A July 4 target for moving crypto market-structure legislation through the U.S. Senate is looking less certain. Galaxy Digital research head Alex Thorn cut his estimate for the CLARITY Act passing in 2026 to 60% from 75%, saying a crowded Senate calendar—now including FISA-related business after a failed reauthorization vote—has tightened the window.

Securitize said the SEC has declared effective the Form S-4 registration statement for its planned merger with Cantor Equity Partners II. CEPT shareholders of record as of May 11, 2026 are set to vote at a special meeting on June 29, and if approved the combined company is expected to list on the NYSE as "SECZ" shortly after closing. The tokenization firm reported more than $4 billion in assets under management as of April 2026.

JPMorgan, Citi, Bank of America and Wells Fargo are building a shared Tokenized Deposit Network via The Clearing House, with a target launch in the first half of 2027. The banks are promoting tokenized deposits as a way to enable 24/7, programmable settlement while keeping funds inside regulated bank deposits—an approach positioned against institutional stablecoin rails and a retail CBDC push.

Etherfi and Plume have introduced Etherfi Liquid RWA, a real-world-asset vault aimed at eligible stablecoin users seeking institutional-style yield through regulated vault infrastructure. The vault is live in the Etherfi app with a $25 million initial cap and sits within a planned $100 million deployment into Plume's RWA platform. The first allocation includes exposure to Blackrock iShares AAA CLOA, Fidelity Total Bond ETF (FBND), and a FalconX credit pool, with Liquid RWA also usable as spend collateral at a 70% loan-to-value ratio via Etherfi Cash.

Crypto exploit losses totaled about $68 million in May, down sharply from April's $650 million, with code vulnerabilities and bridge exploits still driving most damage. The largest events included Verus Protocol's ~$11.5 million bridge incident on May 18 and a THORChain attack of about $10 million that briefly halted trading. Analysts also flagged a growing pattern of AI-assisted malware and attempts to poison AI coding tools, even as phishing losses stayed near $2.6 million.

Wiz reported on May 27, 2026 that a threat group it tracks as JINX-0164 has been approaching crypto developers on LinkedIn and luring them into fake meeting links that install macOS malware. The campaign is designed to steal credentials and take over CI/CD pipelines, and it includes a confirmed supply-chain incident involving a trojanized npm package version released on April 7, 2026.

A Rust-based infostealer dubbed IronWorm was embedded in 36 npm packages connected to the Arweave/WeaveDB ecosystem, targeting developer credentials, SSH keys, and Exodus wallet files. The malware ran via a preinstall hook during npm install, searched 86 environment variables and 20 credential files, and used stolen GitHub tokens to spread through malicious commits. Security researchers advised anyone who installed the affected packages to rotate exposed secrets and harden npm/GitHub accounts.

US lawmakers are intensifying efforts around the Digital Asset Market Clarity Act (CLARITY Act), a proposal to set federal rules for digital asset markets and split oversight between the SEC and CFTC. The House passed H.R. 3633 in July 2025, and the Senate Banking Committee advanced it May 14, 2026 by a 15-9 vote. Backers cite market certainty and consumer protection, while critics argue the bill needs tighter safeguards on conflicts of interest, illicit finance, and wider market risks.