Cryptopolitan

The Brazilian Central Bank has emphasized that crypto compliance is not just a formality. According to the regulator’s supervisor, the action taken on Banco Topazio serves as a model for future enforcement cases, and not as a one-off punishment.

The ruling came after Copas identified several irregularities in the bank’s operations from October 2020 to September 2021. Within those years, the bank executed over-the-counter cryptocurrency transactions without putting proper checks in place to ensure the identities and qualifications of third-party beneficiaries. 

The flagged transactions made up 63% of the bank’s outbound foreign exchange transfers that period and 47% of its primary market activity. Due to this, the committee concluded that the scale of the issue has damaged the institution’s credibility in the country’s foreign exchange market.

Regulators call Banco Topazio’s violations grave

According to Article 4, clause IV of Law 13.506, Copas deemed that the actions committed by Banco Topazio were grave, and the following punishment serves as a model for future enforcement cases that might arise, and not a special punishment for the bank.

The committee mentioned that violations are divided into three main areas: little to no checks on the financial capacity of clients, weak customer registration procedures, and inadequate controls to prevent money laundering and terrorism funding. 

Following the punishment,  three executives were also punished. Ademir Julio Schenatto was fined R$732,000 and banned from holding any position at regulated financial institutions for five years. Allison Forgiarini Ferreira was fined R$471,000, while Haroldo Pimentel Stumpf was fined R$358,000.

Brazil’s central bank fires warning shot to broader industry

While the fines take the spotlight, the underlying message from Ailton Aquino who serves as the Central Bank director and the president of the Copas committe is simple: the commercial restriction imposed on Topazio “could and should also be used, as necessary, as a precautionary measure, without initially requiring the opening of an administrative sanctioning process, whenever we assess that the grounds for applying Law 13.506 are present.”

Aquino also confirmed that the government intends to use the sanctions against other companies in the sector that fail to implement proper client registration or supervision systems, signaling a much tougher approach to managing and controlling the crypto and financial industry.

The wider regulatory crackdown in Brazil 

On April 30, Brazil’s central bank released Resolution BCB No. 561, which placed a ban on all electronic foreign exchange providers from using stablecoins and other crypto tokens like Bitcoin to carry out overseas transactions. The institution placed an order for all EFX payment routes to follow traditional foreign exchange systems or non-residential real accounts.

This new development is aimed at removing digital assets from the country’s regulated framework rather than outrightly banning crypto transfers in the country. With this, the central bank is able to keep international transfers within the foreign exchange channels it can monitor.

These new laws introduce stricter terms and regulations to the ecosystem, as eFX providers must now safeguard client funds in separate accounts, submit monthly reports through the central bank’s foreign exchange system, and store transaction records with the institution for the next ten years.

The smartest crypto minds already read our newsletter. Want in? Join them.

Japan Blockchain Foundation has formally approved plans to issue EJPY, a trust-type yen stablecoin. It will be the fourth stablecoin project launched in six months.

Prior to this announcement, the projects for the JPYC, JPYSC stablecoins were already underway. Japan’s three largest banks, Mitsubishi UFJ, Sumitomo Mitsui, and Mizuho, have also revealed that they were building a stablecoin with their joint effort in late 2025. 

What is EJPY? 

EJPY will be a yen-pegged stablecoin issued under Japan’s Type III electronic payment instrument classification, a trust-based framework that carries significant advantages over other stablecoin categories. 

It will initially launch on Japan Open Chain (JOC), an Ethereum-compatible Layer 1 blockchain run by a consortium of 14 Japanese corporate validators including NTT Communications, Dentsu, and Nethermind. 

Ethereum support is also planned from the start. The foundation said it is targeting circulation on JOC within the 2026 fiscal year, which ends in March 2027. 

EJPY is designed for business-to-business payments, remittances, digital asset settlements, and Web3 services. The foundation has stated that it expects the token “to generate transactions based on real demand.” 

The foundation has started holding discussions with potential trustee businesses regarding things like issuance, redemption, trust asset management, system design, and legal compliance, but launch dates and distribution partners are still subject to regulatory approvals.

Hiroaki Inaba, the CEO of Japan Blockchain Foundation, said the company has been developing Japan Open Chain as a blockchain platform Japanese enterprises can use with confidence. 

Why does the EJPY’s trust structure matter? 

Under Japan’s payment services laws, Type I electronic payment instruments face a per-transaction cap of 1 million yen, which is approximately $6,700. Trust-type stablecoins classified as Type III instruments are exempt from this ceiling. This exemption is what makes the EJPY token the best fit for corporate settlements, institutional transfers, and high-value business payments. 

The foundation acts as the settlor while trust assets are managed separately by licensed trustee businesses, ensuring the full separation of customer funds from issuer assets.

SBI Holdings and Startale Group are pursuing the same legal pathway with their JPYSC stablecoin, which is being issued by Shinsei Trust & Banking, an SBI subsidiary. That project remains on track for launch in the second quarter of 2026, according to a February announcement. 

JPYC, which launched in October 2025 as Japan’s first licensed yen stablecoin, operates under the more restrictive Type II funds transfer framework. Cryptopolitan reported that JPYC has issued over 1 billion yen, about $6.3 million, in tokens since its launch and aims to reach 1 trillion yen, $6.6 billion, in three years 

Meanwhile, Japan’s three megabanks, Mitsubishi UFJ Financial Group (NYSE: MUFG), Sumitomo Mitsui Financial Group (NYSE: SMFG), and Mizuho Financial Group (NYSE: MFG), have been working on their own joint yen stablecoin since at least October 2025, according to Cryptopolitan’s earlier reporting. 

The three banks serve more than 300,000 corporate clients combined. They launched a proof-of-concept in March 2026, testing both yen-pegged and dollar-pegged stablecoins on the Progmat infrastructure. The Financial Services Agency granted the project “Payment Innovation Project” status.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.

Hong Kong’s High Court has frozen assets that belong to Prince Group founder Chen Zhi and his associates worth HK$8.93 billion (approximately $1.1 billion). 

The court granted a restraining order in May, and it covers bank deposits, properties, and stock holdings across 42 individuals and companies linked to the alleged crypto fraud and forced-labor operation.

What did the Hong Kong court order target?

Hong Kong’s Department of Justice first applied for the restraining order in late April under the Organized and Serious Crimes Ordinance, targeting Chen Zhi, Zhou Yun, Li Thet, Hu Xiaowei (also known as Wu An Ming), and 38 companies registered in Hong Kong, Singapore, the United Kingdom, and the British Virgin Islands.

The frozen assets include 165 bank and securities accounts holding more than HK$43.6 billion in cash and over HK$5.5 billion in equities.

Chen Zhi’s personal exposure in Hong Kong is reportedly more than HK$63.6 billion. Among his holdings are deposits worth over HK$22.1 billion that are spread across accounts denominated in Hong Kong dollars, US dollars, British pounds, euros, and Swiss francs.

The court filings also revealed that Chen holds a Hong Kong identity card, as well as passports from Cambodia, Vanuatu, and Cyprus.

Two high-value properties linked to Chen were also frozen. One of them is a commercial building at 68 Kimberley Road in Tsim Sha Tsui, held through a company called Cheer Capital Limited, and it carries an estimated market value of HK$3 billion. 

The other property is a villa at Mount Nicholson on The Peak, which was purchased in 2016 for HK$1.08 billion through a BVI shell company, and is now valued at roughly HK$1 billion. 

Other people with Prince Group ties were implicated 

Chen is not the only one facing the heat, as Zhou Yun, one of his associates who was identified in US sanctions filings as a manager of Chen’s wealth, reportedly controls assets worth over HK$2 billion.

Hu Xiaowei, alleged to be a behind-the-scenes principal of Prince Group, holds around HK$400 million in Hong Kong assets, including a residential unit at Park Avenue in Olympic Station valued at HK$15 million. These include a network of insurance and securities companies operating under the “Mighty Divine” brand, which have since been delisted by Hong Kong’s Securities and Futures Commission and Insurance Authority.

Court filings revealed that he used a trust structure through a Hong Kong company called Future Wing Financial to hold stakes in listed companies Boyaa Interactive (0434) and HKE Holdings (1726), keeping his ownership below the 5% disclosure threshold.

Li Thet, Prince Group’s chief financial officer, holds HK$172 million in Hong Kong assets. US authorities have accused Li of managing the group’s illicit fund flows and overseeing bulk cash smuggling operations.

The court will be reconvening on August 3 to decide on extending the restraining order. Chen and his associates have been ordered to disclose six years of financial records, including all assets held in Hong Kong and overseas, before a July deadline.

Prince Group and Chen Zhi’s assets are being seized internationally

The Hong Kong freeze is the latest in a chain of enforcement actions that have been happening across multiple jurisdictions against Chen and Prince Group.

In October 2025, the US Department of Justice (DOJ) indicted Chen for operating forced-labor scam compounds across Cambodia that ran “pig butchering” cryptocurrency schemes.

The DOJ also filed a civil forfeiture complaint against approximately 127,271 Bitcoins, then worth around $15 billion, linked to Prince Group. It was reported as the largest forfeiture action in the department’s history.

Singapore’s police seized assets worth more than S$165 million (approximately $115 million) linked to the group in a single enforcement operation on October 30, 2025. That seizure included six properties, bank accounts, securities, a yacht, and 11 vehicles.

Chen was arrested in Cambodia in January 2026 and extradited to China, where he now faces charges of fraud and operating illegal casinos. His Cambodian citizenship was revoked. Chinese state media identified him as the head of a “major cross-border gambling and fraud criminal syndicate.”

Cambodia’s National Assembly passed a law in March 2026 imposing penalties up to life imprisonment for operators of forced-labor fraud compounds. Chen’s associate Li Xiong, former chairman of Prince Group subsidiary Huione Group, was also extradited to China.

The case number for the Hong Kong proceedings is HCMP661/2026.

If you're reading this, you’re already ahead. Stay there with our newsletter.

Vietnam’s Deputy Finance Minister Nguyen Duc Chi has said that the country might introduce its first officially regulated crypto asset trading as early as the third quarter of 2026. 

The government announced at the Digital Trust in Finance 2026 forum in Hanoi that it had approved five companies to operate digital asset exchanges.

Vietnam’s calculated entrance into the digital asset industry

Vietnam’s Deputy Finance Minister Nguyen Duc Chi announced during the Digital Trust in Finance 2026 forum in Hanoi that, in coordination with the Ministry of Finance, the Ministry of Public Security and the State Bank of Vietnam, five approved digital asset platform operators had been selected.

“We believe that, as early as the third quarter, Vietnam could witness the first official activities of its crypto asset market, operating under a framework designed to ensure safety and transparency,” Chi said at the forum.

Vietnam has been preparing for this regulatory move for quite some time. At the start of 2026, the Law on Digital Technology Industry took effect, and it formally legalized crypto assets. 

Prior to that, in September 2025, the government issued Resolution No. 05/2025/NP-CP to pilot the crypto asset market, and later in December, the Finance Minister established a Management Board for crypto asset trading under the State Securities Commission.

Vietnam has about 17 million residents participating in its crypto market. Ownership peaked at 21 million at certain points. Cryptopolitan reported that blockchain analytics firm Chainalysis estimated that crypto transaction volume in Vietnam reached about $220 billion to $230 billion between July 2024 and June 2025.

Cryptopolitan reported that Vietnamese traders opened an estimated 20 million wallets on offshore platforms like Binance, Bybit, and OKX. They have six months to link their wallets with government-approved platforms or face criminal penalties.

Which digital asset companies hold a Vietnam license?

While the government has not yet publicly named all five approved companies, several major players have confirmed they are in the final stages of the licensing process.

SCEX (Sacom Crypto Asset Exchange) has completed the first round of evaluation conducted by the Ministry of Finance. The company raised its charter capital to VND 360 billion (approximately $14 million) to strengthen its financial capacity.

Other qualified applicants include VIX Crypto Asset Exchange, Vietnam Prosperity Crypto Assets Exchange (CAEX), Techcom Crypto Exchange (TCEX), and Vietnam Digital Assets, affiliated with the Sun Group ecosystem.

CAEX, which operates within the ecosystem of VPBank, one of the country’s largest private lenders, has secured backing from OKX Ventures and HashKey Capital to help meet the government’s strict capital requirements. 

Cryptopolitan reported that the government set steep requirements for exchange operators. For instance, applicants must hold at least 10 trillion dong (roughly $408 million) in charter capital, roughly three times the requirement for banks. 

Institutional investors must provide at least 65% of the starting capital, and foreign ownership is capped at 49%. Individual crypto traders will face a 0.1% personal income tax on the total value of each transaction, which is the same rate currently charged for stock market trades. 

The tax applies whether or not a transaction leads to a gain or a loss. Vietnamese companies will pay 20% corporate income tax on crypto profits, while foreign organizations conducting crypto asset transfers through local service providers will pay a 0.1% tax on revenue per transfer.

All transactions during the five-year pilot must be conducted in Vietnamese dong, and the government is preparing to restrict access to overseas platforms like Binance, OKX, and Bybit once domestic exchanges become operational.

South Korea is moving on Vietnam’s market

Cryptopolitan recently reported that South Korean exchanges are also making moves. Bithumb signed a memorandum of understanding with SSID, a subsidiary of SSI Securities, Vietnam’s largest securities firm, to build a local virtual asset exchange.

Meanwhile, Dunamu’s Vice Chairman Kim Hyung-nyeon met with Vietnam’s Military Commercial Joint Stock Bank (MB Bank) to discuss cooperation on building a digital asset exchange during President Lee Jae-myung’s economic delegation in April this year.

The smartest crypto minds already read our newsletter. Want in? Join them.

The May 12 report by CertiK has put every crypto project and exchange on alert after the blockchain security firm pointed out the scale of the damage that North Korean hackers have masterminded since 2016. The results are in, and the picture is grim: an estimated $6.75 billion in cryptocurrency has been lost across 263 incidents. 

Certik’s report landed just days after TRM Labs implicated North Korean actors for about 76% of the money lost to crypto hacks through April 2026. Just as in 2025 when they hit Bybit for $1.5 billion, DPRK actors were named in the KelpDAO and Drift Protocol hacks, two of the largest exploits in 2026.

DPRK hackers have become a problem for the crypto sector. Source: CertiK.

Most notably, neither of the reports from the security intelligence firms implied that crypto’s most persistent and costly adversary is slowing down. North Korea’s hackers are moving with better precision, causing far more losses in fewer incidents.

North Korean hackers cash bigger payouts on fewer attacks

According to CertiK’s report, North Korean-linked actors were behind just 12% of total crypto theft incidents and roughly 60% of all stolen value in 2025, which came up to $2.06 billion out of $3.4 billion in total losses.

2026 has started out on the same trajectory, with North Korean groups on the hook for 55% ($620.9 million) of the losses that projects have taken this year.

Counting the $285 million Drift Protocol breach on April 1 and the $292 million KelpDAO bridge exploit on April 18 alone, that’s 3% of incident count and 76% of loot stolen in 2026, according to TRM Labs.

North Korea-linked hackers allegedly stole the most from crypto projects. Source: TRM Labs.

North Korean actors are everywhere

Both TRM Labs and Certik cautioned that a big majority of North Korea-linked exploits are not even due to software vulnerabilities. Rather, they exploit people in old-fashioned social-engineering schemes.

“Most major DPRK operations begin with human manipulation, including fake job offers, VC impersonation, and malicious repositories,” CertiK stated in its report.

TRM Labs reported that North Korean proxies held in-person meetings with Drift employees before the breach. Between March 23 and March 30, the attacker exploited Solana’s durable nonce feature to get Drift’s multisig signers to pre-authorize transactions.

Come April 1, the protocol was drained in 31 withdrawals that took roughly 12 minutes.

The $1.5 billion Bybit hack in February 2025, the largest single crypto theft ever recorded, demonstrated that “even institutional-grade multisig wallets can be compromised by targeting trusted third-party infrastructure rather than smart contracts,” according to CertiK. The FBI attributed that attack to North Korea’s TraderTraitor group.

ZachXBT traced $16.58 million in direct crypto payroll payments to North Korean operatives posing as developers between January and July 2025, according to Cryptopolitan’s reporting.

CertiK’s latest report echoed the concern, stating that “DPRK operatives have infiltrated DeFi teams under false identities, in some cases directly enabling the theft of funds from within.”

The KelpDAO breach followed a different playbook. The attackers, TraderTraitor, a Lazarus Group-affiliated operation, exploited a single-verifier design flaw in a LayerZero bridge. After Arbitrum froze roughly $75 million of the stolen funds, the hackers pivoted to laundering through THORChain, converting stolen Ether (ETH) to Bitcoin (BTC), according to TRM Labs.

Since then, LayerZero has denied and issued a public apology, as reported by Cryptopolitan.

North Korean hackers follow similar exit routes

CertiK reported that within one month of the Bybit hack, 86.29% of stolen ETH was converted to Bitcoin using mixers, cross-chain bridges, decentralized exchanges, and over-the-counter brokers.

TRM Labs noted that THORChain processed the majority of proceeds from both the Bybit breach and the KelpDAO hack, “converting hundreds of millions in stolen ETH to Bitcoin with no operator willing to freeze or reject transfers.”

U.S. intelligence assessments have indicated that funds stolen by North Korean cyber operations support the country’s nuclear and ballistic missile programs, according to CertiK.

North Korea has denied involvement. A Foreign Ministry spokesperson called the allegations “absurd slander” spread by U.S. “government organs, reptile media organs and plot-breeding organizations,” according to Cryptopolitan’s May 4 report on Pyongyang’s rebuttal.

If you're reading this, you’re already ahead. Stay there with our newsletter.

Kyrgyzstan is preparing to permit banks and other financial institutions to officially conduct cryptocurrency transactions.

The changes, which will let them buy and sell digital coins, come amid new sanctions over the nation’s role in helping Russia bypass restrictions.

Kyrgyzstan to authorize banks to work with cryptocurrencies

The government of Kyrgyzstan plans to allow banks and non-bank financial institutions to trade and convert cryptocurrencies on behalf of their clients.

This will be done through amendments to the country’s law “On Virtual Assets” drafted by the Ministry of Economy and Commerce, local and regional media unveiled Wednesday.

The respective bill has been published for public discussion, according to reports by the Russian crypto news outlet Bits.media, the Northern Newspaper website and Inbusiness.kz.

Under the updated law, banking organizations and other firms supervised by the National Bank of the Kyrgyz Republic will be able to offer services for the purchase, sale, and exchange of digital coins.

These kinds of transactions are currently restricted for most entities in the financial sector, which can mainly store and transfer cryptocurrencies for customers without directly accruing or trading them.

As highlighted by the explanatory note to the draft law, the proposed amendments are meant to develop and increase the transparency of Kyrgyzstan’s virtual-asset market.

The authors of the bill also hope that the regulation of crypto transactions through the banking sector will facilitate the integration of digital currencies into the traditional financial system.

They are convinced the legalization of these operations will help attract foreign investment, increase tax revenues to the state budget, and create more jobs in the fintech economy.

Is Kyrgyzstan becoming Russia’s crypto hub in Central Asia?

The sponsors of the legislation also acknowledged the growing interest in cryptocurrencies in Kyrgyzstan and the rapid expansion of their market.

Offering legal banking services for the digital assets should thus bring more of the associated financial flows out of the shadows.

Cryptocurrency exchanges could become one of these services as the revamped crypto act will allow banks to launch coin trading platforms.

At the moment, crypto transactions are conducted by specialized exchange offices and other licensed providers of virtual-asset services.

The Kyrgyz financial watchdog has issued 148 licenses to participants in the crypto market, the vast majority of which are to exchange operators.

Among them is the one who runs the recently hacked Grinex. The exchange is believed to be used by Russian players to circumvent international financial restrictions.

Grinex was established in Kyrgyzstan last spring as the successor of the notorious Russian exchange Garantex, which was shut down in a U.S.-led effort in March last year.

The issuer of a Russian ruble-pegged cryptocurrency A7A5, an entity called Old Vector, is also registered in the former Soviet republic.

The stablecoin, which is the largest among tokens not tied to the U.S. dollar, has processed well over $100 billion in transactions since its launch in early 2025.

A lot of the A7A5 tokens in circulation are traded through Grinex. Entities linked to the Russian crypto are sanctioned by Western governments, including the U.S., the U.K., and the EU.

Companies like these paid Kyrgyzstan 2.1 billion soms (over $24 million) in taxes for the first 11 months of last year, up from 227 million soms for the whole of 2024, the economy ministry said.

According to official Kyrgyz estimates, the total turnover of virtual assets in the country exceeded 2.63 trillion soms (more than $30 billion) during the same period in 2025.

When the new bill is passed by the parliament, the executive power and the central bank in Bishkek will have another six months to update the rest of the country’s regulatory framework.

If you're reading this, you’re already ahead. Stay there with our newsletter.

If you run a brokerage, a payment gateway, or an institutional trading desk, or a crypto wallet service, you’ve almost certainly heard a client ask the same question: “Why did I receive less than the screen showed?” It’s the question that erodes trust and kills repeat business.

In my role at ChangeNOW, I’ve spent years dissecting the anatomy of a crypto swap from the provider’s side, and the uncomfortable truth is this: what looks like an error is often a meticulously engineered revenue model. The disparity between the quoted rate and the final settlement is rarely a technical glitch, it’s a deliberate architecture of hidden costs, and the institutional market is losing patience with it.

The Three-Layer Leakage

To understand why your final amount shrinks, you have to strip a swap down to its three cost layers. Most platforms only talk about the first one, the explicit service fee. The second and third layers, spread and execution slippage, are where margins quietly compound. A provider offering “zero fees” is not a charity, they are placing you on an interbank-like rate with a markup baked in. When your platform’s smart router sources liquidity from external pools, the spread between the bid and ask is rarely passed on cleanly. We have observed cases where the effective spread on identical pairs varies by more than 200 basis points between providers quoting the same “zero-commission” label.

Then there is network cost volatility, a swap executed during a period of high gas fees can add tens of dollars to a transaction, a cost some providers hedge imperfectly or pass on post-execution. The institutional pain point here is not the fee itself but the opacity. When you are settling thousands of transactions a day, a hidden 0.3% drag on execution price is not a rounding error; it is a material drain on P&L. 

In my personal experience working with high-volume partners, those who eventually audit their true cost per swap are often shocked to discover they have been bleeding 1.2%-1.8% more per transaction than their dashboard suggested.

The AML Tax Nobody Talks About

Let me tackle a topic that makes compliance officers uncomfortable but must be said aloud, in many swap infrastructures, AML/KYT checks have mutated from a risk-control function into a margin lever. The mechanics are subtle. When a transaction enters the provider’s system, its originating and destination wallets are screened against global sanctions lists, blockchain analytics databases, and internal risk heuristics, exposure to mixers, darknet markets, or sanctioned entities.

A standard clean transaction completes automated screening in under a second, often in the time it takes the user’s browser to refresh the confirmation screen. But if the risk score passes a certain threshold, two things happen. First, the swap is paused for enhanced due diligence, creating a latency window of 5 to 45 minutes, during which the rate is almost never guaranteed. Second , and this is what we have uncovered in partner audits, the provider begins layering a hidden “risk spread” onto the conversion. The logic, from their side, is that high-risk flow costs more to process and carries a potential clawback risk, so the users must pay for it. They see a delayed transaction and a slightly worse rate, and they attribute it to volatility. In reality, they are being charged a silent compliance tax.

In my team’s experience, when we onboard a new institutional client who previously used a competitor, we routinely run a forensic analysis of their last 1,000 swap receipts. In over 70% of cases where past swaps showed unexplained shortfalls, the root cause was an AML-driven spread expansion that the previous provider refused to acknowledge. It exposes clients to settlement risk in time-sensitive operations, imagine a licensed payment provider processing merchant settlements on a fixed schedule; a 20-minute AML hold cascades into breached SLAs, support tickets, and reputational damage with the end merchant.

Where the Real Money Is Lost

We can deconstruct the user’s economic loss into four discrete pain points that I believe the B2B industry must openly address.

The first is the accelerated withdrawal markup, where a provider charges a premium for “priority processing” while simultaneously skimming an extra fraction of a percent from the rate itself, essentially double-dipping.

The second is intermediate-token conversion loss. On cross-chain routes, a swap from, say, L1 token A to L2 token B will often pass through a bridge asset like USDT, USDC and every hop introduces a spread. Some platforms do not optimize for the fewest hops but for the route that generates the most fee accrual.

The third, and most insidious, is display-rate versus fill-rate manipulation. A screen shows a mid-market rate that looks competitive, but the actual execution algorithm fills against a curve that diverges sharply once the order size exceeds a few thousand dollars. To be fair, in a volatile market some execution slippage is inevitable and not every shortfall is foul play. A provider may legitimately trade at a worse price than the screen showed. However, this should not happen on nine out of ten swaps, and a professional infrastructure must give the user a controllable slippage tolerance, the ability to set a threshold at which the transaction is halted and the client is asked whether to proceed or cancel. When that mechanism is missing, “slippage” too often becomes a cover for systematic skimming.

Finally, there is the unexplained withholding, a small deduction that appears on the settlement side with a generic label like “network adjustment.” In many cases, these are simply provider-side profit capture mechanisms dressed in technical language.

What a Professional Standard Should Look Like

If we accept that hidden costs are a structural problem and not a collection of isolated errors, the next logical question is: what does the alternative look like? The B2B market does not need more marketing promises. It needs an operational standard that compliance officers and heads of trading can verify independently.

In my view, a defensible swap infrastructure should meet four criteria.

First, a guaranteed, all-in settlement amount before execution. The client sees a single final estimate that already contains every cost component, service commission, network expense, and spread. Our own architecture at ChangeNOW reflects this principle: we never show a separate line-by-line fee structure, because our commission is dynamic, varies per swap, and is always fully embedded in the quoted total.

Second, a hard rate lock during AML screening. If the provider pauses a transaction for enhanced due diligence, the quoted price must remain frozen for the client. The provider bears the market risk during that window; that is the cost of running a professional infrastructure.

Third, AML neutrality for clean transactions. A wallet that clears automated screening without flags should not trigger a hidden spread expansion. If a transaction genuinely requires additional review and that review carries a cost, the provider must disclose it before execution and give the client a chance to cancel.

Fourth, settlement integrity. The amount shown on the confirmation screen must match the amount that arrives on-chain. Any deviation, no matter how small, should be accompanied by a line-item explanation that can be verified against public block explorers.

Why Hidden Costs Are a Fading Model 

I have had candid conversations with heads of trading at major exchanges who tell me they now run quarterly silent audits, sending identical swap requests to multiple providers and measuring the effective fill rate against the advertised rate. The results circulate privately, and they influence liquidity routing far more than any public RFP. Providers who attract volume with a headline fee that looks competitive, sometimes zero, and then recover margin through spread widening and opaque deductions are burning through professional clients at an unsustainable rate.

In my experience, the pattern is clear: once a partner’s finance team runs the numbers and uncovers the true cost, the relationship rarely survives the next quarter. For businesses that depend on these providers, the damage extends far beyond one lost deal. It leads directly to user churn, declining retention, and serious reputational harm when end customers consistently feel shortchanged. The market is voting, and it is voting for verifiable integrity.

At ChangeNOW, our position on this issue is not a marketing stance, it is a commercial architecture decision we made years ago, when we committed to serving B2B partners. 

We structure our fee logic so that the client never finances our compliance function through a hidden spread. Rather than showing a breakdown of the service fee, network cost, and spread, we give a single guaranteed estimate that already includes every charge. The client sees one number, approves one number, and receives that exact number on-chain. Our commission is dynamic and changes between swaps, yet it is always fully contained in the displayed total. AML/KYT screening is our operational responsibility, not a shadow revenue line. 

The hidden-cost model is a legacy of retail UX decisions that prioritized superficial simplicity over fiduciary-grade clarity. The swap infrastructure that survives the next cycle will be the one that treats transparency not as a marketing slogan but as the core of its commercial agreement. Everything else is just slippage.

A Moscow court has sentenced the former top manager of cryptocurrency exchange Binance’s business in Russia and the region to five years in prison.

Vladimir Smerkis, who was arrested in the Russian capital last spring, was convicted of “large-scale” fraud. He is also a co-founder of the crypto game Blum.

Smerkis set to spend time in Russian penal colony

The Presnensky District Court of Moscow has sentenced Vladimir Smerkis, former chief executive of the Russian branch of the world’s largest crypto exchange, to five years in prison.

The crypto entrepreneur served as Binance’s General Manager for Russia and the Commonwealth of Independent States (CIS) countries between early 2022 and September 2023.

Smerkis, 41, who was arrested on fraud charges in May 2025, will serve his time in a general regime penal colony, the Moscow Prosecutor’s Office announced in a Telegram post on Tuesday.

Also quoted by the crypto news outlet Bits.media, the statement detailed:

“He was found guilty under Part 4 of Article 159 of the Russian Criminal Code (fraud committed on an especially large scale).”

In June 2024, Smerkis was approached by crypto trader and blogger Oleg Polunin, who sought his assistance for an advertising campaign to increase the audience of his social media channels.

During their negotiations, he promised to attract about 2 million new users for his client and asked for more than 8.8 million rubles (approx. $120,000) as remuneration for his services.

The victim transferred the agreed-upon amount to a crypto wallet provided by Smerkis, who is a well-known member of the country’s crypto community.

However, the former high-ranking executive failed to fulfill his obligations. While, he did not organize the promised campaign, he nevertheless used the funds he received.

Who is Vladimir Smerkis and how he got here?

The Russian judiciary remanded Vladimir Smerkis in custody about a year ago at the request of the investigation into the alleged fraud case.

The five-year prison sentence he has now received is yet to officially enter into force and his defense team may still file an appeal against it in court.

Smerkis left his post at the helm of Binance’s office in Russia when the division effectively ceased operations in late 2023.

Earlier that year, in March, the leading global exchange introduced restrictions for Russian users and in September announced it’s leaving this market.

Amid expanding international sanctions over Moscow’s invasion of Ukraine resulting in compliance issues, Binance sold its Russian business to the recently established CommEX.

Its Russian users were able to transfer their Binance accounts to the new platform by March 2024. CommEX then suspended these transfers and eventually shut down in May.

Vladimir Smerkis later co-founded the crypto-based game Blum, together with Gleb Kostarev, another former regional manager at Binance.

Kostarev was the coin trading giant’s Regional Head for Eastern Europe, the CIS, Turkey, Australia and New Zealand. Both announced their departures in September 2023.

Blum was launched in 2024 as an alternative to the popular Telegram clicker game Hamster Kombat amid the tap-to-earn craze.

Right after Smerkis was detained, the project’s team announced he was stepping down as its top manager and chief marketing officer.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.

Global electric vehicle (EV) demand continued its upward trajectory in April. New figures from Benchmark Mineral Intelligence show high petrol prices boosted global EV demand for a second consecutive month in April, displacing combustion-engine vehicles.

Recent registrations within the month were up 6% YOY to 1.6 million new pure electrics and plug-in hybrids, albeit down 9% from the record-setting month in March. The figures suggest that while short-term volatility persists in the market, the broader adoption trend remains intact.

Market data also shows Europe is anchoring most of the global EV market gains, whereas momentum in both China and North America has noticeably softened. Benchmark Mineral Intelligence data manager Charles Lester confirmed, “Europe remains the main engine of growth.”

How did Europe fare against the rest of the world in EV sales?

The BMI identified three core pillars behind the EV demand spike: supportive regulatory frameworks, elevated fuel costs, and aggressive market expansion by Chinese OEMs (original equipment manufacturers). The Middle East tensions remain a major factor behind high petrol prices and, by extension, the shift in sales.

According to the research platform, authorities’ continued efforts to stabilize fuel prices amid the conflict in Iran have affected a major oil shipping lane.

In April, Europe’s sales exceeded 400,000 units, up 27% year over year. Performance indicators show Germany and France posting year-to-date EV sales increases of 33% and 36%, respectively, while Italy’s market has nearly doubled through regulatory subsidies. Moreover, research shows that nations within the European Economic Area, along with Switzerland, have allocated close to €200 billion (US$235 billion) to bolster their regional EV networks.

However, a rollback of automotive trade-in policies and the expiration of purchase tax exemptions led to an 8% annual decline in China’s April EV registrations, bringing the total to around 850,000 vehicles.

Nonetheless, Chinese carmakers strengthened their foothold internationally, with EV exports surpassing 400,000 units in April and total vehicle shipments nearly doubling to 1.4 million units in the first four months of 2026.

Not to mention, even with EU tariffs, Chinese brands are selling more cars in Europe; BMI data shows they made up 22% of EV and plug-in hybrid sales in early 2026, up from 19% last year.

Meanwhile, EV demand in North America also weakened in April, with registrations down 28% to 120,000 units after the US scrapped a tax credit scheme and considered easing emissions standards. On the other hand, sales in Mexico shot up by almost 50% in 2026, while Canadian sales fell by 7%. Nevertheless, a new rewards program should help Canada bounce back soon.

Europe also saw strong EV sales in March

Q1 2026 global EV sales hit 4 million, though slightly down 3% year-over-year. The quarterly dip was partially offset by March’s 1.75 million registrations, which surged 66% from February and 3% from the prior year.

Even in March, Europe saw the most growth in EV sales, with sales surpassing 500,000 units for the first time. Austria, Belgium, Finland, France, Italy, Portugal, and Spain achieved peak BEV sales figures. The UK also saw solid sales, with year-over-year growth of 31%.

Even then, elevated fuel costs noticeably influenced consumer purchasing patterns. French gas shortages and panic buying shifted consumer behavior, boosting year-over-year BEV sales by 69%—well above the 36% growth seen in early 2026. Some automakers also backed off their plans. At the time, Honda shut its 0 Series lineup of EVs and shuttered its joint Afeela models with Sony.

If you're reading this, you’re already ahead. Stay there with our newsletter.

The last few years have shown that the biggest vulnerability in crypto wallets today is blind signing. This is the practice of approving raw hex strings without knowing what they actually do. However, on Tuesday, the Ethereum Foundation officially announced that this standard is going to be phased out and replaced with clear signing alongside some of the leading wallets and hardware infrastructure that actually run Ethereum for most users. This includes names like Ledger, Trezor, MetaMask, WalletConnect, Fireblocks and Cyfrin. In practice, this means users will be able to see a plain, human readable summary of what a signature authorizes. 

0/ Clear signing is now live.

An open standard to end blind signing, making human-readable transactions default.

This effort brings a major UX and Security upgrade to transaction signing on Ethereum. pic.twitter.com/nIGRCBQh6G

— Ethereum Foundation (@ethereumfndn) May 12, 2026

The reason this is happening is simple and it comes down to the recent high profile hacks that have taken place over the past two years. The $1.5 billion Bybit hack, which remains the largest hack in crypto till date, happened in part because signers approved a transaction they could not actually read. Similarly, in July 2024, the WazirX hack that saw around $235 million stolen from the Indian crypto exchange’s multi-sig wallet played out in pretty much the same way. According to the Ethereum Foundation, blind signing has been a structural flaw in the ecosystem for years and has fed into billions of dollars in cumulative losses across hacks, phishing scams and approval exploits.

What Clear Signing Actually Does

Authorizations and signatures currently have a specific flaw. Users interacting with smart contracts are able to view accurate data but this is usually a string of low-level data that is pretty much unreadable to anyone without a developer or technical background. 

Clear signing basically flips that script. Wallets that support the new standard will pull up a descriptor file that converts a contract’s function into readable text while providing a summary of it to the user before signing anything. 

The technical foundation comes from two existing improvement proposals. ERC-7730, which Ledger first proposed back in 2024, defines an open format for describing transactions in human-readable JSON. ERC-8176 then adds an attestation layer on top, allowing independent auditors to cryptographically vouch that a descriptor matches what the contract is actually going to do. The descriptors themselves live off-chain in a neutral registry at clearsigning.org, which means existing contracts can adopt the standard without needing any redeployment.

A Coalition That Touches Where Users Actually Live

This is not a single-wallet rollout. The contributor list reads like every piece of infrastructure that touches Ethereum users today, with Ledger and Trezor on hardware, MetaMask and WalletConnect on software, Fireblocks on the institutional custody side, Cyfrin on audits and Sourcify and Argot supporting tooling. Ledger originally built clear signing as an internal security feature back in 2021, formalized it as ERC-7730 in 2024, and earlier this year handed over governance to the Foundation specifically to make the standard credibly neutral and not tied to any one company.

Why The Timing Lines Up With Institutional Money

The timing here is also not really a coincidence. The Foundation’s Trillion Dollar Security Initiative, which is now stewarding the Clear Signing registry, was set up specifically to prepare Ethereum for the kind of institutional-scale value that is now sitting directly on-chain. Fireblocks being part of the rollout matters in particular, as it is the custody provider that most traditional finance firms actually use when they start touching crypto rails. 

Blind signing was always a tolerable level of risk for retail users moving small amounts. For an asset manager moving real size, however, it is essentially a non-starter, as you cannot really put a compliance signoff behind a transaction that your operations team isn’t able to read in the first place.

The smartest crypto minds already read our newsletter. Want in? Join them.

Washington, D.C., May 12, 2026 — The Digital Sovereignty Alliance (DSA), a nonprofit organization dedicated to advancing clear and ethical public policy, research and education surrounding emerging technologies, successfully concluded its participation in the Sovereign Tech for Economic Empowerment Roundtable held May 7-8 at the Saint Nicholas Greek Orthodox National Shrine in New York City. Organized by the Council of Global Change (CGC), the roundtable convened policymakers, technologists, financial institutions, multilateral organizations, and civil society leaders.

Adrian Wall, Managing Director of DSA and a member of the CGC, led the roundtable, which focused on defining how digital identity, sovereign data, financial systems, AI, and governance must work together to enable real participation in the global economy. The roundtable focused on moving beyond discussion and contributing directly to shaping the system architecture required to make participation possible, not just in principle, but in practice.

Participants worked to define a system blueprint spanning identity, trust, rules, actions, and outcomes, while identifying key gaps preventing interoperability. The roundtable produced preliminary project frameworks and near-term action objectives to advance policy coordination, cross-sector collaboration, and pilot development. 

Featured participants included Gabriel Rene, Founder and CEO of VERSES; Dr. Sangbu Kim, Vice President for Digital & AI at The World Bank; and Sandra Ro, CEO of the Global Blockchain Business Council (GBBC).

A central outcome was the development of a Charter for Action, which outlines a shared framework for advancing interoperable digital infrastructure and economic inclusion. The charter establishes guiding principles, standards, pathways, solution assessment processes, action tracks, pilot opportunities, and 90-120 day commitments intended to support continued coordination, real-world implementation, and progress toward potential UN-level engagement.

Wall delivered closing remarks, emphasizing the importance of aligning technological innovation with practical implementation and coordination to cultivate meaningful economic inclusion.

“Digital identity, sovereign data, AI, finance, and governance are all advancing rapidly, but too often in parallel rather than together,” said Wall. “The conversation focused on what it will take to move from fragmented systems toward infrastructure capable of enabling secure, inclusive, and scalable economic participation globally.”

Through its participation alongside global leaders at the roundtable, DSA remains committed to furthering research, stakeholder engagement, and policy development that support responsible innovation, strengthen digital sovereignty, and help shape the future of secure and inclusive global economic participation.

About Digital Sovereignty Alliance

The Digital Sovereignty Alliance (DSA) is a nonprofit social welfare organization committed to advocating for public policies that support ethical innovation in decentralized technologies, blockchain, cryptocurrency, Web3, and artificial intelligence. DSA conducts research, organizes educational events, and promotes policies that prioritize public welfare and digital sovereignty.

Media contact

Maghan Lusk

PR@dsaf.org 

Base creator Jesse Pollak announced on May 13 that the x402 payment protocol now supports batched settlement, in an X post. 

x402 now supports batched settlement

this unlocks many many tiny tiny payments (<$0.0001) which is perfect for paying for just in time resources like compute and inference https://t.co/V6Kjz9jqHQ

— jesse.base.eth (@jessepollak) May 13, 2026

The update bundles many transactions together before settling them on-chain, spreading the blockchain fee across multiple payments.

Per-transaction settlement on Base already costs fractions of a cent, but batching makes sub-fraction-of-a-cent pricing economically rational for high-frequency AI workloads.

As Cryptopolitan reported last week, Amazon Web Services launched AgentCore Payments using x402, with USDC settling in roughly 200 milliseconds on Base. Batched settlement layers on top of that infrastructure.

Why batched settlement matters for AI workloads

AI services need to charge fractions of a cent per request, query, or inference call. Credit card processing fees and per-transaction blockchain costs both make ultra-small payments uneconomical at scale.

x402 processed over 169 million payments in its first year per AWS, with roughly $48 million in payment volume and 95% flowing through Base.

Pollak’s vision is software paying software: an AI agent pays tiny amounts for APIs, compute, data feeds, or image generation without human involvement.

The Coinbase x402 Bazaar MCP server is the directory layer agents use to discover paid services. AWS, Cloudflare, and others have integrated it into developer tooling.

How x402 turns HTTP requests into payment rails

The x402 protocol repurposes the long-dormant HTTP 402 “Payment Required” status code. A server responds to a paid endpoint request with HTTP 402 plus machine-readable payment instructions (price, token, chain, recipient wallet).

The client signs a payment authorization, retries the request, and the payment settles on-chain. No accounts, API keys, or subscriptions required.

Coinbase developed x402 and now co-governs the protocol with Cloudflare under the x402 Foundation.

The protocol supports stablecoin payments on Base, Ethereum, and Solana, with SDKs for TypeScript, Python, Go, and Java. The reference implementation is on Coinbase’s GitHub.

The competitive landscape closing in around x402

Stripe and Tempo launched the Machine Payments Protocol (MPP) on March 18, 2026, alongside Tempo’s mainnet.

MPP aggregates payments within an agent session and settles in bulk, similar in principle to x402’s new batched settlement but flowing into Stripe’s existing PaymentIntents API.

Per WorkOS analysis, MPP gives merchants Stripe-grade fraud detection, tax handling, and reporting without the crypto compliance burden.

Circle’s Nanopayments launched in March 2026 as an x402-compatible backend for sub-cent transfers using Gateway’s gas-free balance transfer mechanism.

Bitcoin’s Lightning Network has pursued cheap off-chain payments for years. Solana keeps base-layer fees low natively. Polygon and other Ethereum scaling projects have experimented with AI micropayment systems.

What x402 still has on the field is HTTP-native design. Instead of a separate payment app, payment authorization lives inside standard web requests.

Whether that wins the agent-native market depends on developer adoption. Crypto projects have promised practical micropayments for years without breakthrough traction.

AI infrastructure may finally provide the demand.

 

 

The smartest crypto minds already read our newsletter. Want in? Join them.

More and more large holder wallets have continued to accumulate XRP, and this has ultimately led to the number of XRP Ledger wallets holding at least 10,000 XRP hitting a record 332,230, according to on-chain data from Santiment.

This steady accumulation of XRP by XRP Ledger wallets is a trend that began in mid-2024, and has extended till present.

Santiment posted on X about the milestone, noting that wallets holding 10,000 or more XRP tokens have seen a consistent increase since June 2024. These increases have come without any sharp wallet spikes that usually signal purchases driven by speculation.

The XRP Ledger data is visible on Santiment’s dashboard, which tracks XRP supply distribution by the amount of XRP owned.

XRPL wallet grows despite price decline

The XRP accumulation trend by XRP Ledger wallets continues despite XRP trading well below its mid-2025 peak of about $3.65, a drop of around 60% from ATH levels.

According to an April report from Cryptopolitan, fewer than half of all XRP holders (43.4% of supply) were in profit at the time, and daily realized losses ranged between $20 million and $110 million since late 2025.

This price dynamic often drives a switch-up in the holder base. Weaker hands sell at a loss while more patient participants absorb the supply at lower prices and continue to accumulate. The steady climb in high-balance wallets is consistent with that pattern.

Total XRP Ledger wallets surpassed 8.1 million in early April, according to Cryptopolitan’s reporting at the time, though this figure counts all account creations rather than strictly active users.

Retail holders still make up the majority of accounts, with most wallets containing smaller balances.

What’s next for XRPL

The growth rate of on-chain wallets for any network or blockchain is an important metric used by analysts to assess holders’ long-term conviction.

A rising count of high-balance addresses suggests that participants with meaningful capital continue to add to their positions even during periods of flat or declining prices.

XRP’s 24-hour trading volume reached $3.86 billion in early April, and historically, rising holder counts and trading volumes have usually come before price increases.

Uncertainties, however, still remain that the wallet accumulation trend would translate into positive XRP price movement.

Larger XRP holders are expected to keep building positions at current levels, though, and should continue to do so for the foreseeable future.

The smartest crypto minds already read our newsletter. Want in? Join them.

OpenAI CEO Sam Altman took the witness stand in federal court in Oakland on Tuesday and told jurors he is an “honest and trustworthy businessperson,” rebutting weeks of testimony from former board members and executives who described a pattern of dishonesty.

Musk’s attorney Steven Molo opened cross-examination with a single question: “Are you completely trustworthy?” Under the questioning that followed, Altman told the jury, “I was not trying to deceive the board.”

The testimony came in the third week of Musk’s civil lawsuit accusing Altman, OpenAI president Greg Brockman, and Microsoft of betraying the company’s nonprofit mission.

OpenAI is now valued at $852 billion. As Cryptopolitan reported on Monday, Microsoft CEO Satya Nadella opened the witness sequence with testimony that quantified Microsoft’s $92 billion projected return on its OpenAI investment.

Musk wanted 90% and a succession plan running

Elon Musk initially wanted roughly 90% of the equity in any for-profit OpenAI entity formed in 2017, Altman told jurors, per Yahoo Finance. The figure later changed, but the demand for majority control remained.

In what he described as a “particularly hair-raising moment,” Musk suggested control of OpenAI should pass to his children if he died without a successor.

The OpenAI CEO told jurors he was “extremely uncomfortable” with the prospect of Musk being named CEO of any for-profit OpenAI arm, citing concerns that Tesla, a car company, could not credibly act on OpenAI’s mission to build AI for the benefit of humanity.

The founders believed no single person should control artificial general intelligence, the witness said. When they resisted Musk’s proposals, he eventually left the board in 2018.

Musk had “demotivated” key researchers by ranking their accomplishments, and morale rose after his departure.

What Musk’s attorney pressed on credibility

Molo cited testimony from former OpenAI board members Helen Toner and Tasha McCauley, who described what Toner called “a pattern of behavior related to his honesty and candor, his resistance to board oversight.”

Co-founder Ilya Sutskever testified Monday that he wrote a 2023 memo to the board characterizing Altman as exhibiting “a consistent pattern of lying” that caused a loss of trust and productivity. Sutskever later backtracked and signed a letter supporting Altman’s reinstatement.

A text exchange from the 2023 ouster has become trial fodder for memes: Altman asked then-CTO Mira Murati if events were moving “directionally good or bad.” Murati wrote back, “Sam, this is very bad.”

Altman acknowledged that his outside investments include Helion, Stripe, and Cerebras Systems, all of which have business ties with OpenAI.

The Wall Street Journal reported that the U.S. House Committee on Oversight and Government Reform has requested information related to possible conflicts of interest ahead of OpenAI’s planned IPO.

A verdict on OpenAI’s hybrid structure could reshape three pending IPOs

Altman testified that OpenAI’s nonprofit parent benefits from the current hybrid structure and that its equity stake in the for-profit subsidiary is now worth more than $200 billion.

The hybrid model is not unique. Mozilla Foundation operates a similar structure for Firefox-related operations. Several Blue Cross insurers shifted from nonprofit to for-profit models over decades under close regulatory scrutiny, often after extended legal fights over public accountability.

A ruling forcing OpenAI back into a fully nonprofit model could jeopardize the IPO planned for this year. Anthropic is reportedly raising at a $900 billion valuation, and Musk recently merged xAI with SpaceX in a deal valued at $1.25 trillion.

Altman is expected to continue testifying Wednesday. Closing arguments follow, with an advisory jury verdict expected the week of May 18. 

 

 

The smartest crypto minds already read our newsletter. Want in? Join them.

JPMorgan Chase has once again filed to launch a tokenized money market fund on the Ethereum blockchain with the SEC. This fund would be JPMorgan’s second such product, designed to be a reserve asset for stablecoin issuers pending approval from the SEC.

The money market fund is called the JPMorgan OnChain Liquidity-Token Money Market Fund and it will trade under the ticker JLTXX.

The fund will invest in U.S. Treasury securities and repurchase agreements backed by either treasuries or cash, according to the SEC filing. The exact timeline for full operation and acceptance of investors was not specified in the filing.

JPMorgan also stated that the fund’s blockchain infrastructure will be operated by Kinexys Digital Assets, its in-house digital assets unit.

Ethereum is “currently the only available blockchain for use by investors, although expansion to other blockchains is anticipated in the future,” the statement mentioned.

Built for stablecoin backing

The tokenized MMF has been well structured to meet requirements in the Guiding and Establishing National Innovation for U.S. Stablecoins Act, also known as the GENIUS Act.

This act requires stablecoin issuers within the U.S. jurisdiction to back their tokens with highly liquid assets, including cash, treasuries, and insured bank deposits.

“The Fund invests in a manner intended to satisfy the requirements for eligible reserve assets that stablecoin issuers are required to maintain,” the filing stated.

This makes the JLTXX fund come off as more of a compliance tool for stablecoin issuers in the U.S. rather than a general-purpose investment fund for the public.

Morgan Stanley had filed for a similar stablecoin-backed money market fund last month, although Morgan Stanley’s proposed fund does not employ blockchain.

JPMorgan furthers tokenization plans

The JLTXX fund is JPMorgan’s second tokenized fund on Ethereum. The bank launched its MONY fund late last year, targeting institutional investors looking for cash management on-chain, according to previous Cryptopolitan reporting.

This newly filed tokenized fund, however, appears aimed at stablecoin issuers who need liquidity reserves, instead.

Franklin Templeton also offers a tokenized money market fund product, known as BENJI, with the RWA space becoming increasingly competitive among traditional financial institutions over the past year.

The tokenized real-world asset market has reached a value of about $32.2 billion as of May 12, with U.S. Treasury products accounting for the largest share of the market at approximately $15.9 billion, according to data from RWA.xyz.

Fund fees and structure

The filing mentions total annual operating expenses of 0.71% for the Token Class shares before fee waivers.

JPMorgan and its affiliates have agreed to cap net expenses at 0.16% through June 30, 2028, absorbing the difference. On a $10,000 investment, that works out to $16 in the first year and $113 over three years, assuming the waiver applies for its contractual term.

The fund is registered under the Investment Company Act of 1940 and the Securities Act of 1933.

It carries standard money market risks, including interest rate, credit, and what the filing calls “blockchain technology risk” and “stablecoin issuer shareholder transactions risk,” categories that reflect the product’s novel structure.

The smartest crypto minds already read our newsletter. Want in? Join them.

Aave and Kelp burned the exploiter’s rsETH holdings on Arbitrum on May 12, Aave said in an X post, confirming the first phase of the technical recovery plan has been completed.

The first set of steps in the rsETH technical recovery plan are complete, including burning the exploiter's rsETH on Arbitrum. Progressively refilling the LayerZero OFT adapter and reopening rsETH operations will follow over the coming days. https://t.co/p1tiIzp5Nr

— Aave (@aave) May 12, 2026

The action removes the last remaining unbacked rsETH from circulation following the April 18 LayerZero bridge exploit that drained $292 million from the protocol.

The attack involved 116,500 unbacked rsETH minted through a vulnerability in Kelp’s LayerZero-powered bridge between Unichain and Ethereum, according to an incident report posted on Aave’s governance forum.

The route relied on a 1-of-1 verifier configuration, meaning a single verifier approval was sufficient to validate cross-chain transfers. The attacker forged a message that falsely indicated rsETH had been burned on the source chain, releasing unbacked tokens on Ethereum.

Those tokens were then deposited into Aave V3 markets as collateral, allowing the attacker to borrow between $190 million and $236 million in WETH and wstETH.

What completes Phase 1

DeFi United, the coalition formed to address the exploit, raised over $327 million in ETH commitments to restore rsETH backing without socializing losses.

Contributors include Lido (2,500 stETH), EtherFi (5,000 ETH), LayerZero (10,000 ETH), Ethena, Mantle, Golem (1,000 ETH), and Aave founder Stani Kulechov personally (5,000 ETH).

On May 9, U.S. District Judge Margaret Garnett issued an order modifying a prior asset freeze, clearing the Arbitrum Security Council to transfer approximately 30,765 ETH worth roughly $71 million to an Aave LLC-controlled wallet.

The ruling removed the last legal hurdle to executing the recovery plan after a May 1 restraining notice tied to unrelated North Korean terrorism judgments had blocked the transfer.

As Cryptopolitan reported, Aave’s DAO had previously voted to liquidate the attacker’s frozen ETH funds, with approval from 90% of voting addresses backed by 190 million ARB tokens.

Galaxy Digital’s vice president of research, Thaddeus Pinakiewicz, said the overall recovery effort is now approximately 90% complete.

What happens over the next two weeks

Kelp said 117,132 rsETH will be “progressively refilled from Aave Recovery Guardian and Kelp Recovery Safe into the LayerZero OFT adapter on mainnet” over the next two weeks.

Kulechov wrote on X that “the last step is to refill the rsETH bridge lockbox,” adding that withdrawals converting rsETH into ETH would begin within 24 hours to normalize the markets.

Aave’s total value locked stabilized above $15 billion after initial outflows of over $10 billion in the days following the exploit. WETH lending utilization sits at 93%, with USDT at 92% and USDC at 91%, signaling the withdrawal pressure has ended.

How the response differs from past DeFi exploits

The rsETH recovery has followed a different route from earlier major hacks. The Ronin Bridge attack required heavy outside funding and recovered assets to compensate users for losses exceeding $600 million.

The Euler Finance exploit ended with the attacker returning most of the stolen funds after negotiations and public pressure.

Aave and Kelp took neither path. Instead, the recovery focused on isolating bad collateral, liquidating the attacker’s positions on-chain, removing exploiter-controlled tokens from circulation through the May 12 burn, and rebuilding reserves inside the bridge infrastructure through coalition-funded refills.

It is also the first major DeFi exploit recovery to navigate a U.S. federal court intervention and proceed with user funds flowing back through governance-coordinated channels.

If you're reading this, you’re already ahead. Stay there with our newsletter.

21Shares launched Hyperliquid’s first ETF on Tuesday, and it has hit the ground running as the ETF recorded $1.8 million in trading volume on its first ever trading day. The ETF also saw about $1.2 million in net inflows on day one.

The ETF, trading under ticker THYP on NASDAQ, gives investors exposure to Hyperliquid’s native token HYPE without requiring them to hold the cryptocurrency directly.

21Shares also launched a companion product alongside THYP called the 2x Long HYPE ETF (TXXH), which offers leveraged daily exposure to the HYPE token, according to a press release from the company.

Bloomberg ETF analyst James Seyffart posted on his X account, calling the opening “very, very solid” and “better than your average ETF launch,” then adding that it was “nothing too crazy.”

How THYP compares

The first spot XRP ETF pulled in $58 million on its debut last November, and Bitwise’s first-to-market Solana ETF generated $57 million.

This shows that the $1.8 million first day volume for THYP is rather modest next to recent altcoin ETF launches. However, it is worth mentioning that there is a smaller market for HYPE relative to these established altcoins.

THYP is structured as a 33-Act exchange-traded product, which means it lacks some of the investor protections that come with funds registered under the Investment Company Act of 1940, such as being supervised by an independent board of directors.

The leveraged TXXH product, by contrast, is a registered ’40-Act ETF, according to the 21Shares press release.

Fees, fund structure and future staking

THYP carries a 0.30% management fee, which 21Shares says is the lowest among Hyperliquid ETFs, presently. The fund is physically backed by HYPE and follows the FTSE Hyperliquid Index.

21Shares has also said it plans to stake a portion of the ETF’s HYPE holdings where conditions allow. The company published a staking reward distribution timeline beginning June 30, 2026, with quarterly payouts through the end of the year.

Andres Valencia, EVP of investment management at 21Shares, said in the press release that the firm has “conviction in the strength of Hyperliquid’s fundamentals,” pointing to the chain’s more than $4 trillion in total trading volume since inception and how it controls over 50% of decentralized exchange perpetual open interest.

Hyperliquid operates as the largest onchain perpetual futures decentralized exchange, processing roughly $8 billion in daily volume. The protocol runs entirely onchain with a real-time order book and does not rely on any external influence.

21Shares also stated that the platform generates over $56 million per month in trading fees, with more than 95% directed toward daily open-market buybacks of the HYPE token.

ETF competitors hot on 21Shares’ heels

Seyffart predicted that Bitwise’s Hyperliquid ETF will be the next to enter the market. Bitwise was the first firm to file for approval of a HYPE-based fund in the US and has recently submitted a second amendment to its proposal, expanding the list of approved trading counterparties ahead of the ETF’s launch.

Bitwise has already listed a European Hyperliquid Staking ETP on the Deutsche Börse Xetra in Germany.

Grayscale is also pursuing a HYPE ETF, adding a third major issuer to the race.

HYPE was trading at $40.20 as at the time of writing, down about 4% in the last 24h, according to CoinMarketCap.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.

Galaxy Digital’s head of firmwide research, Alex Thorn, says the long-delayed CLARITY Act may finally be entering a decisive bipartisan phase. This comes as the new Senate Banking Committee revisions and a scheduled markup inject fresh momentum into the U.S. crypto market structure bill.

The Senate Banking Committee released a new draft of the CLARITY Act on May 12 and scheduled a vote on the bill for Thursday, May 14, at 10:30 a.m. Eastern Time

The sneaky political move buried in Section 904

Alex Thorn posted on X Monday morning, pointing to the addition of the Build Now Act in Section 904. 

The provision is a housing policy that would change how the federal government distributes Community Development Block Grant money.

Republican Senator John Kennedy of Louisiana and Democratic Senator Elizabeth Warren of Massachusetts introduced the bill to address the U.S. housing shortage.

“Including Build Now may be a way to solidify Kennedy’s support… Elizabeth Warren is also a cosponsor. This adds a bit more bipartisan ‘gravitas’ to CLARITY, though the odds are low that notorious ‘anti-crypto army’ leader Warren votes for CLARITY just because Build Now is inside it.” — Alex Thorn, Galaxy Digital, X post, May 12, 2026

So why is a housing bill inside a crypto law? Politics.

According to Thorn, Senator Kennedy has been dragging his feet on the crypto bill for far too long. Including his signature housing project inside the CLARITY Act is just a way to get him to vote yes on Thursday. 

If he votes no, his own housing bill dies too. The Build Now Act has already passed the full Senate twice, in March 2026 and again in October 2025, as part of a larger bill. 

However, it was dropped in the House and is now awaiting action, so attaching it to the CLARITY Act gives it a second chance to become law. 

As for Warren, Thorn says the odds are low that she votes yes on Thursday just because the bill she co-sponsored is attached.

What else changed in the new 309-page bill?

The new CLARITY Act bans exchange companies from paying users interest just for holding stablecoins, as banks do with interest on savings accounts.

However, it allows rewards tied to real activity on the platforms, such as using a wallet, making payments, providing liquidity, staking, or participating in loyalty programs. 

U.S. banks still rejected this compromise on May 9, preferring a full ban on all yield-like payments. 

But Coinbase, the White House, and the Council of Economic Advisers all publicly backed the deal, weakening the banks’ argument about deposit flight. 

The bill also protects software developers from being classified as money transmitters just for writing code.

Developers once worried that the law would criminalize them just for creating decentralized finance tools. But the new version gives them immunity unless they intentionally help move money they know came from crime.

Similarly, the bill provides clear boundaries for validators, node operators, oracle providers, and sequencers. These tools and services do not require registration with the SEC or compliance with banking laws to perform their jobs. 

Tokenization has also been limited to securities alone, and the SEC has been given sole authority over the framework. 

Lastly, Section 702 protects crypto trades in the event of an exchange platform’s bankruptcy.

Trading partners will not be frozen out of recovering their collateral in such incidents.

Senator Lummis called the May 12 release “one step closer to passage.” Chairman Tim Scott said the bill “delivers the certainty, safeguards, and accountability Americans deserve.” Senator Tillis called it a “bipartisan compromise” and said he looks forward to sending it to President Trump’s desk soon.

But all those words can only mean something after the Thursday vote. 

If you're reading this, you’re already ahead. Stay there with our newsletter.

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across the AI and crypto developer ecosystem.

Microsoft Threat Intelligence said on May 11, it was investigating the mistralai PyPI package version 2.4.6 after discovering malicious code injected in mistralai/client/__init__.py that executed on import, downloading a secondary payload from 83.142.209.194 to /tmp/transformers.pyz and launching it on Linux systems.

Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux.… pic.twitter.com/9Xfb07Hcia

— Microsoft Threat Intelligence (@MsftSecIntel) May 12, 2026

 

The filename impersonates Hugging Face’s widely used Transformers AI framework. The Mistral compromise is one piece of a coordinated campaign researchers are calling Mini Shai-Hulud.

Security platform SafeDep reported that the operation compromised over 170 packages and published 404 malicious versions between May 11 and 12.

The attack carries CVE-2026-45321 with a CVSS score of 9.6, rating it critical severity.

The SLSA provenance trust model just broke

What makes this attack structurally unprecedented: the malicious packages carried valid SLSA Build Level 3 provenance attestations.

SLSA provenance is a cryptographic certificate generated by Sigstore meant to verify that a package was built from a trusted source.

Snyk reported the TanStack attack is the first documented case of malicious npm packages with valid SLSA provenance, meaning attestation-based supply chain defenses are now demonstrably insufficient.

The attackers, identified as TeamPCP, chained three vulnerabilities: a pull_request_target workflow misconfiguration, GitHub Actions cache poisoning, and runtime memory extraction of an OIDC token from the GitHub Actions runner process.

The malicious commit was authored under a fabricated identity impersonating the Anthropic Claude GitHub App, prefixed with [skip ci] to suppress automated checks.

What the malware steals and how it spreads

As Cryptopolitan reported on the January 2026 Trust Wallet incident tied to $8.5 million in losses, the Shai-Hulud worm has been evolving across multiple waves since September 2025.

This latest variant adds password vault theft, with Wiz researchers documenting that the malware now targets 1Password and Bitwarden vaults alongside SSH keys, AWS and GCP credentials, Kubernetes service accounts, GitHub tokens, and npm publishing credentials.

The stealer exfiltrates via three redundant channels: a typosquat domain (git-tanstack.com), the decentralized Session messenger network, and Dune-themed GitHub repositories created with stolen tokens.

The malware exits if Russian language settings are detected. On systems geolocated to Israel or Iran, it introduces a 1-in-6 probability of executing recursive wipe (rm -rf /).

How Mistral and the broader ecosystem responded

Mistral published a security advisory on May 12 saying its core infrastructure was not compromised. The company traced the incident to a compromised developer device tied to the broader TanStack supply-chain campaign.

The mistralai==2.4.6 release was uploaded shortly after midnight UTC on May 12, before PyPI quarantined the project.

Compromised npm packages, including @mistralai/mistralai, @mistralai/mistralai-azure, and @mistralai/mistralai-gcp, were available for several hours before removal.

The cumulative weekly download volume of the compromised packages exceeds 518 million. @tanstack/react-router alone receives 12.7 million weekly downloads.

Developers who installed affected versions are advised to rotate cloud credentials, GitHub tokens, SSH keys, and exchange API keys, and inspect .claude/ and .vscode/ directories for persistence hooks.

If you're reading this, you’re already ahead. Stay there with our newsletter.