customer

According to the Financial Times, due to the failure to obtain a license under the EU's Markets in Crypto-Assets Regulation, Binance will stop providing services to certain customers in the EU starting next week and has notified customers in Poland, Italy, Spain, and France to withdraw their funds.

The password management tool LastPass announced that its third-party market intelligence platform Klue experienced a security incident, where hackers stole multiple OAuth tokens held by Klue for various clients (including LastPass) and used these tokens to access LastPass's Salesforce CRM system, potentially leading to the leakage of business contact information and CRM data, including some customers' names, phone numbers, email addresses, home addresses, and support cases.The official reminder: LastPass's products, services, infrastructure, and customer vaults have not been affected, and Gong system data has not been accessed. LastPass has immediately taken measures, including stopping employee access to Klue, rotating exposed API tokens, conducting a detailed investigation, and collaborating with Klue, Salesforce, and law enforcement, while also sharing threat intelligence with the security community through the TIME team and strengthening future protections. Users should remain vigilant against potential phishing emails, calls, or social engineering attacks that may exploit the leaked information, and remember that LastPass will never ask for the master password; all official communications are sent through trusted channels.

According to the Federal Reserve's official website, the Federal Reserve Board is seeking public comments on a proposal that would require certain payment stablecoin issuers to establish and maintain effective Customer Identification Programs (CIP). This proposal was jointly issued by the Federal Reserve and four other agencies.According to the proposal, the relevant stablecoin issuers must comply with Customer Identification Program standards similar to those for banks and credit unions. The comment period is 60 days after the proposal is published in the Federal Register.

According to Tech in Asia, Salesforce announced the acquisition of the AI customer service product Fin for approximately $3.6 billion, with the deal expected to be completed in the fourth quarter of fiscal year 2027. Following the announcement, Salesforce's pre-market stock price rose by 1.1%.Fin is an AI customer service product that can seamlessly collaborate with existing help desk systems such as Salesforce and Zendesk. This acquisition will complement Salesforce's Agentforce platform, which already covers multiple business scenarios including sales, service, marketing, and commerce, and connects AI agents with enterprise data through Data Cloud.

Sources say that Nvidia has begun marketing its first standalone Central Processing Unit (CPU) product, Vera, to Chinese customers. This chip is designed for Agentic AI systems and has now entered mass production, marking Nvidia's attempt to further expand its presence in the Chinese market through CPU products.Insiders indicate that some Chinese customers have shown interest in Vera. One large Chinese cloud computing company plans to purchase over 300 servers equipped with dual Vera CPUs for testing and will decide whether to scale up purchases after the testing is completed.Vera is built on the Arm Holdings architecture and is Nvidia's first standalone CPU product. Nvidia previously stated that Vera's performance in AI agent-related computing tasks can reach 1.8 times that of competing products, and it is expected that this product will contribute approximately $20 billion in revenue before the end of the current fiscal year (by the end of January next year).Reports point out that as the focus of the AI industry gradually shifts from model training to inference computing, CPUs and custom chips are gaining more attention. Vera also puts Nvidia in direct competition with Intel and Advanced Micro Devices (AMD), which have long dominated the server CPU market.Insiders have noted that due to strict restrictions imposed by the U.S. on high-end GPU exports, CPUs face relatively fewer regulatory hurdles in the Chinese market compared to GPU products. Currently, some Chinese customers plan to first deploy Vera chips in overseas data centers for testing. Meanwhile, software ecosystem compatibility and the existing domestic AI chip deployment system may still affect the subsequent large-scale adoption of Vera.

According to CoinDesk, Singapore's DBS Bank plans to offer tokenized gold trading to retail customers in the second half of 2026. DBS Bank will launch a product called "DBS Physical Gold Token" on its digital banking platform and is considering listing it on the DBS Digital Exchange (DDEx), which is tailored for qualified investors and institutions.Each token is backed by 1 gram of physical gold held in a dedicated vault by DBS Bank in Singapore. DBS Bank stated that the token will be self-issued and managed. James Tan, head of investment products at DBS Bank, mentioned that previously retail customers could only purchase gold funds, while physical gold was primarily available to institutions and qualified investors; this tokenization will expand access.

According to Cointelegraph, the transitional period for the EU's Markets in Crypto-Assets Regulation (MiCA) will end on July 1, 2026.The European Securities and Markets Authority (ESMA) stated that at that time, crypto asset service providers that have not obtained MiCA authorization, even if their applications are still under review, will not be allowed to continue providing services to EU customers and should initiate business winding down and customer migration arrangements.

According to a report by 21st Century Business Herald, Futu Holdings' US stock pre-market once fell over 40%. In terms of news, the China Securities Regulatory Commission plans to decide to confiscate all illegal gains of Tiger, Futu, and Changqiao's domestic and foreign related entities, and impose severe penalties according to the law.In response, the company's customer service staff stated that the company has been paying attention to relevant regulatory developments and is carefully studying the related content. Once the information is complete, the company will respond uniformly. Currently, the company's business operations are normal, and customers' account assets and various services are not affected.

The open-source data visualization tool Grafana has released the latest progress on the investigation of the security incident on May 16. The investigation found that this incident was limited to the GitHub environment of Grafana Labs, including both public and private source code as well as internal GitHub repositories, and did not affect customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to the source code, also included some repositories used by the team for collaboration and storage of internal operational information and business details, involving business contact names and email addresses, rather than data from production systems or the cloud platform.Grafana Labs has made it clear that the codebase was downloaded but not tampered with, and currently, customers and open-source users do not need to take any action. The incident originated from a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response, but a credential was overlooked, allowing the attacker to gain access. After receiving a ransom demand on May 16, the company decided not to pay the ransom and has rotated automated credentials, implemented enhanced monitoring, audited all commits since May 11, and significantly strengthened GitHub security configurations. The company has notified federal law enforcement, and the investigation is ongoing.

American financial services giant Charles Schwab has begun to phase in the "Schwab Crypto" service for eligible U.S. retail customers, allowing users to trade Bitcoin and Ethereum directly.According to official information, users can view and manage their crypto assets directly through their existing Schwab accounts, with custody provided by Charles Schwab Premier Bank, while Paxos offers underlying custody and trade execution services. The platform charges a transaction fee of 0.75% of the transaction amount, and currently does not support external wallet deposits and withdrawals. Additionally, this service is not yet available to residents of New York and Louisiana. Charles Schwab currently manages approximately $12 trillion in client assets, with its clients holding about 20% of the assets in U.S. spot crypto ETFs.

According to BBX data, the bidirectional penetration of traditional financial institutions and industrial infrastructure into the crypto space has accelerated over the weekend, with the following core dynamics:The Charles Schwab Corporation (NYSE: $SCHW) officially launched the Schwab Crypto platform in phases on April 17, opening direct trading of Bitcoin and Ethereum spot to 39 million active brokerage account customers through its Charles Schwab Premier Bank, SSB, with compliance custody and trade execution provided by Paxos, and a fee of 75 basis points per transaction; initially excluding New York and Louisiana. The company recorded earnings per share of $1.43 and revenue of $6.48 billion in Q1 2026, with total customer assets of approximately $12.22 trillion as of early 2026.Alcoa Corporation (NYSE: $AA) CEO Bill Oplinger confirmed in a Bloomberg interview on April 17 that the company is in deep negotiations with Bitcoin financial services company NYDIG regarding the sale of the Massena East smelter site in New York (1,300 acres, closed since 2014), which "should be completed by mid-year." The site is adjacent to the St. Lawrence River and can access hydroelectric resources provided by the New York Power Authority; NYDIG has been operating Bitcoin mining facilities there since 2024 and will gain full control of the infrastructure after the acquisition. The financial terms of the transaction have not been disclosed.

According to official news, the cloud hosting platform Vercel has confirmed that a security incident has occurred, involving unauthorized access to some internal systems.Currently, only a small number of customers have been confirmed to be affected, and Vercel is communicating directly with the relevant customers. Vercel stated that its services are still operating normally, and it has initiated an investigation and hired incident response experts to assist in handling the situation, while also notifying law enforcement.Vercel recommends that all customers review their environment variables and use the sensitive environment variable feature to enhance security protection.

According to CoinDesk, Galaxy Digital (GLXY) recently experienced a cybersecurity incident where hackers gained unauthorized access to its isolated research and development workspace. The company stated that the affected environment was only used for research and development, completely isolated from core infrastructure, production systems, trading platforms, and customer accounts, with losses amounting to less than $10,000.Galaxy Digital stated that it quickly intervened, completed the lockdown and reinforcement of the compromised workspace, and deployed additional protective measures at the blockchain infrastructure level.

The Federal Court of Australia ordered Binance's Australian derivatives division (i.e., Oztures Trading Pty Ltd) to pay a fine of AUD 10 million (approximately USD 6.9 million).During the period from 2022 to 2023, the entity incorrectly classified over 85% of local customers as wholesale investors, resulting in 524 retail customers being exposed to high-risk crypto derivatives without statutory consumer protections, leading to trading losses of approximately AUD 8,660,000 (about USD 5.9 million) and fee losses of AUD 3,900,000 (about USD 2.7 million). Joe Longo, Chairman of the Australian Securities and Investments Commission (ASIC), stated that Binance failed to establish basic compliance review mechanisms and incorrectly approved hundreds of wholesale investor applications. According to the fact statement submitted to the court, Binance acknowledged flaws in its customer onboarding process, allowing applicants to repeatedly take the eligibility test until they passed, and that senior compliance personnel inadequately reviewed application materials. Binance admitted to six violations, including failing to provide product disclosure statements to retail customers, not conducting target market assessments, and not maintaining a compliant internal dispute resolution system. This fine is in addition to approximately AUD 13.1 million (about USD 9 million) in customer compensation previously supervised by ASIC. The entity's Australian financial services license was revoked in April 2023.

Bitcoin payment service provider Bitrefill disclosed on platform X that it suffered a cyberattack on March 1, 2026, resulting in a customer data breach. The attack originated from a compromised employee's laptop and allowed the attackers to access certain databases and cryptocurrency wallets.Investigations revealed that the attack method was highly similar to past attacks on cryptocurrency companies by the North Korean DPRK Lazarus/Bluenoroff hacker group. Approximately 18,500 purchase records involved limited customer information (email, cryptocurrency payment addresses, and IP metadata), with about 1,000 records having customer name information stored in an encrypted format, but potentially accessible. Bitrefill stated that customers do not need to take special actions but are advised to be vigilant for unusual information.Bitrefill further added that it has currently shut down related systems for isolation and is collaborating with security experts, on-chain analysts, and law enforcement. Operations have nearly returned to normal. The company emphasized that it is long-term profitable and financially robust enough to absorb this loss and will continue to strengthen cybersecurity measures, including internal access controls, monitoring, and emergency response mechanisms.

The Financial Intelligence Unit (FIU) of South Korea has initiated sanctions against the cryptocurrency exchange Bithumb, as the exchange was found to allow users to transfer funds to unregistered overseas trading platforms and failed to implement customer identity verification (KYC) procedures. According to Seoul News, the sanctions may include a suspension of new customer services for up to six months, while existing users' deposits and withdrawals will not be affected.This penalty adds insult to injury for Bithumb, which had previously mistakenly sent out $40 billion worth of Bitcoin due to operational errors and is currently facing an investigation by advertising regulators.The exchanges GOPAX and Coinone are also under investigation by the FIU. Competitor Upbit faced a three-month ban on new customers last year for similar violations and is currently challenging this through legal means, with a court ruling expected in April.

The IRS proposed new regulations on Thursday that would allow cryptocurrency exchanges to require customers to receive tax forms electronically, such as the 1099-DA form that reports total gains from digital asset transactions, whereas previously exchanges had to provide a paper form option.Under the new tax reporting system implemented this year, cryptocurrency exchanges are required to report total gains and cost basis, and the IRS will automatically obtain detailed profit and loss data, thereby enhancing compliance oversight for cryptocurrency holders. The new regulations also allow exchanges to terminate business relationships with customers who refuse to receive tax documents electronically. The proposal has not yet been finalized and is currently open for public comment. It has been reported that cryptocurrency tax software platforms have seen a significant increase in the number of IRS warning letters received by U.S. users, reminding them that cryptocurrency transactions may be taxable and must be reported as required.

According to market news, the Central Bank of Brazil has issued new regulations requiring licensed cryptocurrency trading platforms to submit daily reports starting January 1, 2027, proving they have sufficient funds to address risks such as hacking, and to implement data protection and confidentiality obligations in accordance with commercial banking standards.The new regulations also require exchanges to completely separate their own fiat and cryptocurrency asset accounts from customer asset accounts, and to account for cryptocurrency assets on the balance sheet according to a specialized accounting manual. In addition, regulatory authorities will impose restrictions and audits on cross-border transfers, enhancing the traceability of on-chain fund flows to curb the use of cryptocurrency assets for money laundering, tax evasion, and financing criminal activities.