Do Kwon, the troubled co-founder of Terraform Labs based in Singapore, is facing a possible 12-year prison sentence in the United States due to his role in the collapse of the TerraUSD stablecoin, which resulted in significant losses within the cryptocurrency market.

Do Kwon Seeks Reduced Sentence Of Five Years

Bloomberg reported that in a court filing late Thursday, US prosecutors described the Terraform Labs co-founder’s fraudulent actions as “colossal in scope.” 

They emphasized that his “misleading statements to customers” triggered a domino effect of crises across the crypto landscape, culminating in the downfall of notable entities such as Sam Bankman-Fried’s FTX.

This comes amid a regulatory environment that has grown increasingly lenient under the Trump administration. In late October, President Trump pardoned Binance founder Changpeng Zhao (CZ), who had been convicted for failing to uphold proper anti-money laundering measures.

In a recent court filing, Terraform Labs co-founder expressed a desire for a reduced sentence of five years. His legal team asserted that he has already “suffered substantially” for his actions, noting that he has spent nearly three years in detention conditions described as “brutal” in Montenegro. 

Kwon’s lawyers argued that a five-year prison term would be sufficient and that the prosecutors’ recommendation of 12 years is “far greater than necessary” for justice to be served.

Potential For Sentence Transfer For Terraform Labs Co-Founder

Initially, Kwon pleaded not guilty in January to a nine-count indictment that charged him with securities fraud, wire fraud, commodities fraud, and conspiracy to commit money laundering. However, he changed his plea in August to guilty for conspiracy to defraud and wire fraud. 

During this change, Terraform Labs’ leader acknowledged that his actions included making “false and misleading statements” regarding the restoration of TerraUSD’s peg in 2021, admitting, “What I did was wrong.”

As part of his plea agreement, Kwon has consented to forfeit $19.3 million and some properties. Prosecutors have chosen not to demand restitution for the millions of investors who collectively lost $40 billion, citing that calculating individual losses would be too complicated.

Kwon faces charges in both the US and his native South Korea, where prosecutors are also pursuing a lengthy prison sentence potentially reaching up to 40 years. 

He was arrested in Montenegro in 2023 while using a fake passport, and following a protracted legal battle, he was extradited to the United States in January after spending nearly two years in a Balkan jail.

US prosecutors have indicated they would support Kwon’s opportunity to serve the second half of his sentence in South Korea, provided he adheres to the terms of his plea deal and qualifies for a transfer program. Kwon is scheduled for sentencing by US District Judge Paul Engelmayer on December 11.

When writing, Terraform Labs’ native token Luna Classic (LUNC) saw a 75% increase in response to Do Kwon’s probable sentence, trading at $0.000050 and placing it at the helm of the market’s top performers on Friday. 

Featured image from DALL-E, chart from TradingView.com 

In the volatile theatre of the cryptocurrency market, Bitcoin, Ethereum, and Solana are showing signs of a potential high-time-frame reversal. After weeks of stress and price compression, each of the top assets is now stabilizing at key structural support levels. The multiple leading cryptocurrencies are flashing similar recovery setups at the same time.

The current crypto landscape may be setting up one of the most powerful high-time-frame reversals across Bitcoin, Ethereum, and Solana. An investor and trader known as MacroCRG on X highlighted that yesterday, all three assets printed a bullish engulfing candle, a strong signal that buyers are stepping back in with intent.

Market Leaders Hint At A Shift Before Smaller Assets Follow

On the weekly chart, each asset is showing the early stages of an inside-week breakout paired with a false breakdown. MacroCRG pointed out that a similar structure on the ES (S&P 500 futures) chart from April, where the breakdown of inside-week structure led to a breakout that never looked back when the bull secured the weekly close.

Related Reading: Institutions Exit Bitcoin In Large Tranches, Ethereum, Solana And XRP See Massive Buy-Ins

For this setup to take hold, these prices need to close the week above the key highlighted highs on the chart. However, there’s still a long way to go before the weekly close will confirm the breakout, and the bulls need to follow through with conviction and remove any doubt.

The founder of the ProMintClub investment community, ProMint, has spotted a high-conviction whale trader aggressively building long positions across the crypto market. Currently, the trader is leading the Lighter leaderboard with over $64 million in profit and loss, while maintaining an 83% long bias. His Lighter account has the highest profit and loss with over $8 million. These are insane numbers compared to everyone else on the leaderboard.

Data shows that the trader has made five deposits into his Lighter account, which total around $6 million in capital. His positions are spread across BTC, ETH, SOL, AAVE, along with smaller plays such as PAXG and PUMP, consistently entering at strong timing points and riding momentum higher.

Even though funding costs have flipped heavily negative, he is not backing down. Presently, this is the top-performing account on Lighter, and this is serious capital deployed with conviction.

How Increased Partners Drive Sustained Volume Demand

According to Chainflip Labs, November marked one of the strongest performance months in the protocol’s history, clearing over $583 million in swap volume, which is the second-best month ever for the network. 

Demand remained sustained across BTC, ETH, and SOL routes, and more partners are routing flow through the network than ever before. The trend clearly shows that Chainflip will continue to scale.

Cannabis operators need more than marijuana rescheduling - and have to craft growth plans that they can execute without it.

How cannabis operators are preparing for federal marijuana reform is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs

CEA Industries Inc. (NASDAQ: BNC), the company that only months ago was promoted as the largest publicly traded BNB treasury in the United States, is now at the center of an escalating governance battle after Changpeng “CZ” Zhao’s YZi Labs filed a sweeping consent solicitation with the U.S. Securities and Exchange Commission.

The filing marks a direct attempt to overhaul the company’s board, unwind recent bylaw changes, and install new leadership at a firm that has seen its share price collapse despite holding one of the largest institutional BNB positions on record.

YZi Labs Moves to Replace BNC Directors After Months of Governance Disputes

The preliminary Schedule 14A, submitted Monday, asks BNC shareholders to approve expanding the board of directors, repealing any amendments made after July, and electing a new slate of directors nominated by YZi Labs.

The filing includes a white consent card allowing shareholders to formally support or reject the proposals.

If a majority of outstanding shares consent, YZi Labs would gain the ability to restructure the board through written authorization without the need for a shareholder meeting.

YZi Labs, which holds roughly 5% of BNC’s outstanding shares, argued in its statement that the current board has failed to provide timely disclosures, execute on corporate actions, or maintain basic investor communications.

The firm said BNC shareholders “deserve a well-functioning board” and warned that failure to act would lead to “further destruction of shareholder value.”

The consent solicitation follows months of tension between the two sides, documented through repeated requests for information and governance concerns raised by YZi Labs.

The dispute intensified after CEA Industries’ $500 million PIPE financing in August, which funded the company’s transformation into a BNB-focused digital asset treasury.

@10XCapitalUSA launches $BNB treasury company backed by @YZiLabs targeting US public listing as corporate adoption explodes beyond Bitcoin-only strategies into BNB ecosystem.#BNB #Treasuryhttps://t.co/OaYEWjhoGV

— Cryptonews.com (@cryptonews) July 10, 2025

Shares soared more than 600% in July as the treasury strategy was announced, but the company’s stock has since fallen over 92%, closing recently at around $6.47, even as BNB itself reached a record high above $1,300 in October before retreating to the $820 range.

BNB Hits Second ATH This Month, Crosses $1,300 Barrier

Binance Coin (BNB) surged past $1,300 on October 6, 2025, marking its second all-time high within hours after initially breaking $1,200 earlier in the day, as the token flipped XRP to become the third-largest…

— Cryptonews.com (@cryptonews) October 10, 2025

BNC’s reported net asset value stands at $8.09 per share, pushing the stock’s mNAV multiple down to roughly 0.8×.

Filing Accuses CEA Industries of Operational Lapses and Leadership Conflicts

YZi Labs’ filing lists a range of operational failures, including delays in filing registration documents for an at-the-market offering, a lack of investor updates, and an unfinished investor relations website months after the PIPE.

It also says the company provided no regular reporting on net asset value, BNB yield, or accumulation rates.

The group raised further concerns over branding confusion, with the company switching between “CEA Industries” and “BNB Network Company” without clear guidance to investors.

The filing also cites potential conflicts of interest within the leadership structure. CEO David Namdar, director Hans Thomas, and former 10X Capital executive Russell Read all have ties to 10X Capital, the firm responsible for managing BNC’s digital asset treasury.

According to YZi Labs, Namdar and Thomas took part in discussions promoting other crypto treasury ventures while leading BNC, prompting questions about their focus and independence.

The firm said it repeatedly sought clarity on executive employment terms and management fees but did not receive responses.

The battle comes as CEA Industries holds one of the world’s largest disclosed BNB treasuries, with approximately 480,000 to 515,000 BNB accumulated at an average cost near $851 per token.

At recent prices, the holdings are valued around $412 million, alongside $77.5 million in cash.

The company has previously stated its goal is to accumulate 1% of BNB’s total supply by the end of 2025.

The names of YZi Labs’ proposed director nominees remain redacted in the preliminary filing. CEA Industries has not yet issued a public response to the consent solicitation.

The post CZ’s YZi Labs in Boardroom Coup Bid for World’s Largest BNB Treasury appeared first on Cryptonews.

The round was co-led by Salesforce Ventures and Anjney Midha (AMP), and saw participation from a16z, NVIDIA, Northzone, Creandum, Earlybird VC, BroadLight Capital, General Catalyst, Temasek, Bain Capital Ventures, Air Street Capital, Visionaries Club, Canva and Figma Ventures.

The lawyers of Terraform Labs’ co-founder are reportedly seeking a lesser sentence for the South Korean crypto entrepreneur’s role in the multi-billion-dollar collapse, claiming that he has already “suffered substantially” for his crimes.

Terra’s Do Kwon Says Five Years In Prison Will Suffice

On Wednesday, Terraform Labs’ co-founder and former CEO, Do Kwon, requested a maximum five-year prison term for his involvement in the $40 billion collapse of TerraUSD (UST) stablecoin in 2022.

According to the sentencing recommendation reviewed by Bloomberg, Kwon’s legal team affirmed that the Terraform co-founder should receive a five-year sentence, as he has already spent nearly three years locked up, “with more than half that time in brutal conditions in Montenegro.”

The former CEO’s lawyers argued that he had “suffered substantially for his crimes,” and the requested prison term would suffice, adding that the prosecutor’s expected recommendation of a 12-year sentence is “‘far greater than necessary’ to achieve justice.”

Moreover, the court filing reportedly stressed that Kwon had already agreed to forfeit more than $19 million and some properties as part of the August plea deal. As reported by Bitcoinist, Kwon pleaded guilty in August to two of the nine charges indicted by US authorities.

Notably, he initially pleaded not guilty in January to a nine-count indictment that charged him with securities fraud, wire fraud, commodities fraud, and conspiracy to commit money laundering. However, he changed his stance in August, pleading guilty to conspiracy to defraud and wire fraud.

At the time, Kwon also apologized for his actions, affirming that he “made false and misleading statements” about why TerraUSD regained its peg in 2021 by “failing to disclose a trading firm’s role in restoring that peg,” adding, “What I did was wrong.”

Prosecutors are expected to file their sentencing recommendation soon. As part of the plea deal, they previously agreed not to seek more than 12 years in prison for the Terraform Labs co-founder. The sentencing by US District Judge Paul Engelmayer is scheduled for December 11, 2025, in Manhattan.

 

South Korea’s Prosecution Pending

In the sentencing recommendation, Kwon’s lawyers stressed that the former CEO still faces trial in his home country, South Korea, for the same conduct, noting that local prosecutors there are seeking a prison term of up to 40 years.

Following the collapse of Terraform Labs, both South Korean and US authorities sought to bring Kwon to justice. Nonetheless, he had been on the run for months, fleeing his home country and Singapore ahead of the company’s downfall.

In March 2023, Montenegrin authorities detained him along with Terraform Lab’s former finance officer, Han Chang-joon, for trying to travel with fake documents at the Podgorica Airport. Notably, Kwon was under Montenegro’s custody for over a year and a half and faced a four-month sentence, later receiving an extra two months at the request of the US and South Korea.

The two countries entered a prolonged battle to bring the crypto entrepreneur to trial in each country. Initially, Montenegrin authorities approved South Korea’s extradition request, but he was ultimately extradited to the US on December 31, 2024, after Montenegro’s interior ministry signed their request.

Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets.

Stefan Kalb, a Seattle entrepreneur who previously founded grocery tech startup Shelf Engine, is back with a new venture — and a mission to bring artificial intelligence to mid-market companies that don’t have technical expertise.

Kalb is co-founder and CEO of Super Labs, which launched in September and just raised $8 million in a seed funding round led by Seattle-area venture firm FUSE. Other backers include Y Combinator CEO Garry Tan, Liquid 2 Ventures, Soma Capital, and others.

Kalb said the idea for Super Labs emerged after he kept getting calls from people who run “non-tech businesses” and wanted to figure out how to implement AI.

“If you’re non-technical, and you’re trying to move into the AI space — it’s really hard,” Kalb said.

Super Labs operates as both a marketplace and an implementation partner. The platform allows business owners to describe their problems — “I need to stop manually tracking project hours across three spreadsheets,” for example — then visualizes their workflows and identifies where AI can be integrated.

The company doesn’t typically build the AI solutions itself. Instead, it connects businesses with existing AI vendors — such as a voice AI tool — and handles the complex integration work that would normally require technical expertise.

Kalb sees massive opportunity in the mid-market segment, which he said is larger than the S&P 500 in economic terms. His concern is that without platforms like Super Labs, these companies will fall behind as enterprise customers gain access to AI tools.

“The mid-market companies are going to get screwed,” he said.

On the supply side, Super Labs provides a marketplace for developers to distribute their AI products through usage-based models, offering exposure to non-tech customers they otherwise couldn’t reach.

For now, Super Labs is focused on proving its model with early customers in manufacturing, e-commerce, distribution, and retail — businesses that have “all these different workflows that can be automated,” Kalb noted.

Super Labs enters a crowded field of AI consultants and implementation firms. It competes against agent directory platforms such as Gumloop and Langflow, and enterprise software marketplaces such as Vendr and Tropic. Kalb said his company differentiates with its marketplace approach and focus on security and reliability.

Kalb co-founded Super Labs with Jared Kofron, who was a principal software engineer at Pioneer Square Labs and previously worked at Flux, Rover, and Glowforge.

Kalb’s first entrepreneurial experience was founding Molly’s, a healthy food company that supplied salads and sandwiches to Seattle-area cafes and hospitals. That brick-and-mortar experience exposed him to the operational challenges of traditional businesses. “I would have dreamed of having Super Labs,” he said.

Shelf Engine, his next venture, applied AI to reduce food waste in grocery stores by predicting optimal ordering quantities for perishable goods. The company worked with major retailers like Kroger, Target, and Dollar General before its acquisition by retail data company Crisp earlier this year.

Shelf Engine raised more than $60 million from investors and landed celebrity endorsements — but later went through layoffs. Kalb called it a “disappointing acquisition.”

Kalb said he plans to be more deliberate about scaling Super Labs than he was with Shelf Engine, where rapid hiring led to challenges.

Other backers in Super Labs include Massive Tech Ventures (Kalb’s own venture fund), Mercury CEO Immad Akhund, Pioneer Fund, and longtime tech leader Gokul Rajarm.

At the United Nations General Assembly in September, President Trump highlighted his concerns about risky biological research. Significant questions remain, however, about how oversight of high-consequence research will be put into practice. Policymakers and researchers need a consistent and transparent way to weigh the risks and benefits of such research to facilitate review processes and oversight.

read more

— Drew Garner is now senior vice president of engineering for Smartsheet.

Garner joins the Bellevue, Wash., work productivity software giant as Rajeev “Raj” Singh recently took the helm as CEO. The two have significant overlaps in their resumes, with Garner rising to the role of chief technology officer at Accolade during Singh’s tenure as leader of the healthcare platform. And Garner was a senior director at Concur, the Bellevue-based travel expense giant that Singh co-founded.

Garner shared his excitement about the new role on LinkedIn.

“From my first conversation, I could feel the drive — the hunger to innovate, the pride in craft, and the focus on building things that genuinely make a difference,” he said. “Smartsheet is redefining how AI and automation power real work, helping teams move faster, think smarter, and stay more connected than ever.”

— Baskar Sridharan, a former Amazon Web Services’ vice president of AI/machine learning services and infrastructure, is now president of Trase, an agentic AI startup that publicly launched this week.

“AI adoption is faltering within sectors that need it most: complex, highly regulated enterprises overburdened with administrative tasks that are ripe for automation,” Sridharan said on LinkedIn. “The issue isn’t innovation, it’s implementation.”

Trase has $10.5 million in pre-seed funding, and states that its “initial focus is on complex, highly regulated industries, enabling enterprises in healthcare, national security, and energy to create and deploy autonomous turn-key agents into existing infrastructure…”

Sridharan began his tech career with a nearly 16-year run at Microsoft. He was a principal engineer and architect for an Azure data storage repository that served large analytic workloads. He then moved to Google’s Kirkland, Wash., office where he was vice president of engineering for the Google Cloud platform.

Trase is based in Virginia, but Sridharan will remain in Seattle.

— Qualtrics named two new leaders. The company, co-located in Seattle and Provo, Utah, offers technology that helps businesses gather data and improve the interactions that customers, employees and others have with their products and services.

• Provo-based Mark Hammond joined the company as SVP of core AI, previously working for Microsoft in autonomous systems and technology bridging physical and virtual assets.
• Seattle-based Jeff Gelfuso was promoted to SVP and chief product experience officer. Gelfuso joined Qualtrics in January. He previously worked at Workday, Amazon, Facebook and Microsoft.

Qualtrics last month announced a $6.75 billion deal to buy Press Ganey Forsta, a company focused on managing experiences for healthcare companies.

— Seattle cybersecurity company WatchGuard Technologies named Joe Smolarski as CEO. Smolarski joined the company from security management company Kaseya, where he held the roles of president and chief operating officer. He is credited with helping lead a 10-fold revenue increase and multi-billion-dollar valuation growth for the Florida company.

Vats Srivatsan had been serving as WatchGuard’s interim CEO since May 2025, following the departure of Prakash Panjwani. Srivatsan will remain on the board of directors.

— Hubble Network, a Seattle-based space-tech startup, named two leadership hires. The news follows its September announcement of $70 million in new funding to accelerate the growth of its satellite-powered Bluetooth network.

• Damien Michau, an engineer with two decades of experience, is Hubble’s VP of engineering, joining from the software company Endor Labs.
• John Marbach, a past marketing manager, is head of growth. Marbach previously led growth marketing at the cloud company Grafana Labs.

— Mike McGee is CEO of For Effect, a new company that he’s helping launch that provides tech support for nonprofits and small businesses. “Our goal is to help organizations get the most out of their technology, implement automation, and utilize AI agents where appropriate,” McGee said on LinkedIn.

McGee was previously at Vacasa, Accolade, Concur and other Seattle-area tech companies.

— Caleb John is now a principal engineer at Pioneer Square Labs, a Seattle venture firm and startup studio. John was co-founder and CEO of Pongo, a search startup that was acquired last year by Moondream, and previously founded Cedar Robotics, a startup that built indoor delivery robots for restaurants.

— Seattle-based coaching firm Close Cohen Career Consulting announced that former Zillow VP Nancy Poznoff has joined as an executive coach. The firm, which advises senior professionals nationwide who are navigating career transitions, also shared that it has expanded into the Raleigh-Durham area.

Poznoff will remain as CEO and co-founder of Mother Bear Agency, an independent marketing and communications firm. Her past roles include marketing leadership at Starbucks and T-Mobile.

— Angelina DiPreta is a principal at Maveron, a venture capital firm started in 1998 by Starbucks CEO Howard Schultz and Seattle-based tech investor Dan Levitan. San Francisco-based DiPreta was formerly the consumer practice lead at the firm Premji Invest for nearly six years.

— Aaron Ward is co-founder and CEO of Huckleberry, a startup co-located in Portland, Ore., and New Zealand that’s developing a voice-enabled platform that allows managers, HR and teammates to share workplace performance feedback. Ward is a serial entrepreneur, previously launching AskNicely, a customer experience tech company.

— Longtime Seattle-area investor Brianna McDonald has joined the board of the Angel Capital Association Board. Earlier this year, McDonald became CEO of Ecosystem Venture Group, a new organization that blends startup investment funds with services for entrepreneurs and investors.

Minnesota’s new cannabis testing requirements are so onerous that intoxicating hemp edibles and beverage maker Steven Brown is moving his business to Wisconsin.

Sudden changes threaten to disrupt Minnesota’s hemp THC market is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs

Colorado cannabis labs consistently produce unreliable and inconsistent THC potency results, according to results of a new study.

Study: Colorado cannabis labs produce unreliable THC potency results is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm.

Out of Office is a new GeekWire series spotlighting the passions and hobbies that members of the Seattle-area tech community pursue outside of work.

• Name: Vivek Ladsariya.
• Day job: General partner and managing director at Seattle’s Pioneer Square Labs, where he helps create and invest in startups as a venture capital investor.
• Out-of-office passion: Cooking.

Growing up in India, food was a big part of the culture and something that Vivek Ladsariya was immersed in at home.

His family had a flour mill and would buy wheat grain to grind it into flour. He watched his mother and grandmother cook, and he ate and enjoyed their food.

“When I moved to the U.S., I missed it tremendously, and there was no real way to get some of that home food except to learn how to cook it,” Ladsariya said. “That’s when I started to really learn how to cook all of those things, because I needed that food to consume. So, it was very much born out of necessity.”

His taste and skill goes beyond making the dishes he loved as a boy. He makes pastas and Taiwanese food. He likes to slow cook meat or use his fancy pizza oven. During a recent potluck lunch he made scallion pancakes.

Ladsariya and his wife cook every meal at home, and with a 7-week-old daughter, he finds himself “wearing” her around the kitchen while he’s cooking, encouraging her to taste what he’s making.

During the pandemic while living in San Francisco, Ladsariya got the chance to work in two restaurants — Merchant Roots and Sushi Hakko — to stay busy while his wife was working her healthcare job.

“I think that’s when my cooking game really elevated,” he said. “Up until then I enjoyed cooking, but I’d create a mess. Then I got really organized in the kitchen. I became really efficient.”

With a friend, Ladsariya also put together a pop-up restaurant in which they spent two months researching and prepping a menu and cooking for guests over three days. The proceeds went to charity, and Ladsariya called it one of the favorite times of his life. It’s a process he plans to repeat in Seattle.

But Ladsariya, who enjoys hosting smaller dinners for startup founders, has no plans to leave his day job for a life in the kitchen.

“You’re standing on your feet the entire day and you are unbelievably exhausted,” he said. “I think it’d get old really quickly, and I’d lose the love for this.”

Most rewarding aspect of this pursuit: Ladsariya said that his day job is so high level and “in the brain” that it can sometimes can be abstract and lacking in the real-time feedback that he gets from working with his hands.

“I just fell in love with that aspect of cooking,” he said. “Everything you do is right there, you get the evidence of whether you did it well or not right away. The effort, the reward — that loop is just so instant and real and gratifying to work with your hands.”

And it’s not about feeding himself. For Ladsariya, the joy of cooking comes from feeding others.

“It’s the bringing people together, the community and all of that that food enables,” he said. “I’m able to provide a great meal and bring together people with something that scratches my creative desires.”

The lessons he brings back to work: Ladsariya finds a connection between how he thinks about cooking and how he thinks about startups.

“Cooking is really about high quality ingredients and not messing it up,” he said. “More often than not, bad food comes from bad ingredients. And I think the same is true for startups. As long as you have a good group of people, they can do something good. People are the ingredients of startup building.”

Furthermore, whether it’s a dish he’s never made or a startup idea that’s especially daunting, it’s best not to overthink things and just do it.

“It’s easy to be intimidated and say, ‘Oh, I have no idea how to do that or where to even start,'” Ladsariya said. “But with a little bit of research and work and just committing to it, you can do pretty incredible things.”

Read more Out of Office profiles.

Do you have an out-of-office hobby or interesting side hustle that you’re passionate about that would make for a fun profile on GeekWire? Drop us a line: tips@geekwire.com.

A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through…

Pioneer Square Labs has launched more than 40 tech startups and vetted 500-plus ideas since creating its studio a decade ago in Seattle.

Now it’s testing whether its company-building expertise and data on successful startup formulas can be codified into software — with help from the latest AI models.

PSL just unveiled Lev, a new project that aims to be an “AI co-founder” for early stage entrepreneurs.

Developed inside PSL and now rolling out publicly, Lev can evaluate ideas, score their potential, and help founders develop them into companies.

Lev grew out of an internal PSL tool that used PSL’s proprietary rubric to score startup ideas. The studio decided to turn it into a product after outside founders who tested early versions wanted access for themselves.

Here’s how it works:

• Users start by entering an idea (along with any associated information/background) and selecting “venture” or “bootstrap.”
• Lev walks founders through milestones from solution to customer discovery, go-to-market, and product build.
• It can generate “assets” like interview scripts, outreach templates, competitive maps, pricing models, brand palettes, customer personas, landing pages, potential leads, and even product specs.

“We’re mapping a lot of the PSL process into it,” said T.A. McCann, managing director at PSL.

Lev’s structured workflow sets it apart from generic chatbots, said Shilpa Kannan, principal at PSL.

“The sequencing of these components as you go through the process is one of the biggest value-adds,” she said.

Lev joins a growing number of startups leveraging AI to act as an idea validation tool for early-stage founders, though its precise approach makes it stand out.

Upcoming features will add team-building and fundraising modules and let users trigger actions — such as sending emails or buying domains — directly from within the platform.

McCann envisions Lev eventually connecting to tools like Notion and HubSpot to serve as a “command center” for running a company — integrating tools, drafting investor updates, tracking competitors, and suggesting priorities. There are several competitors in this space offering different versions of “AI chief of staff” products.

On a broader level, Lev raises an existential question for PSL: what happens when a startup studio teaches an AI to do the things that make a startup studio valuable?

“In some ways, this is ‘Innovators Dilemma,’ and you have to cannibalize yourself before someone else does it,” McCann said, referencing Clayton Christensen’s concept of technology disruption.

PSL also sees Lev as a potential funnel for entrepreneurs it could work with in the future. And it’s a way to expand the studio’s reach beyond its focus on the Pacific Northwest.

“It’s scaling our knowledge in a way that we wouldn’t be able to do otherwise,” McCann said.

Kannan and Kevin Leneway, principal at PSL, wrote a blog post describing how PSL designed the backbone of Lev and how the firm generated its own startup ideas at higher volumes with lower cost.

“As we see more and more individuals become founders with the support of AI, we are incredibly excited for the potential increase in velocity and successful outcomes from methodologies like ours that focus on upfront ideation and validation,” they wrote.

Kannan told GeekWire that PSL is prioritizing founders’ privacy and intellectual property. “We are making intentional product and technical decisions to ensure Lev is designed from the ground up to safeguard ideas and founder data, including guardrails on data we collect and our team can access,” she said.

For now, PSL is targeting venture-scale founders — people in tech companies or accelerators with ambitions to build fast-growing startups. But McCann believes Lev could eventually empower solo operators running multiple micro-businesses.

Lev is currently free for one idea, $20 per month for up to five ideas, and $100 per month for 10 ideas and advanced features. It’s available on a waitlist basis.

Lev also offers a couple fun tools to help boost its own marketing, including a founder “personality test” and an “idea matcher” that produces startup concepts based on your interests and experience.

SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan (RAT) linked to Russian infrastructure.

Bitcoin Magazine

Bitcoin’s First Major Layer-2 in Nearly a Decade Goes Live With Arkade

Bitcoin may be the world’s most secure digital asset, but for years its base layer has limited the kinds of financial applications developers could build on it. 

That changes with the launch of Arkade, the first significant Bitcoin layer-2 solution since the Lightning Network nearly a decade ago.

Developed by Ark Labs, the protocol enters public beta with a bold mission: to turn Bitcoin into a programmable financial platform without compromising the security that has made it “digital gold,” according to a note shared with Bitcoin Magazine. 

Arkade builds on the Ark protocol, first introduced two years ago, which promised a new way to scale Bitcoin while unlocking new applications. 

The launch also introduces Arkade Assets, a native multi-asset framework designed to bring stablecoins and other tokens to Bitcoin’s execution layer, including planned support for Tether (USDT). For an ecosystem long dominated by Ethereum and other chains when it comes to decentralized finance, this is a notable step toward putting advanced financial tools back on Bitcoin.

“The Bitcoin L2 landscape has been full of promises but light on shipping,” said Marco Argentieri, CEO of Ark Labs. “Today’s release marks the beginning of Bitcoin’s evolution as programmable money.”

Technical and cultural Bitcoin norms

The challenge Ark Labs is addressing is both technical and cultural. Bitcoin’s base layer is intentionally conservative, prioritizing security and censorship resistance over complex programmability. 

While Lightning offered off-chain payments, other financial applications — lending, trading, or structured derivatives — required workarounds such as wrapped tokens or custodial platforms. 

Arkade attempts to take a different approach: instead of altering Bitcoin’s consensus rules or creating separate chains, it virtualizes Bitcoin’s UTXO-based transaction system, preserving its security while enabling new capabilities.

Developers can now build sophisticated financial applications directly on Bitcoin: lending protocols, trading platforms, smart wallets, and yield products — all without relying on bridges or compromising user control. 

User assets remain secured by presigned transactions, meaning funds can always be reclaimed on-chain if needed.

Arkade’s technical innovations include Virtual Transaction Outputs (VTXOs) for instant off-chain execution, batch settlement to compress thousands of operations into a single Bitcoin transaction, and integration with the Lightning Network through Boltz to facilitate liquidity swaps. Initial launch partners include Breez, BlueWallet, BTCPayServer, and exchanges like BullBitcoin and LayerZ Wallet (builders of BlueWallet), according to the note.

Stablecoins on Bitcoin?

For the Bitcoin community, the launch signals more than just another protocol. It represents a turning point in the narrative around Bitcoin as money versus Bitcoin as programmable infrastructure.

Stablecoins, which have largely migrated to Ethereum and other chains, may find a secure home on Bitcoin. For users, this could mean safer, more efficient ways to manage digital assets and access financial services without leaving the Bitcoin ecosystem.

“Arkade isn’t just a product launch; it’s the foundation for the next decade of Bitcoin development,” said Alex Bergeron, Ark Labs’ Ecosystem Lead. “Every major financial application needs a programmable foundation. That’s what we’re building.”

This post Bitcoin’s First Major Layer-2 in Nearly a Decade Goes Live With Arkade first appeared on Bitcoin Magazine and is written by Micah Zimmerman.

by Harshil Patel and Prabudh Chakravorty

*EDITOR’S NOTE: Special thank you to the GitHub team for working with us on this research. All malicious GitHub repositories mentioned in the following research have been reported to GitHub and taken down.

Digital banking has made our lives easier, but it’s also handed cybercriminals a golden opportunity. Banking trojans are the invisible pickpockets of the digital age, silently stealing credentials while you browse your bank account or check your crypto wallet. Today, we’re breaking down a particularly nasty variant called Astaroth, and it’s doing something clever: abusing GitHub to stay resilient.

McAfee’s Threat Research team recently uncovered a new Astaroth campaign that’s taken infrastructure abuse to a new level. Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware configurations. When law enforcement or security researchers shut down their C2 infrastructure, Astaroth simply pulls fresh configurations from GitHub and keeps running. Think of it like a criminal who keeps backup keys to your house hidden around the neighborhood. Even if you change your locks, they’ve got another way in.

Key Findings 

• McAfee recently discovered a new Astaroth campaign abusing GitHub to host malware configurations. 
• Infection begins with a phishing email containing a link that downloads a zipped Windows shortcut (.lnk) file. When executed, it installs Astaroth malware on the system. 
• Astaroth detects when users access a banking/cryptocurrency website and steals the credentials using keylogging.  
• It sends the stolen information to the attacker using the Ngrok reverse proxy. 
• Astaroth uses GitHub to update its configuration when the C2 servers become inaccessible, by hosting images on GitHub which uses steganography to hide this information in plain sight. 
• The GitHub repositories were reported to GitHub and are taken down. 

Key Takeaways  

• Don’t open attachments and links in emails from unknown sources. 
• Use 2 factor authentication (2FA) on banking websites where possible. 
• Keep your antivirus up to date. 

Geographical Prevalence 

Astaroth is capable of targeting many South American countries like Brazil, Mexico, Uruguay, Argentina, Paraguay, Chile, Bolivia, Peru, Ecuador, Colombia, Venezuela, and Panama. It can also target Portugal and Italy. 

But in the recent campaign, it seems to be largely focused on Brazil. 

Figure 1: Geographical Prevalence 

 

Conclusion 

Astaroth is a password-stealing malware family that targets South America. The malware leverages GitHub to host configuration files, treating the platform as resilient backup infrastructure when primary C2 servers become inaccessible. McAfee reported the findings to GitHub and worked with their security research team to remove the malicious repositories, temporarily disrupting operations. 

 

Technical Analysis 

Figure 2 : Infection chain 

 

Phishing Email 

The attack starts with an e-mail to the victim which contains a link to a site that downloads a zip file. Emails with themes such as DocuSign and resumes are used to lure the victims into downloading a zip file. 

Figure 3: Phishing Email

Figure 4: Phishing Email

Figure 5: Phishing Email

 

JavaScript Downloader 

The downloaded zip file contains a LNK file, which has obfuscated javascript command run using mshta.exe. 

 

This command simply fetches more javascript code from the following URL: 

 

To impede analysis, all the links are geo-restricted, such that they can only be accessed from the targeted geography. 

The downloaded javascript then downloads a set of files in ProgramData from a randomly selected server: 

Figure 6: Downloaded Files

Here,  

”Corsair.Yoga.06342.8476.366.log” is  AutoIT compiled script, “Corsair.Yoga.06342.8476.366.exe” is AutoIT interpreter, 

“stack.tmp” is an encrypted payload (Astaroth), 

 and “dump.log” is an encrypted malware configuration. 

AutoIt script is executed by javascript, which builds and loads a shellcode in the memory of AutoIT process. 

 

Shellcode Analysis 

Figure 7: AutoIt script building shellcode

The shellcode has 3 entrypoints and $LOADOFFSET is the one using which it loads a DLL in memory. 

To run the shellcode the script hooks Kernel32: LocalCompact, and makes it jump to the entrypoint. 

Figure 8: Hooking LocalCompact API 

 
Shellcode’s $LOADOFFSET starts by resolving a set of APIs that are used for loading a DLL in memory. The API addresses are stored in a jump table at the very beginning of the shellcode memory. 

Figure 9: APIs resolved by shellcode 

 

Here shellcode is made to load a DLL file(Delphi) and this DLL decrypts and injects the final payload into newly created RegSvc.exe process. 

 

Payload Analysis 

The payload, Astaroth malware is written in Delphi and uses various anti-analysis techniques and shuts down the system if it detects that it is being analyzed. 

It checks for the following tools in the system: 

Figure 10: List of analysis tools 

 

It also makes sure that system locale is not related to the United States or English. 

Every second it checks for program windows like browsers, if that window is in foreground and has a banking related site opened then it hooks keyboard events to get keystrokes. 

Figure 11: Hooking keyboard events 

Programs are targeted if they have a window class name containing chrome, ieframe, mozilla, xoff, xdesk, xtrava or sunawtframe.

Many banking-related sites are targeted, some of which are mentioned below:
caixa.gov.br 

safra.com.br 

Itau.com.br 

bancooriginal.com.br 

santandernet.com.br 

btgpactual.com 

 

We also observed some cryptocurrency-related sites being targeted: 

etherscan.io 

binance.com 

bitcointrade.com.br 

metamask.io 

foxbit.com.br 

localbitcoins.com 

 

C2 Communication & Infrastructure 

The stolen banking credentials and other information are sent to C2 server using a custom binary protocol. 

Figure 12: C2 communication  

 

Astaroth’s C2 infrastructure and malware configuration are depicted below. 

Figure 13: C2 infrastructure 

Malware config is stored in dump.log encrypted, following is the information stored in it: 

Figure 14: Malware configuration 

 

Every 2 hours the configuration is updated by fetching an image file from config update URLs and extracting the hidden configuration from the image. 

hxxps://bit[.]ly/4gf4E7H —> hxxps://raw.githubusercontent[.]com//dridex2024//razeronline//refs/heads/main/razerlimpa[.]png 

Image file keeps the configuration hidden by storing it in the following format:

We found more such GitHub repositories having image files with above pattern and reported them to GitHub, which they have taken down. 

Persistence Mechanism  

For persistence, Astaroth drops a LNK file in startup folder which runs the AutoIT script to launch the malware when the system starts.  

McAfee Coverage 

McAfee has extensive coverage for Astaroth: 

Trojan:Shortcut/SuspiciousLNK.OSRT 

Trojan:Shortcut/Astaroth.OJS 

Trojan:Script/Astaroth.DL 

Trojan:Script/Astaroth.AI 

Trojan:Script/AutoITLoader.LC!2 

Trojan:Shortcut/Astaroth.STUP 

Indicator Of Compromise(s) 

IOC	Hash / URL
Email	7418ffa31f8a51a04274fc8f610fa4d5aa5758746617020ee57493546ae35b70 7609973939b46fe13266eacd1f06b533f8991337d6334c15ab78e28fa3b320be 11f0d7e18f9a2913d2480b6a6955ebc92e40434ad11bed62d1ff81ddd3dda945
ZIP URL	https://91.220.167.72.host.secureserver[.]net/peHg4yDUYgzNeAvm5.zip
LNK	34207fbffcb38ed51cd469d082c0c518b696bac4eb61e5b191a141b5459669df
JS Downloader	28515ea1ed7befb39f428f046ba034d92d44a075cc7a6f252d6faf681bdba39c
Download server	clafenval.medicarium[.]help sprudiz.medicinatramp[.]click frecil.medicinatramp[.]beauty stroal.medicoassocidos[.]beauty strosonvaz.medicoassocidos[.]help gluminal188.trovaodoceara[.]sbs scrivinlinfer.medicinatramp[.]icu trisinsil.medicesterium[.]help brusar.trovaodoceara[.]autos gramgunvel.medicoassocidos[.]beauty blojannindor0.trovaodoceara[.]motorcycles
AutoIT compiled script	a235d2e44ea87e5764c66247e80a1c518c38a7395291ce7037f877a968c7b42b
Injector dll	db9d00f30e7df4d0cf10cee8c49ee59a6b2e518107fd6504475e99bbcf6cce34
payload	251cde68c30c7d303221207370c314362f4adccdd5db4533a67bedc2dc1e6195
Startup LNK	049849998f2d4dd1e629d46446699f15332daa54530a5dad5f35cc8904adea43
C2 server	1.tcp.sa.ngrok[.]io:20262 1.tcp.us-cal-1.ngrok[.]io:24521 5.tcp.ngrok[.]io:22934 7.tcp.ngrok[.]io:22426 9.tcp.ngrok[.]io:23955 9.tcp.ngrok[.]io:24080
Config update URL	https://bit[.]ly/49mKne9 https://bit[.]ly/4gf4E7H https://raw.githubusercontent[.]com/dridex2024/razeronline/refs/heads/main/razerlimpa.png
GitHub Repositories hosting config images	https://github[.]com/dridex2024/razeronline  https://github[.]com/Config2023/01atk-83567z  https://github[.]com/S20x/m25  https://github[.]com/Tami1010/base  https://github[.]com/balancinho1/balaco  https://github[.]com/fernandolopes201/675878fvfsv2231im2  https://github[.]com/polarbearfish/fishbom  https://github[.]com/polarbearultra/amendointorrado  https://github[.]com/projetonovo52/master  https://github[.]com/vaicurintha/gol

 

The post Astaroth: Banking Trojan Abusing GitHub for Resilience appeared first on McAfee Blog.

Back from a July suspension, Assured Testing Laboratories is now attempting to recover its market share in Massachusetts.

Massachusetts cannabis testing lab reopens after fraud suspension is a post from: MJBizDaily: Financial, Legal & Cannabusiness news for cannabis entrepreneurs