Web3 updates are reshaping the crypto landscape this week with major developments. A new multi-asset ETF just launched on Nasdaq. At the same time, a massive DeFi hack has rattled investor confidence worldwide.
Web3 Updates This Week: A Landmark ETF, a Billion-Dollar Hack, and Wall Street’s Growing Caution
Web3 updates keep coming fast, and this week delivered some of the most consequential developments the space has seen in months. From a groundbreaking ETF debut on one of the world’s most prominent stock exchanges to a sophisticated crypto laundering operation tied to state-sponsored hackers, the crypto industry once again showed exactly why it keeps the world watching. Additionally, concerns from major Wall Street analysts are beginning to ripple outward, raising questions about how traditional finance will respond to increasingly bold exploits targeting decentralized infrastructure.
Let us walk through each story in detail, because each one carries real implications for investors, developers, and the broader financial system.
GSR Launches the First Multi-Asset Crypto ETF With Staking on Nasdaq
To begin with, the most exciting piece of news this week comes from crypto market maker GSR, which officially launched its GSR Crypto Core3 ETF on the Nasdaq exchange under the ticker symbol BESO. This marks the first actively managed multi-asset crypto ETF in the United States, and it is a genuinely significant milestone for the industry.
So, what exactly does the fund offer? It provides direct exposure to three of the most prominent cryptocurrencies in the market: Bitcoin (BTC), Ethereum (ETH), and Solana (SOL). Furthermore, the fund goes beyond simple price exposure by accumulating staking rewards where applicable. In practical terms, this gives investors a pathway to earn yield within a fully regulated ETF structure, something that has not been available through U.S.-listed products until now.
The fund also features weekly rebalancing based on research signals from GSR’s team. As a result, portfolio weights shift dynamically rather than staying frozen. GSR charges a 1.00% management fee for the product, which is broadly competitive within the actively managed ETF space.
For context, this launch matters because it signals a notable evolution in how institutional and retail investors can access crypto assets. Previously, single-asset ETFs like those tracking Bitcoin or Ethereum dominated the conversation. Now, however, diversified exposure with yield generation is entering the picture in a regulated wrapper. That changes the value proposition considerably for large allocators who have been waiting on the sidelines.
Sources: The Block | CoinDesk | Business Insider
The Bigger Picture Behind the GSR ETF Launch
Beyond the product itself, the GSR ETF launch reflects a broader trend that has been building throughout the past year. Specifically, traditional finance infrastructure is increasingly making room for crypto assets rather than treating them as an afterthought. Moreover, the inclusion of staking rewards in a regulated product is a conceptual breakthrough. It suggests that regulators and issuers are becoming more comfortable with the idea that crypto assets can generate passive income, not just price appreciation.
Additionally, the multi-asset approach matters from a portfolio construction standpoint. Rather than betting on a single blockchain, investors who buy BESO get exposure to the infrastructure layer (Ethereum), the dominant store-of-value narrative (Bitcoin), and one of the fastest-growing smart contract platforms (Solana). Therefore, in a single trade, they access three distinct value drivers in the crypto ecosystem.
Web3 updates like this one often get buried under security headlines, but this launch deserves sustained attention. Institutional appetite for diversified, yield-enhanced crypto products is clearly growing, and this ETF sets a new benchmark that others will likely follow.
North Korean Hackers Begin Laundering Stolen KelpDAO Funds Through THORChain
On a much more alarming note, on-chain analysts have confirmed that funds stolen in the massive KelpDAO exploit are actively moving through laundering operations. The attack, widely attributed to North Korea-linked groups including the Lazarus Group and TraderTraitor actors, resulted in roughly $290 to $300 million in stolen assets.
According to on-chain data, attackers moved large sums of ETH through a network of intermediary wallets. Over $175 million in recent transfers reportedly flowed into freshly created wallets before being routed through privacy tools like Umbra. Subsequently, those funds crossed chains via THORChain, moving from the Ethereum network onto Bitcoin.
The scale of the operation is striking. Reports indicate the use of over 400 separate addresses in the laundering process. Consequently, THORChain experienced a sharp spike in trading volume during these movements, as analysts monitoring the blockchain flagged the unusual activity in real time.
From a technical standpoint, the attackers exploited vulnerabilities in cross-chain bridge infrastructure and single-validator setups. This is a pattern that has appeared repeatedly in major DeFi exploits over the past two years. Furthermore, the use of cross-chain swaps to obscure the trail adds a layer of complexity that makes fund recovery extremely difficult.
Sources: Finance Yahoo (Jefferies Report) | Arkham Intelligence | ZachXBT on X
THORChain’s Role and the Cross-Chain Problem
To understand the gravity of this situation, it helps to know what THORChain actually does. It is a decentralized liquidity protocol that allows users to swap assets natively across different blockchains without wrapping tokens. In theory, this is a powerful tool for legitimate DeFi users who want seamless cross-chain access.
In practice, however, the same properties that make it useful for honest users also make it attractive to bad actors. Because THORChain processes swaps permissionlessly and without identity verification, it has become a recurring tool in large-scale crypto laundering operations. Notably, this is not the first time state-linked actors have used the protocol after a major theft.
The DeFi community faces a genuine tension here. On one hand, permissionless design is a core value in Web3. On the other hand, when billions of dollars can be moved across chains and obscured without oversight, the consequences extend far beyond the crypto space. Moreover, the sharp volume spike on THORChain during these transfers drew attention precisely because it was visible on-chain, which illustrates that blockchain transparency cuts both ways.
Web3 updates around security incidents like this one are critical for anyone building in or investing in decentralized finance. Understanding the attack surface is the first step toward closing it.
KelpDAO Contagion: Withdrawals Hit Aave and Beyond
The fallout from the KelpDAO hack did not stay contained to KelpDAO alone. In fact, the ripple effects spread quickly to other DeFi protocols. Notably, Aave, one of the largest decentralized lending platforms, experienced significant withdrawals in the days following the exploit.
This kind of contagion is a recurring feature of DeFi’s interconnected architecture. Because protocols often rely on shared liquidity, collateral, and bridged assets, a major exploit in one place can quickly trigger defensive withdrawals across the broader ecosystem. Consequently, liquidity providers and borrowers moved to reduce their exposure, pulling funds as a precaution.
Furthermore, the KelpDAO incident added to a growing list of high-profile DeFi failures that have collectively cost the space billions of dollars over the past few years. Each new exploit reinforces the argument that security infrastructure in Web3 has not kept pace with the speed of financial innovation. Clearly, that gap needs to close.
Sources: Unchained Crypto | RootData
Wall Street Analysts Warn the Hack Could Slow Blockchain Adoption
Perhaps one of the most significant dimensions of the KelpDAO story is its potential impact on traditional finance. Analysts at Jefferies LLC published a note warning that the hack could prompt banks, asset managers, and payments firms to slow down or reassess their blockchain and tokenization initiatives.
The logic here is fairly straightforward. Many large financial institutions have been exploring blockchain technology as a way to streamline settlement, improve transparency, and expand access to tokenized assets. However, when a single exploit in cross-chain infrastructure can drain hundreds of millions of dollars in minutes, risk managers at these firms take notice.
Interestingly, Jefferies noted that the spillover to conventional markets appears limited for now. Nevertheless, the underlying concern remains: DeFi systems are still maturing, and the security vulnerabilities that exist in nascent infrastructure could become major liabilities for institutions that move too quickly.
For traditional finance, the calculation has always been a balance between the opportunity cost of missing a technological shift and the reputational or financial risk of being caught in a high-profile failure. Given the KelpDAO hack and others like it, that calculus has become more complicated, at least in the short term.
Additionally, the event reinforces the importance of distinguishing between the use of blockchain technology in controlled, permissioned environments (which many banks prefer) and full participation in open, permissionless DeFi. These are quite different risk profiles, and the KelpDAO incident has sharpened that distinction considerably.
Sources: Bloomberg | The Street
Security Standards in Web3: The Ongoing Challenge
Stepping back to look at the broader pattern, it becomes clear that security remains Web3’s most persistent and consequential challenge. Across 2023, 2024, and now well into 2025, high-profile exploits have consistently undermined confidence just as the space was gaining mainstream traction.
The root causes vary. Sometimes the problem is a smart contract bug. Other times it is a flawed bridge design or a compromised key. In the KelpDAO case, single-validator setups appear to have created a critical point of failure that sophisticated attackers knew how to exploit.
The good news, comparatively speaking, is that the on-chain transparency of blockchain networks means attacks can often be tracked in real time. Indeed, analysts like ZachXBT and platforms like Arkham Intelligence have become crucial parts of the ecosystem, providing rapid attribution and public accountability that simply does not exist in traditional finance.
The harder challenge, though, is prevention rather than detection. The tools to track funds after a hack are impressive. The tools to stop hacks before they happen are still catching up. Therefore, protocol developers, auditors, and the broader community need to continue raising the baseline security standard across the board.
Furthermore, state-linked actors like North Korea’s Lazarus Group represent a distinct threat tier. These are not opportunistic individual hackers. They are organized, well-funded teams operating with geopolitical backing and long time horizons. Defending against that level of adversary requires a fundamentally different posture than defending against typical financial crime.
Web3 updates in the security space are thus not just technical news. They are, in many ways, a window into a broader geopolitical contest playing out on-chain.
Connecting the Dots: Innovation and Risk Walk Together
Taken together, this week’s web3 updates reveal something essential about where the industry stands today. On one side, you have genuine, regulated progress: a multi-asset ETF with staking on one of America’s top exchanges, offering institutional-grade exposure to three leading blockchain ecosystems. That is real forward movement.
On the other side, you have a $300 million hack carried out by state-sponsored actors, triggering cross-chain laundering operations across hundreds of wallets and rattling Wall Street’s growing enthusiasm for DeFi.
Both realities are true simultaneously, and that tension is not going away. The crypto industry will not solve security by slowing down innovation, and it will not unlock its full potential by ignoring the vulnerabilities in its infrastructure. Consequently, the path forward requires holding both imperatives at once: building faster and building safer.
For investors, the key takeaway from these web3 updates is that due diligence has never been more important. Understanding which protocols have been audited, which infrastructure assumptions they rely on, and what their response plans look like in case of an exploit is essential research before deploying capital in DeFi.
For builders, the message is equally clear. Security architecture needs to be a first-class concern from day one, not a retrofit after a product has already launched.
Closing Thoughts
Web3 updates like the ones covered this week serve as both a reminder of how far the space has come and how much further it needs to go. A regulated, multi-asset ETF with staking rewards on Nasdaq would have seemed implausible just a few years ago. The fact that it is now a reality reflects the relentless pace of progress in this industry.
At the same time, a $300 million hack tied to North Korean operatives, followed by a sophisticated laundering operation and warnings from major Wall Street analysts, paints a sobering picture of the risks that still exist. These are not small or temporary problems. They are structural challenges that the ecosystem must solve if it wants to earn the trust of the broader financial world.
Overall, the industry is maturing, but maturation is not a straight line. It involves breakthroughs and setbacks, innovation and failure, confidence and caution. Following web3 updates closely is, therefore, one of the most important things any participant in this space can do.
Stay informed, manage your risk carefully, and keep building.
Sources and Further Reading
- The Block: GSR Crypto Core3 ETF Launch – https://www.theblock.co
- CoinDesk: Multi-Asset ETF Coverage – https://www.coindesk.com
- Business Insider: GSR ETF Analysis – https://www.businessinsider.com
- Yahoo Finance / Bloomberg: Jefferies Analyst Note on KelpDAO Impact – https://finance.yahoo.com
- Bloomberg: Wall Street Blockchain Adoption Risk – https://www.bloomberg.com
- Arkham Intelligence: On-Chain Hack Tracking – https://www.arkham.com
- ZachXBT: KelpDAO Laundering Updates – https://x.com/zachxbt
- Unchained Crypto: DeFi Contagion Coverage – https://unchainedcrypto.com
- RootData: Protocol Data and Attribution – https://www.rootdata.com
- The Street: Analyst Commentary – https://www.thestreet.com
