TLDR Crypto 2026-04-15

Bitcoin increased from ~$70,741 back above $74,000 in under 24 hours, erasing its Hormuz-blockade losses in what analysts described as a textbook short squeeze. A cluster of leveraged short positions in the $72K–$73.5K band was forced to cover as prices broke through, triggering ~$89.5M in BTC short liquidations, a 1,000%+ spike in single-day short wipeouts. Spot Bitcoin ETFs logged $786M in net inflows in the prior week, with BlackRock's IBIT leading, suggesting institutional demand provided the floor that made the squeeze possible. The rapid recovery reinforces Bitcoin's pattern of treating geopolitical shocks as dip-buying opportunities rather than sustained sell signals.

Senator Thom Tillis (R-NC) is set to release revised legislative text on stablecoin yield, the product of months of negotiation with Senator Angela Alsobrooks (D-MD) and backed by the White House. Passive yield earned simply for holding a stablecoin is banned, while activity-based rewards tied to payments, transfers, or platform use remain permitted. Coinbase reviewed an earlier draft and could not support the current formulation, citing concerns over balance and transaction amount limits, a notable sticking point given Armstrong's recent public backing of the CLARITY Act. Three issues remain unresolved heading into the Senate Banking Committee markup: DeFi provisions, ethics language barring officials from personally profiting from crypto, and whether community bank deregulatory provisions will be bundled into the bill.

The new "Upto" scheme, a major scalability upgrade to the x402 machine-to-machine payment standard, lets an AI agent pre-authorize up to a maximum amount, use as much as it actually needs, and settle the final cost onchain, replacing the prior fixed pay-per-request model. It's a meaningful step toward making agentic commerce economically practical, since fixed per-call pricing doesn't map cleanly to variable-cost AI inference. The upgrade positions x402 as an increasingly credible infrastructure for the emerging agent-to-service payments stack.

Catalysis is launching on mainnet as an EigenLayer AVS, deploying Covered Vaults paired with existing Morpho vaults (starting with Gauntlet's WETH Prime) and using slashable restaked capital as underwriting, marking the first production deployment of EigenLayer's Duration Based Vault Strategies with 90-day lock periods. Depositors pay 25-75 bps annualized via yield haircut for defined loss protection, and any covered shortfall triggers automatic slashing of the paired CoverPool, routing premium flow as real revenue to restakers. The launch aligns with ELIP-12's activation and the Incentives Committee redirecting emissions away from passive stake toward fee-generating AVSs that use slashing and redistribution in production, with EigenYields as Catalysis's first delegator across roughly $10B in total restaked assets on the network.

Mobile devices are fundamentally unreliable as a security layer for private keys, banking credentials, and other sensitive financial material. Attackers consistently find ways to run code on the device or exploit OS and hardware primitives, making any client-side key custody architecturally fragile. The piece examines recent Android threats that operate directly inside the device trust boundary to target financial apps, and argues security must move off-device: key management handled by hardened infrastructure, with policy enforced at execution. Useful primer for wallet builders and fintech engineers rethinking mobile security architecture as the mobile payments market (2.7B users, $8.1T in 2024) continues growing ~28% annually.

Agentic payment volume has reached 140 million transactions totaling $43 million over nine months, with Coinbase's x402 processing roughly 131,000 daily and Stripe/Tempo's Machine Payments Protocol launching in March 2026 across 100+ services, alongside Visa's Trusted Agent Protocol, Google's AP2, and Mastercard's Agentic Tokens. All these protocols solve the interface layer – how agents communicate with payment rails – but none address the trust layer – spending constraints run on the same software stack as the agent, so a server compromise eliminates all limits. The proposed fix is hardware-enforced trust via secure elements that generate private keys on-chip and evaluate granular spending policies (per-transaction limits, daily caps, recipient whitelists, chain restrictions) on-chip, though current JavaCard 3.0.5 implementations handle standard ETH and ERC-20 transfers but cannot support complex DeFi interactions.

Squads disclosed an address poisoning campaign targeting Solana multisig users, where attackers grind public keys to match the first and last characters of real vault addresses and create fake multisig accounts seeded with legitimate users as members to make them appear authentic in the UI. The attack carries no protocol-level risk and exposes no funds, as the vector relies entirely on users copying a spoofed vault address or cosigning an unsolicited transaction. Squads is shipping UI mitigations, including alert banners for unfamiliar multisigs and a whitelist system that places newly added accounts in a pending state requiring manual approval before use.

The SEC has outlined conditions under which certain crypto interfaces (e.g., DeFi front-ends, wallet extensions, and apps) may operate without broker-dealer registration. They include: self-custodial only with no custody of user funds, no investment advice or recommendations, no order routing or execution, fixed and neutral fee structures, and no discretion over transactions or market activity. The guidance effectively carves out a non-intermediary lane for neutral software interfaces, a significant clarification that the crypto industry has sought for years.

StarkWare announced layoffs and a consolidation into two purpose-focused units, with CEO Eli Ben-Sasson citing organizational bloat as the driver.

Totalis, a prediction-markets parlay platform, received its full $500K Y Combinator check in USDC on Solana.

The revised PARITY Act crypto tax bill would eliminate capital gains recognition on sales of regulated payment stablecoins, effectively making stablecoin transactions tax-free in the US.

The DOJ has opened a victim compensation process for OneCoin, making $40 million in forfeited assets available to defrauded investors of the $4 billion MLM scheme that operated from 2014 to 2019.