Over the past 72 hours, blockchain security incidents resulted in at least $8.3M in confirmed losses, led by a $4.7M smart-contract exploit and an $8M social-engineering heist. Dominant attack vectors were smart-contract bugs, social engineering, and private-key/supply-chain compromises. Four incidents lacked loss data, and two sources failed this run, limiting completeness.
-
π¨GoPlus Security Alert: On June 19, @mySwapxyz (Starknet) was exploited. The attacker deployed a fake "EVIL" token contract (0x028c9a) and exploited a vulnerability in a project contract (0x01114c), draining approximately $305,000 from mySwap CL liquidity pools, including https://t.co/8sVDg98bmh https://t.co/yDms1GkODh [Loss ~$305,000; Protocols: Starknet]
@GoPlusSecurity: π¨GoPlus Security Alert: -
#PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. The exploiter bridged the stolen funds to #Ethereum, deposited 633.4 $ETH into #TornadoCash, and sent 0.0221 $BNB and 0.0411 $ETH to a dead address. https://t.co/lCDWwThsjH [Loss ~$1,100,000; Protocols: PancakeSwap]
@PeckShieldAlert: #PeckShieldAlert An OLPC/LABUBU pool on PancakeSwap on #BNBChain has been exploited, resulting in a loss of ~$1.1M. -
Michael Saylor fires back as STRC crash sparks fraud claims
Strategy co-founder Michael Saylor has defended the companyβs Bitcoin-backed capital strategy after its STRC preferred stock fell well below its $100 par value and triggered fresh criticism from market participants. According to a June 20 X post by Saylor, Strategyβsβ¦
-
dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mins for confirmations, and then wait another day or two to get money into their bank account. if fully shielded txs took 1-2 mins to be included, most users would
@pcaversaccio: dude, so many people obsessing over fucking tx speed & scale are the same people who deposit into a cex, wait 30 mi⦠-
CZ proposes freezing Satoshi Bitcoin stash to stop quantum theft
Binance founder Changpeng Zhao has proposed freezing up to 1 million Bitcoin linked to Satoshi Nakamoto if those coins remain unmoved after a future transition to quantum-resistant cryptography. Speaking during a June 18 appearance on the Galaxy Brains podcast hostedβ¦
-
Garcia brothers admit $8M crypto heist after family kidnapping
~$8.0M Β· Two Texas brothers have pleaded guilty to federal robbery charges after prosecutors said they kidnapped a Minnesota family and forced the transfer of more than $8 million in cryptocurrency. According to the U.S. Attorneyβs Office for the District of Minnesota,β¦
-
EU targets privacy coins while leaving Bitcoin transfers untouched
The European Union has approved anti-money laundering rules that will ban regulated crypto firms from supporting privacy coins while leaving direct Bitcoin transfers between private wallets outside the scope of mandatory identification requirements. According to Regulation (EU) 2024/1624, which willβ¦
-
Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers
Researchers found malicious Wallpaper Engine downloads on Steam Workshop distributing infostealers, backdoors, and account-hijacking malware.
-
A short story about Indian scammers who called the cops on themselves: Earlier this week a follower DM'd me from his personal account complaining that 5.73 BTC ($475K) of his was 'unjustly' frozen at Changelly in Mar 2025. So I went and plotted the Bitcoin transaction in my https://t.co/gZxM4dRCW3 [Loss ~$475,000; 5.73 BTC]
@zachxbt: A short story about Indian scammers who called the cops on themselves: -
"Auditing the code is necessary, but no longer sufficient." At Proof of Talk, CertiK CBO Jason Jiang discussed evolving attack vectors, institutional adoption, AI security, and why security must extend beyond smart contracts. Read the full interviewπ https://t.co/s1Vp2sVTZ7
@CertiK: "Auditing the code is necessary, but no longer sufficient." -
Microsoft found malware that hijacks crypto wallets and spreads through USB sticks
The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows clipboard and inserts its own destination wallet addresses when it detects a transfer.
-
North Koreaβs crypto hack spree draws fresh G7 warning
G7 leaders urged joint action on North Korea crypto theft as reports tie DPRK hackers to $2.02B stolen in 2025 and missile funding.
-
#CertiKInsight π¨ @msftsecurity warns about a new crypto clipper active since Feb 2026. The malware monitors the clipboard, steals seed phrases/private keys, captures screenshots, and swaps copied wallet addresses. Stay vigilant!π https://t.co/44h2CCoegk
@CertiKAlert: #CertiKInsight π¨ -
#PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain (381 $BNB) https://t.co/aqcbcQRWa5 [Loss ~$220,600]
@PeckShieldAlert: #PeckShieldAlert The @Humanityprot exploiter-labeled address has bridged 130 $ETH ($220.6K) from #Ethereum to #BNBChain⦠-
JB β exploit
$50K Β· Technique: Protocol Logic / Flashloan Price Manipulation. Chain: BSC. Target: Token. Reported loss ~$50,000.
-
Ex-Celsius CEO Mashinsky gets U.S. CFTC ban in final resolution with regulator
Alexander Mashinsky, the founder of failed crypto lender Celsius, had earlier been imprisoned for fraud and is now formally banned from CFTC registration.
-
Quantum computing is an approaching threat to blockchain security. π For most networks, the cryptographic foundations were never built to withstand it. @QRLedger has been building to address that problem ever since 2018. https://t.co/SshyHndbNW
@HalbornSecurity: Quantum computing is an approaching threat to blockchain security. π -
As social engineering attacks rise, OPSEC matters more than ever. Excited to have Roman, Incident Lead @Quantstamp, at @ETHCincoDeMayo sharing practical ways to lock down your devices, laptops, and accounts! https://t.co/uOPSlAMghj
@Quantstamp: As social engineering attacks rise, OPSEC matters more than ever. -
Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contracts. π Our engagement with @RaylsLabs covered smart contract auditing, L1 security assessment, architecture advisory, and cryptographic review. https://t.co/EtzY6neCp1
@HalbornSecurity: Securing blockchain infrastructure for institutional adoption means auditing at every layer, not just the smart contrac⦠-
https://t.co/MzmtARehtY
@spreekaway: https://t.co/MzmtARehtY -
That's right: ZERO. https://t.co/yex0V1k3wi
@spreekaway: That's right: ZERO. https://t.co/yex0V1k3wi -
Passkeys remove seed phrases, but not security risks. From WebAuthn validation to account abstraction, sync, and recovery flows, every layer becomes part of the asset security model. Explore the security considerations for Passkey-based Web3 walletsπ https://t.co/IsP34cG66u
@CertiK: Passkeys remove seed phrases, but not security risks. -
π§π· Brazil received ~$318B in crypto this past yearβ1/3 of LatAmβs total value. But growth attracts more than legitimate users. Our latest research reveals: - Cartel money laundering is the largest identified category of illicit inflows. - Russian sanctions evaders are https://t.co/sEozjcnl3y [Loss ~$318,000,000,000]
@chainalysis: π§π· Brazil received ~$318B in crypto this past yearβ1/3 of LatAmβs total value. But growth attracts more than legitimaβ¦ -
Rockwell Automation FactoryTalk Historian Site Edition
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain a valid authentication token, perform a denial of service, or crash the system. The following versions of Rockwell Automation FactoryTalk Historian Site Edition are affected: FactoryTalk Historian SE 11 (CVE-2025-13036) FactoryTalk Historian SE <=11.00 (CVE-2025-44019) FactoryTalk Historian SE <=11.00 (CVE-2025-36539) CVSS Vendor Equipment Vulnerabilities v3 7.7 Rockwell Automation Rockwell Automation FactoryTalk Historian Site Edition Concurrent Execution using Shared Resource with Improper Sβ¦
-
Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the execution trace is similar. This follow-up exploit hit escapeHatch on a different deployment β the "Private Rollup Bridge" contract (0x7379), and targets a binding https://t.co/NQ7TRe4Jq7 https://t.co/SzCFRP0Mh8
@Phalcon_xyz: Correct: this is not the same bug as the previous one, though both are circuit public input binding issues and the exec⦠-
ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser can be designed (i'm _not_ a browser expert btw). please share your feedback in the https://t.co/Vsma2KA2gl thread: https://t.co/UCtKIcmrZ6 https://t.co/bENx8qr8W8 https://t.co/fvOU0dMNkr
@pcaversaccio: ok guys, talk is cheap as you all know. let's move forward here; some very preliminary thoughts on how such a browser c⦠-
.@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but targeted a different pool through a different entry point, with estimated losses of roughly $2.2M. Ether: 1,158 DAI: 150K renBTC: ~0.4696 Attack TXs: https://t.co/KxHJ0rezmw https://t.co/NDrmRVH8Sf [Loss ~$2,200,000; 1,158 DAI]
@Phalcon_xyz: .@aztecnetwork was attacked again. Like the Sunday, June 14, 2026 exploit, this attack appears related in nature, but t⦠-
> beautiful simple clean > contagious interview honeys itβs either contagious interview or itβs beautiful malware. but it is never, ever both. π https://t.co/xN5SlLZpUT https://t.co/foIOEpt0my
@tayvano_: > beautiful simple clean -
Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky. Boeing CERTAINLY never told the USG that they cannot stop their planes from nuking the fucking USG. That's the difference. The USG overstepped. But in reaction to deeply retarded https://t.co/7Wh1gmhgSv [Protocols: sky]
@tayvano_: Boeing never told the USG that they cannot prevent their airplanes from falling out of the sky.
Sources unavailable: Week in Ethereum News (HTTP 403 (native fetch)); Immunefi (Invalid character in tag name Line: 34 Column: 49 Char: @)
Generated by crypto-security-briefing Β· automated digest, verify before acting.