PulseChain Weekly Roundup: Week of May 11–17, 2026
A weekly overview of the biggest developments across PulseChain and the wider crypto landscape. Covering ecosystem updates, market movements, infrastructure, regulation, and the ongoing shift toward real decentralized systems.
The Week in Brief
A week defined by regulatory advances and infrastructure developments across the PulseChain ecosystem. The Senate Banking Committee advanced the CLARITY Act with bipartisan support, preserving key developer protections long sought by the DeFi industry. On PulseChain, infrastructure projects advanced with Sigma Protocol releasing three technical posts on its permissionless index architecture and Cappy Wallet nearing public launch. LibertySwap unveiled PulseChain branded Keystone hardware wallet designs, PulseChain celebrated its third anniversary with three years of uninterrupted operation, and two significant DeFi exploits underscored ongoing security challenges in cross-chain protocols.
Top Story: CLARITY Act Advances Out of Senate Banking Committee
The Senate Banking Committee advanced the Digital Asset Market Clarity Act in a 15 to 9 vote on May 14, 2026. All 13 Republicans voted yes, joined by two Democrats, Senators Ruben Gallego of Arizona and Angela Alsobrooks of Maryland, making it one of the most significant bipartisan crypto legislative votes in recent years.
The bill now heads to a full Senate floor vote where 60 votes are required to advance the legislation past a potential filibuster. From there it would need reconciliation with the House version passed in July 2025 before reaching the President. The White House has reportedly targeted July 4 for congressional passage.
For the DeFi ecosystem, the key outcome was what survived. The Blockchain Regulatory Certainty Act provisions embedded in the bill protect non-custodial software developers, open source code creators, node operators and validators from being classified as money transmitters under federal law, provided they do not control user funds, subject to exceptions for knowing participation in criminal transfers. That protection remained intact through a markup process that saw over 100 amendments filed against the base text.
The most significant threats came from two amendments that failed. Amendment 32, filed by Senator Chris Van Hollen of Maryland, would have criminalised developers under a reckless disregard standard for code that facilitates money laundering or terrorism financing, even where the developer never held or controlled user funds. Amendment 89, filed by Senator Jack Reed of Rhode Island, would have effectively overridden the Van Loon Fifth Circuit ruling that established immutable smart contracts operating autonomously cannot be sanctioned. According to markup coverage and amendment summaries, Reed's amendment would have allowed the government to sanction smart contracts regardless of whether they are autonomous, modifiable or owned by anyone. Both failed along party lines.
The bill advancing out of committee is one of the strongest developer protection frameworks to reach this stage of the federal legislative process. The full Senate floor fight, reconciliation with the House text and a presidential signature all remain ahead.
Source: Senate Banking Committee official release, CoinDesk markup coverage, Coin Center analysis
Ecosystem Intelligence
PulseChain Turns Three
PulseChain marked its third anniversary on May 13, 2026. The network operates without centralised pause mechanisms or administrative controls at the protocol level. That design is consistent with its uninterrupted three-year operating history, during which there have been no publicly documented rollbacks, emergency governance interventions, or coordinated validator restarts. Since launch on May 13, 2023, PulseChain has consistently produced blocks approximately every 10 seconds.
Source: On-chain records, scan.pulsechain.com
LibertySwap x Keystone: PulseChain Branded Hardware
LibertySwap opened a community vote on May 12, 2026, presenting several design concepts for a PulseChain branded Keystone hardware wallet. The community voted via replies and on May 13 LibertySwap confirmed the winning design would go into production.
ZKX Wallet is planned to integrate with all Keystone products including QR code scanning functionality. LibertySwap described the effort as the first step in reaching out to teams outside PulseChain to support the chain and its products, with the Ethereum Foundation and Railgun communities cited as future targets for recognition of the privacy tooling being built on PulseChain.
Source: x.com/LibertySwapFi, May 12 and May 13, 2026
Sigma Protocol: Permissionless Index Infrastructure on PulseChain
Sigma Protocol published three detailed technical posts this week outlining the architecture of a permissionless index protocol in development on PulseChain. The protocol, still pre-launch, allows anyone to deploy an on-chain index basket called a DTF in minutes with no approval required and no intermediary involved. DTF tokens are standard PRC20 tokens that can be used as collateral in lending protocols, provided as liquidity on PulseX, and built upon by any application that accepts PRC20 tokens without requiring additional integration.
The core architectural distinction from existing index protocols like Balancer is the absence of scheduled rebalance events. In Balancer the liquidity pool bears rebalancing trades, creating impermanent loss for liquidity providers. Sigma's mint-based rebalancing model is designed to avoid traditional LP impermanent loss at the index token level, though holders remain exposed to asset price, routing and execution risk in the normal course of holding any on-chain position.
The governance token, SIGMA, has a fixed supply of 9 million tokens with no inflation. Staking earns fees from every DTF on the protocol. A graduation mechanism triggers automatically when a DTF meets a DAO-set TVL threshold and minimum time requirement, with no vote or human intervention required.
Sigma Protocol and Cappy Wallet are both being developed by Alex McWhirter (@SIN3R6Y), the same builder behind Hedron and Icosahedron, two established infrastructure protocols in the HEX and PulseChain ecosystem. Hedron tokenises HEX stakes as NFTs and enables borrowing against active stakes. Icosahedron builds on top of Hedron to add staking layers, yield mechanics and guaranteed HSI buybacks. Both have been live on PulseChain since launch and are considered core infrastructure by long-term participants in the ecosystem. McWhirter's approach across all four projects follows the same principles: permissionless primitives, direct integration with existing protocols, no unnecessary inflation, and infrastructure designed around utility rather than token incentive expansion.
Source: x.com/_SigmaProtocol, hedron.pro, icosa.pro
Cappy Wallet Approaching Launch
Cappy Wallet, an open source PulseChain native wallet built by the same developer, has not yet publicly launched. McWhirter describes it as ready for personal use but requiring additional polish, audits and testing before being handed to the broader public.
The wallet is a fork of Rabby, rebuilt specifically for PulseChain after Rabby ceased maintaining support for the chain. The project lists core completed features including a transaction simulator with scam detection across multiple categories including honeypot detection, sell tax analysis, mint authority flags, upgradeable proxy identification, liquidity rug exposure and blacklist hook detection. A batch send function allows up to 256 recipients in a single transaction.
Cappy advertises a free tier for all users and a Pro tier at $5 per month covering three addresses, a 60% reduction in swap fees and access to a private RPC pool. The codebase will be open sourced on GitHub at public launch.
Source: cappy.cash, x.com/SIN3R6Y
ZKX Wallet: Local Execution and Shield and Unshield Feature
ZKX Wallet announced two significant developments this week. The wallet is being redesigned to run locally at approximately 200MB with heavily audited dependencies kept on-device where possible. According to LibertySwap, this approach is designed to reduce exposure to AI-assisted supply chain attacks and third-party code injection, removing the reliance on external servers that creates vulnerability in most wallet architectures.
The team also announced Shield and Unshield functionality, allowing users to move funds between public and private Railgun balances without complex setup. The feature is designed to remove the friction that has historically made Railgun privacy inaccessible to everyday users.
Cross-chain functionality remains in active development with the latest build submitted earlier this month.
Source: x.com/LibertySwapFi, x.com/zkxwallet
Security Intelligence
Transit Finance: The Zombie Contract
PeckShield flagged an exploit on Transit Finance on May 11, 2026. Transit Finance confirmed the incident on May 12, with approximately $1.88 million in DAI drained on the TRON network and moved to a freshly created Ethereum wallet.
The attack did not require a novel vulnerability. The attacker found a deprecated legacy contract from the protocol's original 2022 deployment that had never been properly decommissioned. Users who had interacted with Transit Finance in 2022 had granted that contract permission to move tokens from their wallets. Those permissions never expired. The contract was declared obsolete by the team but never killed on-chain. The contract therefore remained exploitable for roughly four years.
This makes the incident the latest in a series of legacy contract security failures. Transit Finance previously suffered a major exploit in October 2022 losing approximately $28.9 million. Roughly 70 percent of the 2022 funds were eventually recovered through negotiation. The team responded to this week's exploit with an on-chain message offering a bug bounty and a 48-hour return window, alongside a commitment to fully compensate affected users.
As CipherBot noted in its analysis, a public announcement is not a state change. To truly deprecate a smart contract requires revoking approvals, disabling reachable functionality where possible, transferring ownership to an unrecoverable address where appropriate, and publishing clear user revocation instructions. Publicly available evidence suggests Transit Finance did not implement those measures in 2022.
Security analysts tracking year-to-date losses project total 2026 DeFi hacking losses could reach $2.3 billion for the year.
Source: PeckShield, Transit Finance official announcement, CryptoBriefing, pulsechain.nexus
THORchain: Suspected Multi-Chain Exploit
THORchain halted trading and signing on May 15, 2026 after an attacker drained approximately $10.8 million across Bitcoin, Ethereum, BNB Smart Chain and Base. Attacker wallets were confirmed to hold approximately 36.85 BTC, 3,443 ETH and 96.6 BNB following the incident.
The specific attack vector points to a vulnerability in the GG20 Threshold Signature Scheme implementation, allowing vault key material to leak gradually over time rather than through a single key compromise. Current evidence points toward a newly churned node linked to the attack, likely operated by a single malicious actor. Chainalysis subsequently published on-chain evidence linking the attacker to wallets that were funded and positioned weeks before the exploit was executed, suggesting a patient and deliberate operation rather than an opportunistic one.
The network was halted using Mimir, THORchain's administrative override system. Swaps, deposits and withdrawals were paused, temporarily preventing normal liquidity access. The protocol's RUNE token dropped over ten percent on the news.
The incident again highlighted the architectural risks associated with concentrating cross-chain liquidity behind complex signing schemes. THORchain suffered multiple exploits in 2021 through vulnerabilities in its cross-chain infrastructure, collectively draining tens of millions before the protocol was rebuilt and audited.
THORchain has since launched a recovery portal allowing affected users to submit refund claims supported by a treasury-funded refund pool. Claims must be submitted by June 4, 2026. As of May 17 the portal had reopened for trading while the investigation continued.
Source: THORchain official announcement, ZachXBT, PeckShield, Chainalysis, CoinDesk
On-Chain Data
The PulseChain validator set stands at 50,927 active validators distributed across 37 countries and 236 cities. Total wallets on the network have reached 1,556,584 with 9,357 daily active users. According to pulsechainstats.com, PulseChain transaction fees are currently estimated at roughly one-quarter to one-third of equivalent Ethereum fees.
PulseX holds a combined TVL of $41.61M and ranks 27th among all DEXes globally by total value locked. Total PLSX burned since launch stands at 1.70 trillion. The PulseChain bridge holds $53.34M in total value locked with a net daily inflow of $312,160 on May 16. Total stablecoin market cap on PulseChain stands at $33.98M across USDC, DAI, USDT and native stablecoins.
Source: pulsechainstats.com
The Wider Picture
Three distinct pressure points converged on decentralised infrastructure this week, each highlighting the same core vulnerability: the human layer. Regulators proposed amendments that would criminalise open source developers and override court protections for autonomous code. Two cross-chain protocols suffered a combined $12.7 million in losses through centralised coordination points and approval surfaces that were never properly decommissioned. Meanwhile established financial institutions continued lobbying for tighter controls on on-chain financial infrastructure in markets they have controlled for decades.
Across all three cases, the attack surface centred on the human layer, the approval mechanism, the administrative override, the kill switch, or the legal pressure point. Infrastructure that eliminates those layers by design does not become more secure through better management. It becomes materially more resistant to those forms of intervention.
Zero Trust Network heads to the Cryptovalley Conference in Switzerland on May 28 carrying PulseChain hardware and a straightforward argument: trustless infrastructure, immutable ledgers and self-custodial tools are not ideological positions. They are the only reliable defence against the failure modes this week demonstrated in three separate arenas simultaneously.
Further Reading
Several pieces published on Zero Trust Nexus this week go deeper on the stories above. Veritya Thalassa's investigation into the case of Joby Weeks is among the most substantial long-form investigations the network has published to date. It traces what happens when an independent builder operates outside institutional permission during a period of increasing regulatory pressure and connects that story to the broader capture of the industry it helped create. His sentencing has been delayed to June 2026 as appeals continue in the Third Circuit. The Transit Finance and THORchain breakdowns from Cipher Nexus Intelligence provide the technical postmortems behind this week's two largest security incidents. Taken together, the incidents reflect recurring structural weaknesses across both regulatory and cross-chain infrastructure systems.
pulsechain.nexus
Trust nothing. Verify everything. ZERØ
All claims verified from primary sources. Editorial reporting only. Not financial advice.
Discussion