⬢ GM Security — 2026-06-18: $67.2M across 30 incidents

Daily crypto security briefing

2026-06-18 16:32 UTC · last 72h · 30 items · $67.2M reported losses · 47 sources

📊 Trend tracker

• 4 new today · 26 developing
• 7-day: 85 incidents, $190.3M stolen
• 30-day: 85 incidents, $190.3M stolen
• 7-day vectors: smart-contract bug (18), phishing / wallet drainer (7), private-key compromise (5)
• Repeat targets (30d): thetanuts (5), uxlink (4), aztecconnect (3), dip (3), humanity (3)

Last 24 hours

• [ADVISORY · NEW] @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… (@HalbornSecurity)
• [EXPLOIT · NEW] Aztec Connect - Rekt — $2.3M (rekt.news Leaderboard)
• [NEWS · DEVELOPING · day 4] XRP tests key trendline support as bullish divergence fuels recovery hopes (crypto.news)
• [EXPLOIT · DEVELOPING · day 4] @Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec… (@Phalcon_xyz)
• [ADVISORY · DEVELOPING · day 4] Microsoft warns crypto clipper now acts like backdoor (crypto.news)
• [ENFORCEMENT · DEVELOPING · day 4] HyperFund promoter Bitcoin Rodney admits role in $1.8B crypto fraud — $1.80B (crypto.news)
  also: Decrypt
• [NEWS · DEVELOPING · day 4] Ark Invest buys $18.4M in Coinbase shares, trims Robinhood (crypto.news)
• [NEWS · DEVELOPING · day 3] Live markets: price action turns panicky in Saylor's STRC as bitcoin drops below $63,000 (CoinDesk)
• [EXPLOIT · DEVELOPING · day 4] @HalbornSecurity: Multisig doesn't protect you if your keys share the same machine. 🔑 (@HalbornSecurity)
• [NEWS · DEVELOPING · day 2] @spreekaway: https://t.co/MzmtARehtY (@spreekaway)
• [ADVISORY · DEVELOPING · day 2] @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi (@spreekaway)
• [ADVISORY · NEW] @CertiK: Passkeys remove seed phrases, but not security risks. (CertiK)
• [NEWS · DEVELOPING · day 4] @pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c… (pcaversaccio)
• [NEWS · DEVELOPING · day 4] @tayvano_: > beautiful simple clean (@tayvano_)
• [NEWS · DEVELOPING · day 5] @tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. (@tayvano_)
• [ADVISORY · DEVELOPING · day 5] @tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K (@tayvano_)
• [NEWS · DEVELOPING · day 5] @tayvano_: unc1069 / sapphire sleet / whatever you want to call them (@tayvano_)
• [ADVISORY · DEVELOPING · day 4] @pcaversaccio: you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.).… (pcaversaccio)

Earlier · 24–72h

• [EXPLOIT · DEVELOPING · day 4] @CertiKAlert: #CertiKInsight 🚨 — $42.0M (@CertiKAlert)
  also: @CertiKAlert
• [EXPLOIT · DEVELOPING · day 4] @PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. — $14.6M (@PeckShieldAlert)
• [ADVISORY · NEW] @Beosin_com: ⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M. — $2.0M (@Beosin_com)
• [SCAM · DEVELOPING · day 5] Steam Workshop wallpapers found spreading crypto malware (Protos)
• [EXPLOIT · DEVELOPING · day 5] @Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14 — $6.0M (@Phalcon_xyz)
• [EXPLOIT · DEVELOPING · day 2] @SlowMist_Team: 🚨SlowMist TI Alert🚨 — $2.2M (@SlowMist_Team)
  also: @SlowMist_Team · @SlowMist_Team
• [EXPLOIT · DEVELOPING · day 4] DIP — exploit — $111K (DeFiLlama Hacks DB)
• [ADVISORY · DEVELOPING · day 4] @BlockSecTeam: 🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed. (@BlockSecTeam)
• [NEWS · DEVELOPING · day 4] @CertiK: Excited to support @AIVM_Network as they build agent-native infrastructure. (CertiK)
• [NEWS · DEVELOPING · day 5] @tayvano_: incredible things happening lmaooooooooooo https://t.co/KUEBBUi04L https://t.co/uxdtEYkOl3 (@tayvano_)
• [NEWS · DEVELOPING · day 5] @spreekaway: yeah, don't let this guy out https://t.co/zbITiltXR3 (@spreekaway)

🧠 Deep reads

• Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening (Chainalysis)

💡 Security thought-spark

Bridge inputs are untrusted inputs: validate source chain, sender, and nonce on every cross-chain message. Replays are how bridges get drained.

Full data: https://gmsecurity.net/briefing.json. Feedback or a source to add? [email protected]. George Donnelly offers Web3 development & security consulting.