TLDR

• The FCA proposed allowing UCITS and certain NURS funds to invest up to 10% in crypto ETNs.
• Under the consultation paper, the regulator set a 10% cap to manage portfolio concentration risks.
• The proposal follows the October 2025 decision that reopened retail access to crypto exchange-traded products.
• UCITS and NURS operate as regulated, open-ended retail investment structures in the U.K.
• The FCA invited industry feedback before finalizing amendments to existing fund rules.

The U.K. Financial Conduct Authority has proposed allowing certain retail funds to invest up to 10% in crypto exchange-traded notes. The plan covers UCITS schemes and some non-UCITS retail schemes under existing investment rules. The regulator outlined the proposal in its latest quarterly consultation paper and invited feedback from market participants.

FCA Outlines Framework for Retail Fund Exposure

The Financial Conduct Authority detailed the proposal in its quarterly consultation document. It said UCITS schemes and certain non-UCITS retail schemes could allocate up to 10% to crypto ETNs. The regulator stated that the cap would limit concentration within diversified portfolios.

The FCA wrote, “Our proposed 10% limit for UCITS and NURS would also mitigate the risk of impacts arising from crypto ETN exposure.”

It explained that the limit aligns with current diversification standards for retail funds. The proposal applies to regulated open-ended structures available to retail investors.

UCITS stands for Undertakings for Collective Investment in Transferable Securities. These funds pool money from retail investors into managed portfolios under strict oversight. Non-UCITS retail schemes operate under similar rules but follow a separate regulatory framework.

The FCA confirmed that the proposal does not change broader eligibility rules for retail funds. Instead, it would permit limited exposure to crypto ETNs within existing structures. The consultation paper sets out technical amendments to reflect the allocation threshold.

The regulator requested comments from industry participants before finalizing the rules. It said it would review feedback before publishing any final amendments. The consultation forms part of its regular policy update process.

Crypto ETNs Gain Further Access in U.K. Market

The proposal builds on earlier regulatory changes affecting crypto ETNs. In October 2025, the FCA lifted a ban that had restricted retail access since 2021. That move allowed retail investors to access certain crypto exchange-traded products.

Crypto ETNs allow investors to gain price exposure without directly holding digital assets. Fund managers purchase listed notes that track cryptocurrency performance. Investors therefore avoid direct custody and operational requirements.

The FCA’s consultation does not expand direct crypto holdings for retail funds. Instead, it focuses on exchange-traded notes listed on approved venues. The regulator maintains oversight of listing and disclosure standards for these instruments.

The U.K. regulator has previously faced criticism over its cautious approach. Some commentators argued that restrictions limited domestic competitiveness. The latest proposal addresses portfolio allocation rather than broader market access.

The FCA published the consultation as part of its standard quarterly review cycle. It invited responses within the stated deadline in the document. The authority will publish further updates after reviewing submitted feedback.

CME Group has launched Nasdaq CME Crypto Index futures, giving traders exposure to eight large cryptocurrencies through one regulated contract. 

Trading began on June 8, while CME confirmed the launch on June 9.

The product tracks Bitcoin, Bitcoin Cash, Ether, Solana, XRP, Cardano, Chainlink and Stellar Lumens. It expands CME’s digital asset range beyond futures linked to individual cryptocurrencies.

CME Crypto Index Futures Begin Trading

The contracts settle in cash against the Nasdaq CME Crypto Settlement Price Index. The benchmark measures the performance of large, actively traded cryptocurrencies using a market-cap-weighted structure.

CME offers a standard contract under the NCI ticker and a micro version under MCI. The standard contract equals $10 times the index value, while the micro contract equals $1 times the index.

As of June 9, the index includes BTC, BCH, ETH, SOL, XRP, ADA, LINK and XLM. The basket gives traders broader market exposure without requiring them to buy, store or transfer each token.

Bitcoin and Ether remain the largest assets in the group. The addition of SOL, XRP, ADA, LINK, XLM and BCH also gives the contract exposure to payment networks, smart-contract platforms and blockchain data services.

CME Targets Portfolio Hedging and Broader Exposure

Giovanni Vicioso, CME Group’s global head of cryptocurrency products, said investors want diversified access while using a regulated derivatives market.

“These contracts give clients a cost-efficient tool to hedge their risk,” Vicioso said.

Nasdaq index product management head Sean Wasserman said demand is growing for digital asset benchmarks with established governance and transparent rules.

“Futures linked to the index are a natural extension,” Wasserman said.

Because the contracts settle financially, traders receive or pay the difference in cash at expiration. They do not take delivery of the cryptocurrencies included in the index.

Launch Extends CME’s Crypto Derivatives Expansion

The index futures follow CME’s earlier move into contracts tied to Bitcoin, Ether, SOL, XRP, ADA, LINK, XLM, Avalanche and Sui. The exchange also introduced Bitcoin volatility futures in June.

CME now offers cryptocurrency futures and options on a 24/7 schedule, apart from maintenance windows. That timetable gives global traders weekend access and brings the regulated market closer to crypto’s continuous spot trading structure.

As crypto.news reported in May, the index product would become CME’s first market-cap-weighted cryptocurrency futures contract. The publication also covered CME’s addition of Avalanche and Sui futures as the exchange widened its regulated altcoin offering.

The launch gives funds, advisers and other market participants one contract for managing broad crypto exposure. Contract prices still depend on the combined movement of the index members, so gains in one asset may be offset by losses elsewhere in the basket during each session.

Unverified smart contracts were linked to at least $36.7 million in losses across four DeFi exploits over the past six months, as attackers increasingly target protocols whose source code is not publicly available, according to Chainalysis.

The largest incident involved Truebit, which lost $26.2 million after an attacker exploited an integer overflow vulnerability in a contract that had remained unverified on Ethereum since 2021. The other incidents involved Trusted Volumes, Aperture Finance and Ekubo, according to the report.

In each case, the exploited contract had not been verified on a blockchain explorer, meaning its source code was not publicly available for review. According to Chainalysis, that limited scrutiny from security researchers and excluded the contracts from many bug bounty programs despite controlling user funds.

Five protocols saw exploits on unverified smart contracts. Source: Chainalysis

Chainalysis attributed the trend in part to advances in decompilation tools and artificial intelligence, which can help attackers reverse-engineer smart contract bytecode and identify vulnerabilities even when source code is not publicly available. According to the report, what once required “a skilled reverse engineer spending days on a single contract” can now be partially automated across large numbers of unverified contracts.

The report challenges a longstanding assumption in DeFi that keeping smart contract code private provides an additional layer of security. According to Chainalysis, protocols relying on hidden code are increasingly depending on “obscurity as a security measure,” an approach the company said is rapidly losing effectiveness. 

Chainalysis recommended source code verification, broader bug bounty coverage and real-time monitoring tools as safeguards against future exploits.

Related: Humanity Protocol token falls 85% amid $30M private key exploit

DeFi security concerns persist after record April losses

The report comes amid a broader rise in crypto exploits. According to DeFiLlama, hackers stole $629.7 million in April alone, the highest monthly total since February 2025.

Two incidents accounted for most of the losses. KelpDAO lost $293 million and Drift Protocol suffered a $280 million exploit, together representing more than 80% of the month’s stolen funds.

Although losses fell sharply in May, with CertiK reporting $68.3 million stolen from cryptocurrency exploits, the fallout from April’s largest attacks continued. In June, blockchain intelligence platform Arkham reported that the attacker behind the KelpDAO exploit had laundered nearly all of the roughly $220 million in unfrozen stolen funds.

Kelp DAO Hacker-tagged wallet, total balance. Source: Arkham

The KelpDAO exploit also prompted several DeFi protocols to review their security infrastructure, with projects including Solv Protocol announcing plans to migrate to Chainlink’s crosschain infrastructure following internal security reviews.

This month, Anthropic said 560 of the 832 accounts it banned for policy violations over a one-year period had used AI to help prepare cyberattacks, including writing malware and identifying vulnerabilities.

Magazine: The legal battle over who can claim DeFi’s stolen millions

The United Kingdom’s decision to sanction HTX, the exchange operated by Huobi Global’s Panamanian affiliate, has sparked debate across the crypto industry about the collateral damage sanctions can unleash on legitimate users and the broader DeFi compliance ecosystem. While authorities argue the move targets Russia-linked financial networks, researchers and on-chain investigators say the blanket approach may blur lines between illicit and ordinary activity and complicate decen­tralized tracing efforts.

Key takeaways

• The UK added HTX (Huobi Global S.A.’s entity behind HTX) to sanctions, citing indications of support for Russia’s government through sanctioned entities A7 and Garantex. The step broadens the choke point for HTX’s operations.
• Industry observers argue the designation risks penalizing ordinary users and could undermine long-running efforts to promote on-chain compliance in DeFi, especially around illicit-fund tracing.
• A Global Ledger analysis, cited by industry coverage, tallies HTX as processing about $21.06 billion in high-risk crypto flows from 2021 through May 2026, with roughly $7.64 billion connected to Russian-linked entities and darknet markets.
• Downstream effects have surfaced, including a DeFi project freezing HTX-linked addresses and HTX itself delisting a rival’s USD1 stablecoin and halting several trading pairs.

Regulatory action and its immediate implications

On May 26, the UK government sanctioned Huobi Global S.A., the Panamanian entity behind the HTX exchange, in connection with alleged support for Russia’s government through certain financial services and funds attributed to sanctioned entities such as A7 Limited Liability Company and Garantex. The sanctions connect HTX to a broader framework aimed at curbing Russia-related financial activity and signals the UK’s willingness to pursue cross-jurisdictional enforcement in crypto markets.

HTX has subsequently denied the allegations, emphasizing that the sanctioned entity is a separate corporate vehicle from the online exchange. The dispute highlights a frequent tension in crypto policy: where to draw the line between a platform and the corporate entities behind it, and how to apply sanctions without unduly penalizing users who may have legitimate activity on the platform.

The move also dovetails with a string of UK regulatory actions targeting crypto promotions and exchange operators, raising questions about how different arms of government—policy, enforcement, and sanctions—interact in crypto markets. For context, UK authorities have previously pursued actions against HTX’s parent or affiliates alongside other sanctions measures against Huobi-linked entities.

Data-driven debates over the efficacy and consequences of such sanctions have intensified. In one analysis cited by researchers and journalists, HTX’s on-chain activity is described as having included substantial high-risk flows in the period 2021 through May 2026. While the total volume remains subject to ongoing verification, a sector-wide review has flagged notable Russian-linked flows and activity tied to known darknet markets.

Voices from the research and security community

Several prominent researchers and on-chain investigators weighed in on the implications for enforcement and compliance practices. Galaxy Digital’s head of research, Alex Thorn, argued on X that classifying “all of HTX” under sanctions could be problematic given the platform’s broad user base and the privacy-preserving nature of DeFi tools. Thorn pointed to the divergent practices among stablecoin issuers when it comes to freezing or restricting tokens, suggesting that blanket sanctions may not align with how different protocols assess risk and compliance.

Security researcher Taylor Monahan, also posting on X, contended that sweeping sanctions against HTX risk undermining established efforts to coordinate DeFi safeguards against stolen or illicit funds. Monahan emphasized that a majority of HTX users are legitimate and should not be penalized by association alone.

Crypto investigator ZachXBT added a pointed critique, describing the sanctions as an overreach and noting that on-chain tainting of HTX addresses could undermine tracing work essential to risk management. He warned that when risk categories become too broad, the practical value of tracing decreases, potentially hampering legitimate investigations and compliance workflows.

These perspectives underscore a broader industry concern: sanctions can blur the distinction between malicious actors and ordinary users, complicating the use of on-chain analytics as a risk-management tool and potentially driving legitimate activity underground or toward less-regulated alternatives.

For context, the discourse follows UK sanctions against Huobi Global S.A. in connection with HTX, linked to allegations of Russia-related support via intermediaries such as A7 and Garantex. The industry’s response reflects a tension between national security aims and the practical realities of operating in a decentralized, borderless financial system.

On-chain impact and downstream signaling

Beyond policy debates, the sanctions have produced observable downstream effects. A DeFi project—World Liberty Financial, associated with Trump-linked activity—responded to sanctions considerations by freezing HTX-linked addresses as part of its compliance checks. HTX then delisted this project’s USD1 stablecoin and suspended several trading pairs, signaling how sanction regimes can trigger rapid reconfigurations across the interconnected DeFi landscape.

The sanctioning itself has drawn attention to the broader question of how on-chain enforcement evolves when large, cross-border platforms are implicated. A Global Ledger report highlighted in industry coverage points to HTX processing approximately $21.06 billion in high-risk crypto flows from 2021 through May 2026, with at least $7.64 billion tied to Russian high-risk entities and darknet markets (including Garantex, its successor Grinex, A7A5 and Hydra). While such figures are contentious and subject to methodological caveats, they illustrate the scale of activity that regulators and policymakers are attempting to influence through targeted measures.

Critics argue that while sanctions aim to disrupt illicit networks, the on-chain consequences for legitimate users—ranging from freezing funds to tainting addresses—could complicate normal trading and risk management, potentially driving activity toward less transparent venues. The tension between enforcement objectives and practical usability for compliant users remains a focal point for investors, developers, and exchanges contemplating risk controls and due diligence standards.

What this means for the market and future policy

For investors and builders, the UK HTX action serves as a reminder that regulatory risk remains a material factor in cross-border exchange activity. Sanctions can rapidly alter the operational landscape, including how on-chain analytics are used for compliance and how counterparties assess risk in real time. The responses from researchers also illustrate that enforcement choices may shape how protocols implement sanctions screening, how they coordinate with cross-border regulators, and how they design governance around asset lists and blacklists in a decentralized environment.

Looking ahead, market participants will be watching whether the sanctions regime surrounding HTX prompts additional, more precise guidance on which entities and activities are targeted and how due process is applied. Questions remain about the consistency of enforcement across jurisdictions and the degree to which sanctions risk can be anticipated by exchanges, wallets, and DeFi protocols that rely on open, permissionless on-chain activity. Additionally, observers will be watching to see whether sanctioned entities refocus their strategies, whether more sanctions-linked data becomes publicly accessible, and how institutional risk tooling adapts to evolving regulatory expectations.

In sum, the HTX sanctions illuminate a pivotal moment in crypto policy: authorities aim to curb support to malign networks, but the path forward will require careful calibration to protect legitimate users and maintain the integrity of on-chain ecosystems that rely on transparent, auditable flows of funds.

Readers should monitor ongoing regulatory updates, industry responses from compliance teams, and the evolution of on-chain tracing practices as the sector navigates this complex, high-stakes landscape.

The Hashgraph Group and Merck have integrated the German tech maker’s product authentication technology with TrackTrace, a Hedera-based digital product passport platform introduced in February, as businesses seek to comply with new European Union supply-chain transparency and traceability requirements.

Under the arrangement, Merck’s M-Trust technology embeds security markers into products and packaging that can be verified with a handheld scanner. Authentication data is then recorded on The Hashgraph Group’s TrackTrace platform, creating a digital record linked to a product’s Digital Product Passport.

The companies said the integration combines physical product authentication with blockchain-based traceability, allowing businesses to verify both the authenticity of a product and the records associated with it.

Source: The Hashgraph Group on X.com

The platform targets two emerging EU compliance frameworks: Digital Product Passports under the Ecodesign for Sustainable Products Regulation and traceability requirements under the EU Deforestation Regulation.

Merck is a science and technology company focused on healthcare, life sciences and electronics, while Swiss-based Hashgraph develops enterprise blockchain and AI applications within the Hedera ecosystem.

According to the companies, the technology has already been demonstrated in an undisclosed supply-chain pilot. Potential use cases include food, pharmaceutical, luxury goods and electronics supply chains, where businesses face increasing scrutiny over sourcing and product authenticity.

Related: ECB pushes back on euro stablecoin proposals, citing financial stability risks

EU sustainability rules create market for product traceability

The collaboration comes as companies prepare for forthcoming Digital Product Passport requirements under the European Union’s Ecodesign for Sustainable Products Regulation (ESPR), which entered into force in July 2024.

The regulation applies to most physical goods sold in the EU and forms part of the European Green Deal, a broader effort to improve resource efficiency, expand the circular economy and increase transparency around product environmental impacts.

Source: European Commission

Interest in blockchain-based trade and supply-chain infrastructure extends beyond the EU. In March, authorities in Hong Kong and Shanghai agreed to study a blockchain-based cross-border platform under the Hong Kong Monetary Authority’s Project Ensemble initiative, which explores tokenized market infrastructure and digital financial rails.

The project will examine how trade documentation and commercial data can be integrated into trade finance applications, with the goal of streamlining cross-border commerce and related financial services.

Magazine: Vietnam preps crypto pilot, HK pushes tokenization: Asia Express

StarkWare has launched a new privacy framework for Starknet tokens that allows users to conceal balances and transaction details while preserving tools for compliance reviews and regulatory disclosures.

According to StarkWare, the newly released STRK20 standard brings privacy features to ERC-20 tokens on Starknet by enabling users to shield balances and transaction information on-chain.

The framework was announced on Tuesday as developers across the crypto industry continue looking for ways to offer transaction privacy without removing oversight mechanisms relied upon by institutions, exchanges, and regulators.

Providing details on how the system works, StarkWare co-founder and CEO Eli Ben-Sasson notes that STRK20 should not be viewed as a guarantee of regulatory approval or legal compliance. Instead, he said the framework follows a risk-based approach where privacy remains conditional.

Ben-Sasson explained that screening occurs before assets enter shielded pools and that viewing-key technology can be used to disclose information when lawful requests require access.

Unlike traditional privacy-focused cryptocurrencies that seek to obscure most transaction data, STRK20 introduces disclosure tools designed to balance confidentiality with accountability. 

Under the model described by StarkWare, transaction details remain hidden from the public while authorized disclosure remains possible under specific circumstances.

Privacy tools are adding disclosure mechanisms

Elsewhere in the sector, developers are adopting similar approaches to encrypted transactions. According to an announcement published on June 8, Sui opened public testing for confidential transfers on its Devnet. The feature encrypts token balances and transfer amounts while leaving sender and recipient addresses, token types, and transaction timestamps visible on-chain.

As reported by crypto.news, Sui stated that authorized parties can access relevant data when required for auditing or compliance purposes. A Testnet rollout is scheduled for later this year.

Rather than removing transparency entirely, the Sui design keeps selected transaction information visible while concealing financial details. The network described the system as a way to support privacy requirements without limiting access for compliance teams and auditors.

Taken together, the launches from StarkWare and Sui highlight how blockchain developers are increasingly incorporating controlled disclosure features into privacy products instead of relying on complete anonymity.

Recent events have increased focus on oversight

At the same time, several privacy-focused projects have recently faced scrutiny over compliance and operational safeguards.

Earlier this month, blockchain privacy company Zama said it would speed up work on its compliance roadmap after approximately $12.5 million in USDC held within its confidential USDC wrapper was frozen under a court order. According to Zama, the restriction was later removed once the underlying legal request was resolved.

Following the incident, the company highlighted disclosure tools and regulatory coordination procedures available for encrypted transactions.

Meanwhile, developers behind Zcash recently disclosed a vulnerability that raised concerns about the possible creation of counterfeit tokens. According to the project, an emergency network upgrade completed in early June addressed the issue, and no evidence of exploitation has been found.

Zcash developers noted that reconstructing historical activity inside shielded pools can be difficult after vulnerabilities are disclosed, a limitation that has renewed discussion around how privacy systems can provide confidentiality while still supporting verification and oversight when needed.