Week in review: Ethereum Foundation reforms, Bybit hack fallout and cooled memecoins
The Ethereum Foundation is making personnel changes, Bybit is dealing with the aftermath of a hack, the SEC keeps closing probes into crypto firms, and other events of the week.
A “critical correction” and a “tactical retreat”
Bitcoin started the week at $95,500. But overnight on Tuesday, February 25, the price of the largest cryptocurrency broke below $91,000, which had previously capped its decline.
The crypto fear and greed index plunged from 49 to 25 in a day, sliding into extreme fear.
By midweek the price hit a local low around $78,000.
On March 2, after Donald Trump said he would include XRP, SOL and ADA in America’s national crypto reserve, bitcoin climbed, even though it was not mentioned.
As of writing, bitcoin changes hands at ~$90,600, valuing the network at $1.75 trillion. It is down about 8.5% on the week.
Experts at Bitfinex said a drop below $91,000 was a “critical moment” after three months of consolidation.
They noted that bitcoin’s correlations with traditional financial markets are strengthening. Investor activity is being dampened by macroeconomic uncertainty.
Binance CEO Richard Teng called the market’s pullback a “tactical retreat”. In his view, the dip is temporary and will not last.
“It is important to see this as a tactical retreat, not a reversal. This has happened before, and the rebound was even stronger. That is why we should remain optimistic,” he wrote.
On February 27, amid the ongoing sell-off, the fear and greed index fell to 10, an extreme-panic reading last seen in June 2022.
Matrixport analysts reckon the current bitcoin retracement will last into March or April before another attempt at the previous highs.
They pointed to a stronger dollar on the back of the US president’s tariff threats against trading partners, which tightens liquidity and weighs on risk assets.
As TradFi investors increasingly access bitcoin via ETFs, macro factors have grown in importance for pricing the coin, they added.
According to a study by 10x Research, most ETF volumes (56%) are driven by arbitrage, with traders profiting from spot–futures basis.
Given current conditions, funding rates and basis are too low to justify holding positions or opening new ones, the firm said.
Nexo analyst Ilya Kalchev believes bitcoin could drop to support around $72,000.
In his words, the market is “regrouping”. A quick rebound is in doubt given the sharp deterioration in sentiment.
“A temporary pullback is possible as the market fills gaps after a rapid rise. More likely, bitcoin will build sturdy support in the $72,000–80,000 range,” Kalchev noted.
This zone “could form the basis for a more sustainable recovery, reducing the likelihood of a deep correction”.
IntoTheBlock analysts say rising on-chain activity suggests a potential trend reversal.
As of February 28, active addresses rose to 912,300 — a level last seen in December 2024, when bitcoin traded at $105,000.
“Historically, bursts of on-chain buzz have often coincided with market tops and bottoms, linked to seller panic and the emergence of opportunistic buyers,” IntoTheBlock noted.
They called it a sign of a “critical turning point”, though it offers no guarantees of a change in trend.
Ethereum opened the week around $2,800. On February 28 the token hit a local low near $2,100, but by the weekend stabilised around $2,250.
As of writing, Ethereum trades at $2,270 with a market capitalisation of $272.54 billion. The seven-day loss is about 18.3%.
CryptoRank pointed to the impact of frictions within the Ethereum Foundation and the fallout from memecoin scandals on Solana on the main rivals’ prices.
Among the top ten by market capitalisation, all fell except XRP (+2.2%) and ADA (+9.7%).
Over seven days DOGE fell 10.7%, BNB 5.6% and SOL 5.5%.
Reforms at the Ethereum Foundation
On February 28 the Ethereum Foundation announced the creation of the Silviculture Society, an independent group that will offer informal guidance on key ecosystem questions.
The society’s main task is to uphold the project’s foundational principles: open source, privacy, security and resistance to censorship.
It is composed of external experts. Their advice will help the foundation make decisions while preserving Ethereum’s original ideals.
One member is Matthew Green, a senior lecturer in computer science at Johns Hopkins University and a co-author of the original Zerocash white paper.
On March 1 EF said researcher Xiao-Wei Wang and Nethermind founder Tomasz Stanczak had been appointed co-executive directors. They take up their duties on March 17.
“If we play our cards right, today will be remembered as one of the most important turning points in Ethereum’s history,” core developer Tim Beiko said of the appointments.
Amid a reputational crisis, leading Ethereum Foundation (EF) researchers, including Vitalik Buterin, Justin Drake and Dankrad Feist, took questions on scaling, L1 revenues and security during an AMA.
Developers, including Buterin, addressed the network’s economics, proposing to steer more revenue back to L1 from L2 and advocating so-called “native rollups”.
“The goal is Ethereum neutrality, not EF neutrality — often these two goals align, but sometimes they diverge. The big risks I see today are at the L2 and wallet layer, as well as staking and custodial providers. EF recently started acting in the first two areas, pushing for the adoption of interoperability standards,” the network’s co-founder explained in response to a question about a potential “corporate takeover” of the blockchain by the organisation.
Drake and Feist argued for scaling native L1 data availability (DA) instead of alternatives such as the restaking platform EigenLayer, which they called a “major threat”.
On February 24, at epoch 115,968, developers activated the Pectra hard fork on the Holesky testnet. As a result, the network stopped finalising slots.
According to the Ethereum Foundation’s Parithosh Jayanthi, the upgrade “ran into a configuration issue across three major clients”. The bug does not affect mainnet and relates to Holesky’s specifics, he added.
“The problem arose because the Holesky (and Sepolia) deposit contracts are at a different address than mainnet. Why? No idea,” confirmed Ethereum team lead Tim Beiko.
Pectra activation on the Sepolia test network is scheduled for March 5.
Bybit hack fallout
By February 24, the crypto exchange Bybit had fully replenished its Ethereum reserves (~444,870 ETH) stolen in the February 21 attack.
Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change…
— Ben Zhou (@benbybit) February 21, 2025
According to Lookonchain, since the hack the platform has raised 446,870 ETH (~$1.23 billion) via loans, whale deposits and direct purchases. On February 25 the exchange repaid a 40,000 ETH debt to Bitget.
Blockstream co-founder and cypherpunk Adam Back said the Bybit breach was caused by “improper EVM design”.
“The EVM can go to zero, and nobody cares. The problem is that the Ethereum virtual machine harms trust in the ecosystem, which unfairly reflects on bitcoin,” the expert noted.
He said the incident was not related to hardware-wallet security, but to the EVM’s complexity in verifying transactions correctly.
By contrast, the bitcoin ecosystem lacks such vulnerabilities, he added.
According to the preliminary official incident report, the attack on Bybit was carried out via Safe (Wallet) infrastructure rather than the exchange’s own systems.
Bybit Hack Forensics Report
As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains
Screenshotted the conclusion and here is the link to the full report: https://t.co/3hcqkXLN5U pic.twitter.com/tlZK2B3jIW— Ben Zhou (@benbybit) February 26, 2025
Sygnia’s analysis found the attacker injected malicious JavaScript into Safe (Wallet) assets stored in AWS S3.
The script triggered only for transactions involving Bybit contract addresses and an unknown test address, indicating a targeted operation.
Two minutes after the theft, the hacker replaced the modified files with originals to cover their tracks.
On the devices of three signers of the spoofed transaction, investigators found cached files modified on February 19. The code manipulated data at approval, substituting the recipient address.
“Forensic analysis of the three signers’ hosts indicates that the root cause of the attack is malicious code originating from Safe (Wallet) infrastructure. No signs of compromise were found in Bybit’s infrastructure. The investigation continues for final confirmation of the findings,” the report concludes.
Binance founder Changpeng Zhao (CZ) said the report “is vaguely written and raises more questions than answers”.
According to CZ, the findings did not address several key issues:
- What does “developer machine compromised” mean and how was it achieved?
- How did this device gain access to the “Bybit-managed account”?
- How did the attackers trick the Ledger verification step across multiple signers?
- Was the Bybit address with $1.46 billion the largest under Safe, and why did the attackers not target others?
- What lessons can other self-custody multisig providers and users draw?
Martin Köppelmann, co-founder of Gnosis, the company behind Safe, offered CZ some clarifications. He largely repeated the report’s account of the attack vector and could not explain how the signers were deceived.
In his estimate, the Bybit vault was indeed among the largest and apparently the first to face such an attack — hence the effort to erase traces.
He also outlined measures under development to strengthen transaction security.
On the third question, an answer came from Ledger CTO Charles Guillemet. He said the hardware wallet provider offers several safeguards for transactions, but integrating them into Safe is difficult for technical reasons.
“The main takeaway for me from the Bybit hack is this: companies and financial institutions should use enterprise-grade custody solutions. Parking $1.46bn in a free Safe (Wallet) smart contract with a group of signers, built for retail users, should be a thing of the past,” the programmer said.
On February 26, the Federal Bureau of Investigation (FBI) confirmed that North Korea’s TraderTraitor group — also known as Lazarus Group, APT38, BlueNoroff and Stardust Chollima — was behind the Bybit attack.
The bureau said the thieves are actively converting the loot into bitcoin and other digital currencies. Funds are spread across thousands of addresses on multiple blockchains. The crypto is expected to be laundered and cashed out.
The Bybit team also succeeded in blocking the QinShihuang memetoken, which was allegedly linked to the attackers.
On-chain sleuth ZachXBT was first to flag the launch of the QinShihuang memecoin. He said a wallet linked to Lazarus sent 60 SOL to another address before minting 500,000 QinShihuang tokens. Trading volume hit $26 million within three hours.
What to discuss with friends?
- Rapper Kanye West responded to rumours about launching a memecoin.
- A Briton will find a landfill hard drive with BTC with a 0.00000011% probability — experts’ estimates.
- Donald Trump is registering trademarks for the metaverse.
- Robert Kiyosaki predicted a collapse of the global financial system because of “banksters”.
The SEC keeps closing cases against crypto firms
America’s Securities and Exchange Commission (SEC) has terminated a string of investigations into crypto companies.
On February 24 the Commission notified that it was halting its case against an arm of online broker Robinhood.
“We have always respected federal securities laws and have never allowed trading in them,” said Robinhood’s chief legal officer Dan Gallagher.
He said the company was pleased with the SEC’s decision and saw a “return to the rule of law”.
Robinhood’s shares rose 3% in premarket trading on the news. Year to date they are up 30.83%.
On February 25 Uniswap Labs announced the agency had completed its probe into the company and did not plan to bring charges.
“For DeFi this is a huge achievement. This outcome confirms that our technology complies with the law and that our work has long-term value,” Uniswap representatives said.
On February 27 ConsenSys CEO Joseph Lubin said the SEC had preliminarily agreed to withdraw its lawsuit against the company.
He added that the end of the litigation still depends on the agency’s final approval, but key terms have been agreed.
“We can now fully focus on building. 2025 will be the best for Ethereum and ConSensys. The move toward a more decentralised world is accelerating,” Lubin said.
The same day, the Commission closed its case against Coinbase.
“It is time for the Commission to correct its approach and develop crypto policy in a more transparent way,” said acting SEC chair Mark Uyeda.
Memecoins cool off
As part of its updated posture, the SEC also clarified the status of memecoins. According to the Commission’s specialists, such assets are generally not securities and are closer to “collectibles”.
Participants in the “funny coin” market do not need to register with the agency. The SEC stressed that buyers and holders of such assets are not protected by securities laws.
Even so, memecoin fraud can still be pursued by other regulators or law enforcement.
The regulator emphasised that this statement is not binding guidance; it is intended to explain how securities law applies to crypto.
Despite the relatively friendly tone from the SEC, interest in the segment has dropped sharply.
$LIBRA marked the local top for memecoin volumes in 2025 pic.twitter.com/9wvzOcOeoh
— Messari (@MessariCrypto) February 26, 2025
As of March 1, memecoin volumes on non-custodial exchanges were roughly 10% of their January 19 peak.
Amid the surge and fall of LIBRA, volumes posted a local high again before sliding.
Flagging interest is also visible in Pump.fun’s “production line”: the “memetoken factory” has faced a sharp drop in the number of tokens that make it to a Raydium listing on Solana’s decentralised exchange.
The GMCI Meme index, which tracks the capitalisation of the largest “funny coins”, has fallen back to September levels.
Since the start of the year the gauge is down 48%.
The chart below also shows a significant and near-synchronous drop in market value across themes after the peak in early December.
According to media reports, the US Department of Justice has opened a probe into Argentine president Javier Milei’s links to the promotion of LIBRA. Authorities are also looking at the roles of the project’s founders — Hayden Davis of Kelsier Ventures, Julian Peh of KIP Protocol, and two Argentine entrepreneurs, Mauricio Novelli and Manuel Terrones Godoy.
The investigation began with a report that pointed to the involvement of the above individuals with LIBRA.
The case is also being examined by Argentine authorities, who are assessing Mr Milei’s degree of involvement and potential crimes related to abuse of power, influence peddling and fraud.
The Argentine president has ordered an internal inquiry.
On February 17 Bubblemaps linked LIBRA and US first lady Melania Trump’s coin (MELANIA) to the same team. KIP Protoco denied involvement in the project.
Also on ForkLog:
- OKX will pay more than $504 million to settle US Department of Justice claims.
- The Ethereum Foundation donated $1.25 million to defend a Tornado Cash developer.
- MetaMask will add native support for bitcoin and Solana.
- CME will launch Solana futures.
What else to read?
In a new piece we explained the memecoin boom and its consequences for the crypto industry.
We revisited Andre Cronje’s path and his contribution to the industry, and examined Sonic’s technology, incentive programme and ecosystem.
We looked at why bitcoin’s anonymous creator Satoshi Nakamoto so captivates conspiracy theorists and what outcomes could follow from unmasking him.
In our regular digest we rounded up the main cybersecurity events of the week.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!