Web3 Wavefronts - Digestible News on Crypto, DeFi and AI

Fireblocks agreed to acquire TRES Finance for roughly $130 million in a mix of cash and equity. The deal follows Fireblocks' October purchase of Dynamic for about $90 million. TRES provides accounting, reconciliation and audit-ready reporting for digital assets and connects to more than 280 blockchains, exchanges, banks and custodians. TRES serves over 200 organizations, including Alchemy, Bank Frick, Dune, Finoa, M2 and Wintermute. TRES was founded by Tal Zackon and Eilon Lotem, has raised about $18.6 million and employs roughly 58 people across Israel, Europe and the United States. Fireblocks will bring the TRES team into its organization. The purchase price represents a premium to TRES' last private valuation and is structured as a cash and equity split. Fireblocks raised a $550 million Series E at an $8 billion valuation in 2022 and processes trillions in annual digital asset transfers. Fireblocks' integration plan centers on connecting TRES' data models to existing policy controls and transaction routing so activity can be tagged, classified and reconciled as it happens. TRES' features include real-time treasury and position visibility across wallets and venues; automated reconciliation between on-chain activity and off-chain ledgers and bank accounts; cost basis and revenue recognition data; and audit trails and attestations for auditors and regulators. The combined stack aims to deliver custody through reporting in a single platform and to align records with ERPs and general ledgers. MiCA rules in Europe and evolving U.S. agency guidance increase expectations for record keeping and disclosures, and TRES standardizes records and ties transactions to wallets, venues and fiat rails to support auditor and controller validation. Adoption and competitive outcomes will depend on integration speed, depth of reconciliation and ERP connectors, customer migration from multi-vendor setups, and regulatory developments. Source: https://web3businessnews.com/crypto/fireblocks-tres-acquisition-130m/

On January 5, 2026, at PAOCC headquarters in Camp Crame, Quezon City, the Philippine Anti Organized Crime Commission, led by Undersecretary Benjamin Acorda Jr., and Detective Superintendent Brad Marden of the Australian Federal Police signed an agreement to deliver cryptocurrency investigation training to Philippine law enforcement. The training curriculum links blockchain analysis, transaction tracing, illicit finance detection, and evidence preservation to legal process and regional cooperation and includes classroom instruction, hands-on labs, live case clinics, device forensics, and a train-the-trainer track. A memorandum of understanding is under review to formalize joint operations, information sharing, and tasking across cybercrime, drug trafficking, and money laundering, and coordination points include the January 2026 National Anti Crime Coordinating meeting and the June 2026 ASEANAPOL gathering to refine tasking, legal templates, and early case selections. Modules will cover blockchain fundamentals, tracing across chains and services including bridges and custodial endpoints, detection of cross-chain laundering and privacy services, analysis of transaction traces and on-chain events for DeFi exploits and smart contract theft, AI-assisted fraud patterns, and device forensics to link signing events and preserve chain of custody. The program will produce a standardized investigation playbook with documented attribution steps, chain-of-custody procedures, reproducible documentation, and evidence continuity from analytics platforms to courtroom exhibits, and will incorporate partnerships with registered virtual asset service providers and legal templates for subpoenas, MLAT requests, and freezing orders. Agencies identified operational metrics under consideration, including time to first tracing report, percentage of illicit funds identified, and days from referral to charge, and plan to use shared tooling and playbooks to speed case building and asset recovery and to coordinate earlier preservation and freezing actions across jurisdictions. AFP support will extend to regional forums, including co-hosting the Pacific Organised Crime Summit in Fiji from May 17 to 22, 2026, and coordination with partners such as Five Eyes, INTERPOL, UNODC, and ASEANAPOL. The agreement signals that exchanges, custodians, and analytics vendors will receive standardized evidence packages and preservation requests, and firms are advised to update incident response and compliance playbooks, maintain current contact lists and escalation tiers, log activity in formats suitable for legal use, and rehearse cross-chain tracing handoffs. Immediate priorities are finalizing the MOU, delivering a repeatable investigation curriculum, and launching pilot cohorts across PAOCC and partner agencies to build sustained investigative capabilities. Source: https://web3businessnews.com/crypto/paocc-afp-crypto-training-ph/

Kontigo detected unauthorized access over the weekend and announced the incident on January 5 via X, reporting that attackers drained about $340,900–$341,000, primarily in USDC, from 1,005 customer wallets and that CEO Jesus A. Castillo had a personal account compromised. Engineers identified and isolated the vulnerability, disabled the affected access path, rotated credentials and keys, tightened access policies, added rate limits, withdrawal checks and session controls, and traced fund flows to support recovery efforts. Kontigo completed full reimbursement from corporate funds and reported that impacted wallets now reflect restored balances; the company said attackers have been identified and that services remained available while additional monitoring and customer support addressed residual tickets. Kontigo reported it is conducting a deeper internal review. The company is YC-backed, founded in 2023, reported more than one million monthly active users, reported processing over $1 billion, reported roughly $30 million in annualized revenue, and closed a $20 million seed round on December 22, 2025, led by FoundersX Ventures; it is expanding dollar accounts, remittances, and merchant payments across multiple Latin American markets, including Venezuela. Kontigo previously faced scrutiny tied to frozen intermediary accounts, and cross-border dollar flows in Latin America are subject to AML and sanctions oversight. Expected follow-ups include a detailed post-mortem, third-party security reviews, published upgrades to authentication, session security and key management, and verification of reimbursement and legal or recovery steps against the attackers. Source: https://web3businessnews.com/crypto/kontigo-stablecoin-hack-repay/

Sterling Heights adopted a licensing and compliance ordinance in December 2025 that requires photo ID verification at crypto kiosks, on‑screen fraud warnings, printed receipts showing wallet addresses and timestamps, posted operator and police hotline numbers, a $1,000 daily cap for new users during onboarding, 90‑day retention of transaction and KYC records, and municipal inspections of signage, ID capture functionality, and receipt content, with existing operators required to comply by March 31, 2026. Grosse Pointe Farms proposed preemptive limits including a $1,000 per 24‑hour cap and a $5,000 per 14‑day cap along with disclosures and ID rules. Sterling Heights investigators reviewed 23 fraud cases tied to 27 crypto ATMs in 2025 with confirmed losses above $542,000 and estimated total losses near $1 million, and the FBI’s Internet Crime Complaint Center reported $246.7 million in U.S. crypto ATM losses in 2024. Reported scams followed patterns of impersonation, urgency around fake debts or frozen accounts, romance and giveaway schemes, and seasonal spikes. Law enforcement formed a dedicated crypto task force to coordinate case intake, trace funds, and submit freeze requests. Operators deploy on‑screen alerts and 24/7 call centers, flag suspect wallets, and can delay or hold transfers while cases are reviewed, and some operators questioned whether fixed caps will drive structured smaller deposits that require cross‑operator analytics and data sharing to detect. Merchants hosting machines must obtain city licenses, prepare for inspections, and train staff to refer customers to operator hotlines, and operators must update software to enforce caps, implement purpose testing, and add camera or document capture to meet ID standards. Metrics to monitor include monthly fraud case counts, average loss per incident, rate of attempted structured deposits blocked by operators, and compliance progress toward the March 31, 2026 deadline, and early 2026 compliance results and fraud metrics will shape whether the model is replicated across Michigan or incorporated into a statewide framework. Source: https://web3businessnews.com/uncategorized/metro-detroit-crypto-atm-rules/

Portugal’s public prosecutor unit opened a money laundering investigation into Elledgy Media and producer Elvira Gavrilova-Paterson after ICIJ Coin Laundry reporting linked event promotions to alleged crypto schemes tied to Vladimir Okhotnikov. Investigators are examining whether more than $4 million that moved through Elledgy since 2024 financed promotional campaigns for platforms connected to Okhotnikov and are mapping event budgets, vendor payments, sponsor invoices, and talent fees to determine whether payments masked transfers tied to those promotions. Gavrilova-Paterson, a Ukraine-born producer based in Portugal, organized red carpet placements, talent bookings, festival activations at Cannes and Venice, and global media rollouts across multiple jurisdictions through Elledgy. Regulators and reporting show Okhotnikov is accused of orchestrating schemes that attracted roughly $1 billion over about five years, including Forsage (U.S. authorities report participant losses above $340 million), and ICIJ traced roughly $29 million through a wallet tied to Meta Whale during a period that overlapped with a marketing push; authorities in Australia and Canada issued warnings and Vietnamese police arrested promoters, and a Georgian court convicted Okhotnikov in absentia on laundering charges tied to about $1.1 million and sentenced him to 10 years. Investigators describe a repeatable enforcement playbook involving smart contracts that incentivize recruitment, affiliate networks and influencer roadshows, rapid cross-border cash movements, branding shifts, and off-chain payments through vendors and events that complicate tracing. The reporting and enforcement teams advise Web3 founders, investors, and legal teams to treat festival placements, sponsorships, and production budgets as potential regulated flows, build enhanced counterparty due diligence into commercial processes, require verifiable beneficial ownership and bank-level documentation, use independent smart contract audits and escrow arrangements for promotional spend, and maintain a live risk register for vendors and promoters. Immediate risk controls recommended include pausing paid promotions with new or unvetted partners until enhanced due diligence is complete, mandating beneficial owner attestations and third-party identity verification, insisting on independent reviews of any token or contract mechanics tied to promotional campaigns, and structuring payments through escrow or controlled accounts to prevent invoice repurposing. Signals to monitor include Portugal’s formal case decisions, asset freezes, mutual legal assistance requests, SEC or DOJ filings that tie wallets or promoters to enforcement actions, continued on-chain tracing of wallets linked to Meta Whale or successor brands, and disclosure or documentation requests served to festivals, agencies, and banks; if prosecutors file formal charges, authorities may seek domestic asset actions and coordinated records requests abroad, and further SEC or DOJ filings could accelerate seizures or arrests. Source: https://web3businessnews.com/crypto/portugal-probe-producer-crypto/

A U.S. operation named Absolute Resolve began in the early hours of January 3 with more than 150 aircraft striking air defense systems, airfields and mobility nodes across northern Venezuela, and U.S. authorities reported that Nicolás Maduro and Cilia Flores were captured and flown out of the country. Satellite imagery and reports showed explosions around greater Caracas, damage to infrastructure and a legislative building, and outages and communications interruptions in southern Caracas. U.S. officials described the operation as intelligence-driven, said a small command cell authorized the action to reduce leak risk, and stated that charging documents against Maduro are being prepared while a senator said the secretary expects no further kinetic action and that Maduro will face a U.S. trial. Colombia confirmed involvement, deployed border forces and warned of refugee pressure; Russia and China issued condemnations; the U.N. called for restraint; and Venezuela requested a U.N. Security Council meeting. Crypto markets repriced geopolitical risk during low-liquidity hours as Bitcoin and major altcoins declined, perpetual funding turned negative, basis compressed, option skew favored puts, market makers widened spreads and reduced inventory, stablecoin order books saw heavy two-way flow, and Latin American P2P spreads widened. Venezuela’s broad retail adoption of USDT, USDC and P2P rails for remittances and commerce links local on-ramps and off-ramps to global liquidity, and power outages could affect mining operations, pool hash rates and mining throughput. Officials indicated that Treasury and State may update sanctions and guidance that would affect exchange routing, custody and compliance costs for exchanges, market makers and stablecoin issuers. Advisory guidance included prioritizing liquidity quality, maintaining contingency plans for custody and fiat ramps, and holding short-duration hedges and cash buffers; recommended indicators to monitor over the next 72 hours include official U.S. statements on operational scope and detainee status, cross-border incidents and refugee surges, oil price moves, exchange policy updates for Venezuelan users, stablecoin spreads across Latin American P2P channels, funding and basis metrics, open interest, deposit and withdrawal anomalies tied to Venezuelan IP clusters, and daily mining hash rate trends and reports of grid outages. Source: https://web3businessnews.com/crypto/us-strikes-venezuela-crypto/

Community and vendor datasets report about 50 to 60 wrench attacks on cryptocurrency holders in 2025, nearly double the 2024 count and part of more than 215 physical incidents logged since 2020. Analysts monitoring forums, local news, and police blotters state the true count is higher because many victims decline to disclose wallet or exchange details. Attackers combine public blockchain data, leaked personal information, and social media signals to map holdings to real names and addresses. Attack methods include fake deliveries, utility pretexts, staged yard checks, impersonation to gain entry, on‑site testing of small transfers followed by escalation, restraint, threats, and forced account access. Incidents cluster around cryptocurrency price movements and data spills. Organized crews outsource enforcement to local proxies, use rented housing for staging, rotate vehicles and prepaid phones, and coordinate remotely to validate balances and direct exits. A San Francisco case involved a gunman posing as a delivery driver, restraint of the resident, accomplice verification of balances by phone, staged transfers over roughly 90 minutes, and an estimated $11 million loss. Reports also document retirees coerced in Florida, torture and threats in Texas over believed hardware wallets, and threats against family members in Europe and Brazil. Underreporting occurs because victims fear reputational damage, expect mishandling of crypto evidence by police, or view losses as irreversible, and law enforcement records often list generic robbery charges without on‑chain details. Improved case reporting with structured incident fields would enable better detection, trend analysis, and linkage across incidents. Defensive measures for individuals and teams include reducing public signals that link wallets to identities or addresses, scrubbing leaked personal data, protecting family information, improving home perimeter security and delivery verification, adopting multisignature custody with geographically and role‑separated signers, storing hardware wallets and seed backups offsite, implementing policy‑based custody with offsite cosigners and time locks, and separating signing workstations from everyday devices. Post‑incident actions include calling law enforcement immediately, providing wallet addresses and transaction hashes, preserving device logs and camera footage, notifying exchanges and analytics firms to trace and flag funds, and coordinating insurers and legal counsel through a single point of contact. Metrics to monitor include incident counts from community databases, arrest and conviction rates, share of cases tied to leaked personal data, time from incident to first custodial or exchange touch, and percent of losses that interact with services where freezes are possible. Organizations should test response playbooks with red‑team drills that assume in‑person coercion, and insurers increasingly require proof of multisig separation and documented privacy controls. Law enforcement and exchanges are developing playbooks to handle on‑chain evidence and coordinated responses, and available reporting indicates attackers can execute physical coercion with basic wallet skills and access to leaked data. Source: https://web3businessnews.com/crypto/wrench-attacks-crypto-2025/

Starting January 1, 2026, jurisdictions implementing the OECD Crypto Asset Reporting Framework (CARF) require Reporting Crypto Asset Service Providers (RCASPs) to collect transaction-level data and user tax information; the EU will implement CARF via DAC8, the UK is aligning domestic rules to the same timeline, and more than 48 jurisdictions have committed to the standard. RCASPs generally include exchanges, broker-dealers, custodial platforms and providers that effect crypto-to-fiat, crypto-to-crypto trades or similar disposals, and some jurisdictions will require registration and appointment of a responsible officer. Platforms must collect tax residence self-certification and tax identification numbers (TINs), validate these against KYC/AML records, and report user identity, tax residence and TIN, transaction type and date, asset category and quantities, proceeds or consideration in fiat, and fees according to local CARF schemas; reporting covers crypto-to-fiat trades, crypto-to-crypto transactions and certain platform-effected transfers, and providers must be able to file nil returns, submit corrected filings, and retain multi-year records. Governments plan to begin exchanging 2026 activity data in 2027; reporting periods and filing deadlines will vary by jurisdiction, with some fixed early-year dates and others allowing up to nine months after year end. Platforms should update onboarding to capture tax residence and TINs, build or procure CARF-capable reporting engines that support jurisdiction-specific schemas and versioning, secure market data for fiat conversions, establish a single asset taxonomy and reconciliation logic, run dry runs and backfill legacy accounts in 2026, and prepare to file in 2027 according to local deadlines. Providers must align privacy notices with GDPR and local privacy rules, retain documentation of due diligence and remediation, assign accountable owners to monitor OECD guidance and local implementing legislation, and prepare playbooks for regulatory inquiries and discrepancy resolution. Jurisdictions will enforce filing requirements and impose penalties for late or incorrect filings, and cross-border data matching will enable tax authorities to detect discrepancies between platform reports and taxpayer filings. Source: https://web3businessnews.com/crypto/crypto-tax-reporting-uk-eu-2026/