On May 19, 2026, the U.S. Securities and Exchange Commission proposed wide-ranging rule changes affecting registered securities offerings and public-company reporting. The agency said the package aims to modernize U.S. public capital markets, lower compliance friction for issuers, and preserve investor protections. Key elements include broader shelf-offering eligibility, expanded communication and research flexibility, and reporting relief that the SEC said could apply to about 81% of current public companies.

On May 19, 2026, the U.S. Commodity Futures Trading Commission sued Minnesota to stop a newly enacted law that would make operating or helping run a prediction market a state felony. The agency said it is seeking a preliminary injunction to prevent the statute from taking effect on Aug. 1 and argues the measure conflicts with the federal derivatives framework under the Commodity Exchange Act.

Japan plans a broad crypto policy overhaul, including a June 1 framework that permits foreign trust-type stablecoins to operate as regulated electronic payment instruments. Policymakers are also discussing replacing the current top 55% treatment of many crypto gains with a flat 20% rate, a shift that would likely require reclassifying major tokens under the FIEA and could enable spot and derivatives ETFs run by licensed operators.

npm has revoked granular write-access tokens tied to compromised developer accounts in an effort to curb a new wave of the self-replicating “Mini Shai-Hulud” supply-chain worm. The platform also urged users to rotate secrets and move to Trusted Publishing, but researchers say infected machines can still leak data locally. The latest spike followed the compromise of the npm account “atool,” which published 637 malicious versions across 323 packages in 27 minutes.

Zama has acquired TokenOps to add Fully Homomorphic Encryption (FHE) to token vesting, airdrops and cap table workflows for institutional issuers. The companies said the setup uses onchain encryption, including the ERC-7984 confidential token standard, to reduce signaling and front-running risks tied to transparent releases. The FHE-based distribution is already running in production, including deployments for KAIO and Zama's own (ZAMA) confidential vesting on Ethereum.

Galaxy Digital research chief Alex Thorn raised his estimate that the CLARITY Act becomes law in 2026 to 75%, up from a 50/50 view he held in April. The shift followed a 15-9 Senate Banking Committee vote on May 14 and an updated legislative timetable that points to Senate action in June, House work in July, and a possible presidential signature the week of August 3.

On May 20, 2026 at 10:34, South Carolina's governor signed S.0163 into law after the bill was introduced on January 14, 2025. The measure protects self-custody and limits discriminatory taxes across digital assets, exempts mining from money-transmitter licensing while keeping energy oversight, and bars state authorities from accepting or joining federal CBDC tests.

A self-replicating "Mini Shai-Hulud" worm abused GitHub Actions on May 19 to push malicious releases, impacting AntV-related packages, echarts-for-react, and Microsoft's durabletask SDK across an estimated 16 million weekly downloads. The malware is designed to steal cloud and developer credentials and includes a dead-man's switch that can wipe a developer's home directory if the attacker-created npm token is revoked. GitHub said on May 20 it would roll out staged publishing, expand OIDC trusted publishing, and move away from legacy tokens.