🛡️ Crypto Security Briefing

Thu, 18 Jun 2026 14:47:38 GMT · last 72h

incidents

$64.9M

reported losses

live sources

Executive summary

The most material incident in the last 72 hours is a $1.8B fraud admission by HyperFund promoter Bitcoin Rodney, dwarfing other losses. Significant thefts include $42M from a social engineering attack (CertiKAlert) and $14.6M from an UXLINK exploiter. Dominant attack vectors remain smart-contract bugs, supply-chain/phishing wallet-drainers (Microsoft clipper, Steam malware), and private-key compromise. Total reported losses exceed $1.86B, though the briefing is thin due to two failed sources.

State-level and organized fraud remains highest-value risk
Supply-chain malware via game marketplaces is resurging
Multi-sig keys on same machine nullifies protection
AI agent payments demand screening and accountability

Attack vectors

smart-contract bug · 3phishing / wallet drainer · 2supply-chain attack · 2private-key compromise · 1social engineering · 1

Incidents & reports

https://t.co/MzmtARehtY
@spreekaway: https://t.co/MzmtARehtY

@spreekaway · Thu, 18 Jun 2026 14:22:19 GMT

That's right: ZERO. https://t.co/yex0V1k3wi
@spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi

@spreekaway · Thu, 18 Jun 2026 14:12:39 GMT

It’s a good day to find a crit https://t.co/1XIzuycxCL
@immunefi: It’s a good day to find a crit https://t.co/1XIzuycxCL

@Immunefi · Thu, 18 Jun 2026 11:56:33 GMT

XRP tests key trendline support as bullish divergence fuels recovery hopes

XRP has dropped nearly 5% after a Fed-induced risk-off move swept across crypto markets, though traders remain focused on bullish chart signals and a major liquidity cluster near $1.30. The pullback began shortly after XRP (XRP) failed to break through…

crypto.news · Thu, 18 Jun 2026 11:46:04 GMT

Microsoft warns crypto clipper now acts like backdoor

Microsoft warns a crypto clipper campaign uses Tor, worm-like spread, and clipboard theft to replace wallet addresses and steal seed phrases.

crypto.news · phishing / wallet drainer, supply-chain attack · Thu, 18 Jun 2026 11:12:11 GMT

Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the execution trace is similar. This follow-up exploit hit escapeHatch on a different deployment — the "Private Rollup Bridge" contract (0x7379), and targets a binding https://t.co/NQ7TRe4Jq7 https://t.co/SzCFRP0Mh8
@Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec…

@Phalcon_xyz · smart-contract bug · Thu, 18 Jun 2026 09:25:06 GMT

ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser can be designed (i'm _not_ a browser expert btw). please share your feedback in the https://t.co/Vsma2KA2gl thread: https://t.co/UCtKIcmrZ6 https://t.co/bENx8qr8W8 https://t.co/fvOU0dMNkr
@pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c…

pcaversaccio · Thu, 18 Jun 2026 09:19:39 GMT

HyperFund promoter Bitcoin Rodney admits role in $1.8B crypto fraud

$1.80B · A Florida man has pleaded guilty to operating an unlicensed money-transmitting business tied to HyperFund, a crypto investment scheme that U.S. authorities have described as a fraud that collected roughly $1.8 billion from investors. The U.S. Attorney’s Office for the…

crypto.news · Thu, 18 Jun 2026 06:50:11 GMT

Ark Invest buys $18.4M in Coinbase shares, trims Robinhood

Cathie Wood’s Ark Invest has purchased $18.4 million worth of Coinbase shares across three ETFs, even as the crypto exchange’s stock has fallen nearly 13% over the past month. According to Ark Invest’s Wednesday trading disclosure, the investment firm acquired…

crypto.news · Thu, 18 Jun 2026 06:31:53 GMT

Live markets: Strive's SATA joins STRC in broadening preferred share selloff

Total crypto market value has held steady near $2.26 trillion since Tuesday, with the recovery losing momentum after the Fed killed rate-cut hopes and spot ETFs swung back to outflows.

CoinDesk · Thu, 18 Jun 2026 06:02:19 GMT

> beautiful simple clean > contagious interview honeys it’s either contagious interview or it’s beautiful malware. but it is never, ever both. 😁 https://t.co/xN5SlLZpUT https://t.co/foIOEpt0my
@tayvano_: > beautiful simple clean

@tayvano_ · Thu, 18 Jun 2026 01:43:02 GMT

Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. Boeing CERTAINLY never told the USG that they cannot stop their planes from nuking the fucking USG. That's the difference. The USG overstepped. But in reaction to deeply retarded https://t.co/7Wh1gmhgSv [Protocols: sky]
@tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky.

@tayvano_ · Wed, 17 Jun 2026 22:15:14 GMT

The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K
@tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K

@tayvano_ · Wed, 17 Jun 2026 19:59:00 GMT

unc1069 / sapphire sleet / whatever you want to call them same as axios fascinating https://t.co/EEU0maj7R0 https://t.co/2EAoJSH4ds
@tayvano_: unc1069 / sapphire sleet / whatever you want to call them

@tayvano_ · Wed, 17 Jun 2026 19:10:10 GMT

you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.). using Tor for any onchain interaction is one way but it's very easy to also fingerprint you as Tor user. what Ethereum needs is its own browser that _natively_ https://t.co/4PQVdOjCL5
@pcaversaccio: you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.).…

pcaversaccio · Wed, 17 Jun 2026 19:07:31 GMT

Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening

Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.

Chainalysis · Wed, 17 Jun 2026 17:04:10 GMT

Multisig doesn't protect you if your keys share the same machine. 🔑 Seven keys on one device. Hot wallet, ETH Safe, BSC Safe, all compromised at once. Here's how the Humanity Protocol hack went down: https://t.co/uGjBgsEerJ https://t.co/OBo3Zpajyv
@HalbornSecurity: Multisig doesn't protect you if your keys share the same machine. 🔑

Halborn · private-key compromise · Wed, 17 Jun 2026 17:00:01 GMT

SR Summer is just getting started https://t.co/pTrDs8Z1QI
@immunefi: SR Summer is just getting started https://t.co/pTrDs8Z1QI

@Immunefi · Wed, 17 Jun 2026 16:29:57 GMT

Everyone keeps telling you crypto is dead. No money left. No opportunity. x6051 just made $500,000 from a single report. That's more than a brand-new McLaren 750S. https://t.co/3Kl3oo6b6l [Loss ~$500,000]
@immunefi: Everyone keeps telling you crypto is dead. No money left. No opportunity.

$500K · @Immunefi · Wed, 17 Jun 2026 16:18:19 GMT

#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm [Loss ~$14,600,000]
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH.

$14.6M · @PeckShieldAlert · Wed, 17 Jun 2026 15:35:04 GMT

Finding security signal in web3 has been too slow for the people who need it most. Researchers need to know where serious programs are. Protocols need to know where they stand. Token holders need to know how much security their capital actually depends on. Today, Immunefi is https://t.co/jYlrxfYiMa
@immunefi: Finding security signal in web3 has been too slow for the people who need it most.

@Immunefi · Wed, 17 Jun 2026 15:25:28 GMT

#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV [Loss ~$42,000,000; 3,700 ETH]
@CertiKAlert: #CertiKInsight 🚨

$42.0M · @CertiKAlert · social engineering · Wed, 17 Jun 2026 14:11:17 GMT

Steam Workshop wallpapers found spreading crypto malware

Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.

Protos · supply-chain attack, phishing / wallet drainer · Wed, 17 Jun 2026 13:35:42 GMT

🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14 🚨 Spotlight on 4 notable incidents | ~$5.98M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key cases👇 https://t.co/t7yjQU0xhs https://t.co/N9hqp3P4AT [Loss ~$5,980,000]
@Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14

$6.0M · @Phalcon_xyz · Wed, 17 Jun 2026 05:45:32 GMT

🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed. Glad to bring the Trust & Compliance layer to the Agentic Payment Whitepaper, alongside @InterlaceMoney @XAgent_official @Cobo_Global @Stable @Conflux_Network https://t.co/6ZgFHkwnmf
@BlockSecTeam: 🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed.

@BlockSecTeam · Wed, 17 Jun 2026 03:35:35 GMT

🚨SlowMist TI Alert🚨 💸 Loss: 111,097.596667856001191208 USDC (~$111,097.6) 🔍 Root Cause: DIP token `_transfer()` function has a missing `return` statement in the router branch (when `from` or `to` is PancakeSwap Router). This causes the same transfer to be executed twice https://t.co/yHiVUczRZi [Loss ~$111,097.6; 111,097.597 USDC; Protocols: PancakeSwap]
@SlowMist_Team: 🚨SlowMist TI Alert🚨

$2.2M · @SlowMist_Team · smart-contract bug · Wed, 17 Jun 2026 02:56:08 GMT

Excited to support @AIVM_Network as they build agent-native infrastructure. As autonomous systems become increasingly capable of transacting and coordinating onchain, security remains a foundational requirement. https://t.co/MZD8USKoQr
@CertiK: Excited to support @AIVM_Network as they build agent-native infrastructure.

CertiK · Wed, 17 Jun 2026 02:46:27 GMT

incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3
@tayvano_: incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3

@tayvano_ · Wed, 17 Jun 2026 00:38:24 GMT

DIP — exploit

$111K · Technique: Protocol Logic / Transfer/Sell Logic Exploit. Chain: BSC. Target: Token. Reported loss ~$111,000.

DeFiLlama Hacks DB · smart-contract bug · Wed, 17 Jun 2026 00:00:00 GMT

yeah, don't let this guy out https://t.co/zbITiltXR3
@spreekaway: yeah, don't let this guy out https://t.co/zbITiltXR3

@spreekaway · Tue, 16 Jun 2026 22:21:52 GMT

Sources: SEAL / Security Alliance, CertiK, Halborn, ConsenSys Diligence, Cantina / Spearbit, pcaversaccio, Chainabuse, ZachXBT, Arkham Intelligence, @PeckShieldAlert, @CertiKAlert, @CyversAlerts, @BlockSecTeam, @AnciliaInc, @Phalcon_xyz, @zachxbt, @SlowMist_Team, @MistTrack_io, @realScamSniffer, @samczsun, @tayvano_, @spreekaway, @Immunefi, @RektHQ, @_SEAL_Org, @hypernative, @HalbornSecurity, @Beosin_com, @GoPlusSecurity, @Quantstamp, @Chainalysis, @TrugardLabs, DeFiLlama Hacks DB, SlowMist Hacked DB, rekt.news Leaderboard, BlockThreat, Rekt News, SlowMist, Trail of Bits, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, CISA Cybersecurity Advisories, SANS ISC, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos.

Sources unavailable: Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)

Generated by crypto-security-briefing · automated digest, verify before acting.