Jay Clayton, recently appointed interim US Attorney for the Southern District of New York (SDNY) and former chair of the Securities and Exchange Commission, has begun offering statements in criminal cases involving crypto fraud.

In an April 23 notice, the US Attorney’s Office said Eugene William Austin, also known as Hugh Austin, had been sentenced to 18 years in prison following his conviction on conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit interstate transportation of stolen property. Together with his son, Brandon, sentenced to four years, Austin offered fraudulent crypto investment services, resulting in roughly $12 million in losses to more than 24 people.

“For years, Hugh Austin was the leader of a fraud and money laundering scheme that stole more than $12 million from more than two dozen victims,” said Clayton. “Austin involved his own son in his crimes, working with him to rip off victims and spending investor money on personal expenses, like luxury hotels […] Austin will now be held accountable for the harm he caused to individual investors and others.”

The criminal case involving digital assets marked one of Clayton’s first public statements since becoming the interim US Attorney on April 22. US President Donald Trump nominated Clayton on Jan. 20 when he took office. The district has since seen the resignation of acting US Attorney Danielle Sassoon in response to the Justice Department directing her to halt a case against New York City Mayor Eric Adams.

Related: US prosecutors file over 200 victim statements in Celsius ex-CEO’s case

The nation’s ‘sovereign district’ overseen by a Trump appointee?

Under current law, Clayton can serve as interim US Attorney for the district for 120 days without Senate confirmation. Senate Minority Leader Chuck Schumer blocked a vote on Clayton’s nomination, saying Trump had “no fidelity to the law.”

Clayton will likely oversee SDNY during the sentencing hearing for former Celsius CEO Alex Mashinsky and potentially other criminal cases involving cryptocurrency. The district is home to ​​Wall Street firms and many of the country’s most prominent financial institutions. 

Magazine: SEC’s U-turn on crypto leaves key questions unanswered

The US Securities and Exchange Commission (SEC) crypto task force, headed by Hester Peirce, has continued meeting with digital asset company representatives as the agency explores regulatory changes.

In an April 24 notice, the SEC task force disclosed a meeting with representatives from crypto firm Ondo Finance and the law firm Davis Polk and Wardwell to discuss “issuing and selling wrapped, tokenized versions of publicly traded US securities.” Ondo Finance donated $1 million to Donald Trump’s inauguration fund, and the law firm announced on April 22 that it would represent the US President’s social media company, Truth Social, to launch crypto-linked exchange-traded funds.

According to the meeting request, Ondo Finance planned to discuss registration requirements for tokenized securities, compliance with financial laws, and potentially launching a regulatory sandbox. Cointelegraph reached out to the firm for comment but did not receive a response at the time of publication.

The April 24 meeting was the latest in the SEC crypto task force’s outreach to the industry following the departure of former chair Gary Gensler. Former commissioner and Trump appointee Paul Atkins took over leadership at the agency on April 21 after his swearing-in ceremony, but has yet to take action on his proposed crypto agenda.

Related: Chiliz meets with SEC Crypto Task Force amid US market reentry plans

Continuing outreach to industry under new SEC chair

On April 25, the crypto task force will host a roundtable event to discuss custody, including representatives from Kraken, Anchorage Digital Bank, WisdomTree, and others. Following the approval of crypto exchange-traded funds in 2024, many financial institutions have seen demand for digital asset custody in the US grow significantly.

It’s unclear what the SEC’s intentions may be regarding pursuing crypto enforcement cases under Atkins. The commission has stated it will continue cases involving fraudulent activity, but dropped a complaint against Hex founder Richard Heart on April 21.

The agency has already announced it will stop investigations or lawsuits against many firms, including Ripple, Coinbase, and Kraken. All three exchanges donated or had executives who supported Trump’s 2024 campaign or inauguration fund.

Magazine: Trump’s crypto ventures raise conflict of interest, insider trading questions

Opinion by: Igor Zemtsov, chief technology officer at TBCC

Crypto security is a ticking time bomb. Updatable firmware might just be the match that lights the fuse.

Hardware wallets have become the holy grail of self-custody, the ultimate safeguard against hackers, scammers and even government overreach. There’s an inconvenient truth, however, that most people ignore: Firmware updates aren’t just security patches. 

They’re potential backdoors, waiting for someone — whether a hacker, a rogue developer or a shady third party — to kick them wide open.

Every time a hardware wallet manufacturer pushes an update, users are forced to make a choice. Hit that update button and hope for the best, or refuse to update and risk using outdated software with unknown vulnerabilities. Either way, it’s a gamble. 

In crypto, a bad gamble can mean waking up to an empty wallet.

Firmware updates aren’t always your friend

Updating firmware sounds like common sense. More security! Fewer bugs! Better user experience!

Here’s the thing: Every update is also an opportunity not just for the wallet provider but for anyone with the power, or motivation, to tamper with the process.

Hackers dream of firmware vulnerabilities. A rushed or poorly audited update can introduce tiny, almost imperceptible flaws — ones that sit in the background, waiting for the right moment to drain funds. And the best part? Users will never know what hit them.

Then there’s the more unsettling possibility: deliberate backdoors.

Recent: Hardware wallet Ledger helps competitor Trezor resolve security vulnerability

Tech companies have been forced to include government-mandated surveillance tools before. What makes anyone think hardware wallet makers are exempt? If a regulatory agency — or worse, a criminal organization — wants access to private keys, firmware updates are the perfect attack vector. One hidden function. One disguised line of code. 

That’s all it takes. Still think firmware updates are harmless? 

Firmware vulnerabilities are already being exploited

This isn’t some far-fetched, doomsday scenario. It has already happened.

Ledger, one of the biggest names in crypto security, had a major security crisis in 2018 when security researcher Saleem Rashid exposed a vulnerability that allowed attackers to replace Ledger Nano S firmware and hijack private keys. Nearly 1 million devices were at risk before a fix was rolled out. The scary part? There was no way for users to know if their devices had already been compromised.

In 2023, OneKey suffered a similar nightmare. White hat hackers demonstrated that its firmware could be cracked in mere seconds. No crypto was lost — this time. But what if real attackers had found the flaw first?

Then came the “Dark Skippy” exploit, taking firmware-based attacks to an entirely new level. With just two signed transactions, hackers could extract a user’s entire seed phrase — without setting off a single alarm. If firmware updates can be manipulated this easily, how can anyone be sure their assets are safe?

The hidden price of updatable firmware

To be fair, not all firmware updates are security disasters. Ledger uses a proprietary operating system and secure element chips for added protection now. Trezor takes an open-source approach, allowing the community to scrutinize its firmware. Coldcard and BitBox02 give users manual control over updates, reducing — but not eliminating — risk.

Here’s the real question: Can users ever be 100% sure that an update won’t introduce a fatal flaw?

Some wallets have decided to eliminate the risk altogether. Tangem ships with fixed, non-updatable firmware, meaning that its code can never be altered once the device leaves the factory. No updates. No patches. 

Of course, this approach has its trade-offs. If a vulnerability is discovered, there’s no way to fix it. But in security, predictability matters. 

Real crypto security means taking back control

The crypto market was worth $2.79 trillion as of March 2025. With that much money on the table, cybercriminals, rogue insiders and overreaching governments are always looking for weak points. Hardware wallet makers should be laser-focused on security.

Choosing a hardware wallet shouldn’t feel like gambling with private keys. It shouldn’t involve blind trust in a corporation’s ability to push updates responsibly. Users deserve more than vague reassurances. They deserve security models that put control where it belongs — with them.

Security isn’t about convenience. It’s about control. Any system that requires trusting unknown developers, opaque update processes or firmware that can be changed at will? That’s not control. That’s a liability.

The only real way to keep a hardware wallet safe? Remove the guesswork. Strip away the blind trust. Always research the developers’ backgrounds, check their track record for security incidents, and see how they’ve handled past vulnerabilities. Stick to verifiable facts — security should never be based on assumptions.

Opinion by: Igor Zemtsov, chief technology officer at TBCC.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.