🛡️ Crypto Security Briefing

Wed, 17 Jun 2026 20:42:01 GMT · last 72h

incidents

$101.3M

reported losses

live sources

Executive summary

In the last 72 hours, confirmed losses total at least $101.2M, led by a $42M social-engineering attack and a $36M exploit at Humanity Protocol, though many items lack loss data. Dominant vectors include social engineering, phishing-wallet-drainers, smart-contract bugs, and one governance-attack. Regulatory actions (sanctions, AML charges) and state-linked threat actors also feature prominently.

Social engineering and phishing wallet drainers remain top loss vectors.
Smart-contract bugs (truncation, logic flaws) still cause million-dollar exploits.
Sanctions and criminal charges are increasingly targeting crypto intermediaries and individuals.
Attacker-laundered funds are being traced and seized via blockchain analytics by law enforcement.

Attack vectors

phishing / wallet drainer · 2social engineering · 1governance attack · 1smart-contract bug · 1

Incidents & reports

The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K
@tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K

X (security alerts) · Wed, 17 Jun 2026 19:59:00 GMT

unc1069 / sapphire sleet / whatever you want to call them same as axios fascinating https://t.co/EEU0maj7R0 https://t.co/2EAoJSH4ds
@tayvano_: unc1069 / sapphire sleet / whatever you want to call them

X (security alerts) · Wed, 17 Jun 2026 19:10:10 GMT

Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening

Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.

Chainalysis · Wed, 17 Jun 2026 17:04:10 GMT

SR Summer is just getting started https://t.co/pTrDs8Z1QI
@immunefi: SR Summer is just getting started https://t.co/pTrDs8Z1QI

X (security alerts) · Wed, 17 Jun 2026 16:29:57 GMT

Everyone keeps telling you crypto is dead. No money left. No opportunity. x6051 just made $500,000 from a single report. That's more than a brand-new McLaren 750S. https://t.co/3Kl3oo6b6l
@immunefi: Everyone keeps telling you crypto is dead. No money left. No opportunity.

X (security alerts) · Wed, 17 Jun 2026 16:18:19 GMT

Florida Man 'Bitcoin Rodney' Pleads Guilty Over $1.8 Billion HyperFund Crypto Fraud

A Miami-based man who went by the name “Bitcoin Rodney” pleaded guilty for his role in what prosecutors said was a massive global fraud.

Decrypt · Wed, 17 Jun 2026 15:37:41 GMT

#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH.

X (security alerts) · Wed, 17 Jun 2026 15:35:04 GMT

Finding security signal in web3 has been too slow for the people who need it most. Researchers need to know where serious programs are. Protocols need to know where they stand. Token holders need to know how much security their capital actually depends on. Today, Immunefi is https://t.co/jYlrxfYiMa
@immunefi: Finding security signal in web3 has been too slow for the people who need it most.

X (security alerts) · Wed, 17 Jun 2026 15:25:28 GMT

Crypto’s security nightmare won’t be solved by ordinary audits

Without an update to the current auditing infrastructure, the crypto space will likely continue to suffer significant losses, explains Beyer.

CoinDesk · Wed, 17 Jun 2026 14:12:09 GMT

#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV
@CertiKAlert: #CertiKInsight 🚨

$42.0M · X (security alerts) · social engineering · Wed, 17 Jun 2026 14:11:17 GMT

Steam Workshop wallpapers found spreading crypto malware

Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.

Protos · Wed, 17 Jun 2026 13:35:42 GMT

The Make TON Great Again roadmap: 3 steps left, explained

Pavel Durov’s seven-step plan to rebuild Gram around Telegram is four steps in. The speed upgrade, the fee cut, the validator takeover, and the rename have all shipped. Here is what each one did, and what the three undisclosed steps…

crypto.news · governance attack · Wed, 17 Jun 2026 13:30:00 GMT

One case is never just one. Approval phishing scammers reuse the same wallets, contracts, and cash-out routes across victims — which means a single report can expose the entire network. Our expert investigators dissected an active approval phishing operation live. Read what https://t.co/9g9niHgg1p
@chainalysis: One case is never just one.

X (security alerts) · phishing / wallet drainer · Wed, 17 Jun 2026 12:00:37 GMT

⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M. 🎯 An attacker exploited a rounding flaw in the vault's mint function, triggered by driving totalSupply down to near zero via claim, to mint index tokens with zero underlying deposit, netting ~$105K. 🦸 A https://t.co/QzYkDZdmLa
@Beosin_com: ⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M.

$2.0M · X (security alerts) · smart-contract bug · Wed, 17 Jun 2026 07:12:27 GMT

🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14 🚨 Spotlight on 4 notable incidents | ~$5.98M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key cases👇 https://t.co/t7yjQU0xhs https://t.co/N9hqp3P4AT
@Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14

$6.0M · X (security alerts) · Wed, 17 Jun 2026 05:45:32 GMT

🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed. Glad to bring the Trust & Compliance layer to the Agentic Payment Whitepaper, alongside @InterlaceMoney @XAgent_official @Cobo_Global @Stable @Conflux_Network https://t.co/6ZgFHkwnmf
@BlockSecTeam: 🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed.

X (security alerts) · Wed, 17 Jun 2026 03:35:35 GMT

incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3
@tayvano_: incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3

X (security alerts) · Wed, 17 Jun 2026 00:38:24 GMT

DIP — exploit

$111K · Technique: Protocol Logic / Transfer/Sell Logic Exploit. Chain: BSC. Target: Token. Reported loss ~$111,000.

DeFiLlama Hacks DB · Wed, 17 Jun 2026 00:00:00 GMT

yeah, don't let this guy out https://t.co/zbITiltXR3
@spreekaway: yeah, don't let this guy out https://t.co/zbITiltXR3

X (security alerts) · Tue, 16 Jun 2026 22:21:52 GMT

DeFi Lending and DEX Fees Slump as Leverage Drains Out After June Selloff

Fees fell as much as 65% week over week across the largest lending protocols and decentralized exchanges.

The Defiant · Tue, 16 Jun 2026 20:49:56 GMT

OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses

As far back as the early 1800s, the U.S. Department of the Treasury has issued economic sanctions to achieve foreign… The post OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses appeared first on Chainalysis.

Chainalysis · Tue, 16 Jun 2026 16:16:12 GMT

Humanity Protocol Launches New H Token Airdrop After $36M Exploit

$36.0M · Humanity Protocol has announced a full token migration and 1:1 airdrop of a new H token after the June 8 exploit that drained approximately $36 million.

The Defiant · Tue, 16 Jun 2026 14:40:00 GMT

OpenZeppelin Confidential Contracts v0.5 Diff Audit

Summary Type:Library Timeline:From 2026-05-18 → To 2026-05-21 Languages:Solidity Findings Total issues: 12 (6 resolved) Critical: 0 (0 resolved) · High: 0 (0 resolved) · Medium: 5 (2 resolved) · Low: 0 (0 resolved) Notes & Additional Information 6 notes raised (3 resolved) Client Reported Issues 1 issue reported (1 resolved)

OpenZeppelin · Tue, 16 Jun 2026 13:06:11 GMT

UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams | TRM Labs

The UK designated HTX for alleged Russian sanctions evasion. TRM covers immediate response steps, look-back guidance, and OFSI reporting obligations.

TRM Labs · Tue, 16 Jun 2026 13:00:00 GMT

South Korea Charges 23 Over Crypto Laundering Tied to $11M Cambodian Scam Ring

South Korea has arrested dozens accused of moving $11.1 million in crypto for a Cambodia-based phishing group.

Decrypt · phishing / wallet drainer · Tue, 16 Jun 2026 11:42:08 GMT

🇬🇭 @EOCOghana and the 🇬🇧 @NCA_uk used Chainalysis Reactor to trace, freeze, and seize $15.1M linked to a major investment fraud — one of the first crypto fraud recoveries in West Africa. Funds are now being returned to victims thanks to collaboration with law enforcement https://t.co/j9551nPbuX
@chainalysis: 🇬🇭 @EOCOghana and the 🇬🇧 @NCA_uk used Chainalysis Reactor to trace, freeze, and seize $15.1M linked to a major inve…

$15.1M · X (security alerts) · Tue, 16 Jun 2026 08:58:52 GMT

🧵1/7 ⚠️ Vulnerability Analysis: Exploit of Thetanuts Finance Legacy Vaults On June 15, options protocol @ThetanutsFi suffered an exploit targeting its legacy vault contracts on #ETH, resulting in approximately $105K in losses. Notably, about one hour later, a white-hat hacker https://t.co/fvKrJv20G8
@GoPlusSecurity: 🧵1/7

$105K · X (security alerts) · Tue, 16 Jun 2026 06:35:47 GMT

There is still something missing. Testing, vulnerability hunting, vulnerability disclosing, NONE OF THESE THINGS INVOLVE THE CEO. Why was this on his desk in the first place. Someone, please, explain. https://t.co/cRJnITgZSc
@tayvano_: There is still something missing.

X (security alerts) · Tue, 16 Jun 2026 02:50:05 GMT

BlockThreat - Week 24, 2026

$42.4M stolen across 15 incidents as attackers return to old code, exposed keys and deprecated protocols still holding value.

BlockThreat · Mon, 15 Jun 2026 21:42:11 GMT

EU Sanctions Russian Propagandists, Military Suppliers, and Officials in New Listings | TRM Labs

EU designates 34 individuals and 47 entities for supporting Russia’s war. Includes TRM analysis of crypto fundraising by a designated propagandist.

TRM Labs · Mon, 15 Jun 2026 20:42:00 GMT

Sources: BlockThreat, Rekt News, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos, SlowMist, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, Trail of Bits, CISA Advisories, SANS ISC, DeFiLlama Hacks DB, SlowMist Hacked DB, X (security alerts).

Sources unavailable: Week in Ethereum (HTTP 403 (native fetch))

Generated by crypto-security-briefing · automated digest, verify before acting.