News
Hedera’s DeFi Flagship Bonzo Lend Loses $9 Million in Devastating Oracle Exploit
- Share
- Tweet /data/web/virtuals/383272/virtual/www/domains/theunhashed.com/wp-content/plugins/mvp-social-buttons/mvp-social-buttons.php on line 63
https://theunhashed.com/wp-content/uploads/2026/07/hedera_hack-1000x434.jpg&description=Hedera’s DeFi Flagship Bonzo Lend Loses $9 Million in Devastating Oracle Exploit', 'pinterestShare', 'width=750,height=350'); return false;" title="Pin This Post">
Hedera’s decentralized finance ecosystem has suffered one of its most damaging security incidents to date after an attacker extracted approximately $9.05 million from Bonzo Lend, the network’s leading lending protocol. The attack did not break Hedera’s blockchain or directly compromise Bonzo’s lending contracts. Instead, it exploited a critical verification flaw inside a third-party oracle, allowing collateral worth only a few dollars to appear valuable enough to support millions of dollars in loans.
Bonzo Lend remains paused as its developers investigate recovery options, coordinate with partners and determine how liquidity providers will regain access to their remaining funds. The incident has sharply reduced confidence and liquidity across Hedera’s relatively concentrated DeFi market, demonstrating how a failure in one external data provider can threaten an entire blockchain ecosystem even when the underlying network continues operating normally.
A Few Dollars of SAUCE Became Phantom Collateral
The exploit began shortly after midnight UTC on July 11, when the primary attacker deposited 250 SAUCE tokens into Bonzo Lend. SAUCE is the native utility and governance asset of SaucerSwap, Hedera’s largest decentralized exchange, and was trading at approximately 0.2 HBAR at the time. The attacker’s deposit was therefore worth only a few dollars.
Under ordinary conditions, the protocol would have allowed the account to borrow only a small fraction of that value. Bonzo determines borrowing capacity by reading token prices supplied by external oracle infrastructure and applying predefined loan-to-value ratios. The attacker’s strategy was not to manipulate SAUCE through heavy trading or temporarily push up its market price. Instead, the attacker targeted the system responsible for authenticating the price data itself.
A malicious update was submitted to the Supra oracle contract used for the SAUCE-to-wrapped-HBAR price feed. The update increased SAUCE’s reported value by roughly 12 orders of magnitude, creating an on-chain valuation detached from every real market where the token traded.
Eight seconds after the false price was recorded, the attacker borrowed approximately 6.63 million USDC from Bonzo. Ten seconds later, the same wallet borrowed more than 34.5 million wrapped HBAR. Using Bonzo’s reference HBAR price at the time of the incident, the extracted principal was worth about $9.05 million.
From the lending protocol’s perspective, the loans appeared fully collateralized. Its contracts saw a valid on-chain price and calculated the account’s borrowing power accordingly. In economic reality, the protocol had issued millions of dollars in assets against collateral that was nearly worthless.
The Oracle Accepted a Signature That Did Not Exist
The technical failure occurred inside Supra’s on-chain price verification system. Oracle updates are supposed to carry cryptographic signatures proving that authorized members of the provider’s committee approved the submitted data. Before storing a new price, the verifier must confirm that the signature is authentic and corresponds to an approved public key.
The attacker’s update did not contain a forged signature or a stolen oracle key. It contained a zeroed signature represented by empty curve-point coordinates. The corresponding public-key input was also effectively the zero or identity element.
A properly designed verifier should reject such inputs immediately. Supra’s Hedera verifier instead passed them into a cryptographic pairing operation without first checking whether the signature and public-key points were valid, non-zero members of the required mathematical group.
The pairing system returned a true result because the zero inputs created an equation that was mathematically satisfied. Hedera’s system contract therefore performed the narrow computation it had been asked to perform correctly. The failure was in the oracle verifier, which interpreted that result as proof that a legitimate committee had signed the price update.
In simpler terms, the attacker did not defeat the cryptography. The attacker found a way to make the verification contract ask the wrong question. Because a basic input-validation step was missing, an empty signature was treated as authorized data and the fabricated SAUCE price was written on-chain.
Supra has acknowledged the vulnerability and deployed a fix to the affected verifier contract. The company described the issue as a cryptographic edge case involving the BLS identity element. For the broader DeFi industry, however, the incident is less obscure than that description suggests. A price feed responsible for protecting millions of dollars accepted data carrying no valid authorization.
Bonzo’s Contracts Worked, but Its Risk System Failed
Bonzo has emphasized that its own lending contracts behaved exactly as programmed. There was no flash loan, no attack on Hedera’s consensus mechanism and no manipulation of SAUCE’s actual market price. The protocol simply read the latest price from its configured oracle and used that figure to calculate how much the attacker could borrow.
That distinction is technically important, but it does not entirely remove responsibility from the lending platform. A DeFi protocol is not only the code inside its core lending pool. It is also the collection of price feeds, adapters, collateral settings, administrative controls and emergency mechanisms that determine how the system reacts when one component supplies dangerous information.
Bonzo depended on the oracle verifier to reject unauthorized updates, but additional safeguards could have limited the damage after the false price entered the system. A maximum price-deviation rule could have rejected a 12-order-of-magnitude increase. A time-weighted price could have prevented a single update from immediately controlling collateral values. Borrowing caps could have restricted how much liquidity could leave against SAUCE, while a secondary oracle could have triggered an automatic pause when two providers disagreed dramatically.
These protections introduce complexity and can delay legitimate market updates, particularly during periods of genuine volatility. Yet a lending market that accepts smaller, less liquid tokens as collateral must assume that its primary price source can fail. The more concentrated the ecosystem and the thinner the asset’s liquidity, the more important those independent controls become.
Bonzo’s previous audits focused largely on its own contracts. The exploit illustrates the limits of that security model. A protocol can pass audits and still remain exposed to a flaw in an external contract that its entire economic logic trusts.
A Second Wallet Borrowed Another $1 Million
The abnormal SAUCE price remained active for roughly 45 minutes before legitimate oracle publishing restored the feed to its normal level. During that window, a second wallet borrowed approximately $1 million in additional assets.
That wallet later contacted the Bonzo team through Discord and identified itself as a white-hat responder. It said the assets had been borrowed to protect them from the primary attacker and expressed an intention to return the funds.
Bonzo has therefore excluded the second wallet’s activity from its headline loss figure. Total abnormal borrowing reached approximately $10.06 million, but the protocol continues to report $9.05 million as the estimated malicious extraction because it expects the additional amount to be recovered.
The distinction remains provisional. The final recovery amount will depend on which assets are returned, their value at the time of reconciliation, accumulated interest, transaction costs and any swaps conducted after the borrowing. Until the transfer is completed and verified, the second wallet’s funds remain a recovery item rather than confirmed restored liquidity.
There has been no comparable indication that the primary attacker plans to return the extracted assets. Bonzo is coordinating recovery efforts, but it has not announced a reimbursement agreement, insurance payout or complete recapitalization plan.
Bonzo Lend Remains Frozen
Bonzo paused its lending market at 01:41 UTC, approximately 50 minutes after the manipulated price was accepted. The Bonzo Points rewards program was suspended several hours later.
The pause prevents normal lending activity while the team determines how to handle the protocol’s remaining assets and the shortfall created by the exploit. Liquidity providers are waiting for details about withdrawals, loss allocation and the conditions under which the market could reopen.
Other Bonzo products, including Bonzo Vaults, Bonzo Bridge and single-sided BONZO and XBONZO staking, were described as unaffected and have continued operating. The separation matters operationally, but Bonzo Lend was the project’s most important product and a central source of liquidity for Hedera DeFi.
A restart will require more than installing Supra’s patched verifier. Bonzo must reconcile the pool’s assets and liabilities, determine whether the malicious debt can be isolated, assess the safety of every supported price feed and decide whether users will absorb losses or receive compensation from the protocol, its partners or another recovery source.
The team must also convince depositors that the system will not reopen with the same structural weakness. That likely means introducing price-deviation limits, more restrictive collateral caps, improved monitoring and some form of oracle redundancy. Simply pointing to the third-party patch may not be enough to restore confidence.
Hedera’s Concentrated DeFi Market Amplifies the Damage
The exploit is particularly serious for Hedera because its DeFi ecosystem remains smaller and more concentrated than those of Ethereum, Solana or major layer-two networks. Bonzo was not one lending option among dozens of comparable platforms. It was the network’s dominant lending venue and an important component of its broader liquidity infrastructure.
Data collected after the incident showed Bonzo’s total value locked falling by approximately 77%, while Hedera’s overall DeFi value locked dropped by close to 40% within 24 hours. Some of that decline represented the assets extracted by the attacker, while additional losses reflected users withdrawing liquidity and the falling value of ecosystem tokens.
The blockchain itself continued producing transactions and was not compromised. HBAR holders did not lose funds simply because they held the native token, and the exploit did not create new HBAR or alter Hedera’s ledger history.
The damage to HBAR is indirect but still meaningful. DeFi activity creates demand for network transactions, wrapped assets, stablecoin liquidity and HBAR-based collateral. When a flagship application loses most of its locked value, the network loses utility and credibility even when its core infrastructure is not responsible.
For prospective developers and institutions, the event may reinforce concerns about relying on a young DeFi ecosystem with limited liquidity and relatively few alternative venues. For existing users, it raises a more immediate question: whether the yields available on Hedera justify the combined risks of lending contracts, smaller collateral markets and third-party oracle dependencies.
Oracle Risk Remains DeFi’s Unresolved Weak Point
Decentralized lending platforms cannot operate using blockchain data alone. They need external information to determine what collateral is worth, when a position becomes undercollateralized and how much a borrower may withdraw. That makes oracles one of the most consequential trust layers in supposedly trust-minimized finance.
When an oracle reports the wrong price, a protocol can execute every instruction correctly and still produce a catastrophic result. The code does not understand that collateral worth five dollars cannot rationally support a $9 million loan. It understands only the authenticated number supplied to it.
The Bonzo exploit is especially instructive because it did not require control over market liquidity, a compromised administrator account or a sophisticated multi-protocol flash-loan sequence. The attacker exploited a verification omission and then used ordinary lending functions. Once the fabricated price was accepted, the protocol itself facilitated the extraction.
Effective protection requires multiple independent defenses. Oracle contracts must strictly validate signatures and cryptographic points. Lending protocols must reject implausible price changes even when the underlying update appears authenticated. Less liquid collateral should carry conservative loan-to-value ratios and strict borrowing caps. Emergency monitoring should respond within seconds rather than after most of the available liquidity has left.
Those controls cannot guarantee complete safety, but they can prevent a single upstream failure from turning a nearly worthless deposit into system-wide bad debt.
Recovery Will Determine the Long-Term Impact
The immediate facts are already damaging: approximately $9.05 million was extracted, the dominant Hedera lending protocol remains paused and a large percentage of the network’s DeFi liquidity has disappeared. The longer-term outcome depends on how Bonzo handles the shortfall.
A credible recovery plan would need to explain how remaining assets will be distributed, whether liquidity providers will receive proportional losses, what role Supra may play in compensation and which safeguards must be completed before lending resumes. Users will also expect transparent accounting for the white-hat funds and any assets recovered from the primary attacker.
Supra’s response will be watched just as closely. Patching the verifier addresses the immediate bug, but protocols relying on its infrastructure will need assurances that similar contracts have been reviewed across every supported network and deployment.
For Hedera, the incident is both a setback and a test of ecosystem maturity. Networks are not judged only by whether exploits occur; every major DeFi ecosystem has experienced serious failures. They are also judged by the speed, transparency and fairness of the response.
Bonzo’s exploit did not break Hedera’s underlying blockchain. It did something potentially more damaging to a growing financial ecosystem: it exposed how much value depended on a single external verification path. Restoring the missing liquidity may prove difficult. Restoring the confidence that vanished with it could be harder.
Ethereum
Ethereum’s Former Privacy Team Launches EthSystems to Bring Banks Onchain
Ethereum’s institutional ambitions have always collided with one uncomfortable reality: public blockchains reveal too much. Banks, asset managers and major corporations may be interested in tokenized assets and blockchain settlement, but few are willing—or legally able—to expose their positions, counterparties and transaction flows to anyone with a block explorer.
EthSystems believes it can solve that problem.
The team that previously built and operated the Ethereum Foundation’s Institutional Privacy Task Force has launched EthSystems, a new for-profit engineering and research company focused on confidential financial infrastructure for Ethereum.
The company is developing systems for private transfers, tokenized assets, confidential settlement and privacy-preserving identity. Its target market includes banks, asset managers, central banks and other regulated institutions that want to use public Ethereum without broadcasting commercially sensitive information to the world.
EthSystems launches with anchor backing from BitMine Immersion Technologies, SharpLink, Ethereum co-founder and Consensys CEO Joe Lubin, and other Ethereum ecosystem supporters.
The announcement represents more than the arrival of another blockchain privacy startup. It is an attempt to address one of the central contradictions facing institutional adoption: financial markets want the interoperability and programmable settlement of a public network, but they cannot operate with the radical transparency that currently defines most onchain activity.
From Ethereum Foundation Task Force to Commercial Company
EthSystems was founded by Mo Jalil, Oskar Thorén and Aaryamann Challani, who built and led the Ethereum Foundation’s Institutional Privacy Task Force.
The group spent the past year speaking with central banks, regulators, major financial institutions and asset managers about the privacy requirements preventing them from moving more activity onto Ethereum. Its work produced open-source research, technical architectures and prototypes covering confidential transfers, private bonds, settlement and identity.
That work is now moving outside the Ethereum Foundation and into a dedicated commercial organization.
The shift to a for-profit structure is significant. Open-source research can demonstrate that a privacy architecture is possible, but major institutions need more than specifications and experimental code. They need a company capable of signing contracts, integrating with existing systems, accepting responsibility for delivery and supporting infrastructure once it reaches production.
EthSystems is positioning itself as that counterparty.
Rather than abandoning its open-source roots, the company says it will continue publishing research and technical work while offering institutions the engineering, implementation and advisory support required to turn prototypes into operational systems.
The founders bring experience spanning the Ethereum Foundation, Goldman Sachs and Status, one of Ethereum’s earliest mobile applications. That combination reflects the market EthSystems is trying to serve: an environment where cryptographic design must coexist with banking controls, regulatory obligations and enterprise technology.
Ethereum’s Transparency Problem
Ethereum’s openness is one of its defining strengths. Transactions can be verified independently, smart contracts can be inspected and assets can move between compatible applications without requiring permission from a central operator.
For institutional finance, however, that same transparency can become a serious liability.
A visible stablecoin transfer may reveal the size and timing of a corporate payment. A tokenized bond transaction could expose an investor’s position. Settlement activity may identify counterparties, trading strategies or treasury movements. Even when blockchain addresses do not display legal names, transaction patterns can often be analyzed and connected with known entities.
That is not how most traditional financial markets operate.
Banks do not publish every client payment in a globally readable database. Asset managers do not reveal every portfolio adjustment in real time. Market makers do not want competitors monitoring their inventory, settlement schedule or transaction size.
Institutions also operate under privacy, confidentiality and data-protection rules that may restrict how client information is stored or disclosed.
Private blockchains have traditionally offered one answer. A bank or consortium can limit participation and control who sees transaction data. But private networks sacrifice many of the characteristics that make Ethereum attractive in the first place, including broad liquidity, composability, shared standards and access to a global ecosystem of applications and assets.
EthSystems is pursuing a different model: keep the financial activity anchored to Ethereum while controlling which information becomes visible to each participant.
Selective Disclosure, Not Unrestricted Anonymity
The privacy being developed for institutional Ethereum is not intended to make financial activity invisible under all circumstances.
Regulated institutions need the ability to verify customer identities, screen participants, investigate suspicious activity and provide records to auditors or authorities. A system that completely prevents oversight would be unlikely to satisfy their compliance requirements.
EthSystems is therefore focusing on selective disclosure.
Under this model, the parties involved in a transaction can access the information they are authorized to see, while unrelated observers cannot inspect the same details. Auditors, compliance teams or regulators may receive dedicated access without gaining the ability to control the assets.
The distinction is important. Institutional privacy is less about hiding everything and more about distributing information according to defined permissions.
A buyer may need to know the identity of a seller. A settlement provider may need to verify that both participants have completed required checks. A regulator may need access to a transaction history. The public, however, does not need to see the client’s name, account balance or trading position.
EthSystems describes its objective as building systems in which each participant sees what it has the right to see—and nothing more.
This approach attempts to preserve Ethereum’s verifiability while introducing the confidentiality controls expected in regulated finance.
Private Stablecoin Transfers Offer an Early Test
One of the team’s published prototypes explores compliance-oriented private stablecoin transfers on Ethereum.
Ordinary stablecoin payments are publicly visible. When an institution sends tokens to a supplier, fund or counterparty, observers may be able to monitor the amount, timing and subsequent movement of those assets.
The prototype uses a shielded pool, where transaction information can be hidden using cryptographic commitments and zero-knowledge proofs. A zero-knowledge proof allows a participant to demonstrate that a condition is true without exposing all the information used to prove it.
In the EthSystems design, participants must pass identity verification before entering the system. They can prove that they belong to an approved set without publishing their personal information directly onchain.
Funds inside the pool are represented through encrypted records rather than publicly readable balances. Transactions can be validated without revealing the sender, recipient and amount to every network observer.
The system also separates spending authority from viewing access. A spending key controls the movement of funds, while a viewing key can allow a compliance officer, auditor or regulator to inspect transaction activity without gaining the ability to transfer the assets.
This type of architecture could give institutions a middle path between public transparency and a closed private database.
The published implementation remains a proof of concept rather than a finished banking product. Its limitations include operational complexity, developing tooling and the challenge of creating a sufficiently large privacy set. Moving from a working cryptographic demonstration to production infrastructure will require extensive testing, security reviews and integration work.
That gap between research and deployment is precisely where EthSystems intends to build its business.
Beyond Payments to Bonds, Assets and Settlement
Private transfers are only one part of the company’s planned scope.
Tokenized securities create similar confidentiality challenges. A bond issued on a public blockchain may include sensitive information about ownership, allocation, trading activity and settlement. Institutions need ways to verify that transfers follow the rules without exposing every investor’s position.
Confidential settlement could allow assets and payments to move between approved counterparties while limiting the information visible to outside observers. Privacy-preserving identity could allow participants to demonstrate that they meet specific requirements without repeatedly publishing their full identity or documentation.
A financial institution might need to prove that a customer has completed know-your-customer checks, belongs to an eligible investor category or is permitted to access a specific instrument. A privacy-preserving credential could confirm the relevant status while revealing less underlying data.
This model could reduce unnecessary information sharing across financial networks. Instead of distributing full customer records to every application and counterparty, institutions could disclose only the facts required for a particular transaction.
The long-term opportunity is a financial system in which identity, assets, payments and compliance rules interact through programmable infrastructure without making all activity universally visible.
Backing From Ethereum’s Institutional Power Centers
EthSystems is launching with support from several prominent players in the Ethereum ecosystem.
BitMine and SharpLink have developed strategies centered on building substantial ETH treasury positions and supporting Ethereum’s institutional expansion. Their backing reflects a belief that Ethereum needs stronger privacy infrastructure before it can support a much larger share of global financial activity.
Joe Lubin also brings strategic weight to the project. As an Ethereum co-founder and the founder of Consensys, Lubin has spent years developing infrastructure and enterprise services around the network.
The company’s supporters argue that institutional adoption will remain limited unless Ethereum can deliver confidentiality without becoming another permissioned database.
That argument carries important implications for the Ethereum investment thesis. Ethereum already supports stablecoins, decentralized finance and tokenized assets, but the next stage of adoption may depend less on creating new asset types than on making existing infrastructure acceptable to regulated institutions.
Privacy could be the missing layer between experimental tokenization projects and financial activity operating at meaningful scale.
Part of a Broader Ethereum Restructuring
EthSystems is one of several specialized organizations to emerge from the Ethereum Foundation’s evolving structure.
Ethlabs has been formed to work on core protocol research and infrastructure. Ethereum Institutional operates as an independent organization focused on engagement, education and coordination with financial institutions. EthSystems will work at the applied engineering layer, translating institutional requirements into privacy architectures and deployable systems.
The separation creates distinct roles.
Core developers can concentrate on improving Ethereum itself. Institutional engagement teams can work with banks, policymakers and asset managers. EthSystems can focus on building the confidential applications and infrastructure those institutions require.
This more distributed model could allow each organization to move faster while reducing expectations that the Ethereum Foundation should manage every aspect of the ecosystem’s development and commercialization.
It also signals that institutional adoption is becoming a specialized industry rather than a side project within Ethereum’s broader research agenda.
Privacy May Determine Ethereum’s Institutional Future
Financial institutions have already demonstrated interest in stablecoins, tokenized funds, blockchain-based bonds and onchain settlement. The remaining barriers are no longer limited to transaction speed or regulatory uncertainty.
Confidentiality has become one of the decisive issues.
Public blockchains cannot become major financial infrastructure by asking institutions to expose information they have spent decades protecting. At the same time, recreating conventional private databases under a blockchain label would eliminate much of the value offered by Ethereum.
EthSystems is betting that cryptography can reconcile those competing demands.
Its challenge will be turning promising architectures into systems that are secure, practical, regulator-friendly and simple enough to integrate with existing financial operations. Institutions will expect privacy guarantees, but they will also demand predictable performance, recoverability, audit access and clear accountability when something goes wrong.
Those requirements are difficult to combine. Yet solving them could unlock a much larger role for Ethereum in global finance.
The launch of EthSystems suggests that Ethereum’s institutional strategy is entering a new phase. The focus is shifting from convincing banks that public blockchains matter to building the controls they need before they can participate.
Ethereum already has the assets, liquidity and programmable settlement environment. EthSystems now wants to give institutions something equally essential: the ability to use that infrastructure without conducting their business in public.
News
ECB Taps Stripe, Revolut and 34 Payment Firms for Landmark Digital Euro Trial
Europe’s digital currency project is moving out of policy papers and into the payment terminal. The European Central Bank has selected 36 payment service providers, including Stripe, Revolut, Adyen, Deutsche Bank and UniCredit, to participate in a year-long digital euro pilot beginning in the second half of 2027.
The trial will test whether a digital form of central bank money can function reliably across the everyday situations that determine whether a payment system succeeds or disappears: sending money to another person, tapping a phone at a physical checkout and completing a purchase inside an online store.
For the ECB, this is a major shift from designing the digital euro in theory to testing how it behaves across banks, fintech applications, merchant systems and central bank infrastructure. For the selected payment companies, it offers an early look at what could become one of the most consequential changes to Europe’s retail payment architecture in decades.
A public launch remains conditional, however. The ECB has not made a final decision to issue the digital euro and says it will do so only after European lawmakers adopt the necessary regulation. Assuming the legal framework is completed as planned, the central bank wants to be ready for a possible first issuance during 2029.
Stripe and Revolut Join a Broad Payments Coalition
The inclusion of Stripe and Revolut gives the pilot two participants with substantial influence over Europe’s digital commerce economy.
Stripe supplies payment infrastructure to online businesses ranging from early-stage startups to international platforms. Its involvement places the digital euro directly inside discussions about checkout conversion, merchant integration, refunds, fraud controls and cross-border e-commerce.
Revolut brings a different advantage. The company operates a consumer-facing financial application used across multiple European markets, giving it experience in mobile wallets, rapid account onboarding and cross-border money movement. Its presence could help the ECB understand whether the digital euro can be presented as an intuitive consumer product rather than merely another settlement option hidden behind a banking interface.
The group is considerably broader than those two companies. It includes payment processors Adyen, Nexi, Worldline, SumUp and PAYONE, alongside established banking groups such as Deutsche Bank, DZ Bank, UniCredit, BPCE, Monte dei Paschi di Siena, National Bank of Greece and Raiffeisen Bank International.
Fintech providers including Satispay and traditional postal and retail banking operators such as Poste Italiane are also represented. The result is a testing group that spans large commercial banks, digital banks, merchant acquirers, payment gateways and regional financial institutions.
That diversity is deliberate. The ECB received more than 50 applications and selected participants according to their regulatory eligibility, technical readiness, geographical footprint and ability to support different payment scenarios. Rather than building the pilot around a small group of dominant banks, the Eurosystem is attempting to reproduce the fragmented reality of the European payments market.
What the 2027 Pilot Will Actually Test
The operational phase is scheduled to begin in the second half of 2027 and run for 12 months. Before that happens, participating companies will spend the development period connecting their systems to the digital euro service platform, building customer-facing payment services, testing interfaces and completing technical certification.
The trial will use a beta digital euro that is designed to resemble the proposed final system as closely as possible. It will not be legal tender, and participating consumers will not be opening personal accounts directly with the ECB. Instead, payment service providers will remain the primary interface between users and the Eurosystem.
Some participants will act as distributing providers. They will give eligible users access to beta digital euro services, support account setup and enable payments. Others will act as acquiring providers, connecting merchants to the system so they can receive digital euro transactions. Several companies will perform both functions.
The pilot will focus on four practical payment flows.
Participants will test online person-to-person transfers using identifiers that allow one user to send funds to another remotely. They will also test offline person-to-person transactions through near-field communication, enabling two devices to transfer value by being tapped together without either device requiring an active internet connection.
Physical merchants will accept online digital euro payments through NFC-enabled systems, including software-based point-of-sale applications that can turn compatible phones or tablets into payment terminals. E-commerce and mobile-commerce merchants will test the digital euro as a checkout method for purchases made through websites and applications.
These scenarios are significant because they extend beyond basic account transfers. The ECB is testing whether the digital euro can operate as a genuine retail payment instrument across both physical and digital commerce.
The Pilot Is Controlled, but the Transactions Are Real
The trial will not initially be open to the general public. Individual users will primarily be employees of the ECB and participating euro-area central banks. Selected restaurants, cafeterias, physical shops and e-commerce businesses will act as merchants.
Testing will take place at the ECB and 19 national central banks across the euro area. This controlled structure will allow the Eurosystem to observe transaction performance, user behavior and operational failures without exposing the broader public to an unfinished system.
Even within that restricted environment, the pilot is expected to generate valuable information. The ECB wants to determine whether the infrastructure is robust, scalable and sufficiently simple for everyday use. It will also evaluate onboarding, settlement, liquidity management, customer support, refunds and incident handling.
Offline payments may prove particularly important. A digital euro that can move between devices without internet access could offer resilience during network failures and provide a more cash-like experience than existing card or wallet systems. It also presents some of the most difficult technical challenges, including preventing duplicate spending, securing funds stored on devices and synchronizing transaction records when users reconnect.
The pilot will therefore test more than transaction speed. It will examine whether the proposed system can survive the messy conditions of real commerce, where devices lose connectivity, refunds are requested, customers make mistakes and merchants depend on immediate confirmation that a payment has succeeded.
Europe’s Push for Greater Payment Sovereignty
The digital euro is partly a response to Europe’s dependence on payment infrastructure controlled by companies headquartered outside the region.
European consumers may use domestic banks and local financial applications, but many card and online transactions still rely on international networks. The ECB believes a common digital euro infrastructure could provide a European payment option that works across the entire currency union.
The project is not designed to eliminate banks, card networks or private wallets. The ECB’s model keeps payment service providers in front of the customer, allowing banks and fintech companies to build interfaces and additional services around central bank infrastructure.
In that sense, the digital euro resembles a public payment rail rather than a government-operated retail bank. The central bank would provide the underlying form of money and core platform, while private companies would compete over applications, customer service and merchant tools.
That division of responsibilities explains why the selection of Stripe, Revolut and other major providers matters. A digital currency can be technically sophisticated and still fail if merchants do not integrate it, consumers find it inconvenient or payment companies treat it as a regulatory burden.
The 2027 pilot is intended to discover those problems before any national rollout begins.
What Participation Means for Stripe, Revolut and the Banks
The selected firms will not be paid by the Eurosystem for joining the test. They are expected to cover their own development and operational costs, and they will not be permitted to charge participating consumers or merchants for pilot-related services.
Their incentive is strategic rather than immediate.
Participation gives each company early experience with the digital euro’s technical interfaces, liquidity processes, compliance requirements and customer journeys. Some of that infrastructure may be reusable if the ECB proceeds with a broader rollout, potentially giving pilot members a head start over providers that wait until the final system is approved.
For Stripe, the pilot could shape how the digital euro appears in online checkout flows and how merchants integrate it alongside cards, bank transfers and digital wallets. For Revolut, it offers a chance to test how central bank digital money fits inside a consumer financial application already designed around multiple currencies and payment methods.
Banks face a more complicated calculation. A successful digital euro could give them access to common European payment rails, but it could also introduce costs and alter how consumers hold and transfer money. Policymakers are expected to use holding limits and other safeguards to prevent large movements of deposits from commercial banks into digital central bank money.
The trial will give banks an opportunity to assess those risks using working systems rather than theoretical models.
A Digital Euro Is Not a Cryptocurrency or Stablecoin
Despite the digital terminology, the proposed euro would not function like Bitcoin, Ether or a privately issued stablecoin.
Cryptocurrencies generally operate on decentralized or distributed networks, with prices determined by markets. Stablecoins are typically digital tokens issued by private organizations and designed to track the value of currencies such as the euro or dollar.
The digital euro would instead represent public money issued through the Eurosystem. Its value would remain equal to the physical euro, and it would be designed primarily for payments rather than speculation or investment.
The project nevertheless arrives at a time when stablecoins are becoming increasingly important in international digital finance. Dollar-denominated tokens dominate crypto trading and are expanding into remittances, settlement and commercial payments. That growth raises a strategic question for European policymakers: whether the euro can remain influential in digital markets without a widely available public digital form.
A digital euro would not automatically displace stablecoins. It could, however, give European consumers and businesses another option for moving euro-denominated value through digital channels without relying on a private token issuer.
The 2029 Launch Is Still Conditional
The selection of payment providers does not mean the digital euro has received final approval.
The ECB’s ability to issue the currency depends on the completion of the European Union’s legislative process. The final regulation will determine important questions concerning privacy, holding limits, merchant acceptance, provider compensation and the division of responsibilities between central banks and private institutions.
Only after that framework is adopted will the ECB decide whether to issue the digital euro.
The current timetable assumes the legislation will be completed in time for development work and the 2027 pilot to proceed toward a potential 2029 launch. Delays or major changes to the regulation could alter the design or push the schedule back.
The pilot itself may also reveal problems that require further engineering. The initial 12-month period can be extended by as much as six months if additional validation is needed.
That uncertainty is not a weakness in the process. It is the purpose of the trial. Europe is attempting to determine whether a digital form of public money can work at continental scale without undermining financial stability, privacy or competition.
Europe’s Digital Currency Enters Its Decisive Phase
The most important signal from the ECB’s announcement is not simply that Stripe and Revolut are participating. It is that the digital euro is approaching the point where political ambition must survive contact with payment terminals, banking systems and consumer expectations.
The project now has a group of companies capable of testing nearly every layer of the retail payment chain. Traditional banks can evaluate account management and liquidity. Digital banks can experiment with mobile access. Acquirers can test merchant acceptance. Payment processors can examine e-commerce integration and transaction performance.
By the end of the pilot, the ECB should have a much clearer picture of whether the digital euro can offer something Europe’s existing payment methods do not: a widely accepted, resilient and pan-European form of digital central bank money.
A 2029 launch is far from guaranteed. But with 36 payment providers preparing to build and test the system, the digital euro is no longer merely a proposal. It is becoming payment infrastructure.
Bitcoin
Strategy Bought Zero Bitcoin Last Week—and That May Be More Important Than Another Purchase
For years, Strategy trained the market to expect a familiar weekly ritual: sell securities, raise capital and convert the proceeds into more Bitcoin. Between July 6 and July 12, that machine continued to raise money—but the final step never happened. The company sold approximately 4.82 million shares of MSTR through its at-the-market program, generating $466.7 million in net proceeds, yet purchased no Bitcoin and sold none. Instead, Strategy increased its designated U.S. dollar reserve by $450 million, taking the balance to $3 billion.
The pause does not mean Strategy has abandoned Bitcoin. It still holds 843,775 BTC, acquired for an aggregate cost of roughly $63.69 billion at an average price of $75,476 per coin. No publicly listed company comes close to matching that exposure. But the decision to direct newly raised equity capital toward cash rather than additional Bitcoin illustrates how Strategy’s financial architecture is changing. The company is no longer managing only a giant crypto treasury. It is managing a layered capital structure filled with common stock, multiple preferred securities, debt obligations, dividend commitments and a Bitcoin reserve whose market value can move by billions of dollars in a single week.
That makes the zero-purchase week less of a non-event than it appears. Strategy raised almost half a billion dollars, diluted common shareholders and deliberately chose liquidity over accumulation. The question is no longer simply why Michael Saylor’s company did not buy Bitcoin. It is what the growing cash pile reveals about the risks and priorities behind the world’s largest corporate Bitcoin strategy.
The Headline Numbers
Strategy’s July 13 regulatory filing showed that the company sold 4,818,781 shares of Class A common stock between July 6 and July 12. The sales produced $466.7 million in net proceeds after commissions. The company did not issue any of its preferred securities during the period and did not repurchase common or preferred shares.
Its Bitcoin holdings remained unchanged at 843,775 BTC. The absence of a purchase is notable because Strategy has historically used proceeds from common-stock and preferred-stock issuance to expand its Bitcoin reserve. This time, the company directed most of the newly raised capital toward its U.S. dollar reserve, which increased from $2.55 billion on July 5 to $3 billion on July 12.
The $466.7 million raised and the $450 million reserve increase are not identical. Strategy did not provide a simple dollar-for-dollar reconciliation in the weekly update, and the reserve figure includes expected proceeds from ATM transactions that had not yet settled. The safest interpretation is that the company raised $466.7 million through the equity program while increasing the designated reserve by $450 million over the same reporting period.
Strategy also retained substantial fundraising capacity. After the latest sale, approximately $23.79 billion remained available under its MSTR at-the-market programs, alongside billions of dollars of unused capacity across its preferred-stock offerings. The company therefore has not run out of ways to raise money. It is choosing how to allocate that money under more difficult market conditions.
Why Strategy Is Building a $3 Billion Cash Fortress
Strategy’s dollar reserve is not simply idle corporate cash waiting for a better Bitcoin entry price. It is a management-designated liquidity pool intended to support dividend payments on the company’s preferred shares and interest payments on its outstanding debt.
That distinction is critical. Strategy has issued several preferred securities with different dividend structures, seniority and market characteristics. These instruments have allowed the company to attract capital from investors who may want Bitcoin-related exposure but prefer income-producing securities over the volatility of MSTR common stock. The trade-off is that preferred dividends create recurring cash obligations regardless of whether Bitcoin rises, falls or trades sideways.
Bitcoin does not generate operating cash flow. It can appreciate dramatically, but it does not automatically produce the dollars required to pay quarterly dividends or service debt. Strategy must obtain those dollars from its software business, capital-market transactions, existing liquidity or Bitcoin sales. A larger cash reserve reduces the possibility that the company will be forced to sell Bitcoin at an unfavorable price simply to meet scheduled obligations.
Strategy’s reserve policy requires management to maintain at least 12 months of expected preferred dividends and interest payments unless the board authorizes a lower amount. The company has also expressed an ambition to build coverage for 24 months or more. A $3 billion reserve moves it closer to operating with a substantial liquidity runway rather than continually depending on favorable access to equity markets.
This is not a retreat from the Bitcoin thesis. It is an attempt to protect that thesis from the company’s own financing structure.
The Capital Machine Has Become More Complicated
The original Strategy playbook was comparatively simple. The company raised money through debt or common-stock issuance, bought Bitcoin and benefited when the value of its holdings increased faster than the cost of capital. When MSTR traded at a large premium to the value of its Bitcoin, issuing new common shares could be particularly attractive. Strategy could sell expensive equity, purchase Bitcoin and potentially increase the amount of Bitcoin attributable to each diluted share.
The model became more complex as the company introduced a growing collection of preferred securities. These products expanded Strategy’s addressable investor base and provided new channels for raising capital, but they also created a larger stack of contractual and expected cash payments. Strategy increasingly resembles a Bitcoin-focused financial institution whose liabilities must be managed alongside its assets.
The $3 billion reserve is evidence that management recognizes this transformation. A company with recurring preferred dividends cannot behave exactly like a passive Bitcoin wallet. It needs liquidity planning, liability matching and contingency funding. The more securities Strategy issues, the more important those disciplines become.
This also explains why the absence of a Bitcoin purchase should not automatically be interpreted as bearishness. Management may believe that protecting the capital structure currently creates more value than adding a relatively small amount of Bitcoin to an already enormous position. At recent market prices, the $466.7 million raised would have purchased only a fraction of one percent of Strategy’s existing holdings. Directing the money to the reserve may have a greater effect on near-term financial resilience.
Common Shareholders Paid for the Buffer
The reserve did not appear without a cost. Strategy created and sold almost 4.82 million additional MSTR shares, increasing the number of claims on the company’s assets and future value. Existing common shareholders were diluted, yet the proceeds were not immediately converted into more Bitcoin.
That is a meaningful change from the transaction common investors have historically been encouraged to evaluate. When Strategy issues stock and buys Bitcoin on favorable terms, management can argue that the deal increases Bitcoin exposure per share or strengthens the company’s long-term Bitcoin position. When it issues stock to hold dollars, the benefit is defensive rather than directly accretive to Bitcoin holdings.
The dilution may still be economically rational. Cash that prevents a distressed Bitcoin sale, protects preferred dividends or reduces refinancing pressure can preserve value for common shareholders. The common stock sits below debt and preferred securities in the capital structure, so anything that improves the company’s ability to satisfy senior obligations can indirectly protect MSTR holders.
Nevertheless, the market will increasingly scrutinize the price at which Strategy issues common shares and the purpose of each capital raise. Selling stock when MSTR commands a substantial premium to its underlying assets is very different from selling it when that premium has narrowed. The less favorable the valuation, the harder it becomes to justify dilution unless the proceeds clearly improve the company’s financial position.
This week’s transaction therefore asks investors to accept a new proposition: sometimes the best use of freshly issued MSTR equity is not more Bitcoin, but a larger safety margin around the Bitcoin already owned.
The Pause Follows Actual Bitcoin Sales
The zero-purchase week did not occur in isolation. Strategy had recently sold Bitcoin, marking a major departure from the uncompromising accumulation narrative that defined the company for years. During the two preceding reporting periods, it sold a combined 3,588 BTC for approximately $216 million. Those sales were connected to preferred distributions and reserve management.
Strategy still owns more than 843,000 BTC, so the amount sold represented well under 1% of its holdings. The transactions were not a liquidation of the corporate Bitcoin strategy. They were, however, proof that the company now treats at least part of its Bitcoin reserve as a monetizable financial asset rather than an untouchable position.
The company has also established a Bitcoin monetization framework that allows management to sell BTC under specified conditions, including to support the dollar reserve. The existence of this program matters even when no coins are sold. It gives Strategy another liquidity source if capital markets become less receptive to MSTR or preferred-stock issuance.
This flexibility reduces the risk of missing payments, but it changes the investment narrative. Strategy is no longer operating under a simple “buy and never sell” principle. It is actively balancing Bitcoin ownership against the needs of a complex securities platform.
Why Zero Bitcoin Purchases Can Be Bullish
For some Bitcoin investors, any week without a Strategy purchase looks disappointing. The company has been one of the market’s most visible sources of institutional demand, and its announcements often reinforce confidence that large corporate buyers remain committed to accumulation.
Yet purchasing Bitcoin every week regardless of financing conditions would not necessarily be responsible. A disciplined treasury company should compare the expected value of an additional purchase with the cost of raising capital, the price of its securities, the strength of its liquidity reserve and the risk of future obligations.
By raising cash now, Strategy may improve its ability to avoid selling Bitcoin later. A stronger reserve can give the company time to wait through a prolonged downturn without relying on emergency financing. It can also support confidence in the preferred securities that have become central to its capital-raising strategy. If investors believe those dividends are protected by a substantial cash buffer, demand for Strategy’s credit-like products may recover, giving the company more efficient funding options in the future.
From that perspective, the $3 billion reserve is part of the Bitcoin strategy rather than an alternative to it. Liquidity strengthens Strategy’s capacity to remain a long-term holder during periods when the price of Bitcoin, MSTR and its preferred securities are all under pressure.
Why the Move Can Also Be Read as a Warning
The defensive interpretation has an uncomfortable side. Strategy would not need such a large reserve if its capital structure did not require significant recurring cash payments. The company has created a system that can accumulate Bitcoin rapidly in favorable markets but demands careful maintenance when conditions deteriorate.
Preferred securities can provide patient capital, but their dividends do not disappear when Bitcoin falls. Common-stock issuance can raise enormous sums, but it becomes more dilutive when MSTR’s valuation weakens. Selling Bitcoin can produce cash, but doing so during a downturn risks crystallizing losses and undermining the accumulation story that supports investor enthusiasm.
The reserve is therefore both a strength and a signal of pressure. It makes Strategy safer than it would be with minimal cash, while demonstrating that management sees liquidity risk as serious enough to justify almost half a billion dollars of common-stock issuance without a corresponding Bitcoin purchase.
Investors should also distinguish between solvency and market performance. A $3 billion reserve can help Strategy pay dividends and interest. It cannot prevent the market value of its Bitcoin from falling, guarantee that MSTR will trade at a premium or ensure that future equity issuance will be accretive.
Strategy Is Becoming a Bitcoin Bank
Strategy is often described as a leveraged Bitcoin proxy, but that label no longer captures the full business. It has created a collection of securities designed to transform Bitcoin exposure into products with different risk, income and volatility profiles. Common shareholders receive the most leveraged residual exposure. Preferred investors receive varying dividend structures. Debt holders occupy another position in the hierarchy. The dollar reserve links the system by providing liquidity for obligations that Bitcoin itself cannot directly satisfy.
In effect, Strategy is trying to construct a Bitcoin-backed capital-market platform without operating as a conventional bank. Its core asset is Bitcoin, its funding comes from public securities and its treasury team continuously decides whether the next dollar should purchase BTC, support dividends, repay obligations, repurchase securities or remain liquid.
That model can be powerful when Bitcoin appreciates and Strategy’s securities trade at attractive valuations. It can also become fragile when the asset falls and the cost of capital rises. The move to $3 billion in cash suggests management wants the company to survive both environments.
What Happens Next Matters More Than the Zero
One week without a Bitcoin purchase does not establish a permanent shift. Strategy may return to the market quickly if Bitcoin prices, MSTR’s valuation or financing conditions become more favorable. The company still has enormous ATM capacity and remains publicly committed to Bitcoin as its primary treasury asset.
The more important metric is the direction of capital allocation over several months. If Strategy continues selling common stock primarily to fund cash reserves and obligations, investors may begin viewing it less as an aggressive Bitcoin accumulator and more as a mature treasury platform focused on defending its balance sheet. If the reserve reaches management’s desired coverage level and new capital begins flowing back into Bitcoin, this period may look like a temporary fortification phase.
For now, the company’s message is clear even without saying it directly. Strategy did not fail to buy Bitcoin because it lacked access to money. It raised $466.7 million and chose not to buy.
That decision reveals a company prioritizing durability over spectacle. The weekly purchase announcement may have disappeared, but the capital machine is still running. It is simply being used to build a $3 billion wall around 843,775 Bitcoin.
-
Cardano10 months agoCardano Breaks Ground in India: Trivolve Tech Launches Blockchain Forensic System on Mainnet
-
Cardano8 months agoSolana co‑founder publicly backs Cardano — signaling rare cross‑chain respect after 2025 chain‑split recovery
-
Cardano10 months agoCardano Reboots: What the Foundation’s New Roadmap Means for the Blockchain Race
-
Altcoins7 months agoCrypto Goes Mainstream — Bitwise 10 Crypto Index ETF (BITW) Debuts on NYSE Arca
-
News7 months agoCrypto on Trial: The $5.5 Billion Pump.fun, Solana & RICO Lawsuit That Could Redefine On‑Chain Liability
-
Altcoins7 months agoAlgorand’s 2027 Question: Can the Network Survive Without Foundation-Funded Rewards?
-
News7 months agoFrom Memes to Courtrooms: Solana and Jito Execs Named in Explosive RICO Suit Over Pump.fun
-
Ethereum8 months agoEthereum Breaks TPS Record as Lighter Layer-2 Surges Past 24,000 Transactions per Second
