The Daily: NPM supply chain attack on crypto claims 'almost no victims,' Cboe plans 'perpetual-style' BTC and ETH futures, plus more

The following article is adapted from The Block’s newsletter, The Daily, which comes out on weekday afternoons.

Happy Tuesday! With crypto prices stuck in a range, Derive gives BTC and ETH a 23% shot at $140K and $7K by December — but also 20% odds of slipping under $100K and $3.5K 😬

In today's newsletter, Monday's NPM supply chain attack on crypto users and tools appears largely unsuccessful, Cboe plans to launch "perpetual-style" futures for BTC and ETH, SwissBorg loses over $40 million in SOL, and more.

Meanwhile, Coinbase acqui-hires Sensible's founders to advance its "everything exchange" vision.

Let's get started.

P.S. Don't forget to check out The Funding, a biweekly rundown of crypto VC trends. It's a great read — and just like The Daily, it's free to subscribe!

NPM supply chain attack on crypto claims 'almost no victims,' Ledger CTO says

Ledger CTO Charles Guillemet said Monday's widespread Node Package Manager supply chain attack "fortunately failed" with "almost no victims."

• Arkham tracking data suggests that just $505 in crypto was stolen before the compromise was detected and shut down.
• The attackers used spoofed NPM support emails to steal developer credentials, allowing them to publish malicious packages designed to hijack crypto transactions across Ethereum, Solana, and other chains by secretly swapping destination addresses.
• Implementation flaws crashed automated workflows that software teams use, exposing the breach quickly and limiting its impact.
• "The immediate danger may have passed, but the threat hasn't," Guillemet wrote on X, urging users to favor hardware wallets and clear signing protections.
• Security experts recommended that developers and users pause onchain activity during the incident.
• By early Tuesday, multiple crypto teams, including Uniswap, MetaMask, OKX Wallet, Sui, Aave, Trezor, and Lido, reported they were not affected.
• Security collective SEAL Org called the outcome "lucky," noting a compromised account with packages downloaded "billions" of times weekly could have yielded "untold riches" had the payload been stealthier.

Cboe plans to launch 'perpetual-style' futures for BTC and ETH

Cboe is set to launch continuous bitcoin and ether futures on Nov. 10, pending regulatory review.

• The contracts run up to 10 years and avoid the frequent rolling requirements of traditional futures contracts by using daily cash adjustments tied to spot prices.
• Cboe pitched the products as "perpetual-style" futures, aiming to bring popular offshore utility into a U.S.-regulated environment and make it easier to manage positions.
• Cboe, the first U.S. exchange to list bitcoin futures in 2017 before halting new contracts two years later amid waning demand, expects both institutional and retail traders to embrace the new offering.

SwissBorg crypto platform loses over $40 million in SOL

Switzerland-based crypto platform SwissBorg lost about $41 million in Solana after a staking partner's compromised API hit its SOL Earn program.

• The platform stressed that its main app and other earn programs were not affected by the security breach.
• SwissBorg said it will tap its SOL treasury to help users "recover a significant portion of their balance," and that amounts would soon be finalized.
• The company also engaged white-hat hackers and security partners to help recover funds with the goal of making all users whole.

Ant Digital plans to tokenize over $8 billion in energy assets

Ant Digital, the blockchain arm of fintech giant Ant Group, aims to tokenize over $8.4 billion in energy and other real-world assets, moving operational data from 15 million renewable devices onto AntChain.

• The company has already helped three clean energy projects raise about $42 million through RWA tokenization deals, Bloomberg reported, citing sources familiar with the matter.
• Ant is also reportedly exploring offshore decentralized exchanges to boost liquidity for such real-world assets as part of future expansion plans, pending regulatory approval.
• Ant Digital previously joined a sandbox led by the Hong Kong Monetary Authority to explore RWA tokenization.

Nasdaq to invest $50 million in Winklevoss-founded crypto exchange Gemini

Nasdaq will invest $50 million in Gemini, the crypto exchange founded by billionaires Cameron and Tyler Winklevoss, through a private placement tied to the firm's upcoming initial public offering, according to an SEC filing.

• The deal also links Gemini's custody and staking services with Nasdaq's Calypso collateral platform for institutional clients, Reuters reported earlier on Tuesday.
• Gemini targets raising over $300 million from its IPO this week, aiming to list on Nasdaq under the ticker "GEMI" on Friday.

In the next 24 hours

• U.S. mortgage data are out at 7 a.m. ET on Wednesday. U.S. PPI figures follow at 8:30 a.m.
• WOW Summit Hong Kong, Vienna Blockchain Week, and Boston Blockchain Week continue.

Never miss a beat with The Block's daily digest of the most influential events happening across the digital asset ecosystem.