Crypto Security Briefing

🛡️ Crypto Security Briefing

Fri, 19 Jun 2026 13:52:01 GMT · last 72h

incidents

$47.2M

reported losses

live sources

Executive summary

The most material incident is the HyperFund crypto fraud with ~$1.8B in losses, though it is a regulatory case, not a code exploit. A social-engineering attack led to ~$42M in losses, and the Aztec Network suffered two bridge/smart-contract exploits totaling ~$2.5M. Dominant vectors are social-engineering, smart-contract bugs, and private-key compromise. Fewer high-severity on-chain exploits were reported in the last 72 hours, possibly due to a data feed failure.

Social-engineering remains the highest-frequency vector with large losses.
Bridge exploits and circuit bugs continue to hit privacy-focused protocols.
Private-key compromise via malware and shared-key custody is an urgent concern.
Supply-chain attacks via USB, Steam, and wallpapers introduce new infection vectors.

Attack vectors

smart-contract bug · 5social engineering · 4private-key compromise · 3supply-chain attack · 2bridge exploit · 2access-control flaw · 1

Incidents & reports

🚨GoPlus Security Alert: #Microsoft has disclosed a cryptocurrency clipboard hijacker targeting the #Windows platform that has remained active since February 2026. This malware combines clipboard theft, wallet address replacement, worm-like propagation, and Tor-based anonymous https://t.co/yp2OAfohsD https://t.co/RTa7JJSmiq
@GoPlusSecurity: 🚨GoPlus Security Alert:

@GoPlusSecurity · social engineering · Fri, 19 Jun 2026 13:00:15 GMT

A short story about Indian scammers who called the cops on themselves: Earlier this week a follower DM'd me from his personal account complaining that 5.73 BTC ($475K) of his was 'unjustly' frozen at Changelly in Mar 2025. So I went and plotted the Bitcoin transaction in my https://t.co/gZxM4dRCW3 [Loss ~$475,000; 5.73 BTC]
@zachxbt: A short story about Indian scammers who called the cops on themselves:

~$475K · @zachxbt · social engineering · Fri, 19 Jun 2026 11:52:19 GMT

"Auditing the code is necessary, but no longer sufficient." At Proof of Talk, CertiK CBO Jason Jiang discussed evolving attack vectors, institutional adoption, AI security, and why security must extend beyond smart contracts. Read the full interview👇 https://t.co/s1Vp2sVTZ7
@CertiK: "Auditing the code is necessary, but no longer sufficient."

CertiK · Fri, 19 Jun 2026 11:31:01 GMT

Microsoft found malware that hijacks crypto wallets and spreads through USB sticks

The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows clipboard and inserts its own destination wallet addresses when it detects a transfer.

CoinDesk · private-key compromise, supply-chain attack · Fri, 19 Jun 2026 08:48:14 GMT

North Korea’s crypto hack spree draws fresh G7 warning

G7 leaders urged joint action on North Korea crypto theft as reports tie DPRK hackers to $2.02B stolen in 2025 and missile funding.

crypto.news · social engineering · Fri, 19 Jun 2026 08:35:35 GMT

#PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain (381 $BNB) https://t.co/aqcbcQRWa5 [Loss ~$220,600]
@PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain…

~$221K · @PeckShieldAlert · bridge exploit · Fri, 19 Jun 2026 03:46:00 GMT

Ireland flags crypto as major threat in anti-money laundering push

Ireland has identified crypto assets as a “very significant” money laundering and terrorism financing risk and has committed to introducing industry standards governing crypto-related sources of funds by the second half of 2027. According to Ireland’s Department of Finance, the…

crypto.news · Thu, 18 Jun 2026 23:35:09 GMT

Ex-Celsius CEO Mashinsky gets U.S. CFTC ban in final resolution with regulator

Alexander Mashinsky, the founder of failed crypto lender Celsius, had earlier been imprisoned for fraud and is now formally banned from CFTC registration.

CoinDesk · Thu, 18 Jun 2026 19:26:55 GMT

Quantum computing is an approaching threat to blockchain security. 🔐 For most networks, the cryptographic foundations were never built to withstand it. @QRLedger has been building to address that problem ever since 2018. https://t.co/SshyHndbNW
@HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐

@HalbornSecurity · Thu, 18 Jun 2026 17:00:00 GMT

Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contracts. 🔐 Our engagement with @RaylsLabs covered smart contract auditing, L1 security assessment, architecture advisory, and cryptographic review. https://t.co/EtzY6neCp1
@HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac…

@HalbornSecurity · smart-contract bug · Thu, 18 Jun 2026 15:00:12 GMT

https://t.co/MzmtARehtY
@spreekaway: https://t.co/MzmtARehtY

@spreekaway · Thu, 18 Jun 2026 14:22:19 GMT

That's right: ZERO. https://t.co/yex0V1k3wi
@spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi

@spreekaway · Thu, 18 Jun 2026 14:12:39 GMT

Passkeys remove seed phrases, but not security risks. From WebAuthn validation to account abstraction, sync, and recovery flows, every layer becomes part of the asset security model. Explore the security considerations for Passkey-based Web3 wallets👇 https://t.co/IsP34cG66u
@CertiK: Passkeys remove seed phrases, but not security risks.

CertiK · Thu, 18 Jun 2026 12:20:00 GMT

Aztec Connect - Rekt

$2.3M · $2.28 million drained from Aztec Connect on June 14th, a deprecated ZK-rollup built by Aztec Labs, across two consecutive days. The ZK proof and settlement layer processed different transaction sets, attackers exploited the gap to mint unbacked balances and drain real funds.

rekt.news Leaderboard · smart-contract bug · Thu, 18 Jun 2026 12:00:00 GMT

Rockwell Automation FactoryTalk Historian Site Edition

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Automation FactoryTalk Historian Site Edition Concurrent Execution using Shared Resource with Improper S…

CISA Cybersecurity Advisories · access-control flaw, smart-contract bug · Thu, 18 Jun 2026 12:00:00 GMT

Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the execution trace is similar. This follow-up exploit hit escapeHatch on a different deployment — the "Private Rollup Bridge" contract (0x7379), and targets a binding https://t.co/NQ7TRe4Jq7 https://t.co/SzCFRP0Mh8
@Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec…

@Phalcon_xyz · smart-contract bug · Thu, 18 Jun 2026 09:25:06 GMT

ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser can be designed (i'm _not_ a browser expert btw). please share your feedback in the https://t.co/Vsma2KA2gl thread: https://t.co/UCtKIcmrZ6 https://t.co/bENx8qr8W8 https://t.co/fvOU0dMNkr
@pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c…

pcaversaccio · Thu, 18 Jun 2026 09:19:39 GMT

.@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but targeted a different pool through a different entry point, with estimated losses of roughly $2.2M. Ether: 1,158 DAI: 150K renBTC: ~0.4696 Attack TXs: https://t.co/KxHJ0rezmw https://t.co/NDrmRVH8Sf [Loss ~$2,200,000; 1,158 DAI]
@Phalcon_xyz: .@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but t…

~$2.2M · @Phalcon_xyz · bridge exploit, smart-contract bug · Thu, 18 Jun 2026 06:54:19 GMT

Live markets: price action turns panicky in Saylor's STRC as bitcoin drops below $63,000

Total crypto market value has held steady near $2.26 trillion since Tuesday, with the recovery losing momentum after the Fed killed rate-cut hopes and spot ETFs swung back to outflows.

CoinDesk · Thu, 18 Jun 2026 06:02:19 GMT

> beautiful simple clean > contagious interview honeys it’s either contagious interview or it’s beautiful malware. but it is never, ever both. 😁 https://t.co/xN5SlLZpUT https://t.co/foIOEpt0my
@tayvano_: > beautiful simple clean

@tayvano_ · Thu, 18 Jun 2026 01:43:02 GMT

Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. Boeing CERTAINLY never told the USG that they cannot stop their planes from nuking the fucking USG. That's the difference. The USG overstepped. But in reaction to deeply retarded https://t.co/7Wh1gmhgSv [Protocols: sky]
@tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky.

@tayvano_ · Wed, 17 Jun 2026 22:15:14 GMT

The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K
@tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K

@tayvano_ · Wed, 17 Jun 2026 19:59:00 GMT

unc1069 / sapphire sleet / whatever you want to call them same as axios fascinating https://t.co/EEU0maj7R0 https://t.co/2EAoJSH4ds
@tayvano_: unc1069 / sapphire sleet / whatever you want to call them

@tayvano_ · Wed, 17 Jun 2026 19:10:10 GMT

you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.). using Tor for any onchain interaction is one way but it's very easy to also fingerprint you as Tor user. what Ethereum needs is its own browser that _natively_ https://t.co/4PQVdOjCL5
@pcaversaccio: you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.).…

pcaversaccio · Wed, 17 Jun 2026 19:07:31 GMT

Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening

Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.

Chainalysis · Wed, 17 Jun 2026 17:04:10 GMT

Multisig doesn't protect you if your keys share the same machine. 🔑 Seven keys on one device. Hot wallet, ETH Safe, BSC Safe, all compromised at once. Here's how the Humanity Protocol hack went down: https://t.co/uGjBgsEerJ https://t.co/OBo3Zpajyv
@HalbornSecurity: Multisig doesn't protect you if your keys share the same machine. 🔑

@HalbornSecurity · private-key compromise · Wed, 17 Jun 2026 17:00:01 GMT

Florida Man 'Bitcoin Rodney' Pleads Guilty Over $1.8 Billion HyperFund Crypto Fraud

~$1.80B · A Miami-based man who went by the name “Bitcoin Rodney” pleaded guilty for his role in what prosecutors said was a massive global fraud.

Decrypt · Wed, 17 Jun 2026 15:37:41 GMT

#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm [Loss ~$4,630]
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH.

~$5K · @PeckShieldAlert · private-key compromise · Wed, 17 Jun 2026 15:35:04 GMT

#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV [Loss ~$42,000,000; 3,700 ETH]
@CertiKAlert: #CertiKInsight 🚨

~$42.0M · @CertiKAlert · social engineering · Wed, 17 Jun 2026 14:11:17 GMT

Steam Workshop wallpapers found spreading crypto malware

Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.

Protos · supply-chain attack, phishing / wallet drainer · Wed, 17 Jun 2026 13:35:42 GMT

Sources: CertiK, ConsenSys Diligence, Cantina / Spearbit, pcaversaccio, Chainabuse, Arkham Intelligence, @PeckShieldAlert, @CertiKAlert, @CyversAlerts, @BlockSecTeam, @AnciliaInc, @Phalcon_xyz, @zachxbt, @SlowMist_Team, @MistTrack_io, @realScamSniffer, @samczsun, @tayvano_, @spreekaway, @_SEAL_Org, @hypernative, @HalbornSecurity, @Beosin_com, @GoPlusSecurity, @Quantstamp, @Chainalysis, @TrugardLabs, DeFiLlama Hacks DB, SlowMist Hacked DB, rekt.news Leaderboard, BlockThreat, Rekt News, SlowMist, Trail of Bits, OpenZeppelin, Zellic, Chainalysis, TRM Labs, Elliptic, CISA Cybersecurity Advisories, SANS ISC, Cointelegraph (Security), crypto.news, The Defiant, CoinDesk, Decrypt, Protos.

Sources unavailable: Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Feed not recognized as RSS 1 or 2.)

📸 Share image for socials — 1200×630

⬇ Download PNG GM Security daily crypto security briefing

X LinkedIn Bluesky Facebook Threads Reddit Telegram Farcaster Email

Generated by crypto-security-briefing · automated digest, verify before acting.