A survey arranged by digital asset services provider CoinShares found that more than half of UK-based financial advisers reported the bulk of their clients’ crypto holdings were outside their oversight.

According to the results of a CoinShares survey released on Thursday, 52% of UK advisers in a group of 261 European wealth management professionals said that the majority of their clients’ digital assets exposure was essentially “invisible” to them. Among all the EU countries surveyed, including France, Germany, Italy and Switzerland, the number was 25%, with 61% of advisers saying that they worked in companies that explicitly restricted digital assets or provided no clear internal guidance.

“The capital has already been allocated,” said CoinShares co-founder and CEO Jean-Marie Mognetti. “The people entrusted with managing it simply cannot see it, and in most cases not because clients are unwilling to engage, but because firm policy prevents them from doing so. This is not a knowledge problem. It is not a demand problem. It is a firm-policy problem becoming a wrong-way risk.”

He added:

“[…] Visibility comes before advice. You cannot allocate, manage risk or earn trust over assets you cannot see.”

Source: CoinShares

The UK’s Financial Conduct Authority (FCA), the watchdog overseeing digital asset regulation, reported in December that about 8% of the country’s adults were invested in crypto. The group recently proposed allowing authorized investment funds to hold up to a 10% allocation of cryptocurrency exchange-traded notes.

Related: Bank of England eases stablecoin rules, introduces 40B pound issuance cap

Potential new leadership to shake up UK crypto policy?

UK Prime Minister Keir Starmer resigned as Labour leader on Monday amid pressure from many in his own party, opening the door to a recently elected member of parliament to take the reins.

In a recent by-election, former Mayor of Greater Manchester Andy Burnham won a seat as a member of parliament representing Makerfield, positioning him to be heavily favored by many in Labour to replace Starmer. While it’s unclear how Burnham may handle crypto policy on a national stage, as mayor, he supported the blockchain industry as a driver for economic development.

Magazine: AI is banking the unbanked in Africa… faster than crypto

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

The European Parliament’s economic affairs committee has urged the European Commission to assess whether crypto lending and borrowing, staking, non-fungible tokens (NFTs) and decentralized finance (DeFi) should be regulated.

The recommendations were part of a report tabled Friday for plenary vote. It also called for promoting tokenization across financial services, encouraging euro-denominated stablecoins and assessing whether additional crypto activities should be regulated under the European Union’s Markets in Crypto-Assets Regulation (MiCA).

Drafted by Belgian Member of the European Parliament Johan Van Overtveldt, the report is an own-initiative resolution by the Committee on Economic and Monetary Affairs (ECON) that outlines recommendations for the Commission on digital asset regulation. 

It will next go before the European Parliament for a vote, expected July 7. If adopted, the resolution would become Parliament’s official position on digital assets policy but would not amend MiCA or create new legal obligations.

The legislative timeline shows the committee’s approval of the report and its referral for a plenary vote. Source: European Parliament

Related: European Parliament throws support behind digital euro

EU warms up to regulated stablecoins

The recommendations also reflect an evolving view of stablecoins among policymakers. Days after former Bank for International Settlements general manager and longtime crypto critic Agustín Carstens softened his stance on stablecoins, the report welcomed euro-denominated stablecoins under MiCA and encouraged their development to support the bloc’s payment sector.

In 2023, Van Overtveldt called for tighter restrictions on cryptocurrencies following the banking turmoil surrounding Silicon Valley Bank, Signature Bank and Silvergate Bank. The crisis was also closely tied to stablecoins, as USDC issuer Circle held roughly $3.3 billion of its reserves at Silicon Valley Bank when it collapsed, briefly causing USDC to lose its dollar peg.

Van Overtveldt likened cryptocurrencies to drugs during the 2023 banking crisis. Source:Johan Van Overtveldt

The report argued that euro-denominated stablecoins could complement tokenized commercial bank deposits and wholesale central bank digital currencies while enabling faster and cheaper cross-border payments. It also said broader adoption could strengthen the competitiveness of EU financial markets and the international role of the euro.

The stance also aligns with ECON’s broader vision for Europe’s digital money ecosystem. On Tuesday, the committee backed legislation for a digital euro, with lawmakers arguing that public and private forms of digital money should coexist rather than compete.

Related: Poland president vetoes MiCA bill again as crypto companies look to license abroad

Lawmakers look beyond MiCA’s current scope 

Van Overtveldt first presented a draft of the report in February before months of negotiations and amendments by ECON members. The earlier version largely focused on MiCA’s existing framework, including stablecoin classifications and legal certainty for multi-issued stablecoins.

The committee-approved report urged consistent application of MiCA across the EU to preserve a level playing field for crypto firms. It also warned member states against introducing national requirements beyond MiCA that could fragment the bloc’s digital asset industry.

The Commission is already reviewing MiCA. In May, the Commission launched a public consultation seeking feedback on whether the framework should be expanded to cover areas including DeFi, staking, lending, NFTs and tokenized financial assets, while also reopening debate over the regulation’s ban on interest-bearing stablecoins.

Meanwhile, MiCA’s transitional period ends July 1, after which crypto asset service providers generally must hold authorization under the regulation to continue operating across the EU.

Magazine: AI is banking the unbanked in Africa… faster than crypto

Polymarket says a third-party vendor compromise discovered on Thursday enabled attackers to inject malicious code into its website interface, leading to a phishing campaign that targeted multiple users. According to blockchain analyst Specter, the injected script was used to drain an estimated $2.94 million from at least 11 Polymarket wallets.

Polymarket stated that the incident has been contained and that the compromised dependency has been removed. The platform also said affected users will receive full refunds. Cointelegraph contacted Polymarket for comment but did not receive a response before publication.

Key takeaways

• Polymarket reported a third-party vendor compromise that allowed attackers to inject a malicious script into its frontend.
• Analyst Specter linked the malicious code to phishing activity, estimating losses of about $2.94 million across at least 11 user wallets.
• Polymarket said the issue has been contained, a dependency has been removed, and users will be fully refunded.
• Blockchain security reporting data indicates the incident fits within a high volume of crypto breaches in the quarter.
• Separately, DefiLlama data shows private key compromise remains the dominant cause of reported exploit losses over the last 30 days.

Frontend compromise and phishing-driven wallet losses

The Polymarket incident centers on a supply-chain style failure rather than a direct smart contract exploit. Specter said the malicious script appeared to enable a phishing attack that redirected or induced users into compromising credentials or authorizations, culminating in unauthorized asset movement from user wallets.

In practice, this type of front-end compromise can be especially damaging for institutions and compliance teams because it shifts the risk profile away from on-chain mechanics alone. Even where contracts are unchanged, malicious web-layer code can manipulate user behavior, compromise session-related security assumptions, or trick users into signing harmful transactions. For regulated entities that integrate with or route user access to crypto services, incidents like this highlight the need for tighter vendor governance and continuous integrity controls over externally served dependencies.

Polymarket’s response suggests the affected component was identified and removed after discovery. Its commitment to fully refund users also raises operational and policy considerations: while refunds may mitigate user harm, they do not automatically address whether the underlying controls—such as third-party software update processes, dependency monitoring, and incident response playbooks—were sufficient to prevent reoccurrence.

DefiLlama breach reporting underscores a pattern of recurring exploit methods

The Polymarket case arrives as crypto security incident reporting remains elevated. DefiLlama data places the event within a broader timeline: the third quarter’s second quarter-to-date statistics indicate the quarter had its most-hacked period by incident count, according to Cointelegraph’s reference to DefiLlama and its reporting on Q2.

DefiLlama also reports that June saw reported crypto exploit losses of $74.9 million across 29 incidents, exceeding May’s $60.5 million total but remaining well below April’s $644 million peak.

Among the largest June incidents were a $36 million Humanity Protocol exploit, a $4.7 million Secret Network bridge exploit, two separate Aztec exploits valued at $2.1 million each, and a $1.7 million bridge exploit tied to Taiko. While each exploit involves different technical pathways, they collectively reinforce a key compliance reality: incident frequency and magnitude continue to stress operational risk management across exchanges, wallets, and service providers with protocol-level exposure.

DefiLlama’s breakdown of losses over the past 30 days points to private key compromise as the most common leading vector, accounting for 43% of reported exploit losses. Fake proof exploits made up 10%, and reverse MEV honeypots accounted for 8%. For risk teams, these categories matter because they indicate whether controls should prioritize key management, signature/authorization integrity, or transaction routing safeguards for automated systems and integrators.

Private key history at Polymarket highlights multiple threat surfaces

About a month before the reported Polymarket frontend incident, the prediction market disclosed an additional exploit traced to a six-year-old private key used for internal top-up operations. Cointelegraph previously reported that Polymarket said contracts and user funds remained safe in that earlier case and that all permissions associated with the compromised key were revoked.

Taken together, the two events underscore that Polymarket—or any crypto service with on-chain and off-chain touchpoints—can face multiple, distinct threat surfaces: backend key management for operational processes, and web-delivered dependencies for user-facing interactions. For institutional stakeholders, the combination can complicate assurance: even when one control area is remediated (for example, permissions revoked after a key issue), a separate control plane—like third-party dependency integrity—can still introduce new risk.

Polymarket’s scale also implies higher stakes for incident governance. DefiLlama reports that the platform holds more than $450 million in total value locked, up from $112 million a year ago.

Regulatory and compliance implications for crypto firms and integrators

Although Polymarket operates in a market with evolving regulation, incidents of this nature feed directly into compliance expectations for crypto businesses. Under frameworks such as the EU’s Markets in Crypto-Assets regulation (MiCA), firms are expected to meet governance and operational resilience obligations, while AML/CFT requirements under applicable regimes typically extend to “know your customer” processes and the protection of user funds. Supply-chain compromise and phishing-driven theft also raise questions for regulated counterparties about how customer asset protection claims are substantiated in practice.

For exchanges, wallet providers, payment processors, and institutional service providers, vendor-linked incidents may trigger additional internal review under third-party risk management policies. Common areas include: the lifecycle management of dependencies, auditability of frontend build and deployment pipelines, incident detection and containment procedures, and the adequacy of refund or restitution policies. Even if the theft originates outside on-chain code, user harms can still translate into regulatory scrutiny about consumer protection, disclosures, and operational risk controls.

Cross-border differences in enforcement priorities can further complicate response. In the United States, where crypto enforcement actions have frequently addressed security, consumer protection, and alleged failures in compliance controls, and where federal agencies coordinate through legal processes and subpoenas, a frontend-driven phishing incident can still be framed as a failure to maintain reasonable safeguards. Separately, AML/KYC obligations do not prevent phishing, but they can affect how stolen funds are identified, how affected users are supported, and how suspicious activity is triaged.

For institutional compliance monitoring, the most actionable element is the incident pattern itself: third-party compromise leading to user deception, alongside persistent exploit vectors such as key compromise. These themes suggest that governance should cover both technical controls (key management, permissioning, transaction integrity) and administrative controls (vendor oversight, software supply-chain assurance, and documented response measures).

Closing perspective

Polymarket says the compromised dependency has been removed and that affected users will be refunded. The next phase will likely involve detailed post-incident validation of the compromised supply chain, verification of residual exposure across its frontend delivery stack, and continued alignment of technical controls with the compliance expectations institutions apply to customer protection and operational resilience. Security incident reporting will remain a key reference point for assessing whether this case reflects a broader systemic risk pattern or an isolated vendor failure.

Dogecoin and Hyperliquid’s HYPE led the week’s losses across crypto, falling near 10%, as money kept flowing toward stocks tied to the artificial-intelligence boom and away from major tokens.

Dogecoin slid 9.6% over seven days to about $0.076 and HYPE lost 9.9%, the steepest falls among the majors. Ether dropped 8.4% to about $1,581 and XRP fell 7.8% to $1.06, while solana and tron held up better, roughly flat on the week at $72 and $0.32.

Bitcoin was the steadier major, down 5.3% to around $60,345 on Saturday after dipping to about $58,800 on Friday and recovering, per CoinDesk data.

“Bitcoin approached $58K at its lows late Thursday and early Friday, but in both cases, aggressive buying quickly pushed it back into the $60K range,” Alex Kuptsikevich, FxPro chief market analyst, told CoinDesk. “This pattern resembles margin position liquidations during downtrend spikes, followed by strong buying on pending orders during the recovery.”

“Given deteriorating sentiment among institutional investors and their ability to quickly divest from cryptocurrencies to stabilise their balance sheets, it is worth preparing for continued pressure and periodic sell-off spikes by leveraged traders,” he added.

Ripple CEO Brad Garlinghouse said he remains bullish on bitcoin but that Michael Saylor’s approach to funding bitcoin purchases has damaged the broader crypto market, in a CNBC interview on Friday, as the preferred stock at the center of Strategy’s model fell to a record low.

“Financial engineering does not drive long-term value,” Garlinghouse said, arguing that the lasting value of any digital asset comes from its usefulness. “Team Michael Saylor wasn’t focused on the right stuff and that has hurt the overall market.”

He separated that from his view on the asset itself, saying he is still bullish on bitcoin.

Garlinghouse’s target was the machine Strategy has used to accumulate bitcoin. For about a year, the company has issued preferred shares, a class of stock that pays a fixed dividend, to raise cash for more bitcoin.

Its STRC share carries an 11.5% annual dividend and is engineered to trade near $100. Garlinghouse pointed to STRC trading about 25% below that level as a “damning indictment” of the strategy.

Securitize has secured commitments expected to deliver about $400 million ahead of its planned New York Stock Exchange debut through a merger with Cantor Equity Partners II.

According to Securitize, fewer than 30% of shareholders in Cantor Equity Partners II, the special purpose acquisition company taking the firm public, chose to redeem their shares following the final redemption results.

The company said it now expects to receive approximately $400 million in gross proceeds from the transaction, including related private investment in public equity (PIPE) financing, before transaction-related expenses.

The proposed listing comes as tokenization companies continue attracting institutional attention, with firms seeking to bring traditional financial assets onto blockchain networks. Securitize counts BlackRock, Morgan Stanley, Coinbase, and Circle among its backers and has become one of the largest providers of tokenization infrastructure for financial institutions.

The merger is expected to complete next week

Market reaction has been positive ahead of the vote. Shares of Cantor Equity Partners II closed 7% higher at $10.86 on Friday before extending gains in after-hours trading to $11.

According to Securitize, shareholders are scheduled to vote on the merger on Monday. If approved and all remaining closing conditions are satisfied, the transaction is expected to close on July 1. The combined company is then expected to begin trading on the New York Stock Exchange under the ticker SECZ on July 2.

Commenting on the listing, Securitize co-founder and CEO Carlos Domingo said reaching the public markets represents an important step for the company after more than eight years of building tokenization infrastructure.

“Reaching the public markets is a significant milestone for Securitize and a reflection of the growing momentum behind tokenization.”

Domingo added that tokenized securities, once considered largely theoretical by major financial institutions, are now moving into mainstream finance as institutional adoption continues to grow.

The public debut also follows several months of expansion for the company. As previously reported by crypto.news, Securitize recently extended its Tokenized AAA CLO Fund (STAC) to the Solana blockchain. The company said Ethena Labs plans to allocate $250 million to the fund, which invests in U.S. dollar-denominated AAA-rated collateralized loan obligation tranches.

According to Securitize, the product is developed with BNY serving as custodian of the underlying assets and sub-adviser through BNY Investments.

Institutional tokenization business continues to expand

Alongside new investment products, Securitize has continued growing its role in tokenized capital markets. Earlier this year, the company partnered with the New York Stock Exchange to support the exchange’s planned tokenized securities platform.

Crypto.news previously reported that Securitize provides tokenization infrastructure for more than 650 funds and oversees more than $4 billion in tokenized assets. BlackRock has also deepened its relationship with the firm.

In May, crypto.news reported that the asset manager filed a second Securitize-powered tokenized fund with the U.S. Securities and Exchange Commission after its BUIDL fund expanded to roughly $2.3 billion in assets.

At the same time, Securitize is dealing with a legal dispute ahead of its market debut. As reported by crypto.news, the company recently asked the U.S. District Court for the District of Delaware to declare that its products do not infringe patents owned by tZERO after receiving a cease-and-desist letter. Securitize called the allegations “without merit,” while tZERO said its claims involve patents covering compliance systems, investor registry checks, and tokenized market infrastructure.

Separate industry forecasts also point to continued growth in tokenized finance. Earlier this month, Standard Chartered projected that tokenized assets used in decentralized finance could reach $2.7 trillion by the end of 2030, up from current levels.

Base, Coinbase’s Ethereum layer-2 network, has resumed normal operation after a consensus-related issue temporarily halted block production for nearly two hours on Thursday. The incident triggered “unhealthy” block building, leaving new blocks unable to be created until the network isolated and corrected the underlying problem.

Base said blocks were later being produced normally and that the broader ecosystem infrastructure had recovered and synced. The outage was unusual for a chain that has become a go-to venue for activity on Ethereum’s scaling roadmap, highlighting how sensitive rollup operations can be when consensus and sequencing logic fail.

Key takeaways

• Base went offline briefly due to a consensus problem that resulted in an invalid block being sequenced and prevented new block creation.
• Base reported recovery of “healthy blockbuilding” and confirmed ecosystem-wide infrastructure synchronization.
• The outage occurred around an on-chain upgrade window, with a Base upgrade (“Beryl”) scheduled for 6 pm UTC.
• Network creators emphasized that user funds remained safe, while reiterating that a block-production halt is not acceptable.
• Thursday’s incident joins a small set of notable recent outages affecting major L2 ecosystems.

How the outage unfolded

Base’s status page said it began investigating “unhealthy” block production at 4:03 pm UTC on Thursday. In a subsequent update at 5:21 pm UTC, the Base team explained that it had “isolated a consensus problem” which caused an invalid block to be sequenced.

According to the status updates, that invalid sequencing stopped progress at the protocol level: “This prevented new blocks from being created.” In other words, the issue was not presented as a simple infrastructure hiccup; it was tied to the chain’s ability to agree on what should be built next.

Recovery confirmed, post-mortem expected

Base later posted an operational recovery update just before 6 pm UTC. It said the network had “recovered healthy blockbuilding,” and that ecosystem-wide infrastructure was able to sync again. Base also indicated that it had identified the issue and would continue investigating the root cause, promising a full post-mortem.

Separately, Base’s creator Jesse Pollack used X to reassure users that funds on the network are safe. Pollack also framed the halt as a solvable operational setback, saying it would be used to “level up” Base as a platform aimed at supporting continuous, global finance.

An uncommon downtime event for a leading L2

The episode stands out as a rare downtime event for Base. The report notes that Base is widely considered among the most-used Ethereum layer-2 networks, and it cites the chain’s previous major outage in August 2025, when Base reportedly went down for 33 minutes. That earlier incident is referenced via Base’s status page.

Such disruptions matter for users and developers because L2 block production is the backbone for transaction inclusion, sequencing, and timely settlement flows. Even if funds remain safe, a halt can translate into delays for withdrawals, reduced reliability for dApps, and friction for systems that assume steady block cadence.

Upgrade timing raises questions for reliability planning

Base downtime appeared to occur separately and shortly ahead of a scheduled network upgrade dubbed “Beryl,” planned for 6 pm UTC. The described goal of the Beryl upgrade was to reduce delays on withdrawals and introduce a new token standard intended for real-world assets and stablecoins.

That timing is important for operators and integrators: when an outage overlaps with a planned change, teams typically have to ensure that the network can recover cleanly and continue the upgrade without compounding issues. Base did not state that the outage directly affected the Beryl rollout, but the proximity means builders watching Base would likely want to see post-recovery monitoring closely through the upgrade window.

The incident also comes amid broader reminders across the L2 landscape. The report points to Sui experiencing two periods of downtime on back-to-back days in May, each involving temporary stops in block production. In that case, Sui later attributed the downtime to a network update it said it knew had a low probability of causing a halt—an example of how even planned changes can create operational risk.

What to watch next

Base has said it will share a detailed post-mortem and identified the consensus problem responsible for blocking new block creation. Investors, traders, and developers should watch for that report, plus confirmation that the Beryl upgrade proceeds smoothly with stable block production and no renewed consensus symptoms around the new token standard changes.