Polymarket has obtained an Amended Order of Designation from the U.S. Commodity Futures Trading Commission, subjecting the prediction market platform to federal exchange regulations. The designation enables broker-intermediated access and introduces compliance infrastructure aligned with traditional U.S. financial systems. The platform will transition from direct on-chain trading to a broker-based model requiring intermediaries for market participation.

Swedish fintech company Klarna introduced KlarnaUSD, a USD-pegged stablecoin on the Tempo blockchain developed by Stripe and Paradigm. The token targets the approximately $120 billion in annual fees generated by international payment transactions. KlarnaUSD is currently operational on Tempo's testnet, with a mainnet launch scheduled for 2026.

Exodus is acquiring W3C Corp for $175 million to transition from a wallet-focused company into a provider with integrated payment processing capabilities. The deal brings subsidiaries Monavate and Baanx under Exodus's control, enabling direct card issuance and transaction processing. The transaction is expected to close in 2026 pending regulatory approval.

Charles Guillemet, Chief Technology Officer at Ledger, has issued a security alert about zero-click vulnerabilities being exploited to compromise cryptocurrency wallets. State-sponsored groups are deploying commercial spyware against messaging apps to gain unauthorized phone access. He advises against storing significant crypto assets on mobile devices due to escalating threats.

More than 300 victims and families connected to the October 7, 2023 attacks in Israel filed a lawsuit Monday against Binance, founder Changpeng Zhao, and executive Guangying Chen. The complaint alleges the exchange knowingly processed over $1 billion in cryptocurrency for Hamas, Hezbollah, and other designated terrorist groups. The 284-page filing invokes the Justice Against Sponsors of Terrorism Act and claims transactions continued after Binance's 2023 guilty plea to money laundering violations.

A supply-chain breach has infected over 490 npm packages recording 132 million monthly downloads, targeting libraries linked to Ethereum Name Service, Zapier, and other cryptocurrency platforms, according to Aikido Security. The malware steals developer credentials and GitHub tokens during installation. If stolen credentials provide access to code repositories, attackers can breach additional accounts and distribute more compromised packages, enabling autonomous spread.

A supply chain attack on the NPM ecosystem has infected more than 400 JavaScript packages, including at least 10 crypto libraries tied to Ethereum Name Service, according to Aikido Security. The malware collects credentials from compromised environments and has spread to over 25,000 repositories. Aikido Security disclosed the breach on Monday after detecting unusual activity across the JavaScript package registry.

North Korean operatives could be working at up to 20% of cryptocurrency companies, according to Pablo Sabbatella, founder of Web3 audit firm Opsek and Security Alliance member. Between 30% and 40% of job applications at crypto firms may come from such operatives, who use stolen identities and freelance platforms to gain employment. The threat extends beyond financial theft to unauthorized access to critical infrastructure supporting major platforms.