The U.S. Commodity Futures Trading Commission has rescinded its long-running “no-deny” policy for enforcement settlements. 

The rule, adopted in 1998, blocked the agency from accepting settlement offers when a defendant continued to deny allegations in a complaint or administrative order.

CFTC eliminates “no-deny” policy for settlements, aligning with SEC approach. Chairman Selig states this offers greater flexibility in enforcement actions.

— Markets News (@MarketsDotNews) June 4, 2026

Advertisement

The CFTC said the old policy may have created the view that the agency wanted to “shield itself from criticism.” Chairman Michael Selig said the Commission had used the rule for nearly three decades and was now moving “consistent with regulators throughout the government.”

SEC move set the recent precedent

The decision follows a similar shift at the U.S. Securities and Exchange Commission. The SEC removed its own no-deny settlement rule in May, ending a policy first adopted in 1972 that limited public denials after enforcement settlements.

According to recent crypto.news reporting, SEC Chair Paul Atkins said that change ended a restriction on criticism of the agency. SEC Commissioner Hester Peirce also argued that allowing both sides to speak openly would support clearer enforcement records.

Crypto cases add fresh context

The CFTC decision comes as U.S. market regulators review parts of their crypto enforcement approach. Crypto firms have long criticized no-deny language, arguing that settlement terms forced companies to stay silent even when they disagreed with agency claims.

The timing also follows renewed attention on Gemini. The exchange agreed in January 2025 to pay $5 million to settle CFTC charges tied to alleged misleading statements linked to a Bitcoin futures product. As crypto.news reported at the time, Gemini settled without admitting or denying the allegations.

Gemini case remains part of the broader debate

The CFTC has since asked a federal judge to vacate the prior order against Gemini. Reuters reported that Gemini agreed not to seek a refund of the $5 million penalty, while the agency now says the false-statement case should not have been brought.

Selig has also described the Gemini case as “politically targeted,” according to recent reports. Meanwhile, the CFTC said it will not enforce existing no-deny provisions in prior settlements. The agency also said the new approach does not remove its discretion to seek admissions of facts or liability in future enforcement deals.

That means defendants may gain more room to settle without giving up public denials. At the same time, the CFTC can still pursue enforcement actions, seek penalties, and negotiate admissions where the facts or public record require them.

For crypto companies, the change may affect how future CFTC settlements are drafted. It does not erase past investigations or rewrite commodity law, but it changes the speech terms attached to many enforcement resolutions.

Coinbase said it froze more than $3 million in cryptocurrency tied to scam networks operating in Southeast Asia. 

The exchange joined a broader operation led by the U.S. Department of Justice’s Scam Center Strike Force.

The action targeted criminal groups accused of running romance scams, investment fraud, and forced labor scam compounds. Coinbase said it shared intelligence with Meta, Microsoft, Starlink, the DOJ, and global law enforcement agencies.

“This operation is proof that scammers can’t be stopped by any single company or agency acting alone,” Coinbase said. 

The company added that social platforms, financial firms, internet providers, and police had to act together.

Meta and Microsoft disrupt online accounts

Meta said the joint action disabled more than 1.4 million accounts, pages, and groups across Facebook and Instagram. Microsoft also suspended about 20,000 fraudulent accounts linked to scam networks.

Today, through @USAttyPirro & our Scam Center Strike Force, the DOJ announced results from its first-of-its-kind “Disruption Week,” partnering with the private sector to crush Southeast Asian cyber/crypto fraud.

Key impacts:
– 1.4M+ scam accounts disrupted
– $3.8M in crypto…

Advertisement

— U.S. Attorney DC (@USAO_DC) June 3, 2026

Starlink terminated connectivity for thousands of kits tied to unlawful use. The Royal Thai Police also arrested 63 people connected to scam operations, according to Meta.

The companies said the operation connected online activity with real-world scam centers. Meta said shared intelligence helped identify scam locations, accounts, infrastructure, and networks for law enforcement review.

Crypto tracking aids law enforcement

Coinbase defended the role of blockchain tracking in the operation. The company said public blockchain records can help investigators follow stolen funds after victims send crypto to scammers.

“Blockchain technology gives law enforcement something traditional financial systems often can’t: a transparent, immutable and permanent record of every transaction,” Coinbase said.

The statement comes as crypto-linked investment scams continue to draw attention from U.S. authorities. The DOJ has described pig butchering and investment scams as among the most damaging fraud types targeting Americans.

Broader scam crackdown continues

The latest action follows a broader push against scam compounds and fake investment platforms. As previously reported by crypto.news, U.S. authorities froze more than $701 million in crypto tied to global scam networks in April.

That earlier action also targeted over 500 fake investment websites. Authorities said the sites used false dashboards and fake returns to convince victims to deposit more funds.

Law enforcement agencies in several countries have also moved against scam centers this year. Actions have involved the U.S., Thailand, Singapore, the UAE, Austria, Albania, and other partners.

The Coinbase freeze adds another case showing how exchanges now play a direct role in fraud disruption. The company said it will continue working with public and private partners to block criminal funds and protect users.

The U.S. Securities and Exchange Commission has elevated digital assets to a strategic priority, signaling that comprehensive regulatory clarity around blockchain technology, tokenization and crypto market infrastructure will be central to its agenda through 2030. The agency’s forthcoming Strategic Plan for fiscal years 2026–2030 designates digital assets as a core objective alongside core mission pillars such as capital formation, investor protection and agency modernization. The plan positions the SEC as pursuing a firm regulatory foundation for digital assets and distributed ledger technology through a rational, coherent, and principled approach, underscoring a belief that blockchain and crypto asset technologies have the potential to transform America’s financial infrastructure.

According to the SEC’s draft Strategic Plan, the agency acknowledges that the growth of digital assets has outpaced existing regulations and emphasizes a need for greater legal certainty for market participants. It highlights tokenized offerings and on-chain financial infrastructure as areas where the SEC intends to support compliant, orderly capital formation. The document also notes that custody, trading and staking services should be able to operate under appropriate oversight without duplicative or conflicting regulatory requirements.

Related: SEC approves Paxos as ‘blockchain-native’ clearing agency (Paxos regulatory milestone cited in contemporaneous coverage)

Key takeaways

• The SEC elevates digital assets to a strategic, cross-cutting priority and charts a long-term regulatory blueprint through 2030, with a focus on reducing legal ambiguity for market participants.
• The plan foregrounds a clearer division of oversight between the SEC and the CFTC, signaling a push for a coherent, agency-spanning framework for digital asset markets.
• It emphasizes practical oversight for custody, trading, and staking services that avoids duplicative or conflicting requirements, aligning policy with market realities and capital formation needs.
• Regulatory and legislative context remains active, including congressional deliberations on the Digital Asset Market Clarity Act, which would expand the CFTC’s reach and shape how digital assets are regulated at scale. Coordination with international standards, such as the EU’s MiCA framework, is referenced as part of the broader policy environment.

Strategic priorities and practical implications for the market

The draft plan frames digital assets and distributed ledger technology (DLT) as foundational to the modernization of U.S. financial markets. By articulating a “rational, coherent, and principled” approach, the SEC signals an intent to establish durable rules that can support legitimate innovation while enhancing investor protections. The emphasis on tokenized offerings and on-chain financial infrastructure points to a future where securitization, settlement, and financing arrangements may increasingly rely on programmable digital assets. For institutions, this could translate into clearer licensing expectations, more predictable custody protocols, and standardized oversight of trading venues and on-chain settlement mechanisms.

From a regulatory design perspective, the plan’s call for a consistent framework—where custody, trading and staking services operate under appropriate oversight without duplicative burden—addresses a longstanding friction between fragmented rules and the need for reliable, scalable infrastructure. For exchanges and liquidity providers, the emphasis on non-duplicative regulation could influence registration pathways, product approvals, and ongoing compliance obligations. For banks and institutional clients, clearer standards around custody and on-chain activity may affect risk management, auditability, and interoperability with traditional payment rails and settlement systems.

The plan also reiterates a broader objective: to provide regulatory certainty that supports compliant capital formation in the digital asset space. Tokenized offerings, which enable traditional assets to be represented on-chain, could become more common if the SEC can articulate clear requirements for disclosure, governance and investor protections. In parallel, the development of on-chain financial infrastructure—such as tokenized custody and settlement rails—has the potential to influence how traditional asset markets interoperate with blockchain-based ecosystems. This alignment could influence product design, risk controls, and the cadence of regulatory reviews for new platforms and services.

Jurisdiction, cooperation and the path forward

A central element of the plan is clarifying jurisdictional boundaries between the SEC and the Commodity Futures Trading Commission (CFTC). The aim is to reduce regulatory uncertainty by defining which agency supervises which activities, a topic that has persisted since the earliest discussions of a formal digital assets framework. The draft plan notes that establishing clear jurisdiction is integral to a coherent national framework and to addressing enforcement and supervisory gaps that participants frequently cite in market reviews.

Cooperation between the two agencies has already progressed through formal channels. In March, the SEC and CFTC signed a memorandum of understanding to strengthen collaboration and information sharing as digital-asset technologies continue to reshape markets. Such inter-agency coordination is expected to underpin the regulatory evolution described in the strategic plan and may inform future memoranda, guidance and rulemaking that touch trading venues, custody solutions, and on-chain infrastructure.

Within the legislative sphere, the Digital Asset Market Clarity Act remains a focal point for congressional consideration. The bill seeks to formalize a regulatory framework for digital assets and would, among other things, expand the CFTC’s authority over large portions of the market. The legislation has progressed in Congress, advancing from the Senate Banking Committee and moving toward floor consideration. Its trajectory will shape how the SEC and CFTC coordinate enforcement, oversight and market structure in the years ahead. As previously reported in industry coverage, the act’s movement signals a shift in how policymakers balance regulatory reach with the pace of innovation.

The policy landscape is also evolving in the international arena. The SEC’s plan references the broader context of global standards and cross-border enforcement considerations, including parallel developments such as the European Union’s Markets in Crypto-Assets Regulation (MiCA). While MiCA operates outside the United States, its existence as a comprehensive framework for crypto-asset markets provides a comparative backdrop that can influence U.S. regulatory design, harmonization efforts and enforcement priorities for cross-border firms and activities.

From an enforcement and compliance perspective, the plan underscores the importance of robust AML/KYC controls, data governance and risk management practices that can scale with on-chain activity. For financial institutions and crypto firms seeking to participate in tokenized offerings or to operate tokenized custody and settlement services, this signals a continued emphasis on transparent disclosures, governance standards and independent oversight. The emphasis on non-duplicative regulation aims to reduce compliance fragmentation that can complicate licensing, audits and cross-border operations.

Related: Cointelegraph coverage of Paxos’ clearance agency registration

Closing perspective

The SEC’s draft Strategic Plan signals a deliberate shift toward a more structured, cross-agency approach to digital assets. By prioritizing regulatory clarity, a coherent division of oversight with the CFTC, and practical governance for custody, trading and on-chain infrastructure, the plan sets the stage for a measurable, compliant path for market participants. As Congress weighs the Digital Asset Market Clarity Act and as international standards continue to take shape, stakeholders should monitor inter-agency coordination, rulemaking timelines, and the evolving balance between innovation and investor protection in the coming quarters.

Paybis said more companies now use stablecoins for international payments, based on a report released at Money20/20 Europe in Amsterdam. 

The crypto platform, which says it serves 7 million users, presented the data as payment firms and banks met at the conference.

The company said 22.5% of surveyed businesses already use stablecoins for cross-border payments or plan to do so within 12 months. The report points to a shift from retail crypto trading toward business payment use.

Paybis said stablecoins made up 86% of its crypto volume in April 2026, compared with 12% in July 2023. That change shows how dollar-linked tokens are moving deeper into business payment flows.

B2B volume drives Paybis stablecoin activity

Business clients now account for most stablecoin activity on the platform. Paybis said B2B payments represented 96.9% of stablecoin volume in 2025 and 97.8% from January to April 2026.

The company said total stablecoin volume reached $2.81 billion in May 2026. It also said volume from January to April rose 135% compared with the same period in 2025.

The data fits a wider payments trend. As previously reported by crypto.news, Mastercard has expanded stablecoin settlement support across several blockchains and regulated dollar-backed tokens, including USDC, RLUSD, and PYUSD.

Five sectors lead business stablecoin use

Paybis said stablecoin use is concentrated in sectors that often need fast international settlement. Digital Goods led with 21.4% of B2B stablecoin volume since April 2024.

Virtual Assets Business followed with 15.8%, while Technology held 15.1%. Retail and E-commerce made up 14.5%, and Financial Technology accounted for 11.6%.

Separate crypto.news coverage also showed that banks and corporates in Europe are choosing stablecoin partners under MiCA rules. The demand is tied to payments, settlement, and cross-border treasury movement.

Paybis says confusion still slows adoption

The report also showed a gap between business interest and basic knowledge. Paybis said 53% of respondents expected international stablecoin transfers to settle instantly, while 47% expected settlement to take between one hour and one day.

Cost expectations were also split. About 33.3% expected stablecoin transfer fees to sit near 3%, while 32% selected 0.01%. Paybis said these views may slow adoption because stablecoin payment costs are often below 1%.

“Stablecoins have moved from a crypto niche to business infrastructure,” Paybis Co-Founder and CBDO Konstantins Vasilenko said. He said companies now use stablecoins for faster cross-border settlement and treasury movement.

“What’s missing is plumbing,” he added. Vasilenko said Paybis gives companies one API for stablecoin payment flows, including dedicated IBANs, on-ramp, off-ramp, and crypto rails under its licenses.

The uptake on Israel’s crypto voluntary disclosure program remains modest relative to policymakers’ expectations, underscoring the challenges of using immunity from criminal prosecution to coax tax compliance in a rapidly evolving asset class. The policy, introduced to encourage disclosure and correct reporting of crypto holdings, became effective with an August 2025 framework that offers certain protections for filers who come clean and settle their liabilities.

Globes reported that the Israel Tax Authority has so far received disclosures totaling roughly $50 million in crypto capital, a fraction of the tens or even hundreds of billions that could be underreported, depending on holdings. The program’s design grants immunity from criminal charges for filers whose crypto asset value does not exceed the equivalent of $522,000 as of December 2024, provided reports are corrected and all taxes are paid in full before August 31, 2026. To date, only 58 filers have attempted to use the mechanism, according to the same coverage.

“In the cryptocurrency field, the difficulty of the absence of an anonymous track is even more acute,” commented Iftach Simhony, a CPA and head of the tax department at the Prof. Bein Law Office, as cited by Globes. “When the risk assessment of some taxpayers is not high, and the procedure itself does not offer certainty or anonymity in the first stage, the incentive to undergo voluntary disclosure is weakened.”

The disclosure framework announced by the tax authority describes a pathway to immunity from criminal charges for crypto holders who disclose holdings within the threshold, file accurate reports, and settle tax obligations by the deadline. The policy relies on transparency and timely reporting, with the threshold tied to December 2024 values and a rigidity around the full payment deadline, signaling a measured approach to bringing crypto gains into the tax net without immediate criminal exposure for disclosures within the cap.

Separately, data from the Bank of Israel situates the private crypto landscape within a broader national financial frame. The bank’s financial stability report covering January to June 2024 estimates that Israelis held about $1 billion worth of crypto assets, highlighting the scale of the market and the potential tax base that policy makers are trying to align with enforcement and compliance strategies.

Key takeaways

• Israel’s voluntary disclosure program has yielded about $50 million in crypto disclosures so far, far below the projected potential as of the August 2025 policy rollout.
• The program offers immunity from criminal charges if holdings stay under the equivalent of $522,000 (as of December 2024) and all taxes are paid and reported by August 31, 2026; uptake remains limited, with 58 filers reported.
• Analysts point to concerns about anonymity and risk assessment, suggesting that the lack of a clear anonymity pathway dampens participation in the early stage of the program.
• Bank of Israel data indicates Israelis hold roughly $1 billion in crypto assets, underscoring the significant scale of the market and the implications for future tax policy and enforcement.
• In the United States, lawmakers are pursuing a de minimis exemption for small crypto transactions through the PARITY Act, signaling a shift toward simpler reporting for routine, low-value activity.

Israel’s disclosure program: incentives, constraints, and what changes could matter

The August 2025 framework aims to strike a balance between enforcement and voluntary compliance by offering a shield from criminal charges for those who disclose and settle. Yet the limited early engagement—just 58 filers—suggests that farmers of crypto reporting may be deterred by a combination of perceived risk, the timing of the deadline, and the perception that the disclosure process lacks sufficient privacy guarantees. The threshold, pegged to the December 2024 value reference, creates a clear boundary: the smaller holders could leverage the immunity route, while larger holders remain under the ordinary tax regime with heavier scrutiny.

Observers stress that successful tax collection in this space requires not just a carrot (amnesty) but also a clear, efficient path to reporting that reassures taxpayers about privacy and minimizes the friction of compliance. The Globes interview with Iftach Simhony captures a core tension: when the incentives to disclose are not compelling—especially for those who worry about privacy and potential audits—the policy’s effectiveness can falter before it starts to reshape behavior.

Global context: how U.S. policy discussions could influence Israel and broader crypto taxation

The international backdrop adds another layer of complexity for policymakers. In the United States, a bipartisan effort known as the PARITY Act seeks to relieve the burden of crypto tax reporting for small-value activity. The bill would direct the Internal Revenue Service to study establishing a de minimis exemption for digital assets, potentially allowing taxpayers to bypass reporting for minor or routine transactions. If such a threshold were adopted, it could reduce administrative costs for individuals and exchanges alike and shift how tax authorities allocate enforcement resources.

From a policy design perspective, the American approach contrasts with Israel’s emphasis on disclosure as a pathway to immunity. The divergent approaches highlight the ongoing debate over how to balance tax compliance with user privacy, enforcement risk, and the practical realities of a fast-growing asset class. For investors and users in both markets, the cross-border regulatory dialogue matters because it affects how crypto gains are reported, how accurately holdings are captured, and how compliant behavior is incentivized over time.

For Israeli readers, the question remains: will the current uptake be sufficient to close the gap between expected tax receipts and actual revenue? For U.S. stakeholders, will any de minimis exemption gain legislative traction, and how might that shape reporting standards for international crypto activity? Both questions are central to understanding how governments adapt tax regimes to the digital-asset era while striving to maintain a competitive, innovation-friendly environment.

As crypto markets continue to evolve, regulators will likely reassess thresholds, reporting formats, and enforcement priorities. Market participants should monitor updates to the Israeli policy framework, potential changes to the Bank of Israel’s regulatory stance, and any new developments in U.S. tax policy that could ripple across borders and influence how crypto profits are disclosed and taxed in the months ahead.

Readers should stay attuned to further disclosures from the Israel Tax Authority and Bank of Israel, as well as Congressional updates on the PARITY Act, to gauge how these regulatory movements might affect tax planning, compliance costs, and strategic decisions for investors and businesses operating in or collaborating with Israel and the United States.

The U.S. Commodity Futures Trading Commission (CFTC) has rescinded a long-standing policy that barred settlements in enforcement actions when defendants publicly denied the agency’s allegations. The policy, in place since 1998, was criticized for potentially conveying that the regulator could shield itself from scrutiny or rebuttal, a concern the agency said warranted correction.

The move mirrors a similar step taken earlier this year by the U.S. Securities and Exchange Commission (SEC), which rescinded a related no-deny provision in May. CFTC Chair Mike Selig framed the change as restoring parity with other regulators and reducing the risk of misperception about the Commission’s accountability. “For nearly three decades, the Commission has refused to settle cases unless the defendant promised not to publicly deny the Commission’s allegations,” Selig said. “I am pleased that we are rescinding the no-deny policy consistent with regulators throughout the government.”

Crypto firms and industry participants have long argued that the no-deny rule restricted speech rights and constrained settlements. The CFTC’s reversal raises questions about how settlements will be structured going forward, and what facts may still need to be admitted as part of any resolution. The agency stated that the policy change provides greater flexibility when resolving enforcement actions, though it cautioned that it will not automatically void all no-deny provisions and that some settlements may still require admission of certain facts or liabilities.

Source: CFTC

According to Cointelegraph, the policy adjustment arrives amid a broader debate about speech rights in enforcement actions and the balance between public accountability and settlement efficiency.

The policy shift comes with broader regulatory dynamics in the United States. Under the Trump administration, enforcement actions pursued against crypto firms that had been initiated during the Biden administration saw rollback efforts from the administration’s regulators. In a separate development on Thursday, the CFTC moved to vacate its $5 million settlement with the crypto exchange Gemini, a case that the chair described as “politically targeted.”

Former CFTC Chair Tim Massad, who led the agency during the Obama era, characterized the reversal as “extraordinarily unusual,” noting the unusual nature of reopening or reversing settled matters. Massad’s remarks underscore the ongoing scrutiny surrounding how U.S. regulators handle crypto enforcement and the potential implications for settlement architecture and public accountability.

Key takeaways

• The CFTC has scrapped a no-deny settlement policy that required defendants to refrain from publicly denying agency allegations as a condition of resolution.
• The change aligns the CFTC with a comparable move by the SEC and signals a broader regulatory shift toward flexibility in enforcement settlements.
• Existing no-deny provisions are not automatically voided, and some settlements may still require admission of certain facts or liabilities.
• The decision has immediate implications for how crypto-enforcement matters might be settled and how public speech rights are balanced in regulatory actions.
• Separately, the CFTC has sought to vacate the Gemini settlement, prompting debate over political targeting and the stability of settled cases in the crypto enforcement landscape.

Policy change and practical implications for enforcement

The CFTC’s reconsideration of the no-deny policy marks a noteworthy shift in how the agency constructs settlements with regulated entities. Historically, the requirement that defendants refrain from denying allegations served to streamline resolutions but raised concerns about defendants’ free-speech rights and the optics of enforcement agency behavior. By removing the blanket no-deny constraint, the Commission moves toward a settlement framework that emphasizes accountability without automatically constraining public dialogue.

From a regulatory‑compliance perspective, the change introduces greater nuance in the settlement negotiating process. While some settlements may still include agreed representations of fact or liability—as dictated by case specifics—the agency’s broader posture is to permit more flexibility in how disputes are publicly resolved. This could affect how financial firms, exchanges, and blockchain operators assess settlement risk, communications strategies, and the potential need for post-settlement disclosures.

Enforcement landscape, political context, and cross-agency alignment

The policy revision comes amid a broader environment of recalibration among U.S. regulators regarding crypto enforcement. The SEC’s May action to rescind a similar no-deny practice sets a precedent that the CFTC now follows, signaling closer alignment within federal agencies on how settlements should address defendants’ speech rights while maintaining enforcement credibility.

Observers note the political undertones in ongoing regulatory actions. The CFTC’s attempt to vacate Gemini’s $5 million settlement has drawn attention to how enforcement matters may be revisited, especially when they intersect with contemporary political narratives. The agency argued that the Gemini disposition was unusually targeted politically, a charge that underscores the sensitivity of enforcement actions in the crypto sector as administrations transition and policy priorities shift.

In addition to the Gemini development, industry participants continue to weigh how these changes affect licensing, cross-border operations, and the integration of crypto activities with traditional financial infrastructure. As the regulatory framework evolves, firms may reassess risk controls, disclosure protocols, and the interplay between enforcement actions and reputational risk in settlements and regulatory filings.

Regulatory context and potential governance implications

Although the immediate policy change is focused on settlement mechanics, the broader implications extend to governance, compliance, and international considerations. The U.S. stance on settlement language can influence how abroad regulators view consent orders, admissions, and post-settlement obligations, potentially affecting cross-border investigations and cooperation with foreign authorities. For entities operating across jurisdictions, harmonization of settlement practices—while preserving national sovereignty over enforcement—remains a central area of scrutiny for legal counsel and compliance teams.

Looking ahead, observers will monitor how the CFTC and other agencies implement the revised approach in practice. Key questions include whether future settlements will routinely allow denials or require limited admissions, how the public record will reflect those settlements, and how parallel actions across different agencies will be coordinated in multi-agency investigations.

According to Cointelegraph, the evolving approach to settlement denials reflects a broader rebalancing of enforcement strategies and speech rights in the crypto regulatory regime. The emphasis on transparency, accountability, and proportionality in settlements is likely to shape legal risk management and compliance programs across crypto firms, exchanges, and financial institutions engaging with digital assets.

As the regulatory dialogue continues, firms should remain attentive to upcoming guidance or rulemaking initiatives that could further redefine settlement language, admissions standards, and the disclosure requirements that accompany enforcement resolutions.

Closing perspective: The no-deny policy reversal represents a meaningful adjustment in the CFTC’s enforcement toolkit, with potential implications for how settlements are negotiated, disclosed, and perceived by markets and the public. The coming months will reveal how this shift interacts with ongoing enforcement actions and cross‑agency coordination efforts in a rapidly evolving crypto regulatory landscape.

Hardware wallet company Trezor and chipmaker Tropic Square have disclosed a vulnerability in one of the secure elements used in Trezor Safe 7 hardware wallet, saying the flaw does not put user funds at risk because the chip alone cannot expose a wallet.

The vulnerability was identified during an independent security audit conducted by Ledger Donjon, the security research team at rival hardware wallet maker Ledger, according to a Trezor statement.

Tropic Square provided the affected TROPIC01 Secure Element chip to the Ledger Donjon team for an independent audit. The companies said compromising TROPIC01 alone would not be enough to access a user’s wallet, PIN or funds.

The disclosure offers a rare public look at how hardware wallet makers handle chip-level security flaws and highlights the growing role of independent researchers in testing crypto custody devices.

Flaw surfaced during independent security testing

According to Trezor, the vulnerability was discovered during an independent security review initiated by Tropic Square after the launch of its TROPIC01 secure element in early 2025.

Ledger’s Donjon informed Tropic Square in January 2026 that it had successfully carried out a laser fault injection attack against the chip, allowing researchers to extract some chip-held secrets and bypass firmware signature verification under lab conditions.

TROPIC01 is one of two secure elements in Trezor Safe 7, which launched in October 2025. Source: SatoshiLabs

After reviewing Ledger Donjon’s findings, Tropic Square engineers identified an additional method of exploiting the weakness that could expose another chip-held secret tied to PIN-related functions.

The company notified its partners, including Trezor, and opted to publicly disclose the vulnerability alongside Donjon’s research.

Related: ‘All DeFi unsafe’ claim sparks AI security debate after April hack surge

Trezor says users do not need to take any action

Trezor said users do not need to take any action following the disclosure, adding that the vulnerability does not affect funds stored on the device because compromising TROPIC01 alone is not enough to access the wallet, PIN or funds.

As the issue exists at the hardware level, it cannot be fixed through a remote firmware update.

“Because the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk,” Trezor CEO Matej Žák said.

Source: Trezor

Trezor noted that Ledger’s Donjon team has previously published independent security research on its devices, including a report on the Trezor Safe 3 that demonstrated an attack involving supply-chain-style physical interception, desoldering and modification of the device before it reached users.

The company responded publicly at the time and has continued hardening against such attack vectors, adding that it was not aware of any user funds being compromised.

“No Donjon research has identified a vulnerability in the Optiga secure element, and the STM32U5 used in the Safe 7 is a more recent microcontroller with no demonstrated fault-injection attack against it,” a spokesperson for Trezor told Cointelegraph.

Cointelegraph reached out to Ledger Donjon regarding audits of other secure elements used in Trezor hardware wallets, but had not received a response by publication.

Magazine: The legal battle over who can claim DeFi’s stolen millions

The US Commodity Futures Trading Commission has rescinded a long-standing policy that prevented it from accepting a lawsuit settlement if the defendant denied the agency’s allegations.

The CFTC said on Wednesday that it scrapped the policy, first adopted in 1998, because it “may have created an incorrect impression that the Commission is trying to shield itself from criticism.”

The language was similar to that provided by the US Securities and Exchange Commission when it rescinded a similar policy in May. 

“For nearly three decades, the Commission has refused to settle cases unless the defendant promised not to publicly deny the Commission’s allegations,” CFTC Chairman Mike Selig said. “I am pleased that we are rescinding the no-deny policy consistent with regulators throughout the government.”

Crypto companies that have faced enforcement action by the CFTC or SEC have criticized the rule, claiming it restricted their right to free speech.

Source: CFTC

The CFTC said the policy change now gives it more flexibility when settling enforcement actions.

However, it will not enforce existing no-deny provisions and could still require some defendants to admit certain facts or liabilities when settling enforcement actions.

Under the Trump administration, the CFTC and SEC have rolled back enforcement actions taken against crypto companies that were launched under the Biden administration.

On Thursday, the CFTC sought to vacate its $5 million settlement with crypto exchange Gemini, a case that Selig claimed was “politically targeted.”

Tim Massad, who headed the CFTC under the Obama administration, told Cointelegraph on Friday that the agency’s choice to reverse the settlement was “extraordinarily unusual.”

Magazine: The legal battle over who can claim DeFi’s stolen millions

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.