cross-border payments. Functionally, the ledger supports executing payments using tokenized deposits, reuses existing compliance processes, and is compatible with various settlement methods.SWIFT stated that the core advantages of this ledger include: accelerating payment execution speed, enhancing liquidity visibility, reducing reconciliation workload, and achieving interoperability across institutions. Currently, SWIFT is simultaneously collaborating with banks internationally to accelerate the financial industry's transition to digital finance.

The Paris-based digital asset company Ledger has completed a $50 million secondary equity sale, with its CEO stating that the company currently has no immediate plans for an initial public offering (IPO).Pascal Gauthier led the transaction, which was completed in the fourth quarter of last year, with an early investor selling their stake in this deal. He stated in an interview but declined to disclose the company's valuation.

According to DL News, David Balland, co-founder of the French company Ledger, was kidnapped by a criminal gang in January 2025. The assailants cut off his fingers and demanded a ransom of $11.5 million in Bitcoin. After the incident, the police acted quickly, rescuing Balland and his partner, and arrested 10 suspects at the scene, but one suspect escaped to Spain amid the chaos. After weeks of joint pursuit by the police of both countries, the suspect was eventually captured in Benalmádena, Spain.Currently, the Fuengirola court is advancing the extradition process based on the European Arrest Warrant agreement, and French authorities have confirmed that they have identified and arrested all individuals involved.

According to Cryptonomist, financial services provider Apex Group Ltd. announced that it will adopt T-REX Ledger as its default multi-chain orchestration infrastructure, covering the ownership and compliance of tokenized assets across multiple blockchain networks.It is reported that the T-REX Ledger is a public, neutral infrastructure capable of aggregating and synchronizing investor records, compliance checks, and transfer control information across interconnected blockchains and traditional distribution channels.This ledger is built on the Polygon CDK and connects through Polygon's interoperability protocol Agglayer. Therefore, it enables real-time compliance synchronization across chains without any network relinquishing sovereignty or control over its environment.

Takatoshi Shibayama, the head of Ledger's Asia-Pacific region, stated that if the United States implements a broader ban on stablecoin yields, discussions will take place among institutions, stablecoin issuers, and regulators in other countries. He pointed out that countries like Australia have provided regulatory exemptions for stablecoin issuers, but currently, most stablecoins do not offer yields or rewards to users even outside the United States, in order to protect banking interests.If U.S. policies change, discussions between stablecoin issuers and regulators in various countries about allowing yields to be passed on to users will significantly increase. The U.S. Senate is currently advancing a cryptocurrency regulation bill, but provisions supported by banking lobby groups that prohibit third-party platforms from offering stablecoin yields have stalled the legislation, which has drawn opposition from cryptocurrency industry lobbyists.Shibayama also mentioned that the way Asian financial institutions are focusing on the cryptocurrency industry has changed, with a certain degree of decoupling from cryptocurrency and blockchain technology since last year. Institutions are more focused on the tokenization of financial products and the issuance of stablecoins, rather than on DeFi and staking, which are native cryptocurrency products. Assets like Bitcoin and Ethereum are excluded from discussions. However, asset management companies are still considering launching cryptocurrency products to enrich client options.

According to PR Newswire, cryptocurrency payment service provider MoonPay announced the introduction of native hardware signature support for its AI agent tool, MoonPay Agents.Under the new architecture, the AI agents can execute trading strategies on multiple mainstream blockchains such as Ethereum and Solana, but all transactions still require user confirmation through a Ledger device. When the agent discovers cross-chain profit opportunities, it can request the user to sign to bridge USDC from Ethereum to other networks to complete the operation, while the private key never leaves the hardware signing device.

The chairman of the U.S. Securities and Exchange Commission (SEC), Paul Atkins, stated during his appearance on the All-In Podcast, "From my perspective, distributed ledger technology (DLT) has many potential benefits for the financial services industry, and we are at a tipping point where T+0 settlement—almost instantaneous delivery and payment, even through on-chain digital assets—could be realized. This is very exciting. To prevent issues like fraud, we may even need to set up some speed bumps. However, there are also challenges, such as liquidity issues. What does the concept of best bid and ask mean in this new system? This is one of the problems we need to solve.Our principle is: if an asset is essentially a security, even if it is tokenized, it is still a security, and federal securities laws still apply. But regulators have the responsibility to ensure that our rules truly apply to new practical uses. As the purposes of trading and methods of delivery change, we also need to make corresponding adjustments. We need to adjust the system to make it truly applicable to the new technological environment.This is exactly what we are currently working on—reviewing our regulatory rules line by line to ensure they can adapt to the development of emerging technologies. The SEC is coordinating regulation with the CFTC. For example, if an asset is a tokenized security, it falls under the SEC's regulatory framework; whereas if it is a digital currency, digital token, digital tool, or digital collectible, it falls under the CFTC's regulatory scope."

According to The Block, Ledger's security research team Donjon has discovered a vulnerability in the secure boot chain of MediaTek processors, allowing attackers to extract encryption keys via USB connection before the operating system loads, provided they have physical access to the phone. This could enable them to decrypt device storage and obtain the device PIN code and encrypted wallet mnemonic within approximately 45 seconds.In proof-of-concept tests, the vulnerability successfully extracted sensitive data from wallet applications such as Trust Wallet, Kraken Wallet, and Phantom. Researchers indicate that this vulnerability may affect about 25% of Android phones, involving models that use MediaTek chips and Trustonic's Trusted Execution Environment. Ledger's Chief Technology Officer Charles Guillemet stated that smartphones were never designed to be vaults. Although the vulnerability can be patched, it highlights the inherent risks of storing keys on non-secure devices, and users are advised to update security patches as soon as possible.According to data from TRM Labs, over 80% of the $2.1 billion in stolen crypto assets in the first half of 2025 stemmed from infrastructure attacks such as private key theft, mnemonic theft, and front-end hijacking. Chainalysis data shows that losses from crypto asset theft exceeded $3.41 billion in 2024, with the proportion of stolen personal wallets rising from 7.3% in 2022 to 44% in 2024.

According to The Block, the Bank of Canada announced the completion of a tokenization pilot project called "Project Samara," successfully issuing a government bond worth 100 million Canadian dollars using Hyperledger Fabric technology.The project was issued by the Export Development Canada, with participation from TD Bank and the Royal Bank of Canada, issuing a three-month Canadian dollar-denominated bond to a "closed group of investors," covering the entire process from issuance, bidding, coupon payments, redemption to secondary trading.The project evaluation found that blockchain technology could enhance operational efficiency, improve data integrity, and reduce counterparty and settlement risks, but these advantages were partially offset by increased system complexity, liquidity costs, and the inadequacies of the existing regulatory framework.The Bank of Canada stated that although the technology is feasible, widespread adoption may progress slowly due to integration challenges and limited willingness to transform core infrastructure.The project builds on the Jasper project initiated by the Bank of Canada in 2016.