🛡️ Crypto Security Briefing

Wed, 17 Jun 2026 18:15:03 GMT · last 72h

incidents

$101.3M

reported losses

live sources

Executive summary

Over the past 72 hours, blockchain security incidents reported total losses exceeding $101 million, with corroborated events including a $42 million social-engineering exploit, a $36 million exploit on Humanity Protocol, a $2 million smart-contract bug on Thetanuts Finance, and a $111K DeFi exploit. The most material incidents involve wallet drainers, social engineering, and smart-contract bugs, while regulatory actions and sanction screening continue to expand. A single integer truncation bug nearly cost Thetanuts Finance over $2M, and the UX LInk exploiter moved 14.6M DAI to ETH. Dominant attack vectors include phishing/wallet drainers, social engineering, and smart-contract vulnerabilities.

Phishing and social engineering are dominant vectors, with high-value targeted exploits.
Smart-contract bugs remain critical, even single-digit integer errors causing millions in losses.
Sanctions and regulatory pressure are increasingly intersecting with crypto compliance operations.
Malware distribution via gaming marketplaces and AI agent payment security are emerging risks.

Attack vectors

phishing / wallet drainer · 2social engineering · 1governance attack · 1smart-contract bug · 1

Incidents & reports

Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening

Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.

Chainalysis · Wed, 17 Jun 2026 17:04:10 GMT

SR Summer is just getting started https://t.co/pTrDs8Z1QI
@immunefi: SR Summer is just getting started https://t.co/pTrDs8Z1QI

X (security alerts) · Wed, 17 Jun 2026 16:29:57 GMT

Everyone keeps telling you crypto is dead. No money left. No opportunity. x6051 just made $500,000 from a single report. That's more than a brand-new McLaren 750S. https://t.co/3Kl3oo6b6l
@immunefi: Everyone keeps telling you crypto is dead. No money left. No opportunity.

X (security alerts) · Wed, 17 Jun 2026 16:18:19 GMT

Florida Man 'Bitcoin Rodney' Pleads Guilty Over $1.8 Billion HyperFund Crypto Fraud

A Miami-based man who went by the name “Bitcoin Rodney” pleaded guilty for his role in what prosecutors said was a massive global fraud.

Decrypt · Wed, 17 Jun 2026 15:37:41 GMT

#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH.

X (security alerts) · Wed, 17 Jun 2026 15:35:04 GMT

Finding security signal in web3 has been too slow for the people who need it most. Researchers need to know where serious programs are. Protocols need to know where they stand. Token holders need to know how much security their capital actually depends on. Today, Immunefi is https://t.co/jYlrxfYiMa
@immunefi: Finding security signal in web3 has been too slow for the people who need it most.

X (security alerts) · Wed, 17 Jun 2026 15:25:28 GMT

Crypto’s security nightmare won’t be solved by ordinary audits

Without an update to the current auditing infrastructure, the crypto space will likely continue to suffer significant losses, explains Beyer.

CoinDesk · Wed, 17 Jun 2026 14:12:09 GMT

#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV
@CertiKAlert: #CertiKInsight 🚨

$42.0M · X (security alerts) · social engineering · Wed, 17 Jun 2026 14:11:17 GMT

Steam Workshop wallpapers found spreading crypto malware

Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.

Protos · Wed, 17 Jun 2026 13:35:42 GMT

The Make TON Great Again roadmap: 3 steps left, explained

Pavel Durov’s seven-step plan to rebuild Gram around Telegram is four steps in. The speed upgrade, the fee cut, the validator takeover, and the rename have all shipped. Here is what each one did, and what the three undisclosed steps…

crypto.news · governance attack · Wed, 17 Jun 2026 13:30:00 GMT

One case is never just one. Approval phishing scammers reuse the same wallets, contracts, and cash-out routes across victims — which means a single report can expose the entire network. Our expert investigators dissected an active approval phishing operation live. Read what https://t.co/9g9niHgg1p
@chainalysis: One case is never just one.

X (security alerts) · phishing / wallet drainer · Wed, 17 Jun 2026 12:00:37 GMT

⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M. 🎯 An attacker exploited a rounding flaw in the vault's mint function, triggered by driving totalSupply down to near zero via claim, to mint index tokens with zero underlying deposit, netting ~$105K. 🦸 A https://t.co/QzYkDZdmLa
@Beosin_com: ⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M.

$2.0M · X (security alerts) · smart-contract bug · Wed, 17 Jun 2026 07:12:27 GMT

🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14 🚨 Spotlight on 4 notable incidents | ~$5.98M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key cases👇 https://t.co/t7yjQU0xhs https://t.co/N9hqp3P4AT
@Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14

$6.0M · X (security alerts) · Wed, 17 Jun 2026 05:45:32 GMT

🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed. Glad to bring the Trust & Compliance layer to the Agentic Payment Whitepaper, alongside @InterlaceMoney @XAgent_official @Cobo_Global @Stable @Conflux_Network https://t.co/6ZgFHkwnmf
@BlockSecTeam: 🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed.

X (security alerts) · Wed, 17 Jun 2026 03:35:35 GMT

incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3
@tayvano_: incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3

X (security alerts) · Wed, 17 Jun 2026 00:38:24 GMT

DIP — exploit

$111K · Technique: Protocol Logic / Transfer/Sell Logic Exploit. Chain: BSC. Target: Token. Reported loss ~$111,000.

DeFiLlama Hacks DB · Wed, 17 Jun 2026 00:00:00 GMT

yeah, don't let this guy out https://t.co/zbITiltXR3
@spreekaway: yeah, don't let this guy out https://t.co/zbITiltXR3

X (security alerts) · Tue, 16 Jun 2026 22:21:52 GMT

DeFi Lending and DEX Fees Slump as Leverage Drains Out After June Selloff

Fees fell as much as 65% week over week across the largest lending protocols and decentralized exchanges.

The Defiant · Tue, 16 Jun 2026 20:49:56 GMT

OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses

As far back as the early 1800s, the U.S. Department of the Treasury has issued economic sanctions to achieve foreign… The post OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses appeared first on Chainalysis.

Chainalysis · Tue, 16 Jun 2026 16:16:12 GMT

Humanity Protocol Launches New H Token Airdrop After $36M Exploit

$36.0M · Humanity Protocol has announced a full token migration and 1:1 airdrop of a new H token after the June 8 exploit that drained approximately $36 million.

The Defiant · Tue, 16 Jun 2026 14:40:00 GMT

OpenZeppelin Confidential Contracts v0.5 Diff Audit

Summary Type:Library Timeline:From 2026-05-18 → To 2026-05-21 Languages:Solidity Findings Total issues: 12 (6 resolved) Critical: 0 (0 resolved) · High: 0 (0 resolved) · Medium: 5 (2 resolved) · Low: 0 (0 resolved) Notes & Additional Information 6 notes raised (3 resolved) Client Reported Issues 1 issue reported (1 resolved)

OpenZeppelin · Tue, 16 Jun 2026 13:06:11 GMT

UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams | TRM Labs

The UK designated HTX for alleged Russian sanctions evasion. TRM covers immediate response steps, look-back guidance, and OFSI reporting obligations.

TRM Labs · Tue, 16 Jun 2026 13:00:00 GMT

South Korea Charges 23 Over Crypto Laundering Tied to $11M Cambodian Scam Ring

South Korea has arrested dozens accused of moving $11.1 million in crypto for a Cambodia-based phishing group.

Decrypt · phishing / wallet drainer · Tue, 16 Jun 2026 11:42:08 GMT

🇬🇭 @EOCOghana and the 🇬🇧 @NCA_uk used Chainalysis Reactor to trace, freeze, and seize $15.1M linked to a major investment fraud — one of the first crypto fraud recoveries in West Africa. Funds are now being returned to victims thanks to collaboration with law enforcement https://t.co/j9551nPbuX
@chainalysis: 🇬🇭 @EOCOghana and the 🇬🇧 @NCA_uk used Chainalysis Reactor to trace, freeze, and seize $15.1M linked to a major inve…

$15.1M · X (security alerts) · Tue, 16 Jun 2026 08:58:52 GMT

🧵1/7 ⚠️ Vulnerability Analysis: Exploit of Thetanuts Finance Legacy Vaults On June 15, options protocol @ThetanutsFi suffered an exploit targeting its legacy vault contracts on #ETH, resulting in approximately $105K in losses. Notably, about one hour later, a white-hat hacker https://t.co/fvKrJv20G8
@GoPlusSecurity: 🧵1/7

$105K · X (security alerts) · Tue, 16 Jun 2026 06:35:47 GMT

There is still something missing. Testing, vulnerability hunting, vulnerability disclosing, NONE OF THESE THINGS INVOLVE THE CEO. Why was this on his desk in the first place. Someone, please, explain. https://t.co/cRJnITgZSc
@tayvano_: There is still something missing.

X (security alerts) · Tue, 16 Jun 2026 02:50:05 GMT

BlockThreat - Week 24, 2026

$42.4M stolen across 15 incidents as attackers return to old code, exposed keys and deprecated protocols still holding value.

BlockThreat · Mon, 15 Jun 2026 21:42:11 GMT

EU Sanctions Russian Propagandists, Military Suppliers, and Officials in New Listings | TRM Labs

EU designates 34 individuals and 47 entities for supporting Russia’s war. Includes TRM analysis of crypto fundraising by a designated propagandist.

TRM Labs · Mon, 15 Jun 2026 20:42:00 GMT

Face with an admin who doesn’t give a fuck about the technicals. They give a fuck about the impact. This is not unique to this admin. It’s their fucking job. Your white papers and tech specs and “being right” doesn’t cover that shit. And, clearly, neither did Dario on the phone https://t.co/PXpm4L0F5M
@tayvano_: Face with an admin who doesn’t give a fuck about the technicals. They give a fuck about the impact. This is not unique…

X (security alerts) · Mon, 15 Jun 2026 17:02:32 GMT

If anyone at Anthropic flew to DC to do this then god help us all and just send it to fucking $0 https://t.co/5I4ggIZiFa
@tayvano_: If anyone at Anthropic flew to DC to do this then god help us all and just send it to fucking $0 https://t.co/5I4ggIZiFa

X (security alerts) · Mon, 15 Jun 2026 16:53:17 GMT

Sources: BlockThreat, Rekt News, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos, SlowMist, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, Trail of Bits, CISA Advisories, SANS ISC, DeFiLlama Hacks DB, SlowMist Hacked DB, X (security alerts).

Sources unavailable: Week in Ethereum (HTTP 403 (native fetch))

Generated by crypto-security-briefing · automated digest, verify before acting.