JPMorgan, Citi, Bank of America and Wells Fargo are building a shared Tokenized Deposit Network via The Clearing House, with a target launch in the first half of 2027. The banks are promoting tokenized deposits as a way to enable 24/7, programmable settlement while keeping funds inside regulated bank deposits—an approach positioned against institutional stablecoin rails and a retail CBDC push.

Etherfi and Plume have introduced Etherfi Liquid RWA, a real-world-asset vault aimed at eligible stablecoin users seeking institutional-style yield through regulated vault infrastructure. The vault is live in the Etherfi app with a $25 million initial cap and sits within a planned $100 million deployment into Plume's RWA platform. The first allocation includes exposure to Blackrock iShares AAA CLOA, Fidelity Total Bond ETF (FBND), and a FalconX credit pool, with Liquid RWA also usable as spend collateral at a 70% loan-to-value ratio via Etherfi Cash.

Crypto exploit losses totaled about $68 million in May, down sharply from April's $650 million, with code vulnerabilities and bridge exploits still driving most damage. The largest events included Verus Protocol's ~$11.5 million bridge incident on May 18 and a THORChain attack of about $10 million that briefly halted trading. Analysts also flagged a growing pattern of AI-assisted malware and attempts to poison AI coding tools, even as phishing losses stayed near $2.6 million.

Wiz reported on May 27, 2026 that a threat group it tracks as JINX-0164 has been approaching crypto developers on LinkedIn and luring them into fake meeting links that install macOS malware. The campaign is designed to steal credentials and take over CI/CD pipelines, and it includes a confirmed supply-chain incident involving a trojanized npm package version released on April 7, 2026.

A Rust-based infostealer dubbed IronWorm was embedded in 36 npm packages connected to the Arweave/WeaveDB ecosystem, targeting developer credentials, SSH keys, and Exodus wallet files. The malware ran via a preinstall hook during npm install, searched 86 environment variables and 20 credential files, and used stolen GitHub tokens to spread through malicious commits. Security researchers advised anyone who installed the affected packages to rotate exposed secrets and harden npm/GitHub accounts.

US lawmakers are intensifying efforts around the Digital Asset Market Clarity Act (CLARITY Act), a proposal to set federal rules for digital asset markets and split oversight between the SEC and CFTC. The House passed H.R. 3633 in July 2025, and the Senate Banking Committee advanced it May 14, 2026 by a 15-9 vote. Backers cite market certainty and consumer protection, while critics argue the bill needs tighter safeguards on conflicts of interest, illicit finance, and wider market risks.

SpaceX has agreed to provide Google with AI cloud computing capacity priced at $920 million per month, according to an SEC filing. The deal runs from October 2026 through June 2029 and includes roughly 110,000 Nvidia GPUs plus CPUs, memory, and related infrastructure. The filing says capacity will ramp before reaching the full monthly rate, and the contract includes early-termination options tied to delivery milestones and notice periods.

South Korean authorities have opened what is described as the country's first criminal case targeting local users of Polymarket, with police cyber units tracing transactions and seeking to identify bettors. The probe intensified around trading tied to the June 3 national election, as officials assess whether election-based prediction market activity constitutes illegal gambling and whether the site could be blocked.