Welcome to this week’s edition of ONSEC Fintech Cyber Weekly, brought to you by the ONSEC team.
From stablecoin regulations crossing the finish line in the U.S. to Europe’s renewed crackdown on crypto crime, this week saw governments, hackers, and innovators collide across digital finance. The BRICS bloc doubled down on dollar alternatives, while PayPal and Nasdaq launched AI-powered features shaping the next wave of global fintech. Meanwhile, dark web forums are going dark, with international law enforcement continuing its summer sweep of cybercrime kingpins.
Here are the top stories shaping the future of payments, platforms, and protection.
Trends & Innovation
- US House Passes Landmark Stablecoin Bill. On July 17, the U.S. House of Representatives overwhelmingly approved a bill establishing a federal regulatory framework for dollar-pegged stablecoins, sending the legislation to President Donald Trump for signing. The bipartisan measure – called the GENIUS Act – would require stablecoin issuers to fully back tokens with liquid assets and make monthly reserve disclosures. The vote marks a watershed moment for the crypto industry, which has long sought clear rules to spur mainstream adoption. Source: Reuters
- PayPal Unveils Global Platform Linking UPI and More. PayPal announced a new cross-border payments platform (“PayPal World”) on July 23 that integrates with India’s UPI and other local networks to enable seamless international transactions. Launch partners include India’s NPCI (UPI operator), Brazil’s Mercado Pago, Tencent’s Tenpay, and Venmo, aiming to let consumers pay overseas merchants using familiar domestic systems. The platform – expected to go live later this year – expands UPI’s global footprint and reflects growing collaboration among payment providers. Source: Reuters
- UK Launches ‘Leeds Reforms’ to Boost Fintech Hub Status. Britain’s Chancellor Rachel Reeves outlined a sweeping strategy this week to make the UK the “number one destination for financial services” by 2035. Dubbed the Leeds Reforms, the plan will cut red tape and “reintroduce informed risk-taking” by easing certain banking rules and supporting fintech startups with a one-stop regulatory contact. The reforms, unveiled on July 18, aim to attract global investment and reinvigorate the City of London as a leading fintech and finance hub. Source: FinTech Futures
- Lloyds Bank Eyes £120 M Purchase of Fintech Curve. Britain’s Lloyds Banking Group is in advanced talks to acquire digital wallet firm Curve for roughly £120 million, according to Sky News reports picked up on July 18. Curve’s platform consolidates multiple bank cards into one smart card and wearable devices, serving over 6 million users globally. If finalized, the deal – potentially closing by September – would mark a major incumbent bank’s move to buy fintech innovation, reflecting renewed M&A appetite in the sector. Source: FinTech Futures
- BRICS Nations Pursue ‘BRICS Pay’ Amid US Criticism. President Trump sparked controversy on July 18 by threatening tariffs on BRICS countries and vowing to block any rival currency, as the bloc advances a new cross-border payment system. BRICS members (now including Iran and Indonesia) are developing “BRICS Pay” to settle trade in local currencies, reducing reliance on the U.S. dollar. Trump warned the group “would end quickly” if it gained traction, while BRICS leaders insist the initiative isn’t anti-American but rather a bid for financial multipolarity. Source: Reuters
Security & Cyber Threat
- $27 M Crypto Exchange Hack via Supply Chain Attack. Cryptocurrency platform BigONE disclosed that hackers stole about $27 million in digital assets on July 16 by breaching its hot wallet infrastructure. The exchange identified the exploit as a supply-chain attack and has contained the vulnerability, assuring users that private keys and data were not compromised. BigONE pledged to fully reimburse affected customers and, with help from security firm SlowMist, is tracing the laundered funds across blockchains. Source: BleepingComputer
- Record $2 B Stolen – North Korea Blamed for Crypto Heists. A new Chainalysis report reveals that over $2.17 billion in cryptocurrency was stolen in the first half of 2025 – the worst H1 on record for crypto crime. U.S. officials attribute much of the spike to North Korean hacking, including a single $1.4 billion breach of exchange Bybit that funded Pyongyang’s sanctioned weapons program. According to the July 17 report, North Korean groups are responsible for nearly two-thirds of crypto hacks, using sophisticated laundering to evade sanctions while underscoring the growing cyber threat to digital assets. Source: TechCrunch
- Chinese Espionage Hackers Target Singapore’s Infrastructure. Singapore’s security minister warned on July 18 of an “ongoing” cyber-espionage campaign by a Chinese state-backed group (UNC3886) against the city-state’s critical infrastructure. The advanced threat actor has infiltrated routers and network devices to maintain stealthy access in telecom, defense, and other vital networks. Officials called the threat “serious” and cautioned that attacks on essential systems could have cascading impacts on supply chains and national security if not addressed. Source: The Record
- Ransomware Group Breaches Dell Demo Platform (Limited Impact). Computer maker Dell confirmed that a hacker infiltrated its product demo environment in a recent incident, the company told media on July 21. The breached system – Dell’s Solution Center used for showcasing products – is isolated from internal and customer networks, and mostly contained only dummy data. The WorldLeaks ransomware gang claimed responsibility, though Dell says no sensitive data was involved. The attack’s limited impact highlights the importance of network segmentation to protect core systems. Source: The Record
- Dark Web Forum Admin Arrested in Europe Crackdown. In a multinational cybercrime bust, an alleged administrator of the notorious dark web forum XSS was arrested in Ukraine earlier in July, Europol and French officials disclosed on July 23. XSS is one of the largest Russian-speaking hacking forums (50,000+ users) where malware, stolen data, and ransomware services are traded. The suspect allegedly helped coordinate illicit deals and even participated in attacks. This arrest – following June’s takedown of BreachForums – underscores intensified law enforcement efforts against cybercrime kingpins. Source: The Record
Product & Platform Launches
- OpenAI Plans In-Chat Payments for ChatGPT. OpenAI is testing a built-in payment checkout system for ChatGPT to enable users to purchase products and services directly within the AI chat interface. The Financial Times reported on July 17 that this move aims to create new revenue streams for OpenAI by turning conversations into shopping experiences. If implemented, ChatGPT could evolve into an AI commerce platform, letting users complete transactions without leaving the chat. Source: Finextra
- PayPal Introduces AI-Powered Scam Alerts. PayPal has launched a dynamic AI scam detection feature to protect users sending person-to-person payments on PayPal and Venmo. Announced July 21, the system analyzes Friends & Family transactions in real time and alerts senders if a payment shows signs of fraud or social engineering before it completes. The rollout is designed to enhance security for P2P transfers – where scam losses have been rising – by using machine learning to flag suspicious patterns. Source: Finextra
- Pesa Launches AED Wallet for Nigerian Diaspora. Fintech startup Pesa, which specializes in remittances, announced its expansion into the UAE on July 21 by launching a dirham-denominated mobile wallet for Nigerian expatriates in Dubai. The new Pesa Dubai (AED) wallet enables near-instant transfers from UAE dirhams to Nigerian naira at competitive exchange rates and with zero hidden fees. By offering faster, cheaper and fully compliant remittances, Pesa aims to solve pain points (high fees and delays) faced by the Nigerian diaspora sending money home. Source: Fintechnews Middle East
- Bitwave & BVNK Enable Stablecoin Invoice Payments. California-based crypto finance platform Bitwave has integrated with London’s BVNK to let enterprises pay and accept invoices in stablecoins seamlessly. Announced on July 21, the partnership embeds BVNK’s stablecoin wallets into Bitwave’s accounting and tax software, so businesses can settle bills in USD stablecoins or receive crypto payments with automatic conversion to fiat. The joint solution helps finance teams use blockchain payments while maintaining compliance and audit-ready records, potentially speeding stablecoin adoption in corporate treasury. Source: Fintech News America
- Nasdaq’s Verafin Launches AI ‘Digital Workers’ for AML. Nasdaq’s anti-financial crime unit, Verafin, unveiled a suite of agentic AI bots on July 21 to automate low-level, high-volume anti-money laundering processes for banks. These AI-driven “digital workers” can handle routine AML tasks – like monitoring transactions and flagging anomalies – which typically consume significant staff time. By offloading manual compliance checks to AI, the platform aims to improve efficiency and allow human compliance teams to focus on complex, high-risk cases. Source: Finextra
Final Words
This week proved that momentum is building—on both sides of the digital front. Stablecoins gained long-sought legitimacy in the U.S., while OpenAI and PayPal moved deeper into real-time AI transactions. At the same time, state-backed hackers, ransomware gangs, and cross-border cybercrime networks are stepping up their tactics—forcing regulators and businesses to evolve just as fast.
Stay informed. Stay resilient. And if your organization handles sensitive data or digital payments, now is the time to reinforce your security posture.
We’ll be back next week with more critical updates—curated, verified, and razor-sharp.
ONSEC.io — Cutting through the noise. Protecting what matters.
Fintech Cyber Weekly 
Leave a comment