On May 25, 2026, a proposed U.S. Senate CLARITY Act draft was described as pushing crypto firms to redesign stablecoin yield products around AI-driven, transaction-based DeFi strategies instead of passive interest. The draft would extend limits beyond issuers to exchanges, brokers, and custodians, effectively preventing traditional APY on idle dollar-backed stablecoin balances. Firms are exploring "Yield-as-a-Service" structures where AI agents route liquidity across protocols to earn fees and incentives, a shift analysts say could raise complexity and retail risk.

Socket investigators say a supply-chain campaign dubbed "Trapdoor" used malicious packages on npm, PyPI, and Crates.io to target crypto developers, aiming to steal wallet keys and other secrets. The firm reported the activity began with waves of package releases on May 22 and continued with updates over the following weekend, affecting 34 packages across 384 versions, some of which remained available.

Prediction markets have expanded quickly as politically connected firms gained faster regulatory access, intensifying scrutiny around fairness and consumer protection. Monthly prediction-market volume rose from below $100 million in early 2024 to more than $13 billion by late 2025. Inside the CFTC, reported suspensions and staff departures added to concerns over how reviews and enforcement are being handled.

Babylon Labs has submitted a temperature-check proposal to integrate with Aave V4, aiming to let users lock native BTC on Bitcoin and borrow assets via Aave without wrapped BTC, bridges, or custodians. The design uses Taproot-based vault scripts and introduces a non-transferable accounting asset, vaultBTC, to represent BTC locked in Babylon vaults as collateral within approved Aave contracts. Aave founder Stani Kulechov endorsed the idea on X and said Babylon has more than $4bn in BTC staked that could eventually be used as collateral.

Inertia said an exploit drained about $152,000 after attackers inflated roETH collateral pricing and borrowed against it across five lending markets. The protocol's post-mortem, published on 25 May, said the incident impacted USDC, INIT, sINIT, TIA, and roTIA during an attack window of roughly 1 hour and 13 minutes.

Chainlink has deployed its Cross-Chain Interoperability Protocol (CCIP) to Neo X on MainNet, as noted in a Chainlink blockchain expansion update published on May 22. The integration adds cross-chain messaging now and lays groundwork for token transfers, with Chainlink documentation showing an active Neo X–Ethereum lane but no tokens configured for transfer yet.

A U.S. Senate CLARITY Act draft would extend a ban on paying APY on idle stablecoin balances to exchanges, brokers, and other custodial intermediaries, while allowing yield tied to transactional activity. STBL Chief Compliance Officer Joe Vollono says the pressure may push returns toward “Yield-as-a-Service,” where AI agents execute compliant strategies through DeFi instead of passive rewards. A separate White House Council of Economic Advisers model estimates the prohibition could add roughly $2.1 billion in U.S. bank lending and carry a net welfare cost of $800 million.

SlowMist issued an emergency alert labeled SM-2026-352284, saying it has detected an active cross-registry supply-chain campaign aimed at Web3 and AI builders. The firm said attackers published more than 34 malicious packages and 384 related versions across npm, PyPI and Crates.io to steal crypto wallets and developer credentials. SlowMist advised teams to remove the packages, isolate affected machines and follow a three-step remediation plan including AI config checks, credential rotation and a full rebuild.