Plus: The data says Bitcoin’s rally is on thin ice

GM. Chopped up the market like a fruit ninja - watch out, it’s a wild mix today.

👀 Lazarus hacker made a mistake.

🍋 News drops: crypto kidnappers get charged in France, BitoPro gets hacked + more

🍍 Market flavor today

Crypto Market Cap: $3.27T -0.14% (24H)
Name		Price	24H	7D
	Bitcoin BTC	$103,802.66	-0.38%	-5.21%
	Ethereum ETH	$2,524.45	0.83%	-0.90%
	XRP XRP	$2.15	0.19%	-7.44%
	BNB BNB	$653.11	0.52%	-2.48%
	Solana SOL	$152.24	-0.80%	-14.13%

Ladies and gentlemen, welcome to June - aka one of crypto's most difficult months on the calendar! 🥲

And according to CryptoQuant contributor Amr Taha, it’s already showing signs it might live up to that title again this year:

👉 Binance is leaking stablecoins

By the end of May, over $1B in stablecoins flowed out of Binance.

When stablecoins leave exchanges, it usually means traders are taking profits or moving to cold storage - not getting ready to buy more.

👉 Long-term holders (LTHs) are taking a step back

The net position realized cap for LTHs - which basically shows how much LTHs are increasing or decreasing their Bitcoin exposure - dropped from over $28B to just $2B by late May.

This means LTHs aren't buying much, despite the recent rally = they might be expecting a pullback.

👉 Big wallets are selling, smaller ones are buying

Over the past 60 days:

• Whales (holding 1K - 10K BTC) have been steadily selling as Bitcoin's price ran from $81K to $110K;

• Smaller wallets (100 - 1K BTC) are buying more as the price climbs.

Whales are usually the “smart money” - early buyers with good timing and deeper pockets. When they’re taking profits, it often means they think the rally is running out of steam.

At the same time, smaller wallets tend to buy in late - just before a market cools off.

This package doesn’t scream “crash incoming,” but it does say: proceed with caution.

Less stablecoin liquidity, quiet LTHs, and divided investor behavior = potential turning point.

Could this mean a cool-off? A consolidation? Another leg up? It's unclear.

But trader Jelle pointed out that Bitcoin has formed a bearish divergence → usually a sign that the rally is losing strength.

If BTC can’t climb back above $104.8K soon, there’s a good chance the price could drop lower to test support zones.

🥝 Memecoin harvest

“How’s the market?” Unhinged, as always 😜

Data as of 07:15 AM EST.

Check out these memecoins and plenty more here.

😬 Lazarus fail

If you know anything about a crypto hack, you've probably heard of the Lazarus Group.

They’re pretty much the final boss of crypto cybercrime - a North Korean state-backed hacking group responsible for some of the biggest thefts in the industry, including the Bybit hack earlier this year.

They’ve always carried this boogeyman of blockchain, mysterious vibe. But a new BitMEX report pulled back the curtain a bit.

And turns out... they're not as flawless as some might think.

Over time, Lazarus seems to have split into smaller teams, and not all of them are equally skilled. Some are pros. Others - not so much.

Case in point: a BitMEX employee got a message on LinkedIn about joining a crypto project.

If you’ve followed Lazarus’ past scams, you know this is something they've done before - so the employee flagged it to the security team.

They were sent a GitHub repo with a Next.js/React project that - surprise - contained malware.

The attacker wanted them to run the code locally, which would've let malicious scripts execute on the employee's computer.

Now, here's what BitMEX found in the code:

• It used JavaScript’s eval() function, which takes a piece of text and treats it like code. So if it says “delete everything,” your computer will actually try to run that command - and that opens the door for attackers to sneak in harmful code;

• The malware tried to connect to suspicious URLs to download even more code - the kind of infrastructure Lazarus has used before in past attacks;

• It collected data like usernames, IP addresses, operating systems, and uploaded all of it to… wait for it… a public Supabase database 😀👍

Yes. Public.

This is like using Google Sheets to store stolen data... and then leaving the spreadsheet unlocked.

The BitMEX team took a look and found nearly 900 logs from infected machines.

And in one of them, they caught a big oopsie: a hacker forgot to turn on their VPN and exposed their real location in Jiaxing, China.

Instead of treating this oopsie as a one-off discovery, BitMEX saw an opportunity here - they built a tool to keep checking the database.

This lets BitMEX:

• Track new infections as they happen;

• Figure out who’s being targeted - devs, exchange workers, or random users;

• Watch for repeat mistakes by the hackers (like more IP leaks);

• Potentially map out patterns - like locations, time zones, or organizational targets.

Lazarus is still dangerous - no doubt about it.

But the more we learn about their tricks (and their mistakes), the easier it becomes to protect people from falling for them.

🍋 News drops

🇨🇿 Pavel Blazek stepped down as Czech justice minister, right after his ministry made about $45M by selling nearly 500 BTC. That's 'cuz, apparently, the crypto came from a guy convicted of running an illegal dark web marketplace.

🚓 French police have charged 25 people for a series of failed crypto kidnapping attempts. Six of them were teenagers and young adults, between 16 and 23 years old.

🇸🇬 Crypto companies in Singapore have been told to stop serving overseas customers unless they've got the proper license. The deadline to follow the rules is June 30, 2025.

👀 Crypto exchange BitoPro says it lost more than $11.5M in a hack that happened on May 8. The company admitted the attack went down while they were updating their wallet system.

🍌 Juicy memes