Summer of Clarity & Quantum Quandary

Hello dear reader, and welcome to our April Crypto: Decrypted. April was a mixed bag for our space, with some amazing movement which I’m going to put in the “setting the table” category, as legislation seemingly broke out of gridlock while, simultaneously, big banks jumped in big time. On the flip side the North Korean hackers, The Lazarus Group, again were busy, this time attacking DeFi protocols, and we also got a little closer to getting scared out of our socks with movement on the Quantum front. Meanwhile, our markets continued their slow grind upward, showing that, in the midst of all of this, we may well be off the bottom. Let’s jump in:

Clarity: Getting Clearer

So let's first look at what may be the most important piece of crypto legislation on the table this year… or maybe ever. This is the Clarity Act. I've been talking about this all year and at this point it's starting to feel a lot like a Netflix series that simply: Will. Not. End. As a quick recap from March, this legislation has been locked in a stablecoin fight over yield, with banks in one corner and the crypto natives in another. Well, looks like we might be through this year as it seems a stablecoin yield deal has finally been struck, with Coinbase CEO Brian Armstrong, who famously pumped the brakes on this bill at the beginning of the year, now urging Congress to "Mark it up" while, simultaneously, Wyoming Senator Cynthia Lummis noting "It's now or never". Said markup is slated for May and, should it happen, we could very well see this bill pass before the Senate goes dark in August. Importantly and from the bigger picture, I believe this demonstrates that the regulatory runway seems to be getting cleared piece by piece. Both banks and crypto natives understand the importance of the guardrails this bill will create by laying down the rules of the road; specifically, which regulatory body is in charge of any given asset (SEC or CFTC) and, ultimately, how we can all play together nicely. I also believe this is what the institutional capital is waiting for and a major step for the demand wave, led by institutional investors, to unleash.

Institutional Arks

Speaking of the demand wave, even more big boys are now jumping into the fray. Notably, on April 8th Morgan Stanley launched its own bitcoin ETF, becoming the first major bank to do so. And boy did they throw down a gauntlet, bringing $100M in the first week while also offering the lowest fees in the business, with a meager 0.14%. Goldman, perhaps due to FOMO or perhaps because they too see the writing on the wall, filed the same week for a Bitcoin Premium Income ETF. All in all, April saw nearly $2B in ETF inflows, the largest monthly total yet in 2026. Simultaneously, JPMorgan and Citi are both feverishly building blockchain payment rails as they vie for the opportunity to control the institutional payment infrastructure of the future. Meanwhile, Michael Saylor's Strategy bought another $2.5B of Bitcoin, the third largest purchase in history. As if in response to all of the above we saw Bitcoin accommodate, touching $79K during the month and flirting with the $80K mark, I suspect driven by the Iran War "Ceasefire",  clarity progress and, yes, rising demand.

I don't really need to spell this out further, do I? From my purview it sure looks like everyone (and I mean EVERYONE) is preparing for the demand wave. Whereas just a scant few years ago you couldn't get a big broker or bank to even consider participating in this asset class, now they are going toe-to-toe. Now, importantly, I expect this is going to create not only great opportunity, but also some new problems. You see, just because everyone has a shiny new car now doesn't mean that everyone is ready to drive it. I predict we're going to have a lot of funds, advisors, public money, etc. all piling in via advisors; advisors who were previously told that this asset was one to be avoided. Like. The. Plague. Given this, I argue many will not be prepared because, in my opinion, you simply cannot treat this asset class like any other asset class. It's important to understand the nuances, different risk parameters and, overall, how all of this technology comes together over time. Crypto is not just crypto. And it is volatile. This is why I constantly advocate staying educated and, importantly, managing downside risk. Not easy to do but, then again, this is why I started writing, why Crypto: Decrypted exists, and in many ways is the entire point of my work. You wouldn't get behind the wheel of a car without learning how to drive first, right? So, too then, I recommend all investors understand the rules of the road before they jump into any vehicle offered by any bank even if it is easy to get into. I suspect a few will and many won't… It's fun to ride markets up. It's no fun to ride them down and I expect many will do just that. which may actually allow history to simply repeat itself blindly (which, in these markets for those of us that are perma-bulls with a defensive strategy, is not a bad thing).

Regardless we should take note. Noah built an Ark to prepare for the floods. It now seems everyone on Wall Street is doing the same. Be prepared my friends… be prepared.

DeFi's Awful April

Meanwhile we have to look at not just the good, but the bad and ugly as well, and April turned out to be one of the ugliest months in over a year, with $606 million lost in hacks across 12 different incidents. Two of these attacks took the limelight, however, with Kelp DAO suffering $292M in losses while the Drift protocol had a photo finish with $285M in losses. Ouch. And the perpetrator of both seems to be the infamous-and-now-almost-a-household-name North Korean based Lazarus Group.

So first let's talk about what this wasn't. This wasn't an exchange hack, a bitcoin hack or some kind of institutional custody hack. It was a hack of Decentralized Finance (DeFi) protocols. As a reminder, DeFi is a sector of blockchain that is like banking without a bank. Everything a bank does, be it lending, borrowing, earning interest, exchanging money, DeFi does with software instead of a company. No employees. No headquarters. No CEO. Just code that runs the same rules for everyone, automatically, 24/7. Why do we need it? Well, among other things, it allows anyone to participate, which is just not so with many banks. In fact approximately 25% of the world is unbanked. Also and importantly, it levels the field of who gets paid. For example, when JPMorgan makes money on your deposits, that profit goes to JPMorgan shareholders. When a DeFi protocol makes money on your deposits, that profit goes back to those that are participating in the protocol. Same activity. Completely different beneficiaries. Having said that, it's new technology that we're still refining and, obviously, it's not bulletproof yet. And to be truly bulletproof that means both the tech and the humans. We had an example of failures of each in April. In the case of the Kelp DAO attack (overly simplified) the attackers were able to send fake messages to the bridging protocol (which allows interaction between chains) and thereby fool the DAO in releasing funds. This is a case of "not-bulletproof" tech. In the case of the Drift protocol, it was a roughly 18-month social engineering attack which involved the attackers posing as a legitimate company to gain the trust of key individuals at Drift. Very. Sneaky. Very well thought out. The attackers were able to (overly simplified) get the key individuals to pre-sign transactions that would go through at a future date, which made their bogus future withdrawals from the platform look legitimate. What we have here is "not-bulletproof" humans.

The Lessons here? DeFi can be a wonderful thing but it's still young. We need to ensure the technologies are sound and, perhaps even more so, that the humans putting the tech together are on their guard at all times. Even the best and brightest can get suckered in, drop their guard and literally hand their adversaries the keys to the kingdom. Humans have always been the weakest link in any technology chain and boy oh boy in April they certainly did not disappoint. This doesn't mean we should abandon the sector however. Yes, this was awful, however I argue that every great thing that has happened, from any evolving technology to space exploration, has resulted from progress learned from mistakes. We need to do that here. In the meantime, I just want to remind you dear reader that if you are participating in this space, and especially if you are on the skinny branches, be sure to take your time, check your math, stay educated and, if possible as you traverse this mountain, have a knowledgeable guide by your side.

blockchAIn: The Quantum Quest

Finally and importantly, it's time to talk about Quantum. Quantum, Quantum, Quantum. You're starting to hear it everywhere and I believe this is the fifty-cent word that you are going to hear even more over the coming years. That is because it's coming! So, I want to start by saying this is a lot more than I can tackle in single monthly update, so let's consider this the opening of a door that we're going to be going in and out of quite a bit over the coming months and years.

First and foremost, let's break down "The Quantum Threat". To understand that we have to understand how security in the digital world works. Let me decrypt this for you. Most computers today use a security system called "public key encryption". This means there are two parts – a public key, which is available to anyone, and a private key that only you have. Currently, this level of encryption governs pretty much every system in the world. I like to think of it as an old school double-key safe deposit box. The bank has one key that anyone at the bank can access (the public key), but only you have the second key to allow you to open the vault (the private key). Importantly, the private key is unknown to anyone but you. Now, imagine someone wanted to break into your safe deposit box and had the public key. They would need to try every single existing private safe deposit box key in the world, one at a time, to see if it matched with the public key. Not easy to do. 

I'll get just a little more detailed about it and note that most security today is also based on something called 256-bit elliptic curve technology. Lest your eyes gloss over, let me just say that means there are a lot of keys that need to be tried to break it. In fact, in order for today's classical computers to "brute force" that security today trying key after key in sequence, it would take an amount of time that's longer than the universe has existed. It's incomprehensible. Heck, even a sixteen-digit password made up of numbers, letters and characters would take trillions of years to crack trying combinations in sequence. Up until now, this level of security has served us pretty well.

Quantum changes all that. Quantum works in an entirely different way in that, instead of brute forcing a key or password by trying one combination after another, a quantum computer can (grossly oversimplifying) look at a "lock" and using quantum mechanics determine what pattern would create the right "key". Which means that keys and passwords could be cracked in minutes if not seconds. The good news? This technology doesn't exist yet. The bad news? We're getting there. I'm mentioning this now because on March 30, Google dropped a paper that postulated that by 2029 the bitcoin blockchain could potentially be broken by a quantum computer in about 9 minutes. Ouch. More importantly than Bitcoin, however, we need to be aware that the same threat exists for virtually every major technological system in the world today. Yes, we should know how to protect our Bitcoin. But, let's be honest, Bitcoin getting hacked is the least of our problems if we have Q-day, the day the Quantum threat becomes real, before we are prepared. Q-Day presents a risk to your bank account. Air traffic control. Municipal systems. Financial systems. Nuclear codes. All of it. Think of it like the "Y2K" problem but, like, for real.

Now if you get what I am saying and this is the first you've heard of it you're probably a little more awake than you would be from that four-shot Venti Americano. But fear not, dear reader, all is not lost. Leaders in all industries are quite aware of this. Many popular messaging apps, such as Apple messenger and WhatsApp, have already rolled out quantum resistant protocols. That's just messaging, but it's a start. For the big picture, Google itself has set a deadline of 2029 to be quantum secure. The US Government has set a January 1, 2027 deadline for all new systems to be quantum secure, and December 31, 2030 for all existing systems to be retrofitted (Ahem… based on the new Google paper, that timeline may need to bump up a little bit….) In any case there are a lot of bright people working on it and new protocols like The Naoris Protocol which is designed to bring quantum readiness to both the blockchain and non-blockchain worlds. So, I do think we'll get there. And, it's something to definitely be aware of.

Ok, 'nuff said on this topic for now but in future blogs we'll be sure to unpack more on how Quantum technology actually works and, importantly, our recommendations for how to be prepared and defend against it. I believe that this threat is still years away but understanding and preparedness will go a long way, which is why this is likely going to be a regular topic for us.

In Closing

Legislation is closer than it has ever been. The demand wave is coming. Hackers keep hacking. Quantum is scary. I would wrap all of this up into one big bundle however and simply say that progress is progressing, and we must embrace new technologies including the good, the bad and even the ugly, in order to be a participant in the coming world. To ignore it is akin to putting one's head into the sand and pretending it doesn't exist. It does. For those that stay alert, such as you my friends, there's an opportunity not only to prepare but also to profit. All the big boys are. But, as with all things, make sure you don't jump in blindly and, especially in this new world, I encourage you not to treat anything in this evolving future the same way you treated the past. It's all changing. Get a guide. Do your homework. Maybe build an Ark! In any case, overall, be prepared.

That’s all for now! Until next time be well, stay safe, and I’ll keep Decrypting Crypto for you!

Disclosure: The author is an investor in and advisor to The Naoris Protocol.