Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies

TheDinarian

News • Business • Investing & Finance

April 14, 2023

(Dinarian Note: Whenever possible, ALWAYS go directly to the source versus clicking on an email link or google ad. Note: When searching on Google, the first 3 or 4 results are ads, do NOT use those. Also, ALWAYS double-triple check your pasted wallet address when withdrawing funds and ALWAYS use a VPN and Antivirus-Malware program, especially when you own crypto. Having cold storage is great, but when sending-recieving funds you are vunerable. Question everything, even if it seems legit.)

Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.

Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges.

Rilide is not the first malware SpiderLabs has observed using malicious browser extensions. Where this malware differs is it has the effective and rarely used ability to utilize forged dialogs to deceive users into revealing their two-factor authentication (2FA) and then withdraw cryptocurrencies in the background. During our investigation into Rilide’s origins, we uncovered similar browser extensions being advertised for sale. Additionally, we found that part of its source code was recently leaked on an underground forum due to a payment dispute.

Malicious Campaigns Leading to Rilide Stealer Extension

SpiderLabs uncovered two malicious campaigns leading to the installation of the Rilide extension.

Figure 1. Infection Chains Leading to the Execution of the Rilide Extension

Campaign 1: Ekipa RAT Installing Rilide Stealer

One of the Rilide samples identified by Trustwave SpiderLabs was distributed through a malicious Microsoft Publisher file. This file is part of Ekipa RAT, a Remote Access Trojan (RAT), designed for targeted attacks and often sold on underground forums.

We previously described Ekipa RAT in one of our blogs. It is important to note that Microsoft Publisher was not affected by Microsoft's decision to block macros from executing files downloaded from the Internet. As a result, when a user attempted to open a Publisher file, they would receive a warning but could still enable the execution of malicious content by clicking the ‘Enable Macros’ button. On 14 February 2023, Microsoft issued an update that resolved the Publisher security flaw. With the implementation of the ‘Mark of the Web’ feature on the .pub file, users are now left with only one option, ‘Disable Macros,’ which should have been the case all along.

Any association between the threat actors behind Ekipa RAT and those using the Rilide infostealer remains unclear. However, it is probable that Ekipa RAT was tested as a means of distribution for Rilide, before finally switching to Aurora stealer.

Figure 2. Publisher’s macro and Document_Open procedure executing remote Excel Workbook

Three tasks were configured on the C2 server:

Download payload from hxxps://nch-software[.]info/1/2[.]exe to %temp% directory as.txt
Change downloaded file’s extension to .exe
Execute the payload.

File 2.exe is a Rust-based loader, responsible for installing the Rilide extension for Chromium-based browsers.

Campaign 2: Aurora Stealer Abusing Google Ads

Aurora is a Go-based stealer, which was initially spotted being advertised in April 2022 as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums. The malware is designed to target data from multiple web browsers, cryptocurrency wallets, and local systems.

Recently, the threat actors behind Aurora have been observed abusing the Google Ads platform to spread the malware. According to a report published by Cyble, campaigns mimicking legitimate Team Viewer installers have been utilized to deploy Aurora. As reported by @1ZRR4H and @malwrhunterteam, Aurora was also spread via another campaign that imitated an NVIDIA Drivers installer. A downloaded sample was packed with Themida, a well-known commercial protector for executables. We used the UnpacMe service to unpack the sample.

Figure 3. Aurora campaign imitating the NVIDIA Drivers installer as shown in 1ZRR4H’s Twitter post

Restoring Function Names

The Aurora Stealer sample was stripped of debugging symbols, thus making the analysis harder. Since Go binaries are statically linked, which means that all the necessary libraries are included in the compiled binary, the number of potential functions to analyze is large. However, the original function names can be restored from the pclntab structure, as described in the CUJOAI Senior Threat Researcher Dorka Palotay’s post. Using the go_func.py script for Ghidra we were able to restore the functions names.

How an Aurora Module Downloaded Rilide Stealer

One of the eight grabbing modules, configured in the analyzed sample, contained a base64 encoded blob of data storing the URL for the Rilide Rust-based loader. The payload, hosted on Discord CDN, was saved to the %temp% directory with filename <10-alpahnumeric-characters>.exe and executed via start-process PowerShell cmdlet.

Figure 4. Part of Aurora Stealer routine downloading and executing Rilide loader

The Common Link Between Two Campaigns

The Rilide Rust-based loader samples analyzed as part of the Aurora campaign were packed with a VMProtect commercial packer. After unpacking the samples and analyzing strings contained in the binary, we found multiple references to Windows paths in the C:\Users\ilide\ directory. The same username was observed in the PDB Path of the Rilide sample obtained from the Ekipa RAT campaign.

Figure 5. The same username in a path found in Rilide Rust-based loaders samples from both campaigns.

Rilide Stealer Extension Targeting Chromium-Based Browsers

Rilide leverages a Rust loader used to install the extension if a Chromium-based browser is detected. Rilide mimics benign Google Drive Extensions and abuses several built-in chrome functionalities. The loader modifies LNK shortcut files opening targeted browsers, so that they are executed with parameter --load-extension pointing to the dropped malicious Rilide extension.

Figure 6. Rilide Stealer extension mimicking Google Drive and looking at its manifest revealing the configured permissions

Rilide’s background script attaches a listener to the tabs.onActivated and webRequest.onHeadersReceived events and removes the Content Security Policy (CSP) directive for all requests. This allows the extension to perform an XSS attack and load external resources that would otherwise be blocked by the CSP. The app script adds another listener to the DOMContentLoaded event and retrieves a list of targeted domains from the C2. If the current domain matches any of the listed targets, designated scripts are injected into the webpage.

Figure 7. Configuration list indicating targets such as email services and cryptocurrency exchanges.

Additionally, the background script carries out regular checks on the browsing history and exfiltrates URLs that are matched against the targeted domain list. Moreover, it is capable of capturing and exfiltrating screenshots of the currently active tabs on demand.

Figure 8. Rilide Stealer Execution Flow and Functionalities

Automatic Cryptocurrency Withdrawal

Rilide’s crypto exchange scripts support automatic withdrawal function. While the withdrawal request is made in the background, the user is presented with forged device authentication dialog in order to obtain 2FA. Email confirmations are also replaced on the fly if the user enters the mailbox using the same web browser. The withdrawal request email is replaced with a device authorization request tricking the user into providing the authorization code.

Figure 9. Withdrawal Requests replaced with Authorize New Device emails in Gmail mailbox

Figure 10. Content of the original and forged email. The verification code was extracted from the original message body.

We found no substantial variations in the code between the samples dropped by Ekipa RAT and used in the Aurora Stealer campaign. Both campaigns utilized a Rust dropper, and the functionalities of the browser plugins are nearly the same.

Figure 11. Code differences between Rilide Stealer plugin samples, both using the same C2 server

Rilide Stealer Origins

In the course of our research, we have encountered several stealer extensions for sale that advertised capabilities closely resembling those of the Rilide samples. However, we were unable to definitively link any of them to Rilide. One noteworthy finding was a botnet sale advertisement from an underground forum dated March 2022. Although the advertised functionalities matched those of Rilide, the botnet also included additional features such as a reverse proxy and ad clicker. Notably, the botnet's automatic withdrawal function supported the same exchanges observed in the Rilide samples.

Figure 12. Underground forum post advertising sale of botnet with Rilide-like capabilities

On February 27, 2023, a member of the same underground forum posted a link to the source code for the Rilide extension, reportedly due to an unresolved payment dispute. The leaked source closely resembles that used in the Aurora Stealer campaign but did not contain any of the injected scripts observed in the campaign sample.

Figure 13. Underground forum post, dated February 27, 2023, containing a link to part of the Rilide extension source code.

Notably there is one feature implemented that is missing in the later versions - swapping cryptocurrency wallet addresses in the clipboard. The list of addresses to be replaced is hard coded in the source code.

Figure 14. Clipboard hijacking routine in the analyzed sample from the forementioned forum post.

Pivoting on the Command-and-Control domain ashgrrwt[.]click hard coded in the sample, we identified additional Rilide loaders leading us to the GitHub user gulantin.

Figure 15. Github repository storing multiple Rilide loader and extension samples

Repositories created by this user contain loaders for the Rilide extension, but they are not Rust-based. The sample in the repository named ‘77’ is a .NET extension loader only for the Chrome browser, unlike the later Rust-based version that works for all Chromium-based browsers. Other loaders found in repositories 19 and 789 are based on Advanced Installer – a legitimate Windows Installer Packaging Tool for MSI installers.

Figure 16. Extension loading routine of the custom .NET loader from gulantin’s repository 77

The address contained in the domain variable that is supposed to store the C2 domain suggests that this version of a loader was still under development when submitted to GitHub.

Figure 17. Part of JavaScript configuration in the Rilide extension hosted on GitHub

Conclusions:

The Rilide stealer is a prime example of the increasing sophistication of malicious browser extensions and the dangers they pose. Disguised as a legitimate Google Drive extension, Rilide provides threat actors with the ability to carry out a wide range of malicious activities, including monitoring browsing history, capturing screenshots, and injecting malicious scripts to steal funds from cryptocurrency exchanges.

While the upcoming enforcement of manifest v3 may make it more challenging for threat actors to operate, it is unlikely to solve the issue entirely as most of the functionalities leveraged by Rilide will still be available.

Informational overload can dull our ability to interpret facts accurately and make us more vulnerable to phishing attempts. It is important to remain vigilant and skeptical when receiving unsolicited emails or messages, and to never assume that any content on the Internet is safe, even if it appears to be.

Ultimately, it is crucial to stay informed and educated about the latest cybersecurity threats and best practices to minimize the risk of falling victim to phishing attacks.

Indicators of Compromise:

Publisher File:

File name	Hash Type	Hash
Tes7777.pub	SHA256	0e31ff6406b03982581246b7dd60f3b96edcf0bd007b31766954df001fd68f69
	SHA1	e049f56198c23d86e9083142bfe80042e21d4b8e
	MD5	558104b26ccadec3d3eb2925113387a6

Aurora Stealer:

File name	Hash Type	Hash
PackageLauncher.exe	SHA256	e623984143e0dc6e35c79869ab1521c6714e588e8e648606496f8372ca0d8416
	SHA1	b1c100d5a99ae34ccb3654c7b7f8573376a44fd9
	MD5	c28a180de1f80c8c98d0904e64142bef
-	SHA256	ebd72806abd354f3162eec0991d127f993a5dde1a0c719b47087c9ee0edefeaf
	SHA1	abaaa2644b1e84e8b39119988dd711572377c839
	MD5	1baaeedd1a26edf4fa79ded370e3d19a

Rilide Loader:

File name	Hash Type	Hash
2.exe	SHA256	0f11aeecbde1f355d26c9d406dad80cb0ae8536aea31fdddaf915d4afd434f3f
	SHA1	b4b918a5898463dad1c7d823e0b3f828bac15aad
	MD5	0a4f321c903a7fbc59566918c12aca09
waBp.exe	SHA256	8342b134cddeaf34ce05bafa9e860dacf6cd01b85fd00147d90a350516c055e5
	SHA1	25f3fb6d2dab206a5e9b2c0ef26ec6d6a56c5767
	MD5	561797d7e5cf956e33735180d93be5b6

Rilide Extension:

File name	Hash Type	Hash
background.js	SHA256	4cc83be0fa496855d244050616ee2e86b044a9bc87bc5ca70b305986c1ba3bb8
	SHA1	70167e7e5d71fba7d92796324b488c0fb9727712
	MD5	766d020e902b6470d0510e5c6cfcd6e8
background.js	SHA256	55251c725e9f6f51b8db7a631b54dd85b1b59d644c3219e03ceffb0c49cd00a4
	SHA1	a39d252e7927ae1adf518e6a3dd08f37e7ee7c26
	MD5	d9cca3dd5bdaeb0466d52821b584602b
background.js	SHA256	1b01c3e554700e1282c7fdd2dcb54314516ee1f0c5eef3560cdbabc1ba776293
	SHA1	ffebf78a9692293a23f9a477ea8a79f7f6ef5aa2
	MD5	9e5f43b2dc1606e27fa0cfdfb4e363d2
app.js	SHA256	a28c623d120a76dcfeef9504eaeefabac9d33f292576ccf012fa458b8d7bc6ef
	SHA1	a46586bfe22f4d84cd9174238740af275bf50c69
	MD5	740606987f4d588c89d0a5b68648e31e
app.js	SHA256	8989f4244667626728c6c0083422ff714cb622c92c35a53f9cb1e9891f4528ff
	SHA1	5012e783b2ee29cb40b04a10d1a40d0bfda683d9
	MD5	1c54dd00bc7cc52b60ad4a46e2fb3a77
vpn.js	SHA256	170a13a7a8757336babe857804fa24b6cb20aaa9593b32546d7151f23095a510
	SHA1	eafdc35b233600ef552b87e684faa3ab3396eae9
	MD5	d54fa225b07298ec34be872cd4ebf4ae
manifest.json	SHA256	bb57a504e0b821552344cecb3da9ecdd0d61817264617a4917d6f5e64a1df7e5
	SHA1	0cb1d9c2a3c8b776ef1e3ec1316fbf595ced7863
	MD5	baee9ba0b94ea1e2b2e566fc8a615554
manifest.json	SHA256	d70e933e10e667ae7ef6e68a625c447be8aabe9b29affdad999c969bd8769003
	SHA1	84db08e3dcbe40c7cbc998a77788f7303d4a2905
	MD5	99dc4073f2fe91f48fd16bc65e7dcbc2
binance.js	SHA256	c8939f8d6237fcc17d486981a800b1e7e9974377de21d7e76677babe8ed536af
	SHA1	f689396c73055e99a06e002c39e3a74d3d402607
	MD5	2cc204564b68c5a98b1ff68d861b66c5
bitget.js	SHA256	2e310391d77022bcc708c354140319718777ca35efdfb76d6c80cb9de8c8091e
	SHA1	05536aa80f8280ddc31be5c0ac3ca995f2190a0a
	MD5	646b9404a29febe9f3741797b79e300c
blockchain.js	SHA256	4bbb0584eed0c082b5c43d3f259f37cf1a0b64eabb485e85090951a6566d98d4
	SHA1	28ae2440c56350f65b607e4e99b67a2632db873b
	MD5	253f4319673673d2bf5285558a6903df
bybit.js	SHA256	9dca66f52f31dca921fb238bd36bfc1b1a59d3e4af7b071da9bc4c6bf294e402
	SHA1	61acdad59223a9eb0b392ccd085db1e49700d65
	MD5	50e363409ba77b20fb6f0bce4eff7b1
coinbase.js	SHA256	4df0f18a7e05518bbe93758e751f1f462fef212cdc786c7217d50ddbda14efb5
	SHA1	39f546a4ec94e63e603e3c2481fecab2b5e8a475
	MD5	c1f40584e4ac391d97218ce137a63fb3
ftx.js	SHA256	ef20c929f5204b223b6e53dc406ea0bcd76d9e98c9ae4942037902883d4bb22a
	SHA1	0ead1d32ce6b15c4a90373fce58d1554035cd40f
	MD5	ebce63fdc8ef245f117f06ada3ba0f6d
huobi.js	SHA256	e1ad66cc0244fc075e0aabe0fd19502d4c9617829b90aa210e74be1d915275d2
	SHA1	2449e4b27d778f6a4ffc00bb7b73926ac2c54e8a
	MD5	4abe60d2c3506f4767e163d135f89f92
kraken.js	SHA256	a7f0fdfdfdf1ef65799fd2114bf5c1e133a8b7635b498b334553fbb64b218a05
	SHA1	ec6de82efa93e59da148f4d696efcfca851e051e
	MD5	b85c5659e946b5d7ad78410356288928
okx.js	SHA256	68278b40b59b1b0db2f814d2d864f0b9c2b4285f5795d22cabf60715f922989c
	SHA1	415d790b54ca8e374f37fdbb00090110b823ba18
	MD5	ff4e2df1a46d49862ab2a0af830a007e
gmail.js	SHA256	2f947644c7752ba014eae7971b247be60249a6088923c66ffe9886a7f5c5fe1c
	SHA1	add0d61399c8c47f8ac73dc83cc83dfa31cddeca
	MD5	c0e120778853f0a4865e006a07cd728a

Phishing Websites:

Malware	Domain
Aurora	nvidia-graphics[.]top

C2 Servers:

Malware	Domain
Ekipa RAT	nch-software[.]info
Aurora	45[.]15[.]156[.]210
Rilide	vceilinichego[.]ru
Rilide	ashgrrwt[.]click

Wallet Addresses:

Cryptocurrency	Address
BTC	bc1qkczacyp5jq29s5kaphth4asu8cv2y4u4gdgj7q
BTC	bc1qsjg8dqx6ga30h6szjd8dv2wg50ch50qrey4t7j
BTC	1KqequymujeNJuyB4gH7oJSFTB3En3Hf5n
ETH	0xDBc1330056E2F5e2FB11FB3C96dE2c44B313eA8d
LTC	LRYpzmnqBVozkbzJhTWndzYDPfjmNPyaLv
XRP	rUPTadzFN6LS662Z2d2AvNyqU1xwg2japJ
TRON	THiD8hFLiEyULVKLp3DSbBXQSbR3MQxm4X
DOGE	D5asYfjtbTtFmFkrEwqVgbJKYv9YT7Tgjh

Link

Join the TheDinarian Community

To read more articles like this, sign up and join my community today

What else you may like…

Videos

Podcasts

Posts

Articles

thedinarian@thedinarian

August 09, 2025

Abolish The IRS?

I have been saying for YEARS that taxes have been 💯 % VOLUNTARY since WWII. DYOR, they started as VOLUNTARY DONATIONS for the war effort. They need this to look legit, if the people realized that the government has been lying to them for all these years, it would be instant chaos and a new civil war and revolution.

With President DonaldTrump Installing Scott Bessent as IRS Commissioner & Dan Scavino calling to Abolish the IRS on the same day, here's 1 minute, 17 seconds of clips of Trump & Crew hinting the IRS will be abolished....

Enjoy the show... 🍿

00:01:17

thedinarian@thedinarian

August 09, 2025

THIS IS HUGE!🗣️

🧬 New research explores DNA as an electromagnetic fractal cavity resonator—suggesting it may act like a fractal antenna capable of universal sensing.

🔑Key idea:

🔹DNA’s fractal geometry could allow it to interact with electromagnetic fields across multiple scales.

🔹This means it might function not just as a biochemical data store, but also as a signal receiver/transmitter within biological systems.

🔹Potential implications for bio-communication, energy transfer, and even novel sensing technologies.

If true, this reframes DNA as bio-hardware—not just code, but a physical interface with the EM spectrum.

https://www.researchgate.net/publication/321294432_DNA_as_an_Electromagnetic_Fractal_Cavity_Resonator_Its_Universal_Sensing_and_Fractal_Antenna_Behavior

00:03:01

thedinarian@thedinarian

August 09, 2025

🚨 COINBASE UNLOCKS MILLIONS OF ASSETS WITH DEX TRADING 🚨

👉Dinarian Note: This could be their attempt at fixing their crashes during altseasons. Time will tell right?⌛It can't hurt to be prepared! I still use this for 99% of my trades, it's like the "Tripadvisor" of crypto, finding the cheapest and fastest routes around. 🔗https://rebrand.ly/wk2aq8r

========================

Coinbase has launched decentralized exchange (DEX) trading within its main app for U.S. users (excluding New York), allowing direct onchain trading of millions of assets, initially focusing on tokens from its Base Layer 2 network. This move significantly expands access to newly created tokens, enabling immediate trading moments after they go live onchain without waiting for traditional centralized listings.

🔑 Key Points

🔹 Massive Asset Availability: Users can trade millions of Base-native tokens instantly after they are indexed onchain. This includes projects like Virtuals AI Agents, Reserve Protocol Decentralized Tokenized Funds (DTFs), SoSo Value Indices, Auki Labs, ...

00:00:27

thedinarian@thedinarian

October 31, 2024

👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

thedinarian@thedinarian

6 hours ago

What a Working Trading Strategy Consists Of... 📚

When a trader hears the word “strategy,” many imagine a complex formula or dozens of charts with various lines. In reality, it’s much simpler.

📌 A working strategy includes just a few essential elements:

1️⃣ Timeframe — the time interval you trade on, from 1 minute to a week. Everyone chooses according to their style and available time.

2️⃣ Instrument — a currency pair, cryptocurrency, or any other asset. It’s impossible to trade everything equally well — it’s better to focus on 1–3 instruments.

3️⃣Entry conditions — a clear signal that tells you when to open a trade. This could be a breakout, a bounce, an indicator, or a combination of factors.

4️⃣Exit conditions — where to take profit and where to cut losses. It’s important not to guess here but to know in advance what to do in any market scenario.

5️⃣ Risk management — position size, acceptable risk per trade, and total account risk.

⚠️ ...

thedinarian@thedinarian

August 11, 2025

BULL Awakes as Bitcoin Hits $122,000, Ethereum Blasts $4,000, Altcoin Market and XRP Bull Structure

thedinarian@thedinarian

August 11, 2025

HARMONIX PRICE ORACLE POWERED BY PYTH NETWORK

Harmonix relies on @PythNetwork for low-latency, secure price feeds across all vaults and pools on HyperEVM.

With Pyth, our sophisticated strategies run with pinpoint on-chain precision.

The newly live $haHYPE/ $HYPE price feed unlocks collateralized lending and borrowing for $haHYPE, driving deeper liquidity for @HyperliquidX-native assets.

Stronger liquidity means smoother, more sustainable yield generation for every Harmonix user.

https://x.com/harmonixfi/status/1954847247025512672?s=19

X.COM

Harmonix Finance (@harmonixfi) on X

HARMONIX PRICE ORACLE POWERED BY PYTH NETWORK Harmonix relies on @PythNetwork for low-latency, secure price feeds across all vaults and pools on HyperEVM. With Pyth, our sophisticated strategies run

thedinarian@thedinarian

August 02, 2025

Understanding the Crypto Alt Season

The next altcoin season is poised to ignite the crypto market, promising to turn savvy investors' portfolios into goldmines. As Bitcoin's dominance wanes, a new era of blockchain innovation is dawning—are you ready to ride the wave?

Market behavior often exhibits distinct patterns and cycles. One such phenomenon that has captured the attention of traders and investors alike is the "Alt Season"—a period when alternative cryptocurrencies, or "altcoins," outperform Bitcoin and experience significant price surges.

The concept of market cycles and seasonality is not unique to crypto; it's a well-established principle in traditional financial markets. However, in volatile crypto space, these cycles can be more pronounced and occur with greater frequency.

In this article, we’ll try to cover these and other topics:

The nature and characteristics of Alt Seasons
The importance of recognizing market cycles in cryptocurrency trading
Alt Season indicators and how to interpret them
Predictions and speculatins about the next potential Alt Season

What Is Crypto Alt Season?

Crypto Alt Season, short for "Alternative Cryptocurrency Season," refers to a period in the cryptocurrency market when alternative cryptocurrencies (altcoins) significantly outperform Bitcoin in terms of price appreciation. During an Alt Season:

Many altcoins experience rapid price increases.
The market share of altcoins grows relative to Bitcoin.
Trading volume for altcoins typically increases.
Investor attention shifts from Bitcoin to various altcoin projects.

An Alt Season can last anywhere from a few weeks to several months. It's often characterized by increased risk appetite among investors, who are willing to allocate more capital to smaller, potentially higher-risk crypto projects in search of higher returns.

Is Crypto Season the Same As Crypto Alt Season?

While related, Crypto Season and Crypto Alt Season are not exactly the same:

Crypto Season:
- Refers to a broader bullish period in the entire cryptocurrency market.
- Typically includes price appreciation for both Bitcoin and altcoins.
- Can be longer in duration, sometimes lasting for many months or even a year or more.
- Often starts with a Bitcoin rally, followed by increased interest in the broader crypto market.
Crypto Alt Season:
- Specifically focuses on the outperformance of altcoins compared to Bitcoin.
- Can occur within a broader Crypto Season but is more narrowly defined.
- Generally shorter in duration than a full Crypto Season.
- May happen towards the latter part of a broader Crypto Season, as investors seek higher returns in smaller cap coins.

Key Differences:

Scope: Crypto Season encompasses the entire market, while Alt Season focuses on altcoins.
Duration: Crypto Seasons are generally longer than Alt Seasons.
Market Dynamics: In a Crypto Season, Bitcoin often leads the rally, while in an Alt Season, altcoins outperform Bitcoin.

It's important to note that these terms are not officially defined and can be subject to different interpretations within the cryptocurrency community. However, understanding the distinction can help investors and traders better analyze market trends and potential opportunities in different segments of the crypto market.

What Is Alt Season Indicator?

The Alt Season Indicator is a tool used by cryptocurrency traders and investors to gauge whether the market is entering or currently in an "Alt Season" — a period when altcoins are outperforming Bitcoin. While there isn't a single, universally accepted Alt Season Indicator, several metrics and tools are commonly used to assess the likelihood of an Alt Season. Here are some key aspects of Alt Season Indicators:

Bitcoin Dominance

One of the most widely used indicators is Bitcoin Dominance, which measures Bitcoin's market capitalization as a percentage of the total cryptocurrency market cap.

Calculation: (Bitcoin Market Cap / Total Crypto Market Cap) * 100
Interpretation: A declining Bitcoin Dominance often signals a potential Alt Season, as it indicates that capital is flowing from Bitcoin into altcoins.
Threshold: Some traders consider Bitcoin Dominance below 50% as a potential indicator of an Alt Season.

Altcoin Market Cap Ratio

This indicator compares the total market capitalization of altcoins to Bitcoin's market cap.

Calculation: Total Altcoin Market Cap / Bitcoin Market Cap
Interpretation: An increasing ratio suggests growing strength in the altcoin market relative to Bitcoin.

Top 10 Altcoins Performance

This indicator tracks the performance of the top 10 altcoins by market cap (excluding Bitcoin) compared to Bitcoin over a specific period.

Calculation: Average percentage gain of top 10 altcoins vs. Bitcoin's percentage gain
Interpretation: When a majority of top altcoins consistently outperform Bitcoin, it may indicate an Alt Season.

Alt Season Index

Some crypto data platforms offer a proprietary Alt Season Index, which combines various metrics to provide a single score indicating the likelihood of an Alt Season.

Scale: Often presented as a percentage or a 0-100 score
Interpretation: Higher scores (e.g., above 75%) suggest a higher probability of an ongoing Alt Season

Trading Volume Ratios

This indicator compares the trading volumes of altcoins to Bitcoin's trading volume.

Calculation: Total Altcoin Trading Volume / Bitcoin Trading Volume
Interpretation: An increase in this ratio may indicate growing interest in altcoins, potentially signaling an Alt Season.

Important Considerations:

No single indicator is foolproof. Traders often use a combination of indicators for a more comprehensive analysis.
Market conditions can change rapidly, and past patterns don't guarantee future results.
Different traders may use different thresholds or interpretations of these indicators.
The crypto market's evolving nature means that indicators may need to be adjusted over time to remain relevant.

Understanding and effectively using Alt Season Indicators can help traders and investors make more informed decisions about allocating their resources between Bitcoin and altcoins. However, it's crucial to combine these indicators with broader market analysis and risk management strategies.

Alt Seasons: Historical Perspective, Current Situation, and Future Predictions

Previous Altcoin Seasons

In crypto, two periods stand out as particularly significant for altcoins. These "alt seasons" saw unprecedented growth and interest in cryptocurrencies beyond Bitcoin, reshaping the landscape of digital assets.

The 2017-2018 Alt Season

Duration: December 2017 to January 2018

Context:

Bitcoin (BTC) experienced its most remarkable bull run to date, reaching nearly $20,000 in December 2017.
This surge in Bitcoin's price and public interest created a ripple effect throughout the crypto market.

Key Developments:

Proliferation of New Coins: The success of Bitcoin catalyzed the launch of numerous new cryptocurrencies.
Investor Frenzy: Buoyed by Bitcoin's success, investors eagerly sought the "next Bitcoin," pouring capital into various altcoins.
ICO Boom: This period saw a surge in Initial Coin Offerings (ICOs), with many projects raising millions in a matter of hours or days.
Market Expansion: The total cryptocurrency market cap reached unprecedented levels, briefly surpassing $800 billion in January 2018.

Notable Altcoins: Ethereum (ETH), Ripple (XRP), and Litecoin (LTC) saw significant price increases during this period.

The 2020-2021 Alt Season

Duration: December 2020 to April 2021

Context:

Bitcoin broke its previous all-time high, surpassing $60,000 in March 2021.
The COVID-19 pandemic had accelerated digital adoption and increased interest in alternative investments.

Key Developments:

DeFi Explosion: Decentralized Finance (DeFi) projects gained massive traction, with many tokens seeing exponential growth.
NFT Boom: Non-Fungible Tokens (NFTs) entered the mainstream, driving interest in blockchain-based digital assets.
Institutional Adoption: Major companies and institutional investors began adding cryptocurrencies to their balance sheets.
Technological Advancements: Many altcoins introduced innovative features, scaling solutions, and use cases.

Notable Altcoins: Ethereum (ETH) reached new highs, while projects like Binance Coin (BNB), Cardano (ADA), and Polkadot (DOT) saw remarkable growth.

Comparative Analysis: Both alt seasons shared some common characteristics:

They were preceded by significant Bitcoin price rallies.
New projects and tokens gained rapid popularity and valuation.
Retail investor participation increased dramatically.
The overall cryptocurrency market capitalization reached new heights.

However, the 2020-2021 alt season was marked by greater institutional involvement and a broader range of technological innovations, particularly in DeFi and NFTs.

Is It Alt Season?

Based on the indicators discussed above, it's not currently an altcoin season. The Altcoin Season Index at 41 and Bitcoin's market dominance at 61.3% both suggest that Bitcoin is still the dominant force in the crypto market at this time.

When Is Alt Season?

Based on the information we could gather from various experts, we can analyze the predictions for the next altcoin season as follows:

Based on the latest analysis from experts and on-chain data, here’s what we know about the next altcoin season:

Current Status (August 2025):

The altcoin season index—a metric that signals how many altcoins outperform Bitcoin—currently sits around 37. For a “full-blown” alt season, it typically needs to rise above 75.
Bitcoin dominance is approximately 61-62%. Historically, dropping below 60% often coincides with a rapid rotation into altcoins and the start of alt season.

Key Indicators to Watch:

Altcoin Season Index (ASI): Above 75 signals a true altcoin season.
Bitcoin Dominance: A move below 60% usually marks the transition; sub-50% dominance is associated with peak alt season inflows.
Market Activity: Increasing volumes in major altcoins and Layer 1s, meme coin rallies, and spikes in DeFi activity are early warning signs.
Ethereum Outperformance: When ETH surges relative to BTC, this historically precedes broader altcoin rallies.

Expert Predictions for 2025:

Analysts point to a pivotal window for alt season starting as early as August 2025 and extending through the fall, with many expecting true acceleration of altcoin gains if Bitcoin’s price consolidates and capital rotates further into alts.
There is strong consensus that macroeconomic catalysts, such as potential U.S. interest rate cuts and ongoing Bitcoin ETF momentum, could fuel a major altcoin rally in late 2025 if positive conditions persist.

Summary Table: Key Factors & Targets

Signal	Alt Season Trigger	Status (Aug 2025)
Altcoin Season Index (ASI)	>75	~37
Bitcoin dominance	<60%	~61–62% (near trigger)
Altcoin trading volume	Sustained surge across many alts	Rising, but not explosive
Ethereum outperformance	ETH/ BTC breakout, >$3,700	Near, ETH ~$3,500
Market narratives	AI, DeFi, meme coins, new L1 inflows	Strengthening

Bottom Line:
Most analysts agree the groundwork for altcoin season in 2025 is building. We are currently in a transition phase: if Bitcoin dominance continues to fall and the Altcoin Season Index rises above 75, a full-fledged alt season could ignite during the second half of 2025. Monitor these key indicators to stay ahead as market momentum shifts from Bitcoin into a broader range of altltcoins.

Key Factors to Consider

Technology: Look for coins with innovative solutions to existing blockchain challenges.
Adoption: Consider projects with growing partnerships and real-world use cases.
Market Position: Established coins with room for growth may offer a balance of stability and potential returns.
Tokenomics: Understanding supply dynamics can help predict potential price movements.

It's crucial to conduct thorough research before investing. The cryptocurrency market is highly volatile, and past performance doesn't guarantee future results. Always invest responsibly and within your risk tolerance.

How to Win in Next Alt Season?

Capitalizing on the next altcoin season requires a strategic approach. Here's how to maximize potential gains:

Research and Diversification: Thoroughly research potential investments, analyzing both fundamentals and technical aspects to identify promising altcoins. Diversify your holdings across different projects to mitigate risk and maximize potential returns. Don't put all your eggs in one basket.
Strategic Timing: Utilize technical analysis tools like support/resistance levels and RSI to pinpoint optimal entry and exit points. Monitor market sentiment and price trends to make informed decisions. A clear entry and exit strategy is crucial for managing risk and maximizing profits during volatile periods.
Newer Projects: Consider participating in newer altcoin projects. This provides early access to potentially high-growth projects at discounted prices. Research upcoming defi projects with use cases, focusing on innovative projects with strong potential. Investing early can yield substantial returns as the project develops.

Conclusion

In summary, an altcoin season, marked by significant price increases in non-Bitcoin cryptocurrencies, may be on the horizon. This potential surge could be driven by investors seeking higher returns in smaller-cap cryptocurrencies, technological advancements in altcoin projects, increased blockchain adoption, and the transition of projects from speculative ventures to real-world applications.

Remember, while the potential for significant gains exists during an altcoin season, the cryptocurrency market remains highly volatile. Always invest responsibly.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal:
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Read full Article

thedinarian@thedinarian

July 28, 2025

PYTH: We'll Always Have Coldplay

Welcome back to The Epicenter, where crypto chaos meets corporate cringe.

But surprisingly, crypto has not been the most chaotic corner of the internet as of late.

That honor goes to the startup Astronomer, whose CEO’s cheating scandal broke the web in a glorious meme-fueled media frenzy. The company’s damage control? Hiring Gwyneth Paltrow as a “temporary spokesperson.” Do we think they’re grasping at straws or setting a new standard for PR?

Meanwhile, the markets didn’t blink. BTC is still flexing near its all-time highs. Michael Saylor’s bringing a bitcoin-adjacent money-market product to Wall Street. A pharma company just earmarked $700M to stack BNB, and analysts are calling time of death on the four-year crypto cycle. It’s a steady boom now, kittens.

A few things that are also worth noting: Winklevoss vs. JPMorgan, Visa’s take on stablecoins, and Robinhood’s Euro drama that defies the chillness of eurosummer.

Let’s get into it 👇

⛓️ The On-Chain Pulse: What’s Happening on the Front Lines of Finance

This week’s biggest news in crypto and all things digital assets

PR crisis? Just add Gwyneth; data company Astronomer tapped Gwyneth Paltrow as its “temporary spokesperson” amid a workplace cheating scandal—because nothing says damage control like Chris Martin’s ex-wife
Winklevoss twins claim JPMorgan blocked Gemini onboarding in retaliation for criticizing its new data access fees—JPM says it’s just trying to protect consumers
Michael Saylor is backing a new money-market-style fund that doesn’t hold Bitcoin directly, but taps its return profile to deliver high yields to Wall Street investors
Windtree Therapeutics—a Nasdaq-listed drug company—plans to buy up to $700M in BNB after the token hit a new ATH, raising eyebrows as it adds the fifth-largest crypto to its balance sheet
The 4-year crypto cycle is “officially dead,” according to experts, who now see a steadier boom driven by ETFs, institutional demand, and macro tailwinds
Bitcoin Cash surged past $580 this weekend, with analysts eyeing a breakout toward the $620–$680 range amid bullish chart patterns
Two brokers are battling to become Asia’s Robinhood as Hong Kong’s new stablecoin bill sparks optimism around a boom in regional crypto trading
Visa’s head of crypto says the payments giant isn’t sweating stablecoins, despite growing momentum across blockchain-based payment rails
Senator Elizabeth Warren slammed the GENIUS Act (to absolutely no one’s surprise) warning that crypto lobbying is setting up Americans to "pay the price" like they did before the 2008 financial crisis
XRP Mining just launched a mobile app that turns your smartphone into a passive income machine—no hardware, no skills, just daily mining rewards from your pocket

🗣️ Word on the Street: What the Experts are Saying

Stuff you should repost (or maybe even cough reword and take credit for)

Doug Colkitt argues that DeFi’s obsession with decentralization at all costs sacrifices performance, and what the space really needs is minimum viable decentralization (MVD)
Kinjal Shah of Blockchain Capital points to the latest charts showing that DEXs are flipping CEXs and the “DeFi mullet” is officially in style; think slick frontends, protocol backends, and a market moving at warp speed
David Sacks says this week marked a turning point for US AI policy, with Trump’s first major AI speech, a new White House Action Plan, and three executive orders signed into law
Emilie Choi of Coinbase says she doesn’t want to be the best female COO—just the best COO
Boring Business reminds us that em dashes have been ruined forever (we should probably hold a funeral)

Meme of the Week

🏦 Kiss my SaaS: What’s Changing the Game for Fintech

Things you should care about if you want to impress your coworkers

Estonia’s top tech founders are backing Lightyear, a European Robinhood rival that just raised $23M and dropped new AI features to help retail investors decode stock moves
Fintech and crypto groups are urging Trump to safeguard open banking rules, warning that rollbacks could jeopardize access to wallets, DeFi apps, and stablecoins amid mounting pressure from traditional banks
Robinhood stock is up 280% as the company leans into crypto and wealth management—but analysts are cooling off, citing overvaluation risks despite the growth
Meta is investing $14.3B into Scale AI and hiring its CEO, Alexandr Wang, as part of a sweeping AI push that marks one of the biggest talent acquisitions in the space this year
Mastercard’s 2024 Impact Report spotlights its efforts across financial inclusion, climate action, and digital access, framed around its “People, Prosperity & Planet” pillars

Closing Thoughts

From meme-fueled PR stunts to Bitcoin-backed money-market funds, this week reminded us that markets move fast—and headlines move faster. With Wall Street automating itself, fintechs beefing with banks, and even your smartphone becoming a miner, anything is possible. Stay curious, stay cynical, and as always—stay sharp and stay liquid. We’ll see you back here in two weeks.

— The Epicenter, powered by Pyth Network

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal:
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Read full Article

thedinarian@thedinarian

July 27, 2025

4 Fintech Companies 💸& Things To Know About 🤔

The fintech revolution is reshaping the way we manage, invest, and move money, breaking down traditional barriers and empowering individuals worldwide. As financial technology continues to evolve at a rapid pace, a select group of innovative companies are leading the charge by offering groundbreaking solutions that redefine banking, payments, and digital assets. Whether you’re a savvy investor, an industry professional, or simply curious about the future of finance, discovering these trailblazing fintech companies is essential to understanding today’s dynamic financial landscape.

Alina Invest - The AI Wealth Manager for GenZ Women

Alina is aimed at women under 25 who identify as beginner investors. They're an SEC-registered investment advisor that charges $120/year for membership. The service "buys and sells for you" and gives up notification updates of recent transactions like a wealth manager would.

👉 Getting people to invest early is crucial to building long-term wealth. One thing that holds them back is a lack of confidence and experience. Being targetted "for beginners" and people who live on TikTok should appeal. I love the sense of "we're buying and selling for you." Funds always do that, but making it an engagement mechanic is very smart. The risk here is that building a wealth business will take decades for the AUM to compound. But the next generations, Wealthfront or Betterment, will look something like Alina.

2. Blue layer - The Carbon project funding platform

Bluelayer allows Carbon project developers to take from feasibility studies to issuing credits, tracking inventory, and managing orders. Developers of reforestation, conservation, direct air capture, and other projects can also directly report to industry registries.

👉 Carbon investing and tax credits are heavily incentivized but need transparent data. By focusing on the developers, Bluelayer can ensure the data, reporting, and credits lifecycle is all managed at the source. This is smart.

3. Akirolabs - Modern Procurement for enterprise

Akiro is a "strategic" procurement platform aiming to help enterprise customers identify risks, value drivers, and strategic levers before issuing an RFP. It aims to bring in multiple stakeholders for complex purchasing decisions at multinationals.

👉 Procurement is a great wedge for multinational corporate transformation. Buying anything in an enterprise that uses large-scale ERPs is a nightmare of committees and spreadsheets. Turning an oil tanker-sized organization around is difficult, but the right suppliers can have a meaningful impact in the short term. That only works if you can buy from them. Getting people on the same page with a single platform is a great start.

4. NeoTax - Automated Tax R&D Credits

NeoTax allows companies to connect their engineering tools to calculate available tax advantages automatically. Once calculated, the tax fillings are clearly labeled with supporting evidence for the IRS.

👉 AWS and GCP log files and data are a goldmine. Last week, I covered Bilanc, which uses log files to figure out per-account unit economics. Now, we calculate R&D tax credits. The unlock here is LLM's ability to understand unstructured data. The hard part is understanding the moat, but time will tell.

In an era where technology and finance are increasingly intertwined, these four fintech companies stand out as catalysts for positive change. By driving progress in digital payments, asset management, lending, and decentralized finance, they are not only making financial services more accessible and efficient—they are also paving the way for a more inclusive and empowered global economy. Staying informed about their innovations can help you seize new opportunities and take part in the future of finance.

👀Things to know 👀

1. PayPal’s Q4 Results are weak sauce / Adyen’s revenue up 22%

PayPal issued low guidance and warned of a “transition year.” The stock is down 8% in extended trading despite PayPal reporting a 9% growth in revenue and 23% EBITDA. Gross profit is down 4% YoY. PayPal's total revenues were $29Bn for the year

Adyen reported 22% revenue growth and an EBITDA margin of 46% for the full year. Adyen's total revenues were $1.75bn for the full year. The margin was down from 55% the previous year, impacted by hiring ahead of growth.

🤔 PayPal’s Braintree (unbranded) is losing market share in the US, while Adyen is winning it. eCommerce is growing ~9 to 10% YoY, and PayPal’s transaction revenue grew by 6.7%. The higher interest rate environment meant interest on balances dragged up the total revenue figure. Their core business is losing market share. Adyen is outgrowing the market by ~12%.

🤔 The PayPal button (branded) is losing to SHOP Pay and Apple Pay. The branded experience from Apple and Shopify is delightful for users; it’s fast and helps with small details like delivery tracking. That experience translates to higher conversion (and more revenue) for merchants.

🤔 The lack of a single global platform hurts PayPal, but it helps Adyen. In the earnings call, the new CEO admitted their mix of platforms like Venmo, PayPal, and Braintree are holding them back. They aim to combine and simplify, but that’s easier said than done.

🤔 Making a single platform from PayPal, Venmo, and Braintree won’t be easy. There’s a graveyard of payment company CEOs who tried to make “one platform” from things they acquired years ago. It’s crucial if they’re going to grow that they get their innovation edge back. Adyen has one platform in every market.

🤔 PayPal’s UK and European acquiring business is a bright spot. The UK and EU delivered 20% of overall revenue, growing 11% YoY. Square and Toast don’t have market share here, while iZettle, which PayPal acquired in 2018, is a strong market player. Overall though, it’s yet another tech stack and business that’s not part of a single global platform.

2. Iran used Santander and Lloyds Bank to evade sanctions.

The two banks provided accounts to UK front companies secretly owned by an Iranian petrochemicals company. PCC has used these entities to receive funds from Iranian entities in China, concealed with trustee agreements and nominee directors.

🤔 This is the headline every bank CEO fears. Oof. Shares of both banks have been down since the news broke, but this will no doubt involve crisis calls, committees, appearing in front of the regulator, and, finally, some sort of fine.

🤔 The "risk-based approach" has been arbitraged. A UK company with relatively low annual revenue would look "low risk" at onboarding. One business the FT covered looked like a small company at a residential address to compliance staff. They'd likely apply branch-level controls instead of the enterprise-grade controls you'd see for a large corporation.

🤔 Hiring more staff won't fix this problem; it's a mindset and technology challenge. In theory, all of the skill and technology that exists to manage risks with large corporate customers (in the transaction banking divisions) are available to the other parts of a bank. In practice, they're not. Most banks lack a single data set and the ability for compliance officers in one team to see data from another part of the org. Getting the basics right with data and tooling is incredibly hard and will involve a multi-year effort.

🤔 These things are rarely the failure of an individual or department; the issue is systemic. While two banks are named in this headline, the issue is everywhere. Banks need more data and better data to train better AI and machine learning. That all needs to happen in real-time as a compliment to the human staff. Throwing bodies at this won't solve the visibility issue teams have.

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal:

1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡ The Dinarian

Read full Article

Available on mobile and TV devices