The Company has implemented a cybersecurity program designed to identify, assess, mitigate, and respond to cybersecurity risks. This program is informed by recognized industry practices, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”). The following disclosure outlines the Company’s cybersecurity risk management strategy and governance, including the Board’s oversight and management’s role.

1. Cybersecurity Risk Management

The Company employs a structured cybersecurity risk management program to assess, identify, and manage cybersecurity risks across its information technology environment, including corporate systems and cloud-based platforms. The Company currently operates in part through shared IT infrastructure and personnel, which provides continuity of cybersecurity controls and practices while the Company develops its standalone capabilities. Key elements of the program include:

2. Governance and Oversight

Cybersecurity oversight is a shared responsibility between the Company’s Board of Directors and management. The Vice President provides cybersecurity updates to the full Board as appropriate, including information regarding the Company’s cybersecurity posture, risk environment, incident trends, and mitigation efforts. The Company is in the process of establishing a formal cadence of cybersecurity reporting to the Board as part of its ongoing business transition. In addition to scheduled updates, management’s incident response procedures require that potential material cybersecurity incidents are escalated to senior leadership and the Board promptly, as appropriate. The Company enforces a top-down approach to cybersecurity governance, ensuring accountability and continuous risk monitoring at all levels of the organization.

3. Management’s Role in Cybersecurity

Management is responsible for the day-to-day execution of the Company’s cybersecurity program. The Vice President oversees cybersecurity initiatives and supervises cybersecurity personnel and processes. The Company’s cybersecurity incident response governance is supported by an Incident Response Policy that is in the process of being established and will define roles and responsibilities, incident classification, documentation expectations, evidence preservation requirements, and communication protocols.

4. Cybersecurity Strategy and Resilience

The Company maintains cybersecurity resilience measures designed to support business continuity and protect critical assets. These measures include monitoring and response capabilities, as well as processes for containment, remediation, and recovery when incidents occur.

5. Material Cybersecurity Incidents

During fiscal year 2025, the Company did not experience any material cybersecurity incidents. No cybersecurity incidents required disclosure under Form 8-K Item 1.05 during 2025.

6. Impact of Cyber Incidents

Cybersecurity incidents, if material, could adversely affect the Company’s financial condition, results of operations, operational stability, and reputation. Potential impacts may include remediation costs, operational disruptions, litigation or regulatory exposure, and reputational harm. The Company evaluates cybersecurity risks as part of its ongoing risk assessment processes.

7. Board Expertise in Cybersecurity

The Board’s cybersecurity oversight is informed through management briefings and periodic updates. The Company may enhance Board education on cybersecurity trends and governance practices as appropriate.

8. Use of Third-Party Services

The Company uses third-party service providers to support certain technology and security functions. Digital asset custody services are provided by BitGo, a qualified custodian maintaining its own security controls and compliance frameworks. The Company evaluates third-party cybersecurity risks through vendor due diligence processes, including review of security documentation and reports where applicable, and monitors third-party risks on an ongoing basis. Given the nature of the Company’s cryptocurrency-focused operations, the security practices of digital asset custodians and blockchain infrastructure providers are a particular focus of the Company’s third-party risk management process.

9. Regulatory and Legal Compliance Risks

The Company is subject to cybersecurity and data privacy requirements, including applicable data privacy laws and SEC disclosure requirements. Failure to comply with applicable requirements could result in financial penalties, legal liabilities, and reputational harm. The Company performs compliance-focused activities as part of its cybersecurity program.

10. Incident Response Plan

The Company maintains an incident response policy framework intended to support timely identification, containment, investigation, remediation, and recovery. Incident response procedures include incident severity classification, escalation, documentation, evidence preservation, and communications protocols.

11. Cyber Insurance

The Company does not maintain standalone cybersecurity insurance coverage. The Company evaluates risk mitigation and risk transfer options as part of its broader risk management considerations.

12. Historical Cyber Incidents

The Company did not record any material cybersecurity incidents during fiscal year 2025.

13. Technology and Infrastructure Risks

The Company’s cybersecurity program includes measures intended to protect systems and data, including monitoring, endpoint protections, access controls, and vulnerability management. As cybersecurity threats continue to evolve, the Company may adjust its cybersecurity tools, processes, and controls over time.

14. Data Security and Privacy Policies

The Company maintains policies and controls intended to protect sensitive data, including access controls and other security measures designed to safeguard data confidentiality and integrity.

15. Ongoing Cybersecurity Efforts

The Company continues to invest in cybersecurity capabilities, including monitoring, vulnerability management, employee awareness training, and improvements to policies and procedures, to address evolving cybersecurity threats. As a company in transition, the Company expects to continue developing its standalone cybersecurity infrastructure and formalizing its governance processes accordingly.