The most material incident is the HyperFund fraud guilty plea, with losses of ~$1.8B. Other notable losses include ~$42M from a social-engineering attack and ~$2.3M from a smart-contract bug on Aztec Connect. Dominant vectors across items are social-engineering, private-key compromise, and supply-chain attacks. This briefing is based on pre-classified items from the last 72 hours, though two sources failed, so items may be incomplete.
-
🚨GoPlus Security Alert: #Microsoft has disclosed a cryptocurrency clipboard hijacker targeting the #Windows platform that has remained active since February 2026. This malware combines clipboard theft, wallet address replacement, worm-like propagation, and Tor-based anonymous https://t.co/yp2OAfohsD https://t.co/RTa7JJSmiq
@GoPlusSecurity: 🚨GoPlus Security Alert: -
A short story about Indian scammers who called the cops on themselves: Earlier this week a follower DM'd me from his personal account complaining that 5.73 BTC ($475K) of his was 'unjustly' frozen at Changelly in Mar 2025. So I went and plotted the Bitcoin transaction in my https://t.co/gZxM4dRCW3 [Loss ~$475,000; 5.73 BTC]
@zachxbt: A short story about Indian scammers who called the cops on themselves: -
"Auditing the code is necessary, but no longer sufficient." At Proof of Talk, CertiK CBO Jason Jiang discussed evolving attack vectors, institutional adoption, AI security, and why security must extend beyond smart contracts. Read the full interview👇 https://t.co/s1Vp2sVTZ7
@CertiK: "Auditing the code is necessary, but no longer sufficient." -
Microsoft found malware that hijacks crypto wallets and spreads through USB sticks
The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows clipboard and inserts its own destination wallet addresses when it detects a transfer.
-
North Korea’s crypto hack spree draws fresh G7 warning
G7 leaders urged joint action on North Korea crypto theft as reports tie DPRK hackers to $2.02B stolen in 2025 and missile funding.
-
#PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain (381 $BNB) https://t.co/aqcbcQRWa5 [Loss ~$220,600]
@PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain… -
Ireland flags crypto as major threat in anti-money laundering push
Ireland has identified crypto assets as a “very significant” money laundering and terrorism financing risk and has committed to introducing industry standards governing crypto-related sources of funds by the second half of 2027. According to Ireland’s Department of Finance, the…
-
Ex-Celsius CEO Mashinsky gets U.S. CFTC ban in final resolution with regulator
Alexander Mashinsky, the founder of failed crypto lender Celsius, had earlier been imprisoned for fraud and is now formally banned from CFTC registration.
-
Quantum computing is an approaching threat to blockchain security. 🔐 For most networks, the cryptographic foundations were never built to withstand it. @QRLedger has been building to address that problem ever since 2018. https://t.co/SshyHndbNW
@HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐 -
Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contracts. 🔐 Our engagement with @RaylsLabs covered smart contract auditing, L1 security assessment, architecture advisory, and cryptographic review. https://t.co/EtzY6neCp1
@HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… -
https://t.co/MzmtARehtY
@spreekaway: https://t.co/MzmtARehtY -
That's right: ZERO. https://t.co/yex0V1k3wi
@spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi -
Passkeys remove seed phrases, but not security risks. From WebAuthn validation to account abstraction, sync, and recovery flows, every layer becomes part of the asset security model. Explore the security considerations for Passkey-based Web3 wallets👇 https://t.co/IsP34cG66u
@CertiK: Passkeys remove seed phrases, but not security risks. -
Aztec Connect - Rekt
$2.3M · $2.28 million drained from Aztec Connect on June 14th, a deprecated ZK-rollup built by Aztec Labs, across two consecutive days. The ZK proof and settlement layer processed different transaction sets, attackers exploited the gap to mint unbacked balances and drain real funds.
-
Rockwell Automation FactoryTalk Historian Site Edition
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Automation FactoryTalk Historian Site Edition Concurrent Execution using Shared Resource with Improper S…
-
Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the execution trace is similar. This follow-up exploit hit escapeHatch on a different deployment — the "Private Rollup Bridge" contract (0x7379), and targets a binding https://t.co/NQ7TRe4Jq7 https://t.co/SzCFRP0Mh8
@Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec… -
ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser can be designed (i'm _not_ a browser expert btw). please share your feedback in the https://t.co/Vsma2KA2gl thread: https://t.co/UCtKIcmrZ6 https://t.co/bENx8qr8W8 https://t.co/fvOU0dMNkr
@pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c… -
.@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but targeted a different pool through a different entry point, with estimated losses of roughly $2.2M. Ether: 1,158 DAI: 150K renBTC: ~0.4696 Attack TXs: https://t.co/KxHJ0rezmw https://t.co/NDrmRVH8Sf [Loss ~$2,200,000; 1,158 DAI]
@Phalcon_xyz: .@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but t… -
Live markets: price action turns panicky in Saylor's STRC as bitcoin drops below $63,000
Total crypto market value has held steady near $2.26 trillion since Tuesday, with the recovery losing momentum after the Fed killed rate-cut hopes and spot ETFs swung back to outflows.
-
> beautiful simple clean > contagious interview honeys it’s either contagious interview or it’s beautiful malware. but it is never, ever both. 😁 https://t.co/xN5SlLZpUT https://t.co/foIOEpt0my
@tayvano_: > beautiful simple clean -
Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. Boeing CERTAINLY never told the USG that they cannot stop their planes from nuking the fucking USG. That's the difference. The USG overstepped. But in reaction to deeply retarded https://t.co/7Wh1gmhgSv [Protocols: sky]
@tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. -
The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K
@tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K -
unc1069 / sapphire sleet / whatever you want to call them same as axios fascinating https://t.co/EEU0maj7R0 https://t.co/2EAoJSH4ds
@tayvano_: unc1069 / sapphire sleet / whatever you want to call them -
you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.). using Tor for any onchain interaction is one way but it's very easy to also fingerprint you as Tor user. what Ethereum needs is its own browser that _natively_ https://t.co/4PQVdOjCL5
@pcaversaccio: you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.).… -
Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening
Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.
-
Multisig doesn't protect you if your keys share the same machine. 🔑 Seven keys on one device. Hot wallet, ETH Safe, BSC Safe, all compromised at once. Here's how the Humanity Protocol hack went down: https://t.co/uGjBgsEerJ https://t.co/OBo3Zpajyv
@HalbornSecurity: Multisig doesn't protect you if your keys share the same machine. 🔑 -
Florida Man 'Bitcoin Rodney' Pleads Guilty Over $1.8 Billion HyperFund Crypto Fraud
~$1.80B · A Miami-based man who went by the name “Bitcoin Rodney” pleaded guilty for his role in what prosecutors said was a massive global fraud.
-
#PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. The exploiter then deposited 8,340 $ETH into #TornadoCash and bridged 2.64 $ETH ($4.63K) from #Ethereum to #BTC address bc1pv8...yc5q. The exploiter currently holds 10.54M https://t.co/Sgb43LDYMm [Loss ~$4,630]
@PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. -
#CertiKInsight 🚨 The @UXLINKofficial exploiter is currently sending funds to Tornado Cash. 3,700 ETH have been transferred so far. As a reminder, UXLink was exploited for ~$42M in September 2025 and believed to have been conducted by DPRK. https://t.co/gAREKeLCBV [Loss ~$42,000,000; 3,700 ETH]
@CertiKAlert: #CertiKInsight 🚨 -
Steam Workshop wallpapers found spreading crypto malware
Bad actors are using Steam Workshop's wallpaper application to sneak malware into users' computers and steal crypto wallet information. The post Steam Workshop wallpapers found spreading crypto malware appeared first on Protos.
Sources unavailable: Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Feed not recognized as RSS 1 or 2.)
Generated by crypto-security-briefing · automated digest, verify before acting.