⬢ GM Security — 2026-06-20: $15.6M across 29 incidents

Daily crypto security briefing

2026-06-20 16:50 UTC · last 72h · 29 items · $15.6M reported losses · 48 sources

Last 24 hours

[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. — ~$1.1M (@PeckShieldAlert)
[EXPLOIT · NEW] @GoPlusSecurity: 🚨GoPlus Security Alert: — ~$4.7M (@GoPlusSecurity)
also: @GoPlusSecurity · @GoPlusSecurity
[ADVISORY · NEW] Michael Saylor fires back as STRC crash sparks fraud claims (crypto.news)
[ADVISORY · NEW] CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft (crypto.news)
[ENFORCEMENT · NEW] Garcia brothers admit $8M crypto heist after family kidnapping — ~$8.0M (crypto.news)
[ADVISORY · NEW] EU targets privacy coins while leaving Bitcoin transfers untouched (crypto.news)
[EXPLOIT · NEW] Axelar shuts down Secret Network bridge routes after $4.7M exploit — ~$4.7M (crypto.news)
[OTHER · NEW] @pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi… (pcaversaccio)

Earlier · 24–72h

[SCAM · NEW] @zachxbt: A short story about Indian scammers who called the cops on themselves: — ~$475K (@zachxbt)
[SCAM · NEW] Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers (Decrypt)
[ADVISORY · NEW] @CertiK: "Auditing the code is necessary, but no longer sufficient." (CertiK)
[EXPLOIT · NEW] @PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain… — ~$221K (@PeckShieldAlert)
[ADVISORY · NEW] North Korea’s crypto hack spree draws fresh G7 warning (crypto.news)
[EXPLOIT · NEW] JB — exploit — $50K (DeFiLlama Hacks DB)
[ADVISORY · NEW] @Quantstamp: As social engineering attacks rise, OPSEC matters more than ever. (@Quantstamp)
[ADVISORY · NEW] @HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac… (@HalbornSecurity)
[EXPLOIT · NEW] @MistTrack_io: 🚨 MistTrack Illicit Fund Tracking | Aztec Private Rollup Bridge Exploit — ~$2.1M (@MistTrack_io)
[ADVISORY · NEW] @chainalysis: 🇧🇷 Brazil received ~$318B in crypto this past year—1/3 of LatAm’s total value. But growth attracts more than legitima… (@Chainalysis)
[EXPLOIT · NEW] Aztec Connect - Rekt — $2.3M (rekt.news Leaderboard)
[ADVISORY · NEW] Rockwell Automation FactoryTalk Historian Site Edition (CISA Cybersecurity Advisories)
[EXPLOIT · DEVELOPING · day 5] @Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec… (@Phalcon_xyz)
[ADVISORY · NEW] @CertiKAlert: #CertiKInsight 🚨 (@CertiKAlert)
also: @CertiKAlert
[ADVISORY · NEW] @HalbornSecurity: Quantum computing is an approaching threat to blockchain security. 🔐 (@HalbornSecurity)
[OTHER · DEVELOPING · day 3] @spreekaway: https://t.co/MzmtARehtY (@spreekaway)
[ADVISORY · DEVELOPING · day 3] @spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi (@spreekaway)
[ADVISORY · DEVELOPING · day 2] @CertiK: Passkeys remove seed phrases, but not security risks. (CertiK)
[OTHER · DEVELOPING · day 5] @pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c… (pcaversaccio)

🧠 Deep reads

💡 Security thought-spark

Today's $4.7M Axelar bridge exploit and $1.1M PancakeSwap pool bug underscore that cross-chain bridging logic and liquidity pools remain the dominant attack surface—prioritize invariant audits and emergency pause mechanisms on any bridge or AMM contract.

Full data: https://gmsecurity.net/briefing.json. Feedback or a source to add? [email protected]. George Donnelly offers Web3 development & security consulting.