🛡️ Crypto Security Briefing

Wed, 17 Jun 2026 22:29:33 GMT · last 72h

incidents

$80.2M

reported losses

live sources

Executive summary

The 72-hour period saw over $2B in reported losses, led by the $1.8B HyperFund fraud plea and a $42M private-key compromise. Dominant attack vectors are smart-contract bugs and private-key compromises, with supply-chain malware and phishing drainers also active. Several items are non-incident commentary or regulatory updates, and the data set is incomplete due to a failed source.

Private-key compromises and smart-contract bugs drive major losses.
Supply-chain malware via gaming platforms is an emerging vector.
Sanctions screening and OFAC designations remain top compliance focus.
Pre- and post-designation exposure analysis is critical for sanctions teams.

Attack vectors

smart-contract bug · 6phishing / wallet drainer · 3private-key compromise · 2supply-chain attack · 1governance attack · 1

Incidents & reports

Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. Boeing CERTAINLY never told the USG that they cannot stop their planes from nuking the fucking USG. That's the difference. The USG overstepped. But in reaction to deeply retarded https://t.co/7Wh1gmhgSv
@tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky.

X (security alerts) · Wed, 17 Jun 2026 22:15:14 GMT

The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K
@tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K

X (security alerts) · Wed, 17 Jun 2026 19:59:00 GMT

unc1069 / sapphire sleet / whatever you want to call them same as axios fascinating https://t.co/EEU0maj7R0 https://t.co/2EAoJSH4ds
@tayvano_: unc1069 / sapphire sleet / whatever you want to call them

X (security alerts) · Wed, 17 Jun 2026 19:10:10 GMT

Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening

Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.

Chainalysis · Wed, 17 Jun 2026 17:04:10 GMT

SR Summer is just getting started https://t.co/pTrDs8Z1QI
@immunefi: SR Summer is just getting started https://t.co/pTrDs8Z1QI

X (security alerts) · Wed, 17 Jun 2026 16:29:57 GMT

Everyone keeps telling you crypto is dead. No money left. No opportunity. x6051 just made $500,000 from a single report. That's more than a brand-new McLaren 750S. https://t.co/3Kl3oo6b6l
@immunefi: Everyone keeps telling you crypto is dead. No money left. No opportunity.

X (security alerts) · smart-contract bug · Wed, 17 Jun 2026 16:18:19 GMT

Florida Man 'Bitcoin Rodney' Pleads Guilty Over $1.8 Billion HyperFund Crypto Fraud

$1.80B · A Miami-based man who went by the name “Bitcoin Rodney” pleaded guilty for his role in what prosecutors said was a massive global fraud.

Decrypt · Wed, 17 Jun 2026 15:37:41 GMT

#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH.

X (security alerts) · private-key compromise · Wed, 17 Jun 2026 15:35:04 GMT

Finding security signal in web3 has been too slow for the people who need it most. Researchers need to know where serious programs are. Protocols need to know where they stand. Token holders need to know how much security their capital actually depends on. Today, Immunefi is https://t.co/jYlrxfYiMa
@immunefi: Finding security signal in web3 has been too slow for the people who need it most.

X (security alerts) · Wed, 17 Jun 2026 15:25:28 GMT

Crypto’s security nightmare won’t be solved by ordinary audits

Without an update to the current auditing infrastructure, the crypto space will likely continue to suffer significant losses, explains Beyer.

CoinDesk · smart-contract bug · Wed, 17 Jun 2026 14:12:09 GMT

#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV
@CertiKAlert: #CertiKInsight 🚨

$42.0M · X (security alerts) · private-key compromise · Wed, 17 Jun 2026 14:11:17 GMT

Steam Workshop wallpapers found spreading crypto malware

Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.

Protos · supply-chain attack, phishing / wallet drainer · Wed, 17 Jun 2026 13:35:42 GMT

The Make TON Great Again roadmap: 3 steps left, explained

Pavel Durov’s seven-step plan to rebuild Gram around Telegram is four steps in. The speed upgrade, the fee cut, the validator takeover, and the rename have all shipped. Here is what each one did, and what the three undisclosed steps…

crypto.news · governance attack · Wed, 17 Jun 2026 13:30:00 GMT

One case is never just one. Approval phishing scammers reuse the same wallets, contracts, and cash-out routes across victims — which means a single report can expose the entire network. Our expert investigators dissected an active approval phishing operation live. Read what https://t.co/9g9niHgg1p
@chainalysis: One case is never just one.

X (security alerts) · phishing / wallet drainer · Wed, 17 Jun 2026 12:00:37 GMT

SpaceX holds 18,712 Bitcoin. Now everyone can see it move

SpaceX disclosed 18,712 BTC in the largest IPO ever. New fair-value accounting now forces it to mark that stake to market every quarter, in public view.

crypto.news · Wed, 17 Jun 2026 08:25:52 GMT

⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M. 🎯 An attacker exploited a rounding flaw in the vault's mint function, triggered by driving totalSupply down to near zero via claim, to mint index tokens with zero underlying deposit, netting ~$105K. 🦸 A https://t.co/QzYkDZdmLa
@Beosin_com: ⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M.

$2.0M · X (security alerts) · smart-contract bug · Wed, 17 Jun 2026 07:12:27 GMT

🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14 🚨 Spotlight on 4 notable incidents | ~$5.98M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key cases👇 https://t.co/t7yjQU0xhs https://t.co/N9hqp3P4AT
@Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14

$6.0M · X (security alerts) · Wed, 17 Jun 2026 05:45:32 GMT

🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed. Glad to bring the Trust & Compliance layer to the Agentic Payment Whitepaper, alongside @InterlaceMoney @XAgent_official @Cobo_Global @Stable @Conflux_Network https://t.co/6ZgFHkwnmf
@BlockSecTeam: 🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed.

X (security alerts) · Wed, 17 Jun 2026 03:35:35 GMT

incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3
@tayvano_: incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3

X (security alerts) · Wed, 17 Jun 2026 00:38:24 GMT

DIP — exploit

$111K · Technique: Protocol Logic / Transfer/Sell Logic Exploit. Chain: BSC. Target: Token. Reported loss ~$111,000.

DeFiLlama Hacks DB · smart-contract bug · Wed, 17 Jun 2026 00:00:00 GMT

yeah, don't let this guy out https://t.co/zbITiltXR3
@spreekaway: yeah, don't let this guy out https://t.co/zbITiltXR3

X (security alerts) · Tue, 16 Jun 2026 22:21:52 GMT

DeFi Lending and DEX Fees Slump as Leverage Drains Out After June Selloff

Fees fell as much as 65% week over week across the largest lending protocols and decentralized exchanges.

The Defiant · Tue, 16 Jun 2026 20:49:56 GMT

OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses

As far back as the early 1800s, the U.S. Department of the Treasury has issued economic sanctions to achieve foreign… The post OFAC and Crypto Crime: Every OFAC Specially Designated National with Identified Cryptocurrency Addresses appeared first on Chainalysis.

Chainalysis · Tue, 16 Jun 2026 16:16:12 GMT

Humanity Protocol Launches New H Token Airdrop After $36M Exploit

$36.0M · Humanity Protocol has announced a full token migration and 1:1 airdrop of a new H token after the June 8 exploit that drained approximately $36 million.

The Defiant · smart-contract bug · Tue, 16 Jun 2026 14:40:00 GMT

OpenZeppelin Confidential Contracts v0.5 Diff Audit

Summary Type:Library Timeline:From 2026-05-18 → To 2026-05-21 Languages:Solidity Findings Total issues: 12 (6 resolved) Critical: 0 (0 resolved) · High: 0 (0 resolved) · Medium: 5 (2 resolved) · Low: 0 (0 resolved) Notes & Additional Information 6 notes raised (3 resolved) Client Reported Issues 1 issue reported (1 resolved)

OpenZeppelin · Tue, 16 Jun 2026 13:06:11 GMT

UK Designates HTX: What the Biggest Crypto Sanctions Action Yet Means for Compliance Teams | TRM Labs

The UK designated HTX for alleged Russian sanctions evasion. TRM covers immediate response steps, look-back guidance, and OFSI reporting obligations.

TRM Labs · Tue, 16 Jun 2026 13:00:00 GMT

South Korea Charges 23 Over Crypto Laundering Tied to $11M Cambodian Scam Ring

$11.1M · South Korea has arrested dozens accused of moving $11.1 million in crypto for a Cambodia-based phishing group.

Decrypt · phishing / wallet drainer · Tue, 16 Jun 2026 11:42:08 GMT

🇬🇭 @EOCOghana and the 🇬🇧 @NCA_uk used Chainalysis Reactor to trace, freeze, and seize $15.1M linked to a major investment fraud — one of the first crypto fraud recoveries in West Africa. Funds are now being returned to victims thanks to collaboration with law enforcement https://t.co/j9551nPbuX
@chainalysis: 🇬🇭 @EOCOghana and the 🇬🇧 @NCA_uk used Chainalysis Reactor to trace, freeze, and seize $15.1M linked to a major inve…

$15.1M · X (security alerts) · Tue, 16 Jun 2026 08:58:52 GMT

🧵1/7 ⚠️ Vulnerability Analysis: Exploit of Thetanuts Finance Legacy Vaults On June 15, options protocol @ThetanutsFi suffered an exploit targeting its legacy vault contracts on #ETH, resulting in approximately $105K in losses. Notably, about one hour later, a white-hat hacker https://t.co/fvKrJv20G8
@GoPlusSecurity: 🧵1/7

$105K · X (security alerts) · smart-contract bug · Tue, 16 Jun 2026 06:35:47 GMT

There is still something missing. Testing, vulnerability hunting, vulnerability disclosing, NONE OF THESE THINGS INVOLVE THE CEO. Why was this on his desk in the first place. Someone, please, explain. https://t.co/cRJnITgZSc
@tayvano_: There is still something missing.

X (security alerts) · Tue, 16 Jun 2026 02:50:05 GMT

Sources: BlockThreat, Rekt News, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos, SlowMist, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, Trail of Bits, CISA Advisories, SANS ISC, DeFiLlama Hacks DB, SlowMist Hacked DB, X (security alerts).

Sources unavailable: Week in Ethereum (HTTP 403 (native fetch))

Generated by crypto-security-briefing · automated digest, verify before acting.