Wallet

SlowMist said three tainted node-ipc releases (9.1.6, 9.2.3, 12.0.1) were published on May 14 after attackers took over a dormant npm maintainer account. The injected code was designed to exfiltrate .env secrets, crypto private keys, exchange API credentials, and cloud tokens, and projects that installed or auto-updated during the roughly two-hour exposure window were urged to audit dependencies and rotate credentials.

Solayer has introduced a Visa-compatible payment card that lets users spend USDC through online, in-store and contactless purchases, with ATM withdrawals available in supported regions. The card can be ordered via the Solayer Pay app; existing users can request it for free, while new users pay a $20 annual activation fee.

THORChain said on 15 May it automatically detected abnormal activity and halted signing, pausing churn after one of its Asgard vaults was compromised. The exploit drained roughly $10.7 million to $10.8 million, with the protocol saying early signs indicate user funds were not directly impacted and losses were limited to protocol-owned funds. Separate commentary from Ledger CTO Charles Guillemet suggested the incident may relate to MPC/TSS signing infrastructure, though the root cause has not been confirmed.

On May 15, 2026, Corpay said it will add embedded stablecoin wallets and blockchain-based settlement tools to its global payments platform through a partnership with BVNK. The rollout is designed to let more than 800,000 customers store, convert and transfer stablecoins alongside fiat, while extending stablecoin settlement into Corpay’s treasury operations. Corpay also reported processing over $12 billion in corporate payments each month and about $26 billion in FX volume across more than 145 currencies.

Ripple’s former CTO David Schwartz warned XRP Ledger users about a surge in fake airdrops and giveaways after one reported victim lost 6,000 XRP. He said offers circulating across social platforms are largely fraudulent, and impersonators claiming to be him on apps like Instagram or Telegram should be treated as scams. Separate reports describe unsolicited NFTs and hidden Buy Offers that can drain XRP if users sign or accept them.

Consensys, the Ethereum software firm behind MetaMask led by Joseph Lubin, has moved its potential U.S. IPO timeline from February 2026 to no earlier than fall 2026. The company is positioning the delay as a wait for more supportive macro and crypto market conditions. Consensys has been valued near $7.25Bn in secondary transactions, while MetaMask has reached 100 million monthly active users.

An Ethereum "Genesis Address" that had held 790.174 ETH since July 30, 2015 became active at about 21:47 UTC on May 13, 2026. After nine small test transactions, it transferred roughly 790.1739 ETH in two sends (1 ETH and 789.17388714 ETH) to a new wallet. At around $2,257 per ETH at the time, the moved amount was valued near $1,782,979.

Ethereum's Clear Signing standard is scheduled to launch on May 12, 2026, aiming to replace opaque hex prompts with readable transaction summaries before users approve actions. The initiative is based on ERC-7730 and ERC-8176, with Ledger, Trezor, MetaMask, and Fireblocks among the early participants.

Google’s Threat Intelligence Group (GTIG) said on May 11, 2026 it documented what it calls the first AI-developed zero-day: a two-factor authentication bypass in a widely used open-source web administration tool. Google said it coordinated with the vendor to patch the issue before a broader exploitation campaign began. GTIG also described a wider rise in AI-assisted activity across state-linked and criminal groups, including risks to AI tooling dependencies used in crypto systems.

eToro said cryptoasset revenue fell to $2.15 billion in Q1 2026 from $3.5 billion in Q1 2025, as trading activity cooled. The brokerage also reported a 32% year-over-year drop in total trades, while its balance-sheet crypto holdings edged down to $60.5 million from $62.6 million at year-end 2025.