Crypto Regulatory Shifts Amid Security Concerns (2026-05-20)

The largest ASTEROID holder on Solana bought 10.04 million VIRL tokens, worth approximately $17,700.00.

May 20th news, according to Lookonchain monitoring, the largest ASTEROID holder address 8Qef2u on Solana bought 10.04 million VIRL ($17,700.00).

The address already holds 25.03 million ASTEROID ($301,600.00), and bought VIRL after the official Solana account followed virlfun.

[PANews]

Senate vote targets Trump’s Iran war, crypto eyes relief

The U.S. Senate advanced a measure that could force President Donald Trump to seek congressional approval for the Iran war, while Bitcoin ( BTC ) remained little changed near $77,200 at press time. The procedural vote passed 50-47 on May 19, with four Republicans joining most Democrats. The measure would end the Iran war unless Trump gets authorization from Congress.

The resolution still faces a difficult path. It must pass the full Senate and the Republican-led House. Trump could veto it, and Congress would need two-thirds support in both chambers to override him.

Democratic Senator Tim Kaine, who sponsored the bill, said Congress should decide whether the U.S. stays in the conflict. He wrote that Trump launched an “illegal war” 80 days earlier. Kaine added, “Congress has the power to slam the brakes on this unwise conflict.” Republican Senator Bill Cassidy also backed the vote, saying the White House and Pentagon had left Congress “in the dark” on Operation Epic Fury.

Meanwhile, the conflict has weighed on global markets because of fuel and energy concerns tied to the Strait of Hormuz. U.S. and Israeli forces began striking Iran on Feb. 28, while the U.S. later said a ceasefire had ended hostilities.

Related market coverage has shown how Iran headlines can move Bitcoin quickly. Bitcoin jumped near $79,500 in April after reports of a new Iran proposal, before a sharp pullback erased the gains and crypto liquidations reached about $275 million. Bitcoin had not moved much after the Senate vote, trading around $77,200 at the time of writing, according to crypto.news data. The muted reaction showed that traders were still focused on macro data, oil prices, inflation, and the next step in Congress.

HashKey Group senior researcher Tim Sun said the vote “directly indicates” rising political pressure on Trump. He added that the signal was a “relatively mild positive catalyst” for risk assets, not a decisive driver. Bitrue Research Institute research lead Andri Fauzan Adziima gave a stronger market view. He said the vote could be “a strong bullish catalyst for crypto,” with Bitcoin possibly seeing a 6% to 10% relief rally.

Past market moves support the idea that de-escalation headlines can affect Bitcoin. Separate coverage in April reported that Bitcoin held near $75,000 as ETF inflows reached $597.50 million over two days during renewed U.S.-Iran ceasefire hopes. Still, the resolution is not law. The next market reaction may depend on whether Congress advances the bill, whether Trump resists it, and whether tension around Iran and the Strait of Hormuz eases.

[Reuters]

CFTC Sues Minnesota to Block Law Criminalizing Prediction Markets

The Commodity Futures Trading Commission (CFTC) sued Minnesota on Tuesday to block a new state law that would make operating a prediction market a criminal felony. Governor Tim Walz signed the legislation, which the CFTC describes as the most aggressive state effort to shut down its regulated markets. The law also criminalizes weather-related event contracts used by farmers.

The agency is seeking a preliminary injunction to stop the statute from taking effect. Minnesota’s SF 4760 is a public safety bill signed on May 18, 2026. Article 8 makes operating prediction markets a felony in Minnesota starting August 1, 2026. It broadly bans wagering platforms covering sports, elections, weather, disasters, legal proceedings, pop culture, and more.

In addition, creating, operating, facilitating, providing data, or processing payments for such markets is criminalized, as is advertising them. The CFTC noted that Minnesota ranks among the largest agricultural producers in the country. The new law directly targets weather-related event contracts, which the agency calls the broadest state reach to date.

The Minnesota case follows actions against Arizona, Connecticut, Illinois, and New York. A federal court in Arizona recently issued a preliminary injunction blocking that state from using gambling laws to prosecute prediction market operators. The outcome may shape whether states retain authority to criminalize federally regulated event contracts.

South Carolina Governor Signs Bill S.163 to Protect Bitcoin Self-Custody Rights and Prohibit Discriminatory Taxation

The Governor of South Carolina has signed Bill S.163 into law. The bill prohibits any government agency from accepting or requiring the use of central bank digital currencies for payments or participating in central bank digital currency testing; allows individuals or businesses to use digital currencies for transactions; and stipulates that digital assets shall not be treated differently.

The bill stipulates that digital currency transactions may be taxed if the tax rate is the same as that for transactions using U.S. legal tender. At the same time, it restricts certain digital currency operations within areas designated as industrial land and stipulates that digital asset mining operations must not place any additional stress on the power grid to which they are connected.

In addition, the bill requires digital mining companies to provide certain information at the request of the Public Service Commission; stipulates that individuals engaged in digital mining operations do not need to obtain certain permits; and stipulates that individuals providing certain services related to digital mining or staking do not constitute securities transactions. The bill also stipulates that the Attorney General may sue individuals or businesses that fraudulently claim to provide digital asset mining or staking services, and defines the necessary terms.

[Foresight News]

Two American men were arrested for breaking into a Japanese zoo where the internet-famous monkey Punch resides, allegedly to promote a meme coin.

Two American men were arrested last Sunday for breaking into Ichikawa Zoo in Japan. The zoo is home to a young monkey named Punch, who went viral on social media earlier this year.

Reid Jahnai Daysun, 24, scaled the fence and entered the monkey enclosure, while Neal Jabahri Duan, 27, filmed the entire incident. After the event, police in Chiba Prefecture—located in the Tokyo suburbs—detained both individuals. Video footage shows Daysun wearing a blue suit emblazoned with a smiley-face emoji as he climbed into the monkey enclosure. Reports indicate that Daysun’s unusual outfit appears to be mimicking the emoji commonly used to promote meme coin cryptocurrencies.

Before being apprehended by security personnel, the individuals did not make contact with Punch or any other monkeys. Ichikawa Zoo stated on Monday that it had filed a report with the police and was implementing measures to prevent similar incidents from occurring again. The two men currently face charges of obstructing business operations, though they deny these allegations.

[Foresight News]

CFTC sues Minnesota and its state officials

The Commodity Futures Trading Commission (CFTC) has filed a lawsuit against the state of Minnesota, its Governor Tim Walz, Attorney General Keith Ellison, and Director of Public Safety Jon Anglin. The lawsuit stems from Minnesota’s legislative decision to pass Bill SF 4760, which imposes a comprehensive ban on prediction markets.

The bill prohibits advertising, creating, operating, or promoting prediction market platforms, treats event contracts on platforms such as Kalshi and Polymarket as bets and prohibits them, and was originally scheduled to take effect on August 1. The Commodity Futures Trading Commission stated in the lawsuit that, according to the Commodity Exchange Act, the Commission has exclusive jurisdiction over prediction markets and requested the court to block the state law.

[Odaily]

GitHub Security Incident Investigation Update: Employees Targeted by Malicious VS Code Extension, Approximately 3,800 Internal Repositories Compromised

GitHub posted on X, stating that it has shared additional investigation details regarding the unauthorized access to its internal repositories. Yesterday, GitHub detected and contained an attack targeting employee devices involving a malicious VS Code extension. GitHub has removed the malicious extension version, isolated the affected endpoints, and immediately initiated incident response.

Current assessments indicate that this activity was limited to the theft of GitHub’s internal repositories. The approximately 3,800 repositories claimed by the attackers align with GitHub’s investigation findings to date.

GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the credentials with the greatest impact. GitHub will continue analyzing logs, validating key rotations, and monitoring subsequent activity; a more comprehensive report will be published upon completion of the investigation.

[Odaily]

Trump instructed the Federal Reserve to assess granting primary account access to crypto companies.

On Tuesday, Trump signed an executive order titled “Integrating Financial Technology Innovation into the Regulatory Framework,” directing the Federal Reserve to assess proposals allowing fintech and crypto companies direct access to the Federal Reserve’s payment systems.

The order urges the federal government to eliminate overly burdensome policies hindering financial technology innovation and requires the Federal Reserve to conduct a comprehensive review of the regulatory framework governing nonbank companies’ access to reserve bank payment accounts and services.

Additionally, the order directs the Federal Reserve to clarify whether the 12 Federal Reserve Banks possess independent legal authority to grant or deny access to payment accounts and services, and requires the Federal Reserve to submit a report to the President within 120 days.

[The Block]

Planet Noon News

1. Approximately 60 addresses holding more than 10,000 ETH liquidated their positions over the past two months;

2. Trump’s digital asset advisor: The U.S. Bitcoin Strategic Reserve announcement is expected to be released in the coming weeks;

3. Trump instructed the Federal Reserve to evaluate granting primary account access to crypto firms;

4. WLFI Treasury Company AI Financial reported a net loss of $271.5 million for Q1 2026, facing going-concern risks;

5. India plans to dispatch tankers through the Strait of Hormuz to resume energy imports from the Middle East;

6. A whale “set 10 major goals first” and closed its Bitcoin short positions, realizing a profit of $12.61 million;

7. a16z holds HYPE valued at $356 million, potentially making it the largest external HYPE holder;

8. Bitcoin spot ETFs saw a total net outflow of $331 million yesterday, marking the third consecutive day of net outflows.

ASTEROID’s largest holder bought 10.04 million VIRL, worth approximately $301,600.00

According to Lookonchain monitoring, the largest ASTEROID holder on Solana, with the address starting with 8Qef2u, purchased 10.04 million VIRL tokens, worth approximately $17,700.00.

The address currently holds 25.03 million ASTEROID tokens, worth approximately $301,600.00, and purchased VIRL after the official Solana account followed virlfun.

[Foresight News]

SlowMist: The GitHub and Grafana security incidents are likely related to a large-scale “Mini Sandworm” supply chain attack.

According to SlowMist, several high-frequency npm packages—including AntV and Echarts-for-react—as well as the Python SDK durabletask—have been compromised in a supply-chain attack dubbed “Mini Shai-Hulud” (Mini Sandworm).

On May 19, the npm account “atool” was breached. Within 22 minutes, the attacker automatically published 637 malicious versions across 317 packages. Then, from 00:19 to 00:54 Beijing Time on May 20, the attacker uploaded three consecutive versions of durabletask—1.4.1, 1.4.2, and 1.4.3—in just 35 minutes, bypassing normal publishing controls and impersonating official Microsoft releases. A large-scale GitHub token leak incident and the ransomware attack against Grafana Labs are highly likely linked to this supply-chain attack.

SlowMist recommends the following mitigation measures against this attack: immediately rotate all publicly exposed GitHub, npm, PyPI, and cloud credentials; replace affected npm/PyPI packages with verified secure versions—or freeze dependency versions; isolate systems potentially already compromised and audit for credential theft or lateral movement; apply security patches within CI/CD pipelines and review post-compromise artifacts.

Additional recommendations include: enabling real-time monitoring and alerts for suspicious token or key usage; implementing stricter dependency review policies and supply-chain risk assessments; training teams to verify package authenticity before installation; and monitoring the dark web or underground markets for leaked credentials associated with your organization.

[Foresight News]