🛡️ Crypto Security Briefing

Thu, 18 Jun 2026 18:27:21 GMT · last 72h

incidents

$52.6M

reported losses

live sources

Executive summary

Over the past 72 hours, total confirmed losses exceed $2.3M, headlined by a second Aztec Connect bridge exploit (~$2.2M) and a near-miss integer truncation bug at Thetanuts Finance ($2M). The dominant attack vectors are smart-contract bugs and private-key compromise, while a $42M social-engineering incident and a $1.8B fraud case underscore off-chain risks. Several alerts highlight emerging threats: passkey risks, multisig hygiene, AI-agent payment accountability, and supply-chain malware via Steam Workshop. Due to two failed sources, this summary may undercount items.

Smart-contract bugs and bridge exploits remain the most financially damaging on-chain vectors.
Private-key compromise often stems from shared machine keys, not just multisig failures.
Supply-chain attacks and social engineering continue to bypass technical defenses.
Passkeys reduce seed-phrase risk but introduce new authentication attack surfaces.

Attack vectors

smart-contract bug · 7phishing / wallet drainer · 2supply-chain attack · 2private-key compromise · 2access-control flaw · 1bridge exploit · 1

Incidents & reports

Quantum computing is an approaching threat to blockchain security. 🔐 For most networks, the cryptographic foundations were never built to withstand it. @QRLedger has been building to address that problem ever since 2018. https://t.co/SshyHndbNW
@HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐

@HalbornSecurity · Thu, 18 Jun 2026 17:00:00 GMT

Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contracts. 🔐 Our engagement with @RaylsLabs covered smart contract auditing, L1 security assessment, architecture advisory, and cryptographic review. https://t.co/EtzY6neCp1
@HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac…

@HalbornSecurity · smart-contract bug · Thu, 18 Jun 2026 15:00:12 GMT

https://t.co/MzmtARehtY
@spreekaway: https://t.co/MzmtARehtY

@spreekaway · Thu, 18 Jun 2026 14:22:19 GMT

That's right: ZERO. https://t.co/yex0V1k3wi
@spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi

@spreekaway · Thu, 18 Jun 2026 14:12:39 GMT

Passkeys remove seed phrases, but not security risks. From WebAuthn validation to account abstraction, sync, and recovery flows, every layer becomes part of the asset security model. Explore the security considerations for Passkey-based Web3 wallets👇 https://t.co/IsP34cG66u
@CertiK: Passkeys remove seed phrases, but not security risks.

CertiK · Thu, 18 Jun 2026 12:20:00 GMT

Aztec Connect - Rekt

$2.3M · $2.28 million drained from Aztec Connect on June 14th, a deprecated ZK-rollup built by Aztec Labs, across two consecutive days. The ZK proof and settlement layer processed different transaction sets, attackers exploited the gap to mint unbacked balances and drain real funds.

rekt.news Leaderboard · smart-contract bug · Thu, 18 Jun 2026 12:00:00 GMT

Rockwell Automation FactoryTalk Historian Site Edition

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Automation FactoryTalk Historian Site Edition Concurrent Execution using Shared Resource with Improper S…

CISA Cybersecurity Advisories · access-control flaw, smart-contract bug · Thu, 18 Jun 2026 12:00:00 GMT

XRP tests key trendline support as bullish divergence fuels recovery hopes

XRP has dropped nearly 5% after a Fed-induced risk-off move swept across crypto markets, though traders remain focused on bullish chart signals and a major liquidity cluster near $1.30. The pullback began shortly after XRP (XRP) failed to break through…

crypto.news · Thu, 18 Jun 2026 11:46:04 GMT

Microsoft warns crypto clipper now acts like backdoor

Microsoft warns a crypto clipper campaign uses Tor, worm-like spread, and clipboard theft to replace wallet addresses and steal seed phrases.

crypto.news · phishing / wallet drainer, supply-chain attack · Thu, 18 Jun 2026 11:12:11 GMT

Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the execution trace is similar. This follow-up exploit hit escapeHatch on a different deployment — the "Private Rollup Bridge" contract (0x7379), and targets a binding https://t.co/NQ7TRe4Jq7 https://t.co/SzCFRP0Mh8
@Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec…

@Phalcon_xyz · smart-contract bug · Thu, 18 Jun 2026 09:25:06 GMT

ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser can be designed (i'm _not_ a browser expert btw). please share your feedback in the https://t.co/Vsma2KA2gl thread: https://t.co/UCtKIcmrZ6 https://t.co/bENx8qr8W8 https://t.co/fvOU0dMNkr
@pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c…

pcaversaccio · Thu, 18 Jun 2026 09:19:39 GMT

.@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but targeted a different pool through a different entry point, with estimated losses of roughly $2.2M. Ether: 1,158 DAI: 150K renBTC: ~0.4696 Attack TXs: https://t.co/KxHJ0rezmw https://t.co/NDrmRVH8Sf [Loss ~$2,200,000; 1,158 DAI]
@Phalcon_xyz: .@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but t…

~$2.2M · @Phalcon_xyz · bridge exploit, smart-contract bug · Thu, 18 Jun 2026 06:54:19 GMT

HyperFund promoter Bitcoin Rodney admits role in $1.8B crypto fraud

~$1.80B · A Florida man has pleaded guilty to operating an unlicensed money-transmitting business tied to HyperFund, a crypto investment scheme that U.S. authorities have described as a fraud that collected roughly $1.8 billion from investors. The U.S. Attorney’s Office for the…

crypto.news · Thu, 18 Jun 2026 06:50:11 GMT

Ark Invest buys $18.4M in Coinbase shares, trims Robinhood

Cathie Wood’s Ark Invest has purchased $18.4 million worth of Coinbase shares across three ETFs, even as the crypto exchange’s stock has fallen nearly 13% over the past month. According to Ark Invest’s Wednesday trading disclosure, the investment firm acquired…

crypto.news · Thu, 18 Jun 2026 06:31:53 GMT

Live markets: price action turns panicky in Saylor's STRC as bitcoin drops below $63,000

Total crypto market value has held steady near $2.26 trillion since Tuesday, with the recovery losing momentum after the Fed killed rate-cut hopes and spot ETFs swung back to outflows.

CoinDesk · Thu, 18 Jun 2026 06:02:19 GMT

> beautiful simple clean > contagious interview honeys it’s either contagious interview or it’s beautiful malware. but it is never, ever both. 😁 https://t.co/xN5SlLZpUT https://t.co/foIOEpt0my
@tayvano_: > beautiful simple clean

@tayvano_ · Thu, 18 Jun 2026 01:43:02 GMT

Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. Boeing CERTAINLY never told the USG that they cannot stop their planes from nuking the fucking USG. That's the difference. The USG overstepped. But in reaction to deeply retarded https://t.co/7Wh1gmhgSv [Protocols: sky]
@tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky.

@tayvano_ · Wed, 17 Jun 2026 22:15:14 GMT

The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K
@tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K

@tayvano_ · Wed, 17 Jun 2026 19:59:00 GMT

unc1069 / sapphire sleet / whatever you want to call them same as axios fascinating https://t.co/EEU0maj7R0 https://t.co/2EAoJSH4ds
@tayvano_: unc1069 / sapphire sleet / whatever you want to call them

@tayvano_ · Wed, 17 Jun 2026 19:10:10 GMT

you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.). using Tor for any onchain interaction is one way but it's very easy to also fingerprint you as Tor user. what Ethereum needs is its own browser that _natively_ https://t.co/4PQVdOjCL5
@pcaversaccio: you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.).…

pcaversaccio · Wed, 17 Jun 2026 19:07:31 GMT

Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening

Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.

Chainalysis · Wed, 17 Jun 2026 17:04:10 GMT

Multisig doesn't protect you if your keys share the same machine. 🔑 Seven keys on one device. Hot wallet, ETH Safe, BSC Safe, all compromised at once. Here's how the Humanity Protocol hack went down: https://t.co/uGjBgsEerJ https://t.co/OBo3Zpajyv
@HalbornSecurity: Multisig doesn't protect you if your keys share the same machine. 🔑

@HalbornSecurity · private-key compromise · Wed, 17 Jun 2026 17:00:01 GMT

#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm [Loss ~$4,630]
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH.

~$5K · @PeckShieldAlert · private-key compromise · Wed, 17 Jun 2026 15:35:04 GMT

#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV [Loss ~$42,000,000; 3,700 ETH]
@CertiKAlert: #CertiKInsight 🚨

~$42.0M · @CertiKAlert · social engineering · Wed, 17 Jun 2026 14:11:17 GMT

Steam Workshop wallpapers found spreading crypto malware

Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.

Protos · supply-chain attack, phishing / wallet drainer · Wed, 17 Jun 2026 13:35:42 GMT

⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M. 🎯 An attacker exploited a rounding flaw in the vault's mint function, triggered by driving totalSupply down to near zero via claim, to mint index tokens with zero underlying deposit, netting ~$105K. 🦸 A https://t.co/QzYkDZdmLa [Loss ~$2,000,000; Protocols: near]
@Beosin_com: ⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M.

~$2.0M · @Beosin_com · smart-contract bug · Wed, 17 Jun 2026 07:12:27 GMT

🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14 🚨 Spotlight on 4 notable incidents | ~$5.98M lost this week Featuring a vulnerability breakdown and in-depth analysis of selected key cases👇 https://t.co/t7yjQU0xhs https://t.co/N9hqp3P4AT [Loss ~$5,980,000]
@Phalcon_xyz: 🗓 Weekly Web3 Security Roundup | Jun 8 - Jun 14

~$6.0M · @Phalcon_xyz · Wed, 17 Jun 2026 05:45:32 GMT

🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed. Glad to bring the Trust & Compliance layer to the Agentic Payment Whitepaper, alongside @InterlaceMoney @XAgent_official @Cobo_Global @Stable @Conflux_Network https://t.co/6ZgFHkwnmf
@BlockSecTeam: 🛡️ When AI agents start paying on their own, every payment needs to be screened and accountable — not just signed.

@BlockSecTeam · Wed, 17 Jun 2026 03:35:35 GMT

🚨SlowMist TI Alert🚨 💸 Loss: 111,097.596667856001191208 USDC (~$111,097.6) 🔍 Root Cause: DIP token `_transfer()` function has a missing `return` statement in the router branch (when `from` or `to` is PancakeSwap Router). This causes the same transfer to be executed twice https://t.co/yHiVUczRZi [Loss ~$111,097.6; 111,097.597 USDC; Protocols: PancakeSwap]
@SlowMist_Team: 🚨SlowMist TI Alert🚨

~$111K · @SlowMist_Team · smart-contract bug · Wed, 17 Jun 2026 02:56:08 GMT

Excited to support @AIVM_Network as they build agent-native infrastructure. As autonomous systems become increasingly capable of transacting and coordinating onchain, security remains a foundational requirement. https://t.co/MZD8USKoQr
@CertiK: Excited to support @AIVM_Network as they build agent-native infrastructure.

CertiK · Wed, 17 Jun 2026 02:46:27 GMT

Sources: CertiK, ConsenSys Diligence, Cantina / Spearbit, pcaversaccio, Chainabuse, Arkham Intelligence, @PeckShieldAlert, @CertiKAlert, @CyversAlerts, @BlockSecTeam, @AnciliaInc, @Phalcon_xyz, @zachxbt, @SlowMist_Team, @MistTrack_io, @realScamSniffer, @samczsun, @tayvano_, @spreekaway, @_SEAL_Org, @hypernative, @HalbornSecurity, @Beosin_com, @GoPlusSecurity, @Quantstamp, @Chainalysis, @TrugardLabs, DeFiLlama Hacks DB, SlowMist Hacked DB, rekt.news Leaderboard, BlockThreat, Rekt News, SlowMist, Trail of Bits, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, CISA Cybersecurity Advisories, SANS ISC, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos.

Sources unavailable: Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Feed not recognized as RSS 1 or 2.)

Generated by crypto-security-briefing · automated digest, verify before acting.