⬢ GM Security — 2026-06-19: $45.0M across 30 incidents
Daily crypto security briefing
2026-06-19 18:34 UTC · last 72h · 30 items · $45.0M reported losses · 47 sources
Last 24 hours
Earlier · 24–72h
- [ADVISORY · NEW] @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… (@HalbornSecurity)
- [EXPLOIT · NEW] @Phalcon_xyz: .@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but t… — ~$2.3M (@Phalcon_xyz)
also: @MistTrack_io · @PeckShieldAlert
- [ADVISORY · NEW] Rockwell Automation FactoryTalk Historian Site Edition (CISA Cybersecurity Advisories)
- [EXPLOIT · DEVELOPING · day 5] @Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec… (@Phalcon_xyz)
- [OTHER · DEVELOPING · day 4] Live markets: price action turns panicky in Saylor's STRC as bitcoin drops below $63,000 (CoinDesk)
- [EXPLOIT · NEW] @CertiKAlert: #CertiKInsight 🚨 — ~$42.0M (@CertiKAlert)
also: @CertiKAlert · @CertiKAlert
- [EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert The @UXLINKofficial exploiter-labeled address has swapped ~14.6M $DAI for 8,298.6 $ETH. — ~$5K (@PeckShieldAlert)
- [EXPLOIT · NEW] @HalbornSecurity: Multisig doesn't protect you if your keys share the same machine. 🔑 (@HalbornSecurity)
- [ADVISORY · NEW] @Beosin_com: ⚡ A single integer truncation bug nearly cost Thetanuts Finance over $2M. — ~$2.0M (@Beosin_com)
- [NEAR-MISS] LittleBoyPlus (LBP) exploit on BNB Chain (web search (coverage))
~377,642 USDT drained via a zero-value transferFrom flaw in LBPHashrate._update() minting logic
- [NEAR-MISS] DIP token PancakeSwap pool drain (web search (coverage))
~$111K USDC lost; missing return in _transfer() enabled double transfers and AMM price manipulation
- [NEAR-MISS] 'Bitcoin Rodney' Burton HyperFund guilty plea (web search (coverage))
Promoter pleaded guilty in $1.8B HyperFund crypto investment fraud case — major enforcement milestone
- [NEAR-MISS] mySwap Starknet DEX liquidity exploit (web search (coverage))
~$305K drained via a fake 'EVIL' token manipulating concentrated liquidity pool math in a deprecated vault
- [ADVISORY · NEW] @HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐 (@HalbornSecurity)
- [OTHER · DEVELOPING · day 3] @spreekaway: https://t.co/MzmtARehtY (@spreekaway)
- [ADVISORY · DEVELOPING · day 3] @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi (@spreekaway)
- [ADVISORY · DEVELOPING · day 2] @CertiK: Passkeys remove seed phrases, but not security risks. (CertiK)
- [OTHER · DEVELOPING · day 5] @pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c… (pcaversaccio)
- [OTHER · DEVELOPING · day 5] @tayvano_: > beautiful simple clean (@tayvano_)
- [OTHER · DEVELOPING · day 6] @tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. (@tayvano_)
- [ADVISORY · DEVELOPING · day 6] @tayvano_: The Fed, Iran Trade, and Why BTC Looks Cheap Right Now https://t.co/sAVrcjp96K (@tayvano_)
- [OTHER · DEVELOPING · day 6] @tayvano_: unc1069 / sapphire sleet / whatever you want to call them (@tayvano_)
- [ADVISORY · DEVELOPING · day 5] @pcaversaccio: you can fully destroy perfect onchain privacy by leaking metadata (IP, user-agent, timezone, language settings, etc.).… (pcaversaccio)
🧠 Deep reads
💡 Security thought-spark
Wallpaper malware on Steam demonstrates that social-engineering via supply-chain (gaming assets) is an effective vector; audit your CI/CD pipeline to block any non-executable files from being distributed as signed binaries.
Full data: https://gmsecurity.net/briefing.json. Feedback or a source to add? [email protected]. George Donnelly offers Web3 development & security consulting.